last executing test programs:

11m4.838840101s ago: executing program 2 (id=1225):
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet(0x2, 0x3, 0x30)
getsockopt$inet_mreqsrc(r0, 0x0, 0x53, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfffffeffffff7f7e, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x1, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xfffffff5)

11m3.203743225s ago: executing program 2 (id=1246):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x1c) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7910480000000000790048000000000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x7, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x21000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x34, r4, 0x1, 0x3, 0x0, {{0xa}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_IDX={0x5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48881}, 0x40)
mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) (async)
mmap(&(0x7f00004f1000/0x3000)=nil, 0x3000, 0x2000006, 0x12, r1, 0x913e0000) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x10) (async)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000100)) (async)
ioctl$PPPIOCSACTIVE(r6, 0x40107446, &(0x7f0000000080)={0x1ffffffffffffdfc, &(0x7f00000000c0)=[{0x58, 0x8, 0xfe, 0x9}, {0x6, 0x0, 0xfc, 0xab}]}) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r7, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00005d5000/0x2000)=nil, 0x2000, 0x3, 0x28011, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) (async)
mmap(&(0x7f00005d6000/0x1000)=nil, 0x1000, 0x2000002, 0x13, 0xffffffffffffffff, 0x12e9d000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c8d5ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a3200000000440005800800024000000002080001"], 0x2d4}}, 0x4048010)

11m2.954000881s ago: executing program 2 (id=1249):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384-generic\x00'}, 0x58)
socket(0x10, 0x803, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x8) (async)
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x8)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x7fffffff, 'syz1\x00', @null, 0x9, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default]})
recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000003800)=""/4111, 0x100f}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002440)=""/84, 0x54}, {&(0x7f0000000980)=""/63, 0x49}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f0000001000)=""/130, 0x82}], 0xc, 0x0, 0x0, 0xb00}, 0x40d40b70}], 0x40000000000026d, 0x0, 0x0)
r3 = accept4(r0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000711210000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
read$alg(r3, &(0x7f0000000000)=""/35, 0x23) (async)
read$alg(r3, &(0x7f0000000000)=""/35, 0x23)

11m2.712583336s ago: executing program 2 (id=1252):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}], 0x1, 0x48094)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000040)={0x2b, @rand_addr=0x64010100, 0x4e24, 0x3, 'lblc\x00', 0x22, 0x9, 0x48}, 0x2c)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
listen(r0, 0x200)

11m2.586505797s ago: executing program 3 (id=1254):
r0 = socket(0x2, 0x5, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000200)="f9", 0x1}], 0x1, 0x0, 0x0, 0x80020}], 0x1, 0x40c0)
sendmmsg$inet_sctp(r0, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0, 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900000000000000000000000060ff", @ANYRES32=0x0], 0x30}], 0x1, 0x0)

11m2.481985975s ago: executing program 3 (id=1256):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xffffffffffffffff}}, [@tmpl={0x84, 0x5, [{{@in=@remote, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in=@remote, 0x0, 0x1}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x5593ee2f0bddd481}, 0x0)

11m2.254073807s ago: executing program 3 (id=1257):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r3=>0x0})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map, 0xffffffffffffffff, 0x22, 0x2000}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x31}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94)
sendmsg$nl_route(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8, 0xa, r2}, @CGW_SRC_IF={0x8, 0x9, r3}]}, 0x24}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40020)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x18}, {0xffff}, {0x1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x8084}, 0x0)

11m1.519931884s ago: executing program 2 (id=1260):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x28, 0x0, 0x5, 0xfffff034}, {0x80000006, 0x0, 0x12, 0xf9}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='wg2\x00', 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000b00000000000019078ac1e0001ac1414aa0304907800000000450000000000000000010000ac141400ac1414aa07130000000000000000000000000000000000440c00037f00000100000000890f0000000000ffffffffffffffff444c0001ac1e00010000010000000000000000000000000000000000ac1414aa000000007f000001000000000000000000000000e000000200000000ffffffff00000000ffffffff00000000440400000000"], 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272})
ioctl$TUNSETOFFLOAD(r4, 0x400454c9, 0x13)
ioctl$TUNSETGROUP(r4, 0x400454ce, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000181100007d9fd9d0c809bd2f272272f0042ab12f417313d7e7892102e6184266132b0690bf4625ad91b612f3856058dfed2444d950c1084a878991ede896b0cfa6163abd66d826f286ef1ed6ee2c97c8a60a26f56682b9ba2e30b80fd7dee88db00ceea4847046ad646e823c18f08fdaf78f1f", @ANYRES32=r5, @ANYRESDEC, @ANYRES16=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x72060500)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100", @ANYRES8=r1], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x400c844)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf25080001000f000000"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r6}, 0x18)
unshare(0x64000600)
r8 = socket$inet6(0x10, 0x2, 0x0)
write(r8, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc)

11m1.339396602s ago: executing program 3 (id=1262):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x9e}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xd}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000480}, 0x4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x3, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00)
setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000280)={0x0, @loopback, @rand_addr=0x64010101}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061107e0000000000dd710000000000009500090000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xd, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x4}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {0x95, 0x0, 0xff85}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbb2}, 0x94)

11m1.066885064s ago: executing program 3 (id=1264):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec9700019888fffc000018c6ba35000000000000000700ff020000000000fffffffffffffff50100000000000000cc"], 0xfdef)

11m0.923306147s ago: executing program 2 (id=1265):
r0 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x402, 0x0, 0x1}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f00000001c0))
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000280)=@sack_info={0x0, 0x0, 0x3ff}, 0xc)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000200008000480040003800800084000000000080008400000000734000f80"], 0xdc}}, 0x0)

11m0.317817222s ago: executing program 32 (id=1265):
r0 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x402, 0x0, 0x1}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f00000001c0))
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000280)=@sack_info={0x0, 0x0, 0x3ff}, 0xc)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000200008000480040003800800084000000000080008400000000734000f80"], 0xdc}}, 0x0)

11m0.31122377s ago: executing program 3 (id=1268):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x28)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000)
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c3a0081e949b93897bc3b00000000a0007d01ff020000000000000000000000000001"], 0xfdef)

10m59.921750669s ago: executing program 33 (id=1268):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x28)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000)
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c3a0081e949b93897bc3b00000000a0007d01ff020000000000000000000000000001"], 0xfdef)

4.131167248s ago: executing program 5 (id=6497):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'sit0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x7800, 0x40, 0x223, 0x0, {{0x3b, 0x4, 0x3, 0x3b, 0xec, 0x68, 0x0, 0x8, 0x2b, 0x0, @remote, @broadcast, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x54, 0xc9, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x71c}, {@multicast2, 0xffffffff}, {@multicast2, 0xfff}, {@multicast1, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@broadcast, 0xffff}, {@remote, 0x5}, {@loopback, 0xb1}, {@remote, 0x2}, {@local, 0xfffffff7}]}, @timestamp_addr={0x44, 0x44, 0x27, 0x1, 0x7, [{@multicast1, 0x9}, {@rand_addr=0x64010100, 0x4f19}, {@dev={0xac, 0x14, 0x14, 0x30}, 0xb9}, {@remote, 0x1}, {@rand_addr=0x64010100, 0x3}, {@loopback, 0x3cf}, {@private=0xa010102}, {@remote, 0x1}]}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x34, 0x3, [{0x0, 0x8, "2a2a27e2984d"}, {0x7, 0x2}, {0x0, 0x5, "f064cf"}, {0x4, 0xe, "a255498f9cc737cde2dcce0e"}, {0x2, 0x11, "19be1339b7cf74f9046707e3acafcf"}]}, @rr={0x7, 0x3, 0xf0}]}}}}})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000002cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

3.686814766s ago: executing program 5 (id=6503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000000004851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000001070020006608000000000001180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x8}, 0x94)

3.378794131s ago: executing program 5 (id=6508):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d6974000000"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0xfffffffffffffefb, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0) (fail_nth: 47)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4)
shutdown(0xffffffffffffffff, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xbc}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0)
socket$netlink(0x10, 0x3, 0xb)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)

2.609770767s ago: executing program 4 (id=6511):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fbdbdf250100000008000100030000002c00048005000300010000000500030001000000050003000100faff040003000200000005000300070000000800020002000000"], 0x50}}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r2)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)={0x5c, r3, 0x5eae78d9c54e9d3f, 0x0, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_KEY={0x40, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xe}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d45cc7242de81ae9b87d0c18640bb308"}, @NL802154_KEY_ATTR_ID={0x20, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}]}]}, 0x5c}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000600), r5)
sendmsg$IEEE802154_ASSOCIATE_RESP(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)={0x14, r6, 0x401, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x20008004)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x60, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "8703853a33759a84a93129d8e7dafc9bd2bb43056f2428c5765a42e1fb1de437"}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xdf14}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x404c005)

2.502165864s ago: executing program 5 (id=6513):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @empty, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}})
unshare(0x6a040000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
unshare(0x600)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={&(0x7f00000002c0)="a7e3c11073f57f9e4978aafe780ae4f8ae7620312693639f91d0bf5de4a04117e44a1050cc03b8dc9ec3898f6fe8be971a235e2c5b4bed729efd79b53422cad3555a3fea472ba77dcfc36fafb53597b4c1507f9190a4477cc57c169ef4b1e3953659192a1315d362b9697185601352", &(0x7f0000000340)=""/75, &(0x7f00000003c0)="6adcd3da9edb59240e8971b926407c19a8db884ccf7520c146ca6edb19f42d4968f43cd7a91f6ba3cfc2d4a4928cbf8fa0c9f5f856fa20b0f68eb27fdd7c1987a97ad1f49baa2def4f0c06178e846da8145f985c8c28e09877a6f224ff9052f2fd6ba0391e6ae51fe41d0fc111df8c4333c19c132d90d1610bb045ea7c38a353c2d06655128be785752e4518a82b52f9f2bc5bd8db70f3b80ca78f5b990c8db9117657cf0cb591f952cee90776c191451b9187caf0f1a600e4b401fad569ae25d4", &(0x7f0000000600)="d8b8554e0d1c686676f67bbefb4ee16c42942a8c43e0c658346dc9986923ceb17a2ef6127fde361aa8d16af81ded9ed06086bd48a6943f0e3993ab3e441b2b866b307d0d4e5acabed95342d9ce0f56481d96384ac6a0bd6dcbc7b3ceec14fa41bf168985127e0ec1bd704712757912095afc44cdde636606f69f55e83e43e019fa60dd8e6b9aa3087857dd2d1ed56f2e868a7c0b5bba892bf7fe2f37468c7fa01b9a318d20b26c3d407a933023079b751749ed22cf7fe6f6f5aa6d6b81504eae68dbfa27615014224736b18f102f2f060c1ca564f4c9beab26e0ec299942490f66bbe76d2c9c276c4e", 0x4, r2, 0x4}, 0x38)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x2, 0x9, 0x200, 0x0, 0xa77a, {0x0, @in6={{0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffff7}}, 0x74, 0x4, 0xe60e, 0x8, 0x7}}, &(0x7f0000000280)=0xb0)

2.294941695s ago: executing program 0 (id=6516):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xf}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x201, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

2.276153283s ago: executing program 4 (id=6518):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'sit0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x7800, 0x40, 0x223, 0x0, {{0x3b, 0x4, 0x3, 0x3b, 0xec, 0x68, 0x0, 0x8, 0x2b, 0x0, @remote, @broadcast, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x54, 0xc9, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x71c}, {@multicast2, 0xffffffff}, {@multicast2, 0xfff}, {@multicast1, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@broadcast, 0xffff}, {@remote, 0x5}, {@loopback, 0xb1}, {@remote, 0x2}, {@local, 0xfffffff7}]}, @timestamp_addr={0x44, 0x44, 0x27, 0x1, 0x7, [{@multicast1, 0x9}, {@rand_addr=0x64010100, 0x4f19}, {@dev={0xac, 0x14, 0x14, 0x30}, 0xb9}, {@remote, 0x1}, {@rand_addr=0x64010100, 0x3}, {@loopback, 0x3cf}, {@private=0xa010102}, {@remote, 0x1}]}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x34, 0x3, [{0x0, 0x8, "2a2a27e2984d"}, {0x7, 0x2}, {0x0, 0x5, "f064cf"}, {0x4, 0xe, "a255498f9cc737cde2dcce0e"}, {0x2, 0x11, "19be1339b7cf74f9046707e3acafcf"}]}, @rr={0x7, 0x3, 0xf0}]}}}}})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000003cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

2.222425507s ago: executing program 6 (id=6519):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x40, 0x10, 0x49920d862a92143b, 0x100000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x24000800)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}, {0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}}], {0x14}}, 0xb0}}, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x6)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched_retired(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=@newtclass={0x558, 0x28, 0x800, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x10, 0xfff3}, {0x0, 0xe}, {0x0, 0xfff3}}, [@c_atm={{0x8}, {0x30, 0x2, [@TCA_ATM_HDR={0x21, 0x3, "1c742798c43e12c1d98dce9702a45b4a9a1cfde3df8678eec00517aecf"}, @TCA_ATM_FD={0x8, 0x1, r3}]}}, @c_atm={{0x8}, {0x58, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0xfff1, 0xe}}, @TCA_ATM_FD={0x8, 0x1, r4}, @TCA_ATM_FD={0x8, 0x1, r5}, @TCA_ATM_HDR={0x3b, 0x3, "7e05f315b227f1318c23238a8a21f97cd48c7e048a38932eb5052f4956464ab73fdec39e309b2c848a0de5945a26e499931a125d18df0c"}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x9}}}, @c_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBQ_LSSOPT={0x18, 0x1, {0x3b, 0x0, 0x9, 0x81, 0xd, 0xa, 0x8000, 0x3}}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x9}}}, @c_cbq={{0x8}, {0x428, 0x2, [@TCA_CBQ_WRROPT={0x10, 0x2, {0xba, 0x2, 0x2, 0x6, 0x80000000, 0xfffffffc}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x8, 0x398, 0x3, 0x9, 0xe, 0x5, 0x5, 0x5, 0x1ff, 0x4, 0xb, 0xe, 0x4, 0x8, 0x3, 0x0, 0xfff, 0x3, 0x5, 0x2, 0x9, 0x9, 0x70e86d70, 0x7fff, 0x200, 0x6, 0x1, 0x8001, 0x3, 0x3, 0xd6547a59, 0xd, 0x0, 0x8, 0x0, 0x2, 0x401, 0xf, 0x1, 0x7, 0x5, 0xf118, 0x1, 0x7f, 0x3, 0xfffffffa, 0xffff8f7d, 0xa50, 0x5, 0x8, 0x7, 0x4, 0x11, 0x100, 0x0, 0x1c30, 0x3, 0x7, 0xc3, 0xdaf, 0x5, 0x6, 0x3, 0x4, 0x2c7, 0x4, 0x80000000, 0x2, 0x400, 0xc9, 0x8000, 0x7, 0x0, 0x4, 0x7, 0x8, 0x27, 0x4, 0x0, 0x5, 0x38800000, 0xfff, 0xfff, 0x9, 0x4, 0xda, 0x1, 0x5, 0x2, 0x3, 0xd54, 0x100, 0x7ff, 0xd, 0x10001, 0x0, 0xb, 0x81, 0x2, 0xf3, 0xfe5e, 0x0, 0xffff, 0x93eb, 0xd, 0xfff, 0x3, 0x4, 0x5, 0x93, 0x0, 0x5, 0x6, 0xffffffff, 0x1, 0x6, 0x5, 0xfffffffe, 0x10001, 0x81, 0x1, 0x9, 0x7fff, 0x5, 0x6, 0x1, 0x7fff, 0xfffffffe, 0x3d, 0xd, 0x4, 0x9, 0x7, 0xae0b, 0x40, 0x8, 0x93b2, 0x9, 0x1000, 0xe, 0x400009, 0x80000001, 0x2, 0x9, 0x2, 0xfffffff9, 0x800, 0xfffffffd, 0x9, 0xffff, 0xbb, 0x5, 0x4, 0x750c, 0x101, 0xb, 0x101, 0xf, 0x3, 0x5, 0x3, 0x2, 0x101, 0x1fd, 0x6000, 0x2, 0x0, 0x9, 0x4, 0xfffffff7, 0x2, 0xf, 0x3, 0x8, 0x87db, 0x7, 0x9, 0x4f, 0xfff, 0x4, 0x4, 0x0, 0xc, 0xc, 0xd, 0x1, 0x6, 0x9, 0x1, 0x7af, 0xc623, 0x3, 0x3, 0x4, 0x4, 0x3, 0xfff, 0xfffffe79, 0x8, 0x2, 0xcd8, 0x2, 0x32, 0x1, 0x5d, 0x3ff, 0x4, 0x4, 0x1, 0x1, 0x7fffffff, 0x6, 0x800, 0xf0000000, 0x2, 0x5, 0x200, 0x9, 0x7fffffff, 0xf, 0x3, 0x9, 0x3, 0x783, 0x9, 0x4, 0x4, 0x200, 0x8, 0x873, 0x4, 0x5, 0xe52, 0x8000, 0x24, 0x1, 0x4, 0x6, 0x2, 0x4, 0x2, 0x3, 0x1, 0xfff, 0x4, 0x200, 0x4000000, 0x5, 0x7, 0x8ace, 0x10, 0x7, 0x5, 0x80000001, 0x3, 0xbb]}, @TCA_CBQ_RATE={0x10, 0x5, {0x3, 0x0, 0x1000, 0x6, 0x6c, 0x5}}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x7}}}]}, 0x558}}, 0x1)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r6], 0x44}}, 0x0)

2.167411781s ago: executing program 0 (id=6520):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x54}}, 0x0)

1.968915503s ago: executing program 0 (id=6522):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000d0000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000100), &(0x7f00000001c0)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000240), &(0x7f0000000280)=r2}, 0x20)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x405, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r5, 0x800448f0, &(0x7f0000000200)={0x4, 0x3ff, "738bb7", 0xd5, 0x5})

1.874728533s ago: executing program 6 (id=6523):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
socket(0x10, 0x803, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e1f, 0x3, 'lc\x00', 0x4, 0x81, 0x5}, {@rand_addr=0x64010102, 0x4e26, 0x0, 0xcb, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e26, 0x12002, 0x3, 0x8001, 0x1}}, 0x44)
socket(0x400000000010, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f110000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000006000000080000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
close(0x3)
unshare(0x6a040000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001080)={{r5}, 0x0, &(0x7f0000001040)}, 0x20)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r7, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x5bc}, 0x8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)

1.874482466s ago: executing program 1 (id=6524):
r0 = socket$inet(0x2, 0x2, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @dev={0xac, 0x14, 0x14, 0x1f}, r1}, 0xc)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110b4000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94)

1.741195455s ago: executing program 0 (id=6525):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000540)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03013000000000002000128008000100677265001400028008000600ac14142e08000700e000030a08000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000180)={0x2c, 0x2, r5}, 0x10)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000740)={0x0, 0x206000, 0x0, 0x3}, 0x20)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

1.736408695s ago: executing program 1 (id=6526):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000400000000000900020073797a30000000000500010007000000050005000a000000140007800800114000000000080012400000ffff16000300686173683a6e6574"], 0x64}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000006c0)={0x1c, r2, 0x221, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x1c}}, 0x40040)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r1, &(0x7f0000000700)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000004c0)={0x68, r5, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x256, 0x1c}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x69}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x8}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008000}, 0xc090)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13901}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xa21d294a74a2b459}, 0x80)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
getsockopt$netrom_NETROM_T1(r3, 0x103, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002440)=""/84, 0x54}, {&(0x7f0000000980)=""/63, 0x3f}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f0000001000)=""/130, 0x82}], 0xc, 0x0, 0x0, 0xb00}, 0x40d40b70}], 0x1, 0x0, 0x0)

1.606703116s ago: executing program 4 (id=6527):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d6974000000"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0xfffffffffffffefb, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0) (fail_nth: 48)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4)
shutdown(0xffffffffffffffff, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xbc}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0)
socket$netlink(0x10, 0x3, 0xb)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)

1.008011299s ago: executing program 5 (id=6528):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x52, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604fd318001c0600fc010000000000000000000000000002fe8000000000000000000000000000aa00004001efc1f26849aed9696e0a1b8d3550437eb84501a141654374591036bffcc44d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="7002000090780000fe06f989fc2e0802"], 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x8, 0x1, 0x1, 0x2, 0xc}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r2, 0x8b32, &(0x7f0000000040))
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}}, 0x8080)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6, 0x1, 0xff, 0x2}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r3, 0x8b32, &(0x7f0000000040))
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000001b80)={0x2, 0x0, @start={0x0, 0x1, "3b1cde1cb1c9af7217fffb15ea6349d3c73e2ed47c5d0fefda2f39d3c59baac3a859f6359c2c8f15fd2b4fec5789c80a1c2cc3cb195a06e3ad9f044514d2954dbc53d78d2d2e85ae8f350bfab5d5df1e30b10a5784700e408fc11b2b0fac53b6900b2b6f082e838379cf02c025df980ebd89a9d85abae4bd147d6212b7061187e055839df8b599677de388880263c003518f4543f104fe8a9338199859ed2369d2d4b8c0a822c912b7503d8cb2d8160cab61e9f9095bd9542d6a1469bba2ae8b9abdebf5f7298b9512fc8db0de658a8f009942dbbd740f079ef20402107a337f0d89558a398c8774ca5de0bcb7f97fb9ee0b917c7d78813ef9c3fb9cdb9c7f336ccfa574ca2c4b89f0327a7458c80950c716446941218160dad5d5d6044627ecd1cc1a0b19db5c31db633a7a9f23810e303175be5ae45a26964fdb9288fc040dad9a5e5e50166bc652add5c038605296f506b8694ea0a6da541efdd557d670ab01eada6272cabfc7d2a8d1e9430fcbda1056e43b912d7bb426e84b373f0fec6524649c62022d71fe4f5cc4e2b15502bf7a58bfdef5a84f5bfa1acdd689ef780a523d603c88066cba8db3f3e812265bb3167dd42ade063ec6c1e4877203a829378594f5849944ddd43da86c0ff0532654ff57474e4d03a9dd85376d05b11574b119296866b8178810be78dfab67f8708575cdcd2106d71ccfc573caf059d4fbe7e622e86cbeca55852f01786c80142751bb27bea476cbd4a81220615c5e1ba6dc803a8ce2189b22684c43183c309197dbb21b881032ef71390aa95d200654572c822052d44e9cae6c7e8a996361e972ed937244f08c4f29fc5faea0c33581678eb3d4226932fe12beda5033e839a0a937e930bf57c082b99af70c7b9784eed27333068c8168214379df76d4a2c107190892e730b5bd09101f9e53a2d8b446a2be1351e5ec0c7a57df90061483ac680da8bc5d94e5ac9647fb7ba9df039466ddebbe42eddc586289b895c4a5ac2a9cb7e7c12e6d503f7d01f2519fba231501da06aa83f53febe76a27c00dc070e97118c5415f6d466ab7a11c49d81139988b6243592e8e7643d0ea010f02007cc870e1a648d01bf1c8971e83f0446b340f2f9fc10fa61cb5ce0260e6a4a0d03fc2e8aaa676c216495627a2c15b514528b76411a46507a5c29dba643c96ea664cd0daa72f7a267500e01ddfbd38e60f1dd8d81a2fda2ff98c3ed22ea4f83d648bb45eed94af26382f608c7b04043bd8321db394fe31871bba05fc03a5a9c4e665c247dac8bb085c9fc615c6a3f04580cc29cf63cc7413db3806dd98c4cbbb348cb355abfd8ddc6b591c140f9296c007af6b5e1aa44d9222135f40ed42a37e7f0ad416b0a0e1fbe4bc1601db4b5d91707db07c504e16816c7917c1555e6961eae83b4265418de4495f617b6b0200", "4dd7712fcf3dc02360f33f78c12e596c7c8196abb8974e0325f2a7663b3d54b536a56c5b2b5c535b8735849f1856dc6ab878dfe61e11a68255369ac4d0de29cf61df38613a3afcac2128e987723228ac99b98a29b060dbc0ea156cf4671f805b99a2550aa9a8e6a7892732d8077bdd5cdaf180eb3a90368114321a536931da55ffad1cab30acec57cac63c3f968c156ec8a456be3e5b518d6f11327e23f77d1382142fc664611f694611b4a838e7e1d2d0f6262e116d38495da094906ce735ee329f712ffb3176150c0253fe3f51ee808a6905552620e41710e5d374f4ce24e6a14e4df6267484bdecd51f93c37c134e798ed01ba4f1ee36b31bd6d4a744566d65401bd26c561090b26d0937c99787478c95d2edd8af41558a3ddffebbaf0bb1cf06392c705d44799fdcd96895a98d94323897befbe680685d623b2e220d96c751239f9ff4df828ff36efbdb243d25938602fb82394b749538836b43b500a96c7c838d9a2cb0dda330cbbcb5c4831149f2b825454e15dcf5d629e8417f2331ac5e3bd8248c0bd0f86abfd89015807b317ca26e77fc75d5a3bbdb6aa1463b4eb2292ce1eca9a4716b137d576992bfc6cae35dbc5e418bd71f4964f172e11ff6feaaa81055093566c4872fcf3889aa4cc0a2918c05df216aa576987d57027b2a219d3dfe0386ae3b9f1d0ce8781eb8b48aa8e82816b22ed12384019cc28309fce07848f29c8fb8cc273c90b49b9f6278e320baeb186048c169acc77c9cce899e37b3eaaf763a6bd154b5ca2b21a1392e1586e6b6da0d6c42008fa0b825c5261a0b45af88e6d47c53fa801fb7999884f87f039389e12dd828e1f06fdafd7dbf33736af831cbbffa6ed48977fc2d710e6d26ed122f45317bb30296d731f8f2193847ef5f1451a2a170642a5bc900985b8eea253e21f736328d252f0583a96f3e4fdc11b504a8b2f822f6cba562ddd46fe7e86cb356914d85655b808071bf89131a606c38676606273260467b3df8eebf7bd1f02a944ae63fb67bf6a282396a64ff4b6ebf3cbcb2cb79346bb2d713e417e9f3c6f3fc3c5fd83cabb04f8b0b6f9bcc369ed8af8d78d298183538aad5aa65dbcdd69e77030ac80129c7d1212182d450aa8292eae64ad65ece6bffc6bceebd0928a0b83fd6961f82e239893e1ff0c51fcf63d4dcdc4e91292ed6af337ba1d975939a15ca2dd8c2b2061657f35eddeef15dbf1e66f5373d68db4ffaa6a3940507bf083de60a7b0150f9116876b7dc7dc03c2c273e9fa376f453df6f40c6a180ad6b7f871d0f38230acec66689ec0e2e23df0dc4dd15d6b8c180932ae1a7e695d2d6df0d373df4268d5a7a37e818dd7ddb636bf94d83422a2995273d3535429a5d0d19927eb67be31d098a2fbdbc1c1f6cda0cc84f2056b638203acf3398b9e5967ceedd363831876f340fd6541e4e32ca1220"}, [0x2000000004, 0x9, 0x40000007, 0xfffffffffffffffd, 0x3, 0x0, 0x2, 0x7, 0x5, 0x200, 0x9, 0x2a5a, 0x1, 0x2, 0x0, 0x9, 0x9, 0x9, 0x7, 0x100000000, 0x10001, 0x1, 0x0, 0x7, 0x10000, 0x2, 0x20a, 0x9, 0x4, 0x8, 0xf5, 0x9, 0x8, 0xfffffffffffffff8, 0x5, 0xb, 0xc, 0x2, 0x0, 0x25, 0x80000001, 0xf, 0x81, 0xca, 0x8258, 0x9, 0x1, 0x51, 0x4, 0x1, 0x70d2, 0x2, 0x1, 0x4b7, 0x6, 0x2, 0x8, 0x8, 0x2, 0x7, 0x9, 0x5, 0x0, 0xffff]})
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[], 0x20}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000800)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x15181b09c6bdc4c6}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000480)={'syztnl0\x00', &(0x7f0000000400)={'syztnl0\x00', <r9=>0x0, 0x8000, 0x7800, 0x6, 0xd, {{0x9, 0x4, 0x0, 0x8, 0x24, 0x68, 0x0, 0x8, 0x4, 0x0, @empty, @remote, {[@ssrr={0x89, 0xb, 0xbf, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @generic={0x86, 0x2}]}}}}})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="e8010000", @ANYRES16=0x0, @ANYBLOB="00032bbd7000fcdbdf2506000000580001800800030000000000140002006d616373656330000000000000000000140002006272696467655f736c6176655f310000080003000100000014000200776c616e30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="300001801400020076657468315f766c616e000000000000080003000300000008000300010000000800030003000000480001801400020076657468305f766c616e000000000000140002006e657470636930000000000000000000140002006e657464657673696d3000000000000008000100", @ANYRES32=0x0, @ANYBLOB="3400018008000100", @ANYRES32=r6, @ANYBLOB="140002006e696376663000000000000000000000140002006970766c616e30000000000000000000580001800800030002000000080003000100000014000200776c616e3000000000000000000000000800030003000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="0800000800030001000000340001801400020076657468305f746f5f6873720000000008000300010000131400020070696d367265670000000000fcff000044000180080001000000000000", @ANYRES32=r9, @ANYBLOB="080003000100000014000200766c616e3000000000000000000000001400020073797a6b616c6c65723100000000000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1e8}, 0x1, 0x0, 0x0, 0x4000}, 0xc800)
sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000340)="ea0b35c07baded54bbc90abb9a053db7d05cbf88bd17f62add28cc7bf6ec661f1acd", 0x22}, {&(0x7f00000025c0)="ea34c4c460820b484790f5c55f77f7158c377a3181d77788b391c8154efb494b858ba99e93864c04353173c8f5c7d9e71acae4c4217068846eb69f6f48e67f3fb6a37236c2ad8666c82804deba8f3b231d70c33e8ac3d01c6c150a98fedfc68de73f33fe5451d1d022faebcf82dae6bd28a3f2ed9ef742a2419782573a4bfe08bc2cfe7c96ea6498ce5336daa857af9c48f3d0f921bfcb1cbb98d000e2d0d8375cacc8981d8fc28aaab134056736b67acbb42e9ca68b8543fd7443b4566d0eefe91418171c728e6fa0c52ac7af2595e5aafab553511d59a7899e1f7b18336aeec1858d79b57c9c68aa9591866b1192f28019c0276a89012422df11034bbd731080af9d72a68889d175b3c153ae85d697aeafd72de23090dba136a8cd2bf5dd05296d58ed88c7bc9ecb9d40da69b23b66fc5d20de8a2a20aaa4cc727c0385ee247c54206f8410315bedb76579d9b7f09bccecf4b5b47bf288080a8e4852139f72e21a3511b94cb6bb5061d3f162f059e5a8ad691e24f1b878a1340bf649f65fb6e534f9eb4fd174ea4cf9bcb5d0753ee0af84cfd45751f39ab4dd1e1f7ede6d335e84772388a258d9de6b4a00d98b04e4e3dc29ac6463ca83531c0260d168681ef7c35e4ca89f3dafced390a31526751a658c1f5f57d81277586a1b7d1a9a4568edbaee503a1f79da78a15e1c6246530f8e0c9532144b21d374985dca6e55fd2ff1958abd59d416067f6713fce60e8550156360c2c17a14e54ae3b68be0a77302750287afe4c7cfc2b6acd38e5ec703714eb75e72627d0ad3d5ee884b10292ee8535019e9e845c526e85b9ccf3b8b43051ba731493cff061dc10dd2334ea385dbd091b05538c0c33918fdd0edbf4a292caa5d4bb6e931d56a4c197621edac3bde70524cfda571f5eda915fc01be22dd7a80c9f91b5cb756e2a1ec69049c50b5f58421ba9281deb7bcc3b9bbd8afba018ba422c302e658bfc5efe90449dfa019eb2417db7dfe3634ec7e3eeb853ab82690c2e9b1fc44ea427e47512acaef142f32476308b54abc71e0ca8e44c3d5c9378e5cbeb4100f053c347249a140ec3b7eb0bc57a5b2c1d6d6cb85a99dc50124d0c9e320313148de18137bc21b6a6af5fd6f642d7a7d3450eab4aa74ab66b1768c1efc2b55d8cd3e6f5861d528ebc2c8b6c4f6dc3114eefee6b4686674f45da21cae0213788372ea6ae706f95fe78cae9cc3b5b91ad8d1c6d07cd1836081b8243b348ba7be9386c89b6570c1cbfce29d4f529a024ad37ea5d0a0078cf4e0d32812373c9130d627c61c9ab91c910086ad465acea1397d2b8d12439a076542bb8deb82e179d76f0d7367bfc651010eec4f2ce4a5d9347d4e9d131027c2db673a3885c2998e35006fb6afd5218935347b9a6e0bc5bcd501ceb8d48f780307fb402ef5deb6163760063d5726bee9aec3a143fd9612d4e23cb368df1ba0bd4a7bccf120628ce6040a158c5929e888096f2e6942c78d426cd9d0858ee6e70b663190e01062fb848dd25646c8421fc5f2c501f6de7ad8ea7b90f84618e8fac0f18a3215d845d18c0f45600fd25a4cc631e2495ad10e448dd0d15889f0ea4f19f646f612ffb226157bdc53e6ab1a5f870e41282c26b1361257a35a558b5111434f29c3e50e9e0af975ad508879a68f90d8040a02116588557b181cecec04f655ebcd8cc9b2620100ea767c32aad4506c3ab4e64168bb1392ce0f2fd0ad7fbc963ec158157bd641f18f1dae240860299de3c8137617f614e58bda7165a459eb1d8af4565914efd5bed731b9249a767be107a34bf62379ff70a8b83fbef91adf79c25e7da3cfa1b8d6d6c994722dce04a407291be6dc4479686402414a79d767d30d442755fa04b13f3eb1c41304d63812d65545bf1257c6043ad78fc72793d16488c78f38843b398cfb8b95357a8b319b00dec6b0c5959c773ed11c36db5803e98b32061a23b52e75be18b0709d6cac6a83613cf38164dfa193b02c3d9b558f0beebfb8b54a23dd8ceb24e1caadec27392e12f179aa057a3b0d63ac373ce20d038435a626b1147900d9ee0287d4f3fe553d777c288d671b1bd9bc3c4dae7b57b1eef2d92275f362d22555d7cb351d418792215ea86816d98cc40ec37fc510ed1d7eb7f125ad538845bcb3a08eff5d757d1e10a19db3e3910f3c03bfcc67347de124c331367804f3d7dfb52ca67dbf6ce188aeada987747aed532566a8825490df0b4162a1a976d3ae68d3b9f0209a619d0889df9661c0c187400c6998a27cd93f0d16843a9ec86efd644014e6eee57c80272a0b8cce970f1cc9aef374501a487c17cdcfe612527ba182545d765fc4e00d59ba9c49e2b1f79b4f8f9e3f578477129c14414c557de86d73e9f7f580ba1b81d0efb59730230d581ce36afab2a7ac19c46128cabe7c918a816d737e9289a93ee5ce907835f5a249d23177f371230cf49c338a7bdab37d97f82da2e8670e0366f3161effd3ac05b97580aa621c476091b156076d46720f4e3915963d2554a0c52188ba038b35a9035dd8a08d92f6b3614aaada5300b5e37b85b93569a0b8a1b7960a0499f28c97c1e60f86d9263a56aba2e0c32980c9650a0b014a6e08acf274a81fb77997bd5c5f89da395d4a0bb8eb915ee2f486367f98b9f930040f1e5ee1e3580ca8b49e3917b6a3ff0d00ce5f3edea4cdda2e866de6e55e21214355bf4fa632b4ac2a8cbbe0a3c39ed64dc797ee52810f974e94f0364c13a2a2158f964e68e1d453a41c82224402b11f88521ea34960273ad26ab009e4b219e585e443adf78a11ee5f5bf4cf5b9da44fd696723570ece8b42e636a606282a2145f1d8e9056d8270cdfba541047246b3e3df719f125abcc6923b038f0de564a584f44818fa3a3d0b272c1ae1db2e54cd21f325724fbc8ae6b18043582f160607480914cf1d8c7d367bb1bd1bc38c206e4e5f8698faa6f2c798d555ebc16bedabcf667c2e9cc01882b3f5a552a18ce800f7ef5ca702c994565cd1f0218122a6938bac089d6fc33fc96d71746bb9b78c598398c0082a5158f85ada77519cde24a7dcd6dafe7ed8c4e554fa974c00c4b06a476d435cb9108d35d22fe3b23b35cb4bf71af64a078311770570f1b3042b6ac451fefcfa364ec1b721c1219e66359e99f0405d245ce55edf5d2e28679b7d7276a00ce605a7bc7702440dbfc7623b8130313b7a3ccef0c36cb6525ffbaf001c2f998d72f2aa597247d89c827c8fa3f1aebf85878eae0db42fd8c310955d44851fc00fc5d46f1cb6d8f2e044b2f8b2564de5bc8713df38b41e360ba4e07b46953d1988d86e8256242ae1b38b2c9eadbaa6ef2e95e5ca6c96f0026930fd33cc121f70357f8733fd36ecf9e4fa88f3faf0ba6631fbbecf8e69dd09b772360f1b2b7fb2f6e21d380d787fc4bbb93cb74d0e26650da44968da9af821244695b2853bc70b8241852c8b1b6cf1eb5b37fc256ba0f506948ddea49826b1b7e5dc4feecbafeca299af6ff5a269ea7d6a7d42973babb647dd0b3fc7194cf11562ad08a6267e96e6444b1ea9c2f1b7c3fc86bd8d9f86abfbf1e068d2f749bb1fcbba03ac28f61cbaba6f64dfea3845f555b4cce92a3d7892f25980c7aebc9990beb6ccbab5ea23e17fcc24a071514673d3aed08ed2dd7e143a955d002b9cdea23d4a6cd2f753b74cefde12adc3f6f47cb1ab18a567db3ef271edcc14c6f22687049faee5519e8650cda8407733292b15e84ed2a8619703b84e79b160f85e1914c6c5a758c812bd9bb43b6b4a751b5d5d1fa14c05127388d7b60fa9a543e42181c78cb8e7bb4c75fb96aef05ba233cd77000801a030fb3d77a0de55451ddf62974e0cc4e436539051bd975772fae508b1e976fef672574bf5300962afbf1fdb5ed91434cef0bf348640075c88cf64176866ff7b2d5e034571e4b313e38f17fc4f0ffd5b7df7d6f3ef48ab00f618d9799ec1f6ffdee810110304b1e28656ffb947a859e027bd8c2c659d28a8527ec08dbb3f24ec5b44b63a7105ccb1737fde7f6eeb7f2c52f582da6419e251c4127faa8e799f85fe03288f3189bedee60a7a49547850ab24d50168b1f52c374e5c9f8eb9039433908411141ddf6bb5f4970bfc3bab459357c83196d99cad867849fb4e5dc7cf77fd96bddf44af83741f68bb26f24d8ae7e1422bfc51363855ddd025a7bcae562a739e9a7b1be1610b874bb49d0e6443c413bfb130ad0ee4db9c2207b45d1041f7b59e9c958c007d25c140049c7ae7e8822a76354e3e027816eb1f83cb849b906142f565cce8dfb8e1f780e0985dfe2984b6e459859707114e3f4071035786fc22b72eeced887d275f991cda816f7b11e5cb7ed4c2bab274a794e0316d13c4faf11bc373d40970dcffc1af7fe5e06837db12c9ebac7ecc2476747537927bf5a8fcbbe9917edc4482c5490ddd8f66387d4baef42fe34990fe8ec92e506faf093549d5624d945b1b75e3d5faf6304d6fc04ef98ab7f283ea041c3755ed7fcfda8bc466353655d16ee9bdb205189d7b9834926f514e0acf22c23138165d37d8ad56305fbc811e7e3ef24d1cc006bcac4c4d3b7c0224eb38b421d83ea076ca854d36fc35bac3798f26b055d3fa3b2c8b22b79acfd85c2849c77bc7aadc9d51ac1c33fd949dff0d043dac2d5acf3105930154781c8f6b615387c004842b4e679865ffc9c5b221c136655c565c0eb30851544bd0591acf4e9b2fc49a4a7e258c6ad66a085812cada02b4251466a4cb903637f9c9f1db07fa1400dd65cf35b6e84cefd35529261f6d8131d007f58c617692794126e492dd80c7874578de22777c516d384c33cf0532e80b7384e5b8e7a81808f95cf7619eb33183c3c862a688b16f725c2b93bfb53908509b779c05d55c6b3ef6eeb9f91f9a6fc3b0add031afa7171b1e32a597d08f847df1a83ba26fa1a039488b05512543039a6630a9bc5ebfb0308fedcf8d2632caa47a267f3aaca275cad09eb477419d062cbd28afcf4898e44a9ab5217db790c7dd3b8b2056038f9f3704154fc09a40333c837a0d7066edb3e92bc816b70a8742b483575048b85ccbec2a138976e2cec01b40f87863c31028934c017ee5b04b5f184585da5f0a90745358847e9d60f8dc7adb0023ea60402bc6a93cbf6797e0d9dcf2d4e6afce14d666749a4972aba66492700f58769fb90d9e9c0845d17055fdeed6ee85a8a3e6e76342f3bb1881bfe55ca308651725fb6d12fa15206b3598340e838567d28c7919974d7ee58f5c33f52cd70fecc3985152042ba2c85b67ebeee28909bbadc105ef8466cd26c57b2a10830cbad69c120ebad5832ded52f5806e898e4c3b9fec9c1f808f8968777fba1cdeb0a18c6cba6c7cf19f46c3facd230befea6f3db86cb42128dd0a167f7886c38a0e73917d9dec2cf57753d1d0ef088f3589a03a043d1339f12497ca3ba2333b749cc207c7034daa02d86fce4cf061f5807114e2b3804e32e02e1be9db1dfa12cadff06267a0b6bcb850fd127d9a653678a825cf54fff341704ec5cc2ac8fb68a9e176f03507668ad6304a4c6b43d21bc0e8cc1e1b8ee10d597ee52305101b75c279215cbb351ebd417bab0675e284740a6109ad20b75c3366dcfbf0286559a9116442cb2ebac968ecec769504ecdd65d534dc9c4e4a3aca932b1045a5ec3f73345b672c331a126317d09a8c3c0853258407e273be342a07a4327a8f8c1627142241e0e2b4414c1e7bac23392da0781ab8465cb761c925ab73e0593fd3853cf6cc9dba90dd5f73df4f5b8291f6ff0cf4b5324a16011f3e157", 0x1000}, {&(0x7f0000000380)="50713e2a2f576236c88c3ed43c9eef424e07e7ce7b5ab1c0ca46979187a919ce71fe9f69ea2b910d42b4c7498dda54f89a17bd5c75e55f04675f74fedc0cd90bdbccddda1c9f2a5a63642a3ec7d48657cc6a20bbffbf131bfb881d342b4e9b9c12f3a13fd5cb9613fd12bb774595afddad3507f23cb584370675bb96215d5fa38777ebf0f4f0a84f41d70e322ec939c5388193f269be64af28943913fdd7735f930ab517fd5d48d432c0747d966ab70e1b5fbda1e4a12e11fd019f185b60b9ba30dfbedbfd89c7d0999b9a", 0xcb}, {&(0x7f0000000480)="952e5c5244a25a7b7a9c37f3d5ae36bea91a29551a5a4e1b823105fb", 0x1c}, {0x0}, {&(0x7f00000004c0)="302f867d2eca537b774d9e9f400c25371a26fb71c8381e90", 0x18}], 0x7, &(0x7f0000001740)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @multicast1, @private=0xa010102}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xc4}}], 0x68}, 0x4004050)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700)

951.45606ms ago: executing program 1 (id=6529):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="6c010000170001000000000000000000000000000000000000000000000000000000000000000000e0000002000000000000000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa00000000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000b86b6e00"], 0x16c}}, 0x4000000)

855.402615ms ago: executing program 0 (id=6530):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x8000001, @private0, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}, {{&(0x7f0000000300)={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x28}, 0x8}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000800)='M', 0x1}], 0x1}}], 0x2, 0x931766f6319eed40) (async)
shutdown(r0, 0x1) (async)
r1 = socket$inet6_sctp(0xa, 0x4, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x9}, &(0x7f0000000340)=0x8)

853.56529ms ago: executing program 6 (id=6531):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000800000000000000000000008500000019000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000010000000850000007100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)

828.256427ms ago: executing program 1 (id=6532):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)={0x1c, 0x5e, 0xe25, 0x0, 0x3, "", [@typed={0x8, 0x77, 0x0, 0x0, @uid}, @nested={0xc, 0xea, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x3}]}]}, 0x24}], 0x1}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r1)
sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x120, r2, 0x4, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0xd}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0xbe}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x93}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x1}]}, @NL80211_ATTR_CQM={0x44, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x200}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x29}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x39}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x3}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x257b}, @NL80211_ATTR_CQM_RSSI_THOLD={0x10, 0x1, [0xdb, 0xb, 0x1]}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0xfffffeda, 0x3, 0x7}]}, @NL80211_ATTR_CQM={0x30, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6a2}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x404, 0x4]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x27}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x34c}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2b9}]}, @NL80211_ATTR_CQM={0x60, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x5}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x3df}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xfffffffe}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x5}, @NL80211_ATTR_CQM_RSSI_THOLD={0x14, 0x1, [0x7, 0x0, 0x4, 0x1]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x50}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x296}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x3}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xb}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x14000}, 0x4011)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = socket$inet(0x2, 0x2, 0x1)
r5 = socket$unix(0x1, 0x1, 0x0)
accept(r5, 0x0, 0x0)
sendmsg$inet(r4, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f00000001c0)="08007ac587344af2", 0x8}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000830b040a0101027f00000100000000001c000000000000000000000008000000", @ANYRES64], 0x40}, 0x34040084)
ioctl$HCIINQUIRY(r3, 0x400448e1, &(0x7f0000000240)={0x1, 0xfffe, "be4108"})

745.676101ms ago: executing program 1 (id=6533):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x54}}, 0x0)

638.372289ms ago: executing program 6 (id=6534):
r0 = socket$key(0xf, 0x3, 0x2)
socket(0x2b, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRES8=r0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x719f, 0x0, 0x0, 0xfffffffffffffc92, 0x0, 0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r4}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r7 = socket$inet6(0xa, 0x1, 0xfffffffd)
setsockopt$inet6_int(r6, 0x29, 0x34, &(0x7f0000000000)=0x3, 0x4)
sendto$inet6(r7, 0x0, 0xffffffffffffff20, 0x200c0045, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
setsockopt$inet6_int(r7, 0x29, 0x19, &(0x7f00000000c0), 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r9, &(0x7f0000000280), &(0x7f0000000100)=@tcp6, 0x2}, 0x20)
socket$alg(0x26, 0x5, 0x0)
sendmsg$netlink(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000cc0)=ANY=[@ANYBLOB="2400000076001f0300000000000000000800a100", @ANYRES32=0x0, @ANYBLOB="0c000d8008000300b1"], 0x24}], 0x1}, 0x24040080)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a48000000090a010400000000000000000000000008000a40000000000900020073797a31000080000900010073797a3000000000080005400000000d0c000b4000008c5e00000000140000001000010000000000000000000084000a"], 0x70}}, 0x0)

571.020742ms ago: executing program 4 (id=6535):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x48, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0xff80, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0)

570.39731ms ago: executing program 1 (id=6536):
r0 = socket$pppoe(0x18, 0x1, 0x0)
unshare(0x26020480)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
sendmmsg(r0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0xf6c52000)
r1 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x31}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94)
socket$pppoe(0x18, 0x1, 0x0) (async)
unshare(0x26020480) (async)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) (async)
sendmmsg(r0, 0x0, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0xf6c52000) (async)
socket$inet6(0xa, 0x2, 0x3a) (async)
bind$inet6(r1, 0x0, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x31}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94) (async)

451.796325ms ago: executing program 6 (id=6537):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="020f0000100000000000000000000000030005000000000002000000ffffffff000000000000000008001200000001000000000000000000060000000000000000000000000000000a000000000000000000000000000000fc02000000000000000000000000080002000600"], 0x80}}, 0x0)

354.721654ms ago: executing program 0 (id=6538):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @empty, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}})
unshare(0x6a040000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
unshare(0x600)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={&(0x7f00000002c0)="a7e3c11073f57f9e4978aafe780ae4f8ae7620312693639f91d0bf5de4a04117e44a1050cc03b8dc9ec3898f6fe8be971a235e2c5b4bed729efd79b53422cad3555a3fea472ba77dcfc36fafb53597b4c1507f9190a4477cc57c169ef4b1e3953659192a1315d362b9697185601352", &(0x7f0000000340)=""/75, &(0x7f00000003c0)="6adcd3da9edb59240e8971b926407c19a8db884ccf7520c146ca6edb19f42d4968f43cd7a91f6ba3cfc2d4a4928cbf8fa0c9f5f856fa20b0f68eb27fdd7c1987a97ad1f49baa2def4f0c06178e846da8145f985c8c28e09877a6f224ff9052f2fd6ba0391e6ae51fe41d0fc111df8c4333c19c132d90d1610bb045ea7c38a353c2d06655128be785752e4518a82b52f9f2bc5bd8db70f3b80ca78f5b990c8db9117657cf0cb591f952cee90776c191451b9187caf0f1a600e4b401fad569ae25d4", &(0x7f0000000600)="d8b8554e0d1c686676f67bbefb4ee16c42942a8c43e0c658346dc9986923ceb17a2ef6127fde361aa8d16af81ded9ed06086bd48a6943f0e3993ab3e441b2b866b307d0d4e5acabed95342d9ce0f56481d96384ac6a0bd6dcbc7b3ceec14fa41bf168985127e0ec1bd704712757912095afc44cdde636606f69f55e83e43e019fa60dd8e6b9aa3087857dd2d1ed56f2e868a7c0b5bba892bf7fe2f37468c7fa01b9a318d20b26c3d407a933023079b751749ed22cf7fe6f6f5aa6d6b81504eae68dbfa27615014224736b18f102f2f060c1ca564f4c9beab26e0ec299942490f66bbe76d2c9c276c4e", 0x4, r2, 0x4}, 0x38)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x2, 0x9, 0x200, 0x0, 0xa77a, {0x0, @in6={{0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffff7}}, 0x74, 0x4, 0xe60e, 0x8, 0x7}}, &(0x7f0000000280)=0xb0)

316.88764ms ago: executing program 4 (id=6539):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000821000010000000000000000000000000a2c000000060a0b04352600000000000000000200000018000480140001800b000100736f636b6574000004000280140000001100010000000000000000000a00000a"], 0x54}}, 0x40880) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000821000010000000000000000000000000a2c000000060a0b04352600000000000000000200000018000480140001800b000100736f636b6574000004000280140000001100010000000000000000000a00000a"], 0x54}}, 0x40880)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28ffff00"/20, @ANYRES32=0x0, @ANYBLOB="070d000041c0000008000a"], 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x20, 0x0, 0x0, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001e000504000000000000000004"], 0x114}], 0x1}, 0x10)

211.702564ms ago: executing program 6 (id=6540):
r0 = socket(0x10, 0x3, 0x0)
recvfrom$rxrpc(r0, &(0x7f00000005c0)=""/221, 0xdd, 0x10020, &(0x7f00000006c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x24)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8b20, &(0x7f0000000040)={'wlan1\x00', @multicast})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000100)=@req3={0x20000000}, 0x1c)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x1}, {0x9, 0xa}, {0x9, 0x10}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
clock_gettime(0x0, &(0x7f0000000740)={<r6=>0x0, <r7=>0x0})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DEL(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c0000000a0605000000000000000000000000000900020073797a30000000000500010007000000040007"], 0x2c}}, 0x0)
ppoll(&(0x7f0000000840)=[{r4, 0x60}], 0x1, &(0x7f00000007c0)={r6, r7+60000000}, &(0x7f0000000800)={[0xe9]}, 0x8)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x3ffff, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x2, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x300, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010fe000000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000058000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000041c000980100002800c0001800800011f00000002080001400000ffff1400000010000100d5000000000000000084000a"], 0xa0}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

2.693842ms ago: executing program 5 (id=6541):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080)=0x1, 0x69)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000000)={0x0, 0x40000, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000002010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f00000000c0), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r3=>0x0})
sendmsg$can_bcm(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x1d, r3}, 0x10, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="0400"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=r3, @ANYBLOB="00000000010000000000000084"], 0x48}}, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r4 = epoll_create1(0x80000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
ioctl$FIBMAP(r5, 0x1, &(0x7f0000000040)=0xdc2658be)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@restrict]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r6, 0x58, &(0x7f0000000180)}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x30246, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, @void, @value, @value=r0}, 0x50)
ppoll(&(0x7f0000000000)=[{r4, 0x2003}, {r4, 0xf401}], 0x2, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f0000000480)={0x68000005})
recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002440)=""/84, 0x54}, {&(0x7f0000000980)=""/63, 0x3f}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f0000001000)=""/130, 0x82}], 0xc, 0x0, 0x0, 0xb00}, 0x40d40b70}], 0x1, 0x0, 0x0)

0s ago: executing program 4 (id=6542):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4800000010001fff00000000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00003f0000260000280012800b00010062726964676500001800028005002a00030000000c00230003000000000027"], 0x48}}, 0x48004)

kernel console output (not intermixed with test programs):

 syzkaller0: entered promiscuous mode
[  810.893083][T24712] syzkaller0: entered allmulticast mode
[  811.129146][T24527] veth0_macvtap: entered promiscuous mode
[  811.163019][T24716] batadv_slave_1: entered promiscuous mode
[  811.238853][T24721] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5862'.
[  811.252634][T24527] veth1_macvtap: entered promiscuous mode
[  811.268740][T24721] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5862'.
[  811.327730][T24527] batman_adv: batadv0: Interface activated: batadv_slave_0
[  811.363158][T24527] batman_adv: batadv0: Interface activated: batadv_slave_1
[  811.409022][T24728] batadv2: entered promiscuous mode
[  811.414277][T24728] batadv2: entered allmulticast mode
[  811.483125][ T1155] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  811.641214][ T1155] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  811.664542][ T1155] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  811.712768][ T6332] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  811.957484][T24716] batadv_slave_1: left promiscuous mode
[  812.301502][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  812.346143][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  812.404628][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  812.472433][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  812.990175][T24756] FAULT_INJECTION: forcing a failure.
[  812.990175][T24756] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  813.037511][T24756] CPU: 0 UID: 0 PID: 24756 Comm: syz.0.5874 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  813.037546][T24756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  813.037559][T24756] Call Trace:
[  813.037568][T24756]  <TASK>
[  813.037578][T24756]  dump_stack_lvl+0x189/0x250
[  813.037610][T24756]  ? __pfx____ratelimit+0x10/0x10
[  813.037637][T24756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  813.037663][T24756]  ? __pfx__printk+0x10/0x10
[  813.037694][T24756]  ? fs_reclaim_acquire+0x7d/0x100
[  813.037736][T24756]  should_fail_ex+0x414/0x560
[  813.037772][T24756]  prepare_alloc_pages+0x213/0x610
[  813.037822][T24756]  __alloc_frozen_pages_noprof+0x123/0x370
[  813.037859][T24756]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  813.037903][T24756]  ? policy_nodemask+0x27c/0x720
[  813.037937][T24756]  alloc_pages_mpol+0x232/0x4a0
[  813.037971][T24756]  vma_alloc_folio_noprof+0xe4/0x200
[  813.038002][T24756]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  813.038044][T24756]  folio_prealloc+0x30/0x180
[  813.038073][T24756]  do_wp_page+0x1231/0x5800
[  813.038124][T24756]  ? __pfx_do_wp_page+0x10/0x10
[  813.038144][T24756]  ? do_raw_spin_lock+0x121/0x290
[  813.038176][T24756]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  813.038216][T24756]  __handle_mm_fault+0x1144/0x5620
[  813.038267][T24756]  ? __pfx___handle_mm_fault+0x10/0x10
[  813.038317][T24756]  ? find_vma+0xe7/0x160
[  813.038341][T24756]  ? __pfx_find_vma+0x10/0x10
[  813.038369][T24756]  handle_mm_fault+0x40a/0x8e0
[  813.038408][T24756]  do_user_addr_fault+0x764/0x1390
[  813.038449][T24756]  exc_page_fault+0x76/0xf0
[  813.038481][T24756]  asm_exc_page_fault+0x26/0x30
[  813.038500][T24756] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  813.038524][T24756] Code: 00 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 4f 00 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  813.038549][T24756] RSP: 0018:ffffc9000b9b7578 EFLAGS: 00050206
[  813.038567][T24756] RAX: ffffffff84bf6001 RBX: ffff8880508e1000 RCX: 00000000000006c0
[  813.038582][T24756] RDX: 0000000000000000 RSI: ffff8880508e1940 RDI: 0000200000022000
[  813.038597][T24756] RBP: ffffc9000b9b76e0 R08: ffff8880508e1fff R09: 1ffff1100a11c3ff
[  813.038612][T24756] R10: dffffc0000000000 R11: ffffed100a11c400 R12: 1ffff92001736fbf
[  813.038627][T24756] R13: 00002000000216c0 R14: ffffc9000b9b7e08 R15: 0000000000001000
[  813.038653][T24756]  ? _copy_to_iter+0x131/0x16f0
[  813.038685][T24756]  _copy_to_iter+0x24c/0x16f0
[  813.038718][T24756]  ? __lock_acquire+0xab9/0xd20
[  813.038742][T24756]  ? __pfx__copy_to_iter+0x10/0x10
[  813.038770][T24756]  ? __local_bh_enable_ip+0x12d/0x1c0
[  813.038804][T24756]  ? lockdep_hardirqs_on+0x9c/0x150
[  813.038835][T24756]  ? page_copy_sane+0x16a/0x280
[  813.038860][T24756]  copy_page_to_iter+0x10c/0x1c0
[  813.038889][T24756]  sk_msg_recvmsg+0x28e/0xc20
[  813.038949][T24756]  unix_bpf_recvmsg+0x5a4/0xda0
[  813.038999][T24756]  ? __pfx_unix_bpf_recvmsg+0x10/0x10
[  813.039024][T24756]  ? __pfx_woken_wake_function+0x10/0x10
[  813.039046][T24756]  ? aa_sock_msg_perm+0x94/0x160
[  813.039077][T24756]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  813.039095][T24756]  ? unix_dgram_recvmsg+0x71/0xd0
[  813.039115][T24756]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  813.039135][T24756]  sock_recvmsg+0x229/0x270
[  813.039166][T24756]  ____sys_recvmsg+0x1c9/0x460
[  813.039199][T24756]  ? __pfx_____sys_recvmsg+0x10/0x10
[  813.039239][T24756]  ? import_iovec+0x74/0xa0
[  813.039270][T24756]  ___sys_recvmsg+0x1b5/0x510
[  813.039298][T24756]  ? __pfx____sys_recvmsg+0x10/0x10
[  813.039351][T24756]  ? __fget_files+0x3a0/0x420
[  813.039393][T24756]  __x64_sys_recvmsg+0x198/0x260
[  813.039419][T24756]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  813.039453][T24756]  ? __pfx_ksys_write+0x10/0x10
[  813.039475][T24756]  ? rcu_is_watching+0x15/0xb0
[  813.039507][T24756]  ? do_syscall_64+0xbe/0x3b0
[  813.039540][T24756]  do_syscall_64+0xfa/0x3b0
[  813.039566][T24756]  ? lockdep_hardirqs_on+0x9c/0x150
[  813.039592][T24756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.039612][T24756]  ? clear_bhb_loop+0x60/0xb0
[  813.039639][T24756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.039660][T24756] RIP: 0033:0x7f587f58e929
[  813.039679][T24756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  813.039697][T24756] RSP: 002b:00007f58803dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  813.039718][T24756] RAX: ffffffffffffffda RBX: 00007f587f7b5fa0 RCX: 00007f587f58e929
[  813.039733][T24756] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  813.039746][T24756] RBP: 00007f58803dd090 R08: 0000000000000000 R09: 0000000000000000
[  813.039759][T24756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  813.039772][T24756] R13: 0000000000000000 R14: 00007f587f7b5fa0 R15: 00007ffe0ace2218
[  813.039816][T24756]  </TASK>
[  813.664225][T24767] __nla_validate_parse: 3 callbacks suppressed
[  813.664248][T24767] netlink: 88 bytes leftover after parsing attributes in process `syz.5.5877'.
[  813.720703][T24765] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.736439][T24767] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5877'.
[  813.763467][T24773] FAULT_INJECTION: forcing a failure.
[  813.763467][T24773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  813.808064][T24773] CPU: 1 UID: 0 PID: 24773 Comm: syz.4.5879 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  813.808097][T24773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  813.808111][T24773] Call Trace:
[  813.808120][T24773]  <TASK>
[  813.808129][T24773]  dump_stack_lvl+0x189/0x250
[  813.808159][T24773]  ? __pfx____ratelimit+0x10/0x10
[  813.808184][T24773]  ? __pfx_dump_stack_lvl+0x10/0x10
[  813.808207][T24773]  ? __pfx__printk+0x10/0x10
[  813.808248][T24773]  should_fail_ex+0x414/0x560
[  813.808285][T24773]  _copy_to_user+0x31/0xb0
[  813.808311][T24773]  simple_read_from_buffer+0xe1/0x170
[  813.808344][T24773]  proc_fail_nth_read+0x1df/0x250
[  813.808375][T24773]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  813.808407][T24773]  ? rw_verify_area+0x258/0x650
[  813.808428][T24773]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  813.808458][T24773]  vfs_read+0x200/0x980
[  813.808488][T24773]  ? __pfx___mutex_lock+0x10/0x10
[  813.808517][T24773]  ? __pfx_vfs_read+0x10/0x10
[  813.808543][T24773]  ? __fget_files+0x2a/0x420
[  813.808598][T24773]  ? __fget_files+0x3a0/0x420
[  813.808624][T24773]  ? __fget_files+0x2a/0x420
[  813.808661][T24773]  ksys_read+0x145/0x250
[  813.808688][T24773]  ? __pfx_ksys_read+0x10/0x10
[  813.808709][T24773]  ? rcu_is_watching+0x15/0xb0
[  813.808746][T24773]  ? do_syscall_64+0xbe/0x3b0
[  813.808777][T24773]  do_syscall_64+0xfa/0x3b0
[  813.808803][T24773]  ? lockdep_hardirqs_on+0x9c/0x150
[  813.808828][T24773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.808849][T24773]  ? clear_bhb_loop+0x60/0xb0
[  813.808875][T24773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.808893][T24773] RIP: 0033:0x7f797258d33c
[  813.808914][T24773] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  813.808931][T24773] RSP: 002b:00007f79733c7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  813.808954][T24773] RAX: ffffffffffffffda RBX: 00007f79727b5fa0 RCX: 00007f797258d33c
[  813.808969][T24773] RDX: 000000000000000f RSI: 00007f79733c70a0 RDI: 0000000000000007
[  813.808982][T24773] RBP: 00007f79733c7090 R08: 0000000000000000 R09: 0000000000000000
[  813.808994][T24773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  813.809007][T24773] R13: 0000000000000000 R14: 00007f79727b5fa0 R15: 00007ffeebbdbfb8
[  813.809048][T24773]  </TASK>
[  814.386938][T24765] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.504573][T24782] netlink: 'syz.6.5883': attribute type 4 has an invalid length.
[  814.572729][T24765] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.638786][T17323] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  814.653260][T17323] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  814.680255][T17323] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  814.688906][T17323] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  814.699072][T17323] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  814.764058][T24765] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.832505][ T6332] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.005815][ T6332] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.115408][T24803] lo speed is unknown, defaulting to 1000
[  815.192387][ T6332] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.314801][T24805] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5886'.
[  815.373499][ T6332] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.393248][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  815.432332][T24788] lo speed is unknown, defaulting to 1000
[  815.527831][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  815.546352][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  815.656783][ T1155] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.688305][T24815] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5889'.
[  815.869085][T24819] netlink: 'syz.6.5890': attribute type 303 has an invalid length.
[  815.901793][T24819] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5890'.
[  816.393212][T24834] netlink: 'syz.6.5896': attribute type 10 has an invalid length.
[  816.406500][T24834] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5896'.
[  816.448258][ T6332] dummy0: left allmulticast mode
[  816.462492][ T6332] dummy0: left promiscuous mode
[  816.473377][ T6332] bridge0: port 3(dummy0) entered disabled state
[  816.516950][ T6332] bridge_slave_1: left allmulticast mode
[  816.526817][ T6332] bridge_slave_1: left promiscuous mode
[  816.549747][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.584475][ T6332] bridge_slave_0: left allmulticast mode
[  816.600599][ T6332] bridge_slave_0: left promiscuous mode
[  816.618393][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.682908][T24841] FAULT_INJECTION: forcing a failure.
[  816.682908][T24841] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  816.696992][T24841] CPU: 0 UID: 0 PID: 24841 Comm: syz.5.5897 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  816.697025][T24841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  816.697039][T24841] Call Trace:
[  816.697047][T24841]  <TASK>
[  816.697057][T24841]  dump_stack_lvl+0x189/0x250
[  816.697088][T24841]  ? __pfx____ratelimit+0x10/0x10
[  816.697117][T24841]  ? __pfx_dump_stack_lvl+0x10/0x10
[  816.697147][T24841]  ? __pfx__printk+0x10/0x10
[  816.697179][T24841]  ? fs_reclaim_acquire+0x7d/0x100
[  816.697219][T24841]  should_fail_ex+0x414/0x560
[  816.697254][T24841]  prepare_alloc_pages+0x213/0x610
[  816.697295][T24841]  __alloc_frozen_pages_noprof+0x123/0x370
[  816.697331][T24841]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  816.697375][T24841]  ? policy_nodemask+0x27c/0x720
[  816.697398][T24841]  ? __lock_acquire+0xab9/0xd20
[  816.697426][T24841]  alloc_pages_mpol+0x232/0x4a0
[  816.697461][T24841]  vma_alloc_folio_noprof+0xe4/0x200
[  816.697492][T24841]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  816.697535][T24841]  folio_prealloc+0x30/0x180
[  816.697565][T24841]  __handle_mm_fault+0x183f/0x5620
[  816.697614][T24841]  ? __pfx___handle_mm_fault+0x10/0x10
[  816.697657][T24841]  ? follow_page_pte+0x8d6/0x14b0
[  816.697692][T24841]  handle_mm_fault+0x40a/0x8e0
[  816.697729][T24841]  __get_user_pages+0x1af4/0x30b0
[  816.697766][T24841]  ? mt_find+0x15c/0x5f0
[  816.697819][T24841]  ? __pfx___get_user_pages+0x10/0x10
[  816.697854][T24841]  populate_vma_page_range+0x26b/0x340
[  816.697880][T24841]  ? __pfx_populate_vma_page_range+0x10/0x10
[  816.697899][T24841]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  816.697930][T24841]  ? down_read+0x1ad/0x2e0
[  816.697975][T24841]  __mm_populate+0x24c/0x380
[  816.698001][T24841]  ? __pfx___mm_populate+0x10/0x10
[  816.698026][T24841]  ? up_write+0x1c4/0x420
[  816.698060][T24841]  vm_mmap_pgoff+0x3f0/0x4c0
[  816.698089][T24841]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  816.698113][T24841]  ? __fget_files+0x2a/0x420
[  816.698148][T24841]  ? __fget_files+0x3a0/0x420
[  816.698175][T24841]  ? __fget_files+0x2a/0x420
[  816.698208][T24841]  ksys_mmap_pgoff+0x51f/0x760
[  816.698241][T24841]  do_syscall_64+0xfa/0x3b0
[  816.698266][T24841]  ? lockdep_hardirqs_on+0x9c/0x150
[  816.698293][T24841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.698314][T24841]  ? clear_bhb_loop+0x60/0xb0
[  816.698339][T24841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.698360][T24841] RIP: 0033:0x7fc9fc38e929
[  816.698380][T24841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  816.698399][T24841] RSP: 002b:00007fc9fa1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  816.698423][T24841] RAX: ffffffffffffffda RBX: 00007fc9fc5b6080 RCX: 00007fc9fc38e929
[  816.698440][T24841] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  816.698454][T24841] RBP: 00007fc9fa1d5090 R08: 0000000000000005 R09: 0000000000000000
[  816.698467][T24841] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  816.698480][T24841] R13: 0000000000000000 R14: 00007fc9fc5b6080 R15: 00007ffd29cda728
[  816.698516][T24841]  </TASK>
[  817.058295][T17323] Bluetooth: hci0: command tx timeout
[  817.113975][T24843] netlink: 'syz.1.5898': attribute type 1 has an invalid length.
[  817.137718][T24843] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.5898'.
[  817.225010][T24846] netlink: 'syz.5.5899': attribute type 1 has an invalid length.
[  817.233059][T24846] netlink: 36 bytes leftover after parsing attributes in process `syz.5.5899'.
[  817.390202][ T6332] dvmrp8 (unregistering): left allmulticast mode
[  817.446103][ T6332] team0: Port device geneve0 removed
[  817.896870][ T6332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  817.908519][ T6332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  817.921519][ T6332] bond0 (unregistering): Released all slaves
[  818.109355][T24849] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.146424][T24851] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5901'.
[  818.157651][T24851] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5901'.
[  818.179922][T24852] batadv_slave_1: entered promiscuous mode
[  818.247697][T24849] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.381438][T24849] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.543192][T24855] bridge0: port 3(dummy0) entered disabled state
[  818.606097][T24855] batadv0: left allmulticast mode
[  818.678967][T24849] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.738388][T24788] chnl_net:caif_netlink_parms(): no params data found
[  818.866048][T24865] bridge3: left allmulticast mode
[  818.884338][T24865] macsec2: left promiscuous mode
[  818.891561][T24865] macsec2: left allmulticast mode
[  818.955764][T24852] batadv_slave_1: left promiscuous mode
[  819.029040][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.048703][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.085374][T24880] netlink: 'syz.6.5911': attribute type 2 has an invalid length.
[  819.096167][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.137509][T17323] Bluetooth: hci0: command tx timeout
[  819.155544][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.171030][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.180624][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.189688][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.198994][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.208387][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.221609][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5911'.
[  819.371953][T24788] bridge0: port 1(bridge_slave_0) entered blocking state
[  819.397946][T24788] bridge0: port 1(bridge_slave_0) entered disabled state
[  819.405282][T24788] bridge_slave_0: entered allmulticast mode
[  819.412896][T24788] bridge_slave_0: entered promiscuous mode
[  819.430253][T24788] bridge0: port 2(bridge_slave_1) entered blocking state
[  819.437979][T24788] bridge0: port 2(bridge_slave_1) entered disabled state
[  819.445274][T24788] bridge_slave_1: entered allmulticast mode
[  819.453600][T24788] bridge_slave_1: entered promiscuous mode
[  819.561666][T24788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  819.604871][T24788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  819.638354][   T59] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  819.653802][ T6332] : left promiscuous mode
[  819.810800][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  819.872104][ T6332] tipc: Left network mode
[  819.874119][T24788] team0: Port device team_slave_0 added
[  819.883674][   T59] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  819.916357][T24788] team0: Port device team_slave_1 added
[  819.954073][ T1155] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  820.042862][T24788] batman_adv: batadv0: Adding interface: batadv_slave_0
[  820.067738][T24788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.128509][T24788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  820.145573][T24900] Cannot find add_set index 0 as target
[  820.188940][T24788] batman_adv: batadv0: Adding interface: batadv_slave_1
[  820.206138][T24788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.252896][T24788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  820.370961][T24911] geneve2: entered promiscuous mode
[  820.376341][T24911] geneve2: entered allmulticast mode
[  820.466511][   T59] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 43046 - 0
[  820.485448][   T59] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 43046 - 0
[  820.505162][   T59] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 43046 - 0
[  820.516695][   T59] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 43046 - 0
[  820.659800][T24926] netlink: 'syz.4.5925': attribute type 9 has an invalid length.
[  820.706134][T24788] hsr_slave_0: entered promiscuous mode
[  820.716537][T24788] hsr_slave_1: entered promiscuous mode
[  820.723698][T24927] netlink: 'syz.1.5923': attribute type 303 has an invalid length.
[  820.724465][T24788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  820.750569][T24788] Cannot create hsr debugfs directory
[  820.835430][T24931] veth0: entered promiscuous mode
[  821.171085][T24938] batadv_slave_1: entered promiscuous mode
[  821.217708][T17323] Bluetooth: hci0: command tx timeout
[  821.874407][T24938] batadv_slave_1: left promiscuous mode
[  821.930776][T24967] batadv_slave_1: entered promiscuous mode
[  822.224431][T24973] lo speed is unknown, defaulting to 1000
[  822.574544][    C1] vcan0: j1939_tp_rxtimer: 0xffff888034652800: rx timeout, send abort
[  822.583330][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888034652800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  822.728292][T24980] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  822.740376][T24967] batadv_slave_1: left promiscuous mode
[  822.806294][T24788] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  822.976379][T24788] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  823.066775][T24788] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  823.108637][T24788] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  823.167468][ T6332] hsr_slave_0: left promiscuous mode
[  823.186783][ T6332] hsr_slave_1: left promiscuous mode
[  823.204180][ T6332] batman_adv: batadv0: Removing interface: batadv_slave_0
[  823.228212][ T6332] batman_adv: batadv0: Removing interface: batadv_slave_1
[  823.297711][T17323] Bluetooth: hci0: command tx timeout
[  823.541811][ T6332] team0 (unregistering): Port device batadv1 removed
[  823.573099][ T6332] pim6reg9 (unregistering): left allmulticast mode
[  824.115029][ T6332] team0 (unregistering): Port device team_slave_1 removed
[  824.156294][ T6332] team0 (unregistering): Port device team_slave_0 removed
[  824.813629][ T1155] smc: removing ib device syz0
[  824.842622][  T983] lo speed is unknown, defaulting to 1000
[  824.848487][  T983] syz0: Port: 1 Link DOWN
[  824.883824][T24992] geneve3: entered allmulticast mode
[  824.929359][   T59] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  824.946321][   T59] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  824.998358][   T59] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  825.006630][   T59] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  825.167526][T25003] bridge1: entered allmulticast mode
[  825.625605][T25022] __nla_validate_parse: 73 callbacks suppressed
[  825.625628][T25022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5951'.
[  826.030967][T24788] 8021q: adding VLAN 0 to HW filter on device bond0
[  826.060518][T25029] netlink: 'syz.6.5953': attribute type 1 has an invalid length.
[  826.086834][T25029] netlink: 244 bytes leftover after parsing attributes in process `syz.6.5953'.
[  826.116692][T24788] 8021q: adding VLAN 0 to HW filter on device team0
[  826.134316][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  826.141613][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  826.172784][T25031] netlink: 'syz.5.5954': attribute type 10 has an invalid length.
[  826.202962][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  826.210329][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  826.227393][T25031] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5954'.
[  826.621520][T25035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5955'.
[  826.900488][T24788] 8021q: adding VLAN 0 to HW filter on device batadv0
[  826.970971][T24788] veth0_vlan: entered promiscuous mode
[  827.002391][T24788] veth1_vlan: entered promiscuous mode
[  827.134715][T24788] veth0_macvtap: entered promiscuous mode
[  827.155950][T24788] veth1_macvtap: entered promiscuous mode
[  827.240400][T24788] batman_adv: batadv0: Interface activated: batadv_slave_0
[  827.255737][T25050] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5957'.
[  827.295058][T24788] batman_adv: batadv0: Interface activated: batadv_slave_1
[  827.343544][T25050] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5957'.
[  827.691445][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  827.721952][T25057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5960'.
[  827.721977][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  827.745227][T25057] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5960'.
[  827.794532][T25055] veth0: left promiscuous mode
[  827.860758][T25058] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5960'.
[  828.014388][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  828.034400][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  828.827797][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.841987][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.906511][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.934599][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.938816][ T6332] IPVS: stop unused estimator thread 0...
[  829.277463][T25084] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5967'.
[  829.545505][T25093] netlink: 'syz.6.5972': attribute type 10 has an invalid length.
[  830.949660][T25130] __nla_validate_parse: 4 callbacks suppressed
[  830.949683][T25130] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5983'.
[  831.034089][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  831.057534][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  831.080079][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  831.114973][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  831.123946][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  831.310365][T25134] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  831.367287][T25134] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0
[  831.404768][T25137] batadv_slave_1: entered promiscuous mode
[  831.475014][T25134] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  831.517843][T25134] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0
[  831.591579][T25145] batadv_slave_1: entered promiscuous mode
[  831.623763][T25134] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  831.656380][T25134] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0
[  831.790368][T25134] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  831.819649][T25134] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 43046 - 0
[  831.836537][T25148] netlink: 'syz.6.5989': attribute type 303 has an invalid length.
[  831.884181][T25148] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5989'.
[  832.230496][T25133] batadv_slave_1: left promiscuous mode
[  832.285007][ T1155] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 43046 - 0
[  832.305959][ T1155] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  832.430237][ T1108] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 43046 - 0
[  832.438973][ T1108] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  832.447480][T25145] batadv_slave_1: left promiscuous mode
[  832.505911][ T1108] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 43046 - 0
[  832.515637][ T1108] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  832.529505][ T1108] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 43046 - 0
[  832.541108][ T1108] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  832.601561][T25161] netlink: 'syz.6.5993': attribute type 2 has an invalid length.
[  832.675954][T25161] þ`Ì: entered promiscuous mode
[  832.743225][T25170] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5996'.
[  832.757576][T25168] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5995'.
[  832.782892][T25131] chnl_net:caif_netlink_parms(): no params data found
[  833.126252][T25131] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.138231][T25131] bridge0: port 1(bridge_slave_0) entered disabled state
[  833.145563][T25131] bridge_slave_0: entered allmulticast mode
[  833.154050][T25131] bridge_slave_0: entered promiscuous mode
[  833.163347][T25131] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.171460][T25131] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.178992][T25131] bridge_slave_1: entered allmulticast mode
[  833.188888][T25131] bridge_slave_1: entered promiscuous mode
[  833.206531][T25189] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6003'.
[  833.217591][ T5862] Bluetooth: hci2: command tx timeout
[  833.293839][T25189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6003'.
[  833.308375][T25193] batadv_slave_1: entered promiscuous mode
[  833.320409][T25131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  833.388876][T25131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  833.602103][T25131] team0: Port device team_slave_0 added
[  833.637909][T25131] team0: Port device team_slave_1 added
[  833.693529][T25202] bridge_slave_1: left allmulticast mode
[  833.701697][T25202] bridge_slave_1: left promiscuous mode
[  833.709949][T25202] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.723528][T25202] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  833.801913][T25131] batman_adv: batadv0: Adding interface: batadv_slave_0
[  833.809409][T25131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.836464][T25131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  833.891261][T25131] batman_adv: batadv0: Adding interface: batadv_slave_1
[  833.903316][T25131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.931026][T25131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  834.051076][T25210] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6009'.
[  834.083279][T25191] batadv_slave_1: left promiscuous mode
[  834.352440][T25131] hsr_slave_0: entered promiscuous mode
[  834.359586][T25215] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6011'.
[  834.363041][T25131] hsr_slave_1: entered promiscuous mode
[  834.381664][T25131] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  834.392582][T25131] Cannot create hsr debugfs directory
[  834.583071][T25224] FAULT_INJECTION: forcing a failure.
[  834.583071][T25224] name failslab, interval 1, probability 0, space 0, times 0
[  834.604278][T25224] CPU: 0 UID: 0 PID: 25224 Comm: syz.6.6014 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  834.604310][T25224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  834.604323][T25224] Call Trace:
[  834.604332][T25224]  <TASK>
[  834.604342][T25224]  dump_stack_lvl+0x189/0x250
[  834.604372][T25224]  ? __pfx____ratelimit+0x10/0x10
[  834.604401][T25224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  834.604427][T25224]  ? __pfx__printk+0x10/0x10
[  834.604459][T25224]  ? trace_fib_table_lookup+0x85/0x200
[  834.604501][T25224]  should_fail_ex+0x414/0x560
[  834.604538][T25224]  should_failslab+0xa8/0x100
[  834.604566][T25224]  kmem_cache_alloc_noprof+0x73/0x3c0
[  834.604590][T25224]  ? dst_alloc+0x105/0x170
[  834.604608][T25224]  ? fib_lookup+0x76/0x440
[  834.604631][T25224]  dst_alloc+0x105/0x170
[  834.604670][T25224]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[  834.604706][T25224]  ? ip_route_output_key_hash+0xde/0x2e0
[  834.604731][T25224]  ip_route_output_key_hash+0x1b9/0x2e0
[  834.604753][T25224]  ? __lock_acquire+0xab9/0xd20
[  834.604777][T25224]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  834.604822][T25224]  ip_route_output_flow+0x2a/0x150
[  834.604852][T25224]  ? security_sk_classify_flow+0x70/0x180
[  834.604882][T25224]  udp_sendmsg+0x140c/0x2300
[  834.604910][T25224]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  834.604952][T25224]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  834.604975][T25224]  ? __pfx_udp_sendmsg+0x10/0x10
[  834.605006][T25224]  ? __lock_acquire+0xab9/0xd20
[  834.605055][T25224]  ? __lock_acquire+0xab9/0xd20
[  834.605076][T25224]  ? __pfx_aa_sk_perm+0x10/0x10
[  834.605100][T25224]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  834.605128][T25224]  ? sock_rps_record_flow+0x19/0x410
[  834.605156][T25224]  ? inet_sendmsg+0x29c/0x370
[  834.605178][T25224]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  834.605202][T25224]  __sock_sendmsg+0x19c/0x270
[  834.605232][T25224]  ____sys_sendmsg+0x52d/0x830
[  834.605271][T25224]  ? __pfx_____sys_sendmsg+0x10/0x10
[  834.605316][T25224]  ? import_iovec+0x74/0xa0
[  834.605346][T25224]  ___sys_sendmsg+0x21f/0x2a0
[  834.605370][T25224]  ? __pfx____sys_sendmsg+0x10/0x10
[  834.605436][T25224]  ? __fget_files+0x2a/0x420
[  834.605464][T25224]  ? __fget_files+0x3a0/0x420
[  834.605505][T25224]  __sys_sendmmsg+0x227/0x430
[  834.605533][T25224]  ? __pfx___sys_sendmmsg+0x10/0x10
[  834.605550][T25224]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  834.605613][T25224]  ? ksys_write+0x22a/0x250
[  834.605649][T25224]  ? __pfx_ksys_write+0x10/0x10
[  834.605669][T25224]  ? rcu_is_watching+0x15/0xb0
[  834.605701][T25224]  __x64_sys_sendmmsg+0xa0/0xc0
[  834.605722][T25224]  do_syscall_64+0xfa/0x3b0
[  834.605745][T25224]  ? lockdep_hardirqs_on+0x9c/0x150
[  834.605769][T25224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.605789][T25224]  ? clear_bhb_loop+0x60/0xb0
[  834.605815][T25224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.605833][T25224] RIP: 0033:0x7f09dcb8e929
[  834.605852][T25224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  834.605870][T25224] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  834.605893][T25224] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  834.605909][T25224] RDX: 0000000000000300 RSI: 0000200000004d00 RDI: 0000000000000003
[  834.605923][T25224] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  834.605935][T25224] R10: 0000000000000f1c R11: 0000000000000246 R12: 0000000000000001
[  834.605948][T25224] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  834.605985][T25224]  </TASK>
[  835.132330][T25228] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6015'.
[  835.146809][T25228] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6015'.
[  835.211713][T25230] FAULT_INJECTION: forcing a failure.
[  835.211713][T25230] name failslab, interval 1, probability 0, space 0, times 0
[  835.224587][T25230] CPU: 0 UID: 0 PID: 25230 Comm: syz.6.6017 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  835.224618][T25230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  835.224631][T25230] Call Trace:
[  835.224640][T25230]  <TASK>
[  835.224648][T25230]  dump_stack_lvl+0x189/0x250
[  835.224679][T25230]  ? __pfx____ratelimit+0x10/0x10
[  835.224708][T25230]  ? __pfx_dump_stack_lvl+0x10/0x10
[  835.224733][T25230]  ? __pfx__printk+0x10/0x10
[  835.224764][T25230]  ? __pfx___might_resched+0x10/0x10
[  835.224789][T25230]  ? fs_reclaim_acquire+0x7d/0x100
[  835.224821][T25230]  should_fail_ex+0x414/0x560
[  835.224853][T25230]  should_failslab+0xa8/0x100
[  835.224883][T25230]  __kmalloc_noprof+0xcb/0x4f0
[  835.224917][T25230]  ? iovec_from_user+0x87/0x250
[  835.224946][T25230]  iovec_from_user+0x87/0x250
[  835.224975][T25230]  __import_iovec+0x163/0x7f0
[  835.225012][T25230]  import_iovec+0x74/0xa0
[  835.225041][T25230]  ___sys_recvmsg+0x43a/0x510
[  835.225070][T25230]  ? __pfx____sys_recvmsg+0x10/0x10
[  835.225120][T25230]  ? __fget_files+0x3a0/0x420
[  835.225160][T25230]  do_recvmmsg+0x307/0x770
[  835.225193][T25230]  ? __pfx_do_recvmmsg+0x10/0x10
[  835.225229][T25230]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  835.225279][T25230]  __x64_sys_recvmmsg+0x190/0x240
[  835.225304][T25230]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  835.225322][T25230]  ? rcu_is_watching+0x15/0xb0
[  835.225352][T25230]  ? do_syscall_64+0xbe/0x3b0
[  835.225382][T25230]  do_syscall_64+0xfa/0x3b0
[  835.225408][T25230]  ? lockdep_hardirqs_on+0x9c/0x150
[  835.225434][T25230]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.225454][T25230]  ? clear_bhb_loop+0x60/0xb0
[  835.225481][T25230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.225500][T25230] RIP: 0033:0x7f09dcb8e929
[  835.225520][T25230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  835.225538][T25230] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  835.225562][T25230] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  835.225577][T25230] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003
[  835.225590][T25230] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  835.225603][T25230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  835.225616][T25230] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  835.225649][T25230]  </TASK>
[  835.478731][ T5862] Bluetooth: hci2: command tx timeout
[  835.880196][T25131] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  836.048060][T25131] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  836.178930][T25131] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  836.281459][T25248] netlink: 'syz.6.6024': attribute type 15 has an invalid length.
[  836.346201][T25131] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  836.455401][T25245] __nla_validate_parse: 1 callbacks suppressed
[  836.455425][T25245] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6023'.
[  836.522852][T25255] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6026'.
[  836.597756][T25255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6026'.
[  836.639098][T25259] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6029'.
[  836.710682][T25131] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  836.751919][T25131] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  836.786695][T25131] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  836.810136][T25131] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  836.982562][T25272] netlink: 'syz.0.6033': attribute type 29 has an invalid length.
[  837.003357][T25272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6033'.
[  837.287585][T25131] 8021q: adding VLAN 0 to HW filter on device bond0
[  837.327083][T25131] 8021q: adding VLAN 0 to HW filter on device team0
[  837.361170][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  837.368402][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  837.432010][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.439353][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  837.537476][ T5862] Bluetooth: hci2: command tx timeout
[  838.746274][T25314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6039'.
[  838.761846][T25131] 8021q: adding VLAN 0 to HW filter on device batadv0
[  838.811150][T25314] geneve2: entered promiscuous mode
[  838.820126][T25314] geneve2: entered allmulticast mode
[  838.847746][   T13] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 57686 - 0
[  838.893576][ T1108] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 57686 - 0
[  838.937087][ T1108] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 57686 - 0
[  838.960982][ T1108] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 57686 - 0
[  839.042758][T25323] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6042'.
[  839.355285][T25333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  839.481284][T25333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  839.566648][T25332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  839.617994][ T5862] Bluetooth: hci2: command tx timeout
[  839.843193][T25348] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  839.866900][T25131] veth0_vlan: entered promiscuous mode
[  839.924931][T25131] veth1_vlan: entered promiscuous mode
[  840.222641][ T6332] bridge_slave_1: left allmulticast mode
[  840.260912][ T6332] bridge_slave_1: left promiscuous mode
[  840.273656][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state
[  840.298492][ T6332] bridge_slave_0: left allmulticast mode
[  840.304224][ T6332] bridge_slave_0: left promiscuous mode
[  840.321168][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state
[  840.925937][ T6332] bond1 (unregistering): (slave gretap1): Releasing active interface
[  841.018269][ T6332] dvmrp0 (unregistering): left allmulticast mode
[  841.838981][ T6332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  841.861661][ T6332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  841.878359][ T6332] bond0 (unregistering): Released all slaves
[  841.900555][ T6332] bond1 (unregistering): Released all slaves
[  841.921116][ T6332] bond2 (unregistering): Released all slaves
[  841.963057][T25375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6060'.
[  841.993337][T25131] veth0_macvtap: entered promiscuous mode
[  842.050759][T25131] veth1_macvtap: entered promiscuous mode
[  842.111756][T25375] veth0: entered promiscuous mode
[  842.143086][ T6332] tipc: Disabling bearer <udp:syz0>
[  842.164213][ T6332] tipc: Left network mode
[  842.221682][T25131] batman_adv: batadv0: Interface activated: batadv_slave_0
[  842.399254][T25389] FAULT_INJECTION: forcing a failure.
[  842.399254][T25389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  842.434107][T25389] CPU: 1 UID: 0 PID: 25389 Comm: syz.0.6064 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  842.434141][T25389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  842.434155][T25389] Call Trace:
[  842.434164][T25389]  <TASK>
[  842.434174][T25389]  dump_stack_lvl+0x189/0x250
[  842.434207][T25389]  ? __pfx____ratelimit+0x10/0x10
[  842.434239][T25389]  ? __pfx_dump_stack_lvl+0x10/0x10
[  842.434266][T25389]  ? __pfx__printk+0x10/0x10
[  842.434296][T25389]  ? __might_fault+0xb0/0x130
[  842.434336][T25389]  should_fail_ex+0x414/0x560
[  842.434374][T25389]  _copy_from_user+0x2d/0xb0
[  842.434401][T25389]  kstrtouint_from_user+0xc4/0x170
[  842.434428][T25389]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  842.434472][T25389]  proc_fail_nth_write+0x88/0x240
[  842.434502][T25389]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  842.434540][T25389]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  842.434572][T25389]  vfs_write+0x27e/0xa90
[  842.434610][T25389]  ? __pfx_vfs_write+0x10/0x10
[  842.434637][T25389]  ? __fget_files+0x2a/0x420
[  842.434670][T25389]  ? __fget_files+0x3a0/0x420
[  842.434705][T25389]  ? __fget_files+0x2a/0x420
[  842.434734][T25389]  ksys_write+0x145/0x250
[  842.434751][T25389]  ? __pfx_ksys_write+0x10/0x10
[  842.434770][T25389]  ? do_syscall_64+0xbe/0x3b0
[  842.434789][T25389]  do_syscall_64+0xfa/0x3b0
[  842.434804][T25389]  ? lockdep_hardirqs_on+0x9c/0x150
[  842.434820][T25389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.434832][T25389]  ? clear_bhb_loop+0x60/0xb0
[  842.434848][T25389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.434859][T25389] RIP: 0033:0x7f93e5d8d3df
[  842.434872][T25389] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  842.434883][T25389] RSP: 002b:00007f93e3bd5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  842.434899][T25389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93e5d8d3df
[  842.434908][T25389] RDX: 0000000000000001 RSI: 00007f93e3bd50a0 RDI: 0000000000000004
[  842.434915][T25389] RBP: 00007f93e3bd5090 R08: 0000000000000000 R09: 0000000000000000
[  842.434923][T25389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  842.434930][T25389] R13: 0000000000000001 R14: 00007f93e5fb6080 R15: 00007ffde91f66a8
[  842.434961][T25389]  </TASK>
[  842.822858][T25131] batman_adv: batadv0: Interface activated: batadv_slave_1
[  842.854040][ T1108] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  842.923615][T18559] IPVS: starting estimator thread 0...
[  842.945913][ T1108] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  843.002921][ T1108] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  843.029490][T25395] IPVS: using max 24 ests per chain, 57600 per kthread
[  843.075081][ T1108] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  843.252150][T25403] batadv_slave_1: entered promiscuous mode
[  843.265875][T25401] batadv_slave_1: left promiscuous mode
[  843.571121][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.581010][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.902380][T25414] netlink: 'syz.1.6072': attribute type 303 has an invalid length.
[  844.036330][T25411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6072'.
[  844.149191][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  844.218817][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  844.707442][T25435] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6078'.
[  844.832717][T25439] bridge1: entered allmulticast mode
[  845.200086][T25453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6083'.
[  845.252557][T25455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6083'.
[  845.332716][T25455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6083'.
[  846.651804][T25454] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check.
[  846.846651][T25468] syzkaller1: tun_chr_ioctl cmd 35111
[  847.183656][ T6332] IPVS: stop unused estimator thread 0...
[  847.491062][T25495] FAULT_INJECTION: forcing a failure.
[  847.491062][T25495] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.521751][T25495] CPU: 1 UID: 0 PID: 25495 Comm: syz.6.6095 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  847.521782][T25495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  847.521795][T25495] Call Trace:
[  847.521804][T25495]  <TASK>
[  847.521813][T25495]  dump_stack_lvl+0x189/0x250
[  847.521844][T25495]  ? __pfx____ratelimit+0x10/0x10
[  847.521872][T25495]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.521896][T25495]  ? __pfx__printk+0x10/0x10
[  847.521923][T25495]  ? __might_fault+0xb0/0x130
[  847.521963][T25495]  should_fail_ex+0x414/0x560
[  847.521998][T25495]  _copy_to_iter+0x1db/0x16f0
[  847.522022][T25495]  ? __bpf_trace_contention_begin+0xdc/0x130
[  847.522057][T25495]  ? __lock_acquire+0xab9/0xd20
[  847.522079][T25495]  ? __pfx__copy_to_iter+0x10/0x10
[  847.522105][T25495]  ? __local_bh_enable_ip+0x12d/0x1c0
[  847.522129][T25495]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.522160][T25495]  ? page_copy_sane+0x16a/0x280
[  847.522184][T25495]  copy_page_to_iter+0x10c/0x1c0
[  847.522212][T25495]  sk_msg_recvmsg+0x28e/0xc20
[  847.522270][T25495]  unix_bpf_recvmsg+0x5a4/0xda0
[  847.522318][T25495]  ? __pfx_unix_bpf_recvmsg+0x10/0x10
[  847.522342][T25495]  ? __pfx_woken_wake_function+0x10/0x10
[  847.522365][T25495]  ? aa_sock_msg_perm+0x94/0x160
[  847.522399][T25495]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  847.522417][T25495]  ? unix_dgram_recvmsg+0x71/0xd0
[  847.522436][T25495]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  847.522456][T25495]  sock_recvmsg+0x229/0x270
[  847.522487][T25495]  ____sys_recvmsg+0x1c9/0x460
[  847.522519][T25495]  ? __pfx_____sys_recvmsg+0x10/0x10
[  847.522559][T25495]  ? import_iovec+0x74/0xa0
[  847.522585][T25495]  ___sys_recvmsg+0x1b5/0x510
[  847.522609][T25495]  ? __pfx____sys_recvmsg+0x10/0x10
[  847.522669][T25495]  ? __fget_files+0x3a0/0x420
[  847.522711][T25495]  __x64_sys_recvmsg+0x198/0x260
[  847.522736][T25495]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  847.522774][T25495]  ? __pfx_ksys_write+0x10/0x10
[  847.522796][T25495]  ? rcu_is_watching+0x15/0xb0
[  847.522826][T25495]  ? do_syscall_64+0xbe/0x3b0
[  847.522859][T25495]  do_syscall_64+0xfa/0x3b0
[  847.522883][T25495]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.522906][T25495]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.522926][T25495]  ? clear_bhb_loop+0x60/0xb0
[  847.522950][T25495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.522966][T25495] RIP: 0033:0x7f09dcb8e929
[  847.522984][T25495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.523002][T25495] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  847.523025][T25495] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  847.523039][T25495] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  847.523052][T25495] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  847.523065][T25495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  847.523077][T25495] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  847.523113][T25495]  </TASK>
[  848.918741][T25516] tipc: Started in network mode
[  848.931683][T25516] tipc: Node identity 1e1784b153ca, cluster identity 4711
[  848.938141][T21248] IPVS: starting estimator thread 0...
[  848.945115][T25519] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  848.950676][T25516] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  849.023447][T25516] tipc: Disabling bearer <eth:syzkaller0>
[  849.029866][T25523] IPVS: using max 23 ests per chain, 55200 per kthread
[  849.310270][T25533] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6104'.
[  849.626485][T25543] netlink: 'syz.1.6103': attribute type 21 has an invalid length.
[  849.977369][T25536] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  850.031275][T25543] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6103'.
[  850.236616][T25545] bridge0: port 2(bridge_slave_1) entered disabled state
[  850.244493][T25545] bridge0: port 1(bridge_slave_0) entered disabled state
[  850.565622][T25545] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  850.669640][T25545] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  850.892653][T25545] veth0: left promiscuous mode
[  851.000269][  T801] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  851.024473][  T801] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 57686 - 0
[  851.052025][  T801] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  851.075947][  T801] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 57686 - 0
[  851.089178][  T801] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  851.107409][  T801] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 57686 - 0
[  851.271912][  T801] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  851.292680][  T801] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 57686 - 0
[  851.531173][T25574] FAULT_INJECTION: forcing a failure.
[  851.531173][T25574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  851.577975][T25574] CPU: 0 UID: 0 PID: 25574 Comm: syz.6.6116 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  851.578010][T25574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  851.578023][T25574] Call Trace:
[  851.578031][T25574]  <TASK>
[  851.578040][T25574]  dump_stack_lvl+0x189/0x250
[  851.578071][T25574]  ? __pfx____ratelimit+0x10/0x10
[  851.578097][T25574]  ? __pfx_dump_stack_lvl+0x10/0x10
[  851.578121][T25574]  ? __pfx__printk+0x10/0x10
[  851.578150][T25574]  ? __might_fault+0xb0/0x130
[  851.578200][T25574]  should_fail_ex+0x414/0x560
[  851.578236][T25574]  _copy_from_user+0x2d/0xb0
[  851.578261][T25574]  ___sys_sendmsg+0x158/0x2a0
[  851.578286][T25574]  ? __pfx____sys_sendmsg+0x10/0x10
[  851.578368][T25574]  ? __might_fault+0xb0/0x130
[  851.578405][T25574]  __sys_sendmmsg+0x227/0x430
[  851.578431][T25574]  ? __pfx___sys_sendmmsg+0x10/0x10
[  851.578447][T25574]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  851.578503][T25574]  ? ksys_write+0x22a/0x250
[  851.578529][T25574]  ? __pfx_ksys_write+0x10/0x10
[  851.578551][T25574]  ? rcu_is_watching+0x15/0xb0
[  851.578585][T25574]  __x64_sys_sendmmsg+0xa0/0xc0
[  851.578606][T25574]  do_syscall_64+0xfa/0x3b0
[  851.578628][T25574]  ? lockdep_hardirqs_on+0x9c/0x150
[  851.578655][T25574]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  851.578676][T25574]  ? clear_bhb_loop+0x60/0xb0
[  851.578703][T25574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  851.578722][T25574] RIP: 0033:0x7f09dcb8e929
[  851.578743][T25574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  851.578762][T25574] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  851.578785][T25574] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  851.578800][T25574] RDX: 0000000000000300 RSI: 0000200000004d00 RDI: 0000000000000003
[  851.578814][T25574] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  851.578827][T25574] R10: 0000000000000f1c R11: 0000000000000246 R12: 0000000000000001
[  851.578840][T25574] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  851.578885][T25574]  </TASK>
[  851.975348][T25581] netlink: 'syz.5.6119': attribute type 1 has an invalid length.
[  852.060507][T25581] 8021q: adding VLAN 0 to HW filter on device bond2
[  852.071311][T25588] netlink: 'syz.4.6121': attribute type 1 has an invalid length.
[  852.168403][T25584] 8021q: adding VLAN 0 to HW filter on device bond2
[  852.175984][T25584] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  852.189942][T25584] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  852.256036][T25590] gretap2: entered promiscuous mode
[  852.276749][T25590] bond2: (slave gretap2): making interface the new active one
[  852.305866][T25590] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  852.430609][T25594] vlan2: entered allmulticast mode
[  852.456097][T25594] veth0_to_bond: entered allmulticast mode
[  852.457158][T25598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6124'.
[  852.560083][T25581] bond2: (slave vlan3): the slave hw address is in use by the bond; giving it the hw address of gretap2
[  852.706579][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807a0ef400: rx timeout, send abort
[  852.738707][T25593] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6120'.
[  852.808640][T25607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6126'.
[  852.853697][T25593] gre0: entered promiscuous mode
[  852.862515][T25593] gre0: entered allmulticast mode
[  852.903950][T25607] geneve2: entered promiscuous mode
[  852.917356][T25607] geneve2: entered allmulticast mode
[  852.956779][ T6332] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 37331 - 0
[  853.011882][ T6332] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 37331 - 0
[  853.022012][ T6332] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 37331 - 0
[  853.116193][ T6332] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 37331 - 0
[  853.652340][T25633] FAULT_INJECTION: forcing a failure.
[  853.652340][T25633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  853.680934][T25633] CPU: 0 UID: 0 PID: 25633 Comm: syz.5.6134 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  853.680968][T25633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  853.680981][T25633] Call Trace:
[  853.680990][T25633]  <TASK>
[  853.681000][T25633]  dump_stack_lvl+0x189/0x250
[  853.681030][T25633]  ? __pfx____ratelimit+0x10/0x10
[  853.681057][T25633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  853.681082][T25633]  ? __pfx__printk+0x10/0x10
[  853.681110][T25633]  ? __might_fault+0xb0/0x130
[  853.681150][T25633]  should_fail_ex+0x414/0x560
[  853.681189][T25633]  _copy_to_iter+0x1db/0x16f0
[  853.681223][T25633]  ? __lock_acquire+0xab9/0xd20
[  853.681247][T25633]  ? __pfx__copy_to_iter+0x10/0x10
[  853.681274][T25633]  ? __local_bh_enable_ip+0x12d/0x1c0
[  853.681297][T25633]  ? lockdep_hardirqs_on+0x9c/0x150
[  853.681329][T25633]  ? page_copy_sane+0x16a/0x280
[  853.681355][T25633]  copy_page_to_iter+0x10c/0x1c0
[  853.681382][T25633]  sk_msg_recvmsg+0x28e/0xc20
[  853.681440][T25633]  unix_bpf_recvmsg+0x5a4/0xda0
[  853.681487][T25633]  ? __pfx_unix_bpf_recvmsg+0x10/0x10
[  853.681512][T25633]  ? __pfx_woken_wake_function+0x10/0x10
[  853.681536][T25633]  ? aa_sock_msg_perm+0x94/0x160
[  853.681568][T25633]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  853.681586][T25633]  ? unix_dgram_recvmsg+0x71/0xd0
[  853.681605][T25633]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  853.681625][T25633]  sock_recvmsg+0x229/0x270
[  853.681657][T25633]  ____sys_recvmsg+0x1c9/0x460
[  853.681691][T25633]  ? __pfx_____sys_recvmsg+0x10/0x10
[  853.681732][T25633]  ? import_iovec+0x74/0xa0
[  853.681761][T25633]  ___sys_recvmsg+0x1b5/0x510
[  853.681789][T25633]  ? __pfx____sys_recvmsg+0x10/0x10
[  853.681851][T25633]  ? __fget_files+0x3a0/0x420
[  853.681893][T25633]  __x64_sys_recvmsg+0x198/0x260
[  853.681918][T25633]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  853.681952][T25633]  ? __pfx_ksys_write+0x10/0x10
[  853.681974][T25633]  ? rcu_is_watching+0x15/0xb0
[  853.682006][T25633]  ? do_syscall_64+0xbe/0x3b0
[  853.682039][T25633]  do_syscall_64+0xfa/0x3b0
[  853.682066][T25633]  ? lockdep_hardirqs_on+0x9c/0x150
[  853.682092][T25633]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  853.682113][T25633]  ? clear_bhb_loop+0x60/0xb0
[  853.682139][T25633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  853.682160][T25633] RIP: 0033:0x7fc9fc38e929
[  853.682180][T25633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  853.682200][T25633] RSP: 002b:00007fc9fa1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  853.682222][T25633] RAX: ffffffffffffffda RBX: 00007fc9fc5b5fa0 RCX: 00007fc9fc38e929
[  853.682238][T25633] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  853.682251][T25633] RBP: 00007fc9fa1f6090 R08: 0000000000000000 R09: 0000000000000000
[  853.682264][T25633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  853.682276][T25633] R13: 0000000000000000 R14: 00007fc9fc5b5fa0 R15: 00007ffd29cda728
[  853.682311][T25633]  </TASK>
[  854.027582][T25638] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0
[  854.127900][T25638] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  854.247926][T25639] batadv_slave_1: entered promiscuous mode
[  854.255708][T25644] FAULT_INJECTION: forcing a failure.
[  854.255708][T25644] name failslab, interval 1, probability 0, space 0, times 0
[  854.255973][T25643] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6137'.
[  854.269816][T25644] CPU: 0 UID: 0 PID: 25644 Comm: syz.6.6138 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  854.269845][T25644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  854.269856][T25644] Call Trace:
[  854.269864][T25644]  <TASK>
[  854.269882][T25644]  dump_stack_lvl+0x189/0x250
[  854.269911][T25644]  ? __pfx____ratelimit+0x10/0x10
[  854.269936][T25644]  ? __pfx_dump_stack_lvl+0x10/0x10
[  854.269958][T25644]  ? __pfx__printk+0x10/0x10
[  854.269985][T25644]  ? trace_fib_table_lookup+0x85/0x200
[  854.270022][T25644]  should_fail_ex+0x414/0x560
[  854.270054][T25644]  should_failslab+0xa8/0x100
[  854.270080][T25644]  kmem_cache_alloc_noprof+0x73/0x3c0
[  854.270102][T25644]  ? dst_alloc+0x105/0x170
[  854.270117][T25644]  ? fib_lookup+0x76/0x440
[  854.270139][T25644]  dst_alloc+0x105/0x170
[  854.270163][T25644]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[  854.270194][T25644]  ? ip_route_output_key_hash+0xde/0x2e0
[  854.270216][T25644]  ip_route_output_key_hash+0x1b9/0x2e0
[  854.270235][T25644]  ? __lock_acquire+0xab9/0xd20
[  854.270257][T25644]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  854.270297][T25644]  ip_route_output_flow+0x2a/0x150
[  854.270322][T25644]  ? security_sk_classify_flow+0x70/0x180
[  854.270349][T25644]  udp_sendmsg+0x140c/0x2300
[  854.270374][T25644]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  854.270411][T25644]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  854.270431][T25644]  ? __pfx_udp_sendmsg+0x10/0x10
[  854.270459][T25644]  ? __lock_acquire+0xab9/0xd20
[  854.270501][T25644]  ? __lock_acquire+0xab9/0xd20
[  854.270520][T25644]  ? __pfx_aa_sk_perm+0x10/0x10
[  854.270550][T25644]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  854.270574][T25644]  ? sock_rps_record_flow+0x19/0x410
[  854.270599][T25644]  ? inet_sendmsg+0x29c/0x370
[  854.270618][T25644]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  854.270640][T25644]  __sock_sendmsg+0x19c/0x270
[  854.270666][T25644]  ____sys_sendmsg+0x52d/0x830
[  854.270701][T25644]  ? __pfx_____sys_sendmsg+0x10/0x10
[  854.270739][T25644]  ? import_iovec+0x74/0xa0
[  854.270766][T25644]  ___sys_sendmsg+0x21f/0x2a0
[  854.270787][T25644]  ? __pfx____sys_sendmsg+0x10/0x10
[  854.270856][T25644]  ? __might_fault+0xb0/0x130
[  854.270890][T25644]  __sys_sendmmsg+0x227/0x430
[  854.270915][T25644]  ? __pfx___sys_sendmmsg+0x10/0x10
[  854.270931][T25644]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  854.270987][T25644]  ? ksys_write+0x22a/0x250
[  854.271011][T25644]  ? __pfx_ksys_write+0x10/0x10
[  854.271030][T25644]  ? rcu_is_watching+0x15/0xb0
[  854.271060][T25644]  __x64_sys_sendmmsg+0xa0/0xc0
[  854.271080][T25644]  do_syscall_64+0xfa/0x3b0
[  854.271103][T25644]  ? lockdep_hardirqs_on+0x9c/0x150
[  854.271126][T25644]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.271144][T25644]  ? clear_bhb_loop+0x60/0xb0
[  854.271167][T25644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.271185][T25644] RIP: 0033:0x7f09dcb8e929
[  854.271203][T25644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  854.271218][T25644] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  854.271239][T25644] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  854.271252][T25644] RDX: 0000000000000300 RSI: 0000200000004d00 RDI: 0000000000000003
[  854.271264][T25644] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  854.271276][T25644] R10: 0000000000000f1c R11: 0000000000000246 R12: 0000000000000001
[  854.271287][T25644] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  854.271319][T25644]  </TASK>
[  854.460238][T25652] netlink: 'syz.6.6141': attribute type 13 has an invalid length.
[  854.987605][T25634] batadv_slave_1: left promiscuous mode
[  855.038800][T25652] vlan0: refused to change device tx_queue_len
[  855.053230][T25652] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  855.227818][T25638] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0
[  855.265808][T25638] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  855.342871][T25657] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6142'.
[  855.393510][T25659] netlink: 'syz.6.6143': attribute type 7 has an invalid length.
[  855.411333][T25659] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  855.536596][T25638] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0
[  855.557365][T25638] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  855.627938][T25665] netlink: 676 bytes leftover after parsing attributes in process `syz.5.6146'.
[  855.641819][T25665] netlink: 676 bytes leftover after parsing attributes in process `syz.5.6146'.
[  855.676001][T25638] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0
[  855.717375][T25638] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  855.929411][   T36] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 43046 - 0
[  855.941996][   T36] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  856.078491][ T1155] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 43046 - 0
[  856.086986][ T1155] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  856.193750][ T1155] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 43046 - 0
[  856.230713][ T1155] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  856.289474][   T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 43046 - 0
[  856.319277][   T36] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  856.389716][T25679] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6150'.
[  856.401287][T25679] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6150'.
[  856.490601][T25682] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6150'.
[  856.635419][T25688] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6155'.
[  856.942241][T25697] netlink: 16386 bytes leftover after parsing attributes in process `syz.4.6158'.
[  856.996401][T25702] netlink: 'syz.4.6158': attribute type 3 has an invalid length.
[  857.061112][T25700] macsec1: entered promiscuous mode
[  857.066478][T25700] ip6gretap0: entered promiscuous mode
[  857.081912][T25700] macsec1: entered allmulticast mode
[  857.090272][T25700] ip6gretap0: entered allmulticast mode
[  857.106739][T25700] ip6gretap0: left allmulticast mode
[  857.116199][T25700] ip6gretap0: left promiscuous mode
[  857.256928][T25707] netlink: 88 bytes leftover after parsing attributes in process `syz.6.6160'.
[  857.277529][T25707] netlink: 48 bytes leftover after parsing attributes in process `syz.6.6160'.
[  857.349193][T25709] netlink: 'syz.0.6163': attribute type 10 has an invalid length.
[  857.373883][T25709] bridge0: port 3(dummy0) entered blocking state
[  857.388610][T25709] bridge0: port 3(dummy0) entered disabled state
[  857.405390][T25709] dummy0: entered allmulticast mode
[  857.444809][T25709] dummy0: entered promiscuous mode
[  858.725443][T25751] netlink: 'syz.6.6174': attribute type 8 has an invalid length.
[  858.823232][T25756] bridge0: port 1(bridge_slave_0) entered disabled state
[  858.833713][T25756] bridge0: port 2(bridge_slave_1) entered disabled state
[  858.897743][ T1155] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  858.918820][ T1155] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  859.134143][T25754] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  859.149704][T25754] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  859.307891][   T12] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  859.323320][   T12] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  859.411726][   T12] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  859.421161][   T12] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 37331 - 0
[  859.430494][   T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  859.447772][   T12] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 37331 - 0
[  859.492727][   T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  859.509354][   T12] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 37331 - 0
[  859.522533][   T12] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  859.532895][   T12] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 37331 - 0
[  860.342370][T25789] 8021q: VLANs not supported on ip_vti0
[  860.364238][T25791] __nla_validate_parse: 5 callbacks suppressed
[  860.364259][T25791] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6187'.
[  860.414798][T25789] 8021q: VLANs not supported on ip_vti0
[  860.416071][T25795] IPVS: set_ctl: invalid protocol: 8 224.0.0.2:20004
[  860.499162][T25792] netlink: 'syz.0.6187': attribute type 2 has an invalid length.
[  860.531096][T25800] netlink: 'syz.1.6190': attribute type 10 has an invalid length.
[  860.537397][T25792] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  860.547254][T25800] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6190'.
[  860.602704][T25800] bridge0: port 2(dummy0) entered blocking state
[  860.619591][T25800] bridge0: port 2(dummy0) entered disabled state
[  860.636628][T25800] dummy0: entered allmulticast mode
[  860.669241][T25800] dummy0: entered promiscuous mode
[  860.704010][T25800] bridge0: port 2(dummy0) entered blocking state
[  860.710600][T25800] bridge0: port 2(dummy0) entered forwarding state
[  860.758389][T25791] netlink: 16386 bytes leftover after parsing attributes in process `syz.0.6187'.
[  860.795531][T25792] vlan2: entered allmulticast mode
[  861.706089][T25836] netlink: 'syz.6.6200': attribute type 27 has an invalid length.
[  861.914404][T25845] syzkaller0: entered promiscuous mode
[  861.924586][T25845] syzkaller0: entered allmulticast mode
[  862.122130][T25848] bridge0: port 2(dummy0) entered disabled state
[  862.128904][T25848] bridge0: port 1(bridge_slave_0) entered disabled state
[  862.242264][ T5951] IPVS: starting estimator thread 0...
[  862.338336][T25853] IPVS: using max 23 ests per chain, 55200 per kthread
[  862.495252][T25848] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  862.549481][T25848] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  862.917264][T25849] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  863.063937][T25859] gre1: entered allmulticast mode
[  863.071242][T25865] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6210'.
[  863.130044][ T6332] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 43046 - 0
[  863.159261][ T6332] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0
[  863.173590][ T6332] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 43046 - 0
[  863.197343][ T6332] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0
[  863.260241][T25864] netlink: 546 bytes leftover after parsing attributes in process `syz.6.6211'.
[  863.276015][T25865] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 43046 - 0
[  863.290534][T25865] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  863.307490][ T6332] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 43046 - 0
[  863.315972][ T6332] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0
[  863.788801][T25888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6218'.
[  863.822906][T25889] netlink: 'syz.5.6216': attribute type 303 has an invalid length.
[  863.844851][T25887] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6216'.
[  864.190997][T25893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6220'.
[  864.201261][T25893] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6220'.
[  864.265990][T25896] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6220'.
[  864.327880][T25901] netlink: 'syz.5.6222': attribute type 1 has an invalid length.
[  864.335710][T25901] netlink: 'syz.5.6222': attribute type 2 has an invalid length.
[  864.418747][T25899] netlink: 'syz.0.6221': attribute type 6 has an invalid length.
[  865.006850][T25915] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  865.421219][T25925] netlink: 'syz.5.6232': attribute type 10 has an invalid length.
[  865.447434][T25925] __nla_validate_parse: 4 callbacks suppressed
[  865.447457][T25925] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6232'.
[  865.484636][T25927] gre1: entered promiscuous mode
[  865.654931][T25935] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6234'.
[  865.670733][T25935] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6234'.
[  866.292187][T25959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6242'.
[  866.527046][T25964] batadv_slave_1: entered promiscuous mode
[  866.554014][T25961] batadv_slave_1: left promiscuous mode
[  866.732398][T25971] netlink: 'syz.1.6247': attribute type 21 has an invalid length.
[  866.752430][T25970] netlink: 'syz.0.6246': attribute type 4 has an invalid length.
[  866.767399][T25971] IPv6: NLM_F_CREATE should be specified when creating new route
[  866.816952][T25970] netlink: 'syz.0.6246': attribute type 4 has an invalid length.
[  866.848413][T25971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6247'.
[  866.879788][T25971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6247'.
[  866.909395][T25974] FAULT_INJECTION: forcing a failure.
[  866.909395][T25974] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  866.953713][T25971] netlink: 'syz.1.6247': attribute type 12 has an invalid length.
[  866.975160][T25974] CPU: 1 UID: 0 PID: 25974 Comm: syz.6.6248 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  866.975194][T25974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.975206][T25974] Call Trace:
[  866.975215][T25974]  <TASK>
[  866.975224][T25974]  dump_stack_lvl+0x189/0x250
[  866.975260][T25974]  ? __pfx____ratelimit+0x10/0x10
[  866.975291][T25974]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.975317][T25974]  ? __pfx__printk+0x10/0x10
[  866.975348][T25974]  ? fs_reclaim_acquire+0x7d/0x100
[  866.975389][T25974]  should_fail_ex+0x414/0x560
[  866.975427][T25974]  prepare_alloc_pages+0x213/0x610
[  866.975468][T25974]  __alloc_frozen_pages_noprof+0x123/0x370
[  866.975505][T25974]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  866.975549][T25974]  ? policy_nodemask+0x27c/0x720
[  866.975573][T25974]  ? __lock_acquire+0xab9/0xd20
[  866.975602][T25974]  alloc_pages_mpol+0x232/0x4a0
[  866.975636][T25974]  vma_alloc_folio_noprof+0xe4/0x200
[  866.975668][T25974]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  866.975711][T25974]  folio_prealloc+0x30/0x180
[  866.975740][T25974]  __handle_mm_fault+0x183f/0x5620
[  866.975790][T25974]  ? __pfx___handle_mm_fault+0x10/0x10
[  866.975842][T25974]  ? follow_page_pte+0x8d6/0x14b0
[  866.975879][T25974]  handle_mm_fault+0x40a/0x8e0
[  866.975917][T25974]  __get_user_pages+0x1af4/0x30b0
[  866.975956][T25974]  ? mt_find+0x15c/0x5f0
[  866.976010][T25974]  ? __pfx___get_user_pages+0x10/0x10
[  866.976046][T25974]  populate_vma_page_range+0x26b/0x340
[  866.976073][T25974]  ? __pfx_populate_vma_page_range+0x10/0x10
[  866.976093][T25974]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  866.976124][T25974]  ? down_read+0x1ad/0x2e0
[  866.976158][T25974]  __mm_populate+0x24c/0x380
[  866.976184][T25974]  ? __pfx___mm_populate+0x10/0x10
[  866.976210][T25974]  ? up_write+0x1c4/0x420
[  866.976244][T25974]  vm_mmap_pgoff+0x3f0/0x4c0
[  866.976274][T25974]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  866.976298][T25974]  ? __fget_files+0x2a/0x420
[  866.976333][T25974]  ? __fget_files+0x3a0/0x420
[  866.976360][T25974]  ? __fget_files+0x2a/0x420
[  866.976394][T25974]  ksys_mmap_pgoff+0x51f/0x760
[  866.976429][T25974]  do_syscall_64+0xfa/0x3b0
[  866.976455][T25974]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.976482][T25974]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.976503][T25974]  ? clear_bhb_loop+0x60/0xb0
[  866.976530][T25974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.976551][T25974] RIP: 0033:0x7f09dcb8e929
[  866.976570][T25974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.976587][T25974] RSP: 002b:00007f09dda73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  866.976610][T25974] RAX: ffffffffffffffda RBX: 00007f09dcdb6080 RCX: 00007f09dcb8e929
[  866.976626][T25974] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  866.976640][T25974] RBP: 00007f09dda73090 R08: 0000000000000005 R09: 0000000000000000
[  866.976653][T25974] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  866.976666][T25974] R13: 0000000000000000 R14: 00007f09dcdb6080 R15: 00007ffd18a1be58
[  866.976702][T25974]  </TASK>
[  867.300329][T25971] netlink: 'syz.1.6247': attribute type 14 has an invalid length.
[  867.796483][T26000] syzkaller0: entered promiscuous mode
[  867.805165][T26000] syzkaller0: entered allmulticast mode
[  867.819096][T26002] batadv_slave_1: entered promiscuous mode
[  867.840477][T26001] batadv_slave_1: left promiscuous mode
[  867.924023][T26006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6260'.
[  868.146235][T26004] netlink: 'syz.5.6259': attribute type 303 has an invalid length.
[  868.253753][T26004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6259'.
[  868.484588][T26030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6268'.
[  868.625613][T26040] batadv_slave_1: entered promiscuous mode
[  868.647902][T26039] batadv_slave_1: left promiscuous mode
[  868.913538][T26054] FAULT_INJECTION: forcing a failure.
[  868.913538][T26054] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  868.927385][T26054] CPU: 0 UID: 0 PID: 26054 Comm: syz.6.6274 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  868.927416][T26054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  868.927429][T26054] Call Trace:
[  868.927438][T26054]  <TASK>
[  868.927447][T26054]  dump_stack_lvl+0x189/0x250
[  868.927478][T26054]  ? __pfx____ratelimit+0x10/0x10
[  868.927506][T26054]  ? __pfx_dump_stack_lvl+0x10/0x10
[  868.927529][T26054]  ? __pfx__printk+0x10/0x10
[  868.927557][T26054]  ? fs_reclaim_acquire+0x7d/0x100
[  868.927595][T26054]  should_fail_ex+0x414/0x560
[  868.927629][T26054]  prepare_alloc_pages+0x213/0x610
[  868.927669][T26054]  __alloc_frozen_pages_noprof+0x123/0x370
[  868.927706][T26054]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  868.927749][T26054]  ? policy_nodemask+0x27c/0x720
[  868.927773][T26054]  ? __lock_acquire+0xab9/0xd20
[  868.927801][T26054]  alloc_pages_mpol+0x232/0x4a0
[  868.927843][T26054]  vma_alloc_folio_noprof+0xe4/0x200
[  868.927874][T26054]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  868.927916][T26054]  folio_prealloc+0x30/0x180
[  868.927946][T26054]  __handle_mm_fault+0x183f/0x5620
[  868.927995][T26054]  ? __pfx___handle_mm_fault+0x10/0x10
[  868.928037][T26054]  ? follow_page_pte+0x8d6/0x14b0
[  868.928073][T26054]  handle_mm_fault+0x40a/0x8e0
[  868.928110][T26054]  __get_user_pages+0x1af4/0x30b0
[  868.928149][T26054]  ? mt_find+0x15c/0x5f0
[  868.928202][T26054]  ? __pfx___get_user_pages+0x10/0x10
[  868.928237][T26054]  populate_vma_page_range+0x26b/0x340
[  868.928264][T26054]  ? __pfx_populate_vma_page_range+0x10/0x10
[  868.928283][T26054]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  868.928314][T26054]  ? down_read+0x1ad/0x2e0
[  868.928348][T26054]  __mm_populate+0x24c/0x380
[  868.928373][T26054]  ? __pfx___mm_populate+0x10/0x10
[  868.928398][T26054]  ? up_write+0x1c4/0x420
[  868.928451][T26054]  vm_mmap_pgoff+0x3f0/0x4c0
[  868.928480][T26054]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  868.928503][T26054]  ? __fget_files+0x2a/0x420
[  868.928538][T26054]  ? __fget_files+0x3a0/0x420
[  868.928563][T26054]  ? __fget_files+0x2a/0x420
[  868.928595][T26054]  ksys_mmap_pgoff+0x51f/0x760
[  868.928629][T26054]  do_syscall_64+0xfa/0x3b0
[  868.928655][T26054]  ? lockdep_hardirqs_on+0x9c/0x150
[  868.928681][T26054]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.928703][T26054]  ? clear_bhb_loop+0x60/0xb0
[  868.928728][T26054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.928749][T26054] RIP: 0033:0x7f09dcb8e929
[  868.928768][T26054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  868.928786][T26054] RSP: 002b:00007f09dda73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  868.928817][T26054] RAX: ffffffffffffffda RBX: 00007f09dcdb6080 RCX: 00007f09dcb8e929
[  868.928833][T26054] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  868.928847][T26054] RBP: 00007f09dda73090 R08: 0000000000000005 R09: 0000000000000000
[  868.928861][T26054] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  868.928873][T26054] R13: 0000000000000000 R14: 00007f09dcdb6080 R15: 00007ffd18a1be58
[  868.928909][T26054]  </TASK>
[  869.645170][T26071] batadv_slave_1: entered promiscuous mode
[  869.651851][T26070] batadv_slave_1: left promiscuous mode
[  869.916181][T26079] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6288'.
[  870.957610][T26105] __nla_validate_parse: 2 callbacks suppressed
[  870.957633][T26105] netlink: 112 bytes leftover after parsing attributes in process `syz.5.6297'.
[  871.047739][T26105] netlink: 1 bytes leftover after parsing attributes in process `syz.5.6297'.
[  871.173933][T26108] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  871.231575][T26108] siw: device registration error -23
[  871.570134][T26125] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6300'.
[  871.617431][T26125] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6300'.
[  871.925388][T26134] netlink: 88 bytes leftover after parsing attributes in process `syz.5.6306'.
[  871.953467][T26134] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6306'.
[  872.012353][T26140] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6308'.
[  872.230514][T26147] syzkaller0: entered promiscuous mode
[  872.261364][T26147] syzkaller0: entered allmulticast mode
[  872.641098][T26163] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  872.665798][T26165] IPv6: NLM_F_REPLACE set, but no existing node found!
[  873.174902][T26186] netlink: 88 bytes leftover after parsing attributes in process `syz.6.6324'.
[  873.216025][T26186] netlink: 48 bytes leftover after parsing attributes in process `syz.6.6324'.
[  873.327801][T26191] nbd0: detected capacity change from 0 to 63
[  873.633705][T26201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6325'.
[  873.699161][T26213] syzkaller0: entered promiscuous mode
[  873.710070][T17323] block nbd0: Receive control failed (result -32)
[  873.711794][T26213] syzkaller0: entered allmulticast mode
[  874.295811][T26246] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  874.552309][T26254] FAULT_INJECTION: forcing a failure.
[  874.552309][T26254] name failslab, interval 1, probability 0, space 0, times 0
[  874.567693][T26254] CPU: 0 UID: 0 PID: 26254 Comm: syz.6.6346 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  874.567726][T26254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  874.567740][T26254] Call Trace:
[  874.567749][T26254]  <TASK>
[  874.567758][T26254]  dump_stack_lvl+0x189/0x250
[  874.567796][T26254]  ? __pfx____ratelimit+0x10/0x10
[  874.567823][T26254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  874.567864][T26254]  ? __pfx__printk+0x10/0x10
[  874.567900][T26254]  ? __pfx___might_resched+0x10/0x10
[  874.567930][T26254]  should_fail_ex+0x414/0x560
[  874.567965][T26254]  should_failslab+0xa8/0x100
[  874.567994][T26254]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  874.568021][T26254]  ? __get_vm_area_node+0x13f/0x300
[  874.568050][T26254]  __get_vm_area_node+0x13f/0x300
[  874.568082][T26254]  __vmalloc_node_range_noprof+0x301/0x12f0
[  874.568109][T26254]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  874.568132][T26254]  ? is_bpf_text_address+0x26/0x2b0
[  874.568177][T26254]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  874.568202][T26254]  ? __might_fault+0xb0/0x130
[  874.568224][T26254]  ? __pfx_aa_get_newest_label+0x10/0x10
[  874.568251][T26254]  ? _parse_integer_limit+0x1ae/0x1f0
[  874.568287][T26254]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  874.568305][T26254]  __vmalloc_noprof+0xb1/0xf0
[  874.568329][T26254]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  874.568354][T26254]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  874.568382][T26254]  bpf_prog_alloc+0x3c/0x1a0
[  874.568426][T26254]  bpf_prog_load+0x735/0x1930
[  874.568460][T26254]  ? __pfx_bpf_prog_load+0x10/0x10
[  874.568508][T26254]  ? bpf_lsm_bpf+0x9/0x20
[  874.568530][T26254]  ? security_bpf+0x7e/0x300
[  874.568557][T26254]  __sys_bpf+0x5f1/0x860
[  874.568580][T26254]  ? __pfx___sys_bpf+0x10/0x10
[  874.568615][T26254]  ? ksys_write+0x22a/0x250
[  874.568643][T26254]  ? __pfx_ksys_write+0x10/0x10
[  874.568673][T26254]  __x64_sys_bpf+0x7c/0x90
[  874.568698][T26254]  do_syscall_64+0xfa/0x3b0
[  874.568719][T26254]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.568739][T26254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.568755][T26254]  ? clear_bhb_loop+0x60/0xb0
[  874.568774][T26254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.568800][T26254] RIP: 0033:0x7f09dcb8e929
[  874.568816][T26254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.568830][T26254] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  874.568848][T26254] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  874.568860][T26254] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005
[  874.568871][T26254] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  874.568880][T26254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.568890][T26254] R13: 0000000000000001 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  874.568916][T26254]  </TASK>
[  874.568930][T26254] syz.6.6346: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  875.015688][T26254] CPU: 0 UID: 0 PID: 26254 Comm: syz.6.6346 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  875.015722][T26254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  875.015734][T26254] Call Trace:
[  875.015743][T26254]  <TASK>
[  875.015753][T26254]  dump_stack_lvl+0x189/0x250
[  875.015795][T26254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  875.015820][T26254]  ? __pfx__printk+0x10/0x10
[  875.015849][T26254]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  875.015878][T26254]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  875.015908][T26254]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  875.015940][T26254]  warn_alloc+0x214/0x310
[  875.015977][T26254]  ? __pfx_warn_alloc+0x10/0x10
[  875.016008][T26254]  ? __get_vm_area_node+0x13f/0x300
[  875.016040][T26254]  ? __get_vm_area_node+0x2b5/0x300
[  875.016075][T26254]  __vmalloc_node_range_noprof+0x326/0x12f0
[  875.016106][T26254]  ? is_bpf_text_address+0x26/0x2b0
[  875.016160][T26254]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  875.016187][T26254]  ? __might_fault+0xb0/0x130
[  875.016211][T26254]  ? __pfx_aa_get_newest_label+0x10/0x10
[  875.016241][T26254]  ? _parse_integer_limit+0x1ae/0x1f0
[  875.016283][T26254]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  875.016302][T26254]  __vmalloc_noprof+0xb1/0xf0
[  875.016326][T26254]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  875.016351][T26254]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  875.016380][T26254]  bpf_prog_alloc+0x3c/0x1a0
[  875.016404][T26254]  bpf_prog_load+0x735/0x1930
[  875.016441][T26254]  ? __pfx_bpf_prog_load+0x10/0x10
[  875.016490][T26254]  ? bpf_lsm_bpf+0x9/0x20
[  875.016510][T26254]  ? security_bpf+0x7e/0x300
[  875.016540][T26254]  __sys_bpf+0x5f1/0x860
[  875.016563][T26254]  ? __pfx___sys_bpf+0x10/0x10
[  875.016597][T26254]  ? ksys_write+0x22a/0x250
[  875.016624][T26254]  ? __pfx_ksys_write+0x10/0x10
[  875.016658][T26254]  __x64_sys_bpf+0x7c/0x90
[  875.016688][T26254]  do_syscall_64+0xfa/0x3b0
[  875.016716][T26254]  ? lockdep_hardirqs_on+0x9c/0x150
[  875.016742][T26254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.016763][T26254]  ? clear_bhb_loop+0x60/0xb0
[  875.016796][T26254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.016816][T26254] RIP: 0033:0x7f09dcb8e929
[  875.016837][T26254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  875.016853][T26254] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  875.016876][T26254] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  875.016891][T26254] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005
[  875.016903][T26254] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  875.016915][T26254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  875.016927][T26254] R13: 0000000000000001 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  875.016961][T26254]  </TASK>
[  875.016995][T26254] Mem-Info:
[  875.356615][T26254] active_anon:3597 inactive_anon:0 isolated_anon:0
[  875.356615][T26254]  active_file:2225 inactive_file:40160 isolated_file:0
[  875.356615][T26254]  unevictable:768 dirty:188 writeback:0
[  875.356615][T26254]  slab_reclaimable:13797 slab_unreclaimable:173320
[  875.356615][T26254]  mapped:29699 shmem:1361 pagetables:995
[  875.356615][T26254]  sec_pagetables:0 bounce:0
[  875.356615][T26254]  kernel_misc_reclaimable:0
[  875.356615][T26254]  free:1243620 free_pcp:20015 free_cma:0
[  875.406951][T26254] Node 0 active_anon:14388kB inactive_anon:0kB active_file:8900kB inactive_file:160440kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118796kB dirty:748kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12952kB pagetables:3848kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  875.447819][T26254] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  875.480453][T26254] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  875.516254][T26254] lowmem_reserve[]: 0 2498 2499 2499 2499
[  875.524294][T26254] Node 0 DMA32 free:1052536kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14440kB inactive_anon:0kB active_file:8900kB inactive_file:158864kB unevictable:1536kB writepending:748kB present:3129332kB managed:2558304kB mlocked:0kB bounce:0kB free_pcp:69588kB local_pcp:21812kB free_cma:0kB
[  875.612128][T26254] lowmem_reserve[]: 0 0 1 1 1
[  875.617008][T26254] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  875.701075][T26254] lowmem_reserve[]: 0 0 0 0 0
[  875.713304][T26254] Node 1 Normal free:3906104kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10464kB local_pcp:10464kB free_cma:0kB
[  875.809555][T26254] lowmem_reserve[]: 0 0 0 0 0
[  875.824829][T26254] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  875.859828][T26254] Node 0 DMA32: 1553*4kB (UME) 690*8kB (UME) 933*16kB (UME) 522*32kB (UME) 160*64kB (UME) 74*128kB (UME) 56*256kB (UME) 57*512kB (UM) 2*1024kB (ME) 5*2048kB (ME) 227*4096kB (UM) = 1048676kB
[  875.873474][T26283] netlink: 'syz.5.6358': attribute type 303 has an invalid length.
[  875.907165][T26254] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  875.957659][T26254] Node 1 Normal: 212*4kB (UME) 55*8kB (UME) 43*16kB (UME) 222*32kB (UME) 77*64kB (UME) 25*128kB (UME) 5*256kB (UME) 3*512kB (ME) 1*1024kB (M) 3*2048kB (UE) 947*4096kB (M) = 3906104kB
[  876.024226][T26254] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  876.049817][T26254] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  876.069476][T26254] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  876.109821][T26254] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  876.171396][T26254] 43743 total pagecache pages
[  876.185130][T26254] 0 pages in swap cache
[  876.205219][T26254] Free swap  = 124996kB
[  876.227232][T26254] Total swap = 124996kB
[  876.236864][T26254] 2097051 pages RAM
[  876.267202][T26254] 0 pages HighMem/MovableOnly
[  876.271933][T26254] 425433 pages reserved
[  876.276101][T26254] 0 pages cma reserved
[  876.629474][T26308] FAULT_INJECTION: forcing a failure.
[  876.629474][T26308] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  876.669575][T26313] sch_fq: defrate 0 ignored.
[  876.688315][T26308] CPU: 1 UID: 0 PID: 26308 Comm: syz.6.6367 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  876.688349][T26308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  876.688362][T26308] Call Trace:
[  876.688371][T26308]  <TASK>
[  876.688381][T26308]  dump_stack_lvl+0x189/0x250
[  876.688431][T26308]  ? __pfx____ratelimit+0x10/0x10
[  876.688460][T26308]  ? __pfx_dump_stack_lvl+0x10/0x10
[  876.688485][T26308]  ? __pfx__printk+0x10/0x10
[  876.688513][T26308]  ? __might_fault+0xb0/0x130
[  876.688562][T26308]  should_fail_ex+0x414/0x560
[  876.688600][T26308]  _copy_to_iter+0x1db/0x16f0
[  876.688633][T26308]  ? __lock_acquire+0xab9/0xd20
[  876.688658][T26308]  ? __pfx__copy_to_iter+0x10/0x10
[  876.688685][T26308]  ? __local_bh_enable_ip+0x12d/0x1c0
[  876.688709][T26308]  ? lockdep_hardirqs_on+0x9c/0x150
[  876.688741][T26308]  ? page_copy_sane+0x16a/0x280
[  876.688766][T26308]  copy_page_to_iter+0x10c/0x1c0
[  876.688792][T26308]  sk_msg_recvmsg+0x28e/0xc20
[  876.688852][T26308]  unix_bpf_recvmsg+0x5a4/0xda0
[  876.688902][T26308]  ? __pfx_unix_bpf_recvmsg+0x10/0x10
[  876.688926][T26308]  ? __pfx_woken_wake_function+0x10/0x10
[  876.688951][T26308]  ? aa_sock_msg_perm+0x94/0x160
[  876.688984][T26308]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  876.689002][T26308]  ? unix_dgram_recvmsg+0x71/0xd0
[  876.689021][T26308]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  876.689042][T26308]  sock_recvmsg+0x229/0x270
[  876.689073][T26308]  ____sys_recvmsg+0x1c9/0x460
[  876.689106][T26308]  ? __pfx_____sys_recvmsg+0x10/0x10
[  876.689148][T26308]  ? import_iovec+0x74/0xa0
[  876.689177][T26308]  ___sys_recvmsg+0x1b5/0x510
[  876.689206][T26308]  ? __pfx____sys_recvmsg+0x10/0x10
[  876.689260][T26308]  ? __fget_files+0x3a0/0x420
[  876.689308][T26308]  __x64_sys_recvmsg+0x198/0x260
[  876.689334][T26308]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  876.689369][T26308]  ? __pfx_ksys_write+0x10/0x10
[  876.689391][T26308]  ? rcu_is_watching+0x15/0xb0
[  876.689422][T26308]  ? do_syscall_64+0xbe/0x3b0
[  876.689455][T26308]  do_syscall_64+0xfa/0x3b0
[  876.689481][T26308]  ? lockdep_hardirqs_on+0x9c/0x150
[  876.689506][T26308]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.689528][T26308]  ? clear_bhb_loop+0x60/0xb0
[  876.689562][T26308]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.689582][T26308] RIP: 0033:0x7f09dcb8e929
[  876.689601][T26308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  876.689619][T26308] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  876.689642][T26308] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  876.689658][T26308] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  876.689671][T26308] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  876.689685][T26308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  876.689698][T26308] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  876.689733][T26308]  </TASK>
[  877.344118][T26321] __nla_validate_parse: 7 callbacks suppressed
[  877.344138][T26321] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6373'.
[  877.366125][T26321] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6373'.
[  877.462385][T26324] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6373'.
[  877.512876][T26333] FAULT_INJECTION: forcing a failure.
[  877.512876][T26333] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  877.555335][T26333] CPU: 1 UID: 0 PID: 26333 Comm: syz.1.6378 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  877.555370][T26333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.555384][T26333] Call Trace:
[  877.555393][T26333]  <TASK>
[  877.555402][T26333]  dump_stack_lvl+0x189/0x250
[  877.555435][T26333]  ? __pfx____ratelimit+0x10/0x10
[  877.555464][T26333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  877.555489][T26333]  ? __pfx__printk+0x10/0x10
[  877.555520][T26333]  ? fs_reclaim_acquire+0x7d/0x100
[  877.555561][T26333]  should_fail_ex+0x414/0x560
[  877.555607][T26333]  prepare_alloc_pages+0x213/0x610
[  877.555648][T26333]  __alloc_frozen_pages_noprof+0x123/0x370
[  877.555684][T26333]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  877.555727][T26333]  ? policy_nodemask+0x27c/0x720
[  877.555752][T26333]  ? __lock_acquire+0xab9/0xd20
[  877.555781][T26333]  alloc_pages_mpol+0x232/0x4a0
[  877.555814][T26333]  vma_alloc_folio_noprof+0xe4/0x200
[  877.555843][T26333]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  877.555885][T26333]  folio_prealloc+0x30/0x180
[  877.555914][T26333]  __handle_mm_fault+0x183f/0x5620
[  877.555962][T26333]  ? __pfx___handle_mm_fault+0x10/0x10
[  877.556005][T26333]  ? follow_page_pte+0x8d6/0x14b0
[  877.556041][T26333]  handle_mm_fault+0x40a/0x8e0
[  877.556080][T26333]  __get_user_pages+0x1af4/0x30b0
[  877.556118][T26333]  ? mt_find+0x15c/0x5f0
[  877.556171][T26333]  ? __pfx___get_user_pages+0x10/0x10
[  877.556208][T26333]  populate_vma_page_range+0x26b/0x340
[  877.556233][T26333]  ? __pfx_populate_vma_page_range+0x10/0x10
[  877.556254][T26333]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  877.556284][T26333]  ? down_read+0x1ad/0x2e0
[  877.556317][T26333]  __mm_populate+0x24c/0x380
[  877.556343][T26333]  ? __pfx___mm_populate+0x10/0x10
[  877.556367][T26333]  ? up_write+0x1c4/0x420
[  877.556401][T26333]  vm_mmap_pgoff+0x3f0/0x4c0
[  877.556429][T26333]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  877.556455][T26333]  ? __fget_files+0x2a/0x420
[  877.556488][T26333]  ? __fget_files+0x3a0/0x420
[  877.556514][T26333]  ? __fget_files+0x2a/0x420
[  877.556547][T26333]  ksys_mmap_pgoff+0x51f/0x760
[  877.556592][T26333]  do_syscall_64+0xfa/0x3b0
[  877.556618][T26333]  ? lockdep_hardirqs_on+0x9c/0x150
[  877.556644][T26333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.556666][T26333]  ? clear_bhb_loop+0x60/0xb0
[  877.556691][T26333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.556712][T26333] RIP: 0033:0x7fb60718e929
[  877.556732][T26333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.556751][T26333] RSP: 002b:00007fb607f31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  877.556775][T26333] RAX: ffffffffffffffda RBX: 00007fb6073b6080 RCX: 00007fb60718e929
[  877.556791][T26333] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  877.556814][T26333] RBP: 00007fb607f31090 R08: 0000000000000005 R09: 0000000000000000
[  877.556827][T26333] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  877.556840][T26333] R13: 0000000000000000 R14: 00007fb6073b6080 R15: 00007ffe10dc2318
[  877.556876][T26333]  </TASK>
[  877.866838][T26336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6379'.
[  878.119879][T26336] bridge_slave_1: left allmulticast mode
[  878.125632][T26336] bridge_slave_1: left promiscuous mode
[  878.134152][T26336] bridge0: port 2(bridge_slave_1) entered disabled state
[  878.150403][T26336] bridge_slave_0: left allmulticast mode
[  878.156124][T26336] bridge_slave_0: left promiscuous mode
[  878.162450][T26336] bridge0: port 1(bridge_slave_0) entered disabled state
[  878.551688][T26355] netlink: 52 bytes leftover after parsing attributes in process `syz.5.6385'.
[  879.221938][T26374] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6392'.
[  879.245545][T26373] netlink: 'syz.5.6393': attribute type 10 has an invalid length.
[  879.274106][T26373] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6393'.
[  879.286366][T26369] netlink: 88 bytes leftover after parsing attributes in process `syz.4.6391'.
[  879.347282][T26369] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6391'.
[  880.179270][T26408] netlink: 'syz.6.6400': attribute type 1 has an invalid length.
[  881.057967][T26428] netlink: 'syz.4.6404': attribute type 303 has an invalid length.
[  881.191593][T26428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6404'.
[  881.282717][T26440] netlink: 'syz.0.6409': attribute type 1 has an invalid length.
[  881.339524][T26445] netlink: 'syz.1.6406': attribute type 303 has an invalid length.
[  881.576086][T26452] netlink: 'syz.0.6412': attribute type 10 has an invalid length.
[  883.309307][T26493] FAULT_INJECTION: forcing a failure.
[  883.309307][T26493] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  883.342816][T26493] CPU: 1 UID: 0 PID: 26493 Comm: syz.4.6425 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  883.342849][T26493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  883.342862][T26493] Call Trace:
[  883.342871][T26493]  <TASK>
[  883.342882][T26493]  dump_stack_lvl+0x189/0x250
[  883.342912][T26493]  ? __pfx____ratelimit+0x10/0x10
[  883.342940][T26493]  ? __pfx_dump_stack_lvl+0x10/0x10
[  883.342964][T26493]  ? __pfx__printk+0x10/0x10
[  883.342995][T26493]  ? fs_reclaim_acquire+0x7d/0x100
[  883.343035][T26493]  should_fail_ex+0x414/0x560
[  883.343073][T26493]  prepare_alloc_pages+0x213/0x610
[  883.343113][T26493]  __alloc_frozen_pages_noprof+0x123/0x370
[  883.343149][T26493]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  883.343192][T26493]  ? policy_nodemask+0x27c/0x720
[  883.343216][T26493]  ? __lock_acquire+0xab9/0xd20
[  883.343245][T26493]  alloc_pages_mpol+0x232/0x4a0
[  883.343278][T26493]  vma_alloc_folio_noprof+0xe4/0x200
[  883.343309][T26493]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  883.343352][T26493]  folio_prealloc+0x30/0x180
[  883.343381][T26493]  __handle_mm_fault+0x183f/0x5620
[  883.343430][T26493]  ? __pfx___handle_mm_fault+0x10/0x10
[  883.343472][T26493]  ? follow_page_pte+0x8d6/0x14b0
[  883.343513][T26493]  handle_mm_fault+0x40a/0x8e0
[  883.343559][T26493]  __get_user_pages+0x1af4/0x30b0
[  883.343598][T26493]  ? mt_find+0x15c/0x5f0
[  883.343649][T26493]  ? __pfx___get_user_pages+0x10/0x10
[  883.343685][T26493]  populate_vma_page_range+0x26b/0x340
[  883.343712][T26493]  ? __pfx_populate_vma_page_range+0x10/0x10
[  883.343731][T26493]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  883.343761][T26493]  ? down_read+0x1ad/0x2e0
[  883.343794][T26493]  __mm_populate+0x24c/0x380
[  883.343819][T26493]  ? __pfx___mm_populate+0x10/0x10
[  883.343844][T26493]  ? up_write+0x1f2/0x420
[  883.343877][T26493]  vm_mmap_pgoff+0x3f0/0x4c0
[  883.343906][T26493]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  883.343930][T26493]  ? __fget_files+0x2a/0x420
[  883.343963][T26493]  ? __fget_files+0x3a0/0x420
[  883.343988][T26493]  ? __fget_files+0x2a/0x420
[  883.344020][T26493]  ksys_mmap_pgoff+0x51f/0x760
[  883.344054][T26493]  do_syscall_64+0xfa/0x3b0
[  883.344080][T26493]  ? lockdep_hardirqs_on+0x9c/0x150
[  883.344106][T26493]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.344126][T26493]  ? clear_bhb_loop+0x60/0xb0
[  883.344153][T26493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.344172][T26493] RIP: 0033:0x7f83c858e929
[  883.344191][T26493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  883.344208][T26493] RSP: 002b:00007f83c9367038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  883.344230][T26493] RAX: ffffffffffffffda RBX: 00007f83c87b6080 RCX: 00007f83c858e929
[  883.344245][T26493] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  883.344258][T26493] RBP: 00007f83c9367090 R08: 0000000000000005 R09: 0000000000000000
[  883.344271][T26493] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  883.344284][T26493] R13: 0000000000000000 R14: 00007f83c87b6080 R15: 00007ffea5dcd3e8
[  883.344319][T26493]  </TASK>
[  883.533993][T26501] syzkaller0: entered promiscuous mode
[  883.677005][T26501] syzkaller0: entered allmulticast mode
[  884.058749][T26520] __nla_validate_parse: 4 callbacks suppressed
[  884.058783][T26520] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6435'.
[  884.218586][T26525] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6437'.
[  884.275073][T26525] bridge1: port 1(veth9) entered blocking state
[  884.284636][T26525] bridge1: port 1(veth9) entered disabled state
[  884.292853][T26525] veth9: entered allmulticast mode
[  884.301038][T26525] veth9: entered promiscuous mode
[  884.313777][T26528] bridge1: port 2(veth0_to_bond) entered blocking state
[  884.326984][T26528] bridge1: port 2(veth0_to_bond) entered disabled state
[  884.334667][T26528] veth0_to_bond: entered allmulticast mode
[  884.346877][T26528] veth0_to_bond: entered promiscuous mode
[  884.392733][T26525] vlan1: entered allmulticast mode
[  884.398301][T26525] veth1: entered allmulticast mode
[  885.309531][T26556] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  885.334325][T26557] syzkaller0: entered promiscuous mode
[  885.366899][T26557] syzkaller0: entered allmulticast mode
[  885.698538][T26559] syzkaller0: entered promiscuous mode
[  885.724369][T26559] syzkaller0: entered allmulticast mode
[  885.751559][T26557] tipc: Resetting bearer <eth:syzkaller0>
[  885.793308][T26551] tipc: Resetting bearer <eth:syzkaller0>
[  885.838951][T26551] tipc: Disabling bearer <eth:syzkaller0>
[  885.864605][T26572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6448'.
[  885.883928][T26572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6448'.
[  886.130419][T26575] FAULT_INJECTION: forcing a failure.
[  886.130419][T26575] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  886.193187][T26575] CPU: 1 UID: 0 PID: 26575 Comm: syz.6.6449 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  886.193220][T26575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  886.193233][T26575] Call Trace:
[  886.193242][T26575]  <TASK>
[  886.193252][T26575]  dump_stack_lvl+0x189/0x250
[  886.193290][T26575]  ? __pfx____ratelimit+0x10/0x10
[  886.193318][T26575]  ? __pfx_dump_stack_lvl+0x10/0x10
[  886.193344][T26575]  ? __pfx__printk+0x10/0x10
[  886.193381][T26575]  ? fs_reclaim_acquire+0x7d/0x100
[  886.193423][T26575]  should_fail_ex+0x414/0x560
[  886.193458][T26575]  prepare_alloc_pages+0x213/0x610
[  886.193497][T26575]  __alloc_frozen_pages_noprof+0x123/0x370
[  886.193533][T26575]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  886.193561][T26575]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  886.193598][T26575]  ? policy_nodemask+0x27c/0x720
[  886.193622][T26575]  ? __lock_acquire+0xab9/0xd20
[  886.193651][T26575]  alloc_pages_mpol+0x232/0x4a0
[  886.193685][T26575]  vma_alloc_folio_noprof+0xe4/0x200
[  886.193715][T26575]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  886.193758][T26575]  folio_prealloc+0x30/0x180
[  886.193798][T26575]  __handle_mm_fault+0x183f/0x5620
[  886.193854][T26575]  ? __pfx___handle_mm_fault+0x10/0x10
[  886.193896][T26575]  ? follow_page_pte+0x8d6/0x14b0
[  886.193938][T26575]  handle_mm_fault+0x40a/0x8e0
[  886.193976][T26575]  __get_user_pages+0x1af4/0x30b0
[  886.194045][T26575]  ? mt_find+0x15c/0x5f0
[  886.194104][T26575]  ? __pfx___get_user_pages+0x10/0x10
[  886.194140][T26575]  populate_vma_page_range+0x26b/0x340
[  886.194167][T26575]  ? __pfx_populate_vma_page_range+0x10/0x10
[  886.194185][T26575]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  886.194216][T26575]  ? down_read+0x1ad/0x2e0
[  886.194248][T26575]  __mm_populate+0x24c/0x380
[  886.194279][T26575]  ? __pfx___mm_populate+0x10/0x10
[  886.194304][T26575]  ? up_write+0x1f2/0x420
[  886.194338][T26575]  vm_mmap_pgoff+0x3f0/0x4c0
[  886.194367][T26575]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  886.194389][T26575]  ? __fget_files+0x2a/0x420
[  886.194423][T26575]  ? __fget_files+0x3a0/0x420
[  886.194449][T26575]  ? __fget_files+0x2a/0x420
[  886.194482][T26575]  ksys_mmap_pgoff+0x51f/0x760
[  886.194515][T26575]  do_syscall_64+0xfa/0x3b0
[  886.194541][T26575]  ? lockdep_hardirqs_on+0x9c/0x150
[  886.194567][T26575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.194588][T26575]  ? clear_bhb_loop+0x60/0xb0
[  886.194613][T26575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.194632][T26575] RIP: 0033:0x7f09dcb8e929
[  886.194652][T26575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  886.194669][T26575] RSP: 002b:00007f09dda73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  886.194692][T26575] RAX: ffffffffffffffda RBX: 00007f09dcdb6080 RCX: 00007f09dcb8e929
[  886.194707][T26575] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  886.194720][T26575] RBP: 00007f09dda73090 R08: 0000000000000005 R09: 0000000000000000
[  886.194732][T26575] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  886.194745][T26575] R13: 0000000000000000 R14: 00007f09dcdb6080 R15: 00007ffd18a1be58
[  886.194788][T26575]  </TASK>
[  887.766071][T26614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6462'.
[  888.062452][T26622] netlink: 'syz.5.6466': attribute type 1 has an invalid length.
[  888.098400][T26624] netlink: 'syz.6.6463': attribute type 303 has an invalid length.
[  888.111975][T26622] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6466'.
[  888.408327][T26618] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6463'.
[  888.891420][T26653] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  889.096483][T26667] Unsupported ieee802154 address type: 0
[  889.426976][T26680] tipc: Started in network mode
[  889.541644][T26685] FAULT_INJECTION: forcing a failure.
[  889.541644][T26685] name failslab, interval 1, probability 0, space 0, times 0
[  889.572949][T26680] tipc: Node identity ac14140f, cluster identity 4711
[  889.582263][T26685] CPU: 1 UID: 0 PID: 26685 Comm: syz.6.6486 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  889.582297][T26685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  889.582310][T26685] Call Trace:
[  889.582320][T26685]  <TASK>
[  889.582330][T26685]  dump_stack_lvl+0x189/0x250
[  889.582363][T26685]  ? __pfx____ratelimit+0x10/0x10
[  889.582392][T26685]  ? __pfx_dump_stack_lvl+0x10/0x10
[  889.582416][T26685]  ? __pfx__printk+0x10/0x10
[  889.582449][T26685]  ? __pfx___might_resched+0x10/0x10
[  889.582481][T26685]  should_fail_ex+0x414/0x560
[  889.582528][T26685]  should_failslab+0xa8/0x100
[  889.582560][T26685]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  889.582587][T26685]  ? __alloc_skb+0x112/0x2d0
[  889.582614][T26685]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  889.582648][T26685]  __alloc_skb+0x112/0x2d0
[  889.582681][T26685]  pfkey_sendmsg+0x1dd/0x1090
[  889.582718][T26685]  ? __pfx___might_resched+0x10/0x10
[  889.582740][T26685]  ? __lock_acquire+0xab9/0xd20
[  889.582768][T26685]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  889.582806][T26685]  ? aa_sk_perm+0x81e/0x950
[  889.582835][T26685]  ? is_bpf_text_address+0x26/0x2b0
[  889.582870][T26685]  ? __pfx_aa_sk_perm+0x10/0x10
[  889.582897][T26685]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  889.582928][T26685]  ? aa_sock_msg_perm+0x94/0x160
[  889.582961][T26685]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  889.582982][T26685]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  889.583011][T26685]  __sock_sendmsg+0x219/0x270
[  889.583042][T26685]  ____sys_sendmsg+0x505/0x830
[  889.583082][T26685]  ? __pfx_____sys_sendmsg+0x10/0x10
[  889.583125][T26685]  ? import_iovec+0x74/0xa0
[  889.583157][T26685]  ___sys_sendmsg+0x21f/0x2a0
[  889.583182][T26685]  ? __pfx____sys_sendmsg+0x10/0x10
[  889.583247][T26685]  ? __fget_files+0x2a/0x420
[  889.583275][T26685]  ? __fget_files+0x3a0/0x420
[  889.583316][T26685]  __x64_sys_sendmsg+0x19b/0x260
[  889.583341][T26685]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  889.583375][T26685]  ? __pfx_ksys_write+0x10/0x10
[  889.583398][T26685]  ? rcu_is_watching+0x15/0xb0
[  889.583430][T26685]  ? do_syscall_64+0xbe/0x3b0
[  889.583464][T26685]  do_syscall_64+0xfa/0x3b0
[  889.583490][T26685]  ? lockdep_hardirqs_on+0x9c/0x150
[  889.583525][T26685]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.583546][T26685]  ? clear_bhb_loop+0x60/0xb0
[  889.583573][T26685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.583593][T26685] RIP: 0033:0x7f09dcb8e929
[  889.583614][T26685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  889.583631][T26685] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  889.583655][T26685] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  889.583671][T26685] RDX: 0000000020000014 RSI: 0000200000000500 RDI: 0000000000000003
[  889.583685][T26685] RBP: 00007f09dda94090 R08: 0000000000000000 R09: 0000000000000000
[  889.583699][T26685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  889.583712][T26685] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  889.583746][T26685]  </TASK>
[  889.897859][T26680] tipc: New replicast peer: 255.255.255.255
[  889.921361][T26680] tipc: Enabled bearer <udp:syz2>, priority 10
[  889.951704][T26682] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6485'.
[  890.414261][T26703] netlink: 120 bytes leftover after parsing attributes in process `syz.5.6490'.
[  890.436582][T26704] netlink: 'syz.6.6493': attribute type 1 has an invalid length.
[  890.459765][T26704] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6493'.
[  890.464545][T26700] syzkaller0: entered promiscuous mode
[  890.495113][T26700] syzkaller0: entered allmulticast mode
[  891.017440][T18560] tipc: Node number set to 2886997007
[  891.728862][T26754] FAULT_INJECTION: forcing a failure.
[  891.728862][T26754] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  891.778896][T26754] CPU: 1 UID: 0 PID: 26754 Comm: syz.5.6508 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  891.778931][T26754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  891.778945][T26754] Call Trace:
[  891.778954][T26754]  <TASK>
[  891.778964][T26754]  dump_stack_lvl+0x189/0x250
[  891.778995][T26754]  ? __pfx____ratelimit+0x10/0x10
[  891.779025][T26754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  891.779051][T26754]  ? __pfx__printk+0x10/0x10
[  891.779082][T26754]  ? fs_reclaim_acquire+0x7d/0x100
[  891.779123][T26754]  should_fail_ex+0x414/0x560
[  891.779161][T26754]  prepare_alloc_pages+0x213/0x610
[  891.779201][T26754]  __alloc_frozen_pages_noprof+0x123/0x370
[  891.779244][T26754]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  891.779287][T26754]  ? policy_nodemask+0x27c/0x720
[  891.779310][T26754]  ? __lock_acquire+0xab9/0xd20
[  891.779340][T26754]  alloc_pages_mpol+0x232/0x4a0
[  891.779374][T26754]  vma_alloc_folio_noprof+0xe4/0x200
[  891.779405][T26754]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  891.779448][T26754]  folio_prealloc+0x30/0x180
[  891.779478][T26754]  __handle_mm_fault+0x183f/0x5620
[  891.779534][T26754]  ? __pfx___handle_mm_fault+0x10/0x10
[  891.779576][T26754]  ? follow_page_pte+0x8d6/0x14b0
[  891.779613][T26754]  handle_mm_fault+0x40a/0x8e0
[  891.779651][T26754]  __get_user_pages+0x1af4/0x30b0
[  891.779691][T26754]  ? mt_find+0x15c/0x5f0
[  891.779743][T26754]  ? __pfx___get_user_pages+0x10/0x10
[  891.779778][T26754]  populate_vma_page_range+0x26b/0x340
[  891.779805][T26754]  ? __pfx_populate_vma_page_range+0x10/0x10
[  891.779825][T26754]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  891.779856][T26754]  ? down_read+0x1ad/0x2e0
[  891.779891][T26754]  __mm_populate+0x24c/0x380
[  891.779917][T26754]  ? __pfx___mm_populate+0x10/0x10
[  891.779943][T26754]  ? up_write+0x1f2/0x420
[  891.779976][T26754]  vm_mmap_pgoff+0x3f0/0x4c0
[  891.780005][T26754]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  891.780030][T26754]  ? __fget_files+0x2a/0x420
[  891.780063][T26754]  ? __fget_files+0x3a0/0x420
[  891.780089][T26754]  ? __fget_files+0x2a/0x420
[  891.780123][T26754]  ksys_mmap_pgoff+0x51f/0x760
[  891.780157][T26754]  do_syscall_64+0xfa/0x3b0
[  891.780184][T26754]  ? lockdep_hardirqs_on+0x9c/0x150
[  891.780211][T26754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.780232][T26754]  ? clear_bhb_loop+0x60/0xb0
[  891.780258][T26754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.780279][T26754] RIP: 0033:0x7fc9fc38e929
[  891.780299][T26754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  891.780318][T26754] RSP: 002b:00007fc9fa1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  891.780341][T26754] RAX: ffffffffffffffda RBX: 00007fc9fc5b6160 RCX: 00007fc9fc38e929
[  891.780357][T26754] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  891.780371][T26754] RBP: 00007fc9fa1b4090 R08: 0000000000000005 R09: 0000000000000000
[  891.780384][T26754] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  891.780398][T26754] R13: 0000000000000000 R14: 00007fc9fc5b6160 R15: 00007ffd29cda728
[  891.780435][T26754]  </TASK>
[  892.119341][T26757] netlink: 'syz.4.6510': attribute type 1 has an invalid length.
[  892.127275][T26757] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6510'.
[  892.212336][T26759] netlink: 'syz.4.6511': attribute type 3 has an invalid length.
[  892.720700][T26778] team0: Port device gtp0 added
[  893.304401][T26802] gre1: entered promiscuous mode
[  893.350841][T26809] FAULT_INJECTION: forcing a failure.
[  893.350841][T26809] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  893.398372][T26809] CPU: 1 UID: 0 PID: 26809 Comm: syz.4.6527 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  893.398405][T26809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  893.398418][T26809] Call Trace:
[  893.398428][T26809]  <TASK>
[  893.398438][T26809]  dump_stack_lvl+0x189/0x250
[  893.398470][T26809]  ? __pfx____ratelimit+0x10/0x10
[  893.398507][T26809]  ? __pfx_dump_stack_lvl+0x10/0x10
[  893.398532][T26809]  ? __pfx__printk+0x10/0x10
[  893.398563][T26809]  ? fs_reclaim_acquire+0x7d/0x100
[  893.398604][T26809]  should_fail_ex+0x414/0x560
[  893.398641][T26809]  prepare_alloc_pages+0x213/0x610
[  893.398681][T26809]  __alloc_frozen_pages_noprof+0x123/0x370
[  893.398717][T26809]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  893.398758][T26809]  ? policy_nodemask+0x27c/0x720
[  893.398783][T26809]  ? __lock_acquire+0xab9/0xd20
[  893.398812][T26809]  alloc_pages_mpol+0x232/0x4a0
[  893.398846][T26809]  vma_alloc_folio_noprof+0xe4/0x200
[  893.398877][T26809]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  893.398919][T26809]  folio_prealloc+0x30/0x180
[  893.398948][T26809]  __handle_mm_fault+0x183f/0x5620
[  893.398997][T26809]  ? __pfx___handle_mm_fault+0x10/0x10
[  893.399038][T26809]  ? follow_page_pte+0x8d6/0x14b0
[  893.399074][T26809]  handle_mm_fault+0x40a/0x8e0
[  893.399111][T26809]  __get_user_pages+0x1af4/0x30b0
[  893.399150][T26809]  ? mt_find+0x15c/0x5f0
[  893.399202][T26809]  ? __pfx___get_user_pages+0x10/0x10
[  893.399237][T26809]  populate_vma_page_range+0x26b/0x340
[  893.399263][T26809]  ? __pfx_populate_vma_page_range+0x10/0x10
[  893.399283][T26809]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  893.399313][T26809]  ? down_read+0x1ad/0x2e0
[  893.399347][T26809]  __mm_populate+0x24c/0x380
[  893.399373][T26809]  ? __pfx___mm_populate+0x10/0x10
[  893.399398][T26809]  ? up_write+0x1c4/0x420
[  893.399431][T26809]  vm_mmap_pgoff+0x3f0/0x4c0
[  893.399460][T26809]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  893.399484][T26809]  ? __fget_files+0x2a/0x420
[  893.399527][T26809]  ? __fget_files+0x3a0/0x420
[  893.399552][T26809]  ? __fget_files+0x2a/0x420
[  893.399585][T26809]  ksys_mmap_pgoff+0x51f/0x760
[  893.399618][T26809]  do_syscall_64+0xfa/0x3b0
[  893.399645][T26809]  ? lockdep_hardirqs_on+0x9c/0x150
[  893.399671][T26809]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.399691][T26809]  ? clear_bhb_loop+0x60/0xb0
[  893.399717][T26809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.399736][T26809] RIP: 0033:0x7f83c858e929
[  893.399755][T26809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  893.399773][T26809] RSP: 002b:00007f83c9367038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  893.399796][T26809] RAX: ffffffffffffffda RBX: 00007f83c87b6080 RCX: 00007f83c858e929
[  893.399812][T26809] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  893.399825][T26809] RBP: 00007f83c9367090 R08: 0000000000000005 R09: 0000000000000000
[  893.399837][T26809] R10: 0000000000022052 R11: 0000000000000246 R12: 0000000000000002
[  893.399850][T26809] R13: 0000000000000000 R14: 00007f83c87b6080 R15: 00007ffea5dcd3e8
[  893.399886][T26809]  </TASK>
[  893.916943][T26815] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6529'.
[  894.014665][T26821] Bluetooth: hci1: Opcode 0x080f failed: -4
[  894.565013][T26842] netlink: 'syz.4.6539': attribute type 1 has an invalid length.
[  894.604189][T26842] netlink: 'syz.4.6539': attribute type 10 has an invalid length.
[  894.627348][T26842] netlink: 236 bytes leftover after parsing attributes in process `syz.4.6539'.
[  894.896964][T26847] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI
[  894.909076][T26847] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[  894.917597][T26847] CPU: 0 UID: 0 PID: 26847 Comm: syz.6.6540 Not tainted 6.16.0-rc4-syzkaller-01191-gc65d34296b22 #0 PREEMPT(full) 
[  894.929782][T26847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  894.939879][T26847] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[  894.946438][T26847] Code: 89 ef e8 60 04 ab f8 4d 89 ef 85 db 74 0d e8 e4 83 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 29 04 ab f8 48 8b
[  894.966081][T26847] RSP: 0018:ffffc90002e67128 EFLAGS: 00010202
[  894.972190][T26847] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002
[  894.980193][T26847] RDX: ffff88802e06bc00 RSI: 0000000000000000 RDI: 0000000000000000
[  894.988199][T26847] RBP: 0000000000000000 R08: ffff88802e06bc00 R09: 0000000000000002
[  894.996383][T26847] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000a0009
[  895.004388][T26847] R13: ffff8880305f5000 R14: dffffc0000000000 R15: ffff8880305f5000
[  895.012465][T26847] FS:  00007f09dda946c0(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000
[  895.021524][T26847] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  895.028145][T26847] CR2: 0000000000000024 CR3: 0000000054bfa000 CR4: 00000000003526f0
[  895.036510][T26847] Call Trace:
[  895.039823][T26847]  <TASK>
[  895.042779][T26847]  ? qdisc_tree_reduce_backlog+0x3c/0x480
[  895.048543][T26847]  hhf_change+0x764/0xad0
[  895.052910][T26847]  ? __pfx_hhf_change+0x10/0x10
[  895.057799][T26847]  ? __raw_spin_lock_init+0x45/0x100
[  895.063217][T26847]  ? qdisc_alloc+0x7a1/0xaa0
[  895.067838][T26847]  ? __pfx_hhf_init+0x10/0x10
[  895.072542][T26847]  hhf_init+0x213/0x950
[  895.076725][T26847]  ? __pfx_hhf_init+0x10/0x10
[  895.081418][T26847]  qdisc_create+0x7a9/0xea0
[  895.085938][T26847]  tc_modify_qdisc+0x1426/0x2010
[  895.090910][T26847]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  895.096207][T26847]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  895.101576][T26847]  rtnetlink_rcv_msg+0x77c/0xb70
[  895.106514][T26847]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  895.111624][T26847]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  895.117112][T26847]  netlink_rcv_skb+0x205/0x470
[  895.121901][T26847]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  895.127883][T26847]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  895.133171][T26847]  ? netlink_deliver_tap+0x2e/0x1b0
[  895.138376][T26847]  ? netlink_deliver_tap+0x2e/0x1b0
[  895.143669][T26847]  netlink_unicast+0x758/0x8d0
[  895.148529][T26847]  netlink_sendmsg+0x805/0xb30
[  895.153294][T26847]  ? __pfx_netlink_sendmsg+0x10/0x10
[  895.158592][T26847]  ? aa_sock_msg_perm+0x94/0x160
[  895.163528][T26847]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  895.168810][T26847]  ? __pfx_netlink_sendmsg+0x10/0x10
[  895.174371][T26847]  __sock_sendmsg+0x219/0x270
[  895.179050][T26847]  ____sys_sendmsg+0x505/0x830
[  895.183921][T26847]  ? __pfx_____sys_sendmsg+0x10/0x10
[  895.189338][T26847]  ? import_iovec+0x74/0xa0
[  895.193891][T26847]  ___sys_sendmsg+0x21f/0x2a0
[  895.198585][T26847]  ? __pfx____sys_sendmsg+0x10/0x10
[  895.204145][T26847]  ? __fget_files+0x2a/0x420
[  895.208779][T26847]  ? __fget_files+0x3a0/0x420
[  895.213465][T26847]  __x64_sys_sendmsg+0x19b/0x260
[  895.218421][T26847]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  895.223886][T26847]  ? rcu_is_watching+0x15/0xb0
[  895.228653][T26847]  ? do_syscall_64+0xbe/0x3b0
[  895.233358][T26847]  do_syscall_64+0xfa/0x3b0
[  895.237971][T26847]  ? lockdep_hardirqs_on+0x9c/0x150
[  895.243175][T26847]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.249244][T26847]  ? clear_bhb_loop+0x60/0xb0
[  895.253928][T26847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.259909][T26847] RIP: 0033:0x7f09dcb8e929
[  895.264344][T26847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  895.283948][T26847] RSP: 002b:00007f09dda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  895.292371][T26847] RAX: ffffffffffffffda RBX: 00007f09dcdb5fa0 RCX: 00007f09dcb8e929
[  895.300349][T26847] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000003
[  895.308332][T26847] RBP: 00007f09dcc10b39 R08: 0000000000000000 R09: 0000000000000000
[  895.316489][T26847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  895.324474][T26847] R13: 0000000000000000 R14: 00007f09dcdb5fa0 R15: 00007ffd18a1be58
[  895.332789][T26847]  </TASK>
[  895.335810][T26847] Modules linked in:
[  895.339896][T26847] ---[ end trace 0000000000000000 ]---
[  895.345350][T26847] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[  895.351796][T26847] Code: 89 ef e8 60 04 ab f8 4d 89 ef 85 db 74 0d e8 e4 83 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 29 04 ab f8 48 8b
[  895.371471][T26847] RSP: 0018:ffffc90002e67128 EFLAGS: 00010202
[  895.377717][T26847] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002
[  895.386053][T26847] RDX: ffff88802e06bc00 RSI: 0000000000000000 RDI: 0000000000000000
[  895.394098][T26847] RBP: 0000000000000000 R08: ffff88802e06bc00 R09: 0000000000000002
[  895.402106][T26847] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000a0009
[  895.410115][T26847] R13: ffff8880305f5000 R14: dffffc0000000000 R15: ffff8880305f5000
[  895.412040][T26861] xt_recent: hitcount (262143) is larger than allowed maximum (65535)
[  895.418137][T26847] FS:  00007f09dda946c0(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000
[  895.418162][T26847] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  895.418180][T26847] CR2: 0000000000000024 CR3: 0000000054bfa000 CR4: 00000000003526f0
[  895.418204][T26847] Kernel panic - not syncing: Fatal exception in interrupt
[  895.418543][T26847] Kernel Offset: disabled