last executing test programs:

13.101900789s ago: executing program 0 (id=3218):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0x2e5, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r5, 0x0, 0x0, 0x3, {@ip4=@empty}}}]}, 0x38}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000000c0))
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000006c0)={'ip6_vti0\x00', <r6=>r5, 0x4, 0x4, 0x0, 0xf4b, 0x10, @remote, @mcast2, 0x10, 0x700, 0x6, 0x8}})
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=@newlink={0x34, 0x10, 0x100, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, 0x682c727b773b4dd1, 0x10000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000180)=0x3, 0x4)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x14150, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x700, @loopback}, 0x1c)
sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef", 0x8, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3d, 0x0, &(0x7f0000000100))

12.02856516s ago: executing program 0 (id=3230):
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x4040)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000ffffff8d0000aaff02000000000000000000000000000188"], 0xffe)

11.562972104s ago: executing program 0 (id=3237):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x10004}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x102}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}], 0x6}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40000020, 0x0)

11.435894808s ago: executing program 0 (id=3239):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x11, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d04001c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a5400300001d2300000009"}}}}}}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910920000000000630ae8ff000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000004f00010000000000000000080001"], 0x1c}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_emit_ethernet(0x86, &(0x7f0000000180)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0xfffc, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x1, "b3ed3f3eff5dc97c0e6617a580210ec9809bfa714677994cee3213c83202ca3f", "c36db0aa77ffea8b5303ccd0e06692e1", {"0ee9ef2f500c2a6b0d0400156feac886", "fa0e64385c7c64b5a387c641f2aafe69"}}}}}}}, 0x0)

10.956859335s ago: executing program 0 (id=3241):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000), 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000005f40)={0x0, 0x0, &(0x7f0000005f00)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x80b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x3a, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
r2 = accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000000c0)=0x14)
r4 = socket(0x10, 0x2, 0x0)
write(r4, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f0a0000000200000000000000", 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000001b00)=@newtaction={0x18, 0x76, 0x1, 0x0, 0x0, {0x0, 0x0, 0x300}, [{0x4}]}, 0x18}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
poll(&(0x7f0000000100)=[{r0, 0x22}, {r0, 0x40}, {r0, 0x8000}, {r0, 0x1000}, {r2, 0x5208}, {r0, 0x4}, {r0, 0x2a}, {r0, 0x2030}], 0x8, 0x7f)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r7, 0x0)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r6)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=@dellink={0x28, 0x11, 0x1, 0xfffffffd, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, 0x1, 0x8001}, [@IFLA_OPERSTATE={0x5, 0x10, 0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000340)={'wg2\x00', <r11=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000380)={'batadv0\x00', <r12=>0x0})
r13 = socket$packet(0x11, 0x3, 0x300)
r14 = openat$tun(0xffffffffffffff9c, &(0x7f00000007c0), 0x80000, 0x0)
ioctl$TUNSETPERSIST(r14, 0x400454cb, 0x1)
setsockopt$packet_int(r13, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r15=>0x0})
sendto$packet(r13, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x1003f, 0x0, &(0x7f0000000140)={0x11, 0x0, r15}, 0x14)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f00000006c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0xa0}, 0xc, &(0x7f0000000680)={&(0x7f00000003c0)={0x2c0, r8, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x50}, 0x1)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@cgroup, 0x1f, 0x1, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0]}, 0x40)

10.165983355s ago: executing program 0 (id=3250):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40401, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', <r4=>0x0})
connect$can_j1939(r2, &(0x7f0000000380)={0x1d, r4, 0x2, {0x1, 0x0, 0x2}}, 0x18)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x34, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r6=>0x0, &(0x7f00000000c0)=0x4)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000340)={<r7=>r0, 0x9, 0x839, 0x100000000})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e000000040000000400000008"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r8, &(0x7f00000007c0), &(0x7f00000000c0)=""/79}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)='%ps    \x00'}, 0x20)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x17, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r10, @ANYBLOB="0000000000000000c30000000001000095"], &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x6, 0x8b9, 0x1, 0x88, 0xffffffffffffffff, 0x60b, '\x00', r4, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0xc, @void, @value, @void, @value}, 0x50)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@bloom_filter={0x1e, 0x81, 0x1000, 0x8001, 0x601, 0x1, 0x4, '\x00', r6, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0x7, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740)={r5, <r13=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x12, &(0x7f00000004c0)=@raw=[@printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0xc4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x787bf9bb6a123f33}}], &(0x7f0000000180)='syzkaller\x00', 0x7ff, 0x7, &(0x7f00000001c0)=""/7, 0x40f00, 0x20, '\x00', r4, 0x25, r7, 0x8, &(0x7f0000000400)={0x1, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[0xffffffffffffffff, r8, 0xffffffffffffffff, 0xffffffffffffffff, r9, r10, r11, r12, r13], 0x0, 0x10, 0x5, @void, @value}, 0x94)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000100)=r6)

3.121446307s ago: executing program 1 (id=3318):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)={0x20000000})
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000400)={r0, 0x9, 0x76, 0x8000000000000001})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000f7ffffff0000001400000018000180140002006e657464657673696d300000000000000800050001040f0f080003000000080008000f00f7ffffff08000600040000000800110009000000080002"], 0x5c}}, 0x0)

2.840567517s ago: executing program 3 (id=3322):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x9b0, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f00000001c0)={0x1d, r2}, 0x10)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4)
sendmsg$can_raw(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@can={{0x4, 0x0, 0x0, 0x1}, 0x6}, 0x10}}, 0x800)
recvmmsg(r1, &(0x7f0000002b40)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001400)={0x11, 0x10, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {}, [@alu={0x7, 0x0, 0xd, 0x4, 0x0, 0xffffffffffffffff, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x10b}}}, &(0x7f00000014c0)='GPL\x00', 0xffff, 0x1000, &(0x7f0000000380)=""/4096, 0x1e00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x5, 0x0, 0x2, 0x4}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000200)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001380)=[{0x5, 0x4, 0xe, 0x6}, {0x5, 0x1, 0xd, 0x5}, {0x2, 0x5, 0x0, 0x6}, {0x2, 0x1, 0x9, 0xa}, {0x7, 0x2, 0x8, 0x1}, {0x2, 0x2, 0xd, 0xb}, {0x3, 0x2, 0x8, 0x4}], 0x10, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='i2c_write\x00', r3, 0x0, 0x8}, 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}}, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r10 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x0)
connect$rose(r10, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c)
connect$rose(r10, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x40)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'pim6reg0\x00'})

2.103070785s ago: executing program 2 (id=3323):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83300fe8000000000000000000000002000aaff020000000000000000000000000001"], 0xffe)

2.086762025s ago: executing program 1 (id=3324):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {}, {0x5, 0x3}}}, 0x24}}, 0x40004)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="480000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000200012800b00010067726574617000001000028004001200050009000000000008000a00", @ANYRES32=r7, @ANYBLOB="8af3f799319d14675516cae38fb25eedb279ce541eb36c31c92d3749a27042b9003eb232d0f61092270c11fa1ababe2b3965e5cacb455b99fab9da2d87679164b366c6cdb937a580d62dea8f534293b88bed10b9ef49f6d88081185ab4fb11810fb3ba0f25884f695943b5b68fcb47e438"], 0x48}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000802800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)

2.085285903s ago: executing program 4 (id=3325):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x24, 0x4, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}]}, 0x24}}, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r6=>0x0})
r7 = socket(0x840000000002, 0x3, 0x100)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendto$inet6(r9, &(0x7f0000847fff)="e5", 0x1, 0x20000094, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x701, 0x3, 0x258, 0x0, 0xba02004b, 0x108, 0x0, 0x0, 0x1c0, 0x1c8, 0x1c8, 0x1c0, 0x1c8, 0x3, 0x0, {[{{@ip={@rand_addr, @dev, 0x0, 0x0, 'caif0\x00', 'veth0\x00', {}, {}, 0x32}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@inet=@esp={{0x30}, {[], 0x2}}]}, @common=@SET={0x60}}, {{@ip={@remote, @loopback, 0x0, 0x0, 'veth0_to_hsr\x00', 'wg2\x00', {0xff}}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2b8)
sendmsg$NL80211_CMD_ADD_TX_TS(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="ea5303005d486bb54cfd6f78efd29218cc1330dc160cd4bd85a35e57c4054b5b5e6b8af0a466bf180d90615f39c187aeb1c2282fb7b40dbc00000000", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x2008000}, 0x200004c4)
setsockopt$llc_int(r2, 0x10c, 0x4, &(0x7f0000000000)=0x1e2600, 0x4)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0xb49, 'syz1\x00', @bcast, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})

1.911250905s ago: executing program 4 (id=3326):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x80000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r3, &(0x7f00000003c0)={0x0, 0x3, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r4, 0x301, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0x0, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

1.811511371s ago: executing program 3 (id=3327):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0xb49, 'syz1\x00', @bcast, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})

1.572387089s ago: executing program 2 (id=3328):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
shutdown(r0, 0x1)
ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'hsr0\x00', &(0x7f00000004c0)=@ethtool_sfeatures={0x3b, 0x2, [{0x200, 0x4a39b33c}, {0x2, 0x9}]}})
r3 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x800)
r4 = getuid()
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000b00)=ANY=[@ANYBLOB="c00500002d00010000000000000000001400a50000000000000000000000ffff7f0000012b0011802fe5afbf24fbcccc554cd9761e79b8dad8a2018544a3f855448c77987d9d7a5233e2eb7028400500a46c4baa4a54929ae5205aba1818d8ebfbc65a83631cb4de11c4906a4fb703fde6bed1b840a089fd3162e6ae72f280329d69ec499fb515ddfda531a4d61a8ae5b75df0473274bbbd543128695a7a30f6984ee2af03551714e3e049ae04093a26b6c27b995ef4cd1823f6aa7b677f08ce3788d6e44a846d3e4c95ffb9b8271361eb57218f816b82bd2a17bf2a7ca1744edf60601401d1f31cc9075b3b62f902b3b31a3b562ab5ac8ed7cb0304807c01388004009e8004004680090001002e5b5c2900000000aae20c993aad764b2f4578763b766b027e2ce52e8eae3bf45f778364d81daf0fc3dcc2f0ad0d028a5c565d9a0f620d602a7c71bb0b8e22caf794661b4eeab87cc8874e92e00c63a6127be7cc90b94d280105697475673176f7ee4a530c933519cc00ae2c23aad51330ebcd2badc2cc8b1c66b331018a366e150206daa9ba05534553824a6e2a1bdba068fae24494e36eb210d72f2b30441168a6de187021e21d989b843e7a5f49f607d2c73ce9c1a869d606da52dcf07ebbdaee5b580a806a9c7229587dc6acbfb25c4f6661d62d9a13d54258cc16e2cf542f28b1dc60a2b4ac33e7418c6869e7c8341c1c9f078561609c8fc760331f458e130cf8cec40d4215560996e1c22bab81bd773316c9c2ebd2fcdada316dbe4b51c7ccea4ee3f7666f5d1f9a37c12972743e5d572f94171846d59497bb1721f52c05a6fcf54fa0466905825376685e703b767b839590e77c87e22f354c2c19d066e69c9bc354b265b099570158027ca11260f4812b36e28566b5623b7c898c13f33a558ae33f59ac9189413cd477e8d317db3c7d71b8302247db01857a7dcb3fd1ff52b93e8baa15b2f853d9f76556fd95ce4a2df6ca0bd608ad80dfcf71ab51b4d2ba21109637fedbdf335c43092b03773540a02f01f58008007b00ac1414bb323518b5a56ba327936369a86afbff67996231725e3da4ea02c32d21f8412d474ff879bad1ec6e2e4fdc596fa2375f5a5e654406e9fbea8f61773ab27fe5be1aee9259e0a322be28e839ddb2134bcbc7a121b66a2a851fe04f9577d547d6e662aca618dfa28f25bacb37bdc8f197205e8f2fcb94f3d21274adc368903b6964c980f2a4f9cf84bcfe18c9fafd9c1a2e2d7b6125f0a3dbfffd8e1638f26e79013c36f30fbd8af80fd410d17cb421c90526ff32f8c6283ca51d876ec399519a52f98af964ccc3a6355bc0469929ac7a361441817c8345b7f9903e63762258578e13721f1d486993b485cbf0becc20d95f1c138bb0a68f4cc88f2c476232ce1bc4f56f72abd5a626032f595bfabe16a0cad19df320cbed1e9a3530e554bca7d16f680cc43a007a02c197e4c121d13797992ee0ac2cc0d17865fa6e33a79dd3ffddb9e3919fec8fdf8873c7227a9a6d0c8ba5f01c55fa511ad12c281f632a07b94d80146fda05e853cfb426b9e92d35ab25067cf7e33e8569ca3727521a9d91cead43e26c0eb9570753b3ad785852bfc13f3191ad2f735627512d3132467350f6bcabbafdf42a94bd34e8be1a47a509007a00687372300000000008001e00", @ANYRES32=r3, @ANYBLOB="edffffff", @ANYRES32=r4, @ANYBLOB="0800ff00000200000800158004004f800060cca66bf2c79a9588db607501634dab08c15412114a5ebb2677df07762742351579425ed42889c461baa9dfd71f0611341e095ac5c0f550826a8e5992c267aba450444291d346159b1eada074ba1aa4d975e3d6668576e4c4299c6b5803997b5d0fbb1d1e8d9e162242450658fc747de9276a6f6042bf22eff24fe79d70f970d70c4132d23c017a1fe18fd6f9e93461302e6ab01e71a7a6ab8f797d447680f3d7dbd6bde6b1edd2d4df4f89ae594d1e21eae1e8ba1a40f8a20c955a63f7d5c571d4e7307119a0fac3f769c5375367f5a0a74bc4ca9f016cab01458dcd62658d6041233aa158ec5de52d634aca8647100aaedf1c123c04000a0000"], 0x5c0}], 0x1}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000180)={r1, r0, 0x3839, 0x1b, &(0x7f00000000c0)="d6442e37b947e5763eb941858157a7db6e1a8c4fb298105b114192", 0x8, 0xff, 0x5, 0x6, 0x3, 0x1, 0xb, 'syz0\x00'})

1.570861191s ago: executing program 3 (id=3329):
socket$inet6(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
socket$inet6(0xa, 0x80803, 0x87)
syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fe800000000000000000001200000000fe8000000000000000000000000000aa87"], 0x0)

1.516986241s ago: executing program 4 (id=3330):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x7, @loopback, 0x3}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x3b00, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @local, {[], @mld={0x187, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0)

1.299533316s ago: executing program 4 (id=3331):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x60, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x24, 0x11, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_SREG={0x8}, @NFTA_EXTHDR_OP={0x8}]}}}]}], {0x14, 0x10}}, 0xa8}}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
accept4$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @my=0x1}, 0x10, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10)

1.279856693s ago: executing program 3 (id=3332):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES16=r0], 0x38}, 0x1, 0x0, 0x0, 0x28040044}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00060000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r2, @ANYBLOB="0a0001"], 0x48}}, 0x0)

1.015954619s ago: executing program 4 (id=3333):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0x8b}, @exit], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}]}, 0x5c}}, 0x8000)
r1 = socket$pppoe(0x18, 0x1, 0x0)
recvfrom(r1, &(0x7f0000000100)=""/81, 0x51, 0x10042, &(0x7f0000000180)=@phonet={0x23, 0x40, 0x2, 0x1}, 0x80) (async)
recvfrom(r1, &(0x7f0000000100)=""/81, 0x51, 0x10042, &(0x7f0000000180)=@phonet={0x23, 0x40, 0x2, 0x1}, 0x80)
socket$nl_generic(0x10, 0x3, 0x10)

1.015386008s ago: executing program 1 (id=3334):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000200000000000000060000090f000700756e636f6e66696e656400001400030000000000000000020000000000000000140002"], 0x4c}, 0x2, 0x34005}, 0x0)

930.955299ms ago: executing program 2 (id=3335):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0x0, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) (fail_nth: 1)

876.420937ms ago: executing program 4 (id=3336):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x9b0, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f00000001c0)={0x1d, r2}, 0x10)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4)
sendmsg$can_raw(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@can={{0x4, 0x0, 0x0, 0x1}, 0x6}, 0x10}}, 0x800)
recvmmsg(r1, &(0x7f0000002b40)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001400)={0x11, 0x10, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {}, [@alu={0x7, 0x0, 0xd, 0x4, 0x0, 0xffffffffffffffff, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x10b}}}, &(0x7f00000014c0)='GPL\x00', 0xffff, 0x1000, &(0x7f0000000380)=""/4096, 0x1e00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x5, 0x0, 0x2, 0x4}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000200)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001380)=[{0x5, 0x4, 0xe, 0x6}, {0x5, 0x1, 0xd, 0x5}, {0x2, 0x5, 0x0, 0x6}, {0x2, 0x1, 0x9, 0xa}, {0x7, 0x2, 0x8, 0x1}, {0x2, 0x2, 0xd, 0xb}, {0x3, 0x2, 0x8, 0x4}], 0x10, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='i2c_write\x00', r3, 0x0, 0x8}, 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}}, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r10 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x0)
connect$rose(r10, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c)
connect$rose(r10, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x40)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'pim6reg0\x00'})

868.570088ms ago: executing program 1 (id=3337):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x0)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1}, 0x8)
close(r2)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000300)="8820bb545502cc6514eecd73f539f4532fb684e2a415dfd46dd74998884cdf63dfe6cff614ea21fb79cb5023ae6e45b2d45ef55110ea2582d6a32864995837fada1d769eab118752f2a9816a10a7b47fb94e3053cff630e7834a8d4dfbd963c7e73902d4cfe52ffcdec19794e1736ab926a07350ed516d54da9a3ecf04ab08b70a6cfd75a41ed8f930b484582d17e65750f152f10192676c1d6506950e5c5e68074486cf95bbdde403af1f69b0286effa89aa39e637762b13d8c629548cf78cb1854931d01d342a06c36ec6e4373c2812eb3d7aec416c6d71402327b2038f999e2b0f858df7e5c08ff5d57f3d4603d25d27bccde5d763f5154f15daea0938303f81b61b387bc218d2fabea6cdd9a2969570cee8cf57a84ec372d6a9088f71fa5e1f96eb3cb88bb6781ab98b0110648177681c116df847af4161172913b3990c4a8e270e012174878801e53da47f982598f1ed5e937da70d1ca745d18b3a18ef558ac694955084e28c90e02ce97a736c7524b9747a1a7e21f628dad1903f782ab998270a50d817bb25b531368e1b60af275e119282d89e6d7b83f2a2eb56b5ec04df4d26b50c85710b277aee1c7fbcef2df08e24e20ad5e82e774e547e13eefa5504b0fba37f626df625b3ba4ccf9df89139bd032eb7e7ca32421207ebcd50a1d0ee60c4e1d8eee116ffc77908a1edc2d4111a3a09bfe765e7e8ae84d0d4e2d71120ddcb9ad68b59b5f8e008c24c627bfd80157a1bc3424df15c21fc3d1fc6aedf5dbaad96413f42144e0d2697806871bf704f2c925701ca0408f224f3cab9596ffc0e48c09ace934c0d168ac1c8e3068917a966eac3bb808c2e40e4d55b2a80b794a732beb043f85bf98e85352a8f5bdacdd8e0e5e34ddbc0012a78a1b760a15ae2241ab32c2a25ceab3b15c8749aa560a8fd480903304515683b8acc118b0e510eb80c53ab5dcd8803aaa3ad669eb180e7d48a26280afdb5a3fc5a9ba2bc3b52be1ddb23350aa3c437e08c7ba4bf71545c49cfc0ca44a007aa02b404fd5b0eaf510107450c378ac57a97a4e96a22c5a0f60d70de084fa0b77769286ece886e372c8e0395c78e27a0d9df499767b4dd60bb5ab3f300f19f228c123495c9c913f146c1e5874ffd4911502306336937d98a0cd8a6fef2aea0824765bf2a172a069ccf05cd14782791bfd9882f7af7ad16812cc9e410249fe3e251d800840a0922983f22e1d2acec8e7b4ad50ece77e1cff1868d768a670f077b22928704b714dd7b71a905997199b5f6898c3b890638d81976f382130acb6b96e5d44ec95180e53397a6fe697d8ac856fa95effa644724004e6d4b79fab86a74dde525edb645f43c478c69daab1a878e95d0e5c50f0f31501c3297e59166f0ccaf1970cbf3df79198b669aa7e8757a6548d090cf75ac725cb0f393dfe369b31ec81d72fbaf562794fe2cc27d53894ad8325575982bbda65ec551701e6bafbcaeef3e4d5d765219e211a6fe33656ef7c4e6465ef423b25a5dbe49e0ad7f0a2f9b33680ec3940b18c7fac1ba7fddd3c5a059c07e5107ea0e27a6f90f7cfbee0f7a6e6e59045dcebe375ee854baab8e55dcc26aaa4cf68606b2adb94eb514faddda9d37022e8526b12dbc3413b7b9a9234578593a177d28d45dba9e4b6cab3b9dcee8be8ff6326fa8d417bfb42cd1ae0778bd60a617bc6819fcdcfe91c2150e16e6a7ef7b3b24e4feb8b7711c0bbdf31463f3531a506d0220b20538624d2876da98b90e729d25b06a137436e5b41fc725abf7b4d1f56699301206c36fadd83d9ad2a0c3aca25a740d8114cd473f2db0f1c6b96bbad99a50e70f797842ea88514efec48cf128545710647c9074a5190f73f48f7bb9f21cf7b6762bd177c878057691c7aa4b5c4f3261bb5eb59eecd4f9dfaa22d84178f669bc1ec57bafc2cf8e9b3d09722f4cd976213ab5ba8ed70b238ee959a7f5c0b93b3f798212eb65bc4ab0d1ef06f064061a874d7483308eb25e1c3dfda37a6b665ea0cdf6532316566a3b6abb2773513173b5935377b2b3843cfb77471829779358f0d59e0bdfe8ccc5806940bdf4b020eef0592fbec14eaea38951bba6bdf32cf4e685462e0b731ab56e47067a67c1654a8d926b1ad1e3e6ee7d5414e49788d60dc9d1070659f08f8b5e0b70368e33764bccd7b9053ced289094957890ce00e97e744bee503741e79835cfabef49712f8e9d3e8bd352fdf51fefd4cfba42003785a72c970486060c09cc130e0037bdc1860141dcc689603df27abf625869b0f8c19f12bee2958256980897c7a5c3e0df1dfeaa3b97e8f34c0a56cd927f1a4afa8fd4e68c25c8fa76c7d27e1797057c22c31d4120704640d4a40fa7184dfb2426606835975520bf98e1f94fa60c770e767f16ab8fb0d300ea2c0a852b39788b3b4fab6c9c62f4bea183b759d5a01c774651804fbdf2b67b67129242c3fafaeb362791ae026e63d6498c8e1698cdd53319ee2292b959d5c52c3e0ad6903081e4ea49a83820a6777d1f84ad5602a4ead9e87ee1d190cb232b9e96f40b7c165e3a9b8038a9c65ac751eb4f873c84e3cbf2f5e8372bccfa6bf5350bfc2922b63fb6834040a266fe207b74dfa898e3424777b091992b638cc8a5cd31a5b3d7eff5ae4701a818153c6451adc8c51b730efab434f642a3d00621c333585ec203828f6e41b62d78228e8271548b092b5a93976e920af44186f0dad209fabc51e9d1992263d9493922a848ce564b45c741639a4a66881bb6fb264205b9688c1c27f7856d68229dec172f73929f855903f74a7652015c7a51172b49ffd2206d0101db60d5a275cb0262a95872b627f47159c45f0105cd75063132fd163455ca7bca03393b91caac18f5ec603c2f5798b5fe0381c358afecfbafe369fbba1b0be47e3c1c8e22d9447fdd60b3ffe11ef044b970d67f199bd96868979975f564a142d332e6f8e7dc7d7d59d87d76aa9342f2a39a87a50100e2abbd38d21759e233cd8d8acb2d858a72a031bd7d58212b4d25fa56237bea13d9611d42198cf2325e3dac311fe432a94231041748195b6927faa15cf3aefcdee4b95b857c8781346fd8e59ca3cef449379b561d06e6ebc61dca62218f6aa8752b15ffac0876b0c0fab82fab24831c059adaa980a8a89dc20043c1fbe8548b66dcc9840022bfacf652fb73118560e1d642f676e025b0b7a49e84a8074783a8bfc6eb82b8ea2d26c5cf1cbf54f875616df30c6b61f286083da560883111afbab8663bc9c8ed5a5829ecc3ef769ebd13041c896e94920b8f6164d1948ab362dfa329026293ec2b028361c43fb46c0ca6bb49ebc6dc7dd2f2738b3a00b86600d71a6f26c72f9d99a4b569d323357f61fea939134234b5f19c074846627854b39c675c037b54e90bef1526b94c5890cf0c22cdafbbe4a3f4dc796ed321783405cc69d50f2b700c8d1547924aa0e11376ff3d714bb77bf0e15729cd531b2d1454609d649b182eb2d4189189e5ba67cfd66c509d3042540da64f85ec7dc72a6f59896eb97ad0cb43dbf0ec8413c6415a2a0ab8ef0f580671774aa611ad9f1a70276bd627d9f741c22fbb740688564129bb6ce1f8e983cb8730786c8d0070599f5efd8d24fe22ad67abfe8449cd681dae89d248a48d5b4d6b7cefb12de41e65c8a0198d5533a4a894742bec7276bcf56055e8aaa59babcb06a2430704bb888eb561ca1bb17b1eb3f2a238ccff454d39e407cb83236513376bbcf14d7b67e6b508d811dba4e8f6ac30600ca7ebb6728ef6879ce0e739742f54da2adf69e03a12d7ba6ae58b2637555aa9697dcc421608712bd239d72ed7a8e6b720584a45e538861487e1d93e8499935ad39ae75adde65a99ded33d96489576d3ff55c7844bedd3a9fa45b1aa825be0ffe8adc398bed70ea202cb9fcd9228d4af4518e73560c9f04708ff623a84d48df2abaa8f074a32e9646093618df70e28bdf5c93e68a9d5abd22087f7e8959c4248016314bcbba4dcbb549857ce7edb46056e0ed81bc9406229e0af12288d8dfd186332bca0f5a3c6ba766c83cc13ca694c28ca612a7df4890915af86384485f83d680213c400710426cfcd181cdd1149fadfde3d87865ee99eb031befd3df091c3e6de116ade75721bdc2e65038d88a7bfc17179704125e1d62ac5f359cd605a575d9ca39994962f7e75a4c14202a5285d1cf4a7ccfa8c0948364160ae5e75429b6c8a2b6d8b549a84bdc0f52b633a8b3f521bd149c32299e7013ae6b8fb21a165f9261f03ececacefdcb7e56d9f2650bd794780f510e2ecdb0be7dacb3d9ea5e9e6e76398267440ff848a3b19b675c5e52c78fdaa345e9759f1d53e89bca9e2414f8fbef8c069ac1822bdb84a4c934281cdede0ebd71afe561a1e133889c2b746f1f212ae5d237a7cd2cfae6a3f0f0537be84e04bcb65cb3280ae468b1de5fa14c02f52c76ba7afe5fb1e9919f3cbc660a9f512941dafdff1a3e4bb4aca44cd487f29ab959524e8bbe754bf1a3a996d818514b22fc0a7158ba9215219bc21fcd3ac43e82675a18bca70d0519f24d4029d6e52482c2859f7f99a271fe005f557611a1c49f506de83d4db69a673e5ca3233e8e7f20222843cac6052b9ebc7a39a97d74dd253c8c9ba36d7f8646ae84ffbcc4553064926b4a707d557ee2cb2f9cfca2b358996fd820ecf04e306a2641455c632313d48c0ac88c8d15dc8cfb349d0997003d3db808ef8663d3f6b771f238dd1971703fad6a413a65dd4683a962d932b3f91769fb2d5cd0121a9dba5516e61fc6fd93783685d6a836c450a234ebcf1b0e24d8c2a7eb4da2bd5f23c3d894693efedfe97fc9d0789d07de2f72eb64603c7d3cea1ce38ea5b3499fbb33a16105a3b47573564e6075ed96af98d4c9837a1c0c431c5a7c397519bf82cfd65d4257e15ae1d6e662afebaa17a071896251d017aaf821658ad2c70c7c6b243fd015fe0373f47a3c053e07d44168a56e474878e1911fa42d08794a008cac56637747f536c1950ce2389ba9fd4fccb4231cb32a74958e8fcaadf46331cbc96a9f0c1eb46ecbed302741306da350075816527a6afc2506daeb8ad6b314699d6793bfa3e7922b5515d96fe2a7609a123f866a8c0897707a61af0e77393e05e33420760f6eb1c62c08687729fa0c8e8fc650944074858e3c3715df7a94cff1da76eb0a904a22e39efe7b089060edbf1147be8d76b87d36f9cf76856492fac8e362d43c1f8c7d1a5b4aa88e937406542ad243cfccd574c2d59f59298608431990963bc4bad7f6045a48d911d8ed9e24a3eb80b4bce4a3e44f0d4ca0ddae4a5b003210c61fb7dbb7fb21623f87d2e24ac71fd1e31ce986f60eaed48f53cac54a8d594917dd209033dc41a0377ad20493a2cdf225961430faff18743d5058510b54e6a7715ddc015aba1151504d74fcd43cc86bfe6294c60f908c81952a6eba59eb6f9772f59ea88aa526fc14cda07919943c240df94d6507087b52650a8514df2158ed0b6a48cdeda0dff41a58e8b69384c6004f120c11651fc578409815eb5abffaed91d99cd8a8a111c320a80722e4cd667120a799e22220dbb683f817c3c1b6c8b9b1c654d1efa7397ce0c69ef7d80f670c371652407632c545d6ea648721f1e4285ab6ec9c72564dd6dfff2e3f076a33ca2794d6e51bdd1df0c45f7babfd4766c4141dfbe282cdced71d187ab6298b731d74275b3517a21805f1e53b1b8205fbc132e8bf9dfb6a65fc3504406075e26123cd92fa2cd44f37bedaad94918762782b347c786f11d1e67a2428fa6ff27cde49", 0x1000}, {&(0x7f00000000c0)="86f97b209b231759f067f87b9880fd6608ba89cc92c09cfeaf22ff59b6dfead62fc82ed22f755ecd2d2570f8b36b02300efa13ebb3ee0f08d5e1944575a136dede5b7c6b8ce97e8ab380fd23d21e0480d8fe964607a8ae3c66f3b3d54c68fcd5c2df828c9b99d3bd70bf4c602615083ac43838fa4b", 0x75}, {&(0x7f0000001300)="b2d5003c3345ba5ec54c505647f41a04a4db0d2fdd1ca5c8196c7e9a3d6fd0f7f216e7417968cf3b7bd8aa6b2d5174ce1f1a7d553e5b71b6b98419582681254c3abc4506f43bcc9b31dc5244543caf1343998c5fb03d01a5", 0x58}, {&(0x7f0000001380)="4aa69966ec8f465549cb8e085d81739bc48e823d475af10c1e26dea489ff871d284997c74bb83572e32de8191f5cbe1e1d8658d273566f248da568b01d2c821ade5f23f6faa4b887ca5fb469835c16685d5be58a62483d7c497193007b090c0acf", 0x61}], 0x4)
r4 = socket$inet(0x2, 0x3, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x1e0, 0xb8, 0xe138, 0x198, 0x0, 0x198, 0x148, 0x358, 0x358, 0x148, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @multicast1, 0xff000000, 0x0, 'veth1_macvtap\x00', 'team_slave_1\x00', {}, {}, 0x33}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x1, 0xd, 0x3, 'syz0\x00', {0x17}}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240)
write$tun(r0, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1c, {[@window={0xe, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0x0, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})

468.988658ms ago: executing program 2 (id=3338):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x5000000, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d04001c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a5400300001d2300000009"}}}}}}}, 0x0)

468.725087ms ago: executing program 3 (id=3339):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_NETNS_FD={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xbb}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2ef, &(0x7f0000000b00)={@local, @link_local, @void, {@ipv4={0x800, @gre={{0xb, 0x4, 0x2, 0x8, 0x2e1, 0x65, 0x0, 0x6, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100, {[@ssrr={0x89, 0xb, 0x97, [@loopback, @broadcast]}, @generic={0x94, 0xa, "96ca249c8ab2eb67"}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x1d, 0x1, [], "fa7f3b33040cb017497c2a9f4f3f7f158296d2b97456fd1b7edc39677b"}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0x2], "be6b11fa13d3124c746df64e460b7eede9878dc68ed0d61c33300169c0627d3b70fef2eeb2069c4440c64000efa4974ba2eb69f4f47c5d2d2da711c0eda4383fecd4a3c8d4dd8ea35a7571bd9457bf0b5fd98067c2acef73c86bad02fe59d7a53a0e305dac9b730af30d8cadf5f63e02b11ddf93717244c57ba1f0eb40934e441ad3a6ab46417946a0715604aa3bd74dddf34193556ae2359464d12c5a186683965428b311ed626f4c85068fe748be066a84ee0bda97732c5808d15866a0388b26388e704b50ce6dc92a2d38d8d360a9e44ca85f2ae488ae174de57ee57f39743800000000000000000000000046e6980efea738581a150aead1bb66e7f5210c19633bb039c3f91ecc5c397eefc5dfcf60a8abf67ced"}, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x86dd, [0xc3c7], "1c01a345a6de090766b9adf208c437ef977a3e71f7a11e249f38ca6ab27b562ade3777a0637819c8b0a7ac6d9fc56fb0a830492d85056fccd4a495a9cc607563ba853ba38ddc42f39efafbeca9b102ccaa2c2864aa4cacd2c2d7754f7688871b5c18f99112067f40a6e55266ff19852595615d2d28a19bbd1e7aeed54adc81f33a7c9659921b62b63e3a3f84dddc2794f69213cb2c339eaf75345d248fc50acb8e985e33a3cb025abed0889cbf93c684a1628892b8ecd4161b28e40127b1dc40a1bcbd2826b08998ab650cb3af3c7447fe892752e4c03433300a93670a0f4a310b65a402"}, {0x8, 0x88be, 0x4, {{0xc, 0x1, 0x2, 0x2, 0x0, 0x2, 0x2, 0x6}, 0x1, {0x441}}}, {0x8, 0x22eb, 0x2, {{0x0, 0x2, 0x67, 0x2, 0x1, 0x1, 0x0, 0x4}, 0x2, {0xa5b, 0xff, 0x3, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x0, "d98b56cf43cfde67930e8ac95697025074e73576d828fcce9744e93b01155d55bfbba0fb0a5d7832b7fb350019fbeb45f9a7adc010e66cc67edbc245e46335d3fbd67e6776070768774f6bcbb0e7db725fb6b9f8e844"}}}}}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x17, &(0x7f00000002c0)=0x3, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000076000d0b000000080000000003c00e0000000000080001000100000008000a0000000000080005"], 0x30}}, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4)
syz_emit_ethernet(0x86, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa18080045000078fffc000000119078009078020000000400000001000000b3ed3f3eff5dc97c0e6617a580210ec9809bfa714677994cee3213c83202ca3fc36db0aa77ffea8b5303ccd0e06692e107000000000000000d0400156feac886fa0e64385c7c64b5a387c641f2aafe69"], 0x0)

385.928269ms ago: executing program 2 (id=3340):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000100)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x0, 0xa, 0x3, 0x0, 0x1, 0x10}, @func, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x2, 0xa, 0x6, 0x9}, 0x10, 0x104cf, 0xffffffffffffffff, 0x7, &(0x7f0000000200)=[0xffffffffffffffff, 0x1], &(0x7f0000000300)=[{0x4, 0x4, 0x2, 0x8}, {0x1, 0x5, 0x3, 0x8}, {0x5, 0x4, 0x8, 0xb}, {0x1, 0x1, 0x5, 0x5}, {0x1, 0x1, 0x5, 0x5}, {0x5, 0x5, 0x7, 0x3}, {0x2, 0x5, 0xf, 0x1}], 0x10, 0x10, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_tracing={0x1a, 0x14, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8ce0, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}, @jmp={0x5, 0x1, 0x1, 0x2, 0xa, 0x100, 0xfffffffffffffff0}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000000c0)='GPL\x00', 0x8000, 0x5b, &(0x7f0000000500)=""/91, 0x41100, 0x34, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f0000000580)={0x2, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x19c24, r1, 0x4, &(0x7f00000005c0)=[0xffffffffffffffff], &(0x7f0000000600)=[{0x0, 0x1, 0xa, 0xb}, {0x5, 0x5, 0x2, 0x9}, {0x3, 0x4, 0x1, 0x3}, {0x0, 0x1, 0x4, 0x1}], 0x10, 0x3, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000280)={0x0, r2}, 0xfffffd54)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r3, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}, @TCA_MPLS_LABEL={0x8}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@cgroup=r4, 0xe, 0x1, 0x1, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, <r6=>0x0}, 0x40)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0xb49, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
r7 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000740), 0x4)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000700)={@ifindex, r1, 0x9, 0x2018, 0x0, @value=r7, @void, @void, @void, r6}, 0x20)

262.781382ms ago: executing program 1 (id=3341):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x7, @loopback, 0x3}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x3b00, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

80.682884ms ago: executing program 1 (id=3342):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000103ffeb00feffffff0000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c00028014000500000000000000000000000000000000010500160002000000040012000500170040"], 0x60}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x10, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000006c000000720a00ff00000000730a9fff00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x8)
sendto$inet6(r2, &(0x7f0000000040)="aa", 0x1, 0x4048084, &(0x7f0000000100)={0xa, 0x0, 0x100, @ipv4={'\x00', '\xff\xff', @private=0xa010105}, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x2, 0x800}, 0x8)
sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x8080, @dev={0xfe, 0x80, '\x00', 0x29}, 0x4}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)="4cf7", 0x2}], 0x1}}], 0x1, 0x4040001)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="38010000000039042cbd7000eaffffff000003d3", @ANYRES32=0x0, @ANYBLOB="83000400cb1507001800128008000100736974000c0002800500090000000000"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
shutdown(r1, 0x1)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000000)={0x0, 0x0}, 0x10)
getsockopt$bt_hci(r4, 0x84, 0x1, &(0x7f00000022c0)=""/4107, &(0x7f00000000c0)=0x100b)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x5c, 0x5c, 0xa, [@struct={0x8, 0x1, 0x0, 0xf, 0x0, 0x10005, [{0x2, 0x5, 0xa}]}, @var={0x4, 0x0, 0x0, 0xe, 0x2}, @var={0xc, 0x0, 0x0, 0xe, 0x2}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2, 0x3}}, @const={0x0, 0x0, 0x0, 0xa, 0x2}]}, {0x0, [0x30, 0x0, 0x0, 0xcf, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000300)=""/257, 0x7e, 0x101, 0x6, 0x0, 0x0, @void, @value}, 0x28)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0xb49, 'syz1\x00', @default, 0xe6b, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x6c, &(0x7f0000000180)={r7, 0x38, "2578bac7061f3447a08504a2446c491a23182dafbb473aafa54eb3ed48ca035bdffd91df4210d2f7aa12cbbe0f09339f6cb8fbb3fba27bbc"}, &(0x7f00000011c0)=0x40)
syz_init_net_socket$ax25(0x3, 0x5, 0xcd)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r8)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={0x24, r9, 0x1c05, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x80)
r11 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)

12.579152ms ago: executing program 3 (id=3343):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83300fe8000000000000000000000004000aaff020000000000000000000000000001"], 0xffe)

0s ago: executing program 2 (id=3344):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x7ffffffe, @null, @bpq0, 0xb49, 'syz1\x00', @bcast, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})

kernel console output (not intermixed with test programs):

ocess `syz.2.2292'.
[  251.114840][T12708] netlink: 'syz.2.2292': attribute type 8 has an invalid length.
[  251.227066][T12717] bond0: entered promiscuous mode
[  251.242659][T12717] bond_slave_0: entered promiscuous mode
[  251.269052][T12717] bond_slave_1: entered promiscuous mode
[  251.308595][T12717] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  251.333019][T12717] macvlan2: entered promiscuous mode
[  251.339399][T12723] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2298'.
[  251.339659][T12717] macvlan2: entered allmulticast mode
[  251.356959][T12717] bond0: entered allmulticast mode
[  251.362293][T12717] bond_slave_0: entered allmulticast mode
[  251.393124][T12717] bond_slave_1: entered allmulticast mode
[  251.430512][T12717] team0: Port device macvlan2 added
[  251.474651][T12733] netlink: 'syz.3.2298': attribute type 10 has an invalid length.
[  251.482737][T12733] bridge0: port 3(team0) entered blocking state
[  251.495592][T12733] bridge0: port 3(team0) entered disabled state
[  251.516295][T12733] team0: entered allmulticast mode
[  251.531603][T12733] team_slave_1: entered allmulticast mode
[  251.561475][T12733] team0: left allmulticast mode
[  251.567025][T12733] team_slave_1: left allmulticast mode
[  252.027645][T12761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.108434][T12761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.209912][T12761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  253.228578][T12804] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2315'.
[  253.466049][T12819] FAULT_INJECTION: forcing a failure.
[  253.466049][T12819] name failslab, interval 1, probability 0, space 0, times 0
[  253.478802][T12819] CPU: 1 UID: 0 PID: 12819 Comm: syz.1.2322 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  253.478831][T12819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  253.478845][T12819] Call Trace:
[  253.478853][T12819]  <TASK>
[  253.478861][T12819]  dump_stack_lvl+0x189/0x250
[  253.478900][T12819]  ? __pfx____ratelimit+0x10/0x10
[  253.478933][T12819]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.478965][T12819]  ? __pfx__printk+0x10/0x10
[  253.479006][T12819]  should_fail_ex+0x414/0x560
[  253.479038][T12819]  should_failslab+0xa8/0x100
[  253.479063][T12819]  kmem_cache_alloc_noprof+0x73/0x3c0
[  253.479095][T12819]  ? dst_alloc+0x105/0x170
[  253.479129][T12819]  dst_alloc+0x105/0x170
[  253.479172][T12819]  ip_route_input_rcu+0x138c/0x2ff0
[  253.479216][T12819]  ? do_xdp_generic+0x11a/0x11a0
[  253.479245][T12819]  ? __pfx_ip_route_input_rcu+0x10/0x10
[  253.479281][T12819]  ? __lock_acquire+0xab9/0xd20
[  253.479318][T12819]  ? ip_route_input_noref+0x98/0x250
[  253.479347][T12819]  ? ip_route_input_noref+0x98/0x250
[  253.479380][T12819]  ? ipt_do_table+0x13dd/0x1640
[  253.479414][T12819]  ? ip_route_input_noref+0x98/0x250
[  253.479446][T12819]  ip_route_input_noref+0x167/0x250
[  253.479480][T12819]  ? __pfx_ip_route_input_noref+0x10/0x10
[  253.479516][T12819]  ? __pfx_udp_v4_early_demux+0x10/0x10
[  253.479543][T12819]  ? ipt_do_table+0x2a3/0x1640
[  253.479567][T12819]  ? __pfx_ipt_do_table+0x10/0x10
[  253.479596][T12819]  ip_rcv_finish_core+0x5af/0x1c00
[  253.479637][T12819]  ip_rcv_finish+0x14c/0x2f0
[  253.479664][T12819]  NF_HOOK+0x30c/0x3a0
[  253.479690][T12819]  ? __pfx_ip_rcv_finish+0x10/0x10
[  253.479712][T12819]  ? NF_HOOK+0x9a/0x3a0
[  253.479734][T12819]  ? __pfx_NF_HOOK+0x10/0x10
[  253.479754][T12819]  ? ip_rcv_core+0x7f7/0xd00
[  253.479780][T12819]  ? __pfx_ip_rcv_finish+0x10/0x10
[  253.479814][T12819]  ? __pfx_ip_rcv+0x10/0x10
[  253.479835][T12819]  __netif_receive_skb+0x143/0x380
[  253.479876][T12819]  ? netif_receive_skb+0x115/0x790
[  253.479908][T12819]  netif_receive_skb+0x1cb/0x790
[  253.479939][T12819]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  253.479973][T12819]  ? __pfx_netif_receive_skb+0x10/0x10
[  253.480012][T12819]  ? tun_rx_batched+0x160/0x730
[  253.480049][T12819]  tun_rx_batched+0x1b9/0x730
[  253.480080][T12819]  ? __lock_acquire+0xab9/0xd20
[  253.480116][T12819]  ? __pfx_tun_rx_batched+0x10/0x10
[  253.480160][T12819]  ? tun_get_user+0x2549/0x3ce0
[  253.480206][T12819]  tun_get_user+0x298e/0x3ce0
[  253.480241][T12819]  ? tun_get_user+0x693/0x3ce0
[  253.480269][T12819]  ? tun_get_user+0x2549/0x3ce0
[  253.480315][T12819]  ? aa_file_perm+0x11f/0xed0
[  253.480346][T12819]  ? __pfx_tun_get_user+0x10/0x10
[  253.480377][T12819]  ? aa_file_perm+0x3e7/0xed0
[  253.480422][T12819]  ? ref_tracker_alloc+0x318/0x460
[  253.480448][T12819]  ? __lock_acquire+0xab9/0xd20
[  253.480478][T12819]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  253.480513][T12819]  ? tun_get+0x1c/0x2f0
[  253.480550][T12819]  ? tun_get+0x1c/0x2f0
[  253.480579][T12819]  ? tun_get+0x1c/0x2f0
[  253.480616][T12819]  tun_chr_write_iter+0x113/0x200
[  253.480650][T12819]  vfs_write+0x548/0xa90
[  253.480691][T12819]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  253.480723][T12819]  ? __pfx_vfs_write+0x10/0x10
[  253.480769][T12819]  ? __fget_files+0x2a/0x420
[  253.480803][T12819]  ksys_write+0x145/0x250
[  253.480826][T12819]  ? __pfx_ksys_write+0x10/0x10
[  253.480842][T12819]  ? rcu_is_watching+0x15/0xb0
[  253.480883][T12819]  ? do_syscall_64+0xbe/0x3b0
[  253.480908][T12819]  do_syscall_64+0xfa/0x3b0
[  253.480925][T12819]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.480954][T12819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.480973][T12819]  ? clear_bhb_loop+0x60/0xb0
[  253.480997][T12819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.481017][T12819] RIP: 0033:0x7f9cda58d3df
[  253.481037][T12819] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  253.481056][T12819] RSP: 002b:00007f9cdb424000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  253.481079][T12819] RAX: ffffffffffffffda RBX: 00007f9cda7b5fa0 RCX: 00007f9cda58d3df
[  253.481095][T12819] RDX: 00000000000000be RSI: 0000200000000000 RDI: 00000000000000c8
[  253.481109][T12819] RBP: 00007f9cdb424090 R08: 0000000000000000 R09: 0000000000000000
[  253.481122][T12819] R10: 00000000000000be R11: 0000000000000293 R12: 0000000000000001
[  253.481144][T12819] R13: 0000000000000000 R14: 00007f9cda7b5fa0 R15: 00007ffe1a3c5e88
[  253.481180][T12819]  </TASK>
[  254.239090][T12824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2324'.
[  254.670227][T12855] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2333'.
[  254.861175][T12862] netlink: 'syz.4.2336': attribute type 2 has an invalid length.
[  254.878362][T12862] netlink: 'syz.4.2336': attribute type 8 has an invalid length.
[  254.888253][T12862] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2336'.
[  255.319296][T12881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  255.379770][T12883] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.2344'.
[  255.741406][T12892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2342'.
[  255.764869][T12891] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2346'.
[  255.797254][T12892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2342'.
[  256.185377][T12913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.221581][  T889] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  256.251034][  T889] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  256.272214][T12920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.282220][ T3433] wlan1: authenticated
[  256.307149][ T3433] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  256.325799][T12925] netlink: 'syz.1.2355': attribute type 3 has an invalid length.
[  256.335156][T12925] netlink: 'syz.1.2355': attribute type 3 has an invalid length.
[  256.373779][ T3433] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  256.373884][T12913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.405087][ T3433] wlan1: associated
[  256.577443][T12936] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2359'.
[  256.592706][T12936] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  256.673036][T12943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2361'.
[  256.675784][T12939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.770891][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2361'.
[  256.900083][T12955] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  256.948558][T12955] delete_channel: no stack
[  257.264209][T12975] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2372'.
[  257.289124][T12977] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2370'.
[  257.296647][T12975] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2372'.
[  257.324694][T12977] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2370'.
[  257.519722][T12992] unknown channel width for channel at 909000KHz?
[  257.528605][T12992] unknown channel width for channel at 909000KHz?
[  257.728264][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  257.801323][T13004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2381'.
[  257.882482][T13008] x_tables: ip6_tables: RATEEST.0 target: invalid size 32 (kernel) != (user) 0
[  257.906749][T13010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2385'.
[  257.929272][T13010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2385'.
[  257.941565][T13008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  258.025865][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  259.448773][T13106] openvswitch: netlink: VXLAN extension 173 out of range max 1
[  259.710286][T13119] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  259.866219][T13124] tipc: Started in network mode
[  259.884846][T13124] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[  259.904966][T13124] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  260.032190][T13126] team0: default FDB implementation only supports local addresses
[  260.147820][T13132] IPv6: Can't replace route, no match found
[  260.705873][T13171] netlink: 'syz.2.2437': attribute type 10 has an invalid length.
[  260.905262][T13181] FAULT_INJECTION: forcing a failure.
[  260.905262][T13181] name failslab, interval 1, probability 0, space 0, times 0
[  260.912151][T13180] x_tables: duplicate underflow at hook 2
[  260.927818][T13181] CPU: 1 UID: 0 PID: 13181 Comm: syz.2.2442 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  260.927852][T13181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  260.927865][T13181] Call Trace:
[  260.927873][T13181]  <TASK>
[  260.927883][T13181]  dump_stack_lvl+0x189/0x250
[  260.927922][T13181]  ? __pfx____ratelimit+0x10/0x10
[  260.927955][T13181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.927989][T13181]  ? __pfx__printk+0x10/0x10
[  260.928027][T13181]  ? __pfx___might_resched+0x10/0x10
[  260.928059][T13181]  ? fs_reclaim_acquire+0x7d/0x100
[  260.928091][T13181]  should_fail_ex+0x414/0x560
[  260.928124][T13181]  should_failslab+0xa8/0x100
[  260.928150][T13181]  __kmalloc_noprof+0xcb/0x4f0
[  260.928170][T13181]  ? kfree+0x4d/0x440
[  260.928198][T13181]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  260.928235][T13181]  tomoyo_realpath_from_path+0xe3/0x5d0
[  260.928269][T13181]  ? tomoyo_domain+0xd9/0x130
[  260.928306][T13181]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  260.928332][T13181]  tomoyo_path_number_perm+0x1e8/0x5a0
[  260.928361][T13181]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  260.928407][T13181]  ? __lock_acquire+0xab9/0xd20
[  260.928461][T13181]  ? __fget_files+0x2a/0x420
[  260.928489][T13181]  ? __fget_files+0x2a/0x420
[  260.928511][T13181]  ? __fget_files+0x3a0/0x420
[  260.928533][T13181]  ? __fget_files+0x2a/0x420
[  260.928565][T13181]  security_file_ioctl+0xcb/0x2d0
[  260.928592][T13181]  __se_sys_ioctl+0x47/0x170
[  260.928627][T13181]  do_syscall_64+0xfa/0x3b0
[  260.928646][T13181]  ? lockdep_hardirqs_on+0x9c/0x150
[  260.928677][T13181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.928698][T13181]  ? clear_bhb_loop+0x60/0xb0
[  260.928724][T13181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.928745][T13181] RIP: 0033:0x7f4b43f8e929
[  260.928764][T13181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.928783][T13181] RSP: 002b:00007f4b44e95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.928806][T13181] RAX: ffffffffffffffda RBX: 00007f4b441b5fa0 RCX: 00007f4b43f8e929
[  260.928822][T13181] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000004
[  260.928836][T13181] RBP: 00007f4b44e95090 R08: 0000000000000000 R09: 0000000000000000
[  260.928849][T13181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.928862][T13181] R13: 0000000000000000 R14: 00007f4b441b5fa0 R15: 00007ffed6e901a8
[  260.928896][T13181]  </TASK>
[  260.929017][T13181] ERROR: Out of memory at tomoyo_realpath_from_path.
[  261.304237][T13191] sctp: [Deprecated]: syz.1.2444 (pid 13191) Use of struct sctp_assoc_value in delayed_ack socket option.
[  261.304237][T13191] Use struct sctp_sack_info instead
[  261.363708][T13196] sctp: [Deprecated]: syz.1.2444 (pid 13196) Use of struct sctp_assoc_value in delayed_ack socket option.
[  261.363708][T13196] Use struct sctp_sack_info instead
[  261.621294][T13203] bond9: entered allmulticast mode
[  261.628774][T13203] 8021q: adding VLAN 0 to HW filter on device bond9
[  261.860350][T13215] __nla_validate_parse: 62 callbacks suppressed
[  261.860372][T13215] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2452'.
[  261.883575][T13217] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2451'.
[  261.923447][T13217] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2451'.
[  261.947709][T13220] netlink: 'syz.0.2452': attribute type 10 has an invalid length.
[  262.228340][T13230] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2455'.
[  262.239064][T13233] netlink: 'syz.4.2457': attribute type 2 has an invalid length.
[  262.258875][T13233] netlink: 'syz.4.2457': attribute type 1 has an invalid length.
[  262.726933][T13263] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2465'.
[  262.739398][T13264] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2466'.
[  262.811844][T13267] netlink: 'syz.3.2466': attribute type 10 has an invalid length.
[  262.820223][T13267] bridge0: port 3(team0) entered blocking state
[  262.828922][T13267] bridge0: port 3(team0) entered disabled state
[  262.855842][T13267] team0: entered allmulticast mode
[  262.861064][T13267] team_slave_1: entered allmulticast mode
[  262.869573][T13267] team0: left allmulticast mode
[  262.874631][T13267] team_slave_1: left allmulticast mode
[  263.249008][T13285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2473'.
[  263.308952][T13285] IPv6: sit2: Disabled Multicast RS
[  263.459020][T13295] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2479'.
[  263.581391][T13308] netlink: 'syz.0.2479': attribute type 10 has an invalid length.
[  263.585542][T13301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2481'.
[  264.143347][T13336] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  264.151088][T13336] batman_adv: batadv0: Removing interface: batadv_slave_0
[  264.167132][T13336] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  264.175075][T13336] batman_adv: batadv0: Removing interface: batadv_slave_1
[  264.602201][T13364] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2499'.
[  264.680391][T13370] netlink: 'syz.3.2499': attribute type 10 has an invalid length.
[  264.710237][T13370] bridge0: port 3(team0) entered blocking state
[  264.725640][T13370] bridge0: port 3(team0) entered disabled state
[  264.743673][T13370] team0: entered allmulticast mode
[  264.762643][T13370] team_slave_1: entered allmulticast mode
[  264.785382][T13370] team0: left allmulticast mode
[  264.792104][T13370] team_slave_1: left allmulticast mode
[  265.441152][T13410] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  265.773789][T13419] x_tables: unsorted underflow at hook 3
[  265.793772][T13419] tap0: tun_chr_ioctl cmd 1074025677
[  265.800137][T13419] tap0: linktype set to 65534
[  265.824025][T13421] netlink: 'syz.0.2516': attribute type 1 has an invalid length.
[  265.936668][T13421] 8021q: adding VLAN 0 to HW filter on device bond9
[  265.950337][T13424] IPVS: Error connecting to the multicast addr
[  265.989471][T13425] 8021q: adding VLAN 0 to HW filter on device bond9
[  265.997082][T13425] bond9: (slave vxcan1): The slave device specified does not support setting the MAC address
[  266.010102][T13425] bond9: (slave vxcan1): Error -95 calling set_mac_address
[  266.106177][T13421] gretap0: entered promiscuous mode
[  266.118406][T13421] bond9: (slave gretap0): making interface the new active one
[  266.142260][T13421] bond9: (slave gretap0): Enslaving as an active interface with an up link
[  266.196825][T13432] bond9: (slave vlan2): the slave hw address is in use by the bond; giving it the hw address of gretap0
[  266.260149][T13440] netlink: 'syz.1.2520': attribute type 3 has an invalid length.
[  266.651585][T13460] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.743193][T13460] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.860134][T13460] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.903632][T13479] __nla_validate_parse: 2 callbacks suppressed
[  266.903653][T13479] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2533'.
[  266.954320][T13476] can: request_module (can-proto-4) failed.
[  266.974807][T13460] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.028289][T13479] veth1_vlan: mtu less than device minimum
[  267.050418][T13485] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  267.112677][T13460] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  267.136655][T13460] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  267.156971][T13460] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  267.177860][T13460] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.052332][T13492] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2541'.
[  268.306311][T13517] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2547'.
[  268.316614][T13518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2548'.
[  268.337515][T13513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2545'.
[  268.394633][T13513] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  268.412614][T13513] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  268.442494][T13527] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2548'.
[  268.473119][T13527] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2548'.
[  268.510787][T13525] tls_set_device_offload: netdev not found
[  268.544035][T13531] netlink: 'syz.3.2551': attribute type 1 has an invalid length.
[  268.884743][T13543] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2556'.
[  268.907682][T13550] netlink: 'syz.0.2559': attribute type 4 has an invalid length.
[  269.173439][T13564] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2562'.
[  270.203991][T13605] FAULT_INJECTION: forcing a failure.
[  270.203991][T13605] name failslab, interval 1, probability 0, space 0, times 0
[  270.226956][T13605] CPU: 0 UID: 0 PID: 13605 Comm: syz.0.2578 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  270.226987][T13605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  270.227001][T13605] Call Trace:
[  270.227010][T13605]  <TASK>
[  270.227019][T13605]  dump_stack_lvl+0x189/0x250
[  270.227058][T13605]  ? __pfx____ratelimit+0x10/0x10
[  270.227091][T13605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.227125][T13605]  ? __pfx__printk+0x10/0x10
[  270.227152][T13605]  ? __pfx___might_resched+0x10/0x10
[  270.227185][T13605]  ? fs_reclaim_acquire+0x7d/0x100
[  270.227216][T13605]  should_fail_ex+0x414/0x560
[  270.227249][T13605]  should_failslab+0xa8/0x100
[  270.227274][T13605]  __kmalloc_noprof+0xcb/0x4f0
[  270.227294][T13605]  ? tomoyo_encode+0x28b/0x550
[  270.227329][T13605]  tomoyo_encode+0x28b/0x550
[  270.227366][T13605]  tomoyo_realpath_from_path+0x58d/0x5d0
[  270.227400][T13605]  ? tomoyo_domain+0xd9/0x130
[  270.227438][T13605]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  270.227464][T13605]  tomoyo_path_number_perm+0x1e8/0x5a0
[  270.227500][T13605]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  270.227546][T13605]  ? __lock_acquire+0xab9/0xd20
[  270.227601][T13605]  ? __fget_files+0x2a/0x420
[  270.227629][T13605]  ? __fget_files+0x2a/0x420
[  270.227651][T13605]  ? __fget_files+0x3a0/0x420
[  270.227674][T13605]  ? __fget_files+0x2a/0x420
[  270.227703][T13605]  security_file_ioctl+0xcb/0x2d0
[  270.227736][T13605]  __se_sys_ioctl+0x47/0x170
[  270.227772][T13605]  do_syscall_64+0xfa/0x3b0
[  270.227790][T13605]  ? lockdep_hardirqs_on+0x9c/0x150
[  270.227821][T13605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.227842][T13605]  ? clear_bhb_loop+0x60/0xb0
[  270.227869][T13605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.227890][T13605] RIP: 0033:0x7f2ce4b8e929
[  270.227913][T13605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.227931][T13605] RSP: 002b:00007f2ce593b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.227954][T13605] RAX: ffffffffffffffda RBX: 00007f2ce4db5fa0 RCX: 00007f2ce4b8e929
[  270.227970][T13605] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000004
[  270.227983][T13605] RBP: 00007f2ce593b090 R08: 0000000000000000 R09: 0000000000000000
[  270.227996][T13605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.228009][T13605] R13: 0000000000000000 R14: 00007f2ce4db5fa0 R15: 00007ffc90fa1658
[  270.228043][T13605]  </TASK>
[  270.229364][T13605] ERROR: Out of memory at tomoyo_realpath_from_path.
[  270.301326][T13609] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2577'.
[  271.492409][T13654] Timeout policy `syz0' can only be used by L3 protocol number 2561
[  271.518365][T13655] Timeout policy `syz0' can only be used by L3 protocol number 2561
[  271.778863][T13662] lo speed is unknown, defaulting to 1000
[  271.834861][T13662] lo speed is unknown, defaulting to 1000
[  271.854377][T13662] lo speed is unknown, defaulting to 1000
[  271.926901][T13662] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  272.166723][T13662] lo speed is unknown, defaulting to 1000
[  272.187740][T13662] lo speed is unknown, defaulting to 1000
[  272.211130][T13662] lo speed is unknown, defaulting to 1000
[  272.240538][T13662] lo speed is unknown, defaulting to 1000
[  272.276425][T13662] lo speed is unknown, defaulting to 1000
[  273.270873][T13744] __nla_validate_parse: 3 callbacks suppressed
[  273.270895][T13744] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2617'.
[  273.307815][T13744] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2617'.
[  273.328993][T13743] xt_CT: No such helper "syz0"
[  273.416372][T13753] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2619'.
[  273.442739][T13756] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2619'.
[  273.466598][T13753] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2619'.
[  273.583075][T13761] tap0: tun_chr_ioctl cmd 1074025672
[  273.588842][T13761] tap0: ignored: set checksum disabled
[  273.597128][T13761] tap0: tun_chr_ioctl cmd 2149341215
[  273.831633][T13774] netlink: 'syz.4.2626': attribute type 21 has an invalid length.
[  273.841397][T13774] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2626'.
[  273.951831][T13774] netlink: 'syz.4.2626': attribute type 5 has an invalid length.
[  273.961680][T13774] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2626'.
[  274.064374][T13784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2630'.
[  274.080079][T13784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2630'.
[  274.137653][T13789] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  274.787215][T13828] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[  275.176148][T13852] x_tables: duplicate underflow at hook 3
[  275.344355][T13862] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  275.506571][T13864] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2655'.
[  276.177828][T13905] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  276.265017][T13915] netlink: 'syz.3.2672': attribute type 1 has an invalid length.
[  276.553498][T13915] 8021q: adding VLAN 0 to HW filter on device bond5
[  276.614204][T13920] gretap1: entered promiscuous mode
[  276.641029][T13920] bond5: (slave gretap1): making interface the new active one
[  276.661771][T13920] bond5: (slave gretap1): Enslaving as an active interface with an up link
[  277.731121][T13985] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  277.833865][T13990] netlink: 'syz.4.2696': attribute type 1 has an invalid length.
[  277.983470][T13990] 8021q: adding VLAN 0 to HW filter on device bond7
[  278.001587][T13993] gretap2: entered promiscuous mode
[  278.014099][T13993] bond7: (slave gretap2): making interface the new active one
[  278.029621][T13993] bond7: (slave gretap2): Enslaving as an active interface with an up link
[  278.322161][T14016] netlink: 'syz.3.2703': attribute type 10 has an invalid length.
[  278.420376][T14016] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  278.441757][T14016] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  278.689496][T14028] __nla_validate_parse: 8 callbacks suppressed
[  278.689519][T14028] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2709'.
[  278.715304][T14034] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2710'.
[  278.734625][T14028] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.742134][T14028] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.768240][T14028] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.776267][T14028] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.955683][T14047] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2714'.
[  279.040581][T14053] tipc: MTU too low for tipc bearer
[  279.115120][T14053] netlink: 'syz.2.2716': attribute type 11 has an invalid length.
[  279.139926][T14053] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2716'.
[  279.432537][T14077] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  279.503020][T14083] netlink: 'syz.3.2721': attribute type 1 has an invalid length.
[  279.681401][T14083] 8021q: adding VLAN 0 to HW filter on device bond8
[  279.711410][T14089] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2723'.
[  279.740010][T14089] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2723'.
[  279.757432][T14092] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2724'.
[  279.775025][T14089] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2723'.
[  279.800924][T14089] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2723'.
[  279.831454][T14089] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2723'.
[  280.117516][T14104] xt_HMARK: proto mask must be zero with L3 mode
[  280.830597][T14139] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  280.873748][T14140] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  280.876942][T14139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  280.957904][T14145] netlink: 'syz.4.2741': attribute type 1 has an invalid length.
[  281.032207][T14145] 8021q: adding VLAN 0 to HW filter on device bond8
[  282.982352][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  282.992358][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  283.001631][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  283.011284][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  283.020447][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  283.113094][ T5978] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.157767][T14219] C speed is unknown, defaulting to 1000
[  283.251205][ T5978] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.469328][ T5978] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.592875][ T5978] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.653723][T14219] lo speed is unknown, defaulting to 1000
[  283.729106][T14240] syzkaller1: entered promiscuous mode
[  283.741550][T14240] syzkaller1: entered allmulticast mode
[  283.865617][T14256] __nla_validate_parse: 68 callbacks suppressed
[  283.865645][T14256] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2777'.
[  283.947707][T14259] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2778'.
[  283.985145][T14261] netlink: 'syz.4.2779': attribute type 18 has an invalid length.
[  284.057961][T14265] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  284.169648][ T5978] batadv1: left allmulticast mode
[  284.186319][ T5978] batadv1: left promiscuous mode
[  284.218484][ T5978] bridge0: port 2(batadv1) entered disabled state
[  284.256171][ T5978] bridge_slave_0: left allmulticast mode
[  284.265100][ T5978] bridge_slave_0: left promiscuous mode
[  284.274223][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.349412][ T5978] tipc: Resetting bearer <eth:xfrm0>
[  284.626105][ T5978] tipc: Disabling bearer <eth:xfrm0>
[  284.682027][ T5978] bond5 (unregistering): (slave gretap1): Releasing active interface
[  284.724068][ T5978] dvmrp1 (unregistering): left allmulticast mode
[  285.040035][ T5978] bond1 (unregistering): Released all slaves
[  285.056307][ T5978] bond2 (unregistering): Released all slaves
[  285.072974][ T5978] bond3 (unregistering): Released all slaves
[  285.092488][ T5978] bond0 (unregistering): Released all slaves
[  285.117026][ T5978] bond4 (unregistering): Released all slaves
[  285.138252][ T5833] Bluetooth: hci1: command tx timeout
[  285.230931][ T5978] bond5 (unregistering): Released all slaves
[  285.246726][ T5978] bond6 (unregistering): Released all slaves
[  285.261991][ T5978] bond7 (unregistering): Released all slaves
[  285.360856][ T5978] bond8 (unregistering): Released all slaves
[  285.381414][ T5978] bond9 (unregistering): Released all slaves
[  285.467991][T14279] macvtap2: entered promiscuous mode
[  285.473713][T14279] vlan0: entered promiscuous mode
[  285.481049][T14279] macvtap2: entered allmulticast mode
[  285.488971][T14279] vlan0: entered allmulticast mode
[  285.494251][T14279] veth0_vlan: entered allmulticast mode
[  285.520067][T14279] vlan0: left allmulticast mode
[  285.529395][T14279] veth0_vlan: left allmulticast mode
[  285.535723][T14279] vlan0: left promiscuous mode
[  285.593182][T14288] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2786'.
[  285.640559][ T5978] tipc: Disabling bearer <eth:syzkaller0>
[  285.688477][ T5978] tipc: Disabling bearer <udp:syz0>
[  285.702630][T14219] chnl_net:caif_netlink_parms(): no params data found
[  285.709644][ T5978] tipc: Left network mode
[  286.033746][T14309] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2791'.
[  286.074213][T14219] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.098996][T14219] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.110217][T14219] bridge_slave_0: entered allmulticast mode
[  286.127254][T14219] bridge_slave_0: entered promiscuous mode
[  286.136879][T14219] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.145506][T14219] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.152925][T14219] bridge_slave_1: entered allmulticast mode
[  286.165097][T14219] bridge_slave_1: entered promiscuous mode
[  286.229275][T14312] macvlan0: entered promiscuous mode
[  286.235593][T14312] macvlan0: entered allmulticast mode
[  286.305611][T14219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.352191][T14219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.535422][T14219] team0: Port device team_slave_0 added
[  286.561589][T14327] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  286.597836][T14219] team0: Port device team_slave_1 added
[  286.800372][T14332] syzkaller0: entered promiscuous mode
[  286.806389][T14332] syzkaller0: entered allmulticast mode
[  286.812597][T14332] tipc: Resetting bearer <eth:syzkaller0>
[  286.924281][ T5927] tipc: Resetting bearer <eth:syzkaller0>
[  286.967127][T14219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  286.984353][T14219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.012484][T14219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  287.046553][T14219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  287.063862][T14219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.134483][T14219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  287.202503][T14325] tipc: Resetting bearer <eth:syzkaller0>
[  287.214826][ T5833] Bluetooth: hci1: command tx timeout
[  287.587244][T14369] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  287.634751][ T5825] tipc: Node number set to 174718901
[  287.668930][T14370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  288.453725][T14374] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2812'.
[  288.742951][T14325] tipc: Disabling bearer <eth:syzkaller0>
[  288.764751][T14341] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.822111][ T5978] hsr_slave_0: left promiscuous mode
[  288.828774][ T5978] hsr_slave_1: left promiscuous mode
[  288.872035][ T5978] veth1_macvtap: left promiscuous mode
[  288.879041][ T5978] veth0_macvtap: left promiscuous mode
[  288.885436][ T5978] veth1_vlan: left promiscuous mode
[  288.891391][ T5978] veth0_vlan: left promiscuous mode
[  289.246911][ T5978] pim6reg (unregistering): left allmulticast mode
[  289.284640][ T5833] Bluetooth: hci1: command tx timeout
[  289.978917][ T5978] team0 (unregistering): Port device team_slave_1 removed
[  290.709608][T14219] hsr_slave_0: entered promiscuous mode
[  290.720783][T14219] hsr_slave_1: entered promiscuous mode
[  290.727982][T14219] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  290.737776][T14219] Cannot create hsr debugfs directory
[  291.364760][ T5833] Bluetooth: hci1: command tx timeout
[  291.411028][ T5978] IPVS: stop unused estimator thread 0...
[  291.860102][T14471] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2846'.
[  291.907278][T14473] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2844'.
[  291.919211][T14473] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2844'.
[  291.997486][T14219] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  292.030941][T14219] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  292.063344][T14219] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  292.089816][T14219] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  292.258151][T14499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2851'.
[  292.300700][T14499] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  292.378908][T14219] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.413276][T14219] 8021q: adding VLAN 0 to HW filter on device team0
[  292.443673][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.450943][ T5927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.479708][  T146] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.486971][  T146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.665309][T14516] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2857'.
[  292.724155][   T30] audit: type=1800 audit(1750226609.165:4): pid=14517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2857" name="memory.events" dev="tmpfs" ino=2958 res=0 errno=0
[  293.190688][T14219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  293.350084][T14219] veth0_vlan: entered promiscuous mode
[  293.375399][T14219] veth1_vlan: entered promiscuous mode
[  293.441377][T14219] veth0_macvtap: entered promiscuous mode
[  293.459600][T14219] veth1_macvtap: entered promiscuous mode
[  293.546312][T14219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  293.587575][T14219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  293.640727][T14219] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  293.660261][T14219] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  293.677051][T14219] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  293.686989][T14219] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.989516][ T5927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  294.007675][ T5927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  294.101962][T14581] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2881'.
[  294.118200][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  294.126937][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  294.272282][T14583] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2882'.
[  294.289011][T14587] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  294.374817][T14592] netlink: 'syz.3.2760': attribute type 1 has an invalid length.
[  294.383289][T14594] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2885'.
[  294.392950][T14590] Unsupported ieee802154 address type: 0
[  294.402875][T14594] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2885'.
[  294.470050][T14595] gretap1: entered promiscuous mode
[  294.928697][T14614] netlink: 'syz.0.2890': attribute type 32 has an invalid length.
[  294.952513][T14614] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2890'.
[  295.270334][T14625] netlink: 'syz.3.2894': attribute type 21 has an invalid length.
[  295.289907][T14625] IPv6: NLM_F_CREATE should be specified when creating new route
[  295.302703][T14625] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  295.310077][T14625] IPv6: NLM_F_CREATE should be set when creating new route
[  295.317572][T14625] IPv6: NLM_F_CREATE should be set when creating new route
[  295.324921][T14625] IPv6: NLM_F_CREATE should be set when creating new route
[  295.339539][T14616] "syz.2.2891" (14616) uses obsolete ecb(arc4) skcipher
[  295.731937][T14655] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  295.760221][T14650] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  295.789942][T14658] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  295.797277][T14658] IPv6: NLM_F_CREATE should be set when creating new route
[  295.817984][T14660] netlink: 'syz.3.2904': attribute type 1 has an invalid length.
[  295.919910][T14663] gretap1: entered promiscuous mode
[  296.474544][T14689] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  296.493794][T14689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.740424][T14694] 8021q: adding VLAN 0 to HW filter on device bond15
[  296.761251][T14694] vlan2: entered allmulticast mode
[  296.767989][T14694] bond15: entered allmulticast mode
[  296.958526][T14711] __nla_validate_parse: 4 callbacks suppressed
[  296.958548][T14711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2921'.
[  297.346651][T14726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2927'.
[  297.380875][T14726] openvswitch: netlink: nsh attribute has 2338 unknown bytes.
[  297.405425][T14726] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  297.527234][T14731] netlink: 232 bytes leftover after parsing attributes in process `syz.4.2929'.
[  297.611896][T14737] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2931'.
[  297.652330][T14739] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2931'.
[  297.733669][T14741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2932'.
[  297.816508][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  297.860224][T14748] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  297.867005][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  297.879669][T14749] No such timeout policy "syz0"
[  297.890715][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  297.908575][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  297.919052][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  297.947516][T14748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.969383][T14752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2934'.
[  298.062460][T14744] C speed is unknown, defaulting to 1000
[  298.135408][T14760] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2938'.
[  298.355500][T14773] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2943'.
[  298.651602][T14787] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2946'.
[  298.786600][T14791] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  298.928889][T14744] chnl_net:caif_netlink_parms(): no params data found
[  299.098642][T14744] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.106974][T14744] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.116665][T14744] bridge_slave_0: entered allmulticast mode
[  299.125603][T14744] bridge_slave_0: entered promiscuous mode
[  299.135619][T14744] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.142958][T14744] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.151370][T14744] bridge_slave_1: entered allmulticast mode
[  299.159915][T14744] bridge_slave_1: entered promiscuous mode
[  299.252748][T14744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  299.296156][T14817] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  299.313621][T14814] 8021q: adding VLAN 0 to HW filter on device bond1
[  299.323183][T14814] bond0: (slave bond1): Enslaving as an active interface with an up link
[  299.335452][T14744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  299.377670][T14820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.493970][T14744] team0: Port device team_slave_0 added
[  299.515886][T14744] team0: Port device team_slave_1 added
[  299.622444][T14744] batman_adv: batadv0: Adding interface: batadv_slave_0
[  299.634516][T14744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.674576][T14744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  299.697165][T14744] batman_adv: batadv0: Adding interface: batadv_slave_1
[  299.712150][T14744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.739272][T14744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  299.922866][T14744] hsr_slave_0: entered promiscuous mode
[  299.945659][T14744] hsr_slave_1: entered promiscuous mode
[  299.952166][T14744] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  299.962774][T14744] Cannot create hsr debugfs directory
[  300.005254][   T51] Bluetooth: hci3: command tx timeout
[  300.171796][T14846] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.502747][T14744] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.595914][T14873] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  300.644366][T14744] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.700360][T14873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  300.777737][T14744] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.895878][T14744] bond0: (slave netdevsim0): Releasing backup interface
[  300.930889][T14744] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.238545][T14744] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  301.307106][T14744] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  301.386193][T14744] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  301.408651][T14744] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  301.735558][T14744] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.773593][T14744] 8021q: adding VLAN 0 to HW filter on device team0
[  301.815835][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.823050][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.903479][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.911814][ T5927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.084988][   T51] Bluetooth: hci3: command tx timeout
[  303.709884][T14958] __nla_validate_parse: 4 callbacks suppressed
[  303.709905][T14958] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3001'.
[  303.768911][T14961] netlink: 260 bytes leftover after parsing attributes in process `syz.1.3003'.
[  303.779999][T14961] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3003'.
[  303.814862][T14961] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3003'.
[  303.886318][T14744] 8021q: adding VLAN 0 to HW filter on device batadv0
[  304.032229][T14744] veth0_vlan: entered promiscuous mode
[  304.057254][T14744] veth1_vlan: entered promiscuous mode
[  304.137395][T14744] veth0_macvtap: entered promiscuous mode
[  304.165554][   T51] Bluetooth: hci3: command tx timeout
[  304.190376][T14744] veth1_macvtap: entered promiscuous mode
[  304.347073][T14744] batman_adv: batadv0: Interface activated: batadv_slave_0
[  304.384332][T14744] batman_adv: batadv0: Interface activated: batadv_slave_1
[  304.449032][T14744] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  304.471241][T14744] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  304.482084][T14744] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  304.482846][T14992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3013'.
[  304.492139][T14744] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  304.515123][T14990] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.3011'.
[  304.550577][T14992] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3013'.
[  304.731972][T15000] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3014'.
[  304.745165][T15000] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3014'.
[  304.764915][T15000] netlink: 'syz.4.3014': attribute type 13 has an invalid length.
[  304.773605][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  304.791254][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  304.898891][ T5978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  304.918711][ T5978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  304.978326][T15013] FAULT_INJECTION: forcing a failure.
[  304.978326][T15013] name failslab, interval 1, probability 0, space 0, times 0
[  304.992842][T15012] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3020'.
[  305.013268][T15013] CPU: 0 UID: 0 PID: 15013 Comm: syz.4.3019 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  305.013300][T15013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  305.013326][T15013] Call Trace:
[  305.013336][T15013]  <TASK>
[  305.013345][T15013]  dump_stack_lvl+0x189/0x250
[  305.013386][T15013]  ? __pfx____ratelimit+0x10/0x10
[  305.013418][T15013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  305.013453][T15013]  ? __pfx__printk+0x10/0x10
[  305.013479][T15013]  ? __pfx___might_resched+0x10/0x10
[  305.013511][T15013]  ? fs_reclaim_acquire+0x7d/0x100
[  305.013543][T15013]  should_fail_ex+0x414/0x560
[  305.013576][T15013]  should_failslab+0xa8/0x100
[  305.013601][T15013]  __kmalloc_noprof+0xcb/0x4f0
[  305.013621][T15013]  ? tomoyo_encode+0x28b/0x550
[  305.013656][T15013]  tomoyo_encode+0x28b/0x550
[  305.013695][T15013]  tomoyo_realpath_from_path+0x58d/0x5d0
[  305.013728][T15013]  ? tomoyo_domain+0xd9/0x130
[  305.013766][T15013]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  305.013792][T15013]  tomoyo_path_number_perm+0x1e8/0x5a0
[  305.013821][T15013]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  305.013867][T15013]  ? __lock_acquire+0xab9/0xd20
[  305.013921][T15013]  ? __fget_files+0x2a/0x420
[  305.013948][T15013]  ? __fget_files+0x2a/0x420
[  305.013970][T15013]  ? __fget_files+0x3a0/0x420
[  305.013993][T15013]  ? __fget_files+0x2a/0x420
[  305.014021][T15013]  security_file_ioctl+0xcb/0x2d0
[  305.014048][T15013]  __se_sys_ioctl+0x47/0x170
[  305.014083][T15013]  do_syscall_64+0xfa/0x3b0
[  305.014101][T15013]  ? lockdep_hardirqs_on+0x9c/0x150
[  305.014132][T15013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.014153][T15013]  ? clear_bhb_loop+0x60/0xb0
[  305.014206][T15013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.014227][T15013] RIP: 0033:0x7f6607f8e929
[  305.014246][T15013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.014265][T15013] RSP: 002b:00007f6608e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  305.014286][T15013] RAX: ffffffffffffffda RBX: 00007f66081b5fa0 RCX: 00007f6607f8e929
[  305.014302][T15013] RDX: 0000200000000080 RSI: 000000000000890c RDI: 0000000000000004
[  305.014315][T15013] RBP: 00007f6608e06090 R08: 0000000000000000 R09: 0000000000000000
[  305.014328][T15013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  305.014341][T15013] R13: 0000000000000000 R14: 00007f66081b5fa0 R15: 00007ffe63c5d738
[  305.014380][T15013]  </TASK>
[  305.303573][T15013] ERROR: Out of memory at tomoyo_realpath_from_path.
[  306.065192][T15047] netlink: 'syz.2.3029': attribute type 21 has an invalid length.
[  306.244933][   T51] Bluetooth: hci3: command tx timeout
[  306.295735][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  306.307639][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  306.317393][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  306.337329][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  306.356927][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  306.495474][T15058] C speed is unknown, defaulting to 1000
[  307.118728][T15091] netlink: 'syz.1.3040': attribute type 1 has an invalid length.
[  307.143290][T15091] Cannot find del_set index 17 as target
[  307.453446][T15058] chnl_net:caif_netlink_parms(): no params data found
[  307.611502][T15058] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.637737][T15058] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.659102][T15058] bridge_slave_0: entered allmulticast mode
[  307.693475][T15058] bridge_slave_0: entered promiscuous mode
[  307.770515][T15058] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.792364][T15058] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.812483][T15058] bridge_slave_1: entered allmulticast mode
[  307.842287][T15058] bridge_slave_1: entered promiscuous mode
[  307.931352][T15127] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  307.996980][T15058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  308.003267][T15127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  308.080326][T15058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  308.234032][T15058] team0: Port device team_slave_0 added
[  308.262779][T15058] team0: Port device team_slave_1 added
[  308.327221][T15058] batman_adv: batadv0: Adding interface: batadv_slave_0
[  308.334650][T15058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.361475][T15058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  308.396329][T15058] batman_adv: batadv0: Adding interface: batadv_slave_1
[  308.403342][T15058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.441969][T15058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.557807][T15058] hsr_slave_0: entered promiscuous mode
[  308.585940][T15058] hsr_slave_1: entered promiscuous mode
[  308.603114][T15058] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  308.628546][T15058] Cannot create hsr debugfs directory
[  308.645026][   T51] Bluetooth: hci5: command tx timeout
[  308.731273][T15158] __nla_validate_parse: 6 callbacks suppressed
[  308.731294][T15158] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3059'.
[  308.940561][T15167] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3061'.
[  309.055630][T15176] Bluetooth: MGMT ver 1.23
[  309.243294][T15180] FAULT_INJECTION: forcing a failure.
[  309.243294][T15180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.268010][T15180] CPU: 0 UID: 0 PID: 15180 Comm: syz.3.3064 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  309.268040][T15180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  309.268052][T15180] Call Trace:
[  309.268060][T15180]  <TASK>
[  309.268068][T15180]  dump_stack_lvl+0x189/0x250
[  309.268105][T15180]  ? __pfx____ratelimit+0x10/0x10
[  309.268133][T15180]  ? __pfx_dump_stack_lvl+0x10/0x10
[  309.268163][T15180]  ? __pfx__printk+0x10/0x10
[  309.268194][T15180]  should_fail_ex+0x414/0x560
[  309.268225][T15180]  _copy_to_user+0x31/0xb0
[  309.268248][T15180]  simple_read_from_buffer+0xe1/0x170
[  309.268282][T15180]  proc_fail_nth_read+0x1df/0x250
[  309.268305][T15180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.268332][T15180]  ? rw_verify_area+0x258/0x650
[  309.268362][T15180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.268384][T15180]  vfs_read+0x200/0x980
[  309.268414][T15180]  ? __pfx___mutex_lock+0x10/0x10
[  309.268431][T15180]  ? __pfx_vfs_read+0x10/0x10
[  309.268459][T15180]  ? __fget_files+0x2a/0x420
[  309.268485][T15180]  ? __fget_files+0x3a0/0x420
[  309.268505][T15180]  ? __fget_files+0x2a/0x420
[  309.268538][T15180]  ksys_read+0x145/0x250
[  309.268566][T15180]  ? __fget_files+0x3a0/0x420
[  309.268589][T15180]  ? __pfx_ksys_read+0x10/0x10
[  309.268627][T15180]  ? do_syscall_64+0xbe/0x3b0
[  309.268649][T15180]  do_syscall_64+0xfa/0x3b0
[  309.268666][T15180]  ? lockdep_hardirqs_on+0x9c/0x150
[  309.268696][T15180]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.268716][T15180]  ? clear_bhb_loop+0x60/0xb0
[  309.268741][T15180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.268761][T15180] RIP: 0033:0x7f491d78d33c
[  309.268778][T15180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  309.268792][T15180] RSP: 002b:00007f491e633030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  309.268810][T15180] RAX: ffffffffffffffda RBX: 00007f491d9b5fa0 RCX: 00007f491d78d33c
[  309.268822][T15180] RDX: 000000000000000f RSI: 00007f491e6330a0 RDI: 0000000000000003
[  309.268832][T15180] RBP: 00007f491e633090 R08: 0000000000000000 R09: 0000000000000000
[  309.268843][T15180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  309.268852][T15180] R13: 0000000000000000 R14: 00007f491d9b5fa0 R15: 00007ffeae592958
[  309.268879][T15180]  </TASK>
[  309.625412][T15058] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.654013][T15185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3065'.
[  309.663832][T15185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3065'.
[  309.672882][T15185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3065'.
[  309.765396][T15058] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.781282][T15191] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  309.800572][T15191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  309.882661][T15058] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.890527][T15193] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3069'.
[  309.903484][T15193] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3069'.
[  309.912985][T15193] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3069'.
[  309.933482][T15193] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3069'.
[  310.042209][T15200] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3071'.
[  310.276056][T15058] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  310.298258][T15058] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  310.298687][T15207] No such timeout policy "syz0"
[  310.316598][T15058] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  310.332972][T15207] netlink: 'syz.2.3072': attribute type 1 has an invalid length.
[  310.341124][T15207] netlink: 'syz.2.3072': attribute type 4 has an invalid length.
[  310.353741][T15058] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  310.711066][T15058] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.725412][   T51] Bluetooth: hci5: command tx timeout
[  310.817440][T15058] 8021q: adding VLAN 0 to HW filter on device team0
[  310.861538][ T3433] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.868804][ T3433] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.903637][  T146] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.910880][  T146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.992219][T15241] batman_adv: batadv0: Adding interface: dummy0
[  310.999993][T15241] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.035620][T15241] batman_adv: batadv0: Interface activated: dummy0
[  311.341060][T15261] netlink: 'syz.2.3087': attribute type 9 has an invalid length.
[  311.355175][T15261] nbd: must specify at least one socket
[  311.500770][T15058] 8021q: adding VLAN 0 to HW filter on device batadv0
[  311.853880][T15280] bridge0: entered allmulticast mode
[  312.136932][T15300] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.145082][T15300] batman_adv: batadv0: Removing interface: batadv_slave_0
[  312.175862][T15300] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  312.195605][T15300] batman_adv: batadv0: Removing interface: batadv_slave_1
[  312.203903][T15302] openvswitch: netlink: Missing valid actions attribute.
[  312.233616][T15302] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  312.401624][T15058] veth0_vlan: entered promiscuous mode
[  312.432904][T15058] veth1_vlan: entered promiscuous mode
[  312.527435][T15058] veth0_macvtap: entered promiscuous mode
[  312.584332][T15058] veth1_macvtap: entered promiscuous mode
[  312.746371][T15058] batman_adv: batadv0: Interface activated: batadv_slave_0
[  312.788087][T15058] batman_adv: batadv0: Interface activated: batadv_slave_1
[  312.808886][   T51] Bluetooth: hci5: command tx timeout
[  312.830187][T15058] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  312.844611][T15058] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  312.853384][T15058] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  312.874103][T15058] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  312.938074][T15337] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  312.948495][T15340] SET target dimension over the limit!
[  312.965394][T15338] netlink: 'syz.1.3114': attribute type 5 has an invalid length.
[  312.995211][T15337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  313.041511][T15338] pimreg: entered allmulticast mode
[  313.111887][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.123121][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.171129][  T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.182537][  T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.399310][T15364] FAULT_INJECTION: forcing a failure.
[  313.399310][T15364] name failslab, interval 1, probability 0, space 0, times 0
[  313.421346][T15356] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.437852][T15364] CPU: 1 UID: 0 PID: 15364 Comm: syz.3.3119 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  313.437881][T15364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  313.437895][T15364] Call Trace:
[  313.437902][T15364]  <TASK>
[  313.437912][T15364]  dump_stack_lvl+0x189/0x250
[  313.437949][T15364]  ? __pfx____ratelimit+0x10/0x10
[  313.437989][T15364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.438021][T15364]  ? __pfx__printk+0x10/0x10
[  313.438051][T15364]  ? __pfx___might_resched+0x10/0x10
[  313.438089][T15364]  should_fail_ex+0x414/0x560
[  313.438121][T15364]  should_failslab+0xa8/0x100
[  313.438146][T15364]  __kmalloc_cache_noprof+0x70/0x3d0
[  313.438167][T15364]  ? virtio_transport_do_socket_init+0x57/0x2f0
[  313.438199][T15364]  virtio_transport_do_socket_init+0x57/0x2f0
[  313.438229][T15364]  vsock_assign_transport+0x50b/0x6a0
[  313.438265][T15364]  vsock_connect+0x5ab/0xe20
[  313.438304][T15364]  ? aa_sk_perm+0x81e/0x950
[  313.438328][T15364]  ? __might_fault+0xb0/0x130
[  313.438347][T15364]  ? __pfx_vsock_connect+0x10/0x10
[  313.438378][T15364]  ? __pfx_aa_sk_perm+0x10/0x10
[  313.438401][T15364]  ? __pfx_autoremove_wake_function+0x10/0x10
[  313.438437][T15364]  ? bpf_lsm_socket_connect+0x9/0x20
[  313.438468][T15364]  __sys_connect+0x316/0x440
[  313.438491][T15364]  ? __fget_files+0x3a0/0x420
[  313.438514][T15364]  ? __pfx___sys_connect+0x10/0x10
[  313.438551][T15364]  ? __pfx_ksys_write+0x10/0x10
[  313.438579][T15364]  __x64_sys_connect+0x7a/0x90
[  313.438603][T15364]  do_syscall_64+0xfa/0x3b0
[  313.438621][T15364]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.438651][T15364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.438671][T15364]  ? clear_bhb_loop+0x60/0xb0
[  313.438696][T15364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.438715][T15364] RIP: 0033:0x7f491d78e929
[  313.438733][T15364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.438752][T15364] RSP: 002b:00007f491e612038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  313.438773][T15364] RAX: ffffffffffffffda RBX: 00007f491d9b6080 RCX: 00007f491d78e929
[  313.438788][T15364] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000004
[  313.438801][T15364] RBP: 00007f491e612090 R08: 0000000000000000 R09: 0000000000000000
[  313.438813][T15364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.438825][T15364] R13: 0000000000000001 R14: 00007f491d9b6080 R15: 00007ffeae592958
[  313.438858][T15364]  </TASK>
[  314.268400][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  314.280270][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  314.288378][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  314.304947][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  314.317941][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  314.413382][T15381] C speed is unknown, defaulting to 1000
[  314.419393][T15385] netlink: ct family unspecified
[  314.444646][T15385] openvswitch: netlink: Actions may not be safe on all matching packets
[  314.667548][T15398] No such timeout policy "syz0"
[  314.721603][ T5927] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.809924][ T5927] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.885158][ T5833] Bluetooth: hci5: command tx timeout
[  314.937580][ T5927] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.075231][ T5927] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.143469][T15417] FAULT_INJECTION: forcing a failure.
[  315.143469][T15417] name failslab, interval 1, probability 0, space 0, times 0
[  315.164751][T15417] CPU: 1 UID: 0 PID: 15417 Comm: syz.2.3138 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  315.164783][T15417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.164797][T15417] Call Trace:
[  315.164805][T15417]  <TASK>
[  315.164814][T15417]  dump_stack_lvl+0x189/0x250
[  315.164854][T15417]  ? __pfx____ratelimit+0x10/0x10
[  315.164886][T15417]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.164920][T15417]  ? __pfx__printk+0x10/0x10
[  315.164950][T15417]  ? __pfx___might_resched+0x10/0x10
[  315.164989][T15417]  should_fail_ex+0x414/0x560
[  315.165022][T15417]  should_failslab+0xa8/0x100
[  315.165046][T15417]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  315.165067][T15417]  ? __sys_connect+0x316/0x440
[  315.165087][T15417]  ? __alloc_skb+0x112/0x2d0
[  315.165108][T15417]  ? do_syscall_64+0xfa/0x3b0
[  315.165132][T15417]  __alloc_skb+0x112/0x2d0
[  315.165160][T15417]  virtio_transport_alloc_skb+0x4c/0xe60
[  315.165198][T15417]  ? __local_bh_enable_ip+0x12d/0x1c0
[  315.165230][T15417]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.165267][T15417]  virtio_transport_send_pkt_info+0x617/0xf00
[  315.165324][T15417]  virtio_transport_connect+0xa7/0x100
[  315.165354][T15417]  ? __pfx_virtio_transport_connect+0x10/0x10
[  315.165388][T15417]  ? __pfx_vsock_auto_bind+0x10/0x10
[  315.165422][T15417]  ? vsock_assign_transport+0x54c/0x6a0
[  315.165459][T15417]  vsock_connect+0xb90/0xe20
[  315.165499][T15417]  ? aa_sk_perm+0x81e/0x950
[  315.165525][T15417]  ? __might_fault+0xb0/0x130
[  315.165544][T15417]  ? __pfx_vsock_connect+0x10/0x10
[  315.165577][T15417]  ? __pfx_aa_sk_perm+0x10/0x10
[  315.165601][T15417]  ? __pfx_autoremove_wake_function+0x10/0x10
[  315.165637][T15417]  ? bpf_lsm_socket_connect+0x9/0x20
[  315.165681][T15417]  __sys_connect+0x316/0x440
[  315.165704][T15417]  ? __fget_files+0x3a0/0x420
[  315.165728][T15417]  ? __pfx___sys_connect+0x10/0x10
[  315.165767][T15417]  ? __pfx_ksys_write+0x10/0x10
[  315.165797][T15417]  __x64_sys_connect+0x7a/0x90
[  315.165823][T15417]  do_syscall_64+0xfa/0x3b0
[  315.165841][T15417]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.165871][T15417]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.165893][T15417]  ? clear_bhb_loop+0x60/0xb0
[  315.165924][T15417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.165945][T15417] RIP: 0033:0x7eff8d38e929
[  315.165965][T15417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.165984][T15417] RSP: 002b:00007eff8e18d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  315.166007][T15417] RAX: ffffffffffffffda RBX: 00007eff8d5b6080 RCX: 00007eff8d38e929
[  315.166023][T15417] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000004
[  315.166037][T15417] RBP: 00007eff8e18d090 R08: 0000000000000000 R09: 0000000000000000
[  315.166050][T15417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.166062][T15417] R13: 0000000000000001 R14: 00007eff8d5b6080 R15: 00007ffc57300948
[  315.166096][T15417]  </TASK>
[  315.482393][T15418] FAULT_INJECTION: forcing a failure.
[  315.482393][T15418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.610098][T15418] CPU: 1 UID: 0 PID: 15418 Comm: syz.0.3139 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  315.610131][T15418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.610145][T15418] Call Trace:
[  315.610154][T15418]  <TASK>
[  315.610163][T15418]  dump_stack_lvl+0x189/0x250
[  315.610203][T15418]  ? __pfx____ratelimit+0x10/0x10
[  315.610235][T15418]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.610269][T15418]  ? __pfx__printk+0x10/0x10
[  315.610292][T15418]  ? __might_fault+0xb0/0x130
[  315.610325][T15418]  should_fail_ex+0x414/0x560
[  315.610358][T15418]  _copy_from_iter+0x1db/0x16f0
[  315.610401][T15418]  ? policy_nodemask+0x27c/0x720
[  315.610422][T15418]  ? __pfx__copy_from_iter+0x10/0x10
[  315.610460][T15418]  ? set_page_refcounted+0xa0/0x1e0
[  315.610482][T15418]  ? page_copy_sane+0x4e/0x280
[  315.610516][T15418]  copy_page_from_iter+0xdd/0x170
[  315.610553][T15418]  tun_get_user+0x1c4d/0x3ce0
[  315.610594][T15418]  ? tun_get_user+0x693/0x3ce0
[  315.610641][T15418]  ? aa_file_perm+0x11f/0xed0
[  315.610672][T15418]  ? __pfx_tun_get_user+0x10/0x10
[  315.610702][T15418]  ? aa_file_perm+0x11f/0xed0
[  315.610731][T15418]  ? aa_file_perm+0x3e7/0xed0
[  315.610775][T15418]  ? ref_tracker_alloc+0x318/0x460
[  315.610802][T15418]  ? __lock_acquire+0xab9/0xd20
[  315.610843][T15418]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  315.610878][T15418]  ? tun_get+0x1c/0x2f0
[  315.610916][T15418]  ? tun_get+0x1c/0x2f0
[  315.610946][T15418]  ? tun_get+0x1c/0x2f0
[  315.610982][T15418]  tun_chr_write_iter+0x113/0x200
[  315.611027][T15418]  vfs_write+0x548/0xa90
[  315.611065][T15418]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  315.611098][T15418]  ? __pfx_vfs_write+0x10/0x10
[  315.611141][T15418]  ? __fget_files+0x2a/0x420
[  315.611174][T15418]  ksys_write+0x145/0x250
[  315.611196][T15418]  ? __pfx_ksys_write+0x10/0x10
[  315.611221][T15418]  ? do_syscall_64+0xbe/0x3b0
[  315.611245][T15418]  do_syscall_64+0xfa/0x3b0
[  315.611261][T15418]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.611289][T15418]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.611309][T15418]  ? clear_bhb_loop+0x60/0xb0
[  315.611332][T15418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.611352][T15418] RIP: 0033:0x7f2ce4b8d3df
[  315.611371][T15418] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  315.611389][T15418] RSP: 002b:00007f2ce591a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  315.611411][T15418] RAX: ffffffffffffffda RBX: 00007f2ce4db6080 RCX: 00007f2ce4b8d3df
[  315.611426][T15418] RDX: 0000000000000086 RSI: 0000200000000180 RDI: 00000000000000c8
[  315.611445][T15418] RBP: 00007f2ce591a090 R08: 0000000000000000 R09: 0000000000000000
[  315.611458][T15418] R10: 0000000000000086 R11: 0000000000000293 R12: 0000000000000001
[  315.611489][T15418] R13: 0000000000000001 R14: 00007f2ce4db6080 R15: 00007ffc90fa1658
[  315.611522][T15418]  </TASK>
[  316.011896][    T9] IPVS: starting estimator thread 0...
[  316.074046][T15441] __nla_validate_parse: 14 callbacks suppressed
[  316.074066][T15441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3144'.
[  316.116515][T15437] IPVS: using max 24 ests per chain, 57600 per kthread
[  316.149113][T15433] tipc: Started in network mode
[  316.154056][T15433] tipc: Node identity ac14140f, cluster identity 4711
[  316.161178][T15433] tipc: New replicast peer: 255.255.255.255
[  316.167904][T15433] tipc: Enabled bearer <udp:syz2>, priority 10
[  316.180673][T15433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3144'.
[  316.257191][ T5927] team0: left allmulticast mode
[  316.263195][ T5927] team_slave_0: left allmulticast mode
[  316.269441][ T5927] team_slave_1: left allmulticast mode
[  316.280271][ T5927] macvlan2: left allmulticast mode
[  316.304907][ T5927] bond0: left allmulticast mode
[  316.309928][ T5927] bond_slave_0: left allmulticast mode
[  316.334539][ T5927] bond_slave_1: left allmulticast mode
[  316.340312][ T5927] team0: left promiscuous mode
[  316.362573][ T5927] team_slave_0: left promiscuous mode
[  316.378849][ T5927] team_slave_1: left promiscuous mode
[  316.386460][ T5927] macvlan2: left promiscuous mode
[  316.395043][ T5927] bridge0: port 4(team0) entered disabled state
[  316.404335][ T5927] bond6: left allmulticast mode
[  316.405893][ T5833] Bluetooth: hci4: command tx timeout
[  316.420706][ T5927] bond6: left promiscuous mode
[  316.442051][ T5927] bridge0: port 3(bond6) entered disabled state
[  316.481420][ T5927] bridge_slave_1: left allmulticast mode
[  316.501881][ T5927] bridge_slave_1: left promiscuous mode
[  316.515596][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.588828][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.609304][T15466] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  316.654132][T15469] FAULT_INJECTION: forcing a failure.
[  316.654132][T15469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  316.683327][T15469] CPU: 0 UID: 0 PID: 15469 Comm: syz.4.3153 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  316.683362][T15469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  316.683376][T15469] Call Trace:
[  316.683386][T15469]  <TASK>
[  316.683396][T15469]  dump_stack_lvl+0x189/0x250
[  316.683438][T15469]  ? __pfx____ratelimit+0x10/0x10
[  316.683472][T15469]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.683507][T15469]  ? __pfx__printk+0x10/0x10
[  316.683541][T15469]  ? __might_fault+0xb0/0x130
[  316.683575][T15469]  should_fail_ex+0x414/0x560
[  316.683609][T15469]  _copy_from_iter+0x1db/0x16f0
[  316.683647][T15469]  ? rcu_is_watching+0x15/0xb0
[  316.683682][T15469]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  316.683707][T15469]  ? __pfx__copy_from_iter+0x10/0x10
[  316.683741][T15469]  ? __build_skb_around+0x257/0x3e0
[  316.683771][T15469]  ? netlink_sendmsg+0x642/0xb30
[  316.683796][T15469]  ? skb_put+0x11b/0x210
[  316.683825][T15469]  netlink_sendmsg+0x6b2/0xb30
[  316.683862][T15469]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.683892][T15469]  ? aa_sock_msg_perm+0x94/0x160
[  316.683924][T15469]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  316.683952][T15469]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.683985][T15469]  __sock_sendmsg+0x21c/0x270
[  316.684023][T15469]  __sys_sendto+0x3bd/0x520
[  316.684050][T15469]  ? __pfx___sys_sendto+0x10/0x10
[  316.684087][T15469]  ? count_memcg_event_mm+0x21/0x260
[  316.684132][T15469]  ? exc_page_fault+0x76/0xf0
[  316.684167][T15469]  ? do_user_addr_fault+0xc8a/0x1390
[  316.684201][T15469]  __x64_sys_sendto+0xde/0x100
[  316.684229][T15469]  do_syscall_64+0xfa/0x3b0
[  316.684248][T15469]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.684279][T15469]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.684301][T15469]  ? clear_bhb_loop+0x60/0xb0
[  316.684327][T15469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.684348][T15469] RIP: 0033:0x7fd76f7907bc
[  316.684367][T15469] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  316.684385][T15469] RSP: 002b:00007fd77052fec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  316.684407][T15469] RAX: ffffffffffffffda RBX: 00007fd77052ffc0 RCX: 00007fd76f7907bc
[  316.684422][T15469] RDX: 0000000000000020 RSI: 00007fd770530010 RDI: 0000000000000005
[  316.684436][T15469] RBP: 0000000000000000 R08: 00007fd77052ff14 R09: 000000000000000c
[  316.684449][T15469] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  316.684461][T15469] R13: 00007fd77052ff68 R14: 00007fd770530010 R15: 0000000000000000
[  316.684494][T15469]  </TASK>
[  316.946633][T15467] netlink: 168 bytes leftover after parsing attributes in process `syz.3.3154'.
[  317.185577][  T979] tipc: Node number set to 2886997007
[  318.276315][ T5927] team0: Port device macvlan2 removed
[  318.289349][ T5927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  318.299607][ T5927] bond_slave_0: left promiscuous mode
[  318.308786][ T5927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  318.317935][ T5927] bond_slave_1: left promiscuous mode
[  318.327350][ T5927] bond0 (unregistering): Released all slaves
[  318.439374][ T5927] bond1 (unregistering): (slave bond2): Releasing backup interface
[  318.448689][ T5927] bond1 (unregistering): Released all slaves
[  318.492166][ T5833] Bluetooth: hci4: command 0x041b tx timeout
[  318.561433][ T5927] bond2 (unregistering): Released all slaves
[  318.665464][ T5927] bond3 (unregistering): Released all slaves
[  318.680828][ T5927] bond4 (unregistering): Released all slaves
[  318.695646][ T5927] bond5 (unregistering): Released all slaves
[  318.798772][ T5927] bond6 (unregistering): Released all slaves
[  318.817860][ T5927] bond7 (unregistering): Released all slaves
[  318.833875][ T5927] bond8 (unregistering): Released all slaves
[  318.942574][ T5927] bond9 (unregistering): Released all slaves
[  318.957341][ T5927] bond10 (unregistering): Released all slaves
[  318.972884][ T5927] bond11 (unregistering): Released all slaves
[  318.988650][ T5927] bond12 (unregistering): Released all slaves
[  319.003290][ T5927] bond13 (unregistering): Released all slaves
[  319.023192][ T5927] bond14 (unregistering): Released all slaves
[  319.133024][ T5927] bond15 (unregistering): Released all slaves
[  319.181691][T15381] chnl_net:caif_netlink_parms(): no params data found
[  319.427540][ T5927] tipc: Left network mode
[  319.695438][T15381] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.704079][T15381] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.713697][T15381] bridge_slave_0: entered allmulticast mode
[  319.726882][T15381] bridge_slave_0: entered promiscuous mode
[  319.776246][T15381] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.788120][T15381] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.802872][T15381] bridge_slave_1: entered allmulticast mode
[  319.814014][T15381] bridge_slave_1: entered promiscuous mode
[  320.057169][T15381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  320.180304][T15381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  320.220760][T15512] FAULT_INJECTION: forcing a failure.
[  320.220760][T15512] name failslab, interval 1, probability 0, space 0, times 0
[  320.266453][T15512] CPU: 1 UID: 0 PID: 15512 Comm: syz.2.3165 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  320.266487][T15512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  320.266501][T15512] Call Trace:
[  320.266509][T15512]  <TASK>
[  320.266518][T15512]  dump_stack_lvl+0x189/0x250
[  320.266558][T15512]  ? __pfx____ratelimit+0x10/0x10
[  320.266590][T15512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  320.266631][T15512]  ? __pfx__printk+0x10/0x10
[  320.266661][T15512]  ? __pfx___might_resched+0x10/0x10
[  320.266700][T15512]  ? fs_reclaim_acquire+0x7d/0x100
[  320.266731][T15512]  should_fail_ex+0x414/0x560
[  320.266763][T15512]  should_failslab+0xa8/0x100
[  320.266788][T15512]  __kmalloc_cache_noprof+0x70/0x3d0
[  320.266809][T15512]  ? rtnl_newlink+0xed/0x1c70
[  320.266828][T15512]  ? kasan_save_free_info+0x46/0x50
[  320.266860][T15512]  rtnl_newlink+0xed/0x1c70
[  320.266879][T15512]  ? netlink_sendmsg+0x805/0xb30
[  320.266903][T15512]  ? __sock_sendmsg+0x21c/0x270
[  320.266932][T15512]  ? __sys_sendto+0x3bd/0x520
[  320.266952][T15512]  ? __x64_sys_sendto+0xde/0x100
[  320.266972][T15512]  ? do_syscall_64+0xfa/0x3b0
[  320.266990][T15512]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.267021][T15512]  ? __pfx_rtnl_newlink+0x10/0x10
[  320.267069][T15512]  ? kasan_quarantine_put+0xdd/0x220
[  320.267100][T15512]  ? lockdep_hardirqs_on+0x9c/0x150
[  320.267138][T15512]  ? nlmon_xmit+0xb0/0x100
[  320.267166][T15512]  ? kmem_cache_free+0x18f/0x400
[  320.267195][T15512]  ? __local_bh_enable_ip+0x12d/0x1c0
[  320.267238][T15512]  ? lockdep_hardirqs_on+0x9c/0x150
[  320.267269][T15512]  ? __local_bh_enable_ip+0x12d/0x1c0
[  320.267298][T15512]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  320.267333][T15512]  ? __dev_queue_xmit+0x27e/0x3a70
[  320.267361][T15512]  ? __dev_queue_xmit+0x27e/0x3a70
[  320.267387][T15512]  ? __dev_queue_xmit+0x27e/0x3a70
[  320.267425][T15512]  ? __lock_acquire+0xab9/0xd20
[  320.267481][T15512]  ? __pfx_rtnl_newlink+0x10/0x10
[  320.267501][T15512]  rtnetlink_rcv_msg+0x7cc/0xb70
[  320.267527][T15512]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  320.267547][T15512]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  320.267565][T15512]  ? ref_tracker_free+0x63a/0x7d0
[  320.267591][T15512]  ? __copy_skb_header+0xa7/0x550
[  320.267626][T15512]  ? __pfx_ref_tracker_free+0x10/0x10
[  320.267665][T15512]  netlink_rcv_skb+0x208/0x470
[  320.267690][T15512]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  320.267713][T15512]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  320.267750][T15512]  ? netlink_deliver_tap+0x2e/0x1b0
[  320.267773][T15512]  ? netlink_deliver_tap+0x2e/0x1b0
[  320.267803][T15512]  netlink_unicast+0x75b/0x8d0
[  320.267836][T15512]  netlink_sendmsg+0x805/0xb30
[  320.267871][T15512]  ? __pfx_netlink_sendmsg+0x10/0x10
[  320.267899][T15512]  ? aa_sock_msg_perm+0x94/0x160
[  320.267927][T15512]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  320.267953][T15512]  ? __pfx_netlink_sendmsg+0x10/0x10
[  320.267979][T15512]  __sock_sendmsg+0x21c/0x270
[  320.268012][T15512]  __sys_sendto+0x3bd/0x520
[  320.268038][T15512]  ? __pfx___sys_sendto+0x10/0x10
[  320.268057][T15512]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  320.268104][T15512]  ? __fget_files+0x3a0/0x420
[  320.268139][T15512]  ? ksys_write+0x22a/0x250
[  320.268160][T15512]  ? __pfx_ksys_write+0x10/0x10
[  320.268176][T15512]  ? rcu_is_watching+0x15/0xb0
[  320.268214][T15512]  __x64_sys_sendto+0xde/0x100
[  320.268240][T15512]  do_syscall_64+0xfa/0x3b0
[  320.268258][T15512]  ? lockdep_hardirqs_on+0x9c/0x150
[  320.268287][T15512]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.268306][T15512]  ? clear_bhb_loop+0x60/0xb0
[  320.268331][T15512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.268351][T15512] RIP: 0033:0x7eff8d3907bc
[  320.268369][T15512] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  320.268387][T15512] RSP: 002b:00007eff8e1acec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  320.268408][T15512] RAX: ffffffffffffffda RBX: 00007eff8e1acfc0 RCX: 00007eff8d3907bc
[  320.268423][T15512] RDX: 0000000000000020 RSI: 00007eff8e1ad010 RDI: 0000000000000005
[  320.268435][T15512] RBP: 0000000000000000 R08: 00007eff8e1acf14 R09: 000000000000000c
[  320.268448][T15512] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  320.268459][T15512] R13: 00007eff8e1acf68 R14: 00007eff8e1ad010 R15: 0000000000000000
[  320.268491][T15512]  </TASK>
[  320.746557][   T51] Bluetooth: hci4: command 0x041b tx timeout
[  320.798202][T15381] team0: Port device team_slave_0 added
[  320.808340][T15381] team0: Port device team_slave_1 added
[  321.183979][T15381] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.221035][T15381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.299880][T15381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.334187][T15381] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.347739][T15381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.380143][T15541] netlink: 'syz.2.3174': attribute type 58 has an invalid length.
[  321.388349][T15541] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3174'.
[  321.397806][T15381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.530466][ T5927] hsr_slave_0: left promiscuous mode
[  321.550491][ T5927] hsr_slave_1: left promiscuous mode
[  321.594195][ T5927] veth1_vlan: left allmulticast mode
[  321.609861][ T5927] veth1_macvtap: left promiscuous mode
[  321.623853][ T5927] veth0_macvtap: left promiscuous mode
[  321.639484][ T5927] veth1_vlan: left promiscuous mode
[  321.647844][ T5927] veth0_vlan: left promiscuous mode
[  321.691152][T15555] FAULT_INJECTION: forcing a failure.
[  321.691152][T15555] name failslab, interval 1, probability 0, space 0, times 0
[  321.707837][T15555] CPU: 0 UID: 0 PID: 15555 Comm: syz.0.3178 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  321.707866][T15555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  321.707880][T15555] Call Trace:
[  321.707888][T15555]  <TASK>
[  321.707898][T15555]  dump_stack_lvl+0x189/0x250
[  321.707936][T15555]  ? __pfx____ratelimit+0x10/0x10
[  321.707968][T15555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.708002][T15555]  ? __pfx__printk+0x10/0x10
[  321.708031][T15555]  ? __pfx___might_resched+0x10/0x10
[  321.708063][T15555]  ? fs_reclaim_acquire+0x7d/0x100
[  321.708094][T15555]  should_fail_ex+0x414/0x560
[  321.708126][T15555]  should_failslab+0xa8/0x100
[  321.708150][T15555]  __kmalloc_cache_noprof+0x70/0x3d0
[  321.708171][T15555]  ? rtnl_newlink+0xed/0x1c70
[  321.708191][T15555]  ? kasan_save_free_info+0x46/0x50
[  321.708223][T15555]  rtnl_newlink+0xed/0x1c70
[  321.708241][T15555]  ? netlink_sendmsg+0x805/0xb30
[  321.708265][T15555]  ? __sock_sendmsg+0x21c/0x270
[  321.708301][T15555]  ? __sys_sendto+0x3bd/0x520
[  321.708321][T15555]  ? __x64_sys_sendto+0xde/0x100
[  321.708342][T15555]  ? do_syscall_64+0xfa/0x3b0
[  321.708358][T15555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.708389][T15555]  ? __pfx_rtnl_newlink+0x10/0x10
[  321.708437][T15555]  ? kasan_quarantine_put+0xdd/0x220
[  321.708467][T15555]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.708506][T15555]  ? nlmon_xmit+0xb0/0x100
[  321.708535][T15555]  ? kmem_cache_free+0x18f/0x400
[  321.708564][T15555]  ? __local_bh_enable_ip+0x12d/0x1c0
[  321.708596][T15555]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.708633][T15555]  ? __local_bh_enable_ip+0x12d/0x1c0
[  321.708664][T15555]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  321.708700][T15555]  ? __dev_queue_xmit+0x27e/0x3a70
[  321.708729][T15555]  ? __dev_queue_xmit+0x27e/0x3a70
[  321.708756][T15555]  ? __dev_queue_xmit+0x27e/0x3a70
[  321.708796][T15555]  ? __lock_acquire+0xab9/0xd20
[  321.708855][T15555]  ? __pfx_rtnl_newlink+0x10/0x10
[  321.708876][T15555]  rtnetlink_rcv_msg+0x7cc/0xb70
[  321.708902][T15555]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  321.708923][T15555]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  321.708943][T15555]  ? ref_tracker_free+0x63a/0x7d0
[  321.708970][T15555]  ? __copy_skb_header+0xa7/0x550
[  321.708999][T15555]  ? __pfx_ref_tracker_free+0x10/0x10
[  321.709039][T15555]  netlink_rcv_skb+0x208/0x470
[  321.709065][T15555]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  321.709089][T15555]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  321.709128][T15555]  ? netlink_deliver_tap+0x2e/0x1b0
[  321.709152][T15555]  ? netlink_deliver_tap+0x2e/0x1b0
[  321.709183][T15555]  netlink_unicast+0x75b/0x8d0
[  321.709217][T15555]  netlink_sendmsg+0x805/0xb30
[  321.709254][T15555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.709288][T15555]  ? aa_sock_msg_perm+0x94/0x160
[  321.709318][T15555]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  321.709345][T15555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.709371][T15555]  __sock_sendmsg+0x21c/0x270
[  321.709407][T15555]  __sys_sendto+0x3bd/0x520
[  321.709434][T15555]  ? __pfx___sys_sendto+0x10/0x10
[  321.709470][T15555]  ? count_memcg_event_mm+0x21/0x260
[  321.709515][T15555]  ? exc_page_fault+0x76/0xf0
[  321.709550][T15555]  ? do_user_addr_fault+0xc8a/0x1390
[  321.709583][T15555]  __x64_sys_sendto+0xde/0x100
[  321.709610][T15555]  do_syscall_64+0xfa/0x3b0
[  321.709629][T15555]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.709659][T15555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.709679][T15555]  ? clear_bhb_loop+0x60/0xb0
[  321.709706][T15555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.709727][T15555] RIP: 0033:0x7f2ce4b907bc
[  321.709745][T15555] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  321.709763][T15555] RSP: 002b:00007f2ce5918ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  321.709785][T15555] RAX: ffffffffffffffda RBX: 00007f2ce5918fc0 RCX: 00007f2ce4b907bc
[  321.709801][T15555] RDX: 0000000000000020 RSI: 00007f2ce5919010 RDI: 0000000000000005
[  321.709814][T15555] RBP: 0000000000000000 R08: 00007f2ce5918f14 R09: 000000000000000c
[  321.709827][T15555] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  321.709839][T15555] R13: 00007f2ce5918f68 R14: 00007f2ce5919010 R15: 0000000000000000
[  321.709872][T15555]  </TASK>
[  322.142965][ T5927] pimreg (unregistering): left allmulticast mode
[  322.181428][ T5927] pimreg3 (unregistering): left allmulticast mode
[  322.215529][ T5927] pim6reg (unregistering): left allmulticast mode
[  322.636438][T15572] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3183'.
[  322.657671][ T5927] team0 (unregistering): Port device team_slave_1 removed
[  322.698176][ T5927] team0 (unregistering): Port device team_slave_0 removed
[  322.811173][   T51] Bluetooth: hci4: command 0x041b tx timeout
[  323.197527][T15381] hsr_slave_0: entered promiscuous mode
[  323.206320][T15576] netlink: 'syz.2.3184': attribute type 4 has an invalid length.
[  323.227499][T15381] hsr_slave_1: entered promiscuous mode
[  323.241640][T15381] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  323.249559][T15381] Cannot create hsr debugfs directory
[  323.443979][T15586] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  323.453714][T15586] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3187'.
[  323.576821][T15585] tipc: Started in network mode
[  323.581896][T15585] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[  323.625005][T15585] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  323.770802][T15606] netlink: 'syz.4.3189': attribute type 1 has an invalid length.
[  323.798733][T15594] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3190'.
[  323.961554][ T5927] IPVS: stop unused estimator thread 0...
[  324.218481][T15620] FAULT_INJECTION: forcing a failure.
[  324.218481][T15620] name failslab, interval 1, probability 0, space 0, times 0
[  324.232548][T15620] CPU: 0 UID: 0 PID: 15620 Comm: syz.0.3195 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  324.232579][T15620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  324.232593][T15620] Call Trace:
[  324.232601][T15620]  <TASK>
[  324.232610][T15620]  dump_stack_lvl+0x189/0x250
[  324.232647][T15620]  ? __pfx____ratelimit+0x10/0x10
[  324.232679][T15620]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.232713][T15620]  ? __pfx__printk+0x10/0x10
[  324.232739][T15620]  ? __pfx___might_resched+0x10/0x10
[  324.232771][T15620]  ? fs_reclaim_acquire+0x7d/0x100
[  324.232802][T15620]  should_fail_ex+0x414/0x560
[  324.232835][T15620]  should_failslab+0xa8/0x100
[  324.232860][T15620]  __kmalloc_noprof+0xcb/0x4f0
[  324.232879][T15620]  ? tomoyo_encode+0x28b/0x550
[  324.232910][T15620]  tomoyo_encode+0x28b/0x550
[  324.232941][T15620]  tomoyo_realpath_from_path+0x58d/0x5d0
[  324.232969][T15620]  ? tomoyo_domain+0xd9/0x130
[  324.232999][T15620]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  324.233022][T15620]  tomoyo_path_number_perm+0x1e8/0x5a0
[  324.233047][T15620]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  324.233116][T15620]  ? __lock_acquire+0xab9/0xd20
[  324.233167][T15620]  ? __fget_files+0x2a/0x420
[  324.233193][T15620]  ? __fget_files+0x2a/0x420
[  324.233211][T15620]  ? __fget_files+0x3a0/0x420
[  324.233228][T15620]  ? __fget_files+0x2a/0x420
[  324.233250][T15620]  security_file_ioctl+0xcb/0x2d0
[  324.233272][T15620]  __se_sys_ioctl+0x47/0x170
[  324.233300][T15620]  do_syscall_64+0xfa/0x3b0
[  324.233314][T15620]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.233339][T15620]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.233356][T15620]  ? clear_bhb_loop+0x60/0xb0
[  324.233377][T15620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.233402][T15620] RIP: 0033:0x7f2ce4b8e929
[  324.233418][T15620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.233434][T15620] RSP: 002b:00007f2ce593b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  324.233453][T15620] RAX: ffffffffffffffda RBX: 00007f2ce4db5fa0 RCX: 00007f2ce4b8e929
[  324.233465][T15620] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000004
[  324.233476][T15620] RBP: 00007f2ce593b090 R08: 0000000000000000 R09: 0000000000000000
[  324.233487][T15620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.233497][T15620] R13: 0000000000000000 R14: 00007f2ce4db5fa0 R15: 00007ffc90fa1658
[  324.233524][T15620]  </TASK>
[  324.291113][T15620] ERROR: Out of memory at tomoyo_realpath_from_path.
[  324.886136][   T51] Bluetooth: hci4: command 0x041b tx timeout
[  324.899913][T15643] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3204'.
[  325.059932][T15656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3208'.
[  325.093244][T15656] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  325.117676][T15656] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3208'.
[  325.149713][T15661] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3208'.
[  325.156228][T15662] FAULT_INJECTION: forcing a failure.
[  325.156228][T15662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  325.212780][T15662] CPU: 0 UID: 0 PID: 15662 Comm: syz.4.3210 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  325.212812][T15662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  325.212825][T15662] Call Trace:
[  325.212834][T15662]  <TASK>
[  325.212844][T15662]  dump_stack_lvl+0x189/0x250
[  325.212882][T15662]  ? __pfx____ratelimit+0x10/0x10
[  325.212915][T15662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  325.212949][T15662]  ? __pfx__printk+0x10/0x10
[  325.212973][T15662]  ? __might_fault+0xb0/0x130
[  325.213007][T15662]  should_fail_ex+0x414/0x560
[  325.213056][T15662]  _copy_from_user+0x2d/0xb0
[  325.213079][T15662]  nr_rt_ioctl+0x74f/0xd50
[  325.213100][T15662]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  325.213139][T15662]  ? kasan_quarantine_put+0xdd/0x220
[  325.213172][T15662]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  325.213203][T15662]  ? apparmor_capable+0x137/0x1b0
[  325.213247][T15662]  ? capable+0x89/0xe0
[  325.213280][T15662]  ? nr_ioctl+0x1b1/0x3b0
[  325.213312][T15662]  sock_do_ioctl+0xdc/0x300
[  325.213360][T15662]  ? __pfx_sock_do_ioctl+0x10/0x10
[  325.213389][T15662]  ? __lock_acquire+0xab9/0xd20
[  325.213441][T15662]  sock_ioctl+0x576/0x790
[  325.213474][T15662]  ? __pfx_sock_ioctl+0x10/0x10
[  325.213506][T15662]  ? __fget_files+0x2a/0x420
[  325.213528][T15662]  ? __fget_files+0x3a0/0x420
[  325.213551][T15662]  ? __fget_files+0x2a/0x420
[  325.213578][T15662]  ? bpf_lsm_file_ioctl+0x9/0x20
[  325.213610][T15662]  ? __pfx_sock_ioctl+0x10/0x10
[  325.213641][T15662]  __se_sys_ioctl+0xf9/0x170
[  325.213675][T15662]  do_syscall_64+0xfa/0x3b0
[  325.213693][T15662]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.213724][T15662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.213745][T15662]  ? clear_bhb_loop+0x60/0xb0
[  325.213771][T15662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.213792][T15662] RIP: 0033:0x7fd76f78e929
[  325.213811][T15662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.213829][T15662] RSP: 002b:00007fd770552038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  325.213852][T15662] RAX: ffffffffffffffda RBX: 00007fd76f9b5fa0 RCX: 00007fd76f78e929
[  325.213868][T15662] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000004
[  325.213882][T15662] RBP: 00007fd770552090 R08: 0000000000000000 R09: 0000000000000000
[  325.213895][T15662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  325.213907][T15662] R13: 0000000000000000 R14: 00007fd76f9b5fa0 R15: 00007ffd088cf968
[  325.213940][T15662]  </TASK>
[  325.494118][T15381] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  325.549219][T15381] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  325.708409][T15381] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  325.733905][T15672] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3215'.
[  325.746185][T15381] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  326.048106][T15381] 8021q: adding VLAN 0 to HW filter on device bond0
[  326.156874][T15381] 8021q: adding VLAN 0 to HW filter on device team0
[  326.170500][T15702] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3222'.
[  326.234777][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.242042][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  326.261877][T15704] batman_adv: batadv0: Interface deactivated: dummy0
[  326.272343][T15704] batman_adv: batadv0: Removing interface: dummy0
[  326.280754][T15704] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  326.299487][T15704] batman_adv: batadv0: Removing interface: batadv_slave_0
[  326.320460][T15704] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  326.332192][T15704] batman_adv: batadv0: Removing interface: batadv_slave_1
[  326.390929][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.398212][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  326.428930][T15712] FAULT_INJECTION: forcing a failure.
[  326.428930][T15712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.456296][T15712] CPU: 1 UID: 0 PID: 15712 Comm: syz.2.3226 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  326.456323][T15712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.456336][T15712] Call Trace:
[  326.456343][T15712]  <TASK>
[  326.456351][T15712]  dump_stack_lvl+0x189/0x250
[  326.456385][T15712]  ? __pfx____ratelimit+0x10/0x10
[  326.456411][T15712]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.456438][T15712]  ? __pfx__printk+0x10/0x10
[  326.456457][T15712]  ? __might_fault+0xb0/0x130
[  326.456483][T15712]  should_fail_ex+0x414/0x560
[  326.456510][T15712]  _copy_from_user+0x2d/0xb0
[  326.456528][T15712]  ___sys_sendmsg+0x158/0x2a0
[  326.456553][T15712]  ? __pfx____sys_sendmsg+0x10/0x10
[  326.456605][T15712]  ? __fget_files+0x2a/0x420
[  326.456623][T15712]  ? __fget_files+0x3a0/0x420
[  326.456652][T15712]  __x64_sys_sendmsg+0x19b/0x260
[  326.456677][T15712]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  326.456708][T15712]  ? __pfx_ksys_write+0x10/0x10
[  326.456722][T15712]  ? rcu_is_watching+0x15/0xb0
[  326.456754][T15712]  ? do_syscall_64+0xbe/0x3b0
[  326.456774][T15712]  do_syscall_64+0xfa/0x3b0
[  326.456788][T15712]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.456812][T15712]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.456829][T15712]  ? clear_bhb_loop+0x60/0xb0
[  326.456849][T15712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.456866][T15712] RIP: 0033:0x7eff8d38e929
[  326.456883][T15712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.456897][T15712] RSP: 002b:00007eff8e1ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  326.456916][T15712] RAX: ffffffffffffffda RBX: 00007eff8d5b5fa0 RCX: 00007eff8d38e929
[  326.456932][T15712] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000004
[  326.456944][T15712] RBP: 00007eff8e1ae090 R08: 0000000000000000 R09: 0000000000000000
[  326.456957][T15712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.456969][T15712] R13: 0000000000000000 R14: 00007eff8d5b5fa0 R15: 00007ffc57300948
[  326.457002][T15712]  </TASK>
[  326.723489][T15381] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  327.109600][T15381] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.116344][T15732] __nla_validate_parse: 1 callbacks suppressed
[  327.116369][T15732] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3235'.
[  327.178885][T15736] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  327.252134][T15738] gretap1: entered promiscuous mode
[  327.322864][T15381] veth0_vlan: entered promiscuous mode
[  327.367436][T15381] veth1_vlan: entered promiscuous mode
[  327.452129][T15381] veth0_macvtap: entered promiscuous mode
[  327.488419][T15381] veth1_macvtap: entered promiscuous mode
[  327.541184][T15381] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.560090][T15747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3239'.
[  327.611192][T15381] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.713347][T15381] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  327.760765][T15381] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.776760][T15381] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.785904][T15381] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.798753][T15749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3240'.
[  327.810748][T15749] team0: default FDB implementation only supports local addresses
[  327.999031][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.036936][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.078081][T15754] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3241'.
[  328.167363][T15758] FAULT_INJECTION: forcing a failure.
[  328.167363][T15758] name failslab, interval 1, probability 0, space 0, times 0
[  328.184124][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.200545][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.218961][T15758] CPU: 1 UID: 0 PID: 15758 Comm: syz.4.3245 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  328.218993][T15758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  328.219007][T15758] Call Trace:
[  328.219016][T15758]  <TASK>
[  328.219025][T15758]  dump_stack_lvl+0x189/0x250
[  328.219064][T15758]  ? __pfx____ratelimit+0x10/0x10
[  328.219097][T15758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.219131][T15758]  ? __pfx__printk+0x10/0x10
[  328.219169][T15758]  ? __pfx___might_resched+0x10/0x10
[  328.219207][T15758]  should_fail_ex+0x414/0x560
[  328.219241][T15758]  should_failslab+0xa8/0x100
[  328.219266][T15758]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  328.219289][T15758]  ? __alloc_skb+0x112/0x2d0
[  328.219319][T15758]  __alloc_skb+0x112/0x2d0
[  328.219347][T15758]  netlink_sendmsg+0x5c6/0xb30
[  328.219384][T15758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.219412][T15758]  ? aa_sock_msg_perm+0x94/0x160
[  328.219442][T15758]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  328.219469][T15758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.219496][T15758]  __sock_sendmsg+0x21c/0x270
[  328.219532][T15758]  ____sys_sendmsg+0x505/0x830
[  328.219565][T15758]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.219610][T15758]  ? import_iovec+0x74/0xa0
[  328.219635][T15758]  ___sys_sendmsg+0x21f/0x2a0
[  328.219664][T15758]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.219731][T15758]  ? __fget_files+0x2a/0x420
[  328.219754][T15758]  ? __fget_files+0x3a0/0x420
[  328.219788][T15758]  __x64_sys_sendmsg+0x19b/0x260
[  328.219819][T15758]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  328.219857][T15758]  ? __pfx_ksys_write+0x10/0x10
[  328.219874][T15758]  ? rcu_is_watching+0x15/0xb0
[  328.219914][T15758]  ? do_syscall_64+0xbe/0x3b0
[  328.219938][T15758]  do_syscall_64+0xfa/0x3b0
[  328.219956][T15758]  ? lockdep_hardirqs_on+0x9c/0x150
[  328.219991][T15758]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.220012][T15758]  ? clear_bhb_loop+0x60/0xb0
[  328.220038][T15758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.220060][T15758] RIP: 0033:0x7fd76f78e929
[  328.220079][T15758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.220098][T15758] RSP: 002b:00007fd770552038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.220120][T15758] RAX: ffffffffffffffda RBX: 00007fd76f9b5fa0 RCX: 00007fd76f78e929
[  328.220136][T15758] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000004
[  328.220159][T15758] RBP: 00007fd770552090 R08: 0000000000000000 R09: 0000000000000000
[  328.220172][T15758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.220185][T15758] R13: 0000000000000000 R14: 00007fd76f9b5fa0 R15: 00007ffd088cf968
[  328.220219][T15758]  </TASK>
[  328.599053][T15762] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.728946][T15762] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.769304][T15771] xt_limit: Overflow, try lower: 2147483649/128
[  328.849923][T15762] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.924013][T15771] netlink: 'syz.4.3248': attribute type 8 has an invalid length.
[  328.932304][T15771] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3248'.
[  328.980004][T15776] veth5: entered promiscuous mode
[  329.030558][T15762] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.031963][T15787] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  329.164112][T15791] gretap1: entered promiscuous mode
[  329.201179][T15795] 8021q: VLANs not supported on ip6_vti0
[  329.360082][T15762] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.436028][T15762] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.455135][T15800] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3256'.
[  329.537991][T15762] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.628032][T15762] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.753744][T15805] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3259'.
[  329.792078][T15805] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  329.809374][T15805] batman_adv: batadv0: Removing interface: batadv_slave_0
[  329.917386][T15805] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  329.938710][T15805] batman_adv: batadv0: Removing interface: batadv_slave_1
[  330.061629][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  330.071815][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  330.082031][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  330.092022][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  330.101433][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  330.252905][T15824] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3265'.
[  330.327602][T15815] C speed is unknown, defaulting to 1000
[  330.462333][  T146] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.585074][  T146] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.681253][T15837] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3270'.
[  330.748529][  T146] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.811738][T15842] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  330.828202][  T146] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.007411][T15846] gretap1: entered promiscuous mode
[  331.138861][T15815] chnl_net:caif_netlink_parms(): no params data found
[  331.189723][T15852] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  331.278877][T15852] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  331.810052][  T146] bond9 (unregistering): (slave gretap0): Releasing active interface
[  332.165286][ T5833] Bluetooth: hci2: command tx timeout
[  332.343789][  T146] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  332.354473][  T146] bond0 (unregistering): Released all slaves
[  332.378113][  T146] bond1 (unregistering): Released all slaves
[  332.400845][  T146] bond2 (unregistering): Released all slaves
[  332.439090][  T146] bond3 (unregistering): Released all slaves
[  332.462870][  T146] bond4 (unregistering): Released all slaves
[  332.491899][  T146] bond5 (unregistering): Released all slaves
[  332.525400][  T146] bond6 (unregistering): Released all slaves
[  332.549955][  T146] bond7 (unregistering): Released all slaves
[  332.583478][  T146] bond8 (unregistering): Released all slaves
[  332.803500][  T146] bond9 (unregistering): Released all slaves
[  332.850293][T15815] bridge0: port 1(bridge_slave_0) entered blocking state
[  332.879463][T15815] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.895853][T15815] bridge_slave_0: entered allmulticast mode
[  332.903974][T15815] bridge_slave_0: entered promiscuous mode
[  332.914139][T15815] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.933615][T15815] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.952267][T15815] bridge_slave_1: entered allmulticast mode
[  332.960759][T15815] bridge_slave_1: entered promiscuous mode
[  333.112712][  T146] tipc: Left network mode
[  333.186689][T15891] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  333.211224][T15815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  333.273507][T15815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  333.309185][T15896] netlink: 'syz.1.3289': attribute type 1 has an invalid length.
[  333.463563][T15901] FAULT_INJECTION: forcing a failure.
[  333.463563][T15901] name failslab, interval 1, probability 0, space 0, times 0
[  333.524503][T15901] CPU: 1 UID: 0 PID: 15901 Comm: syz.4.3293 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  333.524535][T15901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  333.524548][T15901] Call Trace:
[  333.524556][T15901]  <TASK>
[  333.524565][T15901]  dump_stack_lvl+0x189/0x250
[  333.524611][T15901]  ? __pfx____ratelimit+0x10/0x10
[  333.524644][T15901]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.524677][T15901]  ? __pfx__printk+0x10/0x10
[  333.524703][T15901]  ? __pfx___might_resched+0x10/0x10
[  333.524735][T15901]  ? fs_reclaim_acquire+0x7d/0x100
[  333.524765][T15901]  should_fail_ex+0x414/0x560
[  333.524798][T15901]  should_failslab+0xa8/0x100
[  333.524823][T15901]  __kmalloc_noprof+0xcb/0x4f0
[  333.524844][T15901]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  333.524884][T15901]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  333.524924][T15901]  genl_family_rcv_msg_doit+0xb8/0x300
[  333.524964][T15901]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  333.524998][T15901]  ? rcu_is_watching+0x15/0xb0
[  333.525034][T15901]  ? apparmor_capable+0x137/0x1b0
[  333.525070][T15901]  ? bpf_lsm_capable+0x9/0x20
[  333.525088][T15901]  ? security_capable+0x7e/0x2e0
[  333.525123][T15901]  genl_rcv_msg+0x60e/0x790
[  333.525162][T15901]  ? __pfx_genl_rcv_msg+0x10/0x10
[  333.525193][T15901]  ? __pfx_netlbl_unlabel_staticremovedef+0x10/0x10
[  333.525237][T15901]  netlink_rcv_skb+0x208/0x470
[  333.525263][T15901]  ? __pfx_genl_rcv_msg+0x10/0x10
[  333.525295][T15901]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  333.525342][T15901]  ? down_read+0x1ad/0x2e0
[  333.525366][T15901]  genl_rcv+0x28/0x40
[  333.525394][T15901]  netlink_unicast+0x75b/0x8d0
[  333.525429][T15901]  netlink_sendmsg+0x805/0xb30
[  333.525466][T15901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  333.525496][T15901]  ? aa_sock_msg_perm+0x94/0x160
[  333.525529][T15901]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  333.525556][T15901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  333.525590][T15901]  __sock_sendmsg+0x21c/0x270
[  333.525626][T15901]  ____sys_sendmsg+0x505/0x830
[  333.525660][T15901]  ? __pfx_____sys_sendmsg+0x10/0x10
[  333.525699][T15901]  ? import_iovec+0x74/0xa0
[  333.525725][T15901]  ___sys_sendmsg+0x21f/0x2a0
[  333.525755][T15901]  ? __pfx____sys_sendmsg+0x10/0x10
[  333.525827][T15901]  ? __fget_files+0x2a/0x420
[  333.525849][T15901]  ? __fget_files+0x3a0/0x420
[  333.525887][T15901]  __x64_sys_sendmsg+0x19b/0x260
[  333.525916][T15901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  333.525955][T15901]  ? __pfx_ksys_write+0x10/0x10
[  333.525972][T15901]  ? rcu_is_watching+0x15/0xb0
[  333.526011][T15901]  ? do_syscall_64+0xbe/0x3b0
[  333.526035][T15901]  do_syscall_64+0xfa/0x3b0
[  333.526053][T15901]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.526083][T15901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.526104][T15901]  ? clear_bhb_loop+0x60/0xb0
[  333.526130][T15901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.526151][T15901] RIP: 0033:0x7fd76f78e929
[  333.526170][T15901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.526189][T15901] RSP: 002b:00007fd770552038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  333.526211][T15901] RAX: ffffffffffffffda RBX: 00007fd76f9b5fa0 RCX: 00007fd76f78e929
[  333.526227][T15901] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000004
[  333.526240][T15901] RBP: 00007fd770552090 R08: 0000000000000000 R09: 0000000000000000
[  333.526253][T15901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.526265][T15901] R13: 0000000000000000 R14: 00007fd76f9b5fa0 R15: 00007ffd088cf968
[  333.526301][T15901]  </TASK>
[  334.076950][T15897] gretap1: entered promiscuous mode
[  334.088619][T15815] team0: Port device team_slave_0 added
[  334.097866][T15815] team0: Port device team_slave_1 added
[  334.215193][T15815] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.254967][ T5833] Bluetooth: hci2: command tx timeout
[  334.259761][T15815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.306493][T15815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.389844][T15922] ipt_REJECT: TCP_RESET invalid for non-tcp
[  334.392336][T15925] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  334.447820][T15815] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.473721][T15815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.502854][T15815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.746703][T15936] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  334.766292][T15815] hsr_slave_0: entered promiscuous mode
[  334.775792][T15815] hsr_slave_1: entered promiscuous mode
[  334.790614][T15815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  334.800597][T15815] Cannot create hsr debugfs directory
[  334.838253][T15941] netlink: 'syz.2.3306': attribute type 1 has an invalid length.
[  334.914812][T15945] gretap1: entered promiscuous mode
[  335.068867][T15949] FAULT_INJECTION: forcing a failure.
[  335.068867][T15949] name failslab, interval 1, probability 0, space 0, times 0
[  335.102783][T15949] CPU: 0 UID: 0 PID: 15949 Comm: syz.4.3311 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  335.102815][T15949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.102829][T15949] Call Trace:
[  335.102837][T15949]  <TASK>
[  335.102846][T15949]  dump_stack_lvl+0x189/0x250
[  335.102886][T15949]  ? __pfx____ratelimit+0x10/0x10
[  335.102920][T15949]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.102954][T15949]  ? __pfx__printk+0x10/0x10
[  335.102996][T15949]  ? __pfx___might_resched+0x10/0x10
[  335.103031][T15949]  ? fs_reclaim_acquire+0x7d/0x100
[  335.103061][T15949]  should_fail_ex+0x414/0x560
[  335.103094][T15949]  should_failslab+0xa8/0x100
[  335.103119][T15949]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  335.103140][T15949]  ? __alloc_skb+0x112/0x2d0
[  335.103168][T15949]  __alloc_skb+0x112/0x2d0
[  335.103196][T15949]  netlink_ack+0x146/0xa50
[  335.103217][T15949]  ? __pfx_genl_rcv_msg+0x10/0x10
[  335.103272][T15949]  netlink_rcv_skb+0x28c/0x470
[  335.103296][T15949]  ? __pfx_genl_rcv_msg+0x10/0x10
[  335.103328][T15949]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  335.103392][T15949]  ? down_read+0x1ad/0x2e0
[  335.103417][T15949]  genl_rcv+0x28/0x40
[  335.103446][T15949]  netlink_unicast+0x75b/0x8d0
[  335.103482][T15949]  netlink_sendmsg+0x805/0xb30
[  335.103519][T15949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  335.103550][T15949]  ? aa_sock_msg_perm+0x94/0x160
[  335.103580][T15949]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  335.103608][T15949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  335.103635][T15949]  __sock_sendmsg+0x21c/0x270
[  335.103672][T15949]  ____sys_sendmsg+0x505/0x830
[  335.103707][T15949]  ? __pfx_____sys_sendmsg+0x10/0x10
[  335.103746][T15949]  ? import_iovec+0x74/0xa0
[  335.103779][T15949]  ___sys_sendmsg+0x21f/0x2a0
[  335.103810][T15949]  ? __pfx____sys_sendmsg+0x10/0x10
[  335.103882][T15949]  ? __fget_files+0x2a/0x420
[  335.103906][T15949]  ? __fget_files+0x3a0/0x420
[  335.103943][T15949]  __x64_sys_sendmsg+0x19b/0x260
[  335.103974][T15949]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  335.104014][T15949]  ? __pfx_ksys_write+0x10/0x10
[  335.104031][T15949]  ? rcu_is_watching+0x15/0xb0
[  335.104071][T15949]  ? do_syscall_64+0xbe/0x3b0
[  335.104095][T15949]  do_syscall_64+0xfa/0x3b0
[  335.104116][T15949]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.104136][T15949]  ? asm_sysvec_call_function_single+0x1a/0x20
[  335.104159][T15949]  ? clear_bhb_loop+0x60/0xb0
[  335.104185][T15949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.104206][T15949] RIP: 0033:0x7fd76f78e929
[  335.104225][T15949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.104245][T15949] RSP: 002b:00007fd770552038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  335.104268][T15949] RAX: ffffffffffffffda RBX: 00007fd76f9b5fa0 RCX: 00007fd76f78e929
[  335.104284][T15949] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000004
[  335.104297][T15949] RBP: 00007fd770552090 R08: 0000000000000000 R09: 0000000000000000
[  335.104311][T15949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.104322][T15949] R13: 0000000000000000 R14: 00007fd76f9b5fa0 R15: 00007ffd088cf968
[  335.104357][T15949]  </TASK>
[  335.612300][  T146] hsr_slave_0: left promiscuous mode
[  335.626475][  T146] hsr_slave_1: left promiscuous mode
[  335.678900][  T146] veth0_macvtap: left promiscuous mode
[  335.697622][  T146] veth1_vlan: left promiscuous mode
[  335.703044][  T146] 
: left promiscuous mode
[  336.334609][ T5833] Bluetooth: hci2: command tx timeout
[  336.665737][ T5978] smc: removing ib device syz0
[  336.889357][T15986] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  336.962852][T15989] netlink: 'syz.1.3324': attribute type 1 has an invalid length.
[  337.391975][T15998] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8
[  338.023402][T16016] FAULT_INJECTION: forcing a failure.
[  338.023402][T16016] name failslab, interval 1, probability 0, space 0, times 0
[  338.068588][T16016] CPU: 1 UID: 0 PID: 16016 Comm: syz.2.3335 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  338.068621][T16016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  338.068634][T16016] Call Trace:
[  338.068643][T16016]  <TASK>
[  338.068652][T16016]  dump_stack_lvl+0x189/0x250
[  338.068691][T16016]  ? __pfx____ratelimit+0x10/0x10
[  338.068722][T16016]  ? __pfx_dump_stack_lvl+0x10/0x10
[  338.068755][T16016]  ? __pfx__printk+0x10/0x10
[  338.068784][T16016]  ? __pfx___might_resched+0x10/0x10
[  338.068815][T16016]  ? fs_reclaim_acquire+0x7d/0x100
[  338.068846][T16016]  should_fail_ex+0x414/0x560
[  338.068878][T16016]  should_failslab+0xa8/0x100
[  338.068902][T16016]  __kmalloc_noprof+0xcb/0x4f0
[  338.068920][T16016]  ? kfree+0x4d/0x440
[  338.068947][T16016]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  338.068983][T16016]  tomoyo_realpath_from_path+0xe3/0x5d0
[  338.069015][T16016]  ? tomoyo_domain+0xd9/0x130
[  338.069050][T16016]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  338.069075][T16016]  tomoyo_path_number_perm+0x1e8/0x5a0
[  338.069104][T16016]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  338.069148][T16016]  ? __lock_acquire+0xab9/0xd20
[  338.069199][T16016]  ? __fget_files+0x2a/0x420
[  338.069226][T16016]  ? __fget_files+0x2a/0x420
[  338.069247][T16016]  ? __fget_files+0x3a0/0x420
[  338.069268][T16016]  ? __fget_files+0x2a/0x420
[  338.069295][T16016]  security_file_ioctl+0xcb/0x2d0
[  338.069321][T16016]  __se_sys_ioctl+0x47/0x170
[  338.069354][T16016]  do_syscall_64+0xfa/0x3b0
[  338.069372][T16016]  ? lockdep_hardirqs_on+0x9c/0x150
[  338.069409][T16016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.069448][T16016]  ? clear_bhb_loop+0x60/0xb0
[  338.069475][T16016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.069496][T16016] RIP: 0033:0x7eff8d38e929
[  338.069515][T16016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.069535][T16016] RSP: 002b:00007eff8e1ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  338.069558][T16016] RAX: ffffffffffffffda RBX: 00007eff8d5b5fa0 RCX: 00007eff8d38e929
[  338.069574][T16016] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000004
[  338.069588][T16016] RBP: 00007eff8e1ae090 R08: 0000000000000000 R09: 0000000000000000
[  338.069605][T16016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.069617][T16016] R13: 0000000000000000 R14: 00007eff8d5b5fa0 R15: 00007ffc57300948
[  338.069652][T16016]  </TASK>
[  338.070831][T16016] ERROR: Out of memory at tomoyo_realpath_from_path.
[  338.352014][T16018] xt_CT: No such helper "syz0"
[  338.411439][ T5833] Bluetooth: hci2: command tx timeout
[  338.757939][T16023] bridge0: port 2(bridge_slave_1) entered disabled state
[  338.887311][T16041] netlink: 'syz.1.3342': attribute type 5 has an invalid length.
[  338.938794][T16041] 
[  338.941191][T16041] ======================================================
[  338.948235][T16041] WARNING: possible circular locking dependency detected
[  338.955339][T16041] 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 Not tainted
[  338.962466][T16041] ------------------------------------------------------
[  338.969492][T16041] syz.1.3342/16041 is trying to acquire lock:
[  338.975564][T16041] ffffffff8f668398 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0
[  338.984903][T16041] 
[  338.984903][T16041] but task is already holding lock:
[  338.992308][T16041] ffff88807c794170 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[  339.001653][T16041] 
[  339.001653][T16041] which lock already depends on the new lock.
[  339.001653][T16041] 
[  339.012061][T16041] 
[  339.012061][T16041] the existing dependency chain (in reverse order) is:
[  339.021080][T16041] 
[  339.021080][T16041] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  339.029091][T16041]        lock_acquire+0x120/0x360
[  339.034151][T16041]        _raw_spin_lock_bh+0x36/0x50
[  339.039459][T16041]        nr_rt_device_down+0x12a/0x720
[  339.044948][T16041]        nr_device_event+0x137/0x150
[  339.050249][T16041]        notifier_call_chain+0x1b3/0x3e0
[  339.055910][T16041]        dev_close_many+0x29c/0x410
[  339.061117][T16041]        netif_close+0x158/0x210
[  339.066071][T16041]        dev_close+0x10a/0x220
[  339.070850][T16041]        bpq_device_event+0x2f4/0x600
[  339.076238][T16041]        notifier_call_chain+0x1b3/0x3e0
[  339.081902][T16041]        __dev_notify_flags+0x18d/0x2e0
[  339.087467][T16041]        netif_change_flags+0xe8/0x1a0
[  339.092943][T16041]        dev_change_flags+0x130/0x260
[  339.098329][T16041]        dev_ioctl+0x7b4/0x1150
[  339.103192][T16041]        sock_do_ioctl+0x22c/0x300
[  339.108321][T16041]        sock_ioctl+0x576/0x790
[  339.113195][T16041]        __se_sys_ioctl+0xf9/0x170
[  339.118328][T16041]        do_syscall_64+0xfa/0x3b0
[  339.123383][T16041]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.129901][T16041] 
[  339.129901][T16041] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  339.137749][T16041]        lock_acquire+0x120/0x360
[  339.142794][T16041]        _raw_spin_lock_bh+0x36/0x50
[  339.148099][T16041]        nr_rt_device_down+0xa9/0x720
[  339.153491][T16041]        nr_device_event+0x137/0x150
[  339.158793][T16041]        notifier_call_chain+0x1b3/0x3e0
[  339.164457][T16041]        dev_close_many+0x29c/0x410
[  339.169666][T16041]        netif_close+0x158/0x210
[  339.174615][T16041]        dev_close+0x10a/0x220
[  339.179391][T16041]        bpq_device_event+0x2f4/0x600
[  339.184775][T16041]        notifier_call_chain+0x1b3/0x3e0
[  339.190469][T16041]        __dev_notify_flags+0x18d/0x2e0
[  339.196054][T16041]        netif_change_flags+0xe8/0x1a0
[  339.201541][T16041]        dev_change_flags+0x130/0x260
[  339.206944][T16041]        dev_ioctl+0x7b4/0x1150
[  339.211816][T16041]        sock_do_ioctl+0x22c/0x300
[  339.216949][T16041]        sock_ioctl+0x576/0x790
[  339.221824][T16041]        __se_sys_ioctl+0xf9/0x170
[  339.226964][T16041]        do_syscall_64+0xfa/0x3b0
[  339.232012][T16041]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.238453][T16041] 
[  339.238453][T16041] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  339.246387][T16041]        validate_chain+0xb9b/0x2140
[  339.251690][T16041]        __lock_acquire+0xab9/0xd20
[  339.256903][T16041]        lock_acquire+0x120/0x360
[  339.261947][T16041]        _raw_spin_lock_bh+0x36/0x50
[  339.267247][T16041]        nr_remove_neigh+0x25/0xe0
[  339.272372][T16041]        nr_add_node+0x1d9f/0x2570
[  339.277491][T16041]        nr_rt_ioctl+0xc12/0xd50
[  339.282531][T16041]        sock_do_ioctl+0xdc/0x300
[  339.287576][T16041]        sock_ioctl+0x576/0x790
[  339.292450][T16041]        __se_sys_ioctl+0xf9/0x170
[  339.297595][T16041]        do_syscall_64+0xfa/0x3b0
[  339.302627][T16041]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.309053][T16041] 
[  339.309053][T16041] other info that might help us debug this:
[  339.309053][T16041] 
[  339.319290][T16041] Chain exists of:
[  339.319290][T16041]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  339.319290][T16041] 
[  339.333146][T16041]  Possible unsafe locking scenario:
[  339.333146][T16041] 
[  339.340604][T16041]        CPU0                    CPU1
[  339.345989][T16041]        ----                    ----
[  339.351364][T16041]   lock(&nr_node->node_lock);
[  339.356141][T16041]                                lock(nr_node_list_lock);
[  339.363268][T16041]                                lock(&nr_node->node_lock);
[  339.370569][T16041]   lock(nr_neigh_list_lock);
[  339.375267][T16041] 
[  339.375267][T16041]  *** DEADLOCK ***
[  339.375267][T16041] 
[  339.383420][T16041] 1 lock held by syz.1.3342/16041:
[  339.388541][T16041]  #0: ffff88807c794170 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[  339.398326][T16041] 
[  339.398326][T16041] stack backtrace:
[  339.404240][T16041] CPU: 0 UID: 0 PID: 16041 Comm: syz.1.3342 Not tainted 6.16.0-rc1-syzkaller-00120-g0aff00432cc7 #0 PREEMPT(full) 
[  339.404270][T16041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.404282][T16041] Call Trace:
[  339.404290][T16041]  <TASK>
[  339.404299][T16041]  dump_stack_lvl+0x189/0x250
[  339.404332][T16041]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.404359][T16041]  ? __pfx__printk+0x10/0x10
[  339.404377][T16041]  ? stack_trace_save+0x9c/0xe0
[  339.404405][T16041]  print_circular_bug+0x2ee/0x310
[  339.404428][T16041]  check_noncircular+0x134/0x160
[  339.404448][T16041]  validate_chain+0xb9b/0x2140
[  339.404474][T16041]  __lock_acquire+0xab9/0xd20
[  339.404503][T16041]  ? nr_remove_neigh+0x25/0xe0
[  339.404520][T16041]  lock_acquire+0x120/0x360
[  339.404543][T16041]  ? nr_remove_neigh+0x25/0xe0
[  339.404563][T16041]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  339.404583][T16041]  ? nr_remove_neigh+0x25/0xe0
[  339.404600][T16041]  _raw_spin_lock_bh+0x36/0x50
[  339.404624][T16041]  ? nr_remove_neigh+0x25/0xe0
[  339.404640][T16041]  nr_remove_neigh+0x25/0xe0
[  339.404658][T16041]  nr_add_node+0x1d9f/0x2570
[  339.404676][T16041]  ? __asan_memcpy+0x40/0x70
[  339.404700][T16041]  ? nr_call_to_digi+0x126/0x1b0
[  339.404717][T16041]  nr_rt_ioctl+0xc12/0xd50
[  339.404733][T16041]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  339.404762][T16041]  ? kasan_quarantine_put+0xdd/0x220
[  339.404787][T16041]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  339.404808][T16041]  ? apparmor_capable+0x137/0x1b0
[  339.404839][T16041]  ? capable+0x89/0xe0
[  339.404864][T16041]  ? nr_ioctl+0x1b1/0x3b0
[  339.404888][T16041]  sock_do_ioctl+0xdc/0x300
[  339.404914][T16041]  ? __pfx_sock_do_ioctl+0x10/0x10
[  339.404939][T16041]  ? __lock_acquire+0xab9/0xd20
[  339.404969][T16041]  sock_ioctl+0x576/0x790
[  339.404994][T16041]  ? __pfx_sock_ioctl+0x10/0x10
[  339.405019][T16041]  ? __fget_files+0x2a/0x420
[  339.405037][T16041]  ? __fget_files+0x3a0/0x420
[  339.405054][T16041]  ? __fget_files+0x2a/0x420
[  339.405074][T16041]  ? bpf_lsm_file_ioctl+0x9/0x20
[  339.405099][T16041]  ? __pfx_sock_ioctl+0x10/0x10
[  339.405124][T16041]  __se_sys_ioctl+0xf9/0x170
[  339.405149][T16041]  do_syscall_64+0xfa/0x3b0
[  339.405164][T16041]  ? lockdep_hardirqs_on+0x9c/0x150
[  339.405189][T16041]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.405206][T16041]  ? clear_bhb_loop+0x60/0xb0
[  339.405225][T16041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.405248][T16041] RIP: 0033:0x7ff33398e929
[  339.405264][T16041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.405279][T16041] RSP: 002b:00007ff3348d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  339.405297][T16041] RAX: ffffffffffffffda RBX: 00007ff333bb5fa0 RCX: 00007ff33398e929
[  339.405310][T16041] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000009
[  339.405321][T16041] RBP: 00007ff333a10b39 R08: 0000000000000000 R09: 0000000000000000
[  339.405331][T16041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.405341][T16041] R13: 0000000000000000 R14: 00007ff333bb5fa0 R15: 00007ffeb52a70c8
[  339.405361][T16041]  </TASK>
[  339.752757][T15815] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  339.795563][T15815] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  339.853787][T15815] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  339.867416][T15815] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  340.012130][T15815] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.028790][T15815] 8021q: adding VLAN 0 to HW filter on device team0
[  340.039854][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.046973][ T5978] bridge0: port 1(bridge_slave_0) entered forwarding state
[  340.059982][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.067129][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  340.099696][  T146] IPVS: stop unused estimator thread 0...
[  340.219531][T15815] 8021q: adding VLAN 0 to HW filter on device batadv0
[  340.250891][T15815] veth0_vlan: entered promiscuous mode
[  340.260913][T15815] veth1_vlan: entered promiscuous mode
[  340.282420][T15815] veth0_macvtap: entered promiscuous mode
[  340.290671][T15815] veth1_macvtap: entered promiscuous mode
[  340.304089][T15815] batman_adv: batadv0: Interface activated: batadv_slave_0
[  340.321207][T15815] batman_adv: batadv0: Interface activated: batadv_slave_1
[  340.331354][T15815] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  340.340299][T15815] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  340.349339][T15815] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  340.358489][T15815] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.384041][T15815] ieee80211 phy29: Selected rate control algorithm 'minstrel_ht'
[  340.406866][  T146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  340.408535][T15815] ieee80211 phy30: Selected rate control algorithm 'minstrel_ht'
[  340.415651][  T146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  340.446081][T10458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  340.454015][T10458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50