last executing test programs:

2.514438343s ago: executing program 0 (id=1526):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2.451233854s ago: executing program 0 (id=1529):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x609, 0x4, 0x0, &(0x7f0000000140)="dd800000", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket(0xa, 0x40000000002, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000400000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000d801000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b3900000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff00000000"]}, 0x3c0)
close(r0)
r3 = socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000100)=""/113, 0x71}, {0x0}], 0x2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
unshare(0x60020c80)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000000000000039d1c723d667ee8b42bce1f54f75594182"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0xb, &(0x7f0000000980)=@framed={{}, [@map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x181}, @alu={0x4, 0x0, 0x7, 0x5, 0xb, 0xfffffffffffffffe, 0x8}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x7}, @alu={0x4, 0x1, 0x5, 0x4, 0xa, 0x6, 0x4}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r3)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000600)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x24, r8, 0x121, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(r3, &(0x7f0000000800)={&(0x7f0000000180), 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x70, r7, 0x8, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x1)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)

2.003664941s ago: executing program 3 (id=1533):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/171, 0xab}, {&(0x7f0000000240)=""/194, 0xc2}, {&(0x7f0000000380)=""/195, 0xc3}], 0x3, 0x6, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000010000000000000000000000711212000000000095"], &(0x7f0000000680)='GPL\x00', 0x1, 0x0, 0x0, 0x61780, 0x4, '\x00', 0x0, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)

1.790254479s ago: executing program 3 (id=1534):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="010100000000000400000000000000009500e10000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e8, 0x1c0, 0x111, 0x4b4, 0x8, 0xd4feffff, 0x318, 0x20a, 0x278, 0x318, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x198, 0x1c0, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x448)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000380)={0xa, 0x14e24, 0x0, @empty}, 0x1c)
recvmmsg(r2, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
bind$l2tp6(r2, &(0x7f0000000080)={0xa, 0x0, 0x6, @private0, 0x7, 0x2}, 0x20)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000393acaa60000000000000000000000999ca76381c80b31edb6e934a78152d79156b76922706ba9f95b518d18d01bd3b31b595b411631bc2223949ea9b8b935dc4e4a8a29d3bdb84f05b1c7b626117361c78f127008d17df74721ddaece33441999b7388ad1580cbaa52ce1235707cd9e610c791718d9b75ed36b66b3490b8eb8af26600cf6b698c2f41ff2c9d1539dcfe3e1f4f6c9939515d6bbb3f4a2980588e40af3b200f7ca2ca957a12862b155dead513c6a66575e08c7cd942d5def98ee34dc568fefa603e18ae2811abef1d03d55511b79eb61f6ce976e5c7c79fdde4f8073123c412d9cc2"], 0x48)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="04000226", @ANYRES16=0x0, @ANYBLOB="00000000000000000004e800000008000317"], 0x1c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$igmp(0x2, 0x3, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b28, &(0x7f0000000000)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, 0x0, 0xffffffffffffff8d)
setsockopt$sock_linger(r7, 0x1, 0xd, &(0x7f0000000180), 0x8)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r9, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r8, 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58)
r11 = accept4(r10, 0x0, 0x0, 0x0)
sendto$packet(r11, &(0x7f0000000100)="85f0d9", 0x3f, 0x0, 0x0, 0x0)

1.501525383s ago: executing program 1 (id=1536):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x0)
recvmmsg(r0, &(0x7f0000004800)=[{{&(0x7f0000000280)=@generic, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)}, {&(0x7f0000000340)=""/106, 0x6a}, {&(0x7f00000003c0)=""/206, 0xce}], 0x3, &(0x7f0000000500)=""/1, 0x1}, 0x1}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)}, {&(0x7f0000001580)=""/57, 0x39}], 0x3, &(0x7f0000001600)=""/11, 0xb}}, {{&(0x7f0000001640)=@in={0x2, 0x0, @initdev}, 0x80, &(0x7f0000001900)=[{&(0x7f00000016c0)=""/223, 0xdf}, {&(0x7f00000017c0)=""/163, 0xa3}, {&(0x7f0000001880)=""/101, 0x65}], 0x3, &(0x7f0000001940)=""/125, 0x7d}, 0x9}, {{0x0, 0x0, &(0x7f0000002bc0)=[{&(0x7f00000019c0)=""/51, 0x33}, {&(0x7f0000001a00)=""/250, 0xfa}, {&(0x7f0000001b00)=""/160, 0xa0}, {&(0x7f0000001bc0)=""/4096, 0x1000}], 0x4, &(0x7f0000002c00)=""/215, 0xd7}, 0x6}, {{0x0, 0x0, &(0x7f0000002d00), 0x0, &(0x7f0000002d40)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000003d40)=@alg, 0x80, &(0x7f0000003e40)=[{&(0x7f0000003dc0)=""/100, 0x64}], 0x1, &(0x7f0000003e80)=""/70, 0x46}, 0xfffffffd}, {{&(0x7f0000003f00)=@pppol2tpv3, 0x80, &(0x7f0000004280)=[{&(0x7f0000003f80)=""/236, 0xec}, {&(0x7f0000004080)=""/242, 0xf2}, {&(0x7f0000004180)=""/204, 0xcc}], 0x3, &(0x7f00000042c0)=""/61, 0x3d}, 0x8}, {{&(0x7f0000004300)=@alg, 0x80, &(0x7f0000004740)=[{&(0x7f0000004380)=""/155, 0x9b}, {&(0x7f0000004440)=""/251, 0xfb}, {&(0x7f0000004540)=""/236, 0xec}, {&(0x7f0000004640)=""/19, 0x13}, {&(0x7f0000004680)=""/34, 0x22}, {&(0x7f00000046c0)=""/127, 0x7f}], 0x6, &(0x7f00000047c0)=""/2, 0x2}, 0xfa3b}], 0x8, 0x40, &(0x7f0000004a00)={0x77359400})
syz_emit_ethernet(0x56, &(0x7f0000000000)={@random="fd4000000800", @random="24475466a8f0", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "902d03", 0x20, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[@dstopts={0x0, 0x2, '\x00', [@calipso={0x7, 0x8}, @padn, @generic, @pad1]}]}}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fedbdf252700000008000300", @ANYRES32=r4, @ANYBLOB="0a00060008"], 0x34}, 0x1, 0x0, 0x0, 0x20004841}, 0x80)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000000206010000000000000000000000000011000300686173683a6e65742c6e6574000000000500040000000000090002ffffff7f0000000000140007800800134000000001080006000000009105000400000000000500010006000000"], 0x60}, 0x1, 0x0, 0x0, 0x1c}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x1, 0x4, 0x0, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}, @NFULA_CFG_TIMEOUT={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x4)

1.300626753s ago: executing program 1 (id=1539):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

1.213121091s ago: executing program 2 (id=1540):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x81, 0x81, 0x6, [@datasec={0xa, 0x4, 0x0, 0xf, 0x1, [{0x3, 0x9, 0x4}, {0x3, 0x7, 0x7}, {0x3, 0x4, 0x10}, {0x1, 0x2fdc, 0x9}], 'M'}, @enum={0xc, 0x2, 0x0, 0x6, 0x4, [{0x10, 0x6}, {0x5, 0x8}]}, @enum={0x2, 0x2, 0x0, 0x6, 0x4, [{0x0, 0x5e4a}, {0x8, 0x8}]}, @const={0xf, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x2e, 0x61, 0x2e, 0x0]}}, &(0x7f0000000c80)=""/4096, 0xa2, 0x1000, 0x0, 0xffffffff, 0x0, @void, @value}, 0x28) (async)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sysnet/ipv4\b\x00\x03\x00\x00\x00\x00\x00\x00\x00ze\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x00'/59}, 0x30) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000010003b0c000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b00010065727370616e000030000280060003000080000006000200b60000000800060000000000040012"], 0x60}, 0x1, 0x0, 0x0, 0x4000014}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0x0, 0x4}, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b40)=@allocspi={0x114, 0x16, 0x51, 0x70bd28, 0x25dfdbfb, {{{@in6=@dev={0xfe, 0x80, '\x00', 0x40}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2, 0x9, 0x4e21, 0x0, 0x0, 0x40, 0x20, 0x33}, {@in6=@dev={0xfe, 0x80, '\x00', 0x3f}, 0x40004d4, 0x32}, @in=@loopback, {0x9, 0x6, 0x1a3c, 0x7fff, 0xb, 0x7, 0x5, 0x5}, {0x1, 0x4, 0x6, 0x7}, {0x80, 0x65f, 0x40}, 0x70bd27, 0x3501, 0xa, 0x2, 0x6, 0x4a}, 0x4, 0x7}, [@replay_esn_val={0x1c, 0x17, {0x0, 0x70bd2d, 0x70bd2a, 0x70bd2c, 0x70bd2d, 0x45597421}}]}, 0x114}, 0x1, 0x0, 0x0, 0x4040000}, 0x20008854)

1.212667651s ago: executing program 3 (id=1541):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff430486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e20004db0"], 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000005c0))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0104000000000000000002000000200004801c0001800900010068617368000000000c000280085ee640000000010900010073797a30000000000900020073797a3200000000050007"], 0x7c}}, 0x0)

1.078399694s ago: executing program 1 (id=1543):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
r2 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r2, 0x110, 0x2, &(0x7f0000000000)='[&!\\@{\x00', 0x7)

1.048518662s ago: executing program 3 (id=1544):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r1)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x4c, r2, 0x201, 0x0, 0x0, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_hsr\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x41}}]}, 0x4c}, 0x8, 0x3000000000002}, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0xa, 0xfffffffd}, 0x8)
connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
r3 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14, 0x800)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0}, &(0x7f00000001c0)=0x14)
shutdown(r0, 0x0)
close(0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r8 = socket(0x10, 0x803, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@getchain={0x2c, 0x66, 0x800, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xfff2, 0x5}, {0xffe0}, {0xa, 0xfff1}}, [{0x8, 0xb, 0x1000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8090}, 0x28000080)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@newtfilter={0x58, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r10, {0xc, 0x4}, {}, {0x3}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x58}}, 0x20040054)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="7c000000010405000000000000000000000000000600064000000000080005400000000005000100010000000a0002000000000000000000080003400000c018060006400000000008000440000000000a000200190ab2ca6d"], 0x7c}}, 0x0)
r11 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000300)={'bond0\x00'})
sendmsg$nl_route_sched(r11, &(0x7f0000002180)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f00000021c0)=@newtaction={0x1e88, 0x30, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [{0x114, 0x1, [@m_mirred={0x110, 0xf, 0x0, 0x0, {{0xb}, {0xa4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xc, 0x0, 0x4, 0x3, 0x8}, 0x1, r4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x800, 0x0, 0xfffffffb, 0x3}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3ff, 0x6, 0x7, 0xfffffff4, 0x2}, 0x3, r4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x1, 0x3, 0xd, 0xf4b1}, 0x4, r4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x5, 0xd, 0x1, 0x5, 0x1c2}, 0x1, r4}}]}, {0x43, 0x6, "dc450d4af0de2070f481be2452698b215f2523d02a0b3fa23d73dec62f4542a8cdb02c67932166f4403ce19685258b87d304fb289701ed4a4b7e02105be33b"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, {0xe8, 0x1, [@m_simple={0xe4, 0x1a, 0x0, 0x0, {{0xb}, {0x80, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xa, 0x3, '\xff\xff\xff\xff\xff\xff'}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x2, 0x3, 0x3, 0xb9c}}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_DATA={0xa, 0x3, '.%,&}\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x5, 0x0, 0x9763, 0x2}}, @TCA_DEF_DATA={0xa, 0x3, '\xff\xff\xff\xff\xff\xff'}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x81, 0x1, 0x10001, 0x7fff}}]}, {0x3b, 0x6, "d4edba269a2f098bf6722a6a5fd94c6be57f97dc4f99922ed84df84612194d92fa4e5646ca963432ad163d19400b5ee55cad401c3f24c9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}, {0x13c, 0x1, [@m_skbmod={0x138, 0x1f, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @remote}]}, {0x100, 0x6, "7325e39838081b970457af227e6b31aca6f0b9d58fd45da27baa64e50a75796c531fe8437df6ff29332ae0b486c733206e56117fe25ecce434d1b979e9860495532e1a1e91ae084aad6f7c6aa1b02c202574575533f51d682b31a213e7b9953444efcc29c28bc961df1c4bdfc535dfce52fed3d71640834640cb4f595ee9a9e4873d5a38c526aef15477df43acc593881b034a63c90c63c40c0c16f029f32a79dbbf2fb797a425e6938c5e1ea6c9e499def4c8359ab4a87d13b03ae108ee54da1a3889a193beead9dbd1741d950225818e88f7140fee94a8dd5a88568e4e1eb1c0a062ad9e1539a2b5a8a3123cd18f2dc64e8760c09a5b1e155e96ae"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, {0x1658, 0x1, [@m_mirred={0xbc, 0x19, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x4cfc2347, 0x7, 0x4, 0xf718}, 0x1, r5}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x2, 0x5c, 0x2, 0x4, 0x3}, 0x1, r4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xfffffffb, 0xfffffff7, 0x4, 0x40, 0x6}, 0x3, r5}}]}, {0x30, 0x6, "dceeed0165c19acf3ce3c3f21bac0350ee337690ac1a824ab2ce7e0b9c1bd44a31c6144ce4db4ecf778992e1"}, {0xc}, {0xc, 0x8, {0x0, 0x7471c114b86aba4e}}}}, @m_ife={0x11c, 0x9, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xa4, 0xc1, 0x7, 0x7ce, 0xffffffff}}}, @TCA_IFE_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @TCA_IFE_DMAC={0xa}, @TCA_IFE_SMAC={0xa, 0x4, @broadcast}, @TCA_IFE_PARMS={0x1c, 0x1, {{0xd22, 0x7, 0x6, 0x8001, 0xc}, 0x1}}]}, {0x96, 0x6, "14ced98b258d74a5147e72915c2db90f5cf89318b21fe4e2e0e6b563ad910bff0b2382d21c14ae26561ca11d415911d984acb3e276bf675c71c292cac63ab826fa37ea7bb2f0645170b05d8ad1836ceaaf7ebdd92ef4e427ffb4042d84ab01661f9642ac9bff3441aa26f99c3e9d6efa29f57a439f2536d894959021b0a8e85be567b3850cfe9c074bd811523e6b285dde23"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x10d8, 0x2, 0x0, 0x0, {{0x9}, {0xac, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xbc, 0x10000000, 0x80000001, 0xc}, 0xf}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x4, 0x7, 0x81, 0x9}, 0x64}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x9, 0x1, 0x5, 0x4}, 0x68}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0xe4, 0x8, 0x5, 0xfff}, 0x16}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4235, 0x2, 0x0, 0xfffffff9}, 0xe}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x401, 0x7, 0x5, 0x2}, 0x6c}}]}, {0x1004, 0x6, "c65582720f914ddbda6a2a0f674b3608394662b3196639788a442786d8ea96a6b56d4616b0d33ea181d80e0cf899d594d3031095680b23c831a6662d85b7f216bd0a90728d1fe7b48146ec9704b5678098bd266d995582d8de7c2ebd7e7e8bb718d060ef43522c7410bf17fde086f3175972d5dc8e83a58ae959ad8116b30861330c11a582fdb0283de5cc8f7e712e587b14b5540d31661cbf14ed61346a8d631804b3afcd2be2f0695ce8db178119e8af3d2c797c91251f4e15fba0dbbe0f40fe6fcf9b089810dd301db89c6990cac55ba98b19b0dc349ca332b06743430fb309ce813cc9d4b5ba9250f337a2601281295cbf3eb6d9ece4b265ca33049d66cbfb444822375f0bc011d3ffd4b1b84cf67d45135ba0037574da8f6e5794134c9c27d0890e4f199b7a23b13ec3c5765891d0abe88ab5d509163616692fbca08230793bb796a166a82b1409b8b96bf1df50f4e1f490963b1d63f28f4775323db2ca1f5abbe0a3c2f19489d4a8fed0d9802a7f23e318599aa23e6ed0d3d484a5e16c950c5620b73b93d242fe59d0a3ad6cd0bc65851104c2a58f3fe12d98439a29f5b3086189febdbb493a5310441f9795df0fc371445240909e377420f0b0387e36c1cfd06092b2141dc0e736ab8987d3df23d4e0eabba1936d78669f8762fe2d3311a0144729614b71aed53a9dfde71843bab633d95dbda16ea5a75c39d00b8d284573d88c6f098340c9d186a1e2b28807c00b2853be6e7aab061ce061e568b7fdee7e42cfab5bc6c16fdf24205c4710f89b927d4916e355cecc3d1245c46d1c089d2ceb020f3d15ad4e9f54ccdd61a18f8e20c0253d1008cbcd5ee9ed9977c0a5a576530322e416f8ce1c9faec16946eb11810ed447dc3a7cd9b05a81e866803698c63a93eb983c24177cddcc6e5939b470a6a2bf2cda03c479a92bdf8796c42adb4cd71230eb7727d62c78324daa1ac1b2d976fbde81959ac668108ec2aa4fadaf6fb2b5977fb4a15e4e710077a350d7a896ab5fe3383dfd766d684d5e91e806ec357962e76cc9d15245f51df99056a948c7f422798f7d0b869b376e078a4b31476d65000440ad0acb8d8373baeaf43c6672ec551e9529d155c472615ff2f386778fa731ecce4caac9bfb94af1b02e13a67997f3acdff769f3204768646bfa1ac71cce471dcc9de71ebf74b5a6d7ef46655d6ba2dbfb21c71218d3586a432c9dd4d743f78449d11a9ecd339ba5e56e3debb8d2f4079759f1873d7433c20d056dbb9a905dede2575d2d177420f841f850e28050ef69f5af723a81ac996cf08ab3ef273d4426d40618cd316397d066e6b90bcfdd6e4e4e4f69b71ea2ab6fff74391c6db91abdd0161e6e6e67e16842d5ced193870c4f39be23723223f5a65810e5e4feb7639a760a7ffcd03d0cfacb62a56c71467d258dfc09b280de39b7228609b2a950f3df34d9b75f96df56069c6a5af4b9b1b84095dee57eeb7e33ac3921b50c37d27f0732b2e9b88c70fbe832d1175a577a62d27f3cc51168471b481fe43fb3bbc0c154f851a53e2ebd444f7cafb4d0faf62c04bf3b428e7bf845c0330035b93eeadbac5f3ceb9998bab60bf24beca8fc2b0166fff4d8377e2f19035de25cbc2e887d4fcd59c9d1ac5dd07bd306a0ff39e3a64143b0239a405c388d1449957dce82602d7ea2fd128f4e89fa0e8018d4af4d7a542e9fd377b71ffc0f900c8b305ed3005365461d8656cc6314b5eb86ba2a4201f6f74cefcec9f05048e9796e950b2673a48b5ed59f4ffe924fdf0d808c86bde33e9e3b832927afc5a2bff53df2448477699db4d2352bb32be3d2e438e328a42f7574ce9f207025a201554a19c9a76e4937f5373d34f0ebf5d6fc10c94cb796b5b74430285721d9cf8dd139be4cd4ba61cf9c518f0a078640ac9ec82c07a8dd3950d203d741769cc4cf9aadf62236fbfb6cb2c906d012eeb330b56f66a7a5930870d53091af0bfa1aa8ff79c27c4f2e17cfb2aabe97f0c821ca317089d65321345c46374de91814c23c75edcdbdce810173de2acfe20ff502107d5baef3e8705e5c4f46b516e5e8b9cc26ab54ef17a6d2c426483da1aa52c4e27dcef7440252da98ad57ce5afa8a8f701a23a7214a8830e34d557a0642e9e89140395beee6fa906953fd98574be96b83d993fca7c9cae3b844b609b58cbf7f2b8878000dcfb2d3c5b8066bf0d7d6232b580b00a69d4361ff8b933d0e88518ee4d6241bac51b3be82f518a97057e6914ee6e2f4c7041b312cc2c42cf8952ed49aef77a6309351dfeecba6030fe8403e6332a87ad5579bbc6e2a89636d21cca36139f5a2b0d4ef3c904b9748f24f459bec516b7b9d7a259a3b23bfe91e2006e34d7a16d319f6b200970b77bb27df0c1040ae7124449715752dadeb767ba65d643eeb2abec8b3fb86c0ae21b94adb54b63510b215ecddc41cbd983adf4ed09cf4ab181354511a180cd1b9fe7fbcd0c35621c4da8a25cc7fa1a7f176287bb8cb056277ba23e005f1c9739471f0ba627b77fddbd6b6297146280f0c500f28a5d5e37a03f167acf4441f1257172dc0d489cf103714a95fe0cf06380cd58dc2bd3aebd816dec62ae99e3a594c7a6206fed89a775e44b926d3c55749e0cbb8f96eea35715b676f7b85e759cf6846ee54a85ad0948f2d69eab40abb7ca39edb2fc3142310476b8ca37a8711313dc9aad393c3cdf8ab53bf491f1d2731c889cb39dd441c98fd1ab7333330dcdf6b4c160bf8ef93b5863863a7d358819de89a82c3ad20b8af08da79cd21d1664831842dec186b2cffece24cf4c3ae67388ab5f1cb398e846ba5765aba80e634f2ee2aeaea49eb44f324da90a47f32e8bf7c77967084f18d88924eb1de4601dce7df3e6040907a077b4f4477f2620665a79e6354ffaf658cf45889c99f9acfa27755c266f5115ea20a2657e17e53c709465b95b8d813996b4dde2e58abb1bb68b390db30884d4cab05fcbd0011b3198188aec680a5f0e66adab0ba339f21632faa47792204e2da6d0e04580e394669a09d8672fc7a142886590d903b389d88d073830f8fb306e63f7c1b481229e6db879cc57ad7322521a8a41cc6ff11fddd9f1c4a71f9231f6f92027bf1e2bc4e655d9fa49845ac39cd8a832c2d68f7f9b3474d43ecaa6b03eb83eb5883b0d169de3f90d294f24eb8bbcd65f48f9221e3ff3fb3cfd3a74011d47bd5d62113d4e01b2158b1d8480af12c38bf0af8f387577fc9f336389e757c95323cfab69249f3bc2e8ad355ba069df4b8f3a50d0d2bede8c714c957ae2f53659b9ca76e76a764b78d3ab135103791050aba1e7aa8fc965f98c244db51899c69ba30286954242b5363592ab856e85352af23c0209e05037c8c16f99e80e32167e345b167e4a5e649733bfb57a2c8d9c65470006c04037e657bf8b5b432d103e338bd6db6ef1c08a3c1dd4910d14deef1bf565be273fbc82034d3172781d60bc09806e9d6edd3d7542780e8036a680d54e1ee6aea6d68a4a835c5e592eded0609611ab095171d01b52feaec1e1b6e7f27fccb56e4262a587a107d5a7c67851186b478b9b4d9b13e0a31073c9b0d85852d6c78f08e554704bcfa8da4c8e340fa85e2bef76ea0c7dfd91db18eb9fb4c9535453b167383b41a59055f0f0141d272caf4a5d5f202d0da552152cabb23e7bed7d041120128f78d98a97b649b205a22d6f92f94ae1f272f7e1f1539da4bd67b29f14c7ed9489b25083a42988af8e6625bcdfe683812010b68242b794d9d2f49ad5c3ccf7a077e7588c0c9fe624db3277bd17ac7e2ea57ca87abd78d6e8d456a6f3017ecc562a1d7705651b879981e9a99f7bb145bf3261549a8e39a98cc72bc759a48c11c750e3706ff6ffa0b074d427a63e6467823b3d14445bb37e20d01168c636eaaecceb4a5d228b3f97cd22254bfa31713680e0d06e017d5f832af8da6ba2ad03fb8c5d68fde277c7935be2cf51830e86ad24aa4ac615c9f26e9741c0e84080eeb5f659a7a2626609e3924fe3819209dbec644ec935aead7f3014ffa8e3f30e9346813e6d01a08f12671fb34bb39ada76326d60912aef15b54ada511865b950427883676a7f872554dd850c76cad65eb0311223c5854920e97529096db1b4e730c7563ffead37ced83277df194e54904aa45226b3502c271fe0e9adfb83135eff570de81b76349f0b2dff729af249f588141ea8ef43aca80090e61ec7149bdb7dbb260f6a2a260a2821a7cedd9a0ba4cb0a5c25b57aa42fac69cd3e11396ea63524b7ca2194d3cfa706ab311e54e4ad0259a08d75767af71c4cbc9c0131315fefa8664d62d3bb32ffd7908ba4d3ec013a62c8c9c2ab75f107fe49dcc81d6069ad2d73bee4ce127423113d77b266f9fb9a3037d674faa11137fb9a7a42534e47782e5f19c67a3d744535b87618042b8e99d0e1a52f10121448c33f7816128b29e35b86edbc60d3c952437eda096681a8d72c84f154fc4aa010f4824e6fdb1e97c5e87c53d955db3a10fd9250360cfc024660f463e550b2546a8a60e3bc965265c06d33daf04df7e270d1f68bdb5b160ca9e14980d00d67883cafdb67253a0711d32c9dc10962f7d620a02f5c3473f4825f0eeb46c5fc6cdd9ef204ac59b36dc89c6b82337e41873405c144ffa5de511b2453ca34729c424ca69fdb01d8015663696873bdf48aeb867eb5dea645a0bce2a5aedac7920d61e4ec7c9ebc42fe88781301c3bc3a32a26591b8731df46e4bc4d13f68a0c33929d5f243e15ed0889de4aa572b72339785e0a8f51dcfb63c94cf7e090f2f77c7e79cf7702e92e1baa13f7a263e4a930197d9b794b5fec9991101c70805d1a3c22ac627f9853fc249f7706edd862ca3c7625483b33465cff1d4fa743a27459978034a7a35fd3b44391b9f58c79f616585dfd4bb8a4dbca75770c8983dcdc4f5ef53bd2d4b331ef184bb68852d48a3f06722cc65b1bc52320b98c742e54053464293e15b49b99d1df96b2559a53ee9e3fdbb450016c11dfabe53a87cfe823593aa78a724ff6f3082c92d5062224bd5aab73b5d6aa602760421f6ee8788016301a122fc2764c495cad17c3aaddbae44e1b8078a06844b7c565ea343826f278936ee524edf6ef68457631470e988f98a35a6f8d0dcad84ffa3c525903e4ad490f8ae9e922d65911f00f79c8467e4466203230ad76497fbd366ddcbdb9242e000f608f29fc7f1717e1c2a02ce3f3ab6fa9fc6465de7557147a6bc3591b096a3fb1754d89a402e2d86c91e495d18c343fdbfd6fc588032bc053f6fb7a5703a6cbe71779a18a7eaf263df327154242f1b7a25d9a8b5f0ac253c75832d92850a2eada04b1743c0e8001c2d40935ebfcf4919b9218cb4deeda9ffaa0a0ba1964e09143aa64225df710a8da44d142415b0c982839b9ce9791b8b3a8ba8c5d731bbb32bd3124f680d361d37a00b43ca0b25490ac5f987439c46b10919bf63cb39891264315e85968c0b30a52fc4274fbf04a2a5cabe225810145e9c62a88e38d4b3bd7c1687e3af60b7af5d010a389f08b208d91bd4250d57fc1bd6cfbdea322332abe87f6507f75403544ed1ff55dedd65ff2a33987e84584b1f75ec57fed3fd97eb8a23b99c3891c8a451c034a0dfe8dc18d7929d35718f5dede3b36dddc75627f2cbc5a763f3c8bec5adbfe09f31cbae850fc0195151bd5de9cc0cf044485c39f0cf4c509fc0bf75dbe7767d038c600b36c265029f9af7055dd01e024b1798e704d291cc6bf6fadc28ee28b5a9546925bf6e9a0a7b0db01d2db1e51515bc51d385c"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_csum={0xd8, 0x1b, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x7ad9, 0x20000000, 0x8, 0x6}, 0x7e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x6, 0x5, 0x3, 0xffffff00}, 0x3b}}]}, {0x71, 0x6, "8f0d8d86ce72211211c9a78d616c85816e5d4df2acd7d0176213f52e7107ceedb5fe245abac99f5eed08ed88bb4823c7b8bbc3174bbbf7b08b2a929432edbf5f60fbe73831324808582ae772620cd82a3bc0eb41304065e173d9cdfc9148c26ee575f63eaece4b4a98e14fc39a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_mpls={0xec, 0xd, 0x0, 0x0, {{0x9}, {0x68, 0x2, 0x0, 0x1, [@TCA_MPLS_TC={0x5, 0x6, 0x3}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PROTO={0x6, 0x4, 0x6000}, @TCA_MPLS_LABEL={0x8, 0x5, 0xe8cd9}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0xfffffa57, 0x2, 0x6, 0x13, 0xc4}, 0x1}}, @TCA_MPLS_LABEL={0x8, 0x5, 0xf028e}, @TCA_MPLS_BOS={0x5}, @TCA_MPLS_LABEL={0x8, 0x5, 0x5590a}, @TCA_MPLS_PROTO={0x6, 0x4, 0x6003}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8863}]}, {0x5b, 0x6, "3c9525f74dd9133a688e5ab3e875ef2e74cacb59205785785096af6c7d2dbeff3542bc15a999773d5e3038746f1646294b85de4e3ac1b6ead484a11cb404fca728db7449bf7902beb98fb5cbf2c3db7084f84cc1eb58bd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_csum={0xf0, 0x1a, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x6, 0x10000000, 0x3, 0x3358}, 0x41}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x8, 0x5, 0x7, 0x5}, 0x1e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x3, 0x8, 0x7, 0x8}, 0x4b}}]}, {0x6e, 0x6, "73330c22857a4de2582869a7e53116e5e2902c14b1f9be7a64e20c7a5f7a0a3e0d99f78954dafd6fff525705a1543725b9a90d96ea9a8ae86a9ee88eac53a3033d97db926cd50933d8fce64d49a9167182299639c23c6b50d3d61ca2aafa64cbaa5d39f6701ca6225c39"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_csum={0x64, 0x14, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x5, 0x856ed7e5c3ecc49c, 0x2, 0x4}, 0x5d}}]}, {0x19, 0x6, "594ebce6acb2aba7501215e265bc7ff66b38660306"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ife={0x8c, 0x1a, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x8001}]}, {0x5c, 0x6, "33ee4fbec9142325a129ac3d98c6fab7fb75eb01cb8e15b8de54effb70b19459e6086a949308e1976d2278c1b65f8d4f2d4597af67628d320dfcb16eae174e8e879b4fa6b86131cf8b20ea933f74299317c8a11e72f2e9e5"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}, {0x4e4, 0x1, [@m_connmark={0x178, 0x3, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x401, 0x8, 0x20000002, 0x3ff, 0x9}, 0xffa}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0xe, 0x8, 0x1ff, 0xe}}}]}, {0x10d, 0x6, "94dd9bb1d8aa2e6fc8302de13c3c378d22cca339f5bb29257c9af58e275381f950a14861127dd14260732793f047e42fb4ed6211689e501c5f19cda64e731e2d6c45e810758cd91d74f3df49e8193bde0441dc7abbc58debf5c28212c97b27f0d8d009736423e194feda2cff874516b389c5dc9049965ef72c37fd7e6d1438a071caf88a3a6303d78165ad63b204d4cb496e37d2ae815091501be4d16d4324dfd1db87bfb5283f62f0c51fae51054357b6e795207eea96e284d7de854d59b0b00093008566b410ffdc6143ef06a6d834697f472e125c515bf9f0797bba419a00966c99ae865581cda22f709d418556a3d48ed4c9034c1ed961a4b886b516174bdbcbd51fea28f70d16"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_csum={0x168, 0x10, 0x0, 0x0, {{0x9}, {0xe4, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x140000, 0x0, 0x6, 0x400, 0x5}, 0x5e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x6ddc, 0xfffffffd, 0x20000000, 0x20b21e0, 0x3c}, 0x61}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x5, 0x8, 0x4, 0x9}, 0x12}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x800, 0x2, 0x7, 0x2, 0x81}, 0x70}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x4, 0x10000000, 0x4, 0x10001}, 0x61}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x287, 0x4e7, 0xffffffffffffffff, 0x6, 0x3}, 0x26}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x80, 0x81, 0x0, 0xb, 0x8}, 0xfffffffe}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xed, 0x7, 0x8, 0x11, 0xfffffffc}, 0x1e}}]}, {0x59, 0x6, "2dc35a57ec79d3ccb83a2232c5305d5aac6cc4fffd725a0978cc531ec6e87a0e23a7d306b8cc2abe531c0a1233108bcd3d6d128682481897f863b847d267685fa7ada7fa9eaab0a5c16a831239c973f0348d3ef5a7"}, {0xc}, {0xc}}}, @m_ctinfo={0x98, 0x9, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0xc5bf}]}, {0x64, 0x6, "3252a30abd8b8602ccfa7f3ea3a87cb7a408805f8d9291291b6c95cb736d44e81bede007f4699deed36ad2f76dc033c149b17d7a4491f6d13f92361147af452eb59ca5b5010e47599b5e7232ebf3446384b41a5e5d0144a63b986ca63f760f03"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_xt={0x168, 0x3, 0x0, 0x0, {{0x7}, {0xdc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x3}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TARG={0x93, 0x6, {0x1, 'raw\x00', 0x10, 0x200, "4658ef827077542a316c2f9fcdb3187a054e8c333a3b0f074f4c0c89b6ee09817ddc212884b315a2baef08d5bfa77633e8ead1506942e0d35aafc9f92222bdffb9a969a4377423f09874402fcba439438075cfa28bd1e2ae12b5085a15bb729eb985f7b2b8ae591a20"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x66, 0x6, "b5cd07d2e2cfda53e31a7748f540f69d0726920680a47460cfe42cf0d396a965c70d77cef84d602818a99763e2565bd857270c972feda412fa010365d8ce8980776c33832a6dce12ddd72158a1df666c6c8d37c6aa42e0fd44bb37d24e46116bc7da"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x1e88}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000)

1.045049397s ago: executing program 4 (id=1545):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000400), 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
unshare(0x20000400)
write(0xffffffffffffffff, 0x0, 0x0) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca0200000000000000adcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d070490893616810a121ff4feedd1d176b313b9fc7bf31ddff431a4a50760ce18a76c4b7aa73cec3eec984c76d16f798c436410f3f4a41715e736a132c3cb9421be0b3c2bd40b75896c007fa2d47e3d8392d905d582b8eff689b0f493770c91e8c2e8bd0b08ffa4fd0289b04b0ea024768d196ef721314d68d29988b01871c6ea39f95a0b77744caadd24867acab274e8e4bf3fb44df31e15ffdce52f9f60ffe"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r2, r3, 0x2f, 0x18, 0x4, @void, @value}, 0x20)

1.01866606s ago: executing program 2 (id=1546):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000d71220000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.01778089s ago: executing program 0 (id=1547):
r0 = socket$inet6(0xa, 0x4, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="38000000010201010000000000000000020000022400018014000180080001000000000000000000e0000080050001"], 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449", 0x80)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r0}, 0x8)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000180)={0x40, r4, 0x1, 0x0, 0x2, {{0x2}, {@void, @val={0xc, 0x99, {0x9, 0x75}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x2b}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000027010000000000000000000018140000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000005a000000bca9000000000000350901000700000095000000000000003e9800000020000026080000000000008500000007000000b70000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r5, &(0x7f00000000c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40)

905.624551ms ago: executing program 1 (id=1548):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6tnl0\x00', @random="0600002000"}) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x30}}, 0x0) (async)
sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r2, 0x2, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xaad4, 0x5f}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xc}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x64}, 0x1, 0x0, 0x0, 0x8010}, 0x4000)

794.424304ms ago: executing program 2 (id=1549):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28)
sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x4, 0x4)

794.048978ms ago: executing program 4 (id=1550):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10)
writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000140)="7d635be376966aa23cfc4326e3ec1cfbdc59546c1f6a824fd5c22c9287efe60a8187d80d24697f9412ce876939dc6ba8205ddf8f7fe084847e8a0c4d5d905eee70ba55177b18057848dd446153fc22335ba58b71492b38144afea1fd", 0x5c}, {&(0x7f0000000240)="140e0461a003a2a45602f4b643bc505609592abe7b485d8694f1b1b5df8c729dcc78119795adad613ac7cb15b88e68ba5239533a1a991aef6bc9e544c1e06809d0b3dabdac63dba2444885327206a72d129cc709a1ee1af94ddb8a227e035f3b01d118c2881a2454dc529ba70ae77cc4668fd0058eb91e92e3e9acc072fda49366b2ed11831e33835b50b33e17ad4e3c725905d22f1d742cba3c9f8e39c57f0ab1c56ee27624729e36f0a222a7eab5f49325dc7e8a716f4b0c348ae2ff8b8ded5893a3ac6573ed4940ca64969c3860c1868c62b7501fc4f6aa68de31f68a81436c", 0xe1}, {&(0x7f0000000480)="dd6d3a43d38184fb3ea55df6cfa573c4050bbdb3d391378ed412d5ba37d49e3ef4075f00f9030f7c7c77ef08b05a84975ca9b77a53285a6fbbeff70331a12d1cb70efe186bedbe928ed8b0dd3888d35b9c6270f98bb7b068a74106cd4ad6080d11e741cd9d88f9be799df06a9f987839961cce61c189d4325eed5e82b4095373", 0x80}], 0x3)
sendmsg$can_bcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r1, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}, 0x0)
r4 = accept$packet(0xffffffffffffffff, 0x0, 0x0)
sendto$packet(r4, &(0x7f0000005440)="4b2e89250e7fbce37c0fe3a2f133cc892afa446d7fd2215786325c3f7d93946747128e1ecd24a2aab6ddb9880ce2db95b12fb4eba97dbe60eb497c1705cf293d8ec193177277f9a5528ffaff8f316f96d65f4677bfd6f87c4b0d30d5c6d230e07c67d876c8225357456ef21db22f630724db15e90abecde5b0fbb6699b7f8160253210056cbd3bc6ad0d53b288738481955377f7780f95d1397f37", 0x9b, 0x4004000, &(0x7f0000000640)={0x11, 0x9, r3, 0x1, 0xf0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x8)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000080), 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x80)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
recvmmsg(r1, &(0x7f0000005200)=[{{&(0x7f0000000340)=@isdn, 0x80, &(0x7f0000000980)=[{&(0x7f0000000440)=""/49, 0x31}, {&(0x7f0000000500)=""/22, 0x16}, {&(0x7f0000000680)=""/121, 0x79}, {&(0x7f0000000700)=""/166, 0xa6}, {&(0x7f00000007c0)=""/130, 0x82}, {&(0x7f0000000540)=""/37, 0x25}, {&(0x7f0000000880)=""/33, 0x21}, {&(0x7f00000008c0)=""/177, 0xb1}], 0x8, &(0x7f0000000a00)=""/49, 0x31}, 0x6}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000a40)=""/16, 0x10}, {&(0x7f0000000a80)=""/252, 0xfc}], 0x2, &(0x7f0000000bc0)=""/68, 0x44}}, {{&(0x7f0000000c40)=@qipcrtr, 0x80, &(0x7f0000001040)=[{&(0x7f0000000cc0)=""/28, 0x1c}, {&(0x7f0000000d00)=""/121, 0x79}, {&(0x7f0000000d80)=""/192, 0xc0}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000000e40)=""/51, 0x33}, {&(0x7f0000000e80)=""/226, 0xe2}, {&(0x7f0000000f80)=""/185, 0xb9}], 0x7, &(0x7f00000010c0)=""/160, 0xa0}}, {{&(0x7f0000001180)=@qipcrtr, 0x80, &(0x7f00000037c0)=[{&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000001200)=""/130, 0x82}, {&(0x7f0000003300)=""/201, 0xc9}, {&(0x7f0000003400)=""/135, 0x87}, {&(0x7f00000034c0)=""/200, 0xc8}, {&(0x7f00000035c0)=""/251, 0xfb}, {&(0x7f00000036c0)=""/213, 0xd5}], 0x7, &(0x7f0000003840)=""/85, 0x55}, 0x7}, {{&(0x7f00000038c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003e00)=[{&(0x7f0000003940)=""/152, 0x98}, {&(0x7f0000003a00)=""/177, 0xb1}, {&(0x7f0000003ac0)=""/200, 0xc8}, {&(0x7f0000003bc0)=""/22, 0x16}, {&(0x7f0000003c00)=""/70, 0x46}, {&(0x7f0000003c80)=""/174, 0xae}, {&(0x7f0000003d40)=""/162, 0xa2}], 0x7, &(0x7f0000003e80)=""/35, 0x23}, 0x7}, {{0x0, 0x0, &(0x7f0000004fc0)=[{&(0x7f0000003ec0)=""/4096, 0x1000}, {&(0x7f0000004ec0)=""/78, 0x4e}, {&(0x7f0000004f40)=""/68, 0x44}], 0x3, &(0x7f0000005000)=""/208, 0xd0}, 0x5d}, {{0x0, 0x0, &(0x7f0000005140)=[{&(0x7f0000005100)=""/6, 0x6}], 0x1, &(0x7f0000005180)=""/88, 0x58}}], 0x7, 0x141, &(0x7f0000005400))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket(0x23, 0x5, 0x0)
getsockopt$nfc_llcp(r7, 0x113, 0x2, 0x0, 0x20000024)
r8 = socket(0x10, 0x803, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x78, 0x2c, 0xd27, 0x709d2c, 0x2, {0x0, 0x0, 0x0, r12, {0x0, 0x6}, {}, {0xa, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x30, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}, @TCA_FLOWER_KEY_ARP_SIP_MASK={0x8, 0x3a, 0xff}, @TCA_FLOWER_KEY_IPV4_SRC_MASK={0x8, 0xb, 0xffffffff}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0xff, 0x0, 0xff, 0x0, 0xff]}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x3}}, @TCA_RATE={0x6, 0x5, {0x2, 0x3}}, @TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x78}, 0x1, 0x0, 0x0, 0x8}, 0x0)
shutdown(r6, 0x1)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="1e", 0x1}], 0x1)

726.257329ms ago: executing program 1 (id=1551):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}}, 0x3000000)

686.323887ms ago: executing program 2 (id=1552):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@multicast2, @in=@empty, 0x0, 0xfffd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x88}, {0x0, 0x0, 0x5, 0x8000000000}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0xa, @in=@multicast1, 0x0, 0x0, 0x0, 0xff}}, 0xe8)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e20"], 0x0)

630.337636ms ago: executing program 0 (id=1553):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000cc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)="75c1cc54649640be1983f79c5bfe88cd6a6afd5570ab59578db363f4892559f334d436138406b699de69db13fd737428808940bcd0840dc930c81a8bd8b665cd232c5831977dd63ce2c88d43b17760a6e0df533940a702485bb198e47be60c4fe6987e", 0x63}, {&(0x7f0000000640)="b0fef28adda655a00a8ce0bb7d504206000000000000001abe0a88f67472c3cd975c9884ae01084df2b7f556e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab1fe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f7094ca640633ba7e0793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c898340102268c474bf8b7db27c8787b34cae8a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b033a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf57774d08003f5524409672b4f35409a8720dc2b78f83198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4c79ff80f6938e0560d9d8e925bdc4fffffffffffffff8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9978bdea38cb1ba1ee447b5bfd5b9d3711b3ea5c6361a97d4d46b8b406091be9433f950613083805aa4ae31e3aef57eb8d299548df54dffb7c4af7f00a869c6bdbc6c2bd1a83262981638ae365b2611d2b50c5f000000d620e2a52db4283dc9", 0x21d}, {&(0x7f0000000f00)="1b3b351333f3a3b13679144b7cd8a483d6dbc75ded5829aceff163e19496e9ba6875841285b877fac97b183e950017761d4433127df4ffeab47d3545970ac2571b8775e05a2ec30dbc2154f17ddb1de319411d093471a30c77ca0d06", 0x5c}], 0x3}, 0x0)
recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000026c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r5, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x4000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000340)=@abs, 0x6e, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/198, 0xc6}, {&(0x7f00000004c0)=""/93, 0x5d}, {&(0x7f0000000540)=""/254, 0xfe}, {&(0x7f0000000880)=""/173, 0xad}, {&(0x7f0000002d00)=""/4096, 0x1000}, {&(0x7f00000001c0)}, {&(0x7f0000000280)=""/62, 0x3e}, {&(0x7f0000000940)=""/102, 0x66}], 0x8, &(0x7f0000000a40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x48}, 0x2000)
close(r2)

569.464866ms ago: executing program 2 (id=1554):
mmap(&(0x7f00002a1000/0x4000)=nil, 0x4000, 0x3, 0x30, 0xffffffffffffffff, 0x800000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x7ee, 0x401, 0x2, 0x200c0, r0, 0x75, '\x00', r1, 0xffffffffffffffff, 0x4, 0x4, 0x3, 0x4, @void, @value, @void, @value}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket$kcm(0x29, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7020000c3000000bf230000000000002703000000fefeff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400011000000404000001007d60b7030000000000006a0a00fe800000008500000026000000b7000000000000009500001000000000acaa8e53a53cb864c300094c07000000000000d94cf0987b00a749a8e53b5c9491cd1f2b94a64f1de23d03a8f0362ebfc44c77511e60070e25510070f7778d3e77ad85319f0113abbac795f8c24abca246150226eb93fe39233add8f68f87699162334343befce832cb8075c5f0ae30cde221371ff00000067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f04485a9f8c8e49d00000097184c8e9d34b1e382b25e9614634e8e09194f7b83138f5275d9ab463797a2f6dcb45d5f278cd4fb74559575da3560c01cdf1eaa3fc72a694efc62f9ef9c8c0ea1efa5b949ce22827f6fd1dfc69d03482d8ec20bc22573f8594b91781cd8ff7f000000000000299ebf94588e60abe9a565c5bbdc0358226f8580dc1a83c6a44408de23475a74ef0deda8da4089269ccb4e728dee6320444576c87cc576291e5367a5f1a5d5a12f8313ffff0b7f73335279aa2b68c9f045831119881764c71bb65b5138c50e06024e80fd9656bc077e4e259695748989335ba9eeef288de73815f20fefd4acfb6813ffff00000b971aec1a3e618a08a94ecbd401c8109c87ee3f5c0501857538d2a766bfcf4128fbe726903aca577aa8943af747760718dee5a21396dce6f61c6f3c7e000000cb0868b48719e47296f2299df3ecfb5f3f0e42f6f1eb1dc64dcc8e397366d12033f6288edbda3b838100000000000000000000800000edd4e1266dc9d73223fe614f025a7f284de76b3b676a13c57a0ed24f6270c4cbbf93472eb8093d8296c68dfbb03ddedc3e029b08959b145a7b110068ba071e75d75716243052ad24b624fddc2f0f3a018c0085c2319c248d643cd09fa855b20a6d453f2e954ff0e55c010000008547c5a0ecefcc44cc9532f729167f215937357a4bb9746193c1ec000000000000dd43c108c2109d221b7b26b7c9c209000005b7918a6cd856b8fa806c85480443159c6bed51a0e021f05f7caa1b99cdb4d08d9031210ac00e67d8c40a18503cb7aabcc066dfbfd7f87abe1122f00e5454bec3563a19582e0000000000000000000000000084b27fc6a3f95bf02b4eb5f1599dd46edcad432cc216316fe07afe27649c89cf022a90d895a2d70fcde7a9c37ede0c47c27f44595ab4b1fb1ed5b1d91314b2d50f94a768fb605679485041a6376b8344a39af68aed2be39794dd86ae82f9660cf4f935255d71f9fab2e430ac42bba1f54141cf39d4d50c4ded504beacb0de210d7a3716dca7362c134b91cef3efc514fbcb4747e6814ac16449ac02a43d9d4151697b4b7890ec6b481c5f0ca8c52a6322f34a796fa5941d23409ecf73458223baaffb94a89ee2884df000000000000009370d8dacf8b3ff404971100"/1111], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x36, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
pipe(&(0x7f0000000200)={<r7=>0xffffffffffffffff})
r8 = socket(0x10, 0x3, 0x6)
r9 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x0)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r11, 0x400454ca, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e20, 0x8, @rand_addr=' \x01\x00', 0x1}, 0x1c)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000100)={0xffffffffffffffff, r7})
openat$cgroup_ro(r7, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0)

554.009123ms ago: executing program 1 (id=1555):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0x1c}}, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd0, &(0x7f00000008c0)=0x8, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000300)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x48}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000100)={&(0x7f0000001300)={0x20, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000810}, 0x20000000)
setsockopt(0xffffffffffffffff, 0x10d, 0x800000000d, &(0x7f0000000200)="3b6080", 0x3)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000069119500000000001800000000000000000000000000000095"], &(0x7f00000012c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$isdn(0x22, 0x2, 0x26)
close(0x3)
getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, 0x0, &(0x7f0000000000))
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000001380)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)={0x1c, r5, 0x801, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc091}, 0x0)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000140))
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46e8953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000000003626165866c154e2514890000b515a1000000000000000eb2e9c15b6c8f6198282d0086fa0000c2ccf3f6d69cfcf1e15ea7a9e57aee78e12ace55736fa42811654e19a7e9b531636794a718b4766d744263b6681da2b2204d848619a3eb62e77460c048df8e72bfe31438163ec4270439b350274e5aa941bfc32ce08e3790dfb0c59bbe45cd27264669c187eed6d67b3be191137814bcb226b2078a1bc45502705d538d8723113445b08b0ac8dc2dfa17fd79ed5fd33b14b0adabf72df024dcde1ef330b927ce1a80474ce4f99a292c71456ec1abbfbb61dc9f0f71395a1751d35fa1"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket(0x40000000015, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)

506.122245ms ago: executing program 3 (id=1556):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000140)={@initdev, @multicast2, <r2=>0x0}, &(0x7f0000000180)=0xc)
sendmsg$nl_route(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000006a20010000000000fedbdf250a0000000000000008000100ffffffff080005008e43e0e10fdc56fc1aaef9858e208a864de97678ad6c379340c41a8aeac1700c5c61527aaf10549093b57e9dd52d48ac3cf5fa9a4d29f6ca5d7f7e49053354db2d90b2c31c1e907d9c470e63497909b4978e9789fa09bc7459889597d623c755998b3c80fdb16e1292a8d00c1ac55d09d7602ae956146ae5f79a9fd02c48e9b8d3645eadbb2f199bfb10a183d8", @ANYRES32=r2, @ANYBLOB="08000500", @ANYRES32=r2, @ANYBLOB], 0x30}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010000504000000000000000071c62df0", @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c000280050015000100000005000100040000000500160002000000"], 0x4c}}, 0x0)
r3 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x7c, 0x2c, 0xd27, 0x2, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x48, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x44, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xffffff7f}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x15}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x20, 0x1, 0xd}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000001}]}]}]}}]}, 0x7c}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SIGNAL_INFO(r6, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x10, 0x3f2, 0x100, 0x70bd27, 0x25dfdbfe, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20004085}, 0x4000010)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r7, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4)
getsockopt$SO_TIMESTAMP(r7, 0x1, 0x3f, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000140)={@initdev, @multicast2}, &(0x7f0000000180)=0xc) (async)
sendmsg$nl_route(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000006a20010000000000fedbdf250a0000000000000008000100ffffffff080005008e43e0e10fdc56fc1aaef9858e208a864de97678ad6c379340c41a8aeac1700c5c61527aaf10549093b57e9dd52d48ac3cf5fa9a4d29f6ca5d7f7e49053354db2d90b2c31c1e907d9c470e63497909b4978e9789fa09bc7459889597d623c755998b3c80fdb16e1292a8d00c1ac55d09d7602ae956146ae5f79a9fd02c48e9b8d3645eadbb2f199bfb10a183d8", @ANYRES32=r2, @ANYBLOB="08000500", @ANYRES32=r2, @ANYBLOB], 0x30}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010000504000000000000000071c62df0", @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c000280050015000100000005000100040000000500160002000000"], 0x4c}}, 0x0) (async)
socket(0x2a, 0x2, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) (async)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x7c, 0x2c, 0xd27, 0x2, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x48, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x44, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xffffff7f}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x15}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x20, 0x1, 0xd}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000001}]}]}]}}]}, 0x7c}}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
socket$nl_audit(0x10, 0x3, 0x9) (async)
sendmsg$AUDIT_SIGNAL_INFO(r6, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x10, 0x3f2, 0x100, 0x70bd27, 0x25dfdbfe, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20004085}, 0x4000010) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async)
setsockopt$SO_TIMESTAMP(r7, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4) (async)
getsockopt$SO_TIMESTAMP(r7, 0x1, 0x3f, 0x0, &(0x7f0000000080)) (async)

500.694447ms ago: executing program 0 (id=1557):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00ac82000000001600"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x2f, 0x10, 0x3c, &(0x7f0000000580)="0000ffffffffa000", &(0x7f0000000540)=""/23, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r5, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r5, @ANYBLOB="000028bd7000fddbdf25080000000c0001800800060009000000080004000900000024000180080006001600000008000300ac1414aa080006000400000008000300ac1414aa080004009a7af7ca68ca7a48050002001000000008000300e0000002140004000000000000000000000000000000000014000400fc000000000000000000000000000001060005004e2400000800040080050000080003000200000086ae8763773605873adc737756c5787f5535e3e0693002b77d10133a8a999c807bc4b0ff2ade1e295c0115e8131d09c69dba0826d721a3988b803976621bfa91dae7813547b29ef6133b7a8533c710013a014c4b4f3c998d77f62c130ac88d538fa37c802cfda3e9c8a5102c0b"], 0xa8}, 0x1, 0x0, 0x0, 0x4000044}, 0x48080)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r7, 0x401054d5, &(0x7f0000000a80)={0x1, &(0x7f0000000000)=[{0x61, 0x0, 0x0, 0x100000}]})
ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000300)={'veth0_to_team\x00', @remote})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00/', @ANYRES16=r6, @ANYBLOB="0100feffffff000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="0c009900060000003400000004008e00"], 0x2c}}, 0x0)

449.877562ms ago: executing program 4 (id=1558):
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001500e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00603000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000007000000000000000d000000000000000815d6d6d945864789285d00000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000003000000000000009748b40000"], 0xb8}}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0xfffc, @empty}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
getsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

353.005123ms ago: executing program 0 (id=1559):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000940)=ANY=[@ANYBLOB="1c0000f5000002000000000000006000000003"], 0x386)

322.420512ms ago: executing program 4 (id=1560):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711213000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

267.697411ms ago: executing program 3 (id=1561):
syz_80211_inject_frame(0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0) (async)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x10)

178.457385ms ago: executing program 4 (id=1562):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28)
sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x4, 0x4)

140.810259ms ago: executing program 4 (id=1563):
syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=ANY=[], 0xb5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
socket$kcm(0x2, 0xa, 0x2)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ce2a4fa77baa108b"}}, 0x48}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r4}, 0x10)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c65723000000008000008000500070000000a0018000303030303030000"], 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

0s ago: executing program 2 (id=1564):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000100)={0x2, 0x1, 0x0, 0x9, 0x2}, 0x10}}, 0x40080)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f00000000c0)=ANY=[@ANYRES32=r2])
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@ipv6_delrule={0x4c, 0x21, 0x1, 0x70bd2a, 0x25dfdbff, {0xa, 0x80, 0x20, 0xe8, 0x5, 0x0, 0x0, 0x5, 0x2}, [@FRA_DST={0x14, 0x1, @local}, @FRA_SRC={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, @FIB_RULE_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e24, 0x4e21}}]}, 0x4c}}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x24000801, &(0x7f00000000c0)={0x11, 0x4, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

kernel console output (not intermixed with test programs):

 L4 protocol and not use inversions on it
[   80.367750][ T6225] x_tables: duplicate entry at hook 2
[   81.487530][    C1] vcan0: j1939_tp_rxtimer: 0xffff888032509000: rx timeout, send abort
[   81.495911][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888032509000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[   81.846068][  T941] cfg80211: failed to load regulatory.db
[   81.959274][ T6338] team0: No ports can be present during mode change
[   81.978547][ T6338] xt_addrtype: ipv6 BLACKHOLE matching not supported
[   83.049426][ T6380] bridge_slave_1: left allmulticast mode
[   83.066742][ T6380] bridge_slave_1: left promiscuous mode
[   83.085410][ T6380] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.127991][ T6380] bridge_slave_0: left allmulticast mode
[   83.133698][ T6380] bridge_slave_0: left promiscuous mode
[   83.149373][ T6380] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.362940][ T6392] openvswitch: netlink: Missing key (keys=40, expected=80)
[   83.410961][ T6394] netlink: 'syz.0.140': attribute type 2 has an invalid length.
[   83.695658][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880243e5c00: rx timeout, send abort
[   83.704172][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880243e5c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[   84.315400][ T6428] __nla_validate_parse: 26 callbacks suppressed
[   84.315419][ T6428] netlink: 104 bytes leftover after parsing attributes in process `syz.2.154'.
[   84.581785][ T6400] x_tables: duplicate entry at hook 2
[   84.638944][ T6442] netlink: 20 bytes leftover after parsing attributes in process `syz.3.158'.
[   84.666084][ T6442] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   84.728011][ T5883] IPVS: starting estimator thread 0...
[   84.737514][ T6442] netlink: 'syz.3.158': attribute type 3 has an invalid length.
[   84.826509][ T6449] IPVS: using max 21 ests per chain, 50400 per kthread
[   84.843157][ T6452] tipc: Started in network mode
[   84.857779][ T6452] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711
[   84.927097][ T6452] tipc: Enabled bearer <udp:syz1>, priority 10
[   85.099298][ T6462] netlink: 36 bytes leftover after parsing attributes in process `syz.2.160'.
[   85.400028][ T6470] netlink: 12 bytes leftover after parsing attributes in process `syz.0.165'.
[   85.717669][ T6474] netlink: 104 bytes leftover after parsing attributes in process `syz.0.167'.
[   85.871840][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805fb84400: rx timeout, send abort
[   85.880234][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805fb84400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[   85.917333][   T51] tipc: Node number set to 4269801642
[   86.125614][ T6492] netlink: 16 bytes leftover after parsing attributes in process `syz.2.175'.
[   86.146727][ T6492] netlink: 28 bytes leftover after parsing attributes in process `syz.2.175'.
[   86.203238][ T6496] netlink: 12 bytes leftover after parsing attributes in process `syz.4.176'.
[   86.543833][ T6512] netlink: 104 bytes leftover after parsing attributes in process `syz.1.179'.
[   86.918805][ T6519] netlink: 'syz.4.182': attribute type 1 has an invalid length.
[   86.936851][ T6519] netlink: 224 bytes leftover after parsing attributes in process `syz.4.182'.
[   87.496201][ T6536] netlink: 'syz.2.188': attribute type 12 has an invalid length.
[   87.560461][ T6536] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.909260][ T6540] netlink: 'syz.2.188': attribute type 12 has an invalid length.
[   88.211230][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880243cf800: rx timeout, send abort
[   88.220368][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880243cf800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[   88.898124][ T6562] netlink: 'syz.1.195': attribute type 1 has an invalid length.
[   88.917725][ T6562] bond1: entered promiscuous mode
[   88.922818][ T6562] bond1: entered allmulticast mode
[   89.068401][ T5990] IPVS: starting estimator thread 0...
[   89.166444][ T6571] IPVS: using max 22 ests per chain, 52800 per kthread
[   89.268755][ T6562] syz.1.195 (6562) used greatest stack depth: 17968 bytes left
[   89.545090][ T6580] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   89.578215][ T6580] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   89.820566][ T6494] Set syz1 is full, maxelem 65536 reached
[   90.143922][ T6585] __nla_validate_parse: 4 callbacks suppressed
[   90.143939][ T6585] netlink: 12 bytes leftover after parsing attributes in process `syz.3.202'.
[   90.164720][ T6587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.203'.
[   90.733840][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807ebd3400: rx timeout, send abort
[   90.742480][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807ebd3400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[   90.827796][ T6609] netlink: 'syz.3.210': attribute type 1 has an invalid length.
[   90.835478][ T6609] netlink: 236 bytes leftover after parsing attributes in process `syz.3.210'.
[   90.876499][ T6609] NCSI netlink: No device for ifindex 458760
[   91.271147][ T6626] netlink: 12 bytes leftover after parsing attributes in process `syz.3.215'.
[   91.440539][ T6629] ipt_rpfilter: unknown options
[   91.670399][ T6635] netlink: 104 bytes leftover after parsing attributes in process `syz.1.219'.
[   91.798759][ T6637] netlink: 56 bytes leftover after parsing attributes in process `syz.3.220'.
[   92.028024][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.223'.
[   92.034249][ T6645] netlink: 16 bytes leftover after parsing attributes in process `syz.4.224'.
[   92.075310][ T6645] netlink: 28 bytes leftover after parsing attributes in process `syz.4.224'.
[   92.252528][ T6650] netlink: 12 bytes leftover after parsing attributes in process `syz.4.226'.
[   92.351378][ T6654] A link change request failed with some changes committed already. Interface veth1_to_hsr may have been left with an inconsistent configuration, please check.
[   93.102902][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803295bc00: rx timeout, send abort
[   93.111340][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803295bc00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[   93.364992][ T6690] FAULT_INJECTION: forcing a failure.
[   93.364992][ T6690] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   93.396718][ T6690] CPU: 1 UID: 0 PID: 6690 Comm: syz.1.239 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[   93.396741][ T6690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   93.396750][ T6690] Call Trace:
[   93.396756][ T6690]  <TASK>
[   93.396763][ T6690]  dump_stack_lvl+0x241/0x360
[   93.396793][ T6690]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.396814][ T6690]  ? __pfx__printk+0x10/0x10
[   93.396837][ T6690]  ? __pfx_lock_release+0x10/0x10
[   93.396864][ T6690]  should_fail_ex+0x3b0/0x4e0
[   93.396884][ T6690]  _copy_from_iter+0x1e9/0x1c20
[   93.396904][ T6690]  ? __virt_addr_valid+0x183/0x530
[   93.396933][ T6690]  ? __alloc_skb+0x28f/0x440
[   93.396949][ T6690]  ? __pfx__copy_from_iter+0x10/0x10
[   93.396970][ T6690]  ? __virt_addr_valid+0x183/0x530
[   93.396988][ T6690]  ? __virt_addr_valid+0x183/0x530
[   93.397005][ T6690]  ? __virt_addr_valid+0x45f/0x530
[   93.397024][ T6690]  ? __phys_addr_symbol+0x2f/0x70
[   93.397043][ T6690]  ? __check_object_size+0x47a/0x730
[   93.397069][ T6690]  netlink_sendmsg+0x73d/0xcb0
[   93.397098][ T6690]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.397120][ T6690]  ? aa_sock_msg_perm+0x91/0x160
[   93.397149][ T6690]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.397165][ T6690]  __sock_sendmsg+0x221/0x270
[   93.397190][ T6690]  ____sys_sendmsg+0x52a/0x7e0
[   93.397216][ T6690]  ? __pfx_____sys_sendmsg+0x10/0x10
[   93.397232][ T6690]  ? __fget_files+0x2a/0x410
[   93.397256][ T6690]  ? __fget_files+0x2a/0x410
[   93.397285][ T6690]  __sys_sendmsg+0x269/0x350
[   93.397307][ T6690]  ? __pfx___sys_sendmsg+0x10/0x10
[   93.397336][ T6690]  ? do_sys_openat2+0x17a/0x1d0
[   93.397381][ T6690]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   93.397402][ T6690]  ? do_syscall_64+0x100/0x230
[   93.397420][ T6690]  ? do_syscall_64+0xb6/0x230
[   93.397438][ T6690]  do_syscall_64+0xf3/0x230
[   93.397453][ T6690]  ? clear_bhb_loop+0x35/0x90
[   93.397473][ T6690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.397489][ T6690] RIP: 0033:0x7f9496f8cd29
[   93.397503][ T6690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.397516][ T6690] RSP: 002b:00007f9497dbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.397534][ T6690] RAX: ffffffffffffffda RBX: 00007f94971a5fa0 RCX: 00007f9496f8cd29
[   93.397546][ T6690] RDX: 0000000000000080 RSI: 0000000020002840 RDI: 000000000000000a
[   93.397555][ T6690] RBP: 00007f9497dbf090 R08: 0000000000000000 R09: 0000000000000000
[   93.397565][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.397574][ T6690] R13: 0000000000000000 R14: 00007f94971a5fa0 R15: 00007ffe8130fc58
[   93.397599][ T6690]  </TASK>
[   94.348190][   T12] tipc: Subscription rejected, illegal request
[   94.703180][ T6730] FAULT_INJECTION: forcing a failure.
[   94.703180][ T6730] name failslab, interval 1, probability 0, space 0, times 0
[   94.720367][ T6730] CPU: 0 UID: 0 PID: 6730 Comm: syz.0.255 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[   94.720389][ T6730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   94.720399][ T6730] Call Trace:
[   94.720405][ T6730]  <TASK>
[   94.720412][ T6730]  dump_stack_lvl+0x241/0x360
[   94.720441][ T6730]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.720467][ T6730]  ? __pfx__printk+0x10/0x10
[   94.720490][ T6730]  ? __kmalloc_noprof+0xb5/0x4c0
[   94.720512][ T6730]  ? __pfx___might_resched+0x10/0x10
[   94.720529][ T6730]  ? rcu_is_watching+0x15/0xb0
[   94.720553][ T6730]  should_fail_ex+0x3b0/0x4e0
[   94.720574][ T6730]  should_failslab+0xac/0x100
[   94.720597][ T6730]  __kmalloc_noprof+0xdd/0x4c0
[   94.720617][ T6730]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[   94.720638][ T6730]  ? __netlink_dump_start+0x119/0x790
[   94.720659][ T6730]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[   94.720687][ T6730]  genl_start+0x182/0x6d0
[   94.720716][ T6730]  __netlink_dump_start+0x45c/0x790
[   94.720743][ T6730]  genl_rcv_msg+0x88c/0xec0
[   94.720772][ T6730]  ? __pfx_genl_rcv_msg+0x10/0x10
[   94.720806][ T6730]  ? __pfx_genl_start+0x10/0x10
[   94.720824][ T6730]  ? __pfx_genl_dumpit+0x10/0x10
[   94.720842][ T6730]  ? __pfx_genl_done+0x10/0x10
[   94.720880][ T6730]  ? __pfx_lock_acquire+0x10/0x10
[   94.720899][ T6730]  ? __pfx_ieee802154_dump_iface+0x10/0x10
[   94.720919][ T6730]  ? __pfx___might_resched+0x10/0x10
[   94.720947][ T6730]  netlink_rcv_skb+0x1e3/0x430
[   94.720966][ T6730]  ? __pfx_genl_rcv_msg+0x10/0x10
[   94.720988][ T6730]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   94.721035][ T6730]  genl_rcv+0x28/0x40
[   94.721052][ T6730]  netlink_unicast+0x7f6/0x990
[   94.721076][ T6730]  ? __pfx_netlink_unicast+0x10/0x10
[   94.721088][ T6730]  ? __virt_addr_valid+0x45f/0x530
[   94.721107][ T6730]  ? __phys_addr_symbol+0x2f/0x70
[   94.721126][ T6730]  ? __check_object_size+0x47a/0x730
[   94.721151][ T6730]  netlink_sendmsg+0x8e4/0xcb0
[   94.721181][ T6730]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.721203][ T6730]  ? aa_sock_msg_perm+0x91/0x160
[   94.721227][ T6730]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.721243][ T6730]  __sock_sendmsg+0x221/0x270
[   94.721268][ T6730]  ____sys_sendmsg+0x52a/0x7e0
[   94.721296][ T6730]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.721312][ T6730]  ? __fget_files+0x2a/0x410
[   94.721337][ T6730]  ? __fget_files+0x2a/0x410
[   94.721367][ T6730]  __sys_sendmsg+0x269/0x350
[   94.721390][ T6730]  ? __pfx___sys_sendmsg+0x10/0x10
[   94.721422][ T6730]  ? do_sys_openat2+0x17a/0x1d0
[   94.721472][ T6730]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   94.721493][ T6730]  ? do_syscall_64+0x100/0x230
[   94.721512][ T6730]  ? do_syscall_64+0xb6/0x230
[   94.721530][ T6730]  do_syscall_64+0xf3/0x230
[   94.721546][ T6730]  ? clear_bhb_loop+0x35/0x90
[   94.721565][ T6730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.721581][ T6730] RIP: 0033:0x7fa4f998cd29
[   94.721596][ T6730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.721609][ T6730] RSP: 002b:00007fa4fa70a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.721627][ T6730] RAX: ffffffffffffffda RBX: 00007fa4f9ba5fa0 RCX: 00007fa4f998cd29
[   94.721638][ T6730] RDX: 0000000000000080 RSI: 0000000020002840 RDI: 000000000000000a
[   94.721649][ T6730] RBP: 00007fa4fa70a090 R08: 0000000000000000 R09: 0000000000000000
[   94.721658][ T6730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.721668][ T6730] R13: 0000000000000000 R14: 00007fa4f9ba5fa0 R15: 00007ffec91556a8
[   94.721695][ T6730]  </TASK>
[   94.903814][ T6738] netlink: 'syz.3.258': attribute type 1 has an invalid length.
[   95.491355][ T6754] __nla_validate_parse: 14 callbacks suppressed
[   95.491372][ T6754] netlink: 16 bytes leftover after parsing attributes in process `syz.4.264'.
[   95.522777][ T6758] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   95.532212][ T6758] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   95.541449][ T6758] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   95.550423][ T6758] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   95.558018][ T6754] netlink: 28 bytes leftover after parsing attributes in process `syz.4.264'.
[   95.586135][ T6758] vxlan0: entered promiscuous mode
[   95.594741][ T6758] vxlan0: entered allmulticast mode
[   95.629664][ T6758] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   95.638760][ T6758] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   95.647802][ T6758] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   95.656763][ T6758] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   95.720064][ T6772] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'.
[   95.733733][ T6772] FAULT_INJECTION: forcing a failure.
[   95.733733][ T6772] name failslab, interval 1, probability 0, space 0, times 0
[   95.755275][ T6772] CPU: 0 UID: 0 PID: 6772 Comm: syz.3.270 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[   95.755297][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   95.755306][ T6772] Call Trace:
[   95.755312][ T6772]  <TASK>
[   95.755320][ T6772]  dump_stack_lvl+0x241/0x360
[   95.755349][ T6772]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.755371][ T6772]  ? __pfx__printk+0x10/0x10
[   95.755394][ T6772]  ? __kmalloc_cache_noprof+0x48/0x390
[   95.755418][ T6772]  ? __pfx___might_resched+0x10/0x10
[   95.755439][ T6772]  should_fail_ex+0x3b0/0x4e0
[   95.755460][ T6772]  should_failslab+0xac/0x100
[   95.755482][ T6772]  __kmalloc_cache_noprof+0x70/0x390
[   95.755502][ T6772]  ? genl_start+0x1cb/0x6d0
[   95.755527][ T6772]  genl_start+0x1cb/0x6d0
[   95.755556][ T6772]  __netlink_dump_start+0x45c/0x790
[   95.755584][ T6772]  genl_rcv_msg+0x88c/0xec0
[   95.755613][ T6772]  ? __pfx_genl_rcv_msg+0x10/0x10
[   95.755640][ T6772]  ? __pfx_genl_start+0x10/0x10
[   95.755658][ T6772]  ? __pfx_genl_dumpit+0x10/0x10
[   95.755683][ T6772]  ? __pfx_genl_done+0x10/0x10
[   95.755722][ T6772]  ? __pfx_lock_acquire+0x10/0x10
[   95.755741][ T6772]  ? __pfx_ieee802154_dump_iface+0x10/0x10
[   95.755761][ T6772]  ? __pfx___might_resched+0x10/0x10
[   95.755789][ T6772]  netlink_rcv_skb+0x1e3/0x430
[   95.755808][ T6772]  ? __pfx_genl_rcv_msg+0x10/0x10
[   95.755830][ T6772]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   95.755879][ T6772]  genl_rcv+0x28/0x40
[   95.755897][ T6772]  netlink_unicast+0x7f6/0x990
[   95.755922][ T6772]  ? __pfx_netlink_unicast+0x10/0x10
[   95.755935][ T6772]  ? __virt_addr_valid+0x45f/0x530
[   95.755954][ T6772]  ? __phys_addr_symbol+0x2f/0x70
[   95.755973][ T6772]  ? __check_object_size+0x47a/0x730
[   95.755999][ T6772]  netlink_sendmsg+0x8e4/0xcb0
[   95.756029][ T6772]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.756052][ T6772]  ? aa_sock_msg_perm+0x91/0x160
[   95.756075][ T6772]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.756092][ T6772]  __sock_sendmsg+0x221/0x270
[   95.756117][ T6772]  ____sys_sendmsg+0x52a/0x7e0
[   95.756143][ T6772]  ? __pfx_____sys_sendmsg+0x10/0x10
[   95.756160][ T6772]  ? __fget_files+0x2a/0x410
[   95.756184][ T6772]  ? __fget_files+0x2a/0x410
[   95.756215][ T6772]  __sys_sendmsg+0x269/0x350
[   95.756239][ T6772]  ? __pfx___sys_sendmsg+0x10/0x10
[   95.756270][ T6772]  ? do_sys_openat2+0x17a/0x1d0
[   95.756320][ T6772]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   95.756341][ T6772]  ? do_syscall_64+0x100/0x230
[   95.756358][ T6772]  ? do_syscall_64+0xb6/0x230
[   95.756371][ T6772]  do_syscall_64+0xf3/0x230
[   95.756383][ T6772]  ? clear_bhb_loop+0x35/0x90
[   95.756400][ T6772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.756415][ T6772] RIP: 0033:0x7f796df8cd29
[   95.756429][ T6772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.756441][ T6772] RSP: 002b:00007f796ee10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   95.756458][ T6772] RAX: ffffffffffffffda RBX: 00007f796e1a5fa0 RCX: 00007f796df8cd29
[   95.756470][ T6772] RDX: 0000000000000080 RSI: 0000000020002840 RDI: 000000000000000a
[   95.756479][ T6772] RBP: 00007f796ee10090 R08: 0000000000000000 R09: 0000000000000000
[   95.756489][ T6772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.756498][ T6772] R13: 0000000000000000 R14: 00007f796e1a5fa0 R15: 00007ffec1fb5858
[   95.756523][ T6772]  </TASK>
[   96.114733][ T6779] netlink: 104 bytes leftover after parsing attributes in process `syz.2.272'.
[   96.256525][ T6787] netlink: 64 bytes leftover after parsing attributes in process `syz.0.274'.
[   96.332062][ T6785] IPVS: Unknown mcast interface: veth��
[   96.454239][ T6799] netlink: 12 bytes leftover after parsing attributes in process `syz.4.278'.
[   96.742464][ T6812] netlink: 32 bytes leftover after parsing attributes in process `syz.4.282'.
[   96.780550][ T6813] netlink: 12 bytes leftover after parsing attributes in process `syz.2.283'.
[   96.864904][ T6816] netlink: 'syz.4.282': attribute type 21 has an invalid length.
[   96.887214][ T6816] netlink: 152 bytes leftover after parsing attributes in process `syz.4.282'.
[   96.970953][ T6804] netlink: 88 bytes leftover after parsing attributes in process `syz.0.281'.
[   97.507218][ T6804] x_tables: duplicate entry at hook 2
[   98.181796][ T6870] netlink: 'syz.2.293': attribute type 1 has an invalid length.
[   98.205439][ T6870] netlink: 'syz.2.293': attribute type 2 has an invalid length.
[   98.334654][ T6880] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[   98.449081][ T6883] netlink: 'syz.3.296': attribute type 1 has an invalid length.
[   98.708219][ T6891] ip6gre1: entered allmulticast mode
[   99.291597][ T6899] netlink: 'syz.0.303': attribute type 10 has an invalid length.
[   99.430829][ T6899] veth0_vlan: entered allmulticast mode
[   99.503239][ T6899] bridge0: port 3(veth0_vlan) entered blocking state
[   99.602928][ T6899] bridge0: port 3(veth0_vlan) entered disabled state
[   99.643627][ T6899] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   99.674568][ T6930] x_tables: duplicate entry at hook 2
[   99.868707][ T6940] netlink: 'syz.1.312': attribute type 10 has an invalid length.
[  100.546908][ T6964] __nla_validate_parse: 20 callbacks suppressed
[  100.546927][ T6964] netlink: 60 bytes leftover after parsing attributes in process `syz.3.321'.
[  100.672238][ T6970] netlink: 12 bytes leftover after parsing attributes in process `syz.1.323'.
[  100.693047][ T6974] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  100.755716][ T6979] tipc: Started in network mode
[  100.825957][ T6979] tipc: Node identity 1, cluster identity 8
[  100.833475][ T6979] tipc: Node number set to 1
[  101.186505][ T6972] netlink: 88 bytes leftover after parsing attributes in process `syz.4.325'.
[  101.195645][ T6972] netlink: 24 bytes leftover after parsing attributes in process `syz.4.325'.
[  101.206102][ T7005] syz_tun: entered promiscuous mode
[  101.216702][ T6972] netlink: 16 bytes leftover after parsing attributes in process `syz.4.325'.
[  101.261306][ T6972] netlink: 80 bytes leftover after parsing attributes in process `syz.4.325'.
[  101.280833][ T7005] tipc: Started in network mode
[  101.285727][ T7005] tipc: Node identity ffffffff, cluster identity 4711
[  101.293878][ T7005] tipc: Node number set to 4294967295
[  101.294770][ T6992] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0
[  101.421276][ T7012] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.334'.
[  101.568172][ T6972] x_tables: duplicate entry at hook 2
[  101.882214][ T7027] netlink: 12 bytes leftover after parsing attributes in process `syz.4.338'.
[  101.933415][ T6990] syz_tun: left promiscuous mode
[  102.163175][ T7045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.344'.
[  102.174272][ T7045] netlink: 'syz.1.344': attribute type 1 has an invalid length.
[  102.188856][ T7045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.344'.
[  102.446701][ T7056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  102.733458][ T7061] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.912820][ T7061] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.101699][ T7061] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.144370][ T7054] x_tables: duplicate underflow at hook 3
[  103.235937][ T7068] x_tables: duplicate entry at hook 2
[  103.266226][ T7061] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.332563][ T7077] netlink: 'syz.1.354': attribute type 1 has an invalid length.
[  103.441780][ T7061] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.488020][ T7061] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.530319][ T7061] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.560212][ T7061] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.248191][ T7103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.336509][    C1] vcan0: j1939_tp_rxtimer: 0xffff888030036800: rx timeout, send abort
[  104.346416][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888030036800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  104.400249][ T7103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.550047][ T7103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.661113][ T7103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.707687][ T7109] IPVS: Scheduler module ip_vs_sip not found
[  104.735320][ T7117] IPVS: Scheduler module ip_vs_sip not found
[  104.860146][ T7103] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.905648][ T7103] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.969931][ T7103] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.059400][ T7103] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.134849][ T7133] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  105.143813][ T7133] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  105.152679][ T7133] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  105.161428][ T7133] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  105.794398][ T7144] __nla_validate_parse: 14 callbacks suppressed
[  105.794414][ T7144] netlink: 88 bytes leftover after parsing attributes in process `syz.3.371'.
[  105.816392][ T7144] netlink: 24 bytes leftover after parsing attributes in process `syz.3.371'.
[  105.835464][ T7144] netlink: 16 bytes leftover after parsing attributes in process `syz.3.371'.
[  105.858698][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.376'.
[  105.866511][ T7144] netlink: 80 bytes leftover after parsing attributes in process `syz.3.371'.
[  106.549215][ T7144] x_tables: duplicate entry at hook 2
[  106.797931][    C1] vcan0: j1939_tp_rxtimer: 0xffff888021e9d800: rx timeout, send abort
[  106.806357][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888021e9d800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  108.056555][ T7175] netlink: 84 bytes leftover after parsing attributes in process `syz.1.381'.
[  108.086626][ T7175] netlink: 76 bytes leftover after parsing attributes in process `syz.1.381'.
[  108.306633][ T7185] netlink: 16 bytes leftover after parsing attributes in process `syz.0.383'.
[  108.327140][ T7185] netlink: 28 bytes leftover after parsing attributes in process `syz.0.383'.
[  108.505581][ T7195] netlink: 104 bytes leftover after parsing attributes in process `syz.0.386'.
[  108.806167][ T7209] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20002
[  108.820366][ T7209] syzkaller1: entered promiscuous mode
[  108.827206][ T7209] syzkaller1: entered allmulticast mode
[  108.851937][ T7209] openvswitch: netlink: Duplicate or invalid key (type 0).
[  108.860047][ T7209] openvswitch: netlink: Actions may not be safe on all matching packets
[  108.919810][ T7209] netlink: 'syz.2.391': attribute type 10 has an invalid length.
[  108.929778][ T7214] netlink: 'syz.1.392': attribute type 2 has an invalid length.
[  108.933910][ T7209] batman_adv: batadv0: Adding interface: team0
[  108.956487][ T7209] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.987278][ T7211] netlink: 'syz.2.391': attribute type 10 has an invalid length.
[  109.000916][ T7209] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  109.029818][ T7214] f�����: entered promiscuous mode
[  109.037835][ T7211] team0: entered promiscuous mode
[  109.055425][ T7211] team_slave_0: entered promiscuous mode
[  109.075908][ T7211] team_slave_1: entered promiscuous mode
[  109.091783][ T7211] 8021q: adding VLAN 0 to HW filter on device team0
[  109.113503][ T7211] batman_adv: batadv0: Interface activated: team0
[  109.145042][ T7211] batman_adv: batadv0: Interface deactivated: team0
[  109.165818][ T7211] batman_adv: batadv0: Removing interface: team0
[  109.177976][ T7211] bridge0: port 3(team0) entered blocking state
[  109.190330][ T7211] bridge0: port 3(team0) entered disabled state
[  109.201235][ T7211] team0: entered allmulticast mode
[  109.212140][ T7211] team_slave_0: entered allmulticast mode
[  109.220113][ T7211] team_slave_1: entered allmulticast mode
[  109.228638][ T7211] bridge0: port 3(team0) entered blocking state
[  109.234969][ T7211] bridge0: port 3(team0) entered forwarding state
[  109.958961][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805053c000: rx timeout, send abort
[  109.968181][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805053c000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  110.070053][ T7241] ieee802154 phy0 wpan0: encryption failed: -22
[  110.453991][ T7256] syz.1.407[7256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.454087][ T7256] syz.1.407[7256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.477389][ T7256] syz.1.407[7256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.793018][ T7245] x_tables: duplicate entry at hook 2
[  111.147845][ T7285] __nla_validate_parse: 10 callbacks suppressed
[  111.147862][ T7285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.416'.
[  111.304497][ T7288] netlink: 96 bytes leftover after parsing attributes in process `syz.4.416'.
[  111.324730][ T7288] vlan3: entered allmulticast mode
[  111.452390][ T7303] openvswitch: netlink: Flow key attr not present in new flow.
[  111.461456][ T7303] netlink: 104 bytes leftover after parsing attributes in process `syz.4.416'.
[  111.540543][ T7302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.421'.
[  111.701737][ T7314] sctp: [Deprecated]: syz.3.426 (pid 7314) Use of int in maxseg socket option.
[  111.701737][ T7314] Use struct sctp_assoc_value instead
[  111.822486][ T7328] netlink: 32 bytes leftover after parsing attributes in process `syz.3.426'.
[  112.089056][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880296de800: rx timeout, send abort
[  112.097638][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880296de800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  112.509169][ T7362] lo speed is unknown, defaulting to 1000
[  112.515286][ T7362] lo speed is unknown, defaulting to 1000
[  112.523745][ T7362] lo speed is unknown, defaulting to 1000
[  112.535515][ T7362] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  112.549789][ T7362] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  112.592258][ T7361] lo speed is unknown, defaulting to 1000
[  112.630630][ T7344] netlink: 88 bytes leftover after parsing attributes in process `syz.4.431'.
[  112.654362][ T7344] netlink: 24 bytes leftover after parsing attributes in process `syz.4.431'.
[  112.678765][ T7344] netlink: 16 bytes leftover after parsing attributes in process `syz.4.431'.
[  112.737033][ T7344] netlink: 80 bytes leftover after parsing attributes in process `syz.4.431'.
[  112.798325][ T7362] lo speed is unknown, defaulting to 1000
[  112.872009][ T7362] lo speed is unknown, defaulting to 1000
[  112.943716][ T7362] lo speed is unknown, defaulting to 1000
[  112.981865][ T7362] lo speed is unknown, defaulting to 1000
[  113.001944][ T7362] lo speed is unknown, defaulting to 1000
[  113.027817][ T7362] lo speed is unknown, defaulting to 1000
[  113.110587][ T7381] netlink: 104 bytes leftover after parsing attributes in process `syz.2.441'.
[  113.372667][ T7395] bridge1: entered promiscuous mode
[  113.409056][ T7395] bridge1: entered allmulticast mode
[  113.430986][ T7395] team0: Port device bridge1 added
[  113.457985][ T7395] netlink: 'syz.2.446': attribute type 10 has an invalid length.
[  113.490003][ T7395] bridge0: port 4(ip6gretap0) entered blocking state
[  113.497207][ T7395] bridge0: port 4(ip6gretap0) entered disabled state
[  113.504328][ T7395] ip6gretap0: entered allmulticast mode
[  113.531082][ T7361] x_tables: duplicate entry at hook 2
[  113.547681][ T7395] ip6gretap0: entered promiscuous mode
[  113.558408][ T7395] bridge0: port 4(ip6gretap0) entered blocking state
[  113.565405][ T7395] bridge0: port 4(ip6gretap0) entered forwarding state
[  113.603176][ T7403] raw_sendmsg: syz.0.448 forgot to set AF_INET. Fix it!
[  113.772463][ T7410] sctp: [Deprecated]: syz.3.450 (pid 7410) Use of int in max_burst socket option.
[  113.772463][ T7410] Use struct sctp_assoc_value instead
[  114.181667][ T7425] netlink: 'syz.3.455': attribute type 34 has an invalid length.
[  114.346079][ T7436] netlink: 'syz.3.458': attribute type 34 has an invalid length.
[  115.106092][ T7464] lo speed is unknown, defaulting to 1000
[  115.329848][ T7474] netlink: 'syz.0.468': attribute type 34 has an invalid length.
[  115.513932][ T7483] netlink: 'syz.0.470': attribute type 34 has an invalid length.
[  115.549823][ T7480] x_tables: duplicate entry at hook 2
[  115.822718][ T7489] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[  115.868116][ T7493] sock: sock_timestamping_bind_phc: sock not bind to device
[  115.889462][ T7493] netlink: 'syz.3.474': attribute type 1 has an invalid length.
[  115.908144][ T7493] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  116.349371][ T7510] __nla_validate_parse: 14 callbacks suppressed
[  116.349396][ T7510] netlink: 48 bytes leftover after parsing attributes in process `syz.0.477'.
[  116.890659][ T7525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.482'.
[  116.938065][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.481'.
[  116.963620][ T7525] Bluetooth: MGMT ver 1.23
[  117.160503][ T7534] netlink: 104 bytes leftover after parsing attributes in process `syz.0.484'.
[  117.167371][ T7536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.486'.
[  117.184652][ T7536] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  117.195905][ T7536] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1)
[  117.249752][ T7538] netlink: 'syz.1.485': attribute type 4 has an invalid length.
[  117.267558][ T7542] netlink: 'syz.1.485': attribute type 4 has an invalid length.
[  117.291083][ T7538] netlink: 'syz.1.485': attribute type 4 has an invalid length.
[  117.803079][ T7569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'.
[  117.805627][ T7566] lo speed is unknown, defaulting to 1000
[  117.822450][ T7571] netlink: 36 bytes leftover after parsing attributes in process `syz.2.495'.
[  117.877892][ T7558] netlink: 88 bytes leftover after parsing attributes in process `syz.0.492'.
[  117.901192][ T7558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.492'.
[  117.979967][ T7558] netlink: 16 bytes leftover after parsing attributes in process `syz.0.492'.
[  118.111795][ T7582] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.483948][ T7566] x_tables: duplicate entry at hook 2
[  118.508609][ T7596] netlink: 'syz.1.502': attribute type 10 has an invalid length.
[  118.516530][ T7596] team0: entered promiscuous mode
[  118.521737][ T7596] team_slave_0: entered promiscuous mode
[  118.532334][ T7596] team_slave_1: entered promiscuous mode
[  118.550954][ T7596] bridge0: port 3(team0) entered blocking state
[  118.560667][    C0] vcan0: j1939_tp_rxtimer: 0xffff888050785800: rx timeout, send abort
[  118.564724][ T7596] bridge0: port 3(team0) entered disabled state
[  118.569074][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888050785800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  118.588697][ T7596] team0: entered allmulticast mode
[  118.606008][ T7596] team_slave_0: entered allmulticast mode
[  118.626420][ T7596] team_slave_1: entered allmulticast mode
[  118.668408][ T7596] bridge0: port 3(team0) entered blocking state
[  118.674803][ T7596] bridge0: port 3(team0) entered forwarding state
[  118.717843][ T7603] ip6gretap0: left allmulticast mode
[  118.723346][ T7603] ip6gretap0: left promiscuous mode
[  118.748620][ T7603] bridge0: port 4(ip6gretap0) entered disabled state
[  118.785355][ T7603] team0: left allmulticast mode
[  118.805098][ T7603] team_slave_0: left allmulticast mode
[  118.811699][ T7603] team_slave_1: left allmulticast mode
[  118.824368][ T7603] bridge0: port 3(team0) entered disabled state
[  118.916230][ T7603] bridge_slave_1: left allmulticast mode
[  118.925922][ T7603] bridge_slave_1: left promiscuous mode
[  118.940875][ T7603] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.987142][ T7603] bridge_slave_0: left allmulticast mode
[  119.016774][ T7603] bridge_slave_0: left promiscuous mode
[  119.027944][ T7603] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.036473][ T5843] Bluetooth: hci0: command 0x0401 tx timeout
[  119.038667][ T5146] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  119.223631][ T7625] FAULT_INJECTION: forcing a failure.
[  119.223631][ T7625] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  119.247203][ T7625] CPU: 0 UID: 0 PID: 7625 Comm: syz.0.509 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  119.247226][ T7625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  119.247235][ T7625] Call Trace:
[  119.247241][ T7625]  <TASK>
[  119.247248][ T7625]  dump_stack_lvl+0x241/0x360
[  119.247277][ T7625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.247299][ T7625]  ? __pfx__printk+0x10/0x10
[  119.247321][ T7625]  ? __pfx_lock_release+0x10/0x10
[  119.247342][ T7625]  ? validate_chain+0x11e/0x5920
[  119.247368][ T7625]  should_fail_ex+0x3b0/0x4e0
[  119.247388][ T7625]  _copy_from_iter+0x1e9/0x1c20
[  119.247421][ T7625]  ? __pfx__copy_from_iter+0x10/0x10
[  119.247455][ T7625]  tun_get_user+0x43f/0x48a0
[  119.247487][ T7625]  ? __lock_acquire+0x1397/0x2100
[  119.247513][ T7625]  ? __pfx_tun_get_user+0x10/0x10
[  119.247547][ T7625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.247565][ T7625]  ? tun_get+0x1e/0x2f0
[  119.247583][ T7625]  ? __pfx_lock_release+0x10/0x10
[  119.247615][ T7625]  ? tun_get+0x1e/0x2f0
[  119.247632][ T7625]  ? tun_get+0x27d/0x2f0
[  119.247652][ T7625]  tun_chr_write_iter+0x10d/0x1f0
[  119.247673][ T7625]  vfs_write+0xaeb/0xd30
[  119.247695][ T7625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.247715][ T7625]  ? __pfx_vfs_write+0x10/0x10
[  119.247729][ T7625]  ? do_sys_openat2+0x17a/0x1d0
[  119.247753][ T7625]  ? __fget_files+0x2a/0x410
[  119.247777][ T7625]  ? __fget_files+0x2a/0x410
[  119.247804][ T7625]  ksys_write+0x18f/0x2b0
[  119.247823][ T7625]  ? __pfx_ksys_write+0x10/0x10
[  119.247841][ T7625]  ? do_syscall_64+0x100/0x230
[  119.247860][ T7625]  ? do_syscall_64+0xb6/0x230
[  119.247884][ T7625]  do_syscall_64+0xf3/0x230
[  119.247899][ T7625]  ? clear_bhb_loop+0x35/0x90
[  119.247919][ T7625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.247935][ T7625] RIP: 0033:0x7fa4f998cd29
[  119.247950][ T7625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.247962][ T7625] RSP: 002b:00007fa4fa70a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  119.247980][ T7625] RAX: ffffffffffffffda RBX: 00007fa4f9ba5fa0 RCX: 00007fa4f998cd29
[  119.247991][ T7625] RDX: 0000000000000ffe RSI: 00000000200000c0 RDI: 0000000000000003
[  119.248001][ T7625] RBP: 00007fa4fa70a090 R08: 0000000000000000 R09: 0000000000000000
[  119.248010][ T7625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.248019][ T7625] R13: 0000000000000000 R14: 00007fa4f9ba5fa0 R15: 00007ffec91556a8
[  119.248044][ T7625]  </TASK>
[  119.643285][ T7626] lo speed is unknown, defaulting to 1000
[  119.772584][ T7636] tipc: Can't bind to reserved service type 1
[  119.812443][ T7636] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  119.857779][ T5146] Bluetooth: hci4: link tx timeout
[  119.863222][ T5146] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  119.873458][ T5843] Bluetooth: hci4: link tx timeout
[  119.880738][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  120.515999][ T7649] lo speed is unknown, defaulting to 1000
[  120.598699][ T7637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  121.044225][    C1] vcan0: j1939_tp_rxtimer: 0xffff888143b78c00: rx timeout, send abort
[  121.054157][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888143b78c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  121.171588][ T7689] netlink: 'syz.1.520': attribute type 1 has an invalid length.
[  121.239363][ T7689] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  121.319191][ T7689] 8021q: adding VLAN 0 to HW filter on device batadv1
[  121.371378][ T7689] bond2: (slave batadv1): Enslaving as a backup interface with an up link
[  121.750946][ T7714] netlink: 'syz.1.527': attribute type 10 has an invalid length.
[  121.842129][ T7713] bridge1: entered promiscuous mode
[  121.867047][ T7713] bridge1: entered allmulticast mode
[  121.900635][ T7713] team0: Port device bridge1 added
[  121.916497][ T5843] Bluetooth: hci4: command 0x0405 tx timeout
[  121.927827][ T7714] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  121.966133][ T7714] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  122.207148][ T7738] __nla_validate_parse: 12 callbacks suppressed
[  122.207168][ T7738] netlink: 104 bytes leftover after parsing attributes in process `syz.2.534'.
[  122.694006][ T7767] netlink: 4 bytes leftover after parsing attributes in process `syz.4.541'.
[  123.065883][ T7786] netlink: 16 bytes leftover after parsing attributes in process `syz.0.547'.
[  123.155242][ T7786] netlink: 28 bytes leftover after parsing attributes in process `syz.0.547'.
[  123.332988][ T7776] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  124.179681][ T7840] hsr0: entered promiscuous mode
[  124.214561][ T7840] hsr_slave_0: left promiscuous mode
[  124.240406][ T7840] hsr_slave_1: left promiscuous mode
[  124.310011][ T7840] hsr0 (unregistering): left promiscuous mode
[  124.684244][ T7865] syzkaller1: entered promiscuous mode
[  124.706706][ T7865] syzkaller1: entered allmulticast mode
[  124.720738][ T7863] veth1_macvtap: left promiscuous mode
[  124.736644][ T7863] macsec0: entered allmulticast mode
[  124.928904][ T7876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.567'.
[  124.944485][ T7863] veth1_macvtap: entered promiscuous mode
[  124.950649][ T7863] veth1_macvtap: entered allmulticast mode
[  124.957865][ T7863] macsec0: left allmulticast mode
[  124.976452][ T7863] veth1_macvtap: left allmulticast mode
[  125.158100][ T7869] lo speed is unknown, defaulting to 1000
[  125.437099][ T7887] netlink: 104 bytes leftover after parsing attributes in process `syz.2.570'.
[  125.857705][ T7905] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  125.966443][ T7910] netlink: 44 bytes leftover after parsing attributes in process `syz.4.576'.
[  126.003891][ T7912] warning: `syz.3.575' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  126.364116][ T7930] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-xor(2)
[  126.490669][ T7943] netlink: 56 bytes leftover after parsing attributes in process `syz.0.581'.
[  126.514726][ T7949] netlink: 104 bytes leftover after parsing attributes in process `syz.4.583'.
[  126.582212][ T7953] netlink: 24 bytes leftover after parsing attributes in process `syz.2.584'.
[  126.885893][ T7972] FAULT_INJECTION: forcing a failure.
[  126.885893][ T7972] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  126.942249][ T7972] CPU: 1 UID: 0 PID: 7972 Comm: syz.4.587 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  126.942272][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  126.942300][ T7972] Call Trace:
[  126.942307][ T7972]  <TASK>
[  126.942314][ T7972]  dump_stack_lvl+0x241/0x360
[  126.942344][ T7972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.942366][ T7972]  ? __pfx__printk+0x10/0x10
[  126.942395][ T7972]  ? snprintf+0xda/0x120
[  126.942415][ T7972]  should_fail_ex+0x3b0/0x4e0
[  126.942436][ T7972]  _copy_to_user+0x31/0xb0
[  126.942458][ T7972]  simple_read_from_buffer+0xca/0x150
[  126.942482][ T7972]  proc_fail_nth_read+0x1e9/0x250
[  126.942505][ T7972]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  126.942527][ T7972]  ? rw_verify_area+0x55e/0x6f0
[  126.942543][ T7972]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  126.942565][ T7972]  vfs_read+0x1fc/0xb70
[  126.942583][ T7972]  ? fdget_pos+0x254/0x320
[  126.942605][ T7972]  ? __pfx___mutex_lock+0x10/0x10
[  126.942645][ T7972]  ? __pfx_vfs_read+0x10/0x10
[  126.942659][ T7972]  ? do_sys_openat2+0x17a/0x1d0
[  126.942683][ T7972]  ? __fget_files+0x2a/0x410
[  126.942706][ T7972]  ? __fget_files+0x395/0x410
[  126.942725][ T7972]  ? __fget_files+0x2a/0x410
[  126.942755][ T7972]  ksys_read+0x18f/0x2b0
[  126.942774][ T7972]  ? __pfx_ksys_read+0x10/0x10
[  126.942791][ T7972]  ? do_syscall_64+0x100/0x230
[  126.942809][ T7972]  ? do_syscall_64+0xb6/0x230
[  126.942827][ T7972]  do_syscall_64+0xf3/0x230
[  126.942842][ T7972]  ? clear_bhb_loop+0x35/0x90
[  126.942862][ T7972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.942878][ T7972] RIP: 0033:0x7fc0c518b73c
[  126.942893][ T7972] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  126.942905][ T7972] RSP: 002b:00007fc0c5fe0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  126.942933][ T7972] RAX: ffffffffffffffda RBX: 00007fc0c53a5fa0 RCX: 00007fc0c518b73c
[  126.942944][ T7972] RDX: 000000000000000f RSI: 00007fc0c5fe00a0 RDI: 0000000000000004
[  126.942954][ T7972] RBP: 00007fc0c5fe0090 R08: 0000000000000000 R09: 0000000000000000
[  126.942964][ T7972] R10: 0000000000000083 R11: 0000000000000246 R12: 0000000000000001
[  126.942974][ T7972] R13: 0000000000000000 R14: 00007fc0c53a5fa0 R15: 00007ffe3b5b58d8
[  126.943001][ T7972]  </TASK>
[  127.392202][ T7982] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  127.491607][ T7999] __nla_validate_parse: 2 callbacks suppressed
[  127.491625][ T7999] netlink: 176 bytes leftover after parsing attributes in process `syz.4.591'.
[  127.644597][ T8008] netlink: 16 bytes leftover after parsing attributes in process `syz.3.593'.
[  128.202572][ T8031] lo speed is unknown, defaulting to 1000
[  128.291141][ T8036] lo speed is unknown, defaulting to 1000
[  128.327413][ T8039] netlink: 20 bytes leftover after parsing attributes in process `syz.2.602'.
[  128.395708][ T8045] netlink: 24 bytes leftover after parsing attributes in process `syz.2.602'.
[  128.402287][ T8044] netlink: 'syz.4.603': attribute type 1 has an invalid length.
[  128.562139][ T8044] bond1: entered promiscuous mode
[  128.582421][ T8044] 8021q: adding VLAN 0 to HW filter on device bond1
[  128.610642][ T8047] bond1: (slave veth5): making interface the new active one
[  128.639080][ T8047] veth5: entered promiscuous mode
[  128.645514][ T8047] bond1: (slave veth5): Enslaving as an active interface with an up link
[  128.679272][ T8042] netlink: 'syz.1.601': attribute type 13 has an invalid length.
[  128.687569][ T8042] netlink: 24 bytes leftover after parsing attributes in process `syz.1.601'.
[  128.995397][ T8036] x_tables: duplicate entry at hook 2
[  129.801535][ T8097] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  129.819008][ T8097] batman_adv: batadv0: Adding interface: ip6gretap1
[  129.825748][ T8097] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.887832][ T8097] batman_adv: batadv0: Interface activated: ip6gretap1
[  129.913602][ T8101] netem: change failed
[  129.934931][ T8101] netlink: zone id is out of range
[  129.941672][ T8101] netlink: zone id is out of range
[  129.958240][ T8101] netlink: zone id is out of range
[  129.963457][ T8101] netlink: zone id is out of range
[  129.976878][ T8101] netlink: zone id is out of range
[  129.989644][ T8103] netlink: 4 bytes leftover after parsing attributes in process `syz.0.617'.
[  130.008845][ T8101] netlink: zone id is out of range
[  130.013985][ T8101] netlink: zone id is out of range
[  130.019402][ T8101] netlink: zone id is out of range
[  130.024600][ T8101] netlink: zone id is out of range
[  130.029843][ T8101] netlink: zone id is out of range
[  130.240603][ T8112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.623'.
[  130.297662][ T8118] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.394460][ T8113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.623'.
[  130.403721][ T8113] netlink: 16 bytes leftover after parsing attributes in process `syz.0.623'.
[  130.416626][ T8113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.623'.
[  130.438416][ T8118] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.821561][ T8141] netlink: 'syz.3.628': attribute type 34 has an invalid length.
[  131.486484][ T8160] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  131.525810][ T8160] netlink: 'syz.0.636': attribute type 2 has an invalid length.
[  131.919821][ T8185] ipt_ECN: cannot use operation on non-tcp rule
[  132.141771][ T8204] lo speed is unknown, defaulting to 1000
[  132.410425][ T8207] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.445148][ T8207] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.453948][ T8207] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.469725][ T8207] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.478336][ T8207] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.519480][ T8215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  132.604463][ T8214] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.635656][ T8214] team0: left promiscuous mode
[  132.651736][ T8214] team_slave_0: left promiscuous mode
[  132.664380][ T8214] team_slave_1: left promiscuous mode
[  132.727646][ T8214] 8021q: adding VLAN 0 to HW filter on device team0
[  133.050077][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  133.056592][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  133.232207][ T8235] __nla_validate_parse: 6 callbacks suppressed
[  133.232225][ T8235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.657'.
[  133.254067][ T8235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.657'.
[  133.431950][ T8244] netlink: 16 bytes leftover after parsing attributes in process `syz.4.661'.
[  133.447169][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.4.661'.
[  133.540925][ T8253] bridge2: entered promiscuous mode
[  133.580857][ T8253] bridge2: entered allmulticast mode
[  133.719386][ T8265] netlink: 28 bytes leftover after parsing attributes in process `syz.4.666'.
[  133.968919][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.673'.
[  134.347939][ T8296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.677'.
[  134.386597][ T8300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'.
[  134.403655][ T8300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'.
[  134.414119][ T8300] netlink: 332 bytes leftover after parsing attributes in process `syz.0.678'.
[  135.012281][    C1] vcan0: j1939_tp_rxtimer: 0xffff888032af8800: rx timeout, send abort
[  135.021102][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888032af8800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  135.292913][ T8324] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.311376][ T8324] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.333655][ T8324] bond0 (unregistering): Released all slaves
[  135.614154][ T8348] lo speed is unknown, defaulting to 1000
[  135.819328][ T8356] netlink: 'syz.4.695': attribute type 5 has an invalid length.
[  135.942311][ T8358] IPVS: Error connecting to the multicast addr
[  137.449433][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802555a800: rx timeout, send abort
[  137.457906][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802555a800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  137.879862][ T8382] netlink: 'syz.1.703': attribute type 34 has an invalid length.
[  137.893630][ T8348] lo speed is unknown, defaulting to 1000
[  138.111908][ T8392] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  138.154078][ T8392] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  138.167989][ T8392] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  138.581382][ T8387] __nla_validate_parse: 2 callbacks suppressed
[  138.581417][ T8387] netlink: 88 bytes leftover after parsing attributes in process `syz.1.705'.
[  138.634489][ T8387] netlink: 24 bytes leftover after parsing attributes in process `syz.1.705'.
[  138.683395][ T8401] lo speed is unknown, defaulting to 1000
[  138.706494][ T8387] netlink: 16 bytes leftover after parsing attributes in process `syz.1.705'.
[  138.771454][ T8387] netlink: 80 bytes leftover after parsing attributes in process `syz.1.705'.
[  138.887899][ T8413] netlink: 12 bytes leftover after parsing attributes in process `syz.0.711'.
[  139.558715][ T8450] netlink: 10 bytes leftover after parsing attributes in process `syz.2.718'.
[  139.628391][ T8401] x_tables: duplicate entry at hook 2
[  139.885408][ T8464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  139.902873][ T8464] netlink: 'syz.2.719': attribute type 10 has an invalid length.
[  139.915141][ T8464] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  140.029042][ T8467] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0
[  140.047496][ T8464] IPVS: stopping master sync thread 8467 ...
[  140.196705][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805ff82400: rx timeout, send abort
[  140.205976][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ff82400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  140.277570][ T8483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.722'.
[  140.755952][ T8505] bridge_slave_1: vlans aren't supported yet for dev_uc|mc_add()
[  140.800781][ T8507] bridge0: entered promiscuous mode
[  140.806246][ T8507] bridge0: entered allmulticast mode
[  140.821434][ T8507] team0: Port device bridge0 added
[  140.845791][ T8507] netlink: 'syz.4.728': attribute type 10 has an invalid length.
[  140.866520][ T8507] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  140.932511][ T8507] bridge0: port 1(ip6gretap0) entered blocking state
[  140.942895][ T8507] bridge0: port 1(ip6gretap0) entered disabled state
[  140.952123][ T8507] ip6gretap0: entered allmulticast mode
[  140.971154][ T8507] ip6gretap0: entered promiscuous mode
[  141.023514][ T8517] atomic_op ffff888060555998 conn xmit_atomic 0000000000000000
[  141.244790][ T8519] lo speed is unknown, defaulting to 1000
[  141.301904][ T8513] netlink: 88 bytes leftover after parsing attributes in process `syz.1.730'.
[  141.315573][ T8513] netlink: 24 bytes leftover after parsing attributes in process `syz.1.730'.
[  141.332033][ T8513] netlink: 16 bytes leftover after parsing attributes in process `syz.1.730'.
[  141.543107][ T8522] x_tables: duplicate entry at hook 2
[  142.153449][ T8548] lo speed is unknown, defaulting to 1000
[  142.512876][ T8548] lo speed is unknown, defaulting to 1000
[  142.532725][    C0] vcan0: j1939_tp_rxtimer: 0xffff888051b11400: rx timeout, send abort
[  142.541920][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888051b11400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  142.745796][ T8556] syzkaller1: entered promiscuous mode
[  142.751388][ T8556] syzkaller1: entered allmulticast mode
[  142.818252][ T8556] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.856243][ T8556] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.016526][ T8556] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.025447][ T8556] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.071919][ T8556] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.094793][ T8556] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.301593][ T8556] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  143.310827][ T8556] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  143.320258][ T8556] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  143.329648][ T8556] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  143.380913][ T8556] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  143.666473][ T8581] netlink: 'syz.0.747': attribute type 4 has an invalid length.
[  143.712657][   T25] lo speed is unknown, defaulting to 1000
[  143.719683][ T8581] netlink: 'syz.0.747': attribute type 4 has an invalid length.
[  143.754529][ T8589] syz.2.748[8589] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.754661][ T8589] syz.2.748[8589] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.780884][ T8585] geneve2: entered promiscuous mode
[  143.796894][ T8589] syz.2.748[8589] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.826703][ T8585] geneve2: entered allmulticast mode
[  143.886692][   T51] lo speed is unknown, defaulting to 1000
[  143.939113][ T8594] lo speed is unknown, defaulting to 1000
[  143.995739][ T8584] __nla_validate_parse: 4 callbacks suppressed
[  143.995756][ T8584] netlink: 88 bytes leftover after parsing attributes in process `syz.3.749'.
[  144.045751][ T8584] netlink: 24 bytes leftover after parsing attributes in process `syz.3.749'.
[  144.089313][ T8599] netlink: 20 bytes leftover after parsing attributes in process `syz.2.753'.
[  144.145263][ T8584] netlink: 16 bytes leftover after parsing attributes in process `syz.3.749'.
[  144.197757][ T8584] netlink: 80 bytes leftover after parsing attributes in process `syz.3.749'.
[  144.304169][ T8606] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  144.368767][ T8598] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.455426][ T8598] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.565723][ T8618] syzkaller0: entered allmulticast mode
[  144.584183][ T8598] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.670005][ T8598] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.810903][ T8598] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.833903][ T8594] x_tables: duplicate entry at hook 2
[  144.841108][ T8598] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.875020][ T8598] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.929283][ T8598] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.273431][ T8640] netlink: 8 bytes leftover after parsing attributes in process `syz.3.764'.
[  145.319998][ T8639] ieee802154 phy0 wpan0: encryption failed: -22
[  145.354194][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807d48d400: rx timeout, send abort
[  145.362702][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807d48d400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  145.610292][ T8658] set match dimension is over the limit!
[  145.734665][ T8663] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  145.768051][ T8666] netlink: 'syz.0.772': attribute type 2 has an invalid length.
[  145.816980][ T8652] team0 (unregistering): Port device team_slave_0 removed
[  145.838076][ T8652] team0 (unregistering): Port device team_slave_1 removed
[  145.861447][ T8652] team0 (unregistering): Port device bridge0 removed
[  146.044844][ T8662] pim6reg: entered allmulticast mode
[  146.084464][ T8683] netlink: 'syz.3.775': attribute type 34 has an invalid length.
[  146.272713][ T8687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.778'.
[  146.452805][ T8699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.782'.
[  147.096057][ T8723] netlink: 'syz.2.787': attribute type 10 has an invalid length.
[  147.130614][ T8723] netlink: 40 bytes leftover after parsing attributes in process `syz.2.787'.
[  149.648521][ T8716] ipip0: entered promiscuous mode
[  149.694706][ T8733] netlink: 'syz.3.792': attribute type 1 has an invalid length.
[  149.785951][ T8733] 8021q: adding VLAN 0 to HW filter on device bond1
[  149.816769][ T8741] netlink: 4 bytes leftover after parsing attributes in process `syz.2.794'.
[  149.842210][ T8739] bond1: (slave ip6gretap1): making interface the new active one
[  149.870857][ T8739] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  149.889701][ T8739] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  149.900914][ T8739] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  149.927783][ T8735] netlink: 256 bytes leftover after parsing attributes in process `syz.1.791'.
[  149.940457][   T35] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  149.951228][ T8735] unsupported nlmsg_type 40
[  149.965363][ T5882] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  150.017768][   T52] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  150.159011][ T8754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.797'.
[  150.414740][ T8795] netlink: 20 bytes leftover after parsing attributes in process `syz.0.799'.
[  150.428151][ T8775] ip6gretap0: entered promiscuous mode
[  150.434595][ T8775] batadv_slave_0: entered promiscuous mode
[  150.496451][ T8775] ip6gretap0: left promiscuous mode
[  150.542453][ T8775] batadv_slave_0: left promiscuous mode
[  150.556896][ T5882] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  150.573533][ T8795] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.582475][ T8795] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.753081][ T8813] netlink: 20 bytes leftover after parsing attributes in process `syz.1.808'.
[  150.773986][ T8813] nbd: socks must be embedded in a SOCK_ITEM attr
[  150.785219][ T8743] block nbd64: NBD_DISCONNECT
[  150.865436][ T8817] team0: Device gtp0 is of different type
[  150.951752][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  150.983561][ T8825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.809'.
[  151.041752][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  151.074655][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  151.425398][ T8837] netlink: 'syz.3.812': attribute type 1 has an invalid length.
[  151.457386][ T8837] netlink: 16 bytes leftover after parsing attributes in process `syz.3.812'.
[  151.519619][ T8841] ipt_rpfilter: unknown options
[  151.573041][ T8840] ax25_connect(): syz.4.813 uses autobind, please contact jreuter@yaina.de
[  151.639968][ T8843] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  151.693112][ T8840] netlink: 44 bytes leftover after parsing attributes in process `syz.4.813'.
[  151.839947][   T25] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  151.996566][ T5843] Bluetooth: hci0: command 0x0401 tx timeout
[  152.002278][ T5146] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  152.023734][ T8847] netlink: 'syz.1.815': attribute type 4 has an invalid length.
[  152.089592][ T8847] netlink: 'syz.1.815': attribute type 4 has an invalid length.
[  152.114487][ T8849] netlink: 'syz.0.814': attribute type 10 has an invalid length.
[  152.280800][ T8855] netlink: 4 bytes leftover after parsing attributes in process `syz.4.816'.
[  152.597071][ T8849] infiniband syz1: set active
[  152.602052][ T8849] infiniband syz1: added team_slave_0
[  152.631901][ T8849] RDS/IB: syz1: added
[  152.636838][ T8849] smc: adding ib device syz1 with port count 1
[  152.643169][ T8849] smc:    ib device syz1 port 1 has pnetid 
[  152.650386][ T8871] netlink: 'syz.4.819': attribute type 29 has an invalid length.
[  152.712024][ T8879] net_ratelimit: 306 callbacks suppressed
[  152.712111][ T8879] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  152.717855][ T8869] netlink: 'syz.4.819': attribute type 29 has an invalid length.
[  153.190923][ T8899] netlink: 12 bytes leftover after parsing attributes in process `syz.4.825'.
[  153.587805][ T8912] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  153.636547][ T8912] syzkaller1: entered promiscuous mode
[  153.642160][ T8912] syzkaller1: entered allmulticast mode
[  154.187595][ T8928] FAULT_INJECTION: forcing a failure.
[  154.187595][ T8928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.216198][ T8928] CPU: 0 UID: 0 PID: 8928 Comm: syz.2.835 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  154.216222][ T8928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  154.216231][ T8928] Call Trace:
[  154.216237][ T8928]  <TASK>
[  154.216244][ T8928]  dump_stack_lvl+0x241/0x360
[  154.216272][ T8928]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.216292][ T8928]  ? __pfx__printk+0x10/0x10
[  154.216317][ T8928]  ? __pfx_lock_release+0x10/0x10
[  154.216337][ T8928]  ? vfs_write+0x730/0xd30
[  154.216356][ T8928]  should_fail_ex+0x3b0/0x4e0
[  154.216377][ T8928]  _copy_from_user+0x2d/0xb0
[  154.216400][ T8928]  move_addr_to_kernel+0x82/0x150
[  154.216422][ T8928]  __sys_connect+0xb6/0x2d0
[  154.216438][ T8928]  ? __fget_files+0x2a/0x410
[  154.216459][ T8928]  ? __pfx___sys_connect+0x10/0x10
[  154.216494][ T8928]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  154.216515][ T8928]  ? do_syscall_64+0x100/0x230
[  154.216535][ T8928]  __x64_sys_connect+0x7a/0x90
[  154.216551][ T8928]  do_syscall_64+0xf3/0x230
[  154.216565][ T8928]  ? clear_bhb_loop+0x35/0x90
[  154.216584][ T8928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.216598][ T8928] RIP: 0033:0x7f0796f8cd29
[  154.216611][ T8928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.216623][ T8928] RSP: 002b:00007f0797e4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  154.216640][ T8928] RAX: ffffffffffffffda RBX: 00007f07971a5fa0 RCX: 00007f0796f8cd29
[  154.216652][ T8928] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000004
[  154.216661][ T8928] RBP: 00007f0797e4a090 R08: 0000000000000000 R09: 0000000000000000
[  154.216671][ T8928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.216680][ T8928] R13: 0000000000000000 R14: 00007f07971a5fa0 R15: 00007ffe771fdbe8
[  154.216705][ T8928]  </TASK>
[  154.908392][ T8943] pim6reg: left allmulticast mode
[  155.046640][    C1] ip6_tnl_xmit_ctl: 3 callbacks suppressed
[  155.046657][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  155.236633][ T8910] Set syz1 is full, maxelem 65536 reached
[  155.332538][ T8956] netlink: 'syz.4.843': attribute type 12 has an invalid length.
[  155.341366][ T8957] netlink: 'syz.4.843': attribute type 12 has an invalid length.
[  155.474523][ T8966] bridee_slave_0: renamed from lo
[  155.491777][ T8967] netlink: 92 bytes leftover after parsing attributes in process `syz.3.846'.
[  155.638488][ T8970] netlink: 'syz.4.847': attribute type 10 has an invalid length.
[  155.660983][ T8970] netlink: 2 bytes leftover after parsing attributes in process `syz.4.847'.
[  155.728694][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  156.063502][ T8987] netlink: 104 bytes leftover after parsing attributes in process `syz.3.851'.
[  156.249874][    C0] vcan0: j1939_tp_rxtimer: 0xffff888030164c00: rx timeout, send abort
[  156.258441][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888030164c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  156.273260][    C0] vcan0: j1939_tp_rxtimer: 0xffff888030165400: rx timeout, send abort
[  156.283641][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888030165400: 0x1f000: (3) A timeout occurred and this is the connection abort to close the session.
[  156.558171][ T9004] netlink: 'syz.3.860': attribute type 1 has an invalid length.
[  156.836549][ T9016] netlink: 104 bytes leftover after parsing attributes in process `syz.1.864'.
[  156.886966][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  157.402540][ T9042] x_tables: unsorted underflow at hook 2
[  157.806596][ T9061] netlink: 'syz.2.873': attribute type 6 has an invalid length.
[  157.833543][ T9056] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.835626][ T9061] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.873'.
[  157.979545][ T9069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.876'.
[  158.008221][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  158.079251][ T9073] netlink: 'syz.0.875': attribute type 4 has an invalid length.
[  158.315661][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.0.881'.
[  158.419230][ T9095] netlink: 104 bytes leftover after parsing attributes in process `syz.0.885'.
[  158.622380][ T9105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.888'.
[  158.637277][ T9105] netlink: 52 bytes leftover after parsing attributes in process `syz.0.888'.
[  159.117484][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  159.424888][ T9142] netlink: 'syz.4.898': attribute type 1 has an invalid length.
[  160.002894][ T9171] lo speed is unknown, defaulting to 1000
[  160.240257][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  160.564056][ T9214] __nla_validate_parse: 9 callbacks suppressed
[  160.564073][ T9214] netlink: 32 bytes leftover after parsing attributes in process `syz.4.911'.
[  160.846243][ T9227] FAULT_INJECTION: forcing a failure.
[  160.846243][ T9227] name failslab, interval 1, probability 0, space 0, times 0
[  160.849141][ T9226] FAULT_INJECTION: forcing a failure.
[  160.849141][ T9226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.869352][ T9227] CPU: 1 UID: 0 PID: 9227 Comm: syz.4.917 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  160.869373][ T9227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  160.869382][ T9227] Call Trace:
[  160.869388][ T9227]  <TASK>
[  160.869395][ T9227]  dump_stack_lvl+0x241/0x360
[  160.869425][ T9227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.869446][ T9227]  ? __pfx__printk+0x10/0x10
[  160.869472][ T9227]  ? __asan_memcpy+0x40/0x70
[  160.869494][ T9227]  should_fail_ex+0x3b0/0x4e0
[  160.869516][ T9227]  should_failslab+0xac/0x100
[  160.869537][ T9227]  kmem_cache_alloc_node_noprof+0x77/0x380
[  160.869558][ T9227]  ? __alloc_skb+0x1c3/0x440
[  160.869579][ T9227]  __alloc_skb+0x1c3/0x440
[  160.869601][ T9227]  ? __pfx___alloc_skb+0x10/0x10
[  160.869617][ T9227]  ? km_report+0x180/0x240
[  160.869636][ T9227]  ? __pfx_lock_release+0x10/0x10
[  160.869660][ T9227]  xfrm_alloc_compat+0x1b6/0x1710
[  160.869689][ T9227]  ? xfrm_get_translator+0x19/0x240
[  160.869706][ T9227]  ? __pfx_xfrm_alloc_compat+0x10/0x10
[  160.869729][ T9227]  xfrm_nlmsg_multicast+0xd7/0x1f0
[  160.869749][ T9227]  xfrm_send_acquire+0xb69/0x1320
[  160.869776][ T9227]  ? __pfx_xfrm_send_acquire+0x10/0x10
[  160.869801][ T9227]  ? xfrm_init_tempstate+0x9a3/0x1240
[  160.869822][ T9227]  ? km_query+0x30/0x220
[  160.869837][ T9227]  km_query+0x120/0x220
[  160.869851][ T9227]  ? km_query+0x30/0x220
[  160.869871][ T9227]  xfrm_state_find+0x4641/0x64c0
[  160.869897][ T9227]  ? __pfx_validate_chain+0x10/0x10
[  160.869919][ T9227]  ? ip4_string+0x89d/0xb90
[  160.869951][ T9227]  ? __pfx_ip4_string+0x10/0x10
[  160.869973][ T9227]  ? xfrm_state_find+0x436/0x64c0
[  160.869989][ T9227]  ? ip6_compressed_string+0xa4/0x1400
[  160.870011][ T9227]  ? __pfx_xfrm_state_find+0x10/0x10
[  160.870028][ T9227]  ? __pfx_validate_chain+0x10/0x10
[  160.870046][ T9227]  ? ip6_compressed_string+0x1060/0x1400
[  160.870070][ T9227]  ? __pfx_validate_chain+0x10/0x10
[  160.870099][ T9227]  ? mark_lock+0x9a/0x360
[  160.870123][ T9227]  ? __lock_acquire+0x1397/0x2100
[  160.870144][ T9227]  xfrm_resolve_and_create_bundle+0x80d/0x33b0
[  160.870194][ T9227]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  160.870221][ T9227]  ? __pfx_lock_acquire+0x10/0x10
[  160.870240][ T9227]  ? xfrm_sk_policy_lookup+0x93/0x840
[  160.870278][ T9227]  ? xfrm_sk_policy_lookup+0x7ef/0x840
[  160.870300][ T9227]  ? xfrm_sk_policy_lookup+0x93/0x840
[  160.870326][ T9227]  ? __pfx_lock_release+0x10/0x10
[  160.870342][ T9227]  ? xfrm_expand_policies+0x3fb/0x690
[  160.870367][ T9227]  xfrm_lookup_with_ifid+0x366/0x1f70
[  160.870394][ T9227]  ? ip_route_output_key_hash+0x226/0x2b0
[  160.870413][ T9227]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  160.870430][ T9227]  ? ip_route_output_key_hash+0xdf/0x2b0
[  160.870448][ T9227]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  160.870469][ T9227]  ? __pfx_rcuref_put+0x10/0x10
[  160.870497][ T9227]  xfrm_lookup_route+0x3c/0x1c0
[  160.870519][ T9227]  __ip4_datagram_connect+0x95b/0x1260
[  160.870554][ T9227]  __ip6_datagram_connect+0x194/0x1230
[  160.870583][ T9227]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  160.870600][ T9227]  ? ip6_datagram_connect_v6_only+0x55/0xa0
[  160.870619][ T9227]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  160.870633][ T9227]  ? do_raw_spin_unlock+0x13c/0x8b0
[  160.870658][ T9227]  ip6_datagram_connect_v6_only+0x63/0xa0
[  160.870680][ T9227]  __sys_connect+0x288/0x2d0
[  160.870695][ T9227]  ? __fget_files+0x2a/0x410
[  160.870716][ T9227]  ? __pfx___sys_connect+0x10/0x10
[  160.870743][ T9227]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  160.870764][ T9227]  ? do_syscall_64+0x100/0x230
[  160.870784][ T9227]  __x64_sys_connect+0x7a/0x90
[  160.870800][ T9227]  do_syscall_64+0xf3/0x230
[  160.870815][ T9227]  ? clear_bhb_loop+0x35/0x90
[  160.870835][ T9227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.870851][ T9227] RIP: 0033:0x7fc0c518cd29
[  160.870865][ T9227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.870877][ T9227] RSP: 002b:00007fc0c5fe0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  160.870894][ T9227] RAX: ffffffffffffffda RBX: 00007fc0c53a5fa0 RCX: 00007fc0c518cd29
[  160.870905][ T9227] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000004
[  160.870915][ T9227] RBP: 00007fc0c5fe0090 R08: 0000000000000000 R09: 0000000000000000
[  160.870924][ T9227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.870933][ T9227] R13: 0000000000000000 R14: 00007fc0c53a5fa0 R15: 00007ffe3b5b58d8
[  160.870966][ T9227]  </TASK>
[  161.318139][ T9226] CPU: 0 UID: 0 PID: 9226 Comm: syz.0.915 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  161.318160][ T9226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  161.318168][ T9226] Call Trace:
[  161.318173][ T9226]  <TASK>
[  161.318180][ T9226]  dump_stack_lvl+0x241/0x360
[  161.318208][ T9226]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.318228][ T9226]  ? __pfx__printk+0x10/0x10
[  161.318249][ T9226]  ? __pfx_lock_release+0x10/0x10
[  161.318276][ T9226]  should_fail_ex+0x3b0/0x4e0
[  161.318294][ T9226]  _copy_from_user+0x2d/0xb0
[  161.318315][ T9226]  __sys_bpf+0x1a4/0x810
[  161.318333][ T9226]  ? __pfx___sys_bpf+0x10/0x10
[  161.318361][ T9226]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  161.318380][ T9226]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  161.318398][ T9226]  ? do_syscall_64+0x100/0x230
[  161.318415][ T9226]  __x64_sys_bpf+0x7c/0x90
[  161.318427][ T9226]  do_syscall_64+0xf3/0x230
[  161.318439][ T9226]  ? clear_bhb_loop+0x35/0x90
[  161.318455][ T9226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.318468][ T9226] RIP: 0033:0x7fa4f998cd29
[  161.318479][ T9226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.318489][ T9226] RSP: 002b:00007fa4fa70a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  161.318504][ T9226] RAX: ffffffffffffffda RBX: 00007fa4f9ba5fa0 RCX: 00007fa4f998cd29
[  161.318513][ T9226] RDX: 0000000000000050 RSI: 0000000020000c80 RDI: 000000000000000a
[  161.318520][ T9226] RBP: 00007fa4fa70a090 R08: 0000000000000000 R09: 0000000000000000
[  161.318528][ T9226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.318537][ T9226] R13: 0000000000000000 R14: 00007fa4f9ba5fa0 R15: 00007ffec91556a8
[  161.318560][ T9226]  </TASK>
[  161.424270][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.922'.
[  161.477481][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  161.540715][ T9240] netlink: 16 bytes leftover after parsing attributes in process `syz.4.920'.
[  161.605865][ T9249] xt_HMARK: proto mask must be zero with L3 mode
[  161.683088][ T9255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'.
[  161.892471][ T9266] netlink: 152 bytes leftover after parsing attributes in process `syz.4.927'.
[  161.904340][ T9268] netlink: 'syz.0.929': attribute type 10 has an invalid length.
[  161.920941][ T9266] netlink: 'syz.4.927': attribute type 1 has an invalid length.
[  162.036955][ T9279] netlink: 16 bytes leftover after parsing attributes in process `syz.4.933'.
[  162.047974][ T9279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.933'.
[  162.103293][ T9281] netlink: 'syz.0.932': attribute type 11 has an invalid length.
[  162.586516][ T9300] netlink: 16 bytes leftover after parsing attributes in process `syz.3.936'.
[  162.617154][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  162.619791][ T9300] netlink: 16 bytes leftover after parsing attributes in process `syz.3.936'.
[  162.667557][ T9300] netlink: 16 bytes leftover after parsing attributes in process `syz.3.936'.
[  162.786812][ T9305] xt_hashlimit: size too large, truncated to 1048576
[  162.863582][ T9310] lo speed is unknown, defaulting to 1000
[  162.886237][ T9313] FAULT_INJECTION: forcing a failure.
[  162.886237][ T9313] name failslab, interval 1, probability 0, space 0, times 0
[  162.929634][ T9313] CPU: 0 UID: 0 PID: 9313 Comm: syz.1.941 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  162.929656][ T9313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  162.929666][ T9313] Call Trace:
[  162.929672][ T9313]  <TASK>
[  162.929679][ T9313]  dump_stack_lvl+0x241/0x360
[  162.929708][ T9313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.929730][ T9313]  ? __pfx__printk+0x10/0x10
[  162.929756][ T9313]  ? __asan_memcpy+0x40/0x70
[  162.929777][ T9313]  should_fail_ex+0x3b0/0x4e0
[  162.929798][ T9313]  should_failslab+0xac/0x100
[  162.929821][ T9313]  kmem_cache_alloc_node_noprof+0x77/0x380
[  162.929842][ T9313]  ? __alloc_skb+0x1c3/0x440
[  162.929864][ T9313]  __alloc_skb+0x1c3/0x440
[  162.929887][ T9313]  ? __pfx___alloc_skb+0x10/0x10
[  162.929903][ T9313]  ? km_report+0x180/0x240
[  162.929923][ T9313]  ? __pfx_lock_release+0x10/0x10
[  162.929949][ T9313]  xfrm_alloc_compat+0x1b6/0x1710
[  162.929978][ T9313]  ? xfrm_get_translator+0x19/0x240
[  162.929996][ T9313]  ? __pfx_xfrm_alloc_compat+0x10/0x10
[  162.930019][ T9313]  xfrm_nlmsg_multicast+0xd7/0x1f0
[  162.930041][ T9313]  xfrm_send_acquire+0xb69/0x1320
[  162.930068][ T9313]  ? __pfx_xfrm_send_acquire+0x10/0x10
[  162.930093][ T9313]  ? xfrm_init_tempstate+0x9a3/0x1240
[  162.930114][ T9313]  ? km_query+0x30/0x220
[  162.930130][ T9313]  km_query+0x120/0x220
[  162.930145][ T9313]  ? km_query+0x30/0x220
[  162.930165][ T9313]  xfrm_state_find+0x4641/0x64c0
[  162.930192][ T9313]  ? __pfx_validate_chain+0x10/0x10
[  162.930215][ T9313]  ? unwind_get_return_address+0x4d/0x90
[  162.930244][ T9313]  ? xfrm_state_find+0x436/0x64c0
[  162.930264][ T9313]  ? __pfx_xfrm_state_find+0x10/0x10
[  162.930277][ T9313]  ? stack_trace_save+0x118/0x1d0
[  162.930292][ T9313]  ? __pfx_validate_chain+0x10/0x10
[  162.930311][ T9313]  ? __pfx_stack_trace_save+0x10/0x10
[  162.930328][ T9313]  ? stack_depot_save_flags+0x37/0x940
[  162.930349][ T9313]  ? mark_lock+0x9a/0x360
[  162.930371][ T9313]  ? __lock_acquire+0x1397/0x2100
[  162.930392][ T9313]  xfrm_resolve_and_create_bundle+0x80d/0x33b0
[  162.930441][ T9313]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  162.930468][ T9313]  ? __pfx_lock_acquire+0x10/0x10
[  162.930487][ T9313]  ? xfrm_sk_policy_lookup+0x93/0x840
[  162.930526][ T9313]  ? xfrm_sk_policy_lookup+0x7ef/0x840
[  162.930559][ T9313]  ? xfrm_sk_policy_lookup+0x93/0x840
[  162.930584][ T9313]  ? __pfx_lock_release+0x10/0x10
[  162.930600][ T9313]  ? xfrm_expand_policies+0x3fb/0x690
[  162.930626][ T9313]  xfrm_lookup_with_ifid+0x366/0x1f70
[  162.930653][ T9313]  ? ip_route_output_key_hash+0x226/0x2b0
[  162.930672][ T9313]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  162.930690][ T9313]  ? ip_route_output_key_hash+0xdf/0x2b0
[  162.930707][ T9313]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  162.930728][ T9313]  ? __pfx_rcuref_put+0x10/0x10
[  162.930755][ T9313]  xfrm_lookup_route+0x3c/0x1c0
[  162.930778][ T9313]  __ip4_datagram_connect+0x95b/0x1260
[  162.930813][ T9313]  __ip6_datagram_connect+0x194/0x1230
[  162.930844][ T9313]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  162.930862][ T9313]  ? ip6_datagram_connect_v6_only+0x55/0xa0
[  162.930881][ T9313]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  162.930896][ T9313]  ? do_raw_spin_unlock+0x13c/0x8b0
[  162.930923][ T9313]  ip6_datagram_connect_v6_only+0x63/0xa0
[  162.930944][ T9313]  __sys_connect+0x288/0x2d0
[  162.930960][ T9313]  ? __fget_files+0x2a/0x410
[  162.930980][ T9313]  ? __pfx___sys_connect+0x10/0x10
[  162.931009][ T9313]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  162.931030][ T9313]  ? do_syscall_64+0x100/0x230
[  162.931049][ T9313]  __x64_sys_connect+0x7a/0x90
[  162.931066][ T9313]  do_syscall_64+0xf3/0x230
[  162.931080][ T9313]  ? clear_bhb_loop+0x35/0x90
[  162.931100][ T9313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.931116][ T9313] RIP: 0033:0x7f9496f8cd29
[  162.931131][ T9313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.931143][ T9313] RSP: 002b:00007f9497dbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  162.931161][ T9313] RAX: ffffffffffffffda RBX: 00007f94971a5fa0 RCX: 00007f9496f8cd29
[  162.931172][ T9313] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000004
[  162.931182][ T9313] RBP: 00007f9497dbf090 R08: 0000000000000000 R09: 0000000000000000
[  162.931192][ T9313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.931201][ T9313] R13: 0000000000000000 R14: 00007f94971a5fa0 R15: 00007ffe8130fc58
[  162.931229][ T9313]  </TASK>
[  163.146508][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  164.035313][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  164.130253][ T9351] xt_socket: unknown flags 0x4
[  164.551396][ T9375] FAULT_INJECTION: forcing a failure.
[  164.551396][ T9375] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.586017][ T9375] CPU: 1 UID: 0 PID: 9375 Comm: syz.2.958 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  164.586040][ T9375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  164.586049][ T9375] Call Trace:
[  164.586055][ T9375]  <TASK>
[  164.586062][ T9375]  dump_stack_lvl+0x241/0x360
[  164.586090][ T9375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.586112][ T9375]  ? __pfx__printk+0x10/0x10
[  164.586134][ T9375]  ? __pfx_lock_release+0x10/0x10
[  164.586161][ T9375]  should_fail_ex+0x3b0/0x4e0
[  164.586182][ T9375]  _copy_from_user+0x2d/0xb0
[  164.586204][ T9375]  bpf_test_init+0x11f/0x180
[  164.586226][ T9375]  bpf_prog_test_run_xdp+0x48e/0x11e0
[  164.586249][ T9375]  ? __pfx_lock_release+0x10/0x10
[  164.586276][ T9375]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  164.586300][ T9375]  ? __fget_files+0x2a/0x410
[  164.586323][ T9375]  ? __fget_files+0x2a/0x410
[  164.586346][ T9375]  ? fput+0x21b/0x290
[  164.586364][ T9375]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  164.586382][ T9375]  bpf_prog_test_run+0x2e4/0x360
[  164.586403][ T9375]  __sys_bpf+0x48d/0x810
[  164.586421][ T9375]  ? __pfx___sys_bpf+0x10/0x10
[  164.586459][ T9375]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  164.586480][ T9375]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  164.586501][ T9375]  ? do_syscall_64+0x100/0x230
[  164.586521][ T9375]  __x64_sys_bpf+0x7c/0x90
[  164.586538][ T9375]  do_syscall_64+0xf3/0x230
[  164.586553][ T9375]  ? clear_bhb_loop+0x35/0x90
[  164.586573][ T9375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.586589][ T9375] RIP: 0033:0x7f0796f8cd29
[  164.586603][ T9375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.586615][ T9375] RSP: 002b:00007f0797e4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  164.586632][ T9375] RAX: ffffffffffffffda RBX: 00007f07971a5fa0 RCX: 00007f0796f8cd29
[  164.586645][ T9375] RDX: 0000000000000050 RSI: 0000000020000c80 RDI: 000000000000000a
[  164.586655][ T9375] RBP: 00007f0797e4a090 R08: 0000000000000000 R09: 0000000000000000
[  164.586664][ T9375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.586674][ T9375] R13: 0000000000000000 R14: 00007f07971a5fa0 R15: 00007ffe771fdbe8
[  164.586699][ T9375]  </TASK>
[  165.189423][ T9396] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  165.239868][ T9392] bond_slave_1: invalid flags given to default FDB implementation
[  165.366359][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  165.568001][ T9421] __nla_validate_parse: 72 callbacks suppressed
[  165.568020][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.974'.
[  165.650416][ T9423] netlink: 16 bytes leftover after parsing attributes in process `syz.1.975'.
[  165.687908][ T9423] netlink: 28 bytes leftover after parsing attributes in process `syz.1.975'.
[  165.690060][ T9427] netlink: 248 bytes leftover after parsing attributes in process `syz.0.977'.
[  165.856162][ T9438] netlink: 'syz.3.981': attribute type 1 has an invalid length.
[  166.157297][ T9455] netlink: 16 bytes leftover after parsing attributes in process `syz.0.984'.
[  166.288720][ T9462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.988'.
[  166.329743][ T9462] netlink: 20 bytes leftover after parsing attributes in process `syz.2.988'.
[  166.332032][ T9466] netlink: 16 bytes leftover after parsing attributes in process `syz.0.989'.
[  166.351473][ T9466] netlink: 28 bytes leftover after parsing attributes in process `syz.0.989'.
[  166.487784][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  166.619401][ T9480] lo speed is unknown, defaulting to 1000
[  167.294004][ T9480] lo speed is unknown, defaulting to 1000
[  167.629902][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  168.746500][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  169.846662][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  170.946735][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  172.046633][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  173.166609][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  174.266605][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  175.366469][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  176.466679][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  177.145364][ T9538] delete_channel: no stack
[  177.150846][ T9538] delete_channel: no stack
[  177.224237][ T9544] lo speed is unknown, defaulting to 1000
[  177.408158][ T9556] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1002'.
[  177.419407][ T9556] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1002'.
[  177.587667][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  177.696909][ T9572] netlink: 'syz.4.1007': attribute type 1 has an invalid length.
[  177.707597][ T9572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1007'.
[  177.913758][ T9569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  177.932308][ T9569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  177.945905][ T9569] bond0 (unregistering): (slave netdevsim0): Releasing backup interface
[  177.956992][ T9569] bond0 (unregistering): Released all slaves
[  177.985402][ T9549] lo speed is unknown, defaulting to 1000
[  178.240584][ T9587] pimreg3: entered allmulticast mode
[  178.253270][ T9593] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1009'.
[  178.256764][   T51] hid-generic 0005:07C0:0058.0001: item fetching failed at offset 0/1
[  178.288707][   T51] hid-generic 0005:07C0:0058.0001: probe with driver hid-generic failed with error -22
[  178.332285][ T9596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1010'.
[  178.559815][ T9607] netlink: 'syz.0.1013': attribute type 3 has an invalid length.
[  178.579259][ T9599] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1013'.
[  178.591480][ T9599] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1013'.
[  178.633698][ T9611] RDS: rds_bind could not find a transport for fe88::5, load rds_tcp or rds_rdma?
[  178.648999][ T9605] team0: left allmulticast mode
[  178.654258][ T9605] team_slave_0: left allmulticast mode
[  178.660717][ T9605] team_slave_1: left allmulticast mode
[  178.666866][ T9605] bridge0: port 3(team0) entered disabled state
[  178.687342][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  178.694628][ T9605] bridge_slave_0: left allmulticast mode
[  178.701154][ T9605] bridge_slave_0: left promiscuous mode
[  178.707450][ T9605] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.718348][ T9605] bridge_slave_1: left allmulticast mode
[  178.724129][ T9605] bridge_slave_1: left promiscuous mode
[  178.732608][ T9605] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.744154][ T9605] team_slave_0: left promiscuous mode
[  178.781282][ T9605] team0: Port device team_slave_0 removed
[  178.788218][ T9605] team_slave_1: left promiscuous mode
[  178.798610][ T9605] team0: Port device team_slave_1 removed
[  178.813822][ T9605] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.821697][ T9605] batman_adv: batadv0: Removing interface: batadv_slave_0
[  178.830589][ T9605] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  178.842350][ T9605] batman_adv: batadv0: Removing interface: batadv_slave_1
[  178.859778][ T9605] bond2: (slave ip6gretap1): Releasing backup interface
[  178.867150][ T9605] bond2: (slave ip6gretap1): the permanent HWaddr of slave - 3e:aa:7d:77:bf:e2 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  178.898007][ T9605] bond2: (slave batadv1): Releasing backup interface
[  178.919282][ T9605] team0: Port device bridge1 removed
[  178.934254][ T9606] team0: Mode changed to "loadbalance"
[  179.117955][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  179.467294][ T9631] FAULT_INJECTION: forcing a failure.
[  179.467294][ T9631] name failslab, interval 1, probability 0, space 0, times 0
[  179.509754][ T9631] CPU: 0 UID: 0 PID: 9631 Comm: syz.3.1021 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  179.509778][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  179.509788][ T9631] Call Trace:
[  179.509793][ T9631]  <TASK>
[  179.509801][ T9631]  dump_stack_lvl+0x241/0x360
[  179.509830][ T9631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.509851][ T9631]  ? __pfx__printk+0x10/0x10
[  179.509874][ T9631]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  179.509897][ T9631]  ? __pfx___might_resched+0x10/0x10
[  179.509919][ T9631]  should_fail_ex+0x3b0/0x4e0
[  179.509941][ T9631]  should_failslab+0xac/0x100
[  179.509964][ T9631]  __kmalloc_node_noprof+0xe1/0x4d0
[  179.509984][ T9631]  ? __kvmalloc_node_noprof+0x72/0x190
[  179.510007][ T9631]  __kvmalloc_node_noprof+0x72/0x190
[  179.510025][ T9631]  bpf_test_run_xdp_live+0x290/0x2230
[  179.510044][ T9631]  ? __pfx_lock_release+0x10/0x10
[  179.510069][ T9631]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  179.510092][ T9631]  ? __pfx___might_resched+0x10/0x10
[  179.510113][ T9631]  ? __mutex_unlock_slowpath+0x227/0x800
[  179.510145][ T9631]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  179.510161][ T9631]  ? synchronize_rcu+0x11b/0x360
[  179.510176][ T9631]  ? __pfx_synchronize_rcu+0x10/0x10
[  179.510212][ T9631]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[  179.510230][ T9631]  ? 0xffffffffa000064c
[  179.510244][ T9631]  ? 0xffffffffa00006d8
[  179.510274][ T9631]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  179.510313][ T9631]  ? _copy_from_user+0x95/0xb0
[  179.510336][ T9631]  ? bpf_test_init+0x15a/0x180
[  179.510351][ T9631]  ? xdp_convert_md_to_buff+0x5b/0x330
[  179.510372][ T9631]  bpf_prog_test_run_xdp+0x805/0x11e0
[  179.510395][ T9631]  ? __pfx_lock_release+0x10/0x10
[  179.510427][ T9631]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  179.510446][ T9631]  ? __fget_files+0x2a/0x410
[  179.510470][ T9631]  ? __fget_files+0x2a/0x410
[  179.510494][ T9631]  ? fput+0x21b/0x290
[  179.510513][ T9631]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  179.510532][ T9631]  bpf_prog_test_run+0x2e4/0x360
[  179.510554][ T9631]  __sys_bpf+0x48d/0x810
[  179.510573][ T9631]  ? __pfx___sys_bpf+0x10/0x10
[  179.510602][ T9631]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  179.510624][ T9631]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  179.510646][ T9631]  ? do_syscall_64+0x100/0x230
[  179.510665][ T9631]  __x64_sys_bpf+0x7c/0x90
[  179.510682][ T9631]  do_syscall_64+0xf3/0x230
[  179.510697][ T9631]  ? clear_bhb_loop+0x35/0x90
[  179.510718][ T9631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.510734][ T9631] RIP: 0033:0x7f796df8cd29
[  179.510747][ T9631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.510760][ T9631] RSP: 002b:00007f796ee10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  179.510777][ T9631] RAX: ffffffffffffffda RBX: 00007f796e1a5fa0 RCX: 00007f796df8cd29
[  179.510789][ T9631] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a
[  179.510798][ T9631] RBP: 00007f796ee10090 R08: 0000000000000000 R09: 0000000000000000
[  179.510808][ T9631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.510817][ T9631] R13: 0000000000000000 R14: 00007f796e1a5fa0 R15: 00007ffec1fb5858
[  179.510840][ T9631]  </TASK>
[  179.946495][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  180.316485][ T5843] Bluetooth: hci4: command 0x0405 tx timeout
[  180.482560][ T9667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1028'.
[  180.661409][ T9676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1030'.
[  180.748417][   T29] audit: type=1107 audit(1737673917.580:2): pid=9677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='/u%ſ;/��yL�k�e2�koU�h.�*d�)�Q�$þ������*m~�a�&g��"$f_Af{���Z��/�C�k��S����D'
[  180.829104][ T9684] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1032'.
[  181.056340][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  181.632465][ T9711] lo speed is unknown, defaulting to 1000
[  182.176705][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  182.304496][ T9711] lo speed is unknown, defaulting to 1000
[  182.602276][ T9753] __nla_validate_parse: 8 callbacks suppressed
[  182.602292][ T9753] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1057'.
[  182.605236][ T9752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1056'.
[  182.916441][ T9760] lo speed is unknown, defaulting to 1000
[  183.188751][ T9762] lo speed is unknown, defaulting to 1000
[  183.426954][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  183.511865][ T9774] netlink: 'syz.0.1064': attribute type 8 has an invalid length.
[  184.000270][ T9787] ipt_rpfilter: unknown options
[  184.145096][ T9795] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1068'.
[  184.164470][ T9795] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1068'.
[  184.295671][ T9801] IPVS: set_ctl: invalid protocol: 135 172.30.1.5:20000
[  184.310419][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1071'.
[  184.486994][ T9805] netlink: 'syz.2.1074': attribute type 21 has an invalid length.
[  184.517278][ T9805] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1074'.
[  184.566748][ T8777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  184.716989][ T9816] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1078'.
[  184.775430][ T9819] ������: renamed from vlan1
[  184.816786][ T9817] lo speed is unknown, defaulting to 1000
[  184.849743][ T9821] netlink: 'syz.2.1080': attribute type 10 has an invalid length.
[  184.875488][ T9821] 8021q: adding VLAN 0 to HW filter on device team0
[  184.910198][ T9821] bond0: (slave team0): Enslaving as an active interface with an up link
[  184.955915][ T9807] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1073'.
[  184.978018][ T9807] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1073'.
[  184.988122][ T9807] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1073'.
[  185.430066][ T9841] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  185.601063][ T9817] x_tables: duplicate entry at hook 2
[  185.699548][ T8777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  186.312955][ T9884] netlink: 'syz.1.1101': attribute type 31 has an invalid length.
[  186.324631][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  186.324689][ T5850] Bluetooth: hci2: command 0x0406 tx timeout
[  186.331031][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[  186.331089][   T54] Bluetooth: hci0: command 0x0401 tx timeout
[  186.847115][ T8790] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  187.387478][ T9937] rdma_rxe: rxe_newlink: failed to add team0
[  187.877236][ T9953] openvswitch: netlink: IP tunnel attribute has 1 unknown bytes.
[  187.997512][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  188.078630][ T9962] __nla_validate_parse: 9 callbacks suppressed
[  188.078648][ T9962] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1125'.
[  188.396529][ T5146] Bluetooth: hci0: command 0x0401 tx timeout
[  188.448039][ T9973] netlink: 'syz.0.1127': attribute type 2 has an invalid length.
[  188.494277][ T9973] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1127'.
[  188.597202][ T9973] 8021q: adding VLAN 0 to HW filter on device bond0
[  188.654099][    C1] vxcan0: j1939_tp_rxtimer: 0xffff8880334b5c00: rx timeout, send abort
[  188.662737][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880334b5c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  188.733931][ T9979] 8021q: adding VLAN 0 to HW filter on device bond0
[  188.757878][ T9979] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  188.807872][ T9979] bond0: (slave vxcan3): Error -95 calling set_mac_address
[  188.858387][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'.
[  188.881281][ T9987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1132'.
[  188.968262][ T9987] bond0: entered promiscuous mode
[  188.973348][ T9987] bond0: entered allmulticast mode
[  188.978873][ T9987] 8021q: adding VLAN 0 to HW filter on device bond0
[  188.988646][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'.
[  189.068866][ T9996] SET target dimension over the limit!
[  189.094160][ T9996] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1139'.
[  189.178635][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  189.284760][T10012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1143'.
[  189.339332][T10017] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1143'.
[  189.362534][T10017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1143'.
[  189.374640][T10012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1143'.
[  189.387246][T10016] netlink: 'syz.4.1144': attribute type 4 has an invalid length.
[  189.400029][T10016] netlink: 'syz.4.1144': attribute type 4 has an invalid length.
[  189.986992][T10038] lo speed is unknown, defaulting to 1000
[  190.307688][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  190.916179][T10067] netlink: 'syz.1.1153': attribute type 1 has an invalid length.
[  191.024264][T10067] 8021q: adding VLAN 0 to HW filter on device bond3
[  191.080504][T10073] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  191.139062][T10079] 8021q: adding VLAN 0 to HW filter on device bond3
[  191.146041][T10079] bond3: (slave wireguard0): The slave device specified does not support setting the MAC address
[  191.168521][T10079] bond3: (slave wireguard0): Error -95 calling set_mac_address
[  191.443464][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  191.992257][T10118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  192.598079][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  192.650015][T10147] bond_slave_1: invalid flags given to default FDB implementation
[  192.664486][T10145] bond_slave_1: invalid flags given to default FDB implementation
[  192.769375][T10154] xt_hashlimit: size too large, truncated to 1048576
[  193.129026][T10167] __nla_validate_parse: 8 callbacks suppressed
[  193.129043][T10167] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1182'.
[  193.327065][T10177] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1188'.
[  193.337857][T10174] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1186'.
[  193.351788][T10174] vlan1: entered promiscuous mode
[  193.357440][T10174] hsr0: entered promiscuous mode
[  193.369724][T10174] hsr0: left promiscuous mode
[  193.418288][T10182] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1187'.
[  193.744690][ T8777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  193.851780][T10201] 8021q: adding VLAN 0 to HW filter on device batadv0
[  194.055928][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1198'.
[  194.097419][T10217] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1200'.
[  194.169868][T10178] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  194.255737][ T5146] Bluetooth: hci4: link tx timeout
[  194.261057][ T5146] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  194.269012][ T5843] Bluetooth: hci4: link tx timeout
[  194.275008][ T5843] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  194.343121][T10226] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  194.351778][T10226] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  194.360092][T10226] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  194.368319][T10226] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  194.376697][T10226] vxlan0: entered promiscuous mode
[  194.381828][T10226] vxlan0: entered allmulticast mode
[  194.389875][T10226] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.398532][T10226] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.407269][T10226] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.416153][T10226] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  194.425437][T10231] netlink: 'syz.4.1202': attribute type 1 has an invalid length.
[  194.484409][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  194.491814][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  194.543424][T10231] 8021q: adding VLAN 0 to HW filter on device bond2
[  194.596933][T10231] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1202'.
[  194.631099][T10231] vlan1: entered promiscuous mode
[  194.676197][T10231] bond2: entered promiscuous mode
[  194.708760][T10231] bond2: left promiscuous mode
[  194.907198][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  195.015593][T10263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1206'.
[  195.254677][ T5843] Bluetooth: hci4: link tx timeout
[  195.259972][ T5843] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  195.295914][ T5843] Bluetooth: hci4: link tx timeout
[  195.302021][ T5843] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  195.372707][T10284] netlink: 'syz.4.1211': attribute type 3 has an invalid length.
[  195.436832][ T5843] Bluetooth: hci0: command 0x0401 tx timeout
[  195.454140][T10288] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1212'.
[  195.569795][ T5843] Bluetooth: hci4: link tx timeout
[  195.575112][ T5843] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  195.779417][ T5843] Bluetooth: hci4: link tx timeout
[  195.784583][ T5843] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  195.963780][T10315] netlink: 'syz.0.1221': attribute type 2 has an invalid length.
[  196.017241][ T8777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  196.098665][T10323] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1225'.
[  196.248614][T10328] netlink: 'syz.0.1227': attribute type 10 has an invalid length.
[  196.284874][T10328] team0: entered promiscuous mode
[  196.294636][T10328] team_slave_0: entered promiscuous mode
[  196.316473][ T5843] Bluetooth: hci4: command 0x0405 tx timeout
[  196.335082][T10328] team_slave_1: entered promiscuous mode
[  196.425758][T10328] 8021q: adding VLAN 0 to HW filter on device team0
[  196.433780][T10328] bridge0: port 3(team0) entered blocking state
[  196.441834][T10328] bridge0: port 3(team0) entered disabled state
[  196.448515][T10328] team0: entered allmulticast mode
[  196.453936][T10328] team_slave_0: entered allmulticast mode
[  196.460281][T10328] team_slave_1: entered allmulticast mode
[  196.948199][T10362] lo speed is unknown, defaulting to 1000
[  197.113601][T10369] netlink: 'syz.3.1237': attribute type 10 has an invalid length.
[  197.137515][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  197.220001][T10369] 8021q: adding VLAN 0 to HW filter on device team0
[  197.248155][T10369] bond0: (slave team0): Enslaving as an active interface with an up link
[  197.903554][T10404] netlink: 'syz.3.1245': attribute type 10 has an invalid length.
[  197.919392][T10406] siw: device registration error -23
[  197.945542][T10404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.955415][T10404] team0: Port device batadv0 added
[  198.246532][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  198.406812][T10431] netlink: 'syz.3.1250': attribute type 2 has an invalid length.
[  198.452465][T10431] netlink: 'syz.3.1250': attribute type 8 has an invalid length.
[  198.505548][T10431] __nla_validate_parse: 5 callbacks suppressed
[  198.505565][T10431] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1250'.
[  198.590079][T10436] lo speed is unknown, defaulting to 1000
[  198.647151][T10442] netlink: 'syz.0.1251': attribute type 1 has an invalid length.
[  198.845028][T10442] 8021q: adding VLAN 0 to HW filter on device bond1
[  199.001970][T10445] 8021q: adding VLAN 0 to HW filter on device bond1
[  199.027008][T10445] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  199.063544][T10445] bond1: (slave vcan1): Error -95 calling set_mac_address
[  199.084640][T10463] IPVS: set_ctl: invalid protocol: 135 172.30.1.5:20000
[  199.101593][T10463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1256'.
[  199.426231][ T8777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  199.502485][T10482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1260'.
[  199.505279][T10478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1259'.
[  200.101067][T10512] netlink: 13144 bytes leftover after parsing attributes in process `syz.2.1267'.
[  200.181580][T10512] openvswitch: netlink: Flow key attr not present in new flow.
[  200.214027][T10519] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1270'.
[  200.494498][T10534] IPv6: addrconf: prefix option has invalid lifetime
[  200.577208][ T5837] IPVS: starting estimator thread 0...
[  200.591991][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  200.666492][T10540] IPVS: using max 21 ests per chain, 50400 per kthread
[  200.979572][T10557] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1282'.
[  201.017662][T10560] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1283'.
[  201.253828][T10569] 
: renamed from ipvlan1
[  201.432173][T10585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1290'.
[  201.518039][T10595] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes
[  201.738586][T10611] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1296'.
[  201.747868][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  201.752453][T10609] syzkaller1: entered promiscuous mode
[  201.763021][T10609] syzkaller1: entered allmulticast mode
[  202.468368][T10643] netlink: 'syz.1.1303': attribute type 7 has an invalid length.
[  202.880956][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  202.980499][T10659] lo speed is unknown, defaulting to 1000
[  203.066187][T10669] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  204.047854][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  204.204125][T10723] netlink: 'syz.4.1328': attribute type 1 has an invalid length.
[  204.280075][T10718] __nla_validate_parse: 5 callbacks suppressed
[  204.280094][T10718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1328'.
[  204.303248][T10718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'.
[  204.368720][T10704] team0: left promiscuous mode
[  205.044642][T10704] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.072725][T10704] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.082090][T10704] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.091034][T10704] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.107395][T10704] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  205.163692][T10704] vlan0: left allmulticast mode
[  205.176768][T10704] bond1: left promiscuous mode
[  205.181559][T10704] bond1: left allmulticast mode
[  205.187313][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  205.188953][T10704] ip6gre1: left allmulticast mode
[  205.218090][T10704] bridge1: left promiscuous mode
[  205.223476][T10704] bridge1: left allmulticast mode
[  205.229510][T10704] bridge2: left promiscuous mode
[  205.234648][T10704] bridge2: left allmulticast mode
[  205.255687][T10704] bond0: left promiscuous mode
[  205.261524][T10704] bond0: left allmulticast mode
[  205.325228][T10740] lo speed is unknown, defaulting to 1000
[  206.037449][T10773] netlink: 'syz.1.1344': attribute type 4 has an invalid length.
[  206.067837][T10775] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1345'.
[  206.195114][T10781] netlink: 'syz.4.1341': attribute type 10 has an invalid length.
[  206.249466][T10783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1347'.
[  206.258582][T10783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1347'.
[  206.276546][T10783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1347'.
[  206.306527][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  206.319392][T10788] ax25_connect(): syz.2.1347 uses autobind, please contact jreuter@yaina.de
[  206.351972][T10781] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1341'.
[  206.440899][T10781] veth0_vlan: left promiscuous mode
[  206.467096][T10781] veth0_vlan: entered promiscuous mode
[  206.472596][T10781] veth0_vlan: entered allmulticast mode
[  206.512415][T10781] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  206.602669][T10795] syzkaller1: entered promiscuous mode
[  206.609572][T10795] syzkaller1: entered allmulticast mode
[  206.861767][T10805] tipc: New replicast peer: 255.255.255.255
[  206.868285][T10806] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1352'.
[  206.889183][T10805] tipc: Enabled bearer <udp:syz2>, priority 10
[  206.902966][T10806] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1352'.
[  207.156716][T10820] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1358'.
[  207.213127][T10815] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  207.257555][T10815] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  207.307148][T10826] openvswitch: netlink: Message has 4 unknown bytes.
[  207.440659][ T2996] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  208.209003][T10877] tipc: Bearer <eth:lo>: already 2 bearers with priority 10
[  208.217305][T10877] tipc: Bearer <eth:lo>: trying with adjusted priority
[  208.224920][T10877] tipc: Enabling <eth:lo> not permitted
[  208.230750][T10877] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  208.419389][T10885] tun0: tun_chr_ioctl cmd 1074025677
[  208.436697][T10885] tun0: linktype set to 1
[  208.553741][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  208.678850][T10904] openvswitch: netlink: VXLAN extension 26 out of range max 1
[  209.018776][T10912] lo speed is unknown, defaulting to 1000
[  209.133565][T10922] lo speed is unknown, defaulting to 1000
[  209.707871][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  209.766760][T10925] __nla_validate_parse: 2 callbacks suppressed
[  209.766779][T10925] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1390'.
[  209.792560][T10941] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1390'.
[  210.158634][T10955] 8021q: adding VLAN 0 to HW filter on device bond2
[  210.181255][T10955] bond0: (slave bond2): Enslaving as an active interface with an up link
[  210.235268][T10962] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1400'.
[  210.253883][T10962] IPVS: set_ctl: invalid protocol: 58 224.0.0.1:20003
[  210.451669][T10972] xt_hashlimit: size too large, truncated to 1048576
[  210.461602][T10974] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  210.476494][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  210.542876][T10979] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1405'.
[  210.621145][T10979] ipvlan1: entered promiscuous mode
[  210.850913][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  210.924136][T10996] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1412'.
[  210.975334][T10996] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1412'.
[  211.099800][T11003] netlink: 'syz.3.1414': attribute type 12 has an invalid length.
[  211.127197][T11003] netlink: 'syz.3.1414': attribute type 29 has an invalid length.
[  211.165990][T11003] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1414'.
[  211.313725][T11014] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1414'.
[  211.600858][T11031] netlink: 'syz.1.1420': attribute type 13 has an invalid length.
[  211.640018][T11039] netlink: 'syz.1.1420': attribute type 13 has an invalid length.
[  211.678176][T11034] syzkaller1: entered promiscuous mode
[  211.683684][T11034] syzkaller1: entered allmulticast mode
[  211.976586][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  212.170385][T11065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  212.473214][T11093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1438'.
[  212.594618][T11101] delete_channel: no stack
[  212.859762][T11112] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.928349][T11112] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.991127][T11112] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.034848][T11112] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.105969][T11112] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  213.115241][ T8764] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  213.122513][T11112] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  213.140632][T11112] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.157174][T11112] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  213.451782][T11141] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1452'.
[  213.649160][T11149] bond4: entered promiscuous mode
[  213.654315][T11149] bond4: entered allmulticast mode
[  213.674388][T11149] 8021q: adding VLAN 0 to HW filter on device bond4
[  213.838609][T11158] FAULT_INJECTION: forcing a failure.
[  213.838609][T11158] name failslab, interval 1, probability 0, space 0, times 0
[  213.886477][T11158] CPU: 1 UID: 0 PID: 11158 Comm: syz.1.1460 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  213.886501][T11158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  213.886511][T11158] Call Trace:
[  213.886517][T11158]  <TASK>
[  213.886524][T11158]  dump_stack_lvl+0x241/0x360
[  213.886564][T11158]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.886586][T11158]  ? __pfx__printk+0x10/0x10
[  213.886609][T11158]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  213.886633][T11158]  ? __pfx___might_resched+0x10/0x10
[  213.886656][T11158]  should_fail_ex+0x3b0/0x4e0
[  213.886676][T11158]  should_failslab+0xac/0x100
[  213.886698][T11158]  kmem_cache_alloc_node_noprof+0x77/0x380
[  213.886720][T11158]  ? __alloc_skb+0x1c3/0x440
[  213.886741][T11158]  __alloc_skb+0x1c3/0x440
[  213.886762][T11158]  ? __pfx___alloc_skb+0x10/0x10
[  213.886782][T11158]  ? netlink_ack_tlv_len+0x6e/0x200
[  213.886803][T11158]  netlink_ack+0x145/0xa50
[  213.886835][T11158]  netlink_rcv_skb+0x262/0x430
[  213.886853][T11158]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  213.886876][T11158]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  213.886907][T11158]  ? apparmor_capable+0x13b/0x1b0
[  213.886935][T11158]  ? bpf_lsm_capable+0x9/0x10
[  213.886951][T11158]  ? security_capable+0x7e/0x2d0
[  213.886975][T11158]  nfnetlink_rcv+0x297/0x2ab0
[  213.886994][T11158]  ? __pfx_validate_chain+0x10/0x10
[  213.887029][T11158]  ? mark_lock+0x9a/0x360
[  213.887048][T11158]  ? __pfx_validate_chain+0x10/0x10
[  213.887072][T11158]  ? __lock_acquire+0x1397/0x2100
[  213.887098][T11158]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  213.887122][T11158]  ? mark_lock+0x9a/0x360
[  213.887146][T11158]  ? __lock_acquire+0x1397/0x2100
[  213.887195][T11158]  ? __pfx_lock_release+0x10/0x10
[  213.887214][T11158]  ? netlink_deliver_tap+0x2e/0x1b0
[  213.887233][T11158]  ? __pfx_lock_release+0x10/0x10
[  213.887265][T11158]  ? netlink_deliver_tap+0x2e/0x1b0
[  213.887285][T11158]  netlink_unicast+0x7f6/0x990
[  213.887309][T11158]  ? __pfx_netlink_unicast+0x10/0x10
[  213.887324][T11158]  ? __virt_addr_valid+0x45f/0x530
[  213.887344][T11158]  ? __phys_addr_symbol+0x2f/0x70
[  213.887363][T11158]  ? __check_object_size+0x47a/0x730
[  213.887389][T11158]  netlink_sendmsg+0x8e4/0xcb0
[  213.887418][T11158]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.887440][T11158]  ? aa_sock_msg_perm+0x91/0x160
[  213.887463][T11158]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.887479][T11158]  __sock_sendmsg+0x221/0x270
[  213.887504][T11158]  ____sys_sendmsg+0x52a/0x7e0
[  213.887530][T11158]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.887547][T11158]  ? __fget_files+0x2a/0x410
[  213.887570][T11158]  ? __fget_files+0x2a/0x410
[  213.887600][T11158]  __sys_sendmsg+0x269/0x350
[  213.887623][T11158]  ? __pfx___sys_sendmsg+0x10/0x10
[  213.887653][T11158]  ? do_sys_openat2+0x17a/0x1d0
[  213.887699][T11158]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  213.887721][T11158]  ? do_syscall_64+0x100/0x230
[  213.887740][T11158]  ? do_syscall_64+0xb6/0x230
[  213.887758][T11158]  do_syscall_64+0xf3/0x230
[  213.887773][T11158]  ? clear_bhb_loop+0x35/0x90
[  213.887793][T11158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.887809][T11158] RIP: 0033:0x7f9496f8cd29
[  213.887829][T11158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.887842][T11158] RSP: 002b:00007f9497dbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.887860][T11158] RAX: ffffffffffffffda RBX: 00007f94971a5fa0 RCX: 00007f9496f8cd29
[  213.887872][T11158] RDX: 0000000004000080 RSI: 00000000200002c0 RDI: 0000000000000003
[  213.887883][T11158] RBP: 00007f9497dbf090 R08: 0000000000000000 R09: 0000000000000000
[  213.887893][T11158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.887903][T11158] R13: 0000000000000000 R14: 00007f94971a5fa0 R15: 00007ffe8130fc58
[  213.887934][T11158]  </TASK>
[  214.591138][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  214.771541][T11188] lo speed is unknown, defaulting to 1000
[  215.357056][T11201] __nla_validate_parse: 6 callbacks suppressed
[  215.357076][T11201] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1478'.
[  215.707449][T11225] ip6tnl2: entered promiscuous mode
[  215.720943][ T3652] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  215.739015][T11225] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1483'.
[  215.925029][T11229] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1485'.
[  215.948141][T11229] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1485'.
[  216.084342][T11236] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1487'.
[  216.098965][T11236] team0: Device gtp0 is of different type
[  216.270599][T11241] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1490'.
[  216.280388][T11241] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1490'.
[  216.290576][T11243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1491'.
[  216.332629][T11244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1490'.
[  216.467695][T11248] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  216.594369][T11259] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1497'.
[  216.704146][T11264] IPVS: length: 213 != 24
[  216.709226][T11264] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  217.010146][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  217.376810][T11297] bridge_slave_1: entered allmulticast mode
[  217.444562][T11301] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  217.456683][T11303] netlink: 'syz.4.1507': attribute type 14 has an invalid length.
[  217.456704][T11303] netlink: 'syz.4.1507': attribute type 13 has an invalid length.
[  217.529752][T11294] bridge_slave_1: left allmulticast mode
[  217.587026][T11309] netlink: 'syz.2.1511': attribute type 13 has an invalid length.
[  217.595098][T11309] netlink: 'syz.2.1511': attribute type 58 has an invalid length.
[  217.681681][T11312] syz_tun: entered promiscuous mode
[  217.705559][T11312] syz_tun: left promiscuous mode
[  217.933002][T11319] tipc: New replicast peer: 0.0.0.0
[  217.963417][T11319] tipc: Enabled bearer <udp:syz2>, priority 10
[  217.993413][T11319] tipc: New replicast peer: 100.1.1.1
[  218.017339][T11321] netlink: 'syz.2.1516': attribute type 12 has an invalid length.
[  218.176667][ T8771] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  218.458628][T11354] netlink: 'syz.1.1527': attribute type 8 has an invalid length.
[  218.529468][T11354] netlink: 'syz.1.1527': attribute type 8 has an invalid length.
[  218.542462][T11354] netlink: 'syz.1.1527': attribute type 8 has an invalid length.
[  218.565738][T11354] netlink: 'syz.1.1527': attribute type 8 has an invalid length.
[  218.580366][T11358] lo speed is unknown, defaulting to 1000
[  218.595289][T11354] netlink: 'syz.1.1527': attribute type 8 has an invalid length.
[  219.195826][T11375] xt_nfacct: accounting object `syz1' does not exists
[  219.316602][ T8776] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  220.436927][ T8770] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  220.460965][T11446] syz.2.1554[11446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.461051][T11446] syz.2.1554[11446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.491537][T11446] syz.2.1554[11446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.522595][T11447] __nla_validate_parse: 19 callbacks suppressed
[  220.522611][T11447] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1556'.
[  220.790802][T11472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  220.830534][T11465] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  220.841363][T11464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  220.926900][T10744] ------------[ cut here ]------------
[  220.932715][T10744] Invalid VIF (ffff88802812a9d0) magic 0x0, 08:02:11:00:00:01, 1/0
[  220.941173][T10744] WARNING: CPU: 0 PID: 10744 at drivers/net/wireless/virtual/mac80211_hwsim.c:237 mac80211_hwsim_tx+0x1b6f/0x23c0
[  220.953230][T10744] Modules linked in:
[  220.957175][T10744] CPU: 0 UID: 0 PID: 10744 Comm: kworker/0:14 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  220.967800][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  220.977893][T10744] Workqueue: mld mld_ifc_work
[  220.982608][T10744] RIP: 0010:mac80211_hwsim_tx+0x1b6f/0x23c0
[  220.988561][T10744] Code: 28 84 c0 0f 85 06 08 00 00 45 0f b6 8e 61 04 00 00 48 c7 c7 e0 d4 a9 8c 4c 89 f6 44 89 e2 48 89 e9 41 89 d8 e8 42 d1 49 fa 90 <0f> 0b 90 90 e9 69 f2 ff ff e8 53 1e 89 fa 90 0f 0b 90 e9 d5 f2 ff
[  221.008216][T10744] RSP: 0000:ffffc9000495eb70 EFLAGS: 00010246
[  221.014308][T10744] RAX: 58d820bcdae81300 RBX: 0000000000000001 RCX: ffff888062a01e00
[  221.022324][T10744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  221.030339][T10744] RBP: ffff88802812ae2a R08: ffffffff81603132 R09: fffffbfff1cfa638
[  221.038356][T10744] R10: dffffc0000000000 R11: fffffbfff1cfa638 R12: 0000000000000000
[  221.046369][T10744] R13: dffffc0000000000 R14: ffff88802812a9d0 R15: 0000000000000000
[  221.054375][T10744] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  221.063355][T10744] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  221.069994][T10744] CR2: 00007f0796fb4ac0 CR3: 000000005cdfc000 CR4: 00000000003526f0
[  221.078016][T10744] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  221.086005][T10744] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  221.094020][T10744] Call Trace:
[  221.097360][T10744]  <TASK>
[  221.100317][T10744]  ? __warn+0x165/0x4d0
[  221.104495][T10744]  ? mac80211_hwsim_tx+0x1b6f/0x23c0
[  221.109837][T10744]  ? report_bug+0x2b3/0x500
[  221.114368][T10744]  ? mac80211_hwsim_tx+0x1b6f/0x23c0
[  221.119726][T10744]  ? handle_bug+0x60/0x90
[  221.124077][T10744]  ? exc_invalid_op+0x1a/0x50
[  221.128805][T10744]  ? asm_exc_invalid_op+0x1a/0x20
[  221.133846][T10744]  ? __warn_printk+0x292/0x360
[  221.138660][T10744]  ? mac80211_hwsim_tx+0x1b6f/0x23c0
[  221.143994][T10744]  ieee80211_handle_wake_tx_queue+0x1ae/0x2d0
[  221.150130][T10744]  ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10
[  221.156768][T10744]  ? ieee80211_queue_skb+0x18b6/0x24b0
[  221.162256][T10744]  ? do_raw_spin_unlock+0x13c/0x8b0
[  221.167516][T10744]  ieee80211_queue_skb+0x1ae9/0x24b0
[  221.172860][T10744]  ieee80211_tx+0x2c4/0x470
[  221.177431][T10744]  ? __pfx_ieee80211_tx+0x10/0x10
[  221.182482][T10744]  ? ieee80211_xmit+0x30f/0x3f0
[  221.187379][T10744]  __ieee80211_subif_start_xmit+0xe93/0x1600
[  221.193388][T10744]  ? __ieee80211_subif_start_xmit+0x300/0x1600
[  221.199581][T10744]  ? __pfx___ieee80211_subif_start_xmit+0x10/0x10
[  221.206013][T10744]  ieee80211_subif_start_xmit+0xde/0x4d0
[  221.211683][T10744]  ? packet_rcv+0x16f/0x14b0
[  221.216287][T10744]  ? __pfx_ieee80211_subif_start_xmit+0x10/0x10
[  221.222581][T10744]  ? dev_queue_xmit_nit+0x2b/0xca0
[  221.227732][T10744]  ? dev_queue_xmit_nit+0xc0d/0xca0
[  221.232958][T10744]  ? dev_queue_xmit_nit+0x2b/0xca0
[  221.238101][T10744]  dev_hard_start_xmit+0x27a/0x7d0
[  221.243216][T10744]  __dev_queue_xmit+0x1b73/0x3f50
[  221.248290][T10744]  ? __dev_queue_xmit+0x2f4/0x3f50
[  221.253414][T10744]  ? __pfx___dev_queue_xmit+0x10/0x10
[  221.258813][T10744]  ? neigh_resolve_output+0x450/0x740
[  221.264202][T10744]  ? read_seqbegin+0x15a/0x2c0
[  221.269007][T10744]  ? lockdep_hardirqs_on+0x99/0x150
[  221.274232][T10744]  ? read_seqbegin+0x200/0x2c0
[  221.279027][T10744]  ? __pfx_read_seqbegin+0x10/0x10
[  221.284130][T10744]  ? neigh_resolve_output+0x2e5/0x740
[  221.289532][T10744]  ? eth_header+0x11c/0x1f0
[  221.294045][T10744]  ? __asan_memcpy+0x40/0x70
[  221.298667][T10744]  ? eth_header+0x11c/0x1f0
[  221.303191][T10744]  ? __pfx_eth_header+0x10/0x10
[  221.308073][T10744]  ? neigh_resolve_output+0x61f/0x740
[  221.313467][T10744]  ip6_finish_output2+0x12ad/0x1780
[  221.318686][T10744]  ? ip6_finish_output2+0x61d/0x1780
[  221.323966][T10744]  ? __pfx_ip6_finish_output2+0x10/0x10
[  221.329561][T10744]  ? ip6_mtu+0x81/0x3f0
[  221.333730][T10744]  ip6_finish_output+0x41e/0x840
[  221.338714][T10744]  NF_HOOK+0x9e/0x430
[  221.342709][T10744]  ? NF_HOOK+0xfa/0x430
[  221.346899][T10744]  ? __pfx_NF_HOOK+0x10/0x10
[  221.351514][T10744]  ? __pfx_dst_output+0x10/0x10
[  221.356424][T10744]  ? icmp6_dst_alloc+0x3aa/0x420
[  221.361376][T10744]  mld_sendpack+0x843/0xdb0
[  221.365871][T10744]  ? __pfx_mld_newpack+0x10/0x10
[  221.370855][T10744]  ? mld_sendpack+0x1e8/0xdb0
[  221.375542][T10744]  ? __pfx_mld_sendpack+0x10/0x10
[  221.380595][T10744]  mld_ifc_work+0x7d9/0xd90
[  221.385107][T10744]  ? process_scheduled_works+0x976/0x1840
[  221.390872][T10744]  process_scheduled_works+0xa66/0x1840
[  221.396500][T10744]  ? __pfx_process_scheduled_works+0x10/0x10
[  221.402492][T10744]  ? assign_work+0x364/0x3d0
[  221.407117][T10744]  worker_thread+0x870/0xd30
[  221.411738][T10744]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  221.417683][T10744]  ? __kthread_parkme+0x169/0x1d0
[  221.422731][T10744]  ? __pfx_worker_thread+0x10/0x10
[  221.427887][T10744]  kthread+0x7a9/0x920
[  221.431973][T10744]  ? __pfx_kthread+0x10/0x10
[  221.436623][T10744]  ? __pfx_worker_thread+0x10/0x10
[  221.441756][T10744]  ? __pfx_kthread+0x10/0x10
[  221.446399][T10744]  ? __pfx_kthread+0x10/0x10
[  221.451081][T10744]  ? __pfx_kthread+0x10/0x10
[  221.455691][T10744]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.460939][T10744]  ? lockdep_hardirqs_on+0x99/0x150
[  221.466158][T10744]  ? __pfx_kthread+0x10/0x10
[  221.470798][T10744]  ret_from_fork+0x4b/0x80
[  221.475232][T10744]  ? __pfx_kthread+0x10/0x10
[  221.479871][T10744]  ret_from_fork_asm+0x1a/0x30
[  221.484668][T10744]  </TASK>
[  221.487744][T10744] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  221.495030][T10744] CPU: 0 UID: 0 PID: 10744 Comm: kworker/0:14 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[  221.505623][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  221.515668][T10744] Workqueue: mld mld_ifc_work
[  221.520344][T10744] Call Trace:
[  221.523623][T10744]  <TASK>
[  221.526545][T10744]  dump_stack_lvl+0x241/0x360
[  221.531219][T10744]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.536411][T10744]  ? __pfx__printk+0x10/0x10
[  221.541002][T10744]  ? vscnprintf+0x5d/0x90
[  221.545330][T10744]  panic+0x349/0x880
[  221.549228][T10744]  ? __warn+0x174/0x4d0
[  221.553382][T10744]  ? __pfx_panic+0x10/0x10
[  221.557807][T10744]  ? ret_from_fork_asm+0x1a/0x30
[  221.562738][T10744]  __warn+0x344/0x4d0
[  221.566714][T10744]  ? mac80211_hwsim_tx+0x1b6f/0x23c0
[  221.571997][T10744]  report_bug+0x2b3/0x500
[  221.576326][T10744]  ? mac80211_hwsim_tx+0x1b6f/0x23c0
[  221.581618][T10744]  handle_bug+0x60/0x90
[  221.585763][T10744]  exc_invalid_op+0x1a/0x50
[  221.590256][T10744]  asm_exc_invalid_op+0x1a/0x20
[  221.595102][T10744] RIP: 0010:mac80211_hwsim_tx+0x1b6f/0x23c0
[  221.600991][T10744] Code: 28 84 c0 0f 85 06 08 00 00 45 0f b6 8e 61 04 00 00 48 c7 c7 e0 d4 a9 8c 4c 89 f6 44 89 e2 48 89 e9 41 89 d8 e8 42 d1 49 fa 90 <0f> 0b 90 90 e9 69 f2 ff ff e8 53 1e 89 fa 90 0f 0b 90 e9 d5 f2 ff
[  221.620587][T10744] RSP: 0000:ffffc9000495eb70 EFLAGS: 00010246
[  221.626650][T10744] RAX: 58d820bcdae81300 RBX: 0000000000000001 RCX: ffff888062a01e00
[  221.634612][T10744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  221.642572][T10744] RBP: ffff88802812ae2a R08: ffffffff81603132 R09: fffffbfff1cfa638
[  221.650533][T10744] R10: dffffc0000000000 R11: fffffbfff1cfa638 R12: 0000000000000000
[  221.658496][T10744] R13: dffffc0000000000 R14: ffff88802812a9d0 R15: 0000000000000000
[  221.666469][T10744]  ? __warn_printk+0x292/0x360
[  221.671251][T10744]  ieee80211_handle_wake_tx_queue+0x1ae/0x2d0
[  221.677317][T10744]  ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10
[  221.683900][T10744]  ? ieee80211_queue_skb+0x18b6/0x24b0
[  221.689354][T10744]  ? do_raw_spin_unlock+0x13c/0x8b0
[  221.694549][T10744]  ieee80211_queue_skb+0x1ae9/0x24b0
[  221.699852][T10744]  ieee80211_tx+0x2c4/0x470
[  221.704353][T10744]  ? __pfx_ieee80211_tx+0x10/0x10
[  221.709388][T10744]  ? ieee80211_xmit+0x30f/0x3f0
[  221.714236][T10744]  __ieee80211_subif_start_xmit+0xe93/0x1600
[  221.720220][T10744]  ? __ieee80211_subif_start_xmit+0x300/0x1600
[  221.726377][T10744]  ? __pfx___ieee80211_subif_start_xmit+0x10/0x10
[  221.732794][T10744]  ieee80211_subif_start_xmit+0xde/0x4d0
[  221.738419][T10744]  ? packet_rcv+0x16f/0x14b0
[  221.743002][T10744]  ? __pfx_ieee80211_subif_start_xmit+0x10/0x10
[  221.749236][T10744]  ? dev_queue_xmit_nit+0x2b/0xca0
[  221.754345][T10744]  ? dev_queue_xmit_nit+0xc0d/0xca0
[  221.759538][T10744]  ? dev_queue_xmit_nit+0x2b/0xca0
[  221.764647][T10744]  dev_hard_start_xmit+0x27a/0x7d0
[  221.769763][T10744]  __dev_queue_xmit+0x1b73/0x3f50
[  221.774794][T10744]  ? __dev_queue_xmit+0x2f4/0x3f50
[  221.779898][T10744]  ? __pfx___dev_queue_xmit+0x10/0x10
[  221.785259][T10744]  ? neigh_resolve_output+0x450/0x740
[  221.790621][T10744]  ? read_seqbegin+0x15a/0x2c0
[  221.795376][T10744]  ? lockdep_hardirqs_on+0x99/0x150
[  221.800568][T10744]  ? read_seqbegin+0x200/0x2c0
[  221.805323][T10744]  ? __pfx_read_seqbegin+0x10/0x10
[  221.810427][T10744]  ? neigh_resolve_output+0x2e5/0x740
[  221.815791][T10744]  ? eth_header+0x11c/0x1f0
[  221.820287][T10744]  ? __asan_memcpy+0x40/0x70
[  221.824874][T10744]  ? eth_header+0x11c/0x1f0
[  221.829372][T10744]  ? __pfx_eth_header+0x10/0x10
[  221.834213][T10744]  ? neigh_resolve_output+0x61f/0x740
[  221.839591][T10744]  ip6_finish_output2+0x12ad/0x1780
[  221.844787][T10744]  ? ip6_finish_output2+0x61d/0x1780
[  221.850076][T10744]  ? __pfx_ip6_finish_output2+0x10/0x10
[  221.855633][T10744]  ? ip6_mtu+0x81/0x3f0
[  221.859785][T10744]  ip6_finish_output+0x41e/0x840
[  221.864722][T10744]  NF_HOOK+0x9e/0x430
[  221.868699][T10744]  ? NF_HOOK+0xfa/0x430
[  221.872846][T10744]  ? __pfx_NF_HOOK+0x10/0x10
[  221.877431][T10744]  ? __pfx_dst_output+0x10/0x10
[  221.882276][T10744]  ? icmp6_dst_alloc+0x3aa/0x420
[  221.887209][T10744]  mld_sendpack+0x843/0xdb0
[  221.891704][T10744]  ? __pfx_mld_newpack+0x10/0x10
[  221.896645][T10744]  ? mld_sendpack+0x1e8/0xdb0
[  221.901316][T10744]  ? __pfx_mld_sendpack+0x10/0x10
[  221.906361][T10744]  mld_ifc_work+0x7d9/0xd90
[  221.910864][T10744]  ? process_scheduled_works+0x976/0x1840
[  221.916575][T10744]  process_scheduled_works+0xa66/0x1840
[  221.922136][T10744]  ? __pfx_process_scheduled_works+0x10/0x10
[  221.928112][T10744]  ? assign_work+0x364/0x3d0
[  221.932700][T10744]  worker_thread+0x870/0xd30
[  221.937288][T10744]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  221.943178][T10744]  ? __kthread_parkme+0x169/0x1d0
[  221.948198][T10744]  ? __pfx_worker_thread+0x10/0x10
[  221.953301][T10744]  kthread+0x7a9/0x920
[  221.957368][T10744]  ? __pfx_kthread+0x10/0x10
[  221.961967][T10744]  ? __pfx_worker_thread+0x10/0x10
[  221.967088][T10744]  ? __pfx_kthread+0x10/0x10
[  221.971676][T10744]  ? __pfx_kthread+0x10/0x10
[  221.976262][T10744]  ? __pfx_kthread+0x10/0x10
[  221.980849][T10744]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.986042][T10744]  ? lockdep_hardirqs_on+0x99/0x150
[  221.991237][T10744]  ? __pfx_kthread+0x10/0x10
[  221.995830][T10744]  ret_from_fork+0x4b/0x80
[  222.000239][T10744]  ? __pfx_kthread+0x10/0x10
[  222.004826][T10744]  ret_from_fork_asm+0x1a/0x30
[  222.009594][T10744]  </TASK>
[  222.012840][T10744] Kernel Offset: disabled
[  222.017287][T10744] Rebooting in 86400 seconds..