last executing test programs:

4.534615548s ago: executing program 4 (id=4204):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="2d000e0080000000ffffffffffff08021100000008021100000000000000000000040000640000002503000000000000080026006c09"], 0x80}}, 0x0)

4.207385622s ago: executing program 4 (id=4209):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/19, @ANYRES32, @ANYBLOB="010000000500000003"], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newsa={0x13c, 0x10, 0x413, 0x70bd29, 0x0, {{@in=@empty, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x20, 0x3b}, {@in=@private=0xa010102, 0x0, 0x32}, @in=@multicast1, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x8, 0x80000, 0x81}, {0x3, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80020}, 0x0, 0x0, 0x2, 0x4, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

3.989141282s ago: executing program 4 (id=4214):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x4, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x3404c8d4)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000680)={0x0, 0xf7, 0x3, [0x4, 0x3, 0x5]}, 0xe) (fail_nth: 2)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0x1000f)

3.855521441s ago: executing program 3 (id=4216):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000004000000000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000005e0001020000000000000000000001"], 0x1c}}, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="140100003400010000000000ffdbdf25020100800c002200000000000000000014160100010000000000000000000000000026562abd5ddf207d9f46000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc4684b36ec72dd71265fc2e882300006c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3b982167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac44337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be75fd3f0000"], 0x114}], 0x1}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1d, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x5d}}]}, &(0x7f0000000180)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=@newsa={0x15c, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@broadcast, 0x0, 0x6c}, @in=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}]}, 0x15c}}, 0x20000000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=@newsa={0x164, 0x10, 0x1, 0x7fffffc, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast2, 0x4, 0x6c}, @in6=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x5, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}, @etimer_thresh={0x8, 0xc, 0x6}]}, 0x164}}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xb, 0xa, &(0x7f0000000380)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x75}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ldst={0x0, 0x3, 0x0, 0x1, 0x9, 0xfffffffffffffff0, 0x4}], &(0x7f00000001c0)='GPL\x00', 0x1, 0x3a, &(0x7f0000000200)=""/58, 0x40f00, 0x3c, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x1, 0x7, 0x8, 0x1}, 0x10, 0x0, r1, 0xa, 0x0, &(0x7f00000006c0)=[{0x5, 0x2, 0xb, 0x5}, {0x3, 0x5, 0x10, 0x6}, {0x2, 0x1, 0x5, 0xd}, {0x3, 0x4, 0xa, 0x8}, {0x2, 0x4, 0xc, 0x8}, {0x2, 0x3, 0x1, 0x5}, {0x3, 0x3, 0x5, 0x6}, {0x2, 0x3, 0xd, 0x8}, {0x4, 0x1, 0xd, 0xb}, {0x1, 0x2, 0xe, 0x6}], 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r4}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r10}, 0x10)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r11, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)

3.474947936s ago: executing program 3 (id=4218):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000580)=ANY=[@ANYRES8=r1], 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739}, 0x94)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="581b0800", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

3.438433624s ago: executing program 4 (id=4219):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x2, 0x13, @loopback, 0x9}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="60000000020601080000000000000000000000001400078008001140000000000500150000000000050005000a000000050001000700000005000400000000000900020073797a310000000013000300"], 0x60}}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0)=0x4, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r4, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r5, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
shutdown(r4, 0x1)
unshare(0x62040200)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pipe(0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="7c0100002b000b00000000000000000008000000040003005800018051000000d4f535538c4b98abc9f530bacf4e7d2593419cb80d402ece7e28d21cb978c80559eb21f4dea5cde46b1e8ffc8ac15b75bc5449695cd4d3f09cd3b7e36e2831d70000003c0070800400ce800c001500e80000000000000014007700fe80000000000000000000000000003984d9b61896661ac17fef17f61c950f43ab1583eb6200b700e8f6af4facdfbddd630109b04ce8bcf955917e53945e9b1ea76b4110ccb08bdea18a48e7acfd98fa9b080871a89f6bf88b3b91dbfc8a7666edbd6d869d7a733264813ca072033f3b0a67c91337293549c7743262f901abd6b48c436f5e0200006b0077804e4f47e6443be4c3e6041fec60b2f673a7572b92e11489ef5ad2a8726db3e430e982def852f3515ed3a24a6abc8592662598ce2ee89e7527775a398c141ed22a09abe52aa6da2c789ea13aab79c78fb753767eac72faaa259ce5cd3edadfa3ae884e250400168000"], 0x17c}}, 0x40)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x5d4c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local}, {0xa, 0x1, 0x0, @empty}}, 0x5c)
r7 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, 0x0, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001080)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0xd44263be89ee4aba}, 0x0)

3.10357671s ago: executing program 3 (id=4223):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x50)
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000001980)=0x48000000, 0x4)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000019c0)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001900)={&(0x7f00000018c0)={0x14, r2, 0xcc901e7472f39277, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x4000080)
accept4$inet(r0, &(0x7f00000017c0), &(0x7f0000001800)=0x10, 0x80000)
socket$inet_sctp(0x2, 0x1, 0x84)
accept4$alg(r0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000001c0)=[{{&(0x7f0000000040)=@xdp, 0x0, &(0x7f0000001680)=[{&(0x7f00000000c0)=""/36}, {&(0x7f0000000100)=""/141}, {&(0x7f0000000280)=""/159}, {&(0x7f0000000340)=""/4096}, {&(0x7f0000001340)=""/83}, {&(0x7f00000013c0)=""/252}, {&(0x7f0000001cc0)=""/4096}, {&(0x7f00000014c0)=""/108}, {&(0x7f0000001540)=""/65}, {&(0x7f00000015c0)=""/155}], 0x0, &(0x7f0000001740)=""/90}, 0xfff}], 0x40000000000012e, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
socket$inet_icmp(0x2, 0x2, 0x1)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000500)=@security={'security\x00', 0x44, 0x4, 0x478, 0xffffffff, 0x0, 0x2a0, 0x2a0, 0xffffffff, 0xffffffff, 0x3a8, 0x3a8, 0x3a8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x203, 0xa8, 0x1d0, 0x8502}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:initctl_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x11}}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@loopback, [0x0, 0x0, 0xff]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8)

2.882410864s ago: executing program 1 (id=4226):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0xffffffac, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendmmsg$inet6(r0, &(0x7f0000002600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="a132", 0x2}], 0x1}}], 0x1, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @empty}, @IFLA_GENEVE_DF={0x5, 0xd, 0x2}, @IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x80}]}}}]}, 0x58}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000003c0)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/209, 0xd1, 0x0, &(0x7f0000000240)=""/17, 0x11}, &(0x7f00000002c0)=0x40)

2.080027349s ago: executing program 3 (id=4234):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="0100000005"], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newsa={0x13c, 0x10, 0x413, 0x70bd29, 0x0, {{@in=@empty, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x20, 0x3b}, {@in=@private=0xa010102, 0x0, 0x32}, @in=@multicast1, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x8, 0x80000, 0x81}, {0x3, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80020}, 0x0, 0x0, 0x2, 0x4, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)

1.908514466s ago: executing program 3 (id=4237):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/19, @ANYRES32, @ANYBLOB="010000000500000003"], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newsa={0x13c, 0x10, 0x413, 0x70bd29, 0x0, {{@in=@empty, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x20, 0x3b}, {@in=@private=0xa010102, 0x0, 0x32}, @in=@multicast1, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x8, 0x80000, 0x81}, {0x3, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80020}, 0x0, 0x0, 0x2, 0x4, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

1.847492935s ago: executing program 1 (id=4239):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x100, 0x1403, 0x2, 0x70bd27, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_hsr\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14}}]}, 0x100}, 0x1, 0x0, 0x0, 0x44}, 0x8000)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x7c, r2, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}, @NLBL_MGMT_A_DOMAIN={0xd, 0x1, 'macvtap0\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1a}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010101}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40}, 0x40000000)
r3 = accept4(r0, &(0x7f0000000340)=@x25, &(0x7f00000003c0)=0x80, 0x80000)
bind$alg(r3, &(0x7f0000000400)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), r3)
sendmsg$TIPC_NL_NET_GET(r3, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0xac, r4, 0x8, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x30000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1ff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x101}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xcb}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe94}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x79c0424a}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x44040015}, 0x4018)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x30, r2, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_DOMAIN={0x11, 0x1, 'veth1_to_hsr\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000)
write$bt_hci(r3, &(0x7f0000000740)={0x1, @read_local_amp_assoc={{0x140a, 0x5}, {0xc8, 0xffff}}}, 0x9)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), r1)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r1, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x4c, r5, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x20, 0x1406, 0x0, 0x70bd2c, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000010}, 0x4001)
sendmsg$NL802154_CMD_SET_PAN_ID(r1, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x2c, r5, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x40000)
sendmsg$L2TP_CMD_NOOP(r3, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x40, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xa2}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xe}, @L2TP_ATTR_FD={0x8, 0x17, @udp6=r3}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0xfffffffffffffff7}]}, 0x40}}, 0x20008000)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000c40), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000c80)={'wpan0\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000cc0)={'wpan0\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000d00)={'wpan3\x00', <r9=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r1, &(0x7f0000000e00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x44, r6, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x8}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x6}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r9}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x4c040)
sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e80)={0x44, r5, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x12}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0xf}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x11}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0xb45df9cea21c2d4a)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$team(&(0x7f0000000fc0), r3)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000001080)={'syztnl1\x00', &(0x7f0000001000)={'ip6_vti0\x00', <r12=>0x0, 0x29, 0x24, 0xc0, 0x7fffffff, 0x20, @ipv4={'\x00', '\xff\xff', @loopback}, @private2, 0x10, 0x80, 0x7, 0xfffffff9}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001180)={'ip_vti0\x00', &(0x7f00000010c0)={'sit0\x00', <r13=>0x0, 0x80, 0x8000, 0x6, 0x54ed, {{0x1e, 0x4, 0x0, 0x2, 0x78, 0x68, 0x0, 0x4, 0x4, 0x0, @multicast2, @local, {[@noop, @generic={0x89, 0x3, "06"}, @ra={0x94, 0x4}, @timestamp={0x44, 0x8, 0x34, 0x0, 0x1, [0x8]}, @lsrr={0x83, 0x1f, 0x8c, [@dev={0xac, 0x14, 0x14, 0x29}, @empty, @multicast1, @multicast2, @loopback, @broadcast, @remote]}, @cipso={0x86, 0x34, 0xffffffffffffffff, [{0x0, 0xd, "263d4b0b9b9c793904fc17"}, {0x1, 0x8, "6b83bfea8a57"}, {0x5, 0xb, "4d6288640fe11af087"}, {0x0, 0x3, "bb"}, {0x7, 0xb, "97eae9569d98384fbe"}]}]}}}}})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000011c0)=<r14=>0x0, &(0x7f0000001200)=0x4)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000001280)={'erspan0\x00', &(0x7f0000001240)={'tunl0\x00', <r15=>0x0, 0x1, 0x1, 0x4105, 0x4, {{0x6, 0x4, 0x0, 0x4, 0x18, 0x66, 0x0, 0x10, 0x4, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0xa}, {[@noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001340)={'syztnl1\x00', &(0x7f00000012c0)={'syztnl0\x00', <r16=>0x0, 0x4, 0x9, 0xa, 0x2, 0x1b, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x27}, 0x7800, 0x20, 0xffffffff, 0x8001}})
sendmsg$TEAM_CMD_PORT_LIST_GET(r10, &(0x7f0000001ac0)={&(0x7f0000000f80), 0xc, &(0x7f0000001a80)={&(0x7f0000001680)={0x3c4, r11, 0x10, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r12}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r13}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}]}}, {{0x8, 0x1, r14}, {0x1b0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r16}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x3c4}, 0x1, 0x0, 0x0, 0x20000000}, 0x40080c0)

1.712085601s ago: executing program 0 (id=4240):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="581b0800", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1.587779092s ago: executing program 3 (id=4242):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a06580200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd40010010000100070c100000000200ffffffff", 0x58}], 0x1)

1.155972389s ago: executing program 1 (id=4244):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet(0x2, 0x80001, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="01000000050000000300"/20, @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.110620651s ago: executing program 0 (id=4245):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1d, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r3, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd4}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={r1, @in6={{0xa, 0x4e20, 0x5, @empty, 0x2800}}, 0x3, 0x0, 0x20000, 0x81, 0x10, 0x0, 0x4}, 0x9c)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r4, 0x0, 0x3, &(0x7f0000000040)=0x400, 0x4)

991.69331ms ago: executing program 2 (id=4246):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet(0x2, 0x80001, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="01000000050000000300"/20, @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

991.390436ms ago: executing program 0 (id=4247):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="0100000005"], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newsa={0x13c, 0x10, 0x413, 0x70bd29, 0x0, {{@in=@empty, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x20, 0x3b}, {@in=@private=0xa010102, 0x0, 0x32}, @in=@multicast1, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x8, 0x80000, 0x81}, {0x3, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80020}, 0x0, 0x0, 0x2, 0x4, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)

989.931725ms ago: executing program 1 (id=4248):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@security={'security\x00', 0x44, 0x4, 0x478, 0xffffffff, 0x0, 0x2a0, 0x2a0, 0xffffffff, 0xffffffff, 0x3a8, 0x3a8, 0x3a8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x203, 0xa8, 0x1d0, 0x8502}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x8000000, 'system_u:object_r:initctl_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x11}}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@loopback, [0x0, 0x0, 0xff]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8)

840.087795ms ago: executing program 4 (id=4249):
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32=0x0, @ANYBLOB="e8001a8048000a8014000700ff"], 0x15c}}, 0x0)

827.303557ms ago: executing program 2 (id=4250):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$inet(0x2, 0x80001, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="01000000050000000300"/20, @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

771.927037ms ago: executing program 1 (id=4251):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x4, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x3404c8d4)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000680)={0x0, 0xf7, 0x3, [0x4, 0x3, 0x5]}, 0xe) (fail_nth: 3)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0x1000f)

771.721671ms ago: executing program 0 (id=4252):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0c000400000000001c0012809700000000000000676500000c0002800800b7f9090000b400"], 0x3c}}, 0x4000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

405.57271ms ago: executing program 2 (id=4253):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000004000000000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000005e0001020000000000000000000001"], 0x1c}}, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="140100003400010000000000ffdbdf25020100800c002200000000000000000014160100010000000000000000000000000026562abd5ddf207d9f46000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc4684b36ec72dd71265fc2e882300006c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3b982167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac44337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be75fd3f0000"], 0x114}], 0x1}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1d, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x5d}}]}, &(0x7f0000000180)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=@newsa={0x15c, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@broadcast, 0x0, 0x6c}, @in=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}]}, 0x15c}}, 0x20000000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=@newsa={0x164, 0x10, 0x1, 0x7fffffc, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast2, 0x4, 0x6c}, @in6=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x5, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}, @etimer_thresh={0x8, 0xc, 0x6}]}, 0x164}}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xb, 0x12, &(0x7f0000000380)=@raw=[@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9931}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x75}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ldst={0x0, 0x3, 0x0, 0x1, 0x9, 0xfffffffffffffff0, 0x4}], 0x0, 0x1, 0x3a, &(0x7f0000000200)=""/58, 0x40f00, 0x3c, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x1, 0x7, 0x8, 0x1}, 0x10, 0x0, r1, 0xa, 0x0, &(0x7f00000006c0)=[{0x5, 0x2, 0xb, 0x5}, {0x3, 0x5, 0x10, 0x6}, {0x2, 0x1, 0x5, 0xd}, {0x3, 0x4, 0xa, 0x8}, {0x2, 0x4, 0xc, 0x8}, {0x2, 0x3, 0x1, 0x5}, {0x3, 0x3, 0x5, 0x6}, {0x2, 0x3, 0xd, 0x8}, {0x4, 0x1, 0xd, 0xb}, {0x1, 0x2, 0xe, 0x6}], 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r4}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r10}, 0x10)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r11, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)

405.254003ms ago: executing program 0 (id=4254):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x4, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x3404c8d4)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, 0x0, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r2, 0x6b, 0x2, &(0x7f0000001780), &(0x7f00000017c0)=0x4)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000000c0)={<r3=>0x0, 0xa5, "ef49a217319c1525e4a6ba40ecf988c0d10f2e42144446ea0709827af7b369063f1b7316aa601b14ab08d638694f81e6edfb23b7948167646d827758471eca605f0127f9661b0f5364ce559db4eab9ba5e8a2292c7576f444da81bdc3515913625f3442d1dcc19484d79af4d0d4f74bf346c9359129aba06dd426f8699397352b1d5ea026aaaaf104279a08f97aa622320657bb45cd52dc84ac8fa25f0a9d2c1df55759d9f"}, &(0x7f0000000000)=0xad)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000680)={r3, 0xf7, 0x3, [0x4, 0x3, 0x5]}, 0xe)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, 0x0, 0x1000f)

367.898173ms ago: executing program 4 (id=4255):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, 0x0, 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739}, 0x94)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="581b0800", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

342.593674ms ago: executing program 2 (id=4256):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000980)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc0200000000000000000000000000006401010200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000008700009c001100fe"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)

259.679444ms ago: executing program 1 (id=4257):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x198, 0x4, 0x9, 0x2, 0x68}, 0xb, 0x1, 0x5, 0x1, 0x5, 0x16, 0x15, 0x1d, 0x6, 0x4, {0x5, 0xb, 0x41, 0x0, 0x16, 0x3ff}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@mpls_getnetconf={0x3c, 0x52, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x100000}, @NETCONFA_IFINDEX={0x8}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1000}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8, 0x1, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f00000000c0)=0xd95, 0x4019e2060d4e3ac7)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=""/29, 0x1d}, 0xffff7fff}], 0x1, 0x20102, 0x0)

145.733957ms ago: executing program 2 (id=4258):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=@newsa={0x138, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@broadcast, 0x0, 0x6c}, @in=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000}, {0x0, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x20000000)

115.774037ms ago: executing program 0 (id=4259):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet(0x2, 0x80001, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="01000000050000000300"/20, @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 2 (id=4260):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet(0x2, 0x80001, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf000030", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32, @ANYBLOB="01000000050000000300"/20, @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

: No such helper "snmp"
[  414.586045][T16020] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  414.598552][T16020] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.767202][T10339] tipc: Resetting bearer <eth:syzkaller0>
[  414.786109][T16127] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3021'.
[  414.823527][T16127] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3021'.
[  414.834856][T16127] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3021'.
[  414.851782][T16120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3018'.
[  414.863031][T16127] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3021'.
[  414.877383][T16120] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  414.885219][T16120] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  415.191723][T16020] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  415.209093][T16145] netlink: 'syz.4.3024': attribute type 10 has an invalid length.
[  415.229628][T16020] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  415.279755][T16145] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  415.300399][T16145] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  415.331641][T16020] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  415.372519][T16145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  415.385987][T16020] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  415.556815][ T5863] Bluetooth: hci2: command tx timeout
[  415.723967][T16020] 8021q: adding VLAN 0 to HW filter on device bond0
[  415.814773][T16020] 8021q: adding VLAN 0 to HW filter on device team0
[  415.857093][T10337] bridge0: port 1(bridge_slave_0) entered blocking state
[  415.864299][T10337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  415.901441][T10337] bridge0: port 2(bridge_slave_1) entered blocking state
[  415.908711][T10337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  416.814617][T16204] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.3039'.
[  416.930139][T16020] 8021q: adding VLAN 0 to HW filter on device batadv0
[  417.040920][T16207] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3041'.
[  417.273774][T16207] team0: Port device team_slave_0 removed
[  417.355283][T16020] veth0_vlan: entered promiscuous mode
[  417.412702][T16020] veth1_vlan: entered promiscuous mode
[  417.531587][T16020] veth0_macvtap: entered promiscuous mode
[  417.580473][T16020] veth1_macvtap: entered promiscuous mode
[  417.639553][ T5863] Bluetooth: hci2: command tx timeout
[  417.653977][T16020] batman_adv: batadv0: Interface activated: batadv_slave_0
[  417.697094][T16020] batman_adv: batadv0: Interface activated: batadv_slave_1
[  417.747776][T16240] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3049'.
[  417.772528][T10340] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  417.811062][T10340] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  417.840343][T10340] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  417.902937][T10340] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  418.029201][T16254] netlink: 'syz.0.3054': attribute type 1 has an invalid length.
[  418.334355][T10332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.372971][T10332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  418.464544][T10339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.482425][T10339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  418.579239][T16275] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2987'.
[  418.584585][T16270] delete_channel: no stack
[  418.643785][T16275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2987'.
[  419.374783][T16290] sctp: [Deprecated]: syz.1.3063 (pid 16290) Use of struct sctp_assoc_value in delayed_ack socket option.
[  419.374783][T16290] Use struct sctp_sack_info instead
[  419.434298][T16286] IPVS: Scheduler module ip_vs_sip not found
[  419.498143][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  419.507708][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  419.525359][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  419.537232][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  419.554785][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  419.718289][ T5863] Bluetooth: hci2: command tx timeout
[  419.984499][T10335] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  420.005988][T10335] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.044979][T16310] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3068'.
[  420.084871][T10335] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  420.102280][T10335] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.206170][T10335] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  420.216127][T10335] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.250450][T16310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3068'.
[  420.298109][T10335] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  420.309830][T10335] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.581492][T16295] chnl_net:caif_netlink_parms(): no params data found
[  420.610199][T16320] IPVS: set_ctl: invalid protocol: 46 0.0.0.0:20003
[  420.658759][T16320] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3069'.
[  420.668708][T16320] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3069'.
[  420.968933][T10335] 
: left allmulticast mode
[  420.973509][T10335] 
: left promiscuous mode
[  420.984155][T10335] bridge0: port 1(
) entered disabled state
[  421.408642][T10335] bond1 (unregistering): (slave gretap1): Releasing backup interface
[  421.458138][T10335] bond3 (unregistering): (slave gretap3): Releasing active interface
[  421.637184][ T5850] Bluetooth: hci0: command tx timeout
[  422.202878][T10335] bond0 (unregistering): (slave 
7
7ÿ): Releasing backup interface
[  422.211393][T10335] ÿ: left promiscuous mode
[  422.219119][T10335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  422.229876][T10335] bond_slave_1: left promiscuous mode
[  422.241987][T10335] bond0 (unregistering): (slave team0): Releasing backup interface
[  422.250841][T10335] team0: left promiscuous mode
[  422.255615][T10335] team_slave_0: left promiscuous mode
[  422.261267][T10335] team_slave_1: left promiscuous mode
[  422.267362][T10335] batadv0: left promiscuous mode
[  422.274768][T10335] bond0 (unregistering): Released all slaves
[  422.410188][T10335] bond1 (unregistering): (slave bond2): Releasing backup interface
[  422.419099][T10335] bond1 (unregistering): Released all slaves
[  422.546815][T10335] bond2 (unregistering): Released all slaves
[  422.561398][T10335] bond3 (unregistering): Released all slaves
[  422.575082][T10335] bond4 (unregistering): Released all slaves
[  422.843950][T10335] tipc: Left network mode
[  422.845794][T16295] bridge0: port 1(bridge_slave_0) entered blocking state
[  422.897280][T16295] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.904702][T16295] bridge_slave_0: entered allmulticast mode
[  422.921144][T16295] bridge_slave_0: entered promiscuous mode
[  422.982953][T16364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3079'.
[  422.994930][T16295] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.008371][T16295] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.025759][T16295] bridge_slave_1: entered allmulticast mode
[  423.034901][T16295] bridge_slave_1: entered promiscuous mode
[  423.035585][T16367] Bluetooth: MGMT ver 1.23
[  423.113742][T16364] geneve2: entered promiscuous mode
[  423.166023][T16364] geneve2: entered allmulticast mode
[  423.339178][T16295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  423.378708][T16383] netlink: 264 bytes leftover after parsing attributes in process `syz.0.3084'.
[  423.472122][T16295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  423.728986][ T5863] Bluetooth: hci0: command tx timeout
[  423.768419][T16390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3086'.
[  423.806969][T16390] hsr_slave_0: left promiscuous mode
[  423.830507][T16390] hsr_slave_1: left promiscuous mode
[  423.891892][T16295] team0: Port device team_slave_0 added
[  423.902341][T16295] team0: Port device team_slave_1 added
[  424.183545][T10335] hsr_slave_0: left promiscuous mode
[  424.264019][T10335] veth1_macvtap: left promiscuous mode
[  424.287473][T10335] veth0_macvtap: left promiscuous mode
[  424.414801][T10335] veth1_vlan: left promiscuous mode
[  424.420362][T10335] veth0_vlan: left promiscuous mode
[  424.735253][T10335] team0 (unregistering): Port device batadv0 removed
[  425.172848][T10335] team0 (unregistering): Port device team_slave_1 removed
[  425.217611][T10335] team0 (unregistering): Port device team_slave_0 removed
[  425.603247][T16295] batman_adv: batadv0: Adding interface: batadv_slave_0
[  425.611491][T16295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  425.638918][T16295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  425.668108][T16295] batman_adv: batadv0: Adding interface: batadv_slave_1
[  425.675998][T16295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  425.704862][T16295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  425.796632][ T5863] Bluetooth: hci0: command tx timeout
[  425.943233][T16295] hsr_slave_0: entered promiscuous mode
[  425.951707][T16295] hsr_slave_1: entered promiscuous mode
[  426.022811][T16421] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3095'.
[  426.170173][T16425] netlink: 'syz.1.3097': attribute type 1 has an invalid length.
[  426.247861][T16428] netlink: 'syz.4.3098': attribute type 2 has an invalid length.
[  426.276238][T16428] xt_l2tp: v2 doesn't support IP mode
[  426.479023][T10335] IPVS: stop unused estimator thread 0...
[  426.649607][T16436] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3101'.
[  427.074978][T16444] Bluetooth: MGMT ver 1.23
[  427.223273][T16461] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3107'.
[  427.259506][T16460] netlink: 136 bytes leftover after parsing attributes in process `syz.4.3108'.
[  427.266543][T16461] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3107'.
[  427.300151][T16460] openvswitch: netlink: Flow actions attr not present in new flow.
[  427.599152][T16473] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3112'.
[  427.633323][T16472] vlan0: entered promiscuous mode
[  427.639644][ T6621] IPVS: starting estimator thread 0...
[  427.710420][T16481] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  427.719249][T16481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3114'.
[  427.728566][T16477] IPVS: using max 24 ests per chain, 57600 per kthread
[  427.738263][T16470] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3112'.
[  427.754859][T16475] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3114'.
[  427.765421][T16475] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3114'.
[  427.803331][T16476] tap0: tun_chr_ioctl cmd 1074025677
[  427.823805][T16476] tap0: linktype set to 823
[  427.859750][T16295] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  427.876992][ T5863] Bluetooth: hci0: command tx timeout
[  427.945467][T16295] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  428.004518][T16486] sctp: [Deprecated]: syz.0.3116 (pid 16486) Use of int in max_burst socket option.
[  428.004518][T16486] Use struct sctp_assoc_value instead
[  428.006458][T16295] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  428.096297][T16488] ipvlan1: entered promiscuous mode
[  428.171517][T16295] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  428.921641][T16295] 8021q: adding VLAN 0 to HW filter on device bond0
[  428.985291][T16295] 8021q: adding VLAN 0 to HW filter on device team0
[  429.055307][T10339] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.062526][T10339] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.155497][T10337] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.162729][T10337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.268254][T16545] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  429.348935][T16545] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  429.832630][T16567] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  430.079940][T16295] 8021q: adding VLAN 0 to HW filter on device batadv0
[  430.265055][T16295] veth0_vlan: entered promiscuous mode
[  430.304470][T16295] veth1_vlan: entered promiscuous mode
[  430.429744][T16295] veth0_macvtap: entered promiscuous mode
[  430.472334][T16295] veth1_macvtap: entered promiscuous mode
[  430.542110][T16295] batman_adv: batadv0: Interface activated: batadv_slave_0
[  430.588442][T16295] batman_adv: batadv0: Interface activated: batadv_slave_1
[  430.614369][T10334] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  430.649929][T10334] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  430.744234][T10340] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.774066][T10340] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  431.105296][T16610] @: left promiscuous mode
[  431.122435][T16610] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  431.146213][T16610] gretap1: left promiscuous mode
[  431.166204][T16610] tipc: Resetting bearer <eth:syzkaller0>
[  431.177713][T16610] tipc: Resetting bearer <eth:syzkaller0>
[  431.185272][T16610] bond4: left promiscuous mode
[  431.194216][T16610] vxlan1: left promiscuous mode
[  431.199599][T16610] vxlan1: left allmulticast mode
[  431.268466][T16616] __nla_validate_parse: 6 callbacks suppressed
[  431.268488][T16616] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3154'.
[  431.285627][T10340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.303036][T10340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.453421][T16616] netlink: 'syz.3.3154': attribute type 10 has an invalid length.
[  431.531333][T16616] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  431.559385][T16627] xt_hashlimit: max too large, truncated to 1048576
[  431.567373][T16627] No such timeout policy "syz1"
[  431.579929][T10340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.588166][T10340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.845137][T16633] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3058'.
[  431.870557][T16633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3058'.
[  432.965597][T16666] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3169'.
[  432.972178][T16667] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  433.069602][T16672] netlink: 'syz.1.3169': attribute type 4 has an invalid length.
[  433.146724][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  433.182494][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  433.192690][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  433.207929][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  433.215717][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  433.324709][T10334] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  433.540133][T10334] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  433.709936][T10334] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  433.842788][T16701] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3182'.
[  433.888379][T16701] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3182'.
[  433.891109][T10334] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  434.375159][T10334] batadv0: left allmulticast mode
[  434.384887][T10334] batadv0: left promiscuous mode
[  434.397275][T10334] bridge0: port 3(batadv0) entered disabled state
[  434.441425][T10334] bridge_slave_1: left allmulticast mode
[  434.452683][T10334] bridge_slave_1: left promiscuous mode
[  434.460394][T16729] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3191'.
[  434.472557][T10334] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.482187][T16729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3191'.
[  434.497147][T10334] bridge_slave_0: left allmulticast mode
[  434.503473][T10334] bridge_slave_0: left promiscuous mode
[  434.510726][T10334] bridge0: port 1(bridge_slave_0) entered disabled state
[  434.811373][T16742] ipt_ECN: cannot use operation on non-tcp rule
[  434.892046][T10334] batman_adv: batadv0: Removing interface: ip6gretap2
[  435.141059][T10334] bond1 (unregistering): (slave gretap1): Releasing active interface
[  435.182806][T16731] netlink: 'syz.4.3189': attribute type 11 has an invalid length.
[  435.205075][T16731] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3189'.
[  435.322231][ T5863] Bluetooth: hci3: command tx timeout
[  435.512588][T10334] bond3 (unregistering): (slave bridge5): Releasing active interface
[  436.071126][T10334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  436.080680][T10334] bond_slave_0: left promiscuous mode
[  436.088984][T10334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  436.100664][T10334] bond_slave_1: left promiscuous mode
[  436.106587][T10334] bond0 (unregistering): Released all slaves
[  436.224419][T10334] bond1 (unregistering): Released all slaves
[  436.241037][T10334] bond2 (unregistering): Released all slaves
[  436.254163][T10334] bond3 (unregistering): Released all slaves
[  436.376012][T10334] bond4 (unregistering): Released all slaves
[  436.490785][T10334] bond5 (unregistering): Released all slaves
[  436.506245][T10334] bond6 (unregistering): Released all slaves
[  436.556732][T16674] chnl_net:caif_netlink_parms(): no params data found
[  436.827445][T10334] : left promiscuous mode
[  437.011124][T10334] tipc: Disabling bearer <eth:syzkaller0>
[  437.044586][T10334] tipc: Disabling bearer <udp:syz1>
[  437.063444][T10334] tipc: Left network mode
[  437.116948][T10334] IPVS: stopping backup sync thread 15556 ...
[  437.129593][T16771] netlink: 'syz.3.3202': attribute type 1 has an invalid length.
[  437.277444][T16771] 8021q: adding VLAN 0 to HW filter on device bond2
[  437.296171][T16674] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.304565][T16674] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.351481][T16674] bridge_slave_0: entered allmulticast mode
[  437.359681][T16674] bridge_slave_0: entered promiscuous mode
[  437.405602][ T5863] Bluetooth: hci3: command tx timeout
[  437.408611][T16774] 8021q: adding VLAN 0 to HW filter on device bond2
[  437.421205][T16774] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  437.434475][T16774] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  437.540336][T16771] macvlan2: entered promiscuous mode
[  437.545701][T16771] macvlan2: entered allmulticast mode
[  437.559638][T16674] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.569156][T16674] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.577890][T16674] bridge_slave_1: entered allmulticast mode
[  437.585687][T16674] bridge_slave_1: entered promiscuous mode
[  437.805706][T16674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  437.827991][T16674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  438.059281][T16674] team0: Port device team_slave_0 added
[  438.150410][T16674] team0: Port device team_slave_1 added
[  438.300768][T16674] batman_adv: batadv0: Adding interface: batadv_slave_0
[  438.336503][T16674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.392807][T16674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  438.434315][T10334] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.452200][T10334] batman_adv: batadv0: Removing interface: batadv_slave_1
[  438.470984][T10334] batman_adv: batadv0: Removing interface: ÿÿÿÿÿÿ
[  438.514067][T10334] team0 (unregistering): Port device batadv1 removed
[  438.525044][T16808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3212'.
[  438.853395][T16819] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  438.860715][T16819] IPv6: NLM_F_CREATE should be set when creating new route
[  438.942682][T16820] netlink: 'syz.2.3215': attribute type 1 has an invalid length.
[  439.035622][T10334] team0 (unregistering): Port device team_slave_1 removed
[  439.080205][T10334] team0 (unregistering): Port device team_slave_0 removed
[  439.476693][ T5863] Bluetooth: hci3: command tx timeout
[  439.558356][T16674] batman_adv: batadv0: Adding interface: batadv_slave_1
[  439.565356][T16674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.597080][T16674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  439.731807][T16819] lo: entered allmulticast mode
[  439.758339][T16819] tunl0: entered allmulticast mode
[  439.799423][T16819] gre0: entered allmulticast mode
[  439.834580][T16819] gretap0: entered allmulticast mode
[  439.846302][T16819] erspan0: entered allmulticast mode
[  439.860817][T16819] ip_vti0: entered allmulticast mode
[  439.869511][T16819] ip6_vti0: entered allmulticast mode
[  439.878656][T16819] sit0: entered allmulticast mode
[  439.890772][T16819] ip6tnl0: entered allmulticast mode
[  439.892920][T16826] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3218'.
[  439.900607][T16819] ip6gre0: entered allmulticast mode
[  439.907064][T16826] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3218'.
[  439.920505][T16826] netlink: 'syz.3.3218': attribute type 5 has an invalid length.
[  439.922653][T16819] syz_tun: entered allmulticast mode
[  439.928296][T16826] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3218'.
[  439.954150][T16819] ip6gretap0: entered allmulticast mode
[  439.967524][T16819] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.975325][T16819] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.983981][T16819] bridge0: entered allmulticast mode
[  439.992975][T16819] vcan0: entered allmulticast mode
[  440.003120][T16819] bond0: entered allmulticast mode
[  440.008720][T16819] bond_slave_0: entered allmulticast mode
[  440.014844][T16819] bond_slave_1: entered allmulticast mode
[  440.027674][T16819] team0: entered allmulticast mode
[  440.032820][T16819] team_slave_0: entered allmulticast mode
[  440.039725][T16819] team_slave_1: entered allmulticast mode
[  440.055117][T16819] dummy0: entered allmulticast mode
[  440.064175][T16819] nlmon0: entered allmulticast mode
[  440.072015][T16819] caif0: entered allmulticast mode
[  440.078043][T16819] batadv0: entered allmulticast mode
[  440.089427][T16819] vxcan0: entered allmulticast mode
[  440.096181][T16819] vxcan1: entered allmulticast mode
[  440.103109][T16819] veth0: entered allmulticast mode
[  440.115338][T16819] veth1: entered allmulticast mode
[  440.125198][T16819] wg0: entered allmulticast mode
[  440.134137][T16819] wg1: entered allmulticast mode
[  440.144834][T16819] wg2: entered allmulticast mode
[  440.154628][T16819] veth0_to_bridge: entered allmulticast mode
[  440.170448][T16819] veth1_to_bridge: entered allmulticast mode
[  440.184239][T16819] veth0_to_bond: entered allmulticast mode
[  440.196144][T16819] veth1_to_bond: entered allmulticast mode
[  440.209409][T16819] veth0_to_team: entered allmulticast mode
[  440.228869][T16819] veth1_to_team: entered allmulticast mode
[  440.242868][T16819] veth0_to_batadv: entered allmulticast mode
[  440.254513][T16819] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  440.262714][T16819] batadv_slave_0: entered allmulticast mode
[  440.274727][T16819] veth1_to_batadv: entered allmulticast mode
[  440.284618][T16819] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  440.293469][T16819] batadv_slave_1: entered allmulticast mode
[  440.305621][T16819] xfrm0: entered allmulticast mode
[  440.314995][T16819] veth0_to_hsr: entered allmulticast mode
[  440.324517][T16819] hsr_slave_0: entered allmulticast mode
[  440.334598][T16819] veth1_to_hsr: entered allmulticast mode
[  440.344565][T16819] hsr_slave_1: entered allmulticast mode
[  440.360202][T16819] hsr0: entered allmulticast mode
[  440.371741][T16819] veth1_virt_wifi: entered allmulticast mode
[  440.381372][T16819] veth0_virt_wifi: entered allmulticast mode
[  440.392362][T16819] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  440.400819][T16819] veth1_vlan: entered allmulticast mode
[  440.412757][T16819] veth0_vlan: entered allmulticast mode
[  440.433904][T16819] vlan0: entered allmulticast mode
[  440.439565][T16819] vlan1: entered allmulticast mode
[  440.445705][T16819] macvlan0: entered allmulticast mode
[  440.461475][T16819] macvlan1: entered allmulticast mode
[  440.471093][T16819] ipvlan0: entered allmulticast mode
[  440.477033][T16819] ipvlan1: entered allmulticast mode
[  440.483493][T16819] veth1_macvtap: entered allmulticast mode
[  440.493641][T16819] veth0_macvtap: entered allmulticast mode
[  440.503838][T16819] macvtap0: entered allmulticast mode
[  440.515147][T16819] macsec0: entered allmulticast mode
[  440.533824][T16819] geneve0: entered allmulticast mode
[  440.543356][T16819] geneve1: entered allmulticast mode
[  440.553914][T16819] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  440.570521][T16819] netdevsim netdevsim2 netdevsim1: entered allmulticast mode
[  440.580901][T16819] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[  440.594940][T16819] netdevsim netdevsim2 netdevsim3: entered allmulticast mode
[  440.617937][T16819] mac80211_hwsim hwsim31 wlan0: entered allmulticast mode
[  440.638723][T16819] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode
[  440.698832][T10339] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.732525][T10339] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.813704][T10339] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.837514][T10339] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.867980][T16674] hsr_slave_0: entered promiscuous mode
[  440.887131][T16674] hsr_slave_1: entered promiscuous mode
[  440.896883][T16674] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  440.910804][T16674] Cannot create hsr debugfs directory
[  440.938313][T16835] xfrm1: entered promiscuous mode
[  440.944036][T16835] xfrm1: entered allmulticast mode
[  440.956816][T16835] netlink: 'syz.4.3222': attribute type 1 has an invalid length.
[  441.050438][T16839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3223'.
[  441.182413][T10334] IPVS: stop unused estimator thread 0...
[  441.205466][T16842] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3224'.
[  441.562912][ T5863] Bluetooth: hci3: command tx timeout
[  441.691535][T16857] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3229'.
[  441.980863][T16862] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3231'.
[  442.073993][T16868] netlink: 300 bytes leftover after parsing attributes in process `syz.3.3234'.
[  442.097197][T16868] netlink: 'syz.3.3234': attribute type 21 has an invalid length.
[  442.105394][T16868] netlink: 'syz.3.3234': attribute type 1 has an invalid length.
[  442.116151][T16868] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3234'.
[  442.128276][T16868] netlink: 'syz.3.3234': attribute type 1 has an invalid length.
[  442.195341][T16674] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  442.211426][T16674] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  442.222209][T16674] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  442.234649][T16674] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  442.322039][T16674] 8021q: adding VLAN 0 to HW filter on device bond0
[  442.345539][T16674] 8021q: adding VLAN 0 to HW filter on device team0
[  442.365631][T10337] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.372800][T10337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  442.383860][T10337] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.391006][T10337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  442.632348][T16674] 8021q: adding VLAN 0 to HW filter on device batadv0
[  442.683479][T16674] veth0_vlan: entered promiscuous mode
[  442.695547][T16674] veth1_vlan: entered promiscuous mode
[  442.728596][T16674] veth0_macvtap: entered promiscuous mode
[  442.739875][T16674] veth1_macvtap: entered promiscuous mode
[  442.762844][T16674] batman_adv: batadv0: Interface activated: batadv_slave_0
[  442.792987][T16674] batman_adv: batadv0: Interface activated: batadv_slave_1
[  442.813028][T10333] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  442.825152][T10333] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  442.840835][T10333] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  442.849988][T10333] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  442.925466][T10334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.935068][T10334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.962979][T10333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.971624][T10333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.103082][T10333] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  487.135255][T10333] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 52071 - 0
[  487.153786][T10333] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  487.259253][T10333] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  487.302164][T10333] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 52071 - 0
[  487.350031][T10333] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  487.549392][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  487.569907][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  487.582347][T10333] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  487.594069][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  487.602561][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  487.611501][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  487.626307][T10333] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 52071 - 0
[  487.643130][T10333] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  487.717609][T16922] __nla_validate_parse: 3 callbacks suppressed
[  487.717631][T16922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3242'.
[  487.786194][T10333] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  487.790633][T16922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3242'.
[  487.814135][T10333] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 52071 - 0
[  487.842559][T10333] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  488.087814][T16927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3245'.
[  488.663382][T16935] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.3247'.
[  489.662573][T10333] dvmrp0 (unregistering): left allmulticast mode
[  489.726996][ T5863] Bluetooth: hci1: command tx timeout
[  490.191512][T10333] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  490.200884][T10333] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[  490.214751][T10333] bond0 (unregistering): Released all slaves
[  490.233823][T10333] bond1 (unregistering): Released all slaves
[  490.382512][T10333] bond2 (unregistering): Released all slaves
[  490.526209][T10333] bond3 (unregistering): Released all slaves
[  490.558308][T16916] chnl_net:caif_netlink_parms(): no params data found
[  490.789127][T10333] : left promiscuous mode
[  490.935906][T10333] tipc: Left network mode
[  491.392265][T16916] bridge0: port 1(bridge_slave_0) entered blocking state
[  491.422249][T16916] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.441932][T16916] bridge_slave_0: entered allmulticast mode
[  491.462503][T16916] bridge_slave_0: entered promiscuous mode
[  491.523779][T16916] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.531371][T16916] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.539178][T16916] bridge_slave_1: entered allmulticast mode
[  491.547082][T16916] bridge_slave_1: entered promiscuous mode
[  491.681930][T16916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  491.796889][ T5863] Bluetooth: hci1: command tx timeout
[  491.898996][T16916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  492.056588][T16998] Cannot find set identified by id 0 to match
[  492.329049][T17003] netlink: 'syz.1.3265': attribute type 1 has an invalid length.
[  492.337860][T17002] netlink: 'syz.1.3265': attribute type 1 has an invalid length.
[  492.353386][T17002] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3265'.
[  492.362714][T17003] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3265'.
[  492.377484][T17002] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3265'.
[  492.387682][T17003] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3265'.
[  492.398540][T16916] team0: Port device team_slave_0 added
[  492.491993][T17008] netlink: 'syz.1.3267': attribute type 10 has an invalid length.
[  492.500271][T17008] netlink: 192 bytes leftover after parsing attributes in process `syz.1.3267'.
[  492.500458][T10333] veth1_macvtap: left promiscuous mode
[  492.524829][T10333] veth0_macvtap: left promiscuous mode
[  493.454433][T16916] team0: Port device team_slave_1 added
[  493.719705][T16916] batman_adv: batadv0: Adding interface: batadv_slave_0
[  493.751186][T16916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  493.777483][T16916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  493.820443][T16916] batman_adv: batadv0: Adding interface: batadv_slave_1
[  493.836875][T16916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  493.879102][ T5863] Bluetooth: hci1: command tx timeout
[  493.890177][T16916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.028969][T16916] hsr_slave_0: entered promiscuous mode
[  494.042063][T16916] hsr_slave_1: entered promiscuous mode
[  494.050267][T16916] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  494.078515][T16916] Cannot create hsr debugfs directory
[  494.501431][T17040] netlink: 'syz.1.3278': attribute type 10 has an invalid length.
[  494.533644][T17040] netlink: 192 bytes leftover after parsing attributes in process `syz.1.3278'.
[  494.544479][T10333] IPVS: stop unused estimator thread 0...
[  494.661449][T17042] : entered promiscuous mode
[  495.026760][T17046] bond1: entered promiscuous mode
[  495.041868][T17046] bond1: entered allmulticast mode
[  495.049867][T17046] 8021q: adding VLAN 0 to HW filter on device bond1
[  495.075017][T17047] wireguard0: entered promiscuous mode
[  495.081061][T17047] wireguard0: entered allmulticast mode
[  495.105211][T17057] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3281'.
[  495.866954][T17074] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3286'.
[  495.959868][ T5863] Bluetooth: hci1: command tx timeout
[  496.010048][T16916] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  496.109463][T16916] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  496.148360][T16916] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  496.191081][T17084] netlink: 'syz.0.3289': attribute type 10 has an invalid length.
[  496.208996][T16916] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  496.210326][T17084] netlink: 192 bytes leftover after parsing attributes in process `syz.0.3289'.
[  496.548819][T16916] 8021q: adding VLAN 0 to HW filter on device bond0
[  496.622763][T16916] 8021q: adding VLAN 0 to HW filter on device team0
[  496.700358][T10337] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.707566][T10337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.758535][T10338] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.765781][T10338] bridge0: port 2(bridge_slave_1) entered forwarding state
[  497.027781][T17130] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3301'.
[  497.558240][T16916] 8021q: adding VLAN 0 to HW filter on device batadv0
[  497.723818][T17162] openvswitch: netlink: Unknown key attributes 2
[  497.939699][T17168] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3311'.
[  498.097566][T17175] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3313'.
[  498.237135][T17179] netlink: 'syz.2.3315': attribute type 10 has an invalid length.
[  498.266157][T17179] mac80211_hwsim hwsim32 wlan1: left allmulticast mode
[  498.310388][T17179] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode
[  498.346116][T17179] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  498.363264][T17190] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3316'.
[  498.584143][T17190] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.667424][T17192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3316'.
[  498.809293][T17190] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.971513][T17190] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.219803][T17190] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.421336][T16916] veth0_vlan: entered promiscuous mode
[  499.544444][T17216] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3324'.
[  499.550066][T17209] syzkaller0: entered promiscuous mode
[  499.560752][T17209] syzkaller0: entered allmulticast mode
[  499.569266][T10332] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  499.589828][T16916] veth1_vlan: entered promiscuous mode
[  501.285252][T10339] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  501.324492][T10333] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  501.408282][T10340] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  501.418211][T17226] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3327'.
[  501.499505][T16916] veth0_macvtap: entered promiscuous mode
[  501.544290][T16916] veth1_macvtap: entered promiscuous mode
[  501.608461][T16916] batman_adv: batadv0: Interface activated: batadv_slave_0
[  501.682016][T16916] batman_adv: batadv0: Interface activated: batadv_slave_1
[  501.721147][T10333] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  501.753764][T17235] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3331'.
[  501.763677][T10333] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  501.783832][T10333] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  501.806672][T17235] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3331'.
[  501.836765][T10333] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  501.846064][T17238] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3332'.
[  501.967945][T17238] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3332'.
[  501.976578][T17239] block nbd2: server does not support multiple connections per device.
[  501.985324][T17239] block nbd2: shutting down sockets
[  502.024706][T17243] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3334'.
[  502.242887][T17248] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3335'.
[  502.534984][T10338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  502.556694][T10338] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  502.664436][T10340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  502.693266][T10340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  502.845696][T17275] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3346'.
[  502.952636][T17282] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3346'.
[  502.986121][T17275] block nbd2: server does not support multiple connections per device.
[  503.026933][T17275] block nbd2: shutting down sockets
[  504.436589][T17317] block nbd2: server does not support multiple connections per device.
[  504.446800][T17317] block nbd2: shutting down sockets
[  504.602171][T17329] FAULT_INJECTION: forcing a failure.
[  504.602171][T17329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  504.637932][T17329] CPU: 1 UID: 0 PID: 17329 Comm: syz.1.3362 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  504.637954][T17329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  504.637969][T17329] Call Trace:
[  504.637975][T17329]  <TASK>
[  504.637981][T17329]  dump_stack_lvl+0x189/0x250
[  504.638000][T17329]  ? __pfx____ratelimit+0x10/0x10
[  504.638020][T17329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  504.638034][T17329]  ? __pfx__printk+0x10/0x10
[  504.638058][T17329]  should_fail_ex+0x414/0x560
[  504.638079][T17329]  strncpy_from_user+0x36/0x290
[  504.638098][T17329]  getname_flags+0xf3/0x540
[  504.638118][T17329]  do_sys_openat2+0xbc/0x1c0
[  504.638132][T17329]  ? __pfx_do_sys_openat2+0x10/0x10
[  504.638144][T17329]  ? ksys_write+0x22a/0x250
[  504.638159][T17329]  ? __pfx_ksys_write+0x10/0x10
[  504.638171][T17329]  ? rcu_is_watching+0x15/0xb0
[  504.638187][T17329]  __x64_sys_openat+0x138/0x170
[  504.638203][T17329]  do_syscall_64+0xfa/0x3b0
[  504.638217][T17329]  ? lockdep_hardirqs_on+0x9c/0x150
[  504.638231][T17329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.638243][T17329]  ? clear_bhb_loop+0x60/0xb0
[  504.638257][T17329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.638268][T17329] RIP: 0033:0x7f2212f8e929
[  504.638280][T17329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.638291][T17329] RSP: 002b:00007f2213d3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  504.638306][T17329] RAX: ffffffffffffffda RBX: 00007f22131b5fa0 RCX: 00007f2212f8e929
[  504.638315][T17329] RDX: 000000000000275a RSI: 0000200000000200 RDI: 0000000000000007
[  504.638323][T17329] RBP: 00007f2213d3f090 R08: 0000000000000000 R09: 0000000000000000
[  504.638330][T17329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.638337][T17329] R13: 0000000000000000 R14: 00007f22131b5fa0 R15: 00007ffe9e7cd468
[  504.638356][T17329]  </TASK>
[  504.652790][T17332] __nla_validate_parse: 4 callbacks suppressed
[  504.652809][T17332] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3363'.
[  505.312800][T17354] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3370'.
[  505.324499][T17354] syz_tun: entered promiscuous mode
[  505.464237][T17361] netlink: 'syz.4.3372': attribute type 83 has an invalid length.
[  505.535968][T17366] FAULT_INJECTION: forcing a failure.
[  505.535968][T17366] name failslab, interval 1, probability 0, space 0, times 0
[  505.620316][T17366] CPU: 0 UID: 0 PID: 17366 Comm: syz.0.3375 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  505.620348][T17366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  505.620361][T17366] Call Trace:
[  505.620369][T17366]  <TASK>
[  505.620378][T17366]  dump_stack_lvl+0x189/0x250
[  505.620409][T17366]  ? __pfx____ratelimit+0x10/0x10
[  505.620436][T17366]  ? __pfx_dump_stack_lvl+0x10/0x10
[  505.620460][T17366]  ? __pfx__printk+0x10/0x10
[  505.620494][T17366]  ? __pfx___might_resched+0x10/0x10
[  505.620516][T17366]  ? fs_reclaim_acquire+0x7d/0x100
[  505.620550][T17366]  should_fail_ex+0x414/0x560
[  505.620586][T17366]  should_failslab+0xa8/0x100
[  505.620614][T17366]  kmem_cache_alloc_noprof+0x73/0x3c0
[  505.620637][T17366]  ? alloc_empty_file+0x55/0x1d0
[  505.620668][T17366]  alloc_empty_file+0x55/0x1d0
[  505.620698][T17366]  path_openat+0x107/0x3830
[  505.620718][T17366]  ? arch_stack_walk+0xfc/0x150
[  505.620768][T17366]  ? kasan_save_track+0x4f/0x80
[  505.620788][T17366]  ? kasan_save_track+0x3e/0x80
[  505.620806][T17366]  ? __kasan_slab_alloc+0x6c/0x80
[  505.620827][T17366]  ? getname_flags+0xb8/0x540
[  505.620852][T17366]  ? __pfx_path_openat+0x10/0x10
[  505.620871][T17366]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.620913][T17366]  do_filp_open+0x1fa/0x410
[  505.620933][T17366]  ? __lock_acquire+0xab9/0xd20
[  505.620957][T17366]  ? __pfx_do_filp_open+0x10/0x10
[  505.621000][T17366]  ? _raw_spin_unlock+0x28/0x50
[  505.621020][T17366]  ? alloc_fd+0x64c/0x6c0
[  505.621059][T17366]  do_sys_openat2+0x121/0x1c0
[  505.621083][T17366]  ? __pfx_do_sys_openat2+0x10/0x10
[  505.621112][T17366]  ? ksys_write+0x22a/0x250
[  505.621136][T17366]  ? __pfx_ksys_write+0x10/0x10
[  505.621156][T17366]  ? rcu_is_watching+0x15/0xb0
[  505.621181][T17366]  __x64_sys_openat+0x138/0x170
[  505.621206][T17366]  do_syscall_64+0xfa/0x3b0
[  505.621230][T17366]  ? lockdep_hardirqs_on+0x9c/0x150
[  505.621254][T17366]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.621274][T17366]  ? clear_bhb_loop+0x60/0xb0
[  505.621299][T17366]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.621318][T17366] RIP: 0033:0x7ff0f8b8e929
[  505.621337][T17366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  505.621354][T17366] RSP: 002b:00007ff0f9a79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  505.621376][T17366] RAX: ffffffffffffffda RBX: 00007ff0f8db5fa0 RCX: 00007ff0f8b8e929
[  505.621391][T17366] RDX: 000000000000275a RSI: 0000200000000200 RDI: 0000000000000007
[  505.621404][T17366] RBP: 00007ff0f9a79090 R08: 0000000000000000 R09: 0000000000000000
[  505.621417][T17366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  505.621429][T17366] R13: 0000000000000000 R14: 00007ff0f8db5fa0 R15: 00007ffc8efdbdf8
[  505.621461][T17366]  </TASK>
[  505.929110][T17371] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3379'.
[  506.004173][T17378] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3378'.
[  506.087034][T17378] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3378'.
[  506.443490][T17388] netlink: 292 bytes leftover after parsing attributes in process `syz.4.3384'.
[  506.479185][T17392] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3385'.
[  506.630248][T17396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3388'.
[  506.641284][T17396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3388'.
[  506.668086][T17396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3388'.
[  506.808380][T17401] tipc: Started in network mode
[  506.833700][T17401] tipc: Node identity 8ed80dbaecde, cluster identity 4711
[  506.848945][T17401] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  506.916776][T17401] syzkaller0: entered promiscuous mode
[  506.924407][T17401] syzkaller0: entered allmulticast mode
[  506.977446][T17401] tipc: Resetting bearer <eth:syzkaller0>
[  507.046696][T17400] tipc: Resetting bearer <eth:syzkaller0>
[  507.265573][T17400] tipc: Disabling bearer <eth:syzkaller0>
[  507.898061][T17418] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.912994][T17418] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.466420][T17431] syz_tun: entered promiscuous mode
[  509.191308][T17473] FAULT_INJECTION: forcing a failure.
[  509.191308][T17473] name failslab, interval 1, probability 0, space 0, times 0
[  509.239085][T17473] CPU: 0 UID: 0 PID: 17473 Comm: syz.1.3412 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  509.239118][T17473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  509.239130][T17473] Call Trace:
[  509.239139][T17473]  <TASK>
[  509.239148][T17473]  dump_stack_lvl+0x189/0x250
[  509.239179][T17473]  ? __pfx____ratelimit+0x10/0x10
[  509.239205][T17473]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.239229][T17473]  ? __pfx__printk+0x10/0x10
[  509.239265][T17473]  ? __pfx___might_resched+0x10/0x10
[  509.239287][T17473]  ? fs_reclaim_acquire+0x7d/0x100
[  509.239323][T17473]  should_fail_ex+0x414/0x560
[  509.239359][T17473]  should_failslab+0xa8/0x100
[  509.239387][T17473]  __kmalloc_noprof+0xcb/0x4f0
[  509.239409][T17473]  ? kfree+0x4d/0x440
[  509.239428][T17473]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  509.239455][T17473]  tomoyo_realpath_from_path+0xe3/0x5d0
[  509.239493][T17473]  tomoyo_check_open_permission+0x1c1/0x3b0
[  509.239520][T17473]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  509.239543][T17473]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  509.239570][T17473]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  509.239596][T17473]  ? __x64_sys_openat+0x138/0x170
[  509.239658][T17473]  ? mnt_get_write_access+0x68/0x2a0
[  509.239680][T17473]  ? tomoyo_file_open+0x165/0x220
[  509.239708][T17473]  security_file_open+0xb1/0x270
[  509.239735][T17473]  do_dentry_open+0x35e/0x1970
[  509.239786][T17473]  vfs_open+0x3b/0x340
[  509.239810][T17473]  ? path_openat+0x2ecd/0x3830
[  509.239834][T17473]  path_openat+0x2ee5/0x3830
[  509.239851][T17473]  ? arch_stack_walk+0xfc/0x150
[  509.239914][T17473]  ? __pfx_path_openat+0x10/0x10
[  509.239932][T17473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.239985][T17473]  do_filp_open+0x1fa/0x410
[  509.240004][T17473]  ? __lock_acquire+0xab9/0xd20
[  509.240029][T17473]  ? __pfx_do_filp_open+0x10/0x10
[  509.240078][T17473]  ? _raw_spin_unlock+0x28/0x50
[  509.240105][T17473]  ? alloc_fd+0x64c/0x6c0
[  509.240147][T17473]  do_sys_openat2+0x121/0x1c0
[  509.240170][T17473]  ? __pfx_do_sys_openat2+0x10/0x10
[  509.240192][T17473]  ? ksys_write+0x22a/0x250
[  509.240219][T17473]  ? __pfx_ksys_write+0x10/0x10
[  509.240240][T17473]  ? rcu_is_watching+0x15/0xb0
[  509.240268][T17473]  __x64_sys_openat+0x138/0x170
[  509.240296][T17473]  do_syscall_64+0xfa/0x3b0
[  509.240320][T17473]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.240345][T17473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.240365][T17473]  ? clear_bhb_loop+0x60/0xb0
[  509.240390][T17473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.240409][T17473] RIP: 0033:0x7f2212f8e929
[  509.240429][T17473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.240446][T17473] RSP: 002b:00007f2213d3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  509.240470][T17473] RAX: ffffffffffffffda RBX: 00007f22131b5fa0 RCX: 00007f2212f8e929
[  509.240484][T17473] RDX: 000000000000275a RSI: 0000200000000200 RDI: 0000000000000007
[  509.240497][T17473] RBP: 00007f2213d3f090 R08: 0000000000000000 R09: 0000000000000000
[  509.240510][T17473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  509.240521][T17473] R13: 0000000000000000 R14: 00007f22131b5fa0 R15: 00007ffe9e7cd468
[  509.240556][T17473]  </TASK>
[  509.242876][T17473] ERROR: Out of memory at tomoyo_realpath_from_path.
[  509.810070][T17485] FAULT_INJECTION: forcing a failure.
[  509.810070][T17485] name failslab, interval 1, probability 0, space 0, times 0
[  509.835684][T17485] CPU: 1 UID: 0 PID: 17485 Comm: syz.1.3416 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  509.835734][T17485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  509.835745][T17485] Call Trace:
[  509.835753][T17485]  <TASK>
[  509.835762][T17485]  dump_stack_lvl+0x189/0x250
[  509.835790][T17485]  ? __pfx____ratelimit+0x10/0x10
[  509.835813][T17485]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.835838][T17485]  ? __pfx__printk+0x10/0x10
[  509.835871][T17485]  ? __pfx___might_resched+0x10/0x10
[  509.835892][T17485]  ? fs_reclaim_acquire+0x7d/0x100
[  509.835926][T17485]  should_fail_ex+0x414/0x560
[  509.835960][T17485]  should_failslab+0xa8/0x100
[  509.835987][T17485]  __kmalloc_noprof+0xcb/0x4f0
[  509.836017][T17485]  ? kfree+0x4d/0x440
[  509.836036][T17485]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  509.836062][T17485]  tomoyo_realpath_from_path+0xe3/0x5d0
[  509.836084][T17485]  ? tomoyo_domain+0xd9/0x130
[  509.836110][T17485]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  509.836137][T17485]  tomoyo_path_number_perm+0x1e8/0x5a0
[  509.836166][T17485]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  509.836210][T17485]  ? __lock_acquire+0xab9/0xd20
[  509.836256][T17485]  ? __fget_files+0x2a/0x420
[  509.836287][T17485]  ? __fget_files+0x2a/0x420
[  509.836312][T17485]  ? __fget_files+0x3a0/0x420
[  509.836340][T17485]  ? __fget_files+0x2a/0x420
[  509.836370][T17485]  security_file_ioctl+0xcb/0x2d0
[  509.836398][T17485]  __se_sys_ioctl+0x47/0x170
[  509.836422][T17485]  do_syscall_64+0xfa/0x3b0
[  509.836445][T17485]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.836469][T17485]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.836489][T17485]  ? clear_bhb_loop+0x60/0xb0
[  509.836515][T17485]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.836533][T17485] RIP: 0033:0x7f2212f8e929
[  509.836553][T17485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.836570][T17485] RSP: 002b:00007f2213d3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  509.836593][T17485] RAX: ffffffffffffffda RBX: 00007f22131b5fa0 RCX: 00007f2212f8e929
[  509.836607][T17485] RDX: 0000200000000000 RSI: 0000000000008b19 RDI: 0000000000000003
[  509.836620][T17485] RBP: 00007f2213d3f090 R08: 0000000000000000 R09: 0000000000000000
[  509.836632][T17485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  509.836644][T17485] R13: 0000000000000000 R14: 00007f22131b5fa0 R15: 00007ffe9e7cd468
[  509.836679][T17485]  </TASK>
[  510.108040][T17485] ERROR: Out of memory at tomoyo_realpath_from_path.
[  510.158942][T17490] __nla_validate_parse: 8 callbacks suppressed
[  510.158964][T17490] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3419'.
[  510.672540][T17508] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.709322][T17515] FAULT_INJECTION: forcing a failure.
[  510.709322][T17515] name failslab, interval 1, probability 0, space 0, times 0
[  510.722101][T17515] CPU: 1 UID: 0 PID: 17515 Comm: syz.3.3427 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  510.722132][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  510.722144][T17515] Call Trace:
[  510.722153][T17515]  <TASK>
[  510.722161][T17515]  dump_stack_lvl+0x189/0x250
[  510.722188][T17515]  ? __pfx____ratelimit+0x10/0x10
[  510.722204][T17515]  ? __pfx_dump_stack_lvl+0x10/0x10
[  510.722218][T17515]  ? __pfx__printk+0x10/0x10
[  510.722236][T17515]  ? __pfx___might_resched+0x10/0x10
[  510.722250][T17515]  ? fs_reclaim_acquire+0x7d/0x100
[  510.722270][T17515]  should_fail_ex+0x414/0x560
[  510.722292][T17515]  should_failslab+0xa8/0x100
[  510.722309][T17515]  __kmalloc_noprof+0xcb/0x4f0
[  510.722322][T17515]  ? tomoyo_encode+0x28b/0x550
[  510.722337][T17515]  tomoyo_encode+0x28b/0x550
[  510.722353][T17515]  tomoyo_realpath_from_path+0x58d/0x5d0
[  510.722375][T17515]  tomoyo_check_open_permission+0x1c1/0x3b0
[  510.722390][T17515]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  510.722404][T17515]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  510.722420][T17515]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  510.722435][T17515]  ? __x64_sys_openat+0x138/0x170
[  510.722468][T17515]  ? mnt_get_write_access+0x68/0x2a0
[  510.722481][T17515]  ? tomoyo_file_open+0x165/0x220
[  510.722497][T17515]  security_file_open+0xb1/0x270
[  510.722514][T17515]  do_dentry_open+0x35e/0x1970
[  510.722542][T17515]  vfs_open+0x3b/0x340
[  510.722558][T17515]  ? path_openat+0x2ecd/0x3830
[  510.722572][T17515]  path_openat+0x2ee5/0x3830
[  510.722583][T17515]  ? arch_stack_walk+0xfc/0x150
[  510.722642][T17515]  ? __pfx_path_openat+0x10/0x10
[  510.722653][T17515]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.722679][T17515]  do_filp_open+0x1fa/0x410
[  510.722690][T17515]  ? __lock_acquire+0xab9/0xd20
[  510.722704][T17515]  ? __pfx_do_filp_open+0x10/0x10
[  510.722739][T17515]  ? _raw_spin_unlock+0x28/0x50
[  510.722752][T17515]  ? alloc_fd+0x64c/0x6c0
[  510.722775][T17515]  do_sys_openat2+0x121/0x1c0
[  510.722788][T17515]  ? __pfx_do_sys_openat2+0x10/0x10
[  510.722800][T17515]  ? ksys_write+0x22a/0x250
[  510.722816][T17515]  ? __pfx_ksys_write+0x10/0x10
[  510.722828][T17515]  ? rcu_is_watching+0x15/0xb0
[  510.722844][T17515]  __x64_sys_openat+0x138/0x170
[  510.722859][T17515]  do_syscall_64+0xfa/0x3b0
[  510.722876][T17515]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.722886][T17515]  ? asm_sysvec_call_function_single+0x1a/0x20
[  510.722898][T17515]  ? clear_bhb_loop+0x60/0xb0
[  510.722912][T17515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.722923][T17515] RIP: 0033:0x7f03d3f8e929
[  510.722936][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.722946][T17515] RSP: 002b:00007f03d4ded038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  510.722963][T17515] RAX: ffffffffffffffda RBX: 00007f03d41b6080 RCX: 00007f03d3f8e929
[  510.722972][T17515] RDX: 000000000000275a RSI: 0000200000000200 RDI: 0000000000000006
[  510.722980][T17515] RBP: 00007f03d4ded090 R08: 0000000000000000 R09: 0000000000000000
[  510.722987][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  510.722994][T17515] R13: 0000000000000000 R14: 00007f03d41b6080 R15: 00007fff7a444a28
[  510.723013][T17515]  </TASK>
[  510.723031][T17515] ERROR: Out of memory at tomoyo_realpath_from_path.
[  511.158513][T17508] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.176691][T17519] xt_hashlimit: size too large, truncated to 1048576
[  511.352883][T17508] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.558910][T17508] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.681880][T17537] FAULT_INJECTION: forcing a failure.
[  511.681880][T17537] name failslab, interval 1, probability 0, space 0, times 0
[  511.766590][T17537] CPU: 1 UID: 0 PID: 17537 Comm: syz.3.3434 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  511.766622][T17537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  511.766634][T17537] Call Trace:
[  511.766642][T17537]  <TASK>
[  511.766651][T17537]  dump_stack_lvl+0x189/0x250
[  511.766681][T17537]  ? __pfx____ratelimit+0x10/0x10
[  511.766707][T17537]  ? __pfx_dump_stack_lvl+0x10/0x10
[  511.766737][T17537]  ? __pfx__printk+0x10/0x10
[  511.766768][T17537]  ? __pfx___might_resched+0x10/0x10
[  511.766792][T17537]  ? fs_reclaim_acquire+0x7d/0x100
[  511.766827][T17537]  should_fail_ex+0x414/0x560
[  511.766862][T17537]  should_failslab+0xa8/0x100
[  511.766892][T17537]  __kmalloc_noprof+0xcb/0x4f0
[  511.766915][T17537]  ? tomoyo_encode+0x28b/0x550
[  511.766967][T17537]  tomoyo_encode+0x28b/0x550
[  511.766994][T17537]  tomoyo_realpath_from_path+0x58d/0x5d0
[  511.767018][T17537]  ? tomoyo_domain+0xd9/0x130
[  511.767045][T17537]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  511.767073][T17537]  tomoyo_path_number_perm+0x1e8/0x5a0
[  511.767105][T17537]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  511.767154][T17537]  ? __lock_acquire+0xab9/0xd20
[  511.767201][T17537]  ? __fget_files+0x2a/0x420
[  511.767232][T17537]  ? __fget_files+0x2a/0x420
[  511.767256][T17537]  ? __fget_files+0x3a0/0x420
[  511.767281][T17537]  ? __fget_files+0x2a/0x420
[  511.767313][T17537]  security_file_ioctl+0xcb/0x2d0
[  511.767342][T17537]  __se_sys_ioctl+0x47/0x170
[  511.767369][T17537]  do_syscall_64+0xfa/0x3b0
[  511.767393][T17537]  ? lockdep_hardirqs_on+0x9c/0x150
[  511.767418][T17537]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.767437][T17537]  ? clear_bhb_loop+0x60/0xb0
[  511.767463][T17537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.767482][T17537] RIP: 0033:0x7f03d3f8e929
[  511.767500][T17537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.767517][T17537] RSP: 002b:00007f03d4e0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  511.767539][T17537] RAX: ffffffffffffffda RBX: 00007f03d41b5fa0 RCX: 00007f03d3f8e929
[  511.767553][T17537] RDX: 0000200000000000 RSI: 0000000000008b19 RDI: 0000000000000003
[  511.767566][T17537] RBP: 00007f03d4e0e090 R08: 0000000000000000 R09: 0000000000000000
[  511.767578][T17537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  511.767590][T17537] R13: 0000000000000000 R14: 00007f03d41b5fa0 R15: 00007fff7a444a28
[  511.767624][T17537]  </TASK>
[  511.767673][T17537] ERROR: Out of memory at tomoyo_realpath_from_path.
[  512.010485][T10335] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  512.051233][T17539] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3436'.
[  512.081016][T10335] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  512.114343][T10335] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  512.144945][T10335] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  512.295558][T17551] bond_slave_0: entered promiscuous mode
[  512.301380][T17551] bond_slave_1: entered promiscuous mode
[  512.307130][T17551] dummy0: entered promiscuous mode
[  512.346865][T17551] vlan2: entered promiscuous mode
[  512.365897][T17551] bond0: entered promiscuous mode
[  512.703977][T17563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  512.731407][T17565] FAULT_INJECTION: forcing a failure.
[  512.731407][T17565] name failslab, interval 1, probability 0, space 0, times 0
[  512.781964][T17565] CPU: 1 UID: 0 PID: 17565 Comm: syz.4.3443 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  512.781996][T17565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  512.782008][T17565] Call Trace:
[  512.782017][T17565]  <TASK>
[  512.782032][T17565]  dump_stack_lvl+0x189/0x250
[  512.782064][T17565]  ? __pfx____ratelimit+0x10/0x10
[  512.782090][T17565]  ? __pfx_dump_stack_lvl+0x10/0x10
[  512.782115][T17565]  ? __pfx__printk+0x10/0x10
[  512.782145][T17565]  ? __pfx___might_resched+0x10/0x10
[  512.782169][T17565]  ? fs_reclaim_acquire+0x7d/0x100
[  512.782204][T17565]  should_fail_ex+0x414/0x560
[  512.782240][T17565]  should_failslab+0xa8/0x100
[  512.782269][T17565]  __kmalloc_noprof+0xcb/0x4f0
[  512.782292][T17565]  ? tomoyo_encode+0x28b/0x550
[  512.782317][T17565]  tomoyo_encode+0x28b/0x550
[  512.782343][T17565]  tomoyo_realpath_from_path+0x58d/0x5d0
[  512.782379][T17565]  tomoyo_check_open_permission+0x1c1/0x3b0
[  512.782403][T17565]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  512.782426][T17565]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  512.782452][T17565]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  512.782477][T17565]  ? __x64_sys_openat+0x138/0x170
[  512.782536][T17565]  ? mnt_get_write_access+0x68/0x2a0
[  512.782557][T17565]  ? tomoyo_file_open+0x165/0x220
[  512.782586][T17565]  security_file_open+0xb1/0x270
[  512.782612][T17565]  do_dentry_open+0x35e/0x1970
[  512.782662][T17565]  vfs_open+0x3b/0x340
[  512.782698][T17565]  ? path_openat+0x2ecd/0x3830
[  512.782723][T17565]  path_openat+0x2ee5/0x3830
[  512.782742][T17565]  ? arch_stack_walk+0xfc/0x150
[  512.782808][T17565]  ? __pfx_path_openat+0x10/0x10
[  512.782828][T17565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.782875][T17565]  do_filp_open+0x1fa/0x410
[  512.782893][T17565]  ? __lock_acquire+0xab9/0xd20
[  512.782916][T17565]  ? __pfx_do_filp_open+0x10/0x10
[  512.782964][T17565]  ? _raw_spin_unlock+0x28/0x50
[  512.782986][T17565]  ? alloc_fd+0x64c/0x6c0
[  512.783026][T17565]  do_sys_openat2+0x121/0x1c0
[  512.783049][T17565]  ? __pfx_do_sys_openat2+0x10/0x10
[  512.783070][T17565]  ? ksys_write+0x22a/0x250
[  512.783097][T17565]  ? __pfx_ksys_write+0x10/0x10
[  512.783117][T17565]  ? rcu_is_watching+0x15/0xb0
[  512.783145][T17565]  __x64_sys_openat+0x138/0x170
[  512.783172][T17565]  do_syscall_64+0xfa/0x3b0
[  512.783197][T17565]  ? lockdep_hardirqs_on+0x9c/0x150
[  512.783221][T17565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.783239][T17565]  ? clear_bhb_loop+0x60/0xb0
[  512.783265][T17565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.783283][T17565] RIP: 0033:0x7fdae198e929
[  512.783303][T17565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  512.783321][T17565] RSP: 002b:00007fdae286c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  512.783344][T17565] RAX: ffffffffffffffda RBX: 00007fdae1bb5fa0 RCX: 00007fdae198e929
[  512.783359][T17565] RDX: 000000000000275a RSI: 0000200000000200 RDI: 0000000000000007
[  512.783372][T17565] RBP: 00007fdae286c090 R08: 0000000000000000 R09: 0000000000000000
[  512.783384][T17565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  512.783396][T17565] R13: 0000000000000000 R14: 00007fdae1bb5fa0 R15: 00007ffcb006bb08
[  512.783429][T17565]  </TASK>
[  512.784185][T17565] ERROR: Out of memory at tomoyo_realpath_from_path.
[  513.168585][T17582] FAULT_INJECTION: forcing a failure.
[  513.168585][T17582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  513.182690][T17578] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3451'.
[  513.226989][T17582] CPU: 1 UID: 0 PID: 17582 Comm: syz.1.3452 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  513.227021][T17582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  513.227033][T17582] Call Trace:
[  513.227042][T17582]  <TASK>
[  513.227050][T17582]  dump_stack_lvl+0x189/0x250
[  513.227081][T17582]  ? __pfx____ratelimit+0x10/0x10
[  513.227107][T17582]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.227131][T17582]  ? __pfx__printk+0x10/0x10
[  513.227159][T17582]  ? __might_fault+0xb0/0x130
[  513.227198][T17582]  should_fail_ex+0x414/0x560
[  513.227233][T17582]  _copy_from_user+0x2d/0xb0
[  513.227257][T17582]  wext_handle_ioctl+0xba/0x1c0
[  513.227291][T17582]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  513.227317][T17582]  ? __lock_acquire+0xab9/0xd20
[  513.227358][T17582]  sock_ioctl+0x15f/0x790
[  513.227384][T17582]  ? __pfx_sock_ioctl+0x10/0x10
[  513.227407][T17582]  ? __fget_files+0x2a/0x420
[  513.227434][T17582]  ? __fget_files+0x3a0/0x420
[  513.227460][T17582]  ? __fget_files+0x2a/0x420
[  513.227491][T17582]  ? bpf_lsm_file_ioctl+0x9/0x20
[  513.227514][T17582]  ? __pfx_sock_ioctl+0x10/0x10
[  513.227535][T17582]  __se_sys_ioctl+0xf9/0x170
[  513.227561][T17582]  do_syscall_64+0xfa/0x3b0
[  513.227586][T17582]  ? lockdep_hardirqs_on+0x9c/0x150
[  513.227610][T17582]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.227631][T17582]  ? clear_bhb_loop+0x60/0xb0
[  513.227656][T17582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.227676][T17582] RIP: 0033:0x7f2212f8e929
[  513.227704][T17582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.227720][T17582] RSP: 002b:00007f2213d3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  513.227743][T17582] RAX: ffffffffffffffda RBX: 00007f22131b5fa0 RCX: 00007f2212f8e929
[  513.227759][T17582] RDX: 0000200000000000 RSI: 0000000000008b19 RDI: 0000000000000003
[  513.227771][T17582] RBP: 00007f2213d3f090 R08: 0000000000000000 R09: 0000000000000000
[  513.227783][T17582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.227795][T17582] R13: 0000000000000000 R14: 00007f22131b5fa0 R15: 00007ffe9e7cd468
[  513.227829][T17582]  </TASK>
[  513.884918][T17594] 8021q: VLANs not supported on vcan0
[  514.326050][T17602] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  514.537578][T17628] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.3470'.
[  514.562474][T17629] xt_hashlimit: size too large, truncated to 1048576
[  514.945347][T17639] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3474'.
[  515.280944][T17645] vlan2: entered promiscuous mode
[  515.286832][T17645] bond0: entered promiscuous mode
[  515.292069][T17645] bond_slave_0: entered promiscuous mode
[  515.298245][T17645] bond_slave_1: entered promiscuous mode
[  515.312573][T17645] mac80211_hwsim hwsim32 wlan1: entered promiscuous mode
[  516.227264][T17682] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3490'.
[  516.258618][T17687] xt_hashlimit: size too large, truncated to 1048576
[  516.870961][T17706] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3500'.
[  517.001709][T17710] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3503'.
[  517.120462][T17713] netlink: 'syz.2.3502': attribute type 13 has an invalid length.
[  517.143331][T17713] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3502'.
[  517.228385][T17715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3502'.
[  517.281867][T17717] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3505'.
[  517.317122][T17715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  517.371294][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056324c00: rx timeout, send abort
[  517.379208][T17715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  517.380003][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888056324c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  517.403773][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056324400: rx timeout, send abort
[  517.412097][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056324000: rx timeout, send abort
[  517.421411][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888056324000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  517.435934][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888056324400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  517.479229][T17720] FAULT_INJECTION: forcing a failure.
[  517.479229][T17720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  517.503397][T17720] CPU: 1 UID: 0 PID: 17720 Comm: syz.1.3506 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  517.503428][T17720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  517.503442][T17720] Call Trace:
[  517.503450][T17720]  <TASK>
[  517.503459][T17720]  dump_stack_lvl+0x189/0x250
[  517.503490][T17720]  ? __pfx____ratelimit+0x10/0x10
[  517.503517][T17720]  ? __pfx_dump_stack_lvl+0x10/0x10
[  517.503542][T17720]  ? __pfx__printk+0x10/0x10
[  517.503587][T17720]  should_fail_ex+0x414/0x560
[  517.503624][T17720]  _copy_to_user+0x31/0xb0
[  517.503652][T17720]  simple_read_from_buffer+0xe1/0x170
[  517.503685][T17720]  proc_fail_nth_read+0x1df/0x250
[  517.503718][T17720]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  517.503752][T17720]  ? rw_verify_area+0x258/0x650
[  517.503775][T17720]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  517.503806][T17720]  vfs_read+0x200/0x980
[  517.503836][T17720]  ? __pfx___mutex_lock+0x10/0x10
[  517.503873][T17720]  ? __pfx_vfs_read+0x10/0x10
[  517.503899][T17720]  ? __fget_files+0x2a/0x420
[  517.503947][T17720]  ? __fget_files+0x3a0/0x420
[  517.504011][T17720]  ? __fget_files+0x2a/0x420
[  517.504058][T17720]  ksys_read+0x145/0x250
[  517.504100][T17720]  ? __pfx_ksys_read+0x10/0x10
[  517.504126][T17720]  ? rcu_is_watching+0x15/0xb0
[  517.504163][T17720]  ? do_syscall_64+0xbe/0x3b0
[  517.504196][T17720]  do_syscall_64+0xfa/0x3b0
[  517.504226][T17720]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.504265][T17720]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.504290][T17720]  ? clear_bhb_loop+0x60/0xb0
[  517.504321][T17720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.504346][T17720] RIP: 0033:0x7f2212f8d33c
[  517.504365][T17720] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  517.504383][T17720] RSP: 002b:00007f2213d3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  517.504405][T17720] RAX: ffffffffffffffda RBX: 00007f22131b5fa0 RCX: 00007f2212f8d33c
[  517.504420][T17720] RDX: 000000000000000f RSI: 00007f2213d3f0a0 RDI: 0000000000000005
[  517.504433][T17720] RBP: 00007f2213d3f090 R08: 0000000000000000 R09: 0000000000000000
[  517.504445][T17720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  517.504457][T17720] R13: 0000000000000000 R14: 00007f22131b5fa0 R15: 00007ffe9e7cd468
[  517.504492][T17720]  </TASK>
[  517.881007][T17728] batman_adv: batadv0: Adding interface: ip6gretap1
[  517.895058][T17728] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  517.980085][T17728] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  518.098354][T17737] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3513'.
[  518.199809][T17740] xt_hashlimit: size too large, truncated to 1048576
[  518.273543][T17751] FAULT_INJECTION: forcing a failure.
[  518.273543][T17751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  518.321457][T17751] CPU: 1 UID: 0 PID: 17751 Comm: syz.3.3517 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  518.321490][T17751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  518.321502][T17751] Call Trace:
[  518.321510][T17751]  <TASK>
[  518.321519][T17751]  dump_stack_lvl+0x189/0x250
[  518.321549][T17751]  ? __pfx____ratelimit+0x10/0x10
[  518.321576][T17751]  ? __pfx_dump_stack_lvl+0x10/0x10
[  518.321600][T17751]  ? __pfx__printk+0x10/0x10
[  518.321651][T17751]  should_fail_ex+0x414/0x560
[  518.321688][T17751]  _copy_to_user+0x31/0xb0
[  518.321715][T17751]  simple_read_from_buffer+0xe1/0x170
[  518.321747][T17751]  proc_fail_nth_read+0x1df/0x250
[  518.321780][T17751]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  518.321813][T17751]  ? rw_verify_area+0x258/0x650
[  518.321836][T17751]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  518.321867][T17751]  vfs_read+0x200/0x980
[  518.321897][T17751]  ? __pfx___mutex_lock+0x10/0x10
[  518.321926][T17751]  ? __pfx_vfs_read+0x10/0x10
[  518.321952][T17751]  ? __fget_files+0x2a/0x420
[  518.321985][T17751]  ? __fget_files+0x3a0/0x420
[  518.322011][T17751]  ? __fget_files+0x2a/0x420
[  518.322050][T17751]  ksys_read+0x145/0x250
[  518.322077][T17751]  ? __pfx_ksys_read+0x10/0x10
[  518.322097][T17751]  ? rcu_is_watching+0x15/0xb0
[  518.322128][T17751]  ? do_syscall_64+0xbe/0x3b0
[  518.322160][T17751]  do_syscall_64+0xfa/0x3b0
[  518.322184][T17751]  ? lockdep_hardirqs_on+0x9c/0x150
[  518.322207][T17751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.322227][T17751]  ? clear_bhb_loop+0x60/0xb0
[  518.322252][T17751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.322272][T17751] RIP: 0033:0x7f03d3f8d33c
[  518.322291][T17751] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  518.322309][T17751] RSP: 002b:00007f03d4e0e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  518.322331][T17751] RAX: ffffffffffffffda RBX: 00007f03d41b5fa0 RCX: 00007f03d3f8d33c
[  518.322346][T17751] RDX: 000000000000000f RSI: 00007f03d4e0e0a0 RDI: 0000000000000008
[  518.322359][T17751] RBP: 00007f03d4e0e090 R08: 0000000000000000 R09: 0000000000000000
[  518.322371][T17751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.322419][T17751] R13: 0000000000000000 R14: 00007f03d41b5fa0 R15: 00007fff7a444a28
[  518.322454][T17751]  </TASK>
[  518.890453][T17755] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3519'.
[  518.933163][T17760] netlink: 272 bytes leftover after parsing attributes in process `syz.3.3520'.
[  519.427758][T17784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3528'.
[  519.872151][T17793] bond_slave_0: entered promiscuous mode
[  519.877971][T17793] bond_slave_1: entered promiscuous mode
[  519.907178][T17798] xt_hashlimit: size too large, truncated to 1048576
[  519.915636][T17793] vlan2: entered promiscuous mode
[  519.935740][T17793] bond0: entered promiscuous mode
[  520.805498][T17814] IPv6: addrconf: prefix option has invalid lifetime
[  521.073283][T17825] openvswitch: netlink: Flow actions attr not present in new flow.
[  521.220378][T17830] bond_slave_0: entered promiscuous mode
[  521.226403][T17830] bond_slave_1: entered promiscuous mode
[  521.281714][T17830] vlan2: entered promiscuous mode
[  521.297308][T17830] bond0: entered promiscuous mode
[  521.510409][T17836] __nla_validate_parse: 4 callbacks suppressed
[  521.510430][T17836] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3547'.
[  521.756930][T17843] xt_hashlimit: size too large, truncated to 1048576
[  521.822817][T17847] netlink: 264 bytes leftover after parsing attributes in process `syz.4.3550'.
[  523.054681][T17880] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3559'.
[  523.074352][T17881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3558'.
[  523.143153][T17882] xt_CT: You must specify a L4 protocol and not use inversions on it
[  523.264907][T17888] netlink: 264 bytes leftover after parsing attributes in process `syz.4.3562'.
[  523.456185][T17884] bond_slave_0: entered promiscuous mode
[  523.462055][T17884] bond_slave_1: entered promiscuous mode
[  523.489808][T17884] vlan2: entered promiscuous mode
[  523.495679][T17884] bond0: entered promiscuous mode
[  523.863711][T17895] 8021q: adding VLAN 0 to HW filter on device bond1
[  523.873317][T17895] bond1: entered promiscuous mode
[  523.879959][T17895] bond0: (slave bond1): Enslaving as an active interface with an up link
[  523.979322][T17906] xt_hashlimit: size too large, truncated to 1048576
[  524.577930][T17920] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3574'.
[  524.589150][T17920] netlink: 'syz.0.3574': attribute type 7 has an invalid length.
[  524.597172][T17920] netlink: 'syz.0.3574': attribute type 8 has an invalid length.
[  524.605086][T17920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3574'.
[  524.902350][T17925] vlan2: entered promiscuous mode
[  525.006200][T17938] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3578'.
[  525.402162][T17955] xt_hashlimit: size too large, truncated to 1048576
[  525.604217][T17966] netlink: 'syz.0.3591': attribute type 1 has an invalid length.
[  525.644270][T17966] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3591'.
[  526.280517][T17980] vlan2: entered promiscuous mode
[  526.316084][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3595'.
[  526.714890][T17972] infiniband syz0: set down
[  526.731996][T17972] infiniband syz0: added ipvlan1
[  526.762334][T17972] syz0: rxe_create_cq: returned err = -12
[  526.785605][T18001] __nla_validate_parse: 1 callbacks suppressed
[  526.785627][T18001] netlink: 212364 bytes leftover after parsing attributes in process `syz.3.3602'.
[  526.805596][T17972] infiniband syz0: Couldn't create ib_mad CQ
[  526.818117][T17972] infiniband syz0: Couldn't open port 1
[  526.830588][T18001] openvswitch: netlink: Message has 5 unknown bytes.
[  526.889814][T17972] RDS/IB: syz0: added
[  526.894396][T17972] smc: adding ib device syz0 with port count 1
[  526.914394][T17972] smc:    ib device syz0 port 1 has pnetid SYZ2 (user defined)
[  527.025264][T18006] xt_hashlimit: size too large, truncated to 1048576
[  528.035445][T18029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3610'.
[  528.085213][T18029] batadv0: entered promiscuous mode
[  528.104697][T18029] macvtap1: entered promiscuous mode
[  528.117259][T18029] macvtap1: entered allmulticast mode
[  528.126735][T18029] batadv0: entered allmulticast mode
[  528.145155][T18029] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  528.164136][T18033] vlan2: entered promiscuous mode
[  528.225918][T18038] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3613'.
[  528.449017][T18044] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  528.773605][T18057] xt_hashlimit: size too large, truncated to 1048576
[  529.317762][ T5850] Bluetooth: hci4: command 0x041b tx timeout
[  529.663448][T18080] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3628'.
[  529.689671][T18079] vlan2: entered promiscuous mode
[  529.699092][T18082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3629'.
[  530.007477][T18089] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3632'.
[  530.064279][T18089] hsr0: entered allmulticast mode
[  530.109691][T18089] hsr_slave_0: entered allmulticast mode
[  530.133519][T18089] hsr_slave_1: entered allmulticast mode
[  530.227551][T18097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3634'.
[  530.477005][T18103] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3629'.
[  530.576149][T18103] netlink: 'syz.1.3629': attribute type 12 has an invalid length.
[  530.871155][T18113] xt_hashlimit: size too large, truncated to 1048576
[  532.257572][T18134] netlink: 176 bytes leftover after parsing attributes in process `syz.2.3647'.
[  532.689059][T18149] tc_dump_action: action bad kind
[  532.713538][T18147] xt_hashlimit: size too large, truncated to 1048576
[  533.695703][T18170] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3657'.
[  533.957875][T18188] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  534.081707][T18176] wireguard0: entered promiscuous mode
[  534.095520][T18176] wireguard0: entered allmulticast mode
[  534.264488][T18195] x_tables: duplicate underflow at hook 4
[  534.439620][ T5850] Bluetooth: hci2: command 0x0406 tx timeout
[  534.457836][T18202] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  534.554749][T18206] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3668'.
[  534.601347][T18208] xt_hashlimit: size too large, truncated to 1048576
[  534.655362][T18206] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3668'.
[  534.770996][T18210] xt_cluster: you have exceeded the maximum number of cluster nodes (514 > 32)
[  534.856780][T18218] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3673'.
[  535.370973][T18237] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3681'.
[  535.647322][T18247] 8021q: VLANs not supported on sit0
[  535.752022][T18249] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3687'.
[  535.813538][T18253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3688'.
[  536.311459][T18275] xt_hashlimit: size too large, truncated to 1048576
[  536.527426][T18278] netlink: 'syz.2.3696': attribute type 4 has an invalid length.
[  536.555696][T18278] netlink: 'syz.2.3696': attribute type 4 has an invalid length.
[  537.086511][T18294] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3701'.
[  537.183478][T18297] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3702'.
[  537.551039][T18307] vlan2: entered promiscuous mode
[  537.793856][T18313] netlink: 'syz.3.3708': attribute type 1 has an invalid length.
[  537.953266][T18326] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3712'.
[  537.967140][T18315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3709'.
[  537.976066][T18315] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  538.010927][T18315] batman_adv: batadv0: Removing interface: batadv_slave_0
[  538.040632][T18326] block nbd2: shutting down sockets
[  538.045225][T18315] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  538.071006][T18326] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3712'.
[  538.080254][T18315] batman_adv: batadv0: Removing interface: batadv_slave_1
[  538.116487][T18331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3713'.
[  538.126260][T18331] netlink: 'syz.0.3713': attribute type 5 has an invalid length.
[  538.212352][T18331] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3713'.
[  538.340620][T18331] geneve2: entered promiscuous mode
[  538.366237][T18331] geneve2: entered allmulticast mode
[  538.388496][T10335] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  538.408940][T10335] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  538.437168][T10335] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  538.450731][T10335] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  538.479083][T18338] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3715'.
[  538.505444][T18336] xt_hashlimit: size too large, truncated to 1048576
[  538.793492][T18345] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  538.813669][T18345] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  538.876404][T18352] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3719'.
[  539.240942][T18361] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3722'.
[  539.532218][T18373] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3726'.
[  539.656749][T18377] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3728'.
[  539.692078][T18373] block nbd2: shutting down sockets
[  539.905620][T18386] tls_set_device_offload_rx: netdev not found
[  540.130787][T18391] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  540.196817][T18395] syz_tun: entered promiscuous mode
[  541.006833][T18422] block nbd2: server does not support multiple connections per device.
[  541.015407][T18431] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  541.056721][T18422] block nbd2: shutting down sockets
[  541.160270][T18436] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  541.343982][T18441] netlink: 'syz.2.3752': attribute type 21 has an invalid length.
[  541.361995][T18441] netlink: 'syz.2.3752': attribute type 5 has an invalid length.
[  541.435766][T18443] syzkaller1: entered promiscuous mode
[  541.457330][T18443] syzkaller1: entered allmulticast mode
[  541.595343][T18449] vlan2: entered promiscuous mode
[  541.951683][T18464] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  542.091987][T18464] batman_adv: batadv0: Removing interface: batadv_slave_1
[  542.346750][T18473] block nbd2: server does not support multiple connections per device.
[  542.374497][T18473] block nbd2: shutting down sockets
[  543.453644][T18508] xt_hashlimit: size too large, truncated to 1048576
[  543.540144][T18519] __nla_validate_parse: 15 callbacks suppressed
[  543.540168][T18519] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3781'.
[  543.626845][T18514] block nbd2: server does not support multiple connections per device.
[  543.646043][T18514] block nbd2: shutting down sockets
[  543.950205][T18531] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3784'.
[  543.974785][T18533] xt_hashlimit: size too large, truncated to 1048576
[  543.996825][T18533] xt_hashlimit: overflow, try lower: 3/0
[  544.036985][T18541] netlink: 308 bytes leftover after parsing attributes in process `syz.4.3786'.
[  544.037792][T18535] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3784'.
[  544.328193][T18552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3789'.
[  544.844541][T18552] bridge_slave_1: left allmulticast mode
[  544.866564][T18552] bridge_slave_1: left promiscuous mode
[  544.883764][T18552] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.908094][T18572] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3796'.
[  544.909078][T18552] bridge_slave_0: left allmulticast mode
[  544.923656][T18552] bridge_slave_0: left promiscuous mode
[  544.930114][T18552] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.294851][T18585] netlink: 308 bytes leftover after parsing attributes in process `syz.2.3801'.
[  545.351738][T18587] netlink: 'syz.4.3800': attribute type 7 has an invalid length.
[  545.376527][T18587] netlink: 'syz.4.3800': attribute type 8 has an invalid length.
[  545.384312][T18587] netlink: 'syz.4.3800': attribute type 15 has an invalid length.
[  545.504880][T18589] xt_hashlimit: size too large, truncated to 1048576
[  545.608797][T18594] bond0: (slave bond1): Error -95 calling ndo_bpf
[  545.650192][T18594] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3803'.
[  545.813845][T18591] rdma_rxe: rxe_newlink: failed to add lo
[  546.297730][T18609] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3807'.
[  546.325763][T18609] vlan2: entered promiscuous mode
[  546.366960][T18609] ip6gretap0: entered promiscuous mode
[  546.480779][T18614] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3808'.
[  546.496714][T18611] block nbd2: server does not support multiple connections per device.
[  546.544414][T18611] block nbd2: shutting down sockets
[  546.758687][T18619] vlan2: entered promiscuous mode
[  546.929764][T18627] netlink: 'syz.2.3814': attribute type 1 has an invalid length.
[  547.601548][T18656] lo speed is unknown, defaulting to 1000
[  547.643068][T18656] lo speed is unknown, defaulting to 1000
[  547.670064][T18656] lo speed is unknown, defaulting to 1000
[  547.709889][T18656] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  547.937678][T18656] lo speed is unknown, defaulting to 1000
[  547.945915][T18656] lo speed is unknown, defaulting to 1000
[  547.960151][T18664] vlan2: entered promiscuous mode
[  548.032113][T18656] lo speed is unknown, defaulting to 1000
[  548.072281][T18666] mac80211_hwsim hwsim29 wlan1: entered allmulticast mode
[  548.090740][T18656] lo speed is unknown, defaulting to 1000
[  548.100953][T18656] lo speed is unknown, defaulting to 1000
[  548.138974][T18656] lo speed is unknown, defaulting to 1000
[  548.318610][T18680] tipc: Started in network mode
[  548.323550][T18680] tipc: Node identity be51b20a0d0d, cluster identity 4711
[  548.340696][T18680] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  548.348457][T18689] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  548.384671][T18676] tipc: Disabling bearer <eth:syzkaller0>
[  548.677403][T18696] __nla_validate_parse: 7 callbacks suppressed
[  548.677423][T18696] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3837'.
[  548.942251][T18710] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3843'.
[  549.162337][T18709] vlan2: entered promiscuous mode
[  549.413882][T18722] netlink: 300 bytes leftover after parsing attributes in process `syz.4.3847'.
[  549.432592][T18723] 8021q: VLANs not supported on nlmon0
[  549.515019][T18690] lo speed is unknown, defaulting to 1000
[  549.635885][T18730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3849'.
[  549.660768][T18731] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3850'.
[  549.680708][T18730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3849'.
[  549.864755][T18729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3832'.
[  550.469186][T18684] lo speed is unknown, defaulting to 1000
[  550.634229][T18757] netlink: 292 bytes leftover after parsing attributes in process `syz.4.3858'.
[  550.914492][T18761] netlink: 'syz.0.3860': attribute type 17 has an invalid length.
[  551.010370][T18761] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  551.293980][T18770] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3863'.
[  551.322425][T18765] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3860'.
[  551.372483][T18765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.477439][T18765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.529621][T18775] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  551.530115][T10340] bond0: (slave bond_slave_0): interface is now down
[  551.573523][T18765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.575589][T10340] bond0: (slave bond_slave_1): interface is now down
[  551.606238][T10340] bond0: (slave bond1): interface is now down
[  551.624634][T10340] bond0: now running without any active interface!
[  551.922298][T18788] netlink: 'syz.3.3870': attribute type 1 has an invalid length.
[  552.254703][T18759] bridge2: entered promiscuous mode
[  552.260231][T18759] bridge2: entered allmulticast mode
[  552.288637][T18755] lo speed is unknown, defaulting to 1000
[  552.813769][T18761] lo speed is unknown, defaulting to 1000
[  553.542940][T18833] FAULT_INJECTION: forcing a failure.
[  553.542940][T18833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  553.618897][T18833] CPU: 0 UID: 0 PID: 18833 Comm: syz.0.3885 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  553.618929][T18833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  553.618942][T18833] Call Trace:
[  553.618950][T18833]  <TASK>
[  553.618959][T18833]  dump_stack_lvl+0x189/0x250
[  553.618989][T18833]  ? __pfx____ratelimit+0x10/0x10
[  553.619015][T18833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  553.619039][T18833]  ? __pfx__printk+0x10/0x10
[  553.619067][T18833]  ? __might_fault+0xb0/0x130
[  553.619106][T18833]  should_fail_ex+0x414/0x560
[  553.619142][T18833]  _copy_from_user+0x2d/0xb0
[  553.619168][T18833]  do_ip6t_set_ctl+0x69f/0xce0
[  553.619208][T18833]  ? rcu_is_watching+0x15/0xb0
[  553.619232][T18833]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  553.619285][T18833]  ? __pfx___mutex_lock+0x10/0x10
[  553.619313][T18833]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  553.619347][T18833]  ? aa_sk_perm+0x81e/0x950
[  553.619381][T18833]  ? __pfx_aa_sk_perm+0x10/0x10
[  553.619417][T18833]  nf_setsockopt+0x26c/0x290
[  553.619451][T18833]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  553.619479][T18833]  do_sock_setsockopt+0x257/0x3e0
[  553.619514][T18833]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  553.619549][T18833]  ? __fget_files+0x2a/0x420
[  553.619585][T18833]  __x64_sys_setsockopt+0x18b/0x220
[  553.619622][T18833]  do_syscall_64+0xfa/0x3b0
[  553.619647][T18833]  ? lockdep_hardirqs_on+0x9c/0x150
[  553.619672][T18833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.619692][T18833]  ? clear_bhb_loop+0x60/0xb0
[  553.619718][T18833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.619737][T18833] RIP: 0033:0x7ff0f8b8e929
[  553.619756][T18833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  553.619772][T18833] RSP: 002b:00007ff0f9a79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  553.619795][T18833] RAX: ffffffffffffffda RBX: 00007ff0f8db5fa0 RCX: 00007ff0f8b8e929
[  553.619810][T18833] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  553.619822][T18833] RBP: 00007ff0f9a79090 R08: 00000000000004d8 R09: 0000000000000000
[  553.619835][T18833] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[  553.619847][T18833] R13: 0000000000000000 R14: 00007ff0f8db5fa0 R15: 00007ffc8efdbdf8
[  553.619881][T18833]  </TASK>
[  553.908350][T18836] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  554.300542][T18844] netlink: 'syz.1.3891': attribute type 1 has an invalid length.
[  554.523093][T18849] bond2: (slave gretap1): making interface the new active one
[  554.552324][T18849] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  554.705556][T18858] __nla_validate_parse: 7 callbacks suppressed
[  554.705578][T18858] netlink: 292 bytes leftover after parsing attributes in process `syz.2.3895'.
[  554.728055][T18855] block nbd2: server does not support multiple connections per device.
[  554.730937][T18859] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3893'.
[  554.817424][T18855] block nbd2: shutting down sockets
[  554.849799][T18865] FAULT_INJECTION: forcing a failure.
[  554.849799][T18865] name failslab, interval 1, probability 0, space 0, times 0
[  554.890031][T18865] CPU: 0 UID: 0 PID: 18865 Comm: syz.3.3898 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  554.890063][T18865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  554.890075][T18865] Call Trace:
[  554.890084][T18865]  <TASK>
[  554.890092][T18865]  dump_stack_lvl+0x189/0x250
[  554.890124][T18865]  ? __pfx____ratelimit+0x10/0x10
[  554.890149][T18865]  ? __pfx_dump_stack_lvl+0x10/0x10
[  554.890174][T18865]  ? __pfx__printk+0x10/0x10
[  554.890209][T18865]  ? __pfx___might_resched+0x10/0x10
[  554.890230][T18865]  ? fs_reclaim_acquire+0x7d/0x100
[  554.890265][T18865]  should_fail_ex+0x414/0x560
[  554.890299][T18865]  ? xt_alloc_table_info+0x3b/0xa0
[  554.890317][T18865]  should_failslab+0xa8/0x100
[  554.890346][T18865]  __kvmalloc_node_noprof+0x161/0x5f0
[  554.890372][T18865]  ? xt_alloc_table_info+0x3b/0xa0
[  554.890398][T18865]  xt_alloc_table_info+0x3b/0xa0
[  554.890417][T18865]  do_ip6t_set_ctl+0x88a/0xce0
[  554.890455][T18865]  ? rcu_is_watching+0x15/0xb0
[  554.890479][T18865]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  554.890532][T18865]  ? __pfx___mutex_lock+0x10/0x10
[  554.890557][T18865]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  554.890582][T18865]  ? aa_sk_perm+0x81e/0x950
[  554.890616][T18865]  ? __pfx_aa_sk_perm+0x10/0x10
[  554.890660][T18865]  nf_setsockopt+0x26c/0x290
[  554.890694][T18865]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  554.890720][T18865]  do_sock_setsockopt+0x257/0x3e0
[  554.890755][T18865]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  554.890799][T18865]  ? __fget_files+0x2a/0x420
[  554.890837][T18865]  __x64_sys_setsockopt+0x18b/0x220
[  554.890872][T18865]  do_syscall_64+0xfa/0x3b0
[  554.890897][T18865]  ? lockdep_hardirqs_on+0x9c/0x150
[  554.890921][T18865]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.890940][T18865]  ? clear_bhb_loop+0x60/0xb0
[  554.890966][T18865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.890985][T18865] RIP: 0033:0x7f03d3f8e929
[  554.891004][T18865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.891021][T18865] RSP: 002b:00007f03d4e0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  554.891044][T18865] RAX: ffffffffffffffda RBX: 00007f03d41b5fa0 RCX: 00007f03d3f8e929
[  554.891057][T18865] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  554.891069][T18865] RBP: 00007f03d4e0e090 R08: 00000000000004d8 R09: 0000000000000000
[  554.891082][T18865] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[  554.891093][T18865] R13: 0000000000000000 R14: 00007f03d41b5fa0 R15: 00007fff7a444a28
[  554.891125][T18865]  </TASK>
[  555.253277][T18869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3899'.
[  555.591161][T18880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3902'.
[  555.782928][T18895] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  555.864587][T18895] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  555.920512][T18892] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  555.941661][T18892] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  556.054524][T18910] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3909'.
[  556.081146][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3911'.
[  556.487518][T18923] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3914'.
[  556.524480][T18896] lo speed is unknown, defaulting to 1000
[  556.536793][T18921] block nbd2: server does not support multiple connections per device.
[  556.545243][T18921] block nbd2: shutting down sockets
[  557.017663][T18932] netlink: 'syz.4.3918': attribute type 13 has an invalid length.
[  557.025567][T18932] netlink: 'syz.4.3918': attribute type 17 has an invalid length.
[  557.193185][T18941] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3922'.
[  557.202533][T18942] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3920'.
[  557.214582][T18932] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  557.393712][T18949] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3923'.
[  557.414007][T18931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.456769][T18950] netlink: 'syz.0.3925': attribute type 1 has an invalid length.
[  557.544721][T18931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.644918][T18931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.690092][T18956] vlan2: entered promiscuous mode
[  557.965635][T18965] FAULT_INJECTION: forcing a failure.
[  557.965635][T18965] name failslab, interval 1, probability 0, space 0, times 0
[  557.985640][T18965] CPU: 1 UID: 0 PID: 18965 Comm: syz.3.3932 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  557.985672][T18965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  557.985684][T18965] Call Trace:
[  557.985693][T18965]  <TASK>
[  557.985702][T18965]  dump_stack_lvl+0x189/0x250
[  557.985732][T18965]  ? __pfx____ratelimit+0x10/0x10
[  557.985768][T18965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  557.985793][T18965]  ? __pfx__printk+0x10/0x10
[  557.985827][T18965]  ? __pfx___might_resched+0x10/0x10
[  557.985857][T18965]  should_fail_ex+0x414/0x560
[  557.985892][T18965]  ? translate_table+0x19b/0x2040
[  557.985919][T18965]  should_failslab+0xa8/0x100
[  557.985948][T18965]  __kvmalloc_node_noprof+0x161/0x5f0
[  557.985975][T18965]  ? translate_table+0x19b/0x2040
[  557.986010][T18965]  translate_table+0x19b/0x2040
[  557.986055][T18965]  ? __lock_acquire+0xab9/0xd20
[  557.986082][T18965]  ? __pfx_translate_table+0x10/0x10
[  557.986114][T18965]  ? __might_fault+0xb0/0x130
[  557.986159][T18965]  ? _copy_from_user+0x94/0xb0
[  557.986187][T18965]  do_ip6t_set_ctl+0x970/0xce0
[  557.986222][T18965]  ? rcu_is_watching+0x15/0xb0
[  557.986244][T18965]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  557.986308][T18965]  ? __pfx___mutex_lock+0x10/0x10
[  557.986335][T18965]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  557.986359][T18965]  ? aa_sk_perm+0x81e/0x950
[  557.986390][T18965]  ? __pfx_aa_sk_perm+0x10/0x10
[  557.986425][T18965]  nf_setsockopt+0x26c/0x290
[  557.986458][T18965]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  557.986487][T18965]  do_sock_setsockopt+0x257/0x3e0
[  557.986521][T18965]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  557.986555][T18965]  ? __fget_files+0x2a/0x420
[  557.986593][T18965]  __x64_sys_setsockopt+0x18b/0x220
[  557.986630][T18965]  do_syscall_64+0xfa/0x3b0
[  557.986656][T18965]  ? lockdep_hardirqs_on+0x9c/0x150
[  557.986679][T18965]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.986699][T18965]  ? clear_bhb_loop+0x60/0xb0
[  557.986724][T18965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.986743][T18965] RIP: 0033:0x7f03d3f8e929
[  557.986762][T18965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.986779][T18965] RSP: 002b:00007f03d4e0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  557.986802][T18965] RAX: ffffffffffffffda RBX: 00007f03d41b5fa0 RCX: 00007f03d3f8e929
[  557.986817][T18965] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  557.986829][T18965] RBP: 00007f03d4e0e090 R08: 00000000000004d8 R09: 0000000000000000
[  557.986842][T18965] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[  557.986854][T18965] R13: 0000000000000000 R14: 00007f03d41b5fa0 R15: 00007fff7a444a28
[  557.986887][T18965]  </TASK>
[  557.994654][T18963] block nbd2: server does not support multiple connections per device.
[  558.279607][T18963] block nbd2: shutting down sockets
[  558.394853][T18930] lo speed is unknown, defaulting to 1000
[  558.664240][T18983] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  559.010875][T19000] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  559.036273][T19000] FAULT_INJECTION: forcing a failure.
[  559.036273][T19000] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.108761][T19000] CPU: 0 UID: 0 PID: 19000 Comm: syz.4.3946 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  559.108794][T19000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  559.108806][T19000] Call Trace:
[  559.108815][T19000]  <TASK>
[  559.108823][T19000]  dump_stack_lvl+0x189/0x250
[  559.108854][T19000]  ? __pfx____ratelimit+0x10/0x10
[  559.108880][T19000]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.108905][T19000]  ? __pfx__printk+0x10/0x10
[  559.108948][T19000]  should_fail_ex+0x414/0x560
[  559.108984][T19000]  _copy_to_user+0x31/0xb0
[  559.109012][T19000]  simple_read_from_buffer+0xe1/0x170
[  559.109050][T19000]  proc_fail_nth_read+0x1df/0x250
[  559.109084][T19000]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  559.109118][T19000]  ? rw_verify_area+0x258/0x650
[  559.109141][T19000]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  559.109172][T19000]  vfs_read+0x200/0x980
[  559.109203][T19000]  ? __pfx___mutex_lock+0x10/0x10
[  559.109230][T19000]  ? __pfx_vfs_read+0x10/0x10
[  559.109256][T19000]  ? __fget_files+0x2a/0x420
[  559.109289][T19000]  ? __fget_files+0x3a0/0x420
[  559.109314][T19000]  ? __fget_files+0x2a/0x420
[  559.109351][T19000]  ksys_read+0x145/0x250
[  559.109378][T19000]  ? __pfx_ksys_read+0x10/0x10
[  559.109398][T19000]  ? rcu_is_watching+0x15/0xb0
[  559.109430][T19000]  ? do_syscall_64+0xbe/0x3b0
[  559.109461][T19000]  do_syscall_64+0xfa/0x3b0
[  559.109486][T19000]  ? lockdep_hardirqs_on+0x9c/0x150
[  559.109510][T19000]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.109530][T19000]  ? clear_bhb_loop+0x60/0xb0
[  559.109555][T19000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.109575][T19000] RIP: 0033:0x7fdae198d33c
[  559.109594][T19000] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  559.109620][T19000] RSP: 002b:00007fdae286c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  559.109643][T19000] RAX: ffffffffffffffda RBX: 00007fdae1bb5fa0 RCX: 00007fdae198d33c
[  559.109658][T19000] RDX: 000000000000000f RSI: 00007fdae286c0a0 RDI: 0000000000000004
[  559.109671][T19000] RBP: 00007fdae286c090 R08: 0000000000000000 R09: 0000000000000000
[  559.109683][T19000] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[  559.109695][T19000] R13: 0000000000000000 R14: 00007fdae1bb5fa0 R15: 00007ffcb006bb08
[  559.109729][T19000]  </TASK>
[  559.637766][T19007] block nbd2: server does not support multiple connections per device.
[  559.657268][T19007] block nbd2: shutting down sockets
[  559.786027][T19012] __nla_validate_parse: 7 callbacks suppressed
[  559.786051][T19012] netlink: 308 bytes leftover after parsing attributes in process `syz.0.3951'.
[  559.883325][T19017] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3950'.
[  560.038627][ T5850] Bluetooth: hci3: command 0x0406 tx timeout
[  560.195709][T19030] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3956'.
[  560.208929][T19034] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3953'.
[  560.218520][T19032] tipc: Started in network mode
[  560.225933][T19032] tipc: Node identity ac1414aa, cluster identity 4711
[  560.245783][T19032] tipc: New replicast peer: 255.255.255.255
[  560.267007][T19032] tipc: Enabled bearer <udp:syz2>, priority 10
[  560.283909][T19035] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3958'.
[  560.313329][T19035] tipc: Disabling bearer <udp:syz2>
[  560.558595][T19050] netlink: 308 bytes leftover after parsing attributes in process `syz.0.3963'.
[  560.780009][T19056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3964'.
[  560.862071][T19056] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3964'.
[  560.905058][T19059] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3965'.
[  561.117912][T19058] block nbd2: server does not support multiple connections per device.
[  561.143981][T19058] block nbd2: shutting down sockets
[  561.899159][T19055] lo speed is unknown, defaulting to 1000
[  561.975318][T19076] netlink: 'syz.1.3971': attribute type 29 has an invalid length.
[  561.994396][T19080] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3973'.
[  562.256561][T19095] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  562.501424][T19101] block nbd2: server does not support multiple connections per device.
[  562.536583][T19101] block nbd2: shutting down sockets
[  562.629664][T19107] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  563.423746][T19135] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  563.600654][T19143] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  563.749374][T19147] block nbd2: server does not support multiple connections per device.
[  563.795964][T19147] block nbd2: shutting down sockets
[  564.409501][T19166] 8021q: adding VLAN 0 to HW filter on device bond0
[  564.669958][T19182] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  564.989320][T19194] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  565.361343][T19217] __nla_validate_parse: 14 callbacks suppressed
[  565.361368][T19217] netlink: 316 bytes leftover after parsing attributes in process `syz.2.4018'.
[  565.510443][T19221] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4019'.
[  565.600437][T19226] netlink: 'syz.2.4020': attribute type 1 has an invalid length.
[  565.950117][T19237] ipt_rpfilter: unknown options
[  566.006583][T19242] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  566.116872][T19245] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  566.246052][T19253] netlink: 316 bytes leftover after parsing attributes in process `syz.0.4030'.
[  566.536265][T19268] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4033'.
[  566.650543][T19275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4034'.
[  567.066560][T19290] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  567.169840][T19297] netlink: 244 bytes leftover after parsing attributes in process `syz.0.4038'.
[  567.749544][T19313] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4047'.
[  567.758886][T19315] netlink: 316 bytes leftover after parsing attributes in process `syz.4.4044'.
[  568.145054][T19331] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4053'.
[  568.252173][T19334] vlan2: entered promiscuous mode
[  568.419202][T19338] vlan2: entered promiscuous mode
[  568.968276][T19359] netlink: 316 bytes leftover after parsing attributes in process `syz.1.4061'.
[  569.090333][T19363] sctp: [Deprecated]: syz.3.4062 (pid 19363) Use of struct sctp_assoc_value in delayed_ack socket option.
[  569.090333][T19363] Use struct sctp_sack_info instead
[  569.317627][T19370] nbd: socks must be embedded in a SOCK_ITEM attr
[  569.331483][T19367] nbd: socks must be embedded in a SOCK_ITEM attr
[  569.447458][T19377] block nbd2: server does not support multiple connections per device.
[  569.459324][T19377] block nbd2: shutting down sockets
[  569.504033][T19384] netlink: 'syz.4.4068': attribute type 2 has an invalid length.
[  569.853400][T19395] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  570.689926][T19433] __nla_validate_parse: 11 callbacks suppressed
[  570.689941][T19433] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4086'.
[  570.725848][T19434] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4085'.
[  570.767524][T19430] block nbd2: server does not support multiple connections per device.
[  570.786460][T19430] block nbd2: shutting down sockets
[  570.826947][T19438] netlink: 316 bytes leftover after parsing attributes in process `syz.3.4087'.
[  571.028941][T19446] 8021q: adding VLAN 0 to HW filter on device bond4
[  571.037411][T19446] bridge0: port 3(bond4) entered blocking state
[  571.043922][T19446] bridge0: port 3(bond4) entered disabled state
[  571.052353][T19446] bond4: entered allmulticast mode
[  571.060360][T19446] bond4: entered promiscuous mode
[  571.066713][T19446] bridge0: port 3(bond4) entered blocking state
[  571.073543][T19446] bridge0: port 3(bond4) entered forwarding state
[  571.305300][T19459] netlink: 'syz.4.4093': attribute type 29 has an invalid length.
[  571.353351][T19457] netlink: 'syz.4.4093': attribute type 29 has an invalid length.
[  571.487840][T19465] netlink: 244 bytes leftover after parsing attributes in process `syz.0.4097'.
[  571.533758][T19443] lo speed is unknown, defaulting to 1000
[  571.735990][T19475] netlink: 308 bytes leftover after parsing attributes in process `syz.2.4101'.
[  571.784684][T19476] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4100'.
[  571.815983][T19473] block nbd2: server does not support multiple connections per device.
[  571.832106][T19473] block nbd2: shutting down sockets
[  571.838956][T10337] bridge0: port 3(bond4) entered disabled state
[  571.858052][T19478] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4102'.
[  571.874090][T19480] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  571.891752][T19478] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4102'.
[  572.244263][T19478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4102'.
[  572.559156][T19500] vlan2: entered promiscuous mode
[  572.745043][T19508] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4113'.
[  572.938234][T19514] block nbd2: server does not support multiple connections per device.
[  572.965861][T19514] block nbd2: shutting down sockets
[  573.199869][T19525] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (64)
[  574.188263][T19547] lo speed is unknown, defaulting to 1000
[  574.486845][T19557] block nbd2: server does not support multiple connections per device.
[  574.508048][T19557] block nbd2: shutting down sockets
[  574.656636][T19572] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  575.706887][T19603] block nbd2: server does not support multiple connections per device.
[  575.716828][T19603] block nbd2: shutting down sockets
[  575.894217][T19617] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  576.011705][T19622] __nla_validate_parse: 10 callbacks suppressed
[  576.011726][T19622] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4155'.
[  576.138785][T19628] netlink: 308 bytes leftover after parsing attributes in process `syz.2.4158'.
[  576.234250][T19630] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  576.602795][T19616] lo speed is unknown, defaulting to 1000
[  577.025936][T19649] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  577.109526][ T6621] IPVS: starting estimator thread 0...
[  577.187431][T19658] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4169'.
[  577.191495][T19654] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4170'.
[  577.214514][T19652] IPVS: using max 26 ests per chain, 62400 per kthread
[  577.384719][T19664] syzkaller1: entered promiscuous mode
[  577.412555][T19664] syzkaller1: entered allmulticast mode
[  577.790584][T19679] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  577.828170][T19679] batadv_slave_0: entered promiscuous mode
[  577.834037][T19679] batadv_slave_0: entered allmulticast mode
[  578.170740][T19697] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  578.247178][T19701] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4186'.
[  578.266140][T19705] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4189'.
[  578.715835][T19724] netlink: 316 bytes leftover after parsing attributes in process `syz.1.4196'.
[  579.061738][T19728] vlan2: entered promiscuous mode
[  579.246418][T19717] lo speed is unknown, defaulting to 1000
[  579.597675][T19738] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4202'.
[  579.705809][T19745] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4204'.
[  579.937533][T19752] netlink: 316 bytes leftover after parsing attributes in process `syz.1.4208'.
[  580.170198][T19761] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  580.287525][T19768] FAULT_INJECTION: forcing a failure.
[  580.287525][T19768] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.346891][T19768] CPU: 1 UID: 0 PID: 19768 Comm: syz.4.4214 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  580.346923][T19768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  580.346935][T19768] Call Trace:
[  580.346943][T19768]  <TASK>
[  580.346951][T19768]  dump_stack_lvl+0x189/0x250
[  580.346981][T19768]  ? __pfx____ratelimit+0x10/0x10
[  580.347006][T19768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  580.347031][T19768]  ? __pfx__printk+0x10/0x10
[  580.347078][T19768]  should_fail_ex+0x414/0x560
[  580.347113][T19768]  _copy_from_user+0x2d/0xb0
[  580.347137][T19768]  sctp_setsockopt+0x19f/0x1200
[  580.347173][T19768]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  580.347200][T19768]  do_sock_setsockopt+0x257/0x3e0
[  580.347232][T19768]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  580.347274][T19768]  ? __fget_files+0x2a/0x420
[  580.347319][T19768]  __x64_sys_setsockopt+0x18b/0x220
[  580.347365][T19768]  do_syscall_64+0xfa/0x3b0
[  580.347389][T19768]  ? lockdep_hardirqs_on+0x9c/0x150
[  580.347414][T19768]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.347433][T19768]  ? clear_bhb_loop+0x60/0xb0
[  580.347458][T19768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.347476][T19768] RIP: 0033:0x7fdae198e929
[  580.347495][T19768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  580.347512][T19768] RSP: 002b:00007fdae286c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  580.347535][T19768] RAX: ffffffffffffffda RBX: 00007fdae1bb5fa0 RCX: 00007fdae198e929
[  580.347549][T19768] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003
[  580.347561][T19768] RBP: 00007fdae286c090 R08: 000000000000000e R09: 0000000000000000
[  580.347574][T19768] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[  580.347586][T19768] R13: 0000000000000000 R14: 00007fdae1bb5fa0 R15: 00007ffcb006bb08
[  580.347614][T19768]  </TASK>
[  581.041106][T19789] __nla_validate_parse: 2 callbacks suppressed
[  581.041130][T19789] netlink: 316 bytes leftover after parsing attributes in process `syz.0.4221'.
[  581.251560][T19800] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  581.480830][T19810] geneve2: entered allmulticast mode
[  581.698358][T19814] netlink: 244 bytes leftover after parsing attributes in process `syz.0.4229'.
[  581.760668][T19813] vlan2: entered promiscuous mode
[  582.029971][T19790] lo speed is unknown, defaulting to 1000
[  582.312448][T19827] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4236'.
[  582.576650][T19841] netlink: 244 bytes leftover after parsing attributes in process `syz.2.4241'.
[  582.996485][ T5850] Bluetooth: hci1: command 0x0405 tx timeout
[  583.233685][T19865] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0
[  583.449065][T19869] FAULT_INJECTION: forcing a failure.
[  583.449065][T19869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  583.456098][T19872] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4252'.
[  583.477734][T19869] CPU: 1 UID: 0 PID: 19869 Comm: syz.1.4251 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  583.477766][T19869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  583.477778][T19869] Call Trace:
[  583.477787][T19869]  <TASK>
[  583.477797][T19869]  dump_stack_lvl+0x189/0x250
[  583.477825][T19869]  ? __pfx____ratelimit+0x10/0x10
[  583.477850][T19869]  ? __pfx_dump_stack_lvl+0x10/0x10
[  583.477874][T19869]  ? __pfx__printk+0x10/0x10
[  583.477913][T19869]  should_fail_ex+0x414/0x560
[  583.477949][T19869]  _copy_to_user+0x31/0xb0
[  583.477976][T19869]  simple_read_from_buffer+0xe1/0x170
[  583.478008][T19869]  proc_fail_nth_read+0x1df/0x250
[  583.478041][T19869]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  583.478070][T19869]  ? rw_verify_area+0x258/0x650
[  583.478091][T19869]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  583.478119][T19869]  vfs_read+0x200/0x980
[  583.478147][T19869]  ? __pfx___mutex_lock+0x10/0x10
[  583.478173][T19869]  ? __pfx_vfs_read+0x10/0x10
[  583.478195][T19869]  ? __fget_files+0x2a/0x420
[  583.478226][T19869]  ? __fget_files+0x3a0/0x420
[  583.478252][T19869]  ? __fget_files+0x2a/0x420
[  583.478289][T19869]  ksys_read+0x145/0x250
[  583.478309][T19869]  ? __fget_files+0x2a/0x420
[  583.478347][T19869]  ? __pfx_ksys_read+0x10/0x10
[  583.478376][T19869]  ? do_syscall_64+0xbe/0x3b0
[  583.478405][T19869]  do_syscall_64+0xfa/0x3b0
[  583.478429][T19869]  ? lockdep_hardirqs_on+0x9c/0x150
[  583.478452][T19869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.478472][T19869]  ? clear_bhb_loop+0x60/0xb0
[  583.478498][T19869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.478517][T19869] RIP: 0033:0x7f2212f8d33c
[  583.478537][T19869] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  583.478554][T19869] RSP: 002b:00007f2213d3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  583.478577][T19869] RAX: ffffffffffffffda RBX: 00007f22131b5fa0 RCX: 00007f2212f8d33c
[  583.478592][T19869] RDX: 000000000000000f RSI: 00007f2213d3f0a0 RDI: 0000000000000004
[  583.478605][T19869] RBP: 00007f2213d3f090 R08: 0000000000000000 R09: 0000000000000000
[  583.478617][T19869] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[  583.478630][T19869] R13: 0000000000000000 R14: 00007f22131b5fa0 R15: 00007ffe9e7cd468
[  583.478665][T19869]  </TASK>
[  583.750801][T19875] netlink: 244 bytes leftover after parsing attributes in process `syz.2.4253'.
[  583.877582][T19852] lo speed is unknown, defaulting to 1000
[  584.113285][T19889] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI
[  584.125241][T19889] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[  584.133670][T19889] CPU: 0 UID: 0 PID: 19889 Comm: syz.1.4257 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) 
[  584.145751][T19889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  584.155809][T19889] RIP: 0010:__list_del_entry_valid_or_report+0x25/0x190
[  584.162773][T19889] Code: 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 55 41 54 53 48 89 fb 49 bd 00 00 00 00 00 fc ff df 48 83 c7 08 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 05 e8 ff ea 5b fd 4c 8b 7b 08 48 89 d8 48 c1 e8
[  584.182391][T19889] RSP: 0018:ffffc90003fdef80 EFLAGS: 00010202
[  584.188470][T19889] RAX: 000000000000000b RBX: 0000000000000050 RCX: 0000000000080000
[  584.196452][T19889] RDX: ffffc90015d0a000 RSI: 0000000000000b89 RDI: 0000000000000058
[  584.204425][T19889] RBP: dffffc0000000000 R08: ffff888024ed0000 R09: 0000000000000002
[  584.212398][T19889] R10: 00000000ffffffff R11: ffffffff89871920 R12: 0000000000000000
[  584.220375][T19889] R13: dffffc0000000000 R14: 0000000000000050 R15: ffff88807c5db000
[  584.228352][T19889] FS:  00007f2213d1e6c0(0000) GS:ffff888125c16000(0000) knlGS:0000000000000000
[  584.237288][T19889] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  584.243894][T19889] CR2: 00007f2210df6d58 CR3: 0000000037e88000 CR4: 00000000003526f0
[  584.251873][T19889] Call Trace:
[  584.255156][T19889]  <TASK>
[  584.258091][T19889]  drr_qlen_notify+0x2c/0xf0
[  584.262692][T19889]  qdisc_tree_reduce_backlog+0x299/0x480
[  584.268332][T19889]  ? qdisc_tree_reduce_backlog+0x3c/0x480
[  584.274054][T19889]  fq_change+0x1519/0x1f50
[  584.278483][T19889]  ? __pfx_fq_change+0x10/0x10
[  584.283259][T19889]  ? __hrtimer_setup+0x187/0x210
[  584.288221][T19889]  fq_init+0x699/0x960
[  584.292300][T19889]  ? __pfx_fq_init+0x10/0x10
[  584.296898][T19889]  ? lockdep_rtnl_is_held+0x26/0x40
[  584.302119][T19889]  ? qdisc_lookup+0x36d/0x6d0
[  584.306811][T19889]  ? __pfx_fq_init+0x10/0x10
[  584.311408][T19889]  qdisc_create+0x7a9/0xea0
[  584.315924][T19889]  tc_modify_qdisc+0x1426/0x2010
[  584.320871][T19889]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  584.326179][T19889]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  584.331496][T19889]  rtnetlink_rcv_msg+0x77c/0xb70
[  584.336461][T19889]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  584.341584][T19889]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  584.347057][T19889]  ? ref_tracker_free+0x63a/0x7d0
[  584.352098][T19889]  ? __copy_skb_header+0xa7/0x550
[  584.357147][T19889]  ? __pfx_ref_tracker_free+0x10/0x10
[  584.362530][T19889]  netlink_rcv_skb+0x205/0x470
[  584.367313][T19889]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  584.372795][T19889]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  584.378094][T19889]  ? netlink_deliver_tap+0x2e/0x1b0
[  584.383296][T19889]  ? netlink_deliver_tap+0x2e/0x1b0
[  584.388510][T19889]  netlink_unicast+0x758/0x8d0
[  584.393284][T19889]  netlink_sendmsg+0x805/0xb30
[  584.398056][T19889]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.403352][T19889]  ? aa_sock_msg_perm+0x94/0x160
[  584.408299][T19889]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  584.413587][T19889]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.418878][T19889]  __sock_sendmsg+0x219/0x270
[  584.423557][T19889]  ____sys_sendmsg+0x505/0x830
[  584.428333][T19889]  ? __pfx_____sys_sendmsg+0x10/0x10
[  584.433632][T19889]  ? import_iovec+0x74/0xa0
[  584.438229][T19889]  ___sys_sendmsg+0x21f/0x2a0
[  584.442913][T19889]  ? __pfx____sys_sendmsg+0x10/0x10
[  584.448131][T19889]  ? __fget_files+0x2a/0x420
[  584.452726][T19889]  ? __fget_files+0x3a0/0x420
[  584.457414][T19889]  __x64_sys_sendmsg+0x19b/0x260
[  584.462437][T19889]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  584.467908][T19889]  ? do_user_addr_fault+0xc8a/0x1390
[  584.473191][T19889]  ? do_syscall_64+0xbe/0x3b0
[  584.477873][T19889]  do_syscall_64+0xfa/0x3b0
[  584.482382][T19889]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.487585][T19889]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.493662][T19889]  ? clear_bhb_loop+0x60/0xb0
[  584.498426][T19889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.504333][T19889] RIP: 0033:0x7f2212f8e929
[  584.508773][T19889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.528386][T19889] RSP: 002b:00007f2213d1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  584.536816][T19889] RAX: ffffffffffffffda RBX: 00007f22131b6080 RCX: 00007f2212f8e929
[  584.544788][T19889] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000004
[  584.552760][T19889] RBP: 00007f2213010b39 R08: 0000000000000000 R09: 0000000000000000
[  584.560733][T19889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  584.568707][T19889] R13: 0000000000000001 R14: 00007f22131b6080 R15: 00007ffe9e7cd468
[  584.576690][T19889]  </TASK>
[  584.579707][T19889] Modules linked in:
[  584.583713][T19889] ---[ end trace 0000000000000000 ]---
[  584.589216][T19889] RIP: 0010:__list_del_entry_valid_or_report+0x25/0x190
[  584.596190][T19889] Code: 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 55 41 54 53 48 89 fb 49 bd 00 00 00 00 00 fc ff df 48 83 c7 08 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 05 e8 ff ea 5b fd 4c 8b 7b 08 48 89 d8 48 c1 e8
[  584.615851][T19889] RSP: 0018:ffffc90003fdef80 EFLAGS: 00010202
[  584.621977][T19889] RAX: 000000000000000b RBX: 0000000000000050 RCX: 0000000000080000
[  584.630002][T19889] RDX: ffffc90015d0a000 RSI: 0000000000000b89 RDI: 0000000000000058
[  584.638024][T19889] RBP: dffffc0000000000 R08: ffff888024ed0000 R09: 0000000000000002
[  584.646011][T19889] R10: 00000000ffffffff R11: ffffffff89871920 R12: 0000000000000000
[  584.653991][T19889] R13: dffffc0000000000 R14: 0000000000000050 R15: ffff88807c5db000
[  584.661976][T19889] FS:  00007f2213d1e6c0(0000) GS:ffff888125c16000(0000) knlGS:0000000000000000
[  584.670918][T19889] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  584.677572][T19889] CR2: 00007f2210df6d58 CR3: 0000000037e88000 CR4: 00000000003526f0
[  584.685630][T19889] Kernel panic - not syncing: Fatal exception in interrupt
[  584.693092][T19889] Kernel Offset: disabled
[  584.697431][T19889] Rebooting in 86400 seconds..