last executing test programs:

9.945466647s ago: executing program 0 (id=2867):
socket$inet(0xa, 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x1843}, 0x18)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
getsockopt$ax25_int(r2, 0x101, 0x5, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES16=r5], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000100), &(0x7f0000000180)='%pS    \x00'}, 0x20)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x1a, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r6, 0x0, 0x4000)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x40, &(0x7f0000001a40)=@raw={'raw\x00', 0x8, 0x3, 0x248, 0x98, 0x8, 0xfa04, 0x1b0, 0x6c02, 0x1b0, 0x194, 0x194, 0x1b0, 0x194, 0x3, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x32}, 0x0, 0x0, 'veth0_to_hsr\x00', 'dvmrp1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'vlan0\x00', {}, {}, 0x0, 0x1, 0x44}, 0x0, 0xb0, 0x118, 0x0, {}, [@common=@set={{0x40}, {{0x3, [0x4, 0x5, 0x3, 0x1, 0x2, 0x4], 0x4}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1b, 0x5, 0x1, 0x9, 'syz0\x00', 'syz1\x00', {0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a8)

8.924622271s ago: executing program 0 (id=2886):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000980)={'wg2\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031407e0ff640f0200475400f6a13bb1000e00080008004803", 0x10000, 0xe0ffffff, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

8.719640049s ago: executing program 0 (id=2892):
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)
unshare(0x20400)
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000bc0)=@raw={'raw\x00', 0x3c1, 0x1a6cc7, 0x390, 0x0, 0x5802, 0x294, 0x0, 0x294, 0x2c0, 0x378, 0x378, 0x2c0, 0x378, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0x1d0, 0x52020000}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xe5f6, 'system_u:object_r:semanage_store_t:s0\x00'}}}, {{@ipv6={@loopback, @remote, [], [0x0, 0x0, 0x0, 0xffffffff], 'veth1_to_batadv\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x81}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x3, 0x1, 0x400, 'snmp_trap\x00', {0x5}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x400010, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x48801}, 0x0)

8.353733894s ago: executing program 0 (id=2897):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18)
socket$alg(0x26, 0x5, 0x0)
unshare(0x6020400)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0x2c}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x1f00)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)

7.400098851s ago: executing program 0 (id=2904):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x8000000, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x20000840)
r2 = socket(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000002000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@local, 0x0, 0x0, 0x1, 0x1}, 0x20)
r7 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r7, @ANYBLOB, @ANYRES64=r2], 0x40}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="050000000800000000e0fc463cd1fb569607b50a0000000c000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
close(0x4)
unshare(0x6a040000)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)

6.77765091s ago: executing program 0 (id=2912):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x8000000000000001}}, 0x30)
syz_emit_ethernet(0xfcf0, &(0x7f0000000340)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "45208e", 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, {[], @mld={0x84, 0x0, 0x0, 0x8, 0x1, @empty}}}}}}, 0x0)

4.983453053s ago: executing program 3 (id=2925):
syz_emit_ethernet(0x6c, &(0x7f00000009c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0008004503005e00000000002f907800000000e00000012480810000027540d711ea254636f8a5d10000b09a7f4910000800000f000086dd080088be00000000100000000100000000000000080022eb0000e60020"], 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f00000005c0)='cpu.stat\x00', 0x275a, 0x0)
preadv(r3, &(0x7f0000000500)=[{&(0x7f00000000c0)=""/166, 0xa6}], 0x1, 0x793c866c, 0x6)
preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000680)=""/180, 0xb4}], 0x1, 0x3, 0x7)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000080)=0x3, 0x4)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000440)=0x9, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, @value=r3}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
unshare(0x6a040000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a03000000000000000000020000000c00024000000000000000010900010073797a300000000014000000020a0300000000000000000002"], 0x68}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xf2e8a000)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r5, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {0x0, 0x18}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x1080}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r6, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000f40)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651d8a0f30993de53bbfc9d8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d78f8ff6a2f11fa4810f9ffc7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc0300000063d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a150628e47eddbd9d5790b3ca96873aa9b56c0602e562d77cd3ebf1c218e4ec1494d9004b92053fb5", 0x3b8}], 0x1}}], 0x2, 0x4040894)
close(0x3)
listen(0xffffffffffffffff, 0x0)

3.998851907s ago: executing program 3 (id=2931):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x8)
socket$inet(0xa, 0x801, 0x84)
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000540)=0x2)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
accept(r3, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x0)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x5c, &(0x7f00000002c0)=ANY=[@ANYBLOB="a9000000000800000100004000000000310dee6710b7c30030246f4b87595042b4a02d5bb1db718b3eb14c03c22cb435f0e179cb5ad476155f63ac7da8227fe43adc65377c811dbdd197dbd62f9afaa172ade411e9c0ade4225cc3ab21869bdc"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2a}, 0x94)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}}, 0x0)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010c30000000003000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000040000000010009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x24, 0x40, 0x107, 0x0, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x20, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0)

3.928624968s ago: executing program 2 (id=2932):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000008500000029000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[], 0x32600) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r2, 0x6, 0xd, &(0x7f0000000000)='O', 0x1)
setsockopt$inet6_tcp_int(r2, 0x6, 0x10, &(0x7f0000000100)=0x5, 0x4) (async)
r3 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c) (async)
sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) (async)
setsockopt$inet6_int(r3, 0x29, 0x3, 0x0, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0xe, 0x0, &(0x7f0000000180)="e4e647c9d9b8e9a2f2ab30da5800", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.696478872s ago: executing program 2 (id=2933):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000004000000000010005000500070000000000080009000300000014002000ff000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

3.644715777s ago: executing program 2 (id=2934):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000800)="2cae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dea658eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8", 0x272}, {&(0x7f0000000340)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0768021fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61f48eccfcc29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a6e453a8a28cd5c4b733fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33c0bb3c24fa67c327cde47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b15748267223cbde856fa5a33f12cb1ea51da9ce96881d1aa6d096ed6b2319344d3c2781803a2119d9efd47b1abba3c1e6c563c1ec692da80ef66b19495b8e801d07b133", 0x22e}, {&(0x7f00000006c0)="5be08105437c98b91b9455046f57b5fc090014bde2bb01000000000000001a7838d859207067c30aa7352abbdf98e9bf032a3184a11e84639d3b9164d9c5d729f3dd409d39ff041e657c8df70e", 0x4d}, {&(0x7f0000001080)="8faf7172d3633337220d108a9a30ebea9e53fe6da99d0af7559a91c233149eb3", 0x20}, {&(0x7f0000000600)="999c2c21e0bf34bc842640d954f0abbeb75747ec63fe7d6b46823f077b4474a513979d4b165bd0cab665851f5320ccc44690c4294f4ac17edd3a4e71e119b86d79fb7a9ad5e132abdea7de677c313727a1b5463bc71d762a2c57dc02fcd3037fd0b83e8ec77d8eff19bf5408aee74e49a203699b566668", 0x77}], 0x5, 0x0, 0x0, 0x900}}], 0x1, 0x0)

3.576035871s ago: executing program 2 (id=2935):
syz_emit_ethernet(0x66, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@ipv6={0x86dd, @icmpv6={0xe, 0x6, "f22ada", 0x30, 0x3a, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @local, {[], @time_exceed={0x3, 0x1, 0x0, 0x1, '\x00', {0x2, 0x6, "40a619", 0x40, 0x2f, 0x0, @mcast1, @empty}}}}}}}, 0x0) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0xc004)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x98, 0x0, 0x0, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:dhcpd_state_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x14}}]}, 0x98}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

3.464144304s ago: executing program 2 (id=2936):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e1f, @remote}, {0x304, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x7e, {0x2, 0x4e25, @empty}})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000340)={0xa, 0x4e20, 0x10, @empty, 0x1000}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa230180c20000000800450000b00000000000119078000000000000000000004e20009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424dbcfd56f1375461caaa2f19935e6996c7096ffeeb03000000000000649a3bfbc1f39cb307b3472eb9cdb042d2643fcbf2c5a57df67d544af6e8dafe09"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x2, &(0x7f0000004240)=0xc3, 0x4)
recvmmsg(r1, &(0x7f0000001680)=[{{0x0, 0x0, 0x0}, 0xfffffffe}], 0x1, 0x2, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000480)={'broute\x00', 0x0, 0x4, 0x1000, [0xf, 0x6, 0x3, 0x1ff, 0x9, 0x76], 0x2, &(0x7f0000000180)=[{}, {}], &(0x7f0000000b40)=""/4096}, &(0x7f0000000200)=0x78)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', <r4=>0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @empty, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}})
unshare(0x6a040000)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', r4, 0x0}, 0x50)
unshare(0x600)
r5 = socket$kcm(0x10, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x33, &(0x7f0000000080)=0xfffff932, 0x4)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000000)=0x196, 0x4)
sendto$inet6(r7, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
setsockopt$inet6_int(r7, 0x29, 0x42, &(0x7f0000000300)=0x7, 0x4)
recvmmsg(r7, &(0x7f0000001d40)=[{{0x0, 0x0, 0x0}, 0xc3}], 0x1, 0x12000, 0x0)
sendmsg$sock(r5, &(0x7f0000000780)={&(0x7f0000000700)=@l2={0x1f, 0x9, @none, 0x4}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000001b40)="0e3358dd4be79e834b70cb39285633b7dfcd7135d28a319b8a78267d3fd9903b7b05741dfb8a0ad8303d6ebecf231bfd729fb1fc10f8201e805cb3d9399b7ca0023ffcab083548f1c5917db0919623c0b7fa9f08201a96cf2739f2e12e07b97ce96c47a0c76c586abd691fe9db739ec18e09ec15074e72cd2031f3b1d466e2d859c392ec9667d7244cba0d5960e81bc4c0", 0x91}, {&(0x7f0000001c00)="9517b91aff5afae879ef5d527297203166868b3f73d57bba158d0dab8ce55c14b82851a91183ea66c2315226a01d5180fa303502ab3cdf49cc38ec8e3c55a1e3ee", 0x41}], 0x2}, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r5, 0x82307202, &(0x7f0000000900)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
connect$rxrpc(r6, &(0x7f0000000500)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x3961, @remote, 0x6}}, 0x24)

3.024292793s ago: executing program 3 (id=2939):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TRIM(r2, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x10, 0x3f6, 0x100, 0x7, 0x25dfdbfb, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20008040}, 0x8080)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="140100002f00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f0784e3ed5d73b0d5a6b8cf669767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be820400e9006bf84a97108d4d508430f2aa3d569608f6b0f12c13e077319f32bf2d495a2c"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00005d5000/0x2000)=nil, 0x2000, 0x3, 0x28011, r5, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x1000)
read$nci(r5, &(0x7f00000005c0), 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'veth0_to_batadv\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="7400000010000305000900"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800c0001006d6163766c616e003c00028008000100100000001c0005800a000400aaaaaaaaaaaa00000a000400aaaaaaaaaaaa000008000300030000000a000400aaaaaaaaaabb000008000500", @ANYRES32=r6], 0x74}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
r7 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, 0x140a, 0x200, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000004}, 0x4008050)
sendmsg$kcm(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2566e506bce1e8", 0x14}], 0x1}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x413, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x88ab6dec, 0x52001}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'batadv_slave_0\x00'}, @IFLA_AF_SPEC={0x4}]}, 0x38}}, 0x440088c0)

2.59229531s ago: executing program 3 (id=2942):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r4, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r2)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xf4, r5, 0x10, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void, @val={0xc, 0x99, {0x2, 0x56}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xe}, @NL80211_ATTR_VENDOR_DATA={0x9a, 0xc5, "6033fb4451bac1ad1ecd55353e4b144a97151b38d120421c44dd2e477fb2358b406c54ca440ceb9cdd5926334d309f2084040e79c9b2c0c710a98e2b9ffd0d63c38ae588dfe8088ac07a36dde5a3208f3dd7f77fdebe231f4e575dc3dec833fae34984168de640ca022e9df043d4e9c345d567cb726dd2d13ecff5885a89cd9bf6df4b9b896b36a2f405e6493773fdb3f081beb49237"}, @NL80211_ATTR_VENDOR_DATA={0x2f, 0xc5, "e5cf55a52475ebdea5920585ce2232d671800a9c2b3ff97baa96a1ae01cfcd322ca0a3fff9129234b5b3cb"}]}, 0xf4}}, 0x810)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@delchain={0x44, 0x2c, 0xf31, 0x70bd28, 0x2000, {0x0, 0x0, 0x0, r8, {0x0, 0x5}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FD={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008844}, 0x0)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r9, r9, 0x1, 0x1, &(0x7f00000000c0)='\x00', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000000)={@any, 0x2})
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f00000008c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f8864f0", 0x73}, {&(0x7f0000000080)='\x00\x00\x00\x00', 0x4}, {&(0x7f0000000040)="38c8114fa3db529ed03bcef7ec2ea72ff78e04927d241dea66ff7487527450271f5eecbf1ef4f33ddcdcbb7fd642d78b34841e80399d5c524968", 0x3a}], 0x3)

2.516305551s ago: executing program 4 (id=2943):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYRESOCT], 0x40}}, 0x4040844)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newlink={0x50, 0x10, 0x405, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0xd}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ERSPAN_DIR={0x5}]}}}]}, 0x50}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r2, @ANYBLOB="0006000000000000240012800b00010067656e657665000014000280060005004e24000008000b"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0)

2.343130237s ago: executing program 4 (id=2944):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000340)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0768021fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61f48eccfcc29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a6e453a8a28cd5c4b733fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33c0bb3c24fa67c327cde47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b15748267223cbde856fa5a33f12cb1ea51da9ce96881d1aa6d096ed6b2319344d3c2781803a2119d9efd47b1abba3c1e6c563c1ec692da80ef66b19495b8e801d07b133f1", 0x22f}, {&(0x7f00000006c0)="5be08105437c98b91b9455046f57b5fc090014bde2bb01000000000000001a7838d859207067c30aa7352abbdf98e9bf032a3184a11e84639d3b9164d9c5d729f3dd409d39ff041e657c8df70e", 0x4d}, {&(0x7f0000001080)="8faf7172d3633337220d108a9a30ebea9e53fe6da99d0af7559a91c233149eb3", 0x20}, {&(0x7f0000000600)="999c2c21e0bf34bc842640d954f0abbeb75747ec63fe7d6b46823f077b4474a513979d4b165bd0cab665851f5320ccc44690c4294f4ac17edd3a4e71e119b86d79fb7a9ad5e132abdea7de677c313727a1b5463bc71d762a2c57dc02fcd3037fd0b83e8ec77d8eff19bf5408aee74e49a203699b566668", 0x77}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)

2.182251286s ago: executing program 4 (id=2946):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18)
socket$alg(0x26, 0x5, 0x0)
unshare(0x6020400)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0x2c}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f1, 0x0)

2.07225025s ago: executing program 1 (id=2947):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = socket$inet(0x2, 0xa, 0x400)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a000000800000000642"], 0xfdef)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
connect(r0, &(0x7f0000000040)=@xdp={0x2c, 0xd, 0x0, 0x12}, 0x80)

1.871870035s ago: executing program 1 (id=2948):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x8)
socket$inet(0xa, 0x801, 0x84)
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000540)=0x2)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
accept(r3, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x0)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x5c, &(0x7f00000002c0)=ANY=[@ANYBLOB="a9000000000800000100004000000000310dee6710b7c30030246f4b87595042b4a02d5bb1db718b3eb14c03c22cb435f0e179cb5ad476155f63ac7da8227fe43adc65377c811dbdd197dbd62f9afaa172ade411e9c0ade4225cc3ab21869bdc"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2a}, 0x94)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}}, 0x0)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010c30000000003000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000050000000010009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x24, 0x40, 0x107, 0x0, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x20, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0)

1.27386846s ago: executing program 4 (id=2949):
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@local, @loopback, <r0=>0x0}, &(0x7f0000000080)=0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1b, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)

1.130039162s ago: executing program 3 (id=2950):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r2, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4)
sendmsg$key(r1, &(0x7f0000000100)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYRESHEX=r1, @ANYRES64, @ANYRES64, @ANYRESHEX=r1, @ANYRES32=r2, @ANYRES64=r2, @ANYRESHEX=r2, @ANYRES32=r0, @ANYRES32=r2], 0x50}}, 0x841)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@dev={0xac, 0x14, 0x14, 0x20}, @in6=@dev={0xfe, 0x80, '\x00', 0x40}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffd}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x40}}, 0x6}, 0x1c)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000080)={'ip6gre0\x00', 0x0, 0x2f, 0xe8, 0xa8, 0x6, 0x53, @mcast1, @private2, 0x20, 0x8000, 0x0, 0x4}})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r6, 0x0, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080fffffffe0000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
recvmsg(r4, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x2000)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000000c0)='ns/net\x00')

1.129723081s ago: executing program 4 (id=2951):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x2000}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r4)
sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x44, r6, 0xa01, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x88d3}, 0x4080)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fea0000000711097000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x790f}, 0x94)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp=r9}, @IFLA_GTP_FD1={0x8, 0x2, @udp=r9}]}}}]}, 0x40}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r7, &(0x7f0000000340)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="08030000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300, 0x10000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r10}]}}}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x48}}, 0x0)

944.304024ms ago: executing program 2 (id=2952):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xa, &(0x7f0000000200)=ANY=[@ANYBLOB="18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000500850000008200000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x25, &(0x7f00000001c0)={r1, 0x0, 0x25, 0x1, @val=@tcx={@void, @value=r1}}, 0x1c)
socket$packet(0x11, 0xa, 0x300)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000080), 0x4a)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000000c0)=0x9, 0x4)
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r5=>0x0})
bind$packet(r4, &(0x7f0000000300)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
accept4(r6, 0x0, &(0x7f0000000040), 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000a500000006000000850000002300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r11=>0x0})
bind$packet(r10, &(0x7f0000000300)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14)
syz_emit_ethernet(0xbe, &(0x7f0000000340)={@empty, @link_local, @void, {@ipv4={0x800, @udp={{0x1d, 0x4, 0x0, 0x3e, 0xb0, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty, {[@ssrr={0x89, 0x7, 0x55, [@remote]}, @timestamp_prespec={0x44, 0x4c, 0x1a, 0x3, 0x9, [{@remote, 0x3}, {@loopback, 0x760}, {@remote, 0x3b4c}, {@loopback, 0x7}, {@remote, 0x9}, {@multicast1, 0xf5c}, {@remote, 0x3719}, {@rand_addr=0x64010101, 0x1da}, {@private=0xa010101, 0x8000}]}, @timestamp_addr={0x44, 0xc, 0xc5, 0x1, 0x7, [{@loopback, 0x6}]}]}}, {0x0, 0x0, 0x3c, 0x0, @opaque="ae87490ce97a93d62fcb4444d79df0bdf6d5a20310abf827452ec16974b00e958d1b0c72d9c1dfc92ac13c4de54ae6da1f370931"}}}}}, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)=ANY=[@ANYBLOB="0180c200000050a245d5cde00800450000907800000000ffffffff11e090780000000062ea0000000000000008000000000000000000"], 0x0)
sendmsg$IPSET_CMD_ADD(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9000000009060108000000000000000005000004280008800c0007800000194000000000000000070400078008000940000000ff0500010007000000d1ff07800600044002000000060005404e2100001800018014000240fe8000000000000000000000000000bb180002801400024000000000000000000000000000000001060004404e2c00"/148], 0x90}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

943.703675ms ago: executing program 1 (id=2953):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r0, 0x6, 0x2b, 0xffffffffffffffff, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x700, 0x8000, 0xffff8001, 0x7, {{0x5, 0x4, 0x0, 0x12, 0x14, 0x20, 0x4000, 0x0, 0x2f, 0x0, @remote, @multicast1}}}})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), r2)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000580)={'wpan1\x00', <r4=>0x0})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffc1e}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$FITRIM(r6, 0xc0185879, &(0x7f00000002c0)={0x2, 0x5, 0xdb})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)={0x3c, r3, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x18, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x80000001}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_ATTR_SEC_ENABLED={0x5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x3c}}, 0x2000)

698.488725ms ago: executing program 1 (id=2954):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140000003400010000000009ffdbdf2504000080"], 0x14}], 0x1}, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10) (async)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0) (async)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
accept4$vsock_stream(r3, &(0x7f0000000880)={0x28, 0x0, 0x2711}, 0x10, 0x80000)
shutdown(r5, 0x1) (async)
shutdown(r5, 0x1)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x107c80, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000840)=[{0x0}], 0x1}, 0x3fe}], 0x2, 0x2101, 0x0)
write$tun(r8, &(0x7f0000000640)=ANY=[@ANYBLOB="0000000700030200090003000400bbbbbbbbbbbbaaaaaaaaaaaa88a8310081002100884c013be5762b80f63b43abfeee0b37e64deac57c7aa221be4541f3af09785bebd668a1a9e8184e20a00d21f882f8fb7e0d8e23087a7daaac293c12711200ec7182d8e7750ac0a2f45c54e3e71c57f38d13b4bff1874bb0f91092aa1657533ccbcd05977f5b875f4e50fc770cbd00000000000000803eb348f6cd96bf86098fd62199311780dd6f791ec6c5ec37275badff1b3ccd20fe3da80df441f3324faff68a5d839aee4e70e28b"], 0x100) (async)
write$tun(r8, &(0x7f0000000640)=ANY=[@ANYBLOB="0000000700030200090003000400bbbbbbbbbbbbaaaaaaaaaaaa88a8310081002100884c013be5762b80f63b43abfeee0b37e64deac57c7aa221be4541f3af09785bebd668a1a9e8184e20a00d21f882f8fb7e0d8e23087a7daaac293c12711200ec7182d8e7750ac0a2f45c54e3e71c57f38d13b4bff1874bb0f91092aa1657533ccbcd05977f5b875f4e50fc770cbd00000000000000803eb348f6cd96bf86098fd62199311780dd6f791ec6c5ec37275badff1b3ccd20fe3da80df441f3324faff68a5d839aee4e70e28b"], 0x100)

661.486682ms ago: executing program 4 (id=2955):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x8000000, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x20000840)
r2 = socket(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000002000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@local, 0x0, 0x0, 0x1, 0x1}, 0x20)
r7 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r7, @ANYBLOB, @ANYRES64=r2], 0x40}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
close(0x4)
unshare(0x6a040000)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)

280.307556ms ago: executing program 1 (id=2956):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000040)={'wpan3\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan0\x00', <r3=>0x0}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan1\x00', <r4=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan3\x00', <r6=>0x0}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan4\x00', <r7=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r1, 0x0, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}]}, 0x5c}, 0x1, 0x0, 0x0, 0xb9c76c74df389017}, 0x24000000) (async)
sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f00000028c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd5800fddbdf25090000000500130005d5784994a606191ace820b"], 0x24}, 0x1, 0x0, 0x0, 0x161b060f1436d4f2}, 0x10)

187.90919ms ago: executing program 3 (id=2957):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, 0x0, {0x0, 0xc}, {0xffff, 0xffff}, {0x2, 0x7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x3c}}, 0x40440c0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000027c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010325ad7000fedbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r2, 0x400, 0x70bd29, 0x2, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x41}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x55}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040c4}, 0x4000000)
r3 = socket(0x28, 0x5, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
close(r4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000ffffff80e500020000000000c500fcff000000008500feffd100000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r4}, 0x18)
r5 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000002c0)=ANY=[], 0x0)
unshare(0x22060400)
unshare(0x24020400)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
poll(&(0x7f0000000040)=[{r6, 0xa148}], 0x1, 0x2000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000640)=@file={0x1, './cgroup.cpu/cgroup.procs/file0\x00'}, 0x6e)
connect$vsock_stream(r3, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10)
r8 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r4}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
pipe(&(0x7f00000000c0)={<r9=>0xffffffffffffffff})
epoll_pwait(r9, &(0x7f0000001800)=[{}], 0x1, 0xa52, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x8936, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="b4000000000000007910000000000000c300e4ff50000000950074000000000007cd68541c8ecf9531b5304b5cc21956f2bc86279e6ad8df17d9770ecf3cf86fc3e24813c30a62be8343fd64d83b7a67d4fe75024d408c8c6efad5de675dd7c2fd4bc5150ac10908d8ed5d462d8b3d226984e301c5303515a91caae004c5b15d99b0603e513689df039b1b3be2397b3e4ceded9089bc2e15d40b2051974e6b2478ae72cf47bee3a056433e3c9ec50f965cb28a3e9ed5f403cb7753bb80134316c458ef5fc56add28eb81da659d42e1efe216f3f7fe157783ba79e1b2d5f2212e804de42b27f23214bebff612b6287d969b02d2f8c9fa6eb8da5fb47c68478a3972a3760cab8ed724a951c4e98eb2fcf27e92142b602215c964"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
sendmsg$can_raw(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x4000010)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 1 (id=2958):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18)
socket$alg(0x26, 0x5, 0x0)
unshare(0x6020400)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0x2c}}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, 0x0)

kernel console output (not intermixed with test programs):

ink: 'syz.3.1623': attribute type 1 has an invalid length.
[  206.489162][T10173] FAULT_INJECTION: forcing a failure.
[  206.489162][T10173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  206.525245][T10173] CPU: 1 UID: 0 PID: 10173 Comm: syz.4.1624 Not tainted syzkaller #0 PREEMPT(full) 
[  206.525273][T10173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  206.525285][T10173] Call Trace:
[  206.525293][T10173]  <TASK>
[  206.525302][T10173]  dump_stack_lvl+0x189/0x250
[  206.525338][T10173]  ? __pfx____ratelimit+0x10/0x10
[  206.525367][T10173]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.525395][T10173]  ? __pfx__printk+0x10/0x10
[  206.525430][T10173]  should_fail_ex+0x414/0x560
[  206.525468][T10173]  _copy_from_user+0x2d/0xb0
[  206.525495][T10173]  __copy_msghdr+0x3c5/0x5b0
[  206.525523][T10173]  ___sys_sendmsg+0x1a5/0x2a0
[  206.525548][T10173]  ? __pfx____sys_sendmsg+0x10/0x10
[  206.525611][T10173]  ? __fget_files+0x2a/0x420
[  206.525629][T10173]  ? __fget_files+0x3a0/0x420
[  206.525657][T10173]  __x64_sys_sendmsg+0x19b/0x260
[  206.525683][T10173]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  206.525716][T10173]  ? __pfx_ksys_write+0x10/0x10
[  206.525755][T10173]  ? do_syscall_64+0xbe/0xfa0
[  206.525783][T10173]  do_syscall_64+0xfa/0xfa0
[  206.525807][T10173]  ? lockdep_hardirqs_on+0x9c/0x150
[  206.525831][T10173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.525847][T10173]  ? clear_bhb_loop+0x60/0xb0
[  206.525867][T10173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.525883][T10173] RIP: 0033:0x7f682478f6c9
[  206.525897][T10173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.525910][T10173] RSP: 002b:00007f68256b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.525929][T10173] RAX: ffffffffffffffda RBX: 00007f68249e5fa0 RCX: 00007f682478f6c9
[  206.525940][T10173] RDX: 0000000000000020 RSI: 0000200000000400 RDI: 0000000000000003
[  206.525951][T10173] RBP: 00007f68256b5090 R08: 0000000000000000 R09: 0000000000000000
[  206.525960][T10173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.525970][T10173] R13: 00007f68249e6038 R14: 00007f68249e5fa0 R15: 00007fff74ac82c8
[  206.525996][T10173]  </TASK>
[  207.133748][T10193] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  207.216566][T10203] gretap0: left promiscuous mode
[  207.226322][T10203] gretap0: left allmulticast mode
[  207.402658][T10203] batadv0: left promiscuous mode
[  207.407940][T10203] batadv0: left allmulticast mode
[  207.487935][T10216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1641'.
[  207.640344][T10203] veth0_virt_wifi: left allmulticast mode
[  207.662754][T10222] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1643'.
[  207.715920][T10203] geneve2: left promiscuous mode
[  207.724413][T10203] gtp0: left promiscuous mode
[  207.729281][T10203] gtp0: left allmulticast mode
[  207.798451][   T24] lo speed is unknown, defaulting to 1000
[  207.820970][   T24] s
z1: Port: 1 Link DOWN
[  207.835649][T10216] macvtap2: entered promiscuous mode
[  207.846019][T10216] ip6gretap0: entered promiscuous mode
[  207.865536][T10216] macvtap2: entered allmulticast mode
[  207.885645][T10216] ip6gretap0: entered allmulticast mode
[  207.911380][ T5832] wg1 speed is unknown, defaulting to 1000
[  207.917429][ T5832] syz: Port: 1 Link DOWN
[  207.936933][T10217] ip6gretap0: left allmulticast mode
[  207.960213][T10217] ip6gretap0: left promiscuous mode
[  208.039798][  T997] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.065500][  T997] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.111349][   T24] lo speed is unknown, defaulting to 1000
[  208.140303][  T997] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.155251][  T997] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.211687][T10241] wg2 speed is unknown, defaulting to 1000
[  208.234428][T10246] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1651'.
[  208.284446][T10246] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1651'.
[  208.338959][T10252] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1654'.
[  208.512602][T10259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1660'.
[  208.605872][T10241] wg1 speed is unknown, defaulting to 1000
[  208.620528][T10241] lo speed is unknown, defaulting to 1000
[  208.665097][T10265] netlink: 'syz.3.1662': attribute type 10 has an invalid length.
[  208.677481][T10265] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1662'.
[  208.688565][T10265] dummy0: entered promiscuous mode
[  208.694775][T10265] bridge0: port 1(dummy0) entered blocking state
[  208.701861][T10265] bridge0: port 1(dummy0) entered disabled state
[  208.708546][T10265] dummy0: entered allmulticast mode
[  208.718993][T10266] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002
[  208.731474][T10265] bridge0: port 1(dummy0) entered blocking state
[  208.738093][T10265] bridge0: port 1(dummy0) entered forwarding state
[  208.774397][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1663'.
[  208.992978][T10275] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1665'.
[  209.041446][T10272] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1665'.
[  209.751265][T10308] tipc: Started in network mode
[  209.756668][T10308] tipc: Node identity 4ebfa6cfb014, cluster identity 4711
[  209.769248][T10308] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  209.805973][T10306] sch_tbf: burst 125 is lower than device syzkaller0 mtu (1514) !
[  210.005136][T10321] IPVS: Unknown mcast interface: vetN1_macvtap
[  210.024573][T10322] openvswitch: netlink: Missing valid actions attribute.
[  210.032352][T10322] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  210.076653][T10305] tipc: Disabling bearer <eth:syzkaller0>
[  210.276894][T10331] veth0: entered promiscuous mode
[  210.302312][T10328] veth0: left promiscuous mode
[  210.414513][T10336] FAULT_INJECTION: forcing a failure.
[  210.414513][T10336] name failslab, interval 1, probability 0, space 0, times 0
[  210.440520][T10336] CPU: 1 UID: 0 PID: 10336 Comm: syz.0.1690 Not tainted syzkaller #0 PREEMPT(full) 
[  210.440546][T10336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  210.440557][T10336] Call Trace:
[  210.440565][T10336]  <TASK>
[  210.440573][T10336]  dump_stack_lvl+0x189/0x250
[  210.440604][T10336]  ? __pfx____ratelimit+0x10/0x10
[  210.440629][T10336]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.440653][T10336]  ? __pfx__printk+0x10/0x10
[  210.440676][T10336]  ? __pfx___might_resched+0x10/0x10
[  210.440695][T10336]  ? fs_reclaim_acquire+0x7d/0x100
[  210.440726][T10336]  should_fail_ex+0x414/0x560
[  210.440758][T10336]  should_failslab+0xa8/0x100
[  210.440777][T10336]  kmem_cache_alloc_node_noprof+0x77/0x710
[  210.440802][T10336]  ? __alloc_skb+0x112/0x2d0
[  210.440818][T10336]  ? netlink_autobind+0xdb/0x300
[  210.440842][T10336]  __alloc_skb+0x112/0x2d0
[  210.440862][T10336]  netlink_sendmsg+0x5c6/0xb30
[  210.440890][T10336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  210.440911][T10336]  ? aa_sock_msg_perm+0xf1/0x1d0
[  210.440939][T10336]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  210.440956][T10336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  210.440975][T10336]  __sock_sendmsg+0x21c/0x270
[  210.441003][T10336]  ____sys_sendmsg+0x505/0x830
[  210.441028][T10336]  ? __pfx_____sys_sendmsg+0x10/0x10
[  210.441056][T10336]  ? import_iovec+0x74/0xa0
[  210.441081][T10336]  ___sys_sendmsg+0x21f/0x2a0
[  210.441103][T10336]  ? __pfx____sys_sendmsg+0x10/0x10
[  210.441165][T10336]  ? __fget_files+0x2a/0x420
[  210.441181][T10336]  ? __fget_files+0x3a0/0x420
[  210.441207][T10336]  __x64_sys_sendmsg+0x19b/0x260
[  210.441229][T10336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  210.441258][T10336]  ? __pfx_ksys_write+0x10/0x10
[  210.441287][T10336]  ? do_syscall_64+0xbe/0xfa0
[  210.441316][T10336]  do_syscall_64+0xfa/0xfa0
[  210.441340][T10336]  ? lockdep_hardirqs_on+0x9c/0x150
[  210.441366][T10336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.441383][T10336]  ? clear_bhb_loop+0x60/0xb0
[  210.441406][T10336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.441426][T10336] RIP: 0033:0x7f68b038f6c9
[  210.441445][T10336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.441462][T10336] RSP: 002b:00007f68b123a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  210.441483][T10336] RAX: ffffffffffffffda RBX: 00007f68b05e5fa0 RCX: 00007f68b038f6c9
[  210.441498][T10336] RDX: 0000000004000000 RSI: 0000200000000680 RDI: 0000000000000003
[  210.441514][T10336] RBP: 00007f68b123a090 R08: 0000000000000000 R09: 0000000000000000
[  210.441525][T10336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.441535][T10336] R13: 00007f68b05e6038 R14: 00007f68b05e5fa0 R15: 00007ffeb439e518
[  210.441564][T10336]  </TASK>
[  210.758299][T10339] erspan0: entered promiscuous mode
[  210.764662][T10339] vlan2: entered promiscuous mode
[  211.000359][T10351] vlan2: entered promiscuous mode
[  211.495416][T10388] sctp: [Deprecated]: syz.2.1713 (pid 10388) Use of struct sctp_assoc_value in delayed_ack socket option.
[  211.495416][T10388] Use struct sctp_sack_info instead
[  211.595003][T10391] geneve2: entered promiscuous mode
[  211.842427][T10409] macvlan2: entered promiscuous mode
[  212.215537][T10428] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  212.776935][T10463] __nla_validate_parse: 5 callbacks suppressed
[  212.776954][T10463] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1745'.
[  212.932531][T10471] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1748'.
[  213.305203][T10498] tipc: Can't bind to reserved service type 1
[  213.322946][T10498] netlink: 'syz.1.1762': attribute type 39 has an invalid length.
[  213.393349][T10507] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1762'.
[  213.408919][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1764'.
[  213.418576][T10507] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1762'.
[  213.432378][T10507] netlink: 'syz.1.1762': attribute type 5 has an invalid length.
[  213.446099][T10504] macvtap3: entered promiscuous mode
[  213.451776][T10507] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1762'.
[  213.461316][T10504] bridge0: entered promiscuous mode
[  213.468385][T10504] macvtap3: entered allmulticast mode
[  213.476053][T10504] bridge0: entered allmulticast mode
[  213.506125][T10509] bridge0: left allmulticast mode
[  213.512568][T10509] bridge0: left promiscuous mode
[  213.539071][T10507] vlan2: entered allmulticast mode
[  213.547252][T10507] bridge_slave_0: entered allmulticast mode
[  213.716874][T10517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1769'.
[  213.901285][T10533] netlink: 'syz.0.1776': attribute type 1 has an invalid length.
[  214.083589][T10542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1781'.
[  214.106971][T10542] bridge0: entered promiscuous mode
[  214.122939][T10542] macvtap3: entered promiscuous mode
[  214.128475][T10542] macvtap3: entered allmulticast mode
[  214.135710][T10542] bridge0: entered allmulticast mode
[  214.215805][T10545] bridge0: left allmulticast mode
[  214.222900][T10545] bridge0: left promiscuous mode
[  214.628262][T10574] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1794'.
[  214.813502][T10587] FAULT_INJECTION: forcing a failure.
[  214.813502][T10587] name failslab, interval 1, probability 0, space 0, times 0
[  214.820597][T10583] wg2 speed is unknown, defaulting to 1000
[  214.886514][T10587] CPU: 1 UID: 0 PID: 10587 Comm: syz.2.1801 Not tainted syzkaller #0 PREEMPT(full) 
[  214.886541][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  214.886552][T10587] Call Trace:
[  214.886560][T10587]  <TASK>
[  214.886568][T10587]  dump_stack_lvl+0x189/0x250
[  214.886601][T10587]  ? __pfx____ratelimit+0x10/0x10
[  214.886629][T10587]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.886654][T10587]  ? __pfx__printk+0x10/0x10
[  214.886681][T10587]  ? __pfx___might_resched+0x10/0x10
[  214.886701][T10587]  ? fs_reclaim_acquire+0x7d/0x100
[  214.886735][T10587]  should_fail_ex+0x414/0x560
[  214.886770][T10587]  should_failslab+0xa8/0x100
[  214.886791][T10587]  kmem_cache_alloc_node_noprof+0x77/0x710
[  214.886819][T10587]  ? __alloc_skb+0x112/0x2d0
[  214.886837][T10587]  ? netlink_autobind+0xdb/0x300
[  214.886865][T10587]  __alloc_skb+0x112/0x2d0
[  214.886888][T10587]  netlink_sendmsg+0x5c6/0xb30
[  214.886918][T10587]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.886942][T10587]  ? aa_sock_msg_perm+0xf1/0x1d0
[  214.886975][T10587]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  214.886993][T10587]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.887015][T10587]  __sock_sendmsg+0x21c/0x270
[  214.887054][T10587]  ____sys_sendmsg+0x505/0x830
[  214.887084][T10587]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.887115][T10587]  ? import_iovec+0x74/0xa0
[  214.887145][T10587]  ___sys_sendmsg+0x21f/0x2a0
[  214.887170][T10587]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.887229][T10587]  ? __fget_files+0x2a/0x420
[  214.887250][T10587]  ? __fget_files+0x3a0/0x420
[  214.887281][T10587]  __x64_sys_sendmsg+0x19b/0x260
[  214.887308][T10587]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  214.887341][T10587]  ? __pfx_ksys_write+0x10/0x10
[  214.887375][T10587]  ? do_syscall_64+0xbe/0xfa0
[  214.887409][T10587]  do_syscall_64+0xfa/0xfa0
[  214.887438][T10587]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.887468][T10587]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.887488][T10587]  ? clear_bhb_loop+0x60/0xb0
[  214.887513][T10587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.887532][T10587] RIP: 0033:0x7f69b3f8f6c9
[  214.887550][T10587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.887568][T10587] RSP: 002b:00007f69b4ed0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  214.887589][T10587] RAX: ffffffffffffffda RBX: 00007f69b41e5fa0 RCX: 00007f69b3f8f6c9
[  214.887604][T10587] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005
[  214.887616][T10587] RBP: 00007f69b4ed0090 R08: 0000000000000000 R09: 0000000000000000
[  214.887627][T10587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.887640][T10587] R13: 00007f69b41e6038 R14: 00007f69b41e5fa0 R15: 00007ffc6b7dc498
[  214.887692][T10587]  </TASK>
[  215.574513][T10605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1807'.
[  215.731735][T10583] wg1 speed is unknown, defaulting to 1000
[  215.745827][T10583] lo speed is unknown, defaulting to 1000
[  217.344430][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b73bc00: rx timeout, send abort
[  217.852815][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b73bc00: abort rx timeout. Force session deactivation
[  219.690043][T10598] Set syz1 is full, maxelem 65536 reached
[  219.724679][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f073000: rx timeout, send abort
[  220.232996][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f073000: abort rx timeout. Force session deactivation
[  220.638191][T10732] __nla_validate_parse: 3 callbacks suppressed
[  220.638213][T10732] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1860'.
[  220.683862][T10733] wg2 speed is unknown, defaulting to 1000
[  220.690706][T10732] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1860'.
[  220.835070][T10744] batadv1: entered promiscuous mode
[  220.844750][T10744] 8021q: adding VLAN 0 to HW filter on device batadv1
[  220.881300][T10747] batadv2: entered promiscuous mode
[  220.889033][T10747] 8021q: adding VLAN 0 to HW filter on device batadv2
[  221.139559][T10753] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  221.307500][T10733] wg1 speed is unknown, defaulting to 1000
[  221.315699][T10733] lo speed is unknown, defaulting to 1000
[  221.334854][T10762] FAULT_INJECTION: forcing a failure.
[  221.334854][T10762] name failslab, interval 1, probability 0, space 0, times 0
[  221.374703][T10762] CPU: 1 UID: 0 PID: 10762 Comm: syz.2.1871 Not tainted syzkaller #0 PREEMPT(full) 
[  221.374732][T10762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  221.374745][T10762] Call Trace:
[  221.374753][T10762]  <TASK>
[  221.374762][T10762]  dump_stack_lvl+0x189/0x250
[  221.374795][T10762]  ? __pfx____ratelimit+0x10/0x10
[  221.374825][T10762]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.374852][T10762]  ? __pfx__printk+0x10/0x10
[  221.374886][T10762]  ? __pfx___might_resched+0x10/0x10
[  221.374914][T10762]  should_fail_ex+0x414/0x560
[  221.374951][T10762]  should_failslab+0xa8/0x100
[  221.374978][T10762]  __kmalloc_noprof+0xcb/0x7f0
[  221.375005][T10762]  ? kfree+0x4d/0x6d0
[  221.375026][T10762]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  221.375064][T10762]  tomoyo_realpath_from_path+0xe3/0x5d0
[  221.375099][T10762]  ? tomoyo_domain+0xd9/0x130
[  221.375123][T10762]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  221.375149][T10762]  tomoyo_path_number_perm+0x1e8/0x5a0
[  221.375179][T10762]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  221.375248][T10762]  ? __fget_files+0x2a/0x420
[  221.375283][T10762]  ? __fget_files+0x3a0/0x420
[  221.375300][T10762]  ? __fget_files+0x2a/0x420
[  221.375324][T10762]  security_file_ioctl+0xcb/0x2d0
[  221.375352][T10762]  __se_sys_ioctl+0x47/0x170
[  221.375382][T10762]  do_syscall_64+0xfa/0xfa0
[  221.375410][T10762]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.375441][T10762]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.375460][T10762]  ? clear_bhb_loop+0x60/0xb0
[  221.375485][T10762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.375504][T10762] RIP: 0033:0x7f69b3f8f6c9
[  221.375541][T10762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.375559][T10762] RSP: 002b:00007f69b4ed0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  221.375581][T10762] RAX: ffffffffffffffda RBX: 00007f69b41e5fa0 RCX: 00007f69b3f8f6c9
[  221.375596][T10762] RDX: 00002000000005c0 RSI: 00000000c0189436 RDI: 0000000000000003
[  221.375610][T10762] RBP: 00007f69b4ed0090 R08: 0000000000000000 R09: 0000000000000000
[  221.375622][T10762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  221.375634][T10762] R13: 00007f69b41e6038 R14: 00007f69b41e5fa0 R15: 00007ffc6b7dc498
[  221.375675][T10762]  </TASK>
[  221.375763][T10762] ERROR: Out of memory at tomoyo_realpath_from_path.
[  222.623378][T10805] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1887'.
[  222.771747][T10802] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  222.872650][T10816] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1890'.
[  223.447773][T10839] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1901'.
[  223.644731][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1907'.
[  223.850517][T10861] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1911'.
[  223.903406][T10861] macvtap1: entered promiscuous mode
[  223.909641][T10861] ip6gretap0: entered promiscuous mode
[  223.916184][T10861] macvtap1: entered allmulticast mode
[  223.931671][T10861] ip6gretap0: entered allmulticast mode
[  223.969224][T10868] ip6gretap0: left allmulticast mode
[  223.990623][T10868] ip6gretap0: left promiscuous mode
[  224.102815][T10875] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1917'.
[  224.119109][T10847] Set syz1 is full, maxelem 65536 reached
[  224.307328][T10887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'.
[  224.397334][T10893] batman_adv: batadv0: Removing interface: dummy0
[  224.411529][T10893] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  224.527466][T10899] FAULT_INJECTION: forcing a failure.
[  224.527466][T10899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.546532][T10899] CPU: 0 UID: 0 PID: 10899 Comm: syz.0.1928 Not tainted syzkaller #0 PREEMPT(full) 
[  224.546561][T10899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  224.546573][T10899] Call Trace:
[  224.546581][T10899]  <TASK>
[  224.546590][T10899]  dump_stack_lvl+0x189/0x250
[  224.546623][T10899]  ? __pfx____ratelimit+0x10/0x10
[  224.546653][T10899]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.546681][T10899]  ? __pfx__printk+0x10/0x10
[  224.546703][T10899]  ? __might_fault+0xb0/0x130
[  224.546744][T10899]  should_fail_ex+0x414/0x560
[  224.546780][T10899]  _copy_from_user+0x2d/0xb0
[  224.546808][T10899]  memdup_user+0x5e/0xd0
[  224.546832][T10899]  do_vfs_ioctl+0xf66/0x1430
[  224.546857][T10899]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  224.546884][T10899]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  224.546950][T10899]  ? __fget_files+0x2a/0x420
[  224.546975][T10899]  ? __fget_files+0x3a0/0x420
[  224.546993][T10899]  ? __fget_files+0x2a/0x420
[  224.547016][T10899]  ? bpf_lsm_file_ioctl+0x9/0x20
[  224.547044][T10899]  __se_sys_ioctl+0x82/0x170
[  224.547073][T10899]  do_syscall_64+0xfa/0xfa0
[  224.547103][T10899]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.547133][T10899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.547153][T10899]  ? clear_bhb_loop+0x60/0xb0
[  224.547177][T10899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.547197][T10899] RIP: 0033:0x7f68b038f6c9
[  224.547215][T10899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.547231][T10899] RSP: 002b:00007f68b123a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  224.547261][T10899] RAX: ffffffffffffffda RBX: 00007f68b05e5fa0 RCX: 00007f68b038f6c9
[  224.547276][T10899] RDX: 00002000000005c0 RSI: 00000000c0189436 RDI: 0000000000000003
[  224.547289][T10899] RBP: 00007f68b123a090 R08: 0000000000000000 R09: 0000000000000000
[  224.547302][T10899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.547314][T10899] R13: 00007f68b05e6038 R14: 00007f68b05e5fa0 R15: 00007ffeb439e518
[  224.547347][T10899]  </TASK>
[  224.893550][T10908] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1930'.
[  225.081944][T10919] netlink: 'syz.3.1935': attribute type 10 has an invalid length.
[  225.330975][T10936] wg2 speed is unknown, defaulting to 1000
[  225.394291][T10938] FAULT_INJECTION: forcing a failure.
[  225.394291][T10938] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.411732][T10938] CPU: 1 UID: 0 PID: 10938 Comm: syz.2.1943 Not tainted syzkaller #0 PREEMPT(full) 
[  225.411761][T10938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  225.411773][T10938] Call Trace:
[  225.411782][T10938]  <TASK>
[  225.411791][T10938]  dump_stack_lvl+0x189/0x250
[  225.411825][T10938]  ? __pfx____ratelimit+0x10/0x10
[  225.411856][T10938]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.411885][T10938]  ? __pfx__printk+0x10/0x10
[  225.411914][T10938]  ? __might_fault+0xb0/0x130
[  225.411955][T10938]  should_fail_ex+0x414/0x560
[  225.411992][T10938]  _copy_from_user+0x2d/0xb0
[  225.412021][T10938]  ___sys_sendmsg+0x158/0x2a0
[  225.412048][T10938]  ? __pfx____sys_sendmsg+0x10/0x10
[  225.412112][T10938]  ? __fget_files+0x2a/0x420
[  225.412131][T10938]  ? __fget_files+0x3a0/0x420
[  225.412163][T10938]  __sys_sendmmsg+0x227/0x430
[  225.412193][T10938]  ? __pfx___sys_sendmmsg+0x10/0x10
[  225.412228][T10938]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  225.412280][T10938]  ? ksys_write+0x22a/0x250
[  225.412312][T10938]  ? __pfx_ksys_write+0x10/0x10
[  225.412347][T10938]  __x64_sys_sendmmsg+0xa0/0xc0
[  225.412373][T10938]  do_syscall_64+0xfa/0xfa0
[  225.412404][T10938]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.412432][T10938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.412452][T10938]  ? clear_bhb_loop+0x60/0xb0
[  225.412478][T10938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.412498][T10938] RIP: 0033:0x7f69b3f8f6c9
[  225.412517][T10938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.412534][T10938] RSP: 002b:00007f69b4eaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  225.412557][T10938] RAX: ffffffffffffffda RBX: 00007f69b41e6090 RCX: 00007f69b3f8f6c9
[  225.412578][T10938] RDX: 00000000ffffff80 RSI: 0000200000004100 RDI: 000000000000000d
[  225.412591][T10938] RBP: 00007f69b4eaf090 R08: 0000000000000000 R09: 0000000000000000
[  225.412604][T10938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.412616][T10938] R13: 00007f69b41e6128 R14: 00007f69b41e6090 R15: 00007ffc6b7dc498
[  225.412652][T10938]  </TASK>
[  225.642209][T10937] __nla_validate_parse: 6 callbacks suppressed
[  225.642230][T10937] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1942'.
[  225.658003][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804f785c00: rx timeout, send abort
[  225.681259][T10940] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1944'.
[  225.819236][T10942] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  225.861377][T10942] netlink: 'syz.4.1945': attribute type 5 has an invalid length.
[  225.866388][T10936] wg1 speed is unknown, defaulting to 1000
[  225.876156][T10933] wg2 speed is unknown, defaulting to 1000
[  225.884088][T10936] lo speed is unknown, defaulting to 1000
[  225.885185][T10942] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.1945'.
[  225.906150][T10942] openvswitch: netlink: Missing key (keys=40, expected=100)
[  226.166271][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804f785c00: abort rx timeout. Force session deactivation
[  226.219439][T10933] wg1 speed is unknown, defaulting to 1000
[  226.282213][T10957] FAULT_INJECTION: forcing a failure.
[  226.282213][T10957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.312409][T10957] CPU: 0 UID: 0 PID: 10957 Comm: syz.1.1951 Not tainted syzkaller #0 PREEMPT(full) 
[  226.312439][T10957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  226.312452][T10957] Call Trace:
[  226.312460][T10957]  <TASK>
[  226.312470][T10957]  dump_stack_lvl+0x189/0x250
[  226.312505][T10957]  ? __pfx____ratelimit+0x10/0x10
[  226.312535][T10957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.312563][T10957]  ? __pfx__printk+0x10/0x10
[  226.312598][T10957]  should_fail_ex+0x414/0x560
[  226.312635][T10957]  _copy_to_user+0x31/0xb0
[  226.312664][T10957]  simple_read_from_buffer+0xe1/0x170
[  226.312701][T10957]  proc_fail_nth_read+0x1b3/0x220
[  226.312731][T10957]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  226.312761][T10957]  ? rw_verify_area+0x2a6/0x4d0
[  226.312789][T10957]  ? __lock_acquire+0xab9/0xd20
[  226.312807][T10957]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  226.312843][T10957]  vfs_read+0x200/0xa30
[  226.312870][T10957]  ? fdget_pos+0x247/0x320
[  226.312894][T10957]  ? __pfx___mutex_lock+0x10/0x10
[  226.312914][T10957]  ? __pfx_vfs_read+0x10/0x10
[  226.312943][T10957]  ? __fget_files+0x2a/0x420
[  226.312968][T10957]  ? __fget_files+0x3a0/0x420
[  226.312986][T10957]  ? __fget_files+0x2a/0x420
[  226.313015][T10957]  ksys_read+0x145/0x250
[  226.313040][T10957]  ? __fget_files+0x2a/0x420
[  226.313061][T10957]  ? __pfx_ksys_read+0x10/0x10
[  226.313094][T10957]  ? do_syscall_64+0xbe/0xfa0
[  226.313128][T10957]  do_syscall_64+0xfa/0xfa0
[  226.313156][T10957]  ? lockdep_hardirqs_on+0x9c/0x150
[  226.313186][T10957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.313207][T10957]  ? clear_bhb_loop+0x60/0xb0
[  226.313232][T10957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.313252][T10957] RIP: 0033:0x7f43ba78e0dc
[  226.313270][T10957] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  226.313287][T10957] RSP: 002b:00007f43bb54c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  226.313310][T10957] RAX: ffffffffffffffda RBX: 00007f43ba9e5fa0 RCX: 00007f43ba78e0dc
[  226.313325][T10957] RDX: 000000000000000f RSI: 00007f43bb54c0a0 RDI: 0000000000000005
[  226.313337][T10957] RBP: 00007f43bb54c090 R08: 0000000000000000 R09: 0000000000000000
[  226.313350][T10957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.313362][T10957] R13: 00007f43ba9e6038 R14: 00007f43ba9e5fa0 R15: 00007ffcba6fcfb8
[  226.313398][T10957]  </TASK>
[  226.627964][T10933] lo speed is unknown, defaulting to 1000
[  226.640132][T10962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1952'.
[  227.034585][T10965] Set syz1 is full, maxelem 65536 reached
[  227.233260][T10976] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  227.562336][T10991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1962'.
[  227.633225][T10990] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  228.259784][T11005] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1967'.
[  228.659993][T11019] FAULT_INJECTION: forcing a failure.
[  228.659993][T11019] name failslab, interval 1, probability 0, space 0, times 0
[  228.679074][T11017] bond0: (slave dummy0): Releasing backup interface
[  228.679159][T11019] CPU: 1 UID: 0 PID: 11019 Comm: syz.4.1972 Not tainted syzkaller #0 PREEMPT(full) 
[  228.679186][T11019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  228.679200][T11019] Call Trace:
[  228.679211][T11019]  <TASK>
[  228.679221][T11019]  dump_stack_lvl+0x189/0x250
[  228.679262][T11019]  ? __pfx____ratelimit+0x10/0x10
[  228.679296][T11019]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.679330][T11019]  ? __pfx__printk+0x10/0x10
[  228.679363][T11019]  ? __pfx___might_resched+0x10/0x10
[  228.679389][T11019]  ? fs_reclaim_acquire+0x7d/0x100
[  228.679439][T11019]  should_fail_ex+0x414/0x560
[  228.679483][T11019]  should_failslab+0xa8/0x100
[  228.679510][T11019]  __kmalloc_cache_noprof+0x6f/0x6f0
[  228.679545][T11019]  ? __pfx___nla_validate_parse+0x10/0x10
[  228.679568][T11019]  ? l2tp_tunnel_create+0x92/0x3e0
[  228.679599][T11019]  l2tp_tunnel_create+0x92/0x3e0
[  228.679629][T11019]  l2tp_nl_cmd_tunnel_create+0x29b/0x950
[  228.679671][T11019]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  228.679708][T11019]  ? __nla_parse+0x40/0x60
[  228.679738][T11019]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  228.679783][T11019]  genl_family_rcv_msg_doit+0x215/0x300
[  228.679823][T11019]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  228.679880][T11019]  ? bpf_lsm_capable+0x9/0x20
[  228.679909][T11019]  ? security_capable+0x7e/0x2e0
[  228.679952][T11019]  genl_rcv_msg+0x60e/0x790
[  228.679991][T11019]  ? __pfx_genl_rcv_msg+0x10/0x10
[  228.680020][T11019]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  228.680073][T11019]  netlink_rcv_skb+0x208/0x470
[  228.680093][T11019]  ? __lock_acquire+0xab9/0xd20
[  228.680118][T11019]  ? __pfx_genl_rcv_msg+0x10/0x10
[  228.680151][T11019]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  228.680199][T11019]  ? down_read+0x1ad/0x2e0
[  228.680227][T11019]  genl_rcv+0x28/0x40
[  228.680255][T11019]  netlink_unicast+0x82f/0x9e0
[  228.680302][T11019]  ? __pfx_netlink_unicast+0x10/0x10
[  228.680339][T11019]  ? netlink_sendmsg+0x642/0xb30
[  228.680363][T11019]  ? skb_put+0x11b/0x210
[  228.680391][T11019]  netlink_sendmsg+0x805/0xb30
[  228.680428][T11019]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.680457][T11019]  ? aa_sock_msg_perm+0xf1/0x1d0
[  228.680495][T11019]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  228.680518][T11019]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.680545][T11019]  __sock_sendmsg+0x21c/0x270
[  228.680582][T11019]  ____sys_sendmsg+0x505/0x830
[  228.680619][T11019]  ? __pfx_____sys_sendmsg+0x10/0x10
[  228.680661][T11019]  ? import_iovec+0x74/0xa0
[  228.680696][T11019]  ___sys_sendmsg+0x21f/0x2a0
[  228.680727][T11019]  ? __pfx____sys_sendmsg+0x10/0x10
[  228.680801][T11019]  ? __fget_files+0x2a/0x420
[  228.680823][T11019]  ? __fget_files+0x3a0/0x420
[  228.680868][T11019]  __x64_sys_sendmsg+0x19b/0x260
[  228.680898][T11019]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  228.680937][T11019]  ? __pfx_ksys_write+0x10/0x10
[  228.680978][T11019]  ? do_syscall_64+0xbe/0xfa0
[  228.681017][T11019]  do_syscall_64+0xfa/0xfa0
[  228.681048][T11019]  ? lockdep_hardirqs_on+0x9c/0x150
[  228.681082][T11019]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.681106][T11019]  ? clear_bhb_loop+0x60/0xb0
[  228.681134][T11019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.681156][T11019] RIP: 0033:0x7f682478f6c9
[  228.681179][T11019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.681199][T11019] RSP: 002b:00007f68256b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  228.681225][T11019] RAX: ffffffffffffffda RBX: 00007f68249e5fa0 RCX: 00007f682478f6c9
[  228.681241][T11019] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005
[  228.681257][T11019] RBP: 00007f68256b5090 R08: 0000000000000000 R09: 0000000000000000
[  228.681271][T11019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.681284][T11019] R13: 00007f68249e6038 R14: 00007f68249e5fa0 R15: 00007fff74ac82c8
[  228.681327][T11019]  </TASK>
[  229.124267][T11028] dummy0: left allmulticast mode
[  229.129415][T11028] bridge0: port 1(dummy0) entered disabled state
[  229.145961][T11028] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  229.177087][T11035] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  229.556565][T11057] FAULT_INJECTION: forcing a failure.
[  229.556565][T11057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.599143][T11057] CPU: 1 UID: 0 PID: 11057 Comm: syz.2.1985 Not tainted syzkaller #0 PREEMPT(full) 
[  229.599174][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  229.599188][T11057] Call Trace:
[  229.599197][T11057]  <TASK>
[  229.599206][T11057]  dump_stack_lvl+0x189/0x250
[  229.599240][T11057]  ? __pfx____ratelimit+0x10/0x10
[  229.599271][T11057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.599299][T11057]  ? __pfx__printk+0x10/0x10
[  229.599333][T11057]  should_fail_ex+0x414/0x560
[  229.599371][T11057]  _copy_to_user+0x31/0xb0
[  229.599401][T11057]  simple_read_from_buffer+0xe1/0x170
[  229.599438][T11057]  proc_fail_nth_read+0x1b3/0x220
[  229.599469][T11057]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  229.599500][T11057]  ? rw_verify_area+0x2a6/0x4d0
[  229.599526][T11057]  ? __lock_acquire+0xab9/0xd20
[  229.599545][T11057]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  229.599574][T11057]  vfs_read+0x200/0xa30
[  229.599601][T11057]  ? fdget_pos+0x247/0x320
[  229.599626][T11057]  ? __pfx___mutex_lock+0x10/0x10
[  229.599646][T11057]  ? __pfx_vfs_read+0x10/0x10
[  229.599676][T11057]  ? __fget_files+0x2a/0x420
[  229.599701][T11057]  ? __fget_files+0x3a0/0x420
[  229.599719][T11057]  ? __fget_files+0x2a/0x420
[  229.599748][T11057]  ksys_read+0x145/0x250
[  229.599779][T11057]  ? __pfx_ksys_read+0x10/0x10
[  229.599820][T11057]  ? do_syscall_64+0xbe/0xfa0
[  229.599856][T11057]  do_syscall_64+0xfa/0xfa0
[  229.599886][T11057]  ? lockdep_hardirqs_on+0x9c/0x150
[  229.599915][T11057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.599934][T11057]  ? clear_bhb_loop+0x60/0xb0
[  229.599958][T11057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.599978][T11057] RIP: 0033:0x7f69b3f8e0dc
[  229.599996][T11057] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  229.600014][T11057] RSP: 002b:00007f69b4ed0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  229.600035][T11057] RAX: ffffffffffffffda RBX: 00007f69b41e5fa0 RCX: 00007f69b3f8e0dc
[  229.600050][T11057] RDX: 000000000000000f RSI: 00007f69b4ed00a0 RDI: 0000000000000005
[  229.600064][T11057] RBP: 00007f69b4ed0090 R08: 0000000000000000 R09: 0000000000000000
[  229.600077][T11057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  229.600089][T11057] R13: 00007f69b41e6038 R14: 00007f69b41e5fa0 R15: 00007ffc6b7dc498
[  229.600136][T11057]  </TASK>
[  229.966744][T11071] batman_adv: batadv0: Removing interface: dummy0
[  229.980965][T11071] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  230.334203][T11094] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2003'.
[  230.512748][T11105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2004'.
[  230.673022][T11115] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  230.981920][T11138] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  231.135797][T11146] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2022'.
[  231.165485][T11146] IPVS: Unknown mcast interface: vetN1_macvtap
[  231.345355][T11156] FAULT_INJECTION: forcing a failure.
[  231.345355][T11156] name failslab, interval 1, probability 0, space 0, times 0
[  231.375113][T11156] CPU: 1 UID: 0 PID: 11156 Comm: syz.1.2027 Not tainted syzkaller #0 PREEMPT(full) 
[  231.375141][T11156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  231.375155][T11156] Call Trace:
[  231.375164][T11156]  <TASK>
[  231.375173][T11156]  dump_stack_lvl+0x189/0x250
[  231.375207][T11156]  ? __pfx____ratelimit+0x10/0x10
[  231.375238][T11156]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.375267][T11156]  ? __pfx__printk+0x10/0x10
[  231.375291][T11156]  ? __pfx___might_resched+0x10/0x10
[  231.375315][T11156]  ? fs_reclaim_acquire+0x7d/0x100
[  231.375352][T11156]  should_fail_ex+0x414/0x560
[  231.375399][T11156]  ? __pfx_sock_alloc_inode+0x10/0x10
[  231.375427][T11156]  should_failslab+0xa8/0x100
[  231.375450][T11156]  ? __pfx_sock_alloc_inode+0x10/0x10
[  231.375476][T11156]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[  231.375506][T11156]  ? sock_alloc_inode+0x28/0xc0
[  231.375539][T11156]  ? __pfx_sock_alloc_inode+0x10/0x10
[  231.375565][T11156]  sock_alloc_inode+0x28/0xc0
[  231.375592][T11156]  alloc_inode+0x6a/0x1b0
[  231.375626][T11156]  __sock_create+0x12d/0x9f0
[  231.375668][T11156]  l2tp_tunnel_register+0x33b/0x1320
[  231.375705][T11156]  ? __pfx_l2tp_tunnel_register+0x10/0x10
[  231.375742][T11156]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  231.375772][T11156]  ? lockdep_hardirqs_on+0x9c/0x150
[  231.375803][T11156]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  231.375831][T11156]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  231.375871][T11156]  ? l2tp_tunnel_create+0x249/0x3e0
[  231.375888][T11156]  ? l2tp_tunnel_create+0x2d3/0x3e0
[  231.375912][T11156]  l2tp_nl_cmd_tunnel_create+0x331/0x950
[  231.375948][T11156]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  231.375981][T11156]  ? __nla_parse+0x40/0x60
[  231.376008][T11156]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  231.376046][T11156]  genl_family_rcv_msg_doit+0x215/0x300
[  231.376082][T11156]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  231.376125][T11156]  ? bpf_lsm_capable+0x9/0x20
[  231.376150][T11156]  ? security_capable+0x7e/0x2e0
[  231.376186][T11156]  genl_rcv_msg+0x60e/0x790
[  231.376220][T11156]  ? __pfx_genl_rcv_msg+0x10/0x10
[  231.376246][T11156]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  231.376277][T11156]  ? __asan_memcpy+0x40/0x70
[  231.376304][T11156]  ? __pfx_ref_tracker_free+0x10/0x10
[  231.376333][T11156]  netlink_rcv_skb+0x208/0x470
[  231.376352][T11156]  ? __lock_acquire+0xab9/0xd20
[  231.376380][T11156]  ? __pfx_genl_rcv_msg+0x10/0x10
[  231.376409][T11156]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  231.376452][T11156]  ? down_read+0x1ad/0x2e0
[  231.376476][T11156]  genl_rcv+0x28/0x40
[  231.376500][T11156]  netlink_unicast+0x82f/0x9e0
[  231.376542][T11156]  ? __pfx_netlink_unicast+0x10/0x10
[  231.376575][T11156]  ? netlink_sendmsg+0x642/0xb30
[  231.376594][T11156]  ? skb_put+0x11b/0x210
[  231.376619][T11156]  netlink_sendmsg+0x805/0xb30
[  231.376653][T11156]  ? __pfx_netlink_sendmsg+0x10/0x10
[  231.376679][T11156]  ? aa_sock_msg_perm+0xf1/0x1d0
[  231.376712][T11156]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  231.376732][T11156]  ? __pfx_netlink_sendmsg+0x10/0x10
[  231.376755][T11156]  __sock_sendmsg+0x21c/0x270
[  231.376787][T11156]  ____sys_sendmsg+0x505/0x830
[  231.376817][T11156]  ? __pfx_____sys_sendmsg+0x10/0x10
[  231.376851][T11156]  ? import_iovec+0x74/0xa0
[  231.376882][T11156]  ___sys_sendmsg+0x21f/0x2a0
[  231.376908][T11156]  ? __pfx____sys_sendmsg+0x10/0x10
[  231.376974][T11156]  ? __fget_files+0x2a/0x420
[  231.376993][T11156]  ? __fget_files+0x3a0/0x420
[  231.377025][T11156]  __x64_sys_sendmsg+0x19b/0x260
[  231.377052][T11156]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  231.377087][T11156]  ? __pfx_ksys_write+0x10/0x10
[  231.377122][T11156]  ? do_syscall_64+0xbe/0xfa0
[  231.377157][T11156]  do_syscall_64+0xfa/0xfa0
[  231.377185][T11156]  ? lockdep_hardirqs_on+0x9c/0x150
[  231.377215][T11156]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.377236][T11156]  ? clear_bhb_loop+0x60/0xb0
[  231.377261][T11156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.377281][T11156] RIP: 0033:0x7f43ba78f6c9
[  231.377300][T11156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.377318][T11156] RSP: 002b:00007f43bb54c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  231.377340][T11156] RAX: ffffffffffffffda RBX: 00007f43ba9e5fa0 RCX: 00007f43ba78f6c9
[  231.377355][T11156] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005
[  231.377373][T11156] RBP: 00007f43bb54c090 R08: 0000000000000000 R09: 0000000000000000
[  231.377385][T11156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.377397][T11156] R13: 00007f43ba9e6038 R14: 00007f43ba9e5fa0 R15: 00007ffcba6fcfb8
[  231.377434][T11156]  </TASK>
[  231.377446][T11156] socket: no more sockets
[  231.511890][T11160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2028'.
[  231.627866][T11162] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2026'.
[  231.836393][T11131] syzkaller0: entered promiscuous mode
[  231.903937][T11131] syzkaller0: entered allmulticast mode
[  232.043142][T11138] tipc: Resetting bearer <eth:syzkaller0>
[  232.097705][T11138] tipc: Disabling bearer <eth:syzkaller0>
[  232.144067][T11184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2036'.
[  232.171544][T11184] IPVS: Unknown mcast interface: ip
[  232.186319][T11187] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2034'.
[  232.200206][T11182] wg2 speed is unknown, defaulting to 1000
[  232.303835][T11187] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2034'.
[  232.752702][T11182] wg1 speed is unknown, defaulting to 1000
[  232.775446][T11182] lo speed is unknown, defaulting to 1000
[  233.082932][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2049'.
[  233.097110][T11218] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  234.204241][T11258] FAULT_INJECTION: forcing a failure.
[  234.204241][T11258] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.219701][T11258] CPU: 0 UID: 0 PID: 11258 Comm: syz.4.2062 Not tainted syzkaller #0 PREEMPT(full) 
[  234.219730][T11258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  234.219743][T11258] Call Trace:
[  234.219751][T11258]  <TASK>
[  234.219760][T11258]  dump_stack_lvl+0x189/0x250
[  234.219794][T11258]  ? __pfx____ratelimit+0x10/0x10
[  234.219824][T11258]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.219852][T11258]  ? __pfx__printk+0x10/0x10
[  234.219877][T11258]  ? __might_fault+0xb0/0x130
[  234.219918][T11258]  should_fail_ex+0x414/0x560
[  234.219956][T11258]  _copy_from_user+0x2d/0xb0
[  234.219983][T11258]  __sys_bpf+0x1e3/0x860
[  234.220007][T11258]  ? __pfx___sys_bpf+0x10/0x10
[  234.220045][T11258]  ? ksys_write+0x22a/0x250
[  234.220076][T11258]  ? __pfx_ksys_write+0x10/0x10
[  234.220112][T11258]  __x64_sys_bpf+0x7c/0x90
[  234.220150][T11258]  do_syscall_64+0xfa/0xfa0
[  234.220179][T11258]  ? lockdep_hardirqs_on+0x9c/0x150
[  234.220209][T11258]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.220230][T11258]  ? clear_bhb_loop+0x60/0xb0
[  234.220255][T11258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.220275][T11258] RIP: 0033:0x7f682478f6c9
[  234.220293][T11258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.220311][T11258] RSP: 002b:00007f68256b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  234.220334][T11258] RAX: ffffffffffffffda RBX: 00007f68249e5fa0 RCX: 00007f682478f6c9
[  234.220349][T11258] RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005
[  234.220362][T11258] RBP: 00007f68256b5090 R08: 0000000000000000 R09: 0000000000000000
[  234.220375][T11258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.220387][T11258] R13: 00007f68249e6038 R14: 00007f68249e5fa0 R15: 00007fff74ac82c8
[  234.220421][T11258]  </TASK>
[  234.287134][T11261] 
: renamed from bond_slave_0
[  234.459788][T11260] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  234.813077][T11281] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  235.238125][T11302] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2077'.
[  235.473327][T11312] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  235.756125][T11326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2085'.
[  236.180844][T11338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  236.586734][T11367] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.2101'.
[  236.669653][T11371] FAULT_INJECTION: forcing a failure.
[  236.669653][T11371] name failslab, interval 1, probability 0, space 0, times 0
[  236.685526][T11371] CPU: 0 UID: 0 PID: 11371 Comm: syz.0.2104 Not tainted syzkaller #0 PREEMPT(full) 
[  236.685556][T11371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  236.685570][T11371] Call Trace:
[  236.685578][T11371]  <TASK>
[  236.685587][T11371]  dump_stack_lvl+0x189/0x250
[  236.685622][T11371]  ? __pfx____ratelimit+0x10/0x10
[  236.685653][T11371]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.685682][T11371]  ? __pfx__printk+0x10/0x10
[  236.685711][T11371]  ? __pfx___might_resched+0x10/0x10
[  236.685739][T11371]  should_fail_ex+0x414/0x560
[  236.685776][T11371]  should_failslab+0xa8/0x100
[  236.685800][T11371]  kmem_cache_alloc_node_noprof+0x77/0x710
[  236.685829][T11371]  ? __alloc_skb+0x112/0x2d0
[  236.685856][T11371]  __alloc_skb+0x112/0x2d0
[  236.685881][T11371]  netlink_ack+0x146/0xa50
[  236.685899][T11371]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.685937][T11371]  ? __asan_memcpy+0x40/0x70
[  236.685964][T11371]  ? __pfx_ref_tracker_free+0x10/0x10
[  236.685993][T11371]  netlink_rcv_skb+0x28c/0x470
[  236.686012][T11371]  ? __lock_acquire+0xab9/0xd20
[  236.686033][T11371]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.686062][T11371]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  236.686104][T11371]  ? down_read+0x1ad/0x2e0
[  236.686129][T11371]  genl_rcv+0x28/0x40
[  236.686153][T11371]  netlink_unicast+0x82f/0x9e0
[  236.686194][T11371]  ? __pfx_netlink_unicast+0x10/0x10
[  236.686228][T11371]  ? netlink_sendmsg+0x642/0xb30
[  236.686247][T11371]  ? skb_put+0x11b/0x210
[  236.686272][T11371]  netlink_sendmsg+0x805/0xb30
[  236.686304][T11371]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.686330][T11371]  ? aa_sock_msg_perm+0xf1/0x1d0
[  236.686363][T11371]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  236.686383][T11371]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.686406][T11371]  __sock_sendmsg+0x21c/0x270
[  236.686440][T11371]  ____sys_sendmsg+0x505/0x830
[  236.686470][T11371]  ? __pfx_____sys_sendmsg+0x10/0x10
[  236.686504][T11371]  ? import_iovec+0x74/0xa0
[  236.686539][T11371]  ___sys_sendmsg+0x21f/0x2a0
[  236.686565][T11371]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.686629][T11371]  ? __fget_files+0x2a/0x420
[  236.686648][T11371]  ? __fget_files+0x3a0/0x420
[  236.686680][T11371]  __x64_sys_sendmsg+0x19b/0x260
[  236.686706][T11371]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  236.686741][T11371]  ? __pfx_ksys_write+0x10/0x10
[  236.686776][T11371]  ? do_syscall_64+0xbe/0xfa0
[  236.686810][T11371]  do_syscall_64+0xfa/0xfa0
[  236.686839][T11371]  ? lockdep_hardirqs_on+0x9c/0x150
[  236.686869][T11371]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.686890][T11371]  ? clear_bhb_loop+0x60/0xb0
[  236.686916][T11371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.686943][T11371] RIP: 0033:0x7f68b038f6c9
[  236.686962][T11371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.686980][T11371] RSP: 002b:00007f68b123a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  236.687002][T11371] RAX: ffffffffffffffda RBX: 00007f68b05e5fa0 RCX: 00007f68b038f6c9
[  236.687017][T11371] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005
[  236.687031][T11371] RBP: 00007f68b123a090 R08: 0000000000000000 R09: 0000000000000000
[  236.687044][T11371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  236.687056][T11371] R13: 00007f68b05e6038 R14: 00007f68b05e5fa0 R15: 00007ffeb439e518
[  236.687093][T11371]  </TASK>
[  237.235044][T11389] netlink: 'syz.4.2112': attribute type 9 has an invalid length.
[  237.252000][T11389] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2112'.
[  237.408808][T11398] netlink: 'syz.0.2116': attribute type 1 has an invalid length.
[  237.528529][T11398] bond2: entered promiscuous mode
[  237.533770][T11398] bond2: entered allmulticast mode
[  237.558888][T11404] bridge1: entered promiscuous mode
[  237.564432][T11404] bridge1: entered allmulticast mode
[  237.574177][T11404] bond2: (slave bridge1): making interface the new active one
[  237.583981][T11404] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  237.759506][T11419] batadv1: entered promiscuous mode
[  237.880830][T11428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2125'.
[  238.204937][T11419] wg2 speed is unknown, defaulting to 1000
[  238.231662][T11440] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2135'.
[  238.361617][T11449] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2136'.
[  238.381641][T11451] FAULT_INJECTION: forcing a failure.
[  238.381641][T11451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.402830][T11451] CPU: 1 UID: 0 PID: 11451 Comm: syz.4.2137 Not tainted syzkaller #0 PREEMPT(full) 
[  238.402861][T11451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  238.402874][T11451] Call Trace:
[  238.402883][T11451]  <TASK>
[  238.402891][T11451]  dump_stack_lvl+0x189/0x250
[  238.402926][T11451]  ? __pfx____ratelimit+0x10/0x10
[  238.402956][T11451]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.402985][T11451]  ? __pfx__printk+0x10/0x10
[  238.403007][T11451]  ? __might_fault+0xb0/0x130
[  238.403049][T11451]  should_fail_ex+0x414/0x560
[  238.403087][T11451]  _copy_from_user+0x2d/0xb0
[  238.403116][T11451]  ___sys_sendmsg+0x158/0x2a0
[  238.403143][T11451]  ? __pfx____sys_sendmsg+0x10/0x10
[  238.403207][T11451]  ? __fget_files+0x2a/0x420
[  238.403227][T11451]  ? __fget_files+0x3a0/0x420
[  238.403258][T11451]  __x64_sys_sendmsg+0x19b/0x260
[  238.403285][T11451]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  238.403320][T11451]  ? __pfx_ksys_write+0x10/0x10
[  238.403355][T11451]  ? do_syscall_64+0xbe/0xfa0
[  238.403389][T11451]  do_syscall_64+0xfa/0xfa0
[  238.403417][T11451]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.403447][T11451]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.403468][T11451]  ? clear_bhb_loop+0x60/0xb0
[  238.403494][T11451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.403514][T11451] RIP: 0033:0x7f682478f6c9
[  238.403532][T11451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.403549][T11451] RSP: 002b:00007f68256b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  238.403571][T11451] RAX: ffffffffffffffda RBX: 00007f68249e5fa0 RCX: 00007f682478f6c9
[  238.403586][T11451] RDX: 0000000020000814 RSI: 00002000000001c0 RDI: 0000000000000003
[  238.403600][T11451] RBP: 00007f68256b5090 R08: 0000000000000000 R09: 0000000000000000
[  238.403613][T11451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.403625][T11451] R13: 00007f68249e6038 R14: 00007f68249e5fa0 R15: 00007fff74ac82c8
[  238.403661][T11451]  </TASK>
[  238.725701][T11456] sctp: [Deprecated]: syz.2.2138 (pid 11456) Use of int in maxseg socket option.
[  238.725701][T11456] Use struct sctp_assoc_value instead
[  238.821391][T11419] wg1 speed is unknown, defaulting to 1000
[  238.829246][T11419] lo speed is unknown, defaulting to 1000
[  239.275202][T11476] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2148'.
[  239.373100][T11483] FAULT_INJECTION: forcing a failure.
[  239.373100][T11483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.391357][T11483] CPU: 1 UID: 0 PID: 11483 Comm: syz.3.2151 Not tainted syzkaller #0 PREEMPT(full) 
[  239.391385][T11483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  239.391398][T11483] Call Trace:
[  239.391406][T11483]  <TASK>
[  239.391415][T11483]  dump_stack_lvl+0x189/0x250
[  239.391449][T11483]  ? __pfx____ratelimit+0x10/0x10
[  239.391479][T11483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.391507][T11483]  ? __pfx__printk+0x10/0x10
[  239.391544][T11483]  should_fail_ex+0x414/0x560
[  239.391582][T11483]  _copy_from_user+0x2d/0xb0
[  239.391610][T11483]  __copy_msghdr+0x3c5/0x5b0
[  239.391638][T11483]  ___sys_sendmsg+0x1a5/0x2a0
[  239.391664][T11483]  ? __pfx____sys_sendmsg+0x10/0x10
[  239.391727][T11483]  ? __fget_files+0x2a/0x420
[  239.391747][T11483]  ? __fget_files+0x3a0/0x420
[  239.391779][T11483]  __x64_sys_sendmsg+0x19b/0x260
[  239.391805][T11483]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  239.391840][T11483]  ? __pfx_ksys_write+0x10/0x10
[  239.391874][T11483]  ? do_syscall_64+0xbe/0xfa0
[  239.391908][T11483]  do_syscall_64+0xfa/0xfa0
[  239.391937][T11483]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.391966][T11483]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.391993][T11483]  ? clear_bhb_loop+0x60/0xb0
[  239.392018][T11483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.392038][T11483] RIP: 0033:0x7feee078f6c9
[  239.392056][T11483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.392074][T11483] RSP: 002b:00007feee15d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  239.392096][T11483] RAX: ffffffffffffffda RBX: 00007feee09e5fa0 RCX: 00007feee078f6c9
[  239.392111][T11483] RDX: 0000000020000814 RSI: 00002000000001c0 RDI: 0000000000000003
[  239.392125][T11483] RBP: 00007feee15d4090 R08: 0000000000000000 R09: 0000000000000000
[  239.392138][T11483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.392150][T11483] R13: 00007feee09e6038 R14: 00007feee09e5fa0 R15: 00007ffcbc578138
[  239.392185][T11483]  </TASK>
[  239.506459][T11488] geneve3: entered promiscuous mode
[  239.726632][T11496] FAULT_INJECTION: forcing a failure.
[  239.726632][T11496] name failslab, interval 1, probability 0, space 0, times 0
[  239.740562][T11496] CPU: 1 UID: 0 PID: 11496 Comm: syz.3.2157 Not tainted syzkaller #0 PREEMPT(full) 
[  239.740590][T11496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  239.740603][T11496] Call Trace:
[  239.740611][T11496]  <TASK>
[  239.740620][T11496]  dump_stack_lvl+0x189/0x250
[  239.740650][T11496]  ? __pfx____ratelimit+0x10/0x10
[  239.740689][T11496]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.740712][T11496]  ? __pfx__printk+0x10/0x10
[  239.740735][T11496]  ? __pfx___might_resched+0x10/0x10
[  239.740752][T11496]  ? fs_reclaim_acquire+0x7d/0x100
[  239.740783][T11496]  should_fail_ex+0x414/0x560
[  239.740814][T11496]  should_failslab+0xa8/0x100
[  239.740832][T11496]  kmem_cache_alloc_node_noprof+0x77/0x710
[  239.740856][T11496]  ? __alloc_skb+0x112/0x2d0
[  239.740878][T11496]  __alloc_skb+0x112/0x2d0
[  239.740897][T11496]  netlink_sendmsg+0x5c6/0xb30
[  239.740925][T11496]  ? __pfx_netlink_sendmsg+0x10/0x10
[  239.740945][T11496]  ? aa_sock_msg_perm+0xf1/0x1d0
[  239.740972][T11496]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  239.740988][T11496]  ? __pfx_netlink_sendmsg+0x10/0x10
[  239.741006][T11496]  __sock_sendmsg+0x21c/0x270
[  239.741033][T11496]  ____sys_sendmsg+0x505/0x830
[  239.741056][T11496]  ? __pfx_____sys_sendmsg+0x10/0x10
[  239.741083][T11496]  ? import_iovec+0x74/0xa0
[  239.741107][T11496]  ___sys_sendmsg+0x21f/0x2a0
[  239.741128][T11496]  ? __pfx____sys_sendmsg+0x10/0x10
[  239.741177][T11496]  ? __fget_files+0x2a/0x420
[  239.741192][T11496]  ? __fget_files+0x3a0/0x420
[  239.741216][T11496]  __x64_sys_sendmsg+0x19b/0x260
[  239.741238][T11496]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  239.741265][T11496]  ? __pfx_ksys_write+0x10/0x10
[  239.741292][T11496]  ? do_syscall_64+0xbe/0xfa0
[  239.741320][T11496]  do_syscall_64+0xfa/0xfa0
[  239.741344][T11496]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.741368][T11496]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.741384][T11496]  ? clear_bhb_loop+0x60/0xb0
[  239.741405][T11496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.741421][T11496] RIP: 0033:0x7feee078f6c9
[  239.741436][T11496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.741450][T11496] RSP: 002b:00007feee15d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  239.741469][T11496] RAX: ffffffffffffffda RBX: 00007feee09e5fa0 RCX: 00007feee078f6c9
[  239.741481][T11496] RDX: 00000000200080b4 RSI: 0000200000001a40 RDI: 0000000000000003
[  239.741492][T11496] RBP: 00007feee15d4090 R08: 0000000000000000 R09: 0000000000000000
[  239.741502][T11496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.741512][T11496] R13: 00007feee09e6038 R14: 00007feee09e5fa0 R15: 00007ffcbc578138
[  239.741540][T11496]  </TASK>
[  240.223439][T11505] pim6reg1: entered promiscuous mode
[  240.228882][T11505] pim6reg1: entered allmulticast mode
[  240.323287][T11510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2161'.
[  240.734459][T11505] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2161'.
[  240.966364][T11510] syz.4.2161 (11510) used greatest stack depth: 17832 bytes left
[  240.980254][T11520] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2160'.
[  241.135709][T11525] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  241.156320][T11525] syzkaller0: entered promiscuous mode
[  241.163095][T11525] syzkaller0: entered allmulticast mode
[  241.207550][T11525] tipc: Resetting bearer <eth:syzkaller0>
[  241.241259][T11525] bridge2: entered allmulticast mode
[  241.356432][T11529] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  241.390143][T11524] tipc: Resetting bearer <eth:syzkaller0>
[  241.422731][T11524] tipc: Disabling bearer <eth:syzkaller0>
[  242.312950][T11580] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  242.344267][T11584] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.352537][T11584] bond0: (slave sit0): The slave device specified does not support setting the MAC address
[  242.389008][T11584] bond0: (slave sit0): Error -95 calling set_mac_address
[  242.419945][T11591] netlink: 'syz.2.2189': attribute type 29 has an invalid length.
[  242.471597][T11584] netlink: 'syz.2.2189': attribute type 29 has an invalid length.
[  242.491909][T11584] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2189'.
[  242.508181][T11577] veth0: entered promiscuous mode
[  242.601483][T11599] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2192'.
[  244.162804][T11594] tap0: tun_chr_ioctl cmd 21731
[  244.183065][T11618] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2201'.
[  244.365419][T11575] veth0: left promiscuous mode
[  244.574265][T11640] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2209'.
[  244.974811][T11661] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  245.639319][T11704] FAULT_INJECTION: forcing a failure.
[  245.639319][T11704] name failslab, interval 1, probability 0, space 0, times 0
[  245.659634][T11704] CPU: 1 UID: 0 PID: 11704 Comm: syz.0.2233 Not tainted syzkaller #0 PREEMPT(full) 
[  245.659661][T11704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  245.659687][T11704] Call Trace:
[  245.659696][T11704]  <TASK>
[  245.659705][T11704]  dump_stack_lvl+0x189/0x250
[  245.659740][T11704]  ? __pfx____ratelimit+0x10/0x10
[  245.659770][T11704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.659797][T11704]  ? __pfx__printk+0x10/0x10
[  245.659824][T11704]  ? __pfx___might_resched+0x10/0x10
[  245.659856][T11704]  should_fail_ex+0x414/0x560
[  245.659892][T11704]  should_failslab+0xa8/0x100
[  245.659915][T11704]  kmem_cache_alloc_node_noprof+0x77/0x710
[  245.659944][T11704]  ? __alloc_skb+0x112/0x2d0
[  245.659971][T11704]  __alloc_skb+0x112/0x2d0
[  245.659995][T11704]  netlink_ack+0x146/0xa50
[  245.660013][T11704]  ? __pfx_genl_rcv_msg+0x10/0x10
[  245.660045][T11704]  ? __asan_memcpy+0x40/0x70
[  245.660070][T11704]  ? __pfx_ref_tracker_free+0x10/0x10
[  245.660100][T11704]  netlink_rcv_skb+0x28c/0x470
[  245.660119][T11704]  ? __lock_acquire+0xab9/0xd20
[  245.660140][T11704]  ? __pfx_genl_rcv_msg+0x10/0x10
[  245.660169][T11704]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  245.660210][T11704]  ? down_read+0x1ad/0x2e0
[  245.660235][T11704]  genl_rcv+0x28/0x40
[  245.660259][T11704]  netlink_unicast+0x82f/0x9e0
[  245.660300][T11704]  ? __pfx_netlink_unicast+0x10/0x10
[  245.660335][T11704]  ? netlink_sendmsg+0x642/0xb30
[  245.660355][T11704]  ? skb_put+0x11b/0x210
[  245.660380][T11704]  netlink_sendmsg+0x805/0xb30
[  245.660413][T11704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.660449][T11704]  ? aa_sock_msg_perm+0xf1/0x1d0
[  245.660484][T11704]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  245.660503][T11704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.660526][T11704]  __sock_sendmsg+0x21c/0x270
[  245.660559][T11704]  ____sys_sendmsg+0x505/0x830
[  245.660589][T11704]  ? __pfx_____sys_sendmsg+0x10/0x10
[  245.660623][T11704]  ? import_iovec+0x74/0xa0
[  245.660654][T11704]  ___sys_sendmsg+0x21f/0x2a0
[  245.660681][T11704]  ? __pfx____sys_sendmsg+0x10/0x10
[  245.660744][T11704]  ? __fget_files+0x2a/0x420
[  245.660763][T11704]  ? __fget_files+0x3a0/0x420
[  245.660795][T11704]  __x64_sys_sendmsg+0x19b/0x260
[  245.660822][T11704]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  245.660856][T11704]  ? __pfx_ksys_write+0x10/0x10
[  245.660891][T11704]  ? do_syscall_64+0xbe/0xfa0
[  245.660926][T11704]  do_syscall_64+0xfa/0xfa0
[  245.660955][T11704]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.660985][T11704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.661006][T11704]  ? clear_bhb_loop+0x60/0xb0
[  245.661031][T11704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.661051][T11704] RIP: 0033:0x7f68b038f6c9
[  245.661070][T11704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.661087][T11704] RSP: 002b:00007f68b123a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  245.661109][T11704] RAX: ffffffffffffffda RBX: 00007f68b05e5fa0 RCX: 00007f68b038f6c9
[  245.661124][T11704] RDX: 00000000200080b4 RSI: 0000200000001a40 RDI: 0000000000000003
[  245.661137][T11704] RBP: 00007f68b123a090 R08: 0000000000000000 R09: 0000000000000000
[  245.661149][T11704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.661161][T11704] R13: 00007f68b05e6038 R14: 00007f68b05e5fa0 R15: 00007ffeb439e518
[  245.661196][T11704]  </TASK>
[  246.107463][T11712] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2236'.
[  246.479589][T11737] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  246.505540][T11740] syzkaller0: entered promiscuous mode
[  246.513646][T11740] syzkaller0: entered allmulticast mode
[  246.849313][T11764] xt_CT: You must specify a L4 protocol and not use inversions on it
[  246.866813][T11764] No such timeout policy "syz1"
[  246.905222][T11767] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  246.975684][T11772] syz.1.2258 uses old SIOCAX25GETINFO
[  247.243318][T11784] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  247.494667][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2273'.
[  247.517009][T11804] netlink: 'syz.0.2273': attribute type 29 has an invalid length.
[  247.533942][T11804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2273'.
[  247.896185][T11830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2282'.
[  247.952255][T11825] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  248.078771][T11838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2285'.
[  248.196596][T11844] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2288'.
[  248.318188][T11850] netlink: 'syz.4.2291': attribute type 4 has an invalid length.
[  248.461775][T11855] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  248.816286][T11879] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2303'.
[  249.136529][T11896] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2308'.
[  249.649235][T11917] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2316'.
[  249.799357][T11923] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  249.809181][T11923] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  250.025884][T11934] openvswitch: netlink: nsh attr 60 is out of range max 3
[  250.073652][T11934] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  250.313851][T11950] netlink: 'syz.4.2326': attribute type 2 has an invalid length.
[  250.347902][T11950] : entered promiscuous mode
[  250.359234][T11940] "syz.0.2324" (11940) uses obsolete ecb(arc4) skcipher
[  250.376505][T11950] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2326'.
[  250.501519][T11954] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2328'.
[  250.657131][T11958] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2329'.
[  250.807814][    C0] vcan0: j1939_tp_rxtimer: 0xffff888056dc8000: rx timeout, send abort
[  251.316188][    C0] vcan0: j1939_tp_rxtimer: 0xffff888056dc8000: abort rx timeout. Force session deactivation
[  251.432724][T11981] batadv1: entered promiscuous mode
[  252.058758][T11996] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[  252.518373][   T30] audit: type=1800 audit(1762556947.394:4): pid=12018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2354" name="$" dev="tmpfs" ino=2703 res=0 errno=0
[  252.944417][T12023] wg2 speed is unknown, defaulting to 1000
[  253.426061][T12043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2362'.
[  253.540726][T12049] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2359'.
[  253.613850][T12054] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2365'.
[  253.661089][T12023] wg1 speed is unknown, defaulting to 1000
[  253.680613][T12023] lo speed is unknown, defaulting to 1000
[  253.980512][T12068] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  254.117063][T12076] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2374'.
[  254.314427][T12081] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2377'.
[  254.323687][T12081] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2377'.
[  254.372764][T12085] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2378'.
[  254.625238][T12101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2383'.
[  254.634454][T12101] block nbd0: Unsupported socket: should be TCP or UNIX.
[  254.774471][T12095] 8021q: adding VLAN 0 to HW filter on device bond3
[  254.811108][T12096] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  255.071375][T12119] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  255.597119][T12130] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2392'.
[  255.689430][T12132] batadv_slave_0: entered promiscuous mode
[  255.705291][T12132] batman_adv: batadv0: Adding interface: macvtap2
[  255.712120][T12132] batman_adv: batadv0: Interface activated: macvtap2
[  255.826349][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.833642][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  255.982837][T12142] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  256.065932][T12156] netlink: 'syz.4.2400': attribute type 11 has an invalid length.
[  256.082041][T12163] netlink: 'syz.4.2400': attribute type 11 has an invalid length.
[  256.083065][T12160] geneve3: entered promiscuous mode
[  256.097244][T12160] geneve3: entered allmulticast mode
[  256.280092][T12171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2404'.
[  256.566035][T12183] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  256.736150][T12194] wg2 speed is unknown, defaulting to 1000
[  256.884538][T12197] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.958170][T12201] syz_tun: entered promiscuous mode
[  256.980137][T12201] macvtap4: entered promiscuous mode
[  256.992622][T12201] syz_tun: left promiscuous mode
[  257.049764][   T50] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  257.070991][   T50] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  257.117002][T12197] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.150026][T12194] wg1 speed is unknown, defaulting to 1000
[  257.150078][   T50] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  257.172296][   T50] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  257.187194][T12194] lo speed is unknown, defaulting to 1000
[  257.244322][T12197] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.414103][T12197] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.488645][T12215] wg2 speed is unknown, defaulting to 1000
[  257.606613][T12222] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  257.769791][   T36] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.807568][   T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.848234][   T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.904855][   T36] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.034283][T12215] wg1 speed is unknown, defaulting to 1000
[  258.123436][T12215] lo speed is unknown, defaulting to 1000
[  258.138717][T12239] syzkaller0: entered promiscuous mode
[  258.144708][T12239] syzkaller0: entered allmulticast mode
[  258.284840][T12248] Bluetooth: MGMT ver 1.23
[  258.805963][T12267] netlink: 'syz.0.2435': attribute type 1 has an invalid length.
[  258.832725][T12267] netlink: 'syz.0.2435': attribute type 3 has an invalid length.
[  258.860743][T12267] __nla_validate_parse: 8 callbacks suppressed
[  258.860762][T12267] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2435'.
[  258.964856][T12267] NCSI netlink: No device for ifindex 813332851
[  259.039670][T12261] syzkaller0: entered promiscuous mode
[  259.045296][T12261] syzkaller0: entered allmulticast mode
[  260.464846][T12277] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2438'.
[  260.491534][T12283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2441'.
[  260.521655][T12283] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2441'.
[  260.560919][T12283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2441'.
[  260.577614][T12283] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2441'.
[  261.073458][T12301] wg2 speed is unknown, defaulting to 1000
[  261.352700][T12314] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  261.452303][T12320] netlink: zone id is out of range
[  261.458707][T12320] netlink: zone id is out of range
[  261.486381][T12320] netlink: set zone limit has 8 unknown bytes
[  261.524337][T12301] wg1 speed is unknown, defaulting to 1000
[  261.533175][T12301] lo speed is unknown, defaulting to 1000
[  261.594038][T12299] netlink: 'syz.1.2448': attribute type 6 has an invalid length.
[  261.778172][T12323] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2454'.
[  262.632757][T12357] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2466'.
[  262.985872][T12371] wg2 speed is unknown, defaulting to 1000
[  263.187246][T12379] veth0: entered promiscuous mode
[  263.209261][T12380] netlink: 'syz.2.2474': attribute type 9 has an invalid length.
[  263.328470][T12379] netlink: 'syz.4.2472': attribute type 16 has an invalid length.
[  263.336865][T12379] netlink: 'syz.4.2472': attribute type 17 has an invalid length.
[  263.390563][T12379] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.409760][T12379] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  263.462791][  T981] lo speed is unknown, defaulting to 1000
[  263.468679][  T981] s
z1: Port: 1 Link ACTIVE
[  263.483162][ T5933] lo speed is unknown, defaulting to 1000
[  263.577824][T12395] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2479'.
[  263.605951][T12396] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2478'.
[  263.629449][T12371] wg1 speed is unknown, defaulting to 1000
[  263.635566][T12374] wg2 speed is unknown, defaulting to 1000
[  263.688511][T12371] lo speed is unknown, defaulting to 1000
[  263.913458][T12379] veth0: left promiscuous mode
[  263.969351][T12408] trusted_key: syz.1.2485 sent an empty control message without MSG_MORE.
[  263.994881][T12408] __nla_validate_parse: 2 callbacks suppressed
[  263.994910][T12408] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2485'.
[  264.032601][T12374] wg1 speed is unknown, defaulting to 1000
[  264.055409][T12408] tap0: tun_chr_ioctl cmd 2147783527
[  264.062157][T12408] tap0: tun_chr_ioctl cmd 2147767507
[  264.221164][T12374] lo speed is unknown, defaulting to 1000
[  264.497404][T12422] netlink: 'syz.1.2488': attribute type 4 has an invalid length.
[  265.115592][T12442] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  265.301185][T12450] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2497'.
[  265.354790][T12452] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2497'.
[  265.931602][T12473] wg2 speed is unknown, defaulting to 1000
[  265.975139][T12477] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2507'.
[  266.137744][T12482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2510'.
[  266.264855][T12491] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2514'.
[  266.335097][T12491] 8021q: adding VLAN 0 to HW filter on device bond3
[  266.419307][T12473] wg1 speed is unknown, defaulting to 1000
[  266.427354][T12473] lo speed is unknown, defaulting to 1000
[  266.576648][T12502] geneve0: entered promiscuous mode
[  266.599680][  T997] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 33892 - 0
[  266.616903][T12506] IPv4: Oversized IP packet from 127.202.26.0
[  266.632539][  T997] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 33892 - 0
[  266.649949][  T997] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 33892 - 0
[  266.658930][  T997] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 33892 - 0
[  266.718436][T12510] FAULT_INJECTION: forcing a failure.
[  266.718436][T12510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.760482][T12510] CPU: 0 UID: 0 PID: 12510 Comm: syz.0.2521 Not tainted syzkaller #0 PREEMPT(full) 
[  266.760511][T12510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  266.760524][T12510] Call Trace:
[  266.760532][T12510]  <TASK>
[  266.760542][T12510]  dump_stack_lvl+0x189/0x250
[  266.760573][T12510]  ? __pfx____ratelimit+0x10/0x10
[  266.760603][T12510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.760638][T12510]  ? __pfx__printk+0x10/0x10
[  266.760660][T12510]  ? __might_fault+0xb0/0x130
[  266.760700][T12510]  should_fail_ex+0x414/0x560
[  266.760735][T12510]  _copy_from_iter+0x1de/0x1790
[  266.760765][T12510]  ? rcu_is_watching+0x15/0xb0
[  266.760795][T12510]  ? kmalloc_reserve+0xbd/0x290
[  266.760817][T12510]  ? __pfx__copy_from_iter+0x10/0x10
[  266.760843][T12510]  ? __build_skb_around+0x262/0x3f0
[  266.760868][T12510]  ? netlink_sendmsg+0x642/0xb30
[  266.760888][T12510]  ? skb_put+0x11b/0x210
[  266.760913][T12510]  netlink_sendmsg+0x6b2/0xb30
[  266.760946][T12510]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.760971][T12510]  ? aa_sock_msg_perm+0xf1/0x1d0
[  266.761004][T12510]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  266.761024][T12510]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.761044][T12510]  __sock_sendmsg+0x21c/0x270
[  266.761076][T12510]  ____sys_sendmsg+0x505/0x830
[  266.761103][T12510]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.761137][T12510]  ? import_iovec+0x74/0xa0
[  266.761167][T12510]  ___sys_sendmsg+0x21f/0x2a0
[  266.761192][T12510]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.761254][T12510]  ? __fget_files+0x2a/0x420
[  266.761272][T12510]  ? __fget_files+0x3a0/0x420
[  266.761303][T12510]  __x64_sys_sendmsg+0x19b/0x260
[  266.761330][T12510]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  266.761369][T12510]  ? __pfx_ksys_write+0x10/0x10
[  266.761403][T12510]  ? do_syscall_64+0xbe/0xfa0
[  266.761439][T12510]  do_syscall_64+0xfa/0xfa0
[  266.761466][T12510]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.761495][T12510]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.761516][T12510]  ? clear_bhb_loop+0x60/0xb0
[  266.761542][T12510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.761562][T12510] RIP: 0033:0x7f68b038f6c9
[  266.761581][T12510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.761599][T12510] RSP: 002b:00007f68b123a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.761628][T12510] RAX: ffffffffffffffda RBX: 00007f68b05e5fa0 RCX: 00007f68b038f6c9
[  266.761643][T12510] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  266.761656][T12510] RBP: 00007f68b123a090 R08: 0000000000000000 R09: 0000000000000000
[  266.761668][T12510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.761679][T12510] R13: 00007f68b05e6038 R14: 00007f68b05e5fa0 R15: 00007ffeb439e518
[  266.761715][T12510]  </TASK>
[  267.271697][T12522] netlink: 'syz.4.2524': attribute type 1 has an invalid length.
[  267.276550][T12523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2523'.
[  267.375391][T12518] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2524'.
[  267.543190][T12539] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2528'.
[  267.600073][T12539] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2528'.
[  267.679325][T12545] netlink: 'syz.1.2533': attribute type 10 has an invalid length.
[  267.719197][T12535] wg2 speed is unknown, defaulting to 1000
[  267.882192][T12553] FAULT_INJECTION: forcing a failure.
[  267.882192][T12553] name failslab, interval 1, probability 0, space 0, times 0
[  267.948332][T12553] CPU: 1 UID: 0 PID: 12553 Comm: syz.4.2534 Not tainted syzkaller #0 PREEMPT(full) 
[  267.948362][T12553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  267.948375][T12553] Call Trace:
[  267.948384][T12553]  <TASK>
[  267.948394][T12553]  dump_stack_lvl+0x189/0x250
[  267.948428][T12553]  ? __pfx____ratelimit+0x10/0x10
[  267.948459][T12553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.948488][T12553]  ? __pfx__printk+0x10/0x10
[  267.948515][T12553]  ? __lock_acquire+0xab9/0xd20
[  267.948543][T12553]  should_fail_ex+0x414/0x560
[  267.948581][T12553]  should_failslab+0xa8/0x100
[  267.948605][T12553]  kmem_cache_alloc_noprof+0x74/0x6e0
[  267.948645][T12553]  ? skb_clone+0x212/0x3a0
[  267.948676][T12553]  skb_clone+0x212/0x3a0
[  267.948705][T12553]  __netlink_deliver_tap+0x404/0x850
[  267.948741][T12553]  ? netlink_deliver_tap+0x2e/0x1b0
[  267.948765][T12553]  netlink_deliver_tap+0x19c/0x1b0
[  267.948788][T12553]  netlink_unicast+0x7fa/0x9e0
[  267.948828][T12553]  ? __pfx_netlink_unicast+0x10/0x10
[  267.948861][T12553]  ? netlink_sendmsg+0x642/0xb30
[  267.948880][T12553]  ? skb_put+0x11b/0x210
[  267.948905][T12553]  netlink_sendmsg+0x805/0xb30
[  267.948937][T12553]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.948962][T12553]  ? aa_sock_msg_perm+0xf1/0x1d0
[  267.948995][T12553]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  267.949015][T12553]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.949038][T12553]  __sock_sendmsg+0x21c/0x270
[  267.949070][T12553]  ____sys_sendmsg+0x505/0x830
[  267.949099][T12553]  ? __pfx_____sys_sendmsg+0x10/0x10
[  267.949133][T12553]  ? import_iovec+0x74/0xa0
[  267.949164][T12553]  ___sys_sendmsg+0x21f/0x2a0
[  267.949191][T12553]  ? __pfx____sys_sendmsg+0x10/0x10
[  267.949256][T12553]  ? __fget_files+0x2a/0x420
[  267.949276][T12553]  ? __fget_files+0x3a0/0x420
[  267.949317][T12553]  __x64_sys_sendmsg+0x19b/0x260
[  267.949344][T12553]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  267.949378][T12553]  ? __pfx_ksys_write+0x10/0x10
[  267.949413][T12553]  ? do_syscall_64+0xbe/0xfa0
[  267.949448][T12553]  do_syscall_64+0xfa/0xfa0
[  267.949476][T12553]  ? lockdep_hardirqs_on+0x9c/0x150
[  267.949506][T12553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.949527][T12553]  ? clear_bhb_loop+0x60/0xb0
[  267.949552][T12553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.949572][T12553] RIP: 0033:0x7f682478f6c9
[  267.949592][T12553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.949617][T12553] RSP: 002b:00007f68256b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  267.949639][T12553] RAX: ffffffffffffffda RBX: 00007f68249e5fa0 RCX: 00007f682478f6c9
[  267.949654][T12553] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  267.949667][T12553] RBP: 00007f68256b5090 R08: 0000000000000000 R09: 0000000000000000
[  267.949679][T12553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.949698][T12553] R13: 00007f68249e6038 R14: 00007f68249e5fa0 R15: 00007fff74ac82c8
[  267.949733][T12553]  </TASK>
[  268.081748][T12535] wg1 speed is unknown, defaulting to 1000
[  268.272776][T12535] lo speed is unknown, defaulting to 1000
[  268.273030][T12550] wg2 speed is unknown, defaulting to 1000
[  268.988890][T12550] wg1 speed is unknown, defaulting to 1000
[  269.005919][T12550] lo speed is unknown, defaulting to 1000
[  269.267499][T12584] batadv3: entered promiscuous mode
[  269.354856][T12586] __nla_validate_parse: 2 callbacks suppressed
[  269.354877][T12586] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2546'.
[  269.696764][T12584] wg2 speed is unknown, defaulting to 1000
[  269.982896][T12604] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2551'.
[  270.003749][T12604] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2551'.
[  270.390956][T12613] x_tables: ip_tables: osf match: only valid for protocol 6
[  270.415433][T12613] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2553'.
[  270.800457][T12612] wg2 speed is unknown, defaulting to 1000
[  271.106533][T12584] wg1 speed is unknown, defaulting to 1000
[  271.108077][T12623] wg2 speed is unknown, defaulting to 1000
[  271.122008][T12584] lo speed is unknown, defaulting to 1000
[  271.132786][T12612] wg1 speed is unknown, defaulting to 1000
[  271.306844][T12631] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  271.640288][T12635] batadv1: entered promiscuous mode
[  271.742386][T12637] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2563'.
[  271.797842][T12612] lo speed is unknown, defaulting to 1000
[  271.954877][T12623] wg1 speed is unknown, defaulting to 1000
[  272.246904][T12623] lo speed is unknown, defaulting to 1000
[  273.973250][T12672] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  274.199789][T12671] tipc: Disabling bearer <eth:syzkaller0>
[  274.466986][T12684] batadv1: entered promiscuous mode
[  274.618748][T12690] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2576'.
[  275.179528][T12704] batadv1: entered promiscuous mode
[  275.371705][T12704] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2584'.
[  275.843553][T12716] wg2 speed is unknown, defaulting to 1000
[  276.592608][T12716] wg1 speed is unknown, defaulting to 1000
[  276.592621][T12726] wg2 speed is unknown, defaulting to 1000
[  276.612104][T12716] lo speed is unknown, defaulting to 1000
[  276.807997][T12751] netlink: 52951 bytes leftover after parsing attributes in process `syz.3.2598'.
[  277.034336][T12726] wg1 speed is unknown, defaulting to 1000
[  277.053424][T12726] lo speed is unknown, defaulting to 1000
[  277.490848][T12772] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2605'.
[  277.517998][T12780] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2604'.
[  277.564133][T12780] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2604'.
[  278.063912][T12800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2614'.
[  278.266868][T12804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2616'.
[  278.357615][T12811] batadv1: entered promiscuous mode
[  278.386680][T12812] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2618'.
[  278.485191][T12804] netlink: 'syz.3.2616': attribute type 7 has an invalid length.
[  278.500789][T12804] netlink: 'syz.3.2616': attribute type 8 has an invalid length.
[  278.732328][T12825] netlink: 'syz.1.2621': attribute type 1 has an invalid length.
[  278.947819][T12831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  279.393661][T12859] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2630'.
[  279.547387][T12864] batadv1: entered promiscuous mode
[  279.666634][T12871] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2635'.
[  279.781829][T12868] wg2 speed is unknown, defaulting to 1000
[  280.045459][T12886] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  280.197039][T12868] wg1 speed is unknown, defaulting to 1000
[  280.225198][T12888] batadv1: entered promiscuous mode
[  280.255816][T12868] lo speed is unknown, defaulting to 1000
[  280.324168][T12892] wg2 speed is unknown, defaulting to 1000
[  280.356805][T12897] netlink: 'syz.0.2642': attribute type 8 has an invalid length.
[  280.370482][T12898] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2640'.
[  280.408419][T12897] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2642'.
[  280.832029][T12892] wg1 speed is unknown, defaulting to 1000
[  280.840254][T12898] wg2 speed is unknown, defaulting to 1000
[  281.097666][T12892] lo speed is unknown, defaulting to 1000
[  281.247898][T12914] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2646'.
[  281.264490][T12914] netlink: 6 bytes leftover after parsing attributes in process `syz.4.2646'.
[  281.276089][T12914] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  281.476521][T12922] netlink: 'syz.2.2648': attribute type 2 has an invalid length.
[  281.501260][T12922] netlink: 'syz.2.2648': attribute type 1 has an invalid length.
[  281.537534][T12922] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2648'.
[  281.651859][T12898] wg1 speed is unknown, defaulting to 1000
[  281.669438][T12898] lo speed is unknown, defaulting to 1000
[  281.988502][T12935] syzkaller0: entered promiscuous mode
[  282.011391][T12939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2655'.
[  282.020463][T12935] syzkaller0: entered allmulticast mode
[  282.288801][T12948] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2659'.
[  284.198844][T12979] netlink: 'syz.0.2666': attribute type 13 has an invalid length.
[  284.272390][T12975] bond4: option arp_validate: invalid value (18446744073491447809)
[  284.333460][T12986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2669'.
[  284.347596][T12975] bond4 (unregistering): Released all slaves
[  284.656543][T12979] batman_adv: batadv0: Interface deactivated: dummy0
[  284.984047][T12987] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  285.008290][ T5909] wg2 speed is unknown, defaulting to 1000
[  285.015201][ T5909] syz0: Port: 1 Link DOWN
[  285.033589][   T50] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.059960][   T50] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.078868][ T5909] wg2 speed is unknown, defaulting to 1000
[  285.103061][   T50] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.127289][   T50] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.197965][T13002] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2674'.
[  285.384358][T13014] netdevsim netdevsim3: Direct firmware load for þ failed with error -2
[  285.399789][T13014] netdevsim netdevsim3: Falling back to sysfs fallback for: þ
[  285.508171][T13018] dvmrp0: entered allmulticast mode
[  285.549653][T13022] wg2 speed is unknown, defaulting to 1000
[  285.784803][T13022] wg1 speed is unknown, defaulting to 1000
[  285.792640][T13022] lo speed is unknown, defaulting to 1000
[  285.805271][T13034] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2685'.
[  285.814942][T13034] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2685'.
[  285.824102][T13034] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2685'.
[  285.925322][T13036] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  285.951091][T13038] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2687'.
[  286.043328][T13040] wg2 speed is unknown, defaulting to 1000
[  286.411751][T13047] "syz.3.2691" (13047) uses obsolete ecb(arc4) skcipher
[  286.567530][T13040] wg1 speed is unknown, defaulting to 1000
[  286.575540][T13040] lo speed is unknown, defaulting to 1000
[  286.589066][T13057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2694'.
[  286.644253][T13052] wg2 speed is unknown, defaulting to 1000
[  286.735308][T13059] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2696'.
[  287.056465][T13068] netlink: 'syz.3.2698': attribute type 3 has an invalid length.
[  287.228476][T13052] wg1 speed is unknown, defaulting to 1000
[  287.241277][T13052] lo speed is unknown, defaulting to 1000
[  287.696168][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  287.706112][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  287.714930][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  287.725587][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  287.735731][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  287.753973][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  287.774201][   T50] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 33892 - 0
[  287.785051][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  287.794779][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  287.803437][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  287.812181][ T5841] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  288.032378][   T50] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 33892 - 0
[  288.230806][   T50] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 33892 - 0
[  288.317318][T13072] wg2 speed is unknown, defaulting to 1000
[  288.356325][T13087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2705'.
[  288.471448][   T50] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 33892 - 0
[  288.876618][T13097] xt_TCPMSS: Only works on TCP SYN packets
[  288.963352][   T50] bond4 (unregistering): (slave ip6erspan0): Releasing active interface
[  289.277517][   T50] dvmrp0 (unregistering): left allmulticast mode
[  289.306337][   T50] bond5 (unregistering): (slave geneve3): Releasing backup interface
[  289.793195][   T50] bond0 (unregistering): Released all slaves
[  289.876332][   T50] bond1 (unregistering): (slave wlan0): Releasing active interface
[  289.885287][   T50] bond1 (unregistering): Released all slaves
[  289.890081][ T5841] Bluetooth: hci0: command tx timeout
[  289.971469][   T50] bond2 (unregistering): Released all slaves
[  290.054348][   T50] bond3 (unregistering): Released all slaves
[  290.137576][   T50] bond4 (unregistering): Released all slaves
[  290.152298][   T50] bond5 (unregistering): Released all slaves
[  290.251800][T13072] wg1 speed is unknown, defaulting to 1000
[  290.264614][T13072] lo speed is unknown, defaulting to 1000
[  290.283899][   T50] tipc: Disabling bearer <udp:£>
[  290.300715][   T50] tipc: Left network mode
[  290.409717][T13103] wg2 speed is unknown, defaulting to 1000
[  290.538614][T13110] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2712'.
[  290.565202][T13110] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2712'.
[  290.585003][T13110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2712'.
[  290.666892][T13113] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2714'.
[  290.939968][T13104] wg2 speed is unknown, defaulting to 1000
[  291.045514][T13124] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2718'.
[  291.302602][T13072] chnl_net:caif_netlink_parms(): no params data found
[  291.583943][T13143] netlink: 'syz.3.2725': attribute type 1 has an invalid length.
[  291.591940][T13143] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2725'.
[  291.606065][T13145] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2727'.
[  291.615628][T13104] wg1 speed is unknown, defaulting to 1000
[  291.723455][T13072] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.732751][T13072] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.741873][T13072] bridge_slave_0: entered allmulticast mode
[  291.756684][T13072] bridge_slave_0: entered promiscuous mode
[  291.775171][T13072] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.799124][T13072] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.816977][T13072] bridge_slave_1: entered allmulticast mode
[  291.840200][T13072] bridge_slave_1: entered promiscuous mode
[  291.876472][T13104] lo speed is unknown, defaulting to 1000
[  291.913420][T13103] wg1 speed is unknown, defaulting to 1000
[  291.971581][ T5841] Bluetooth: hci0: command tx timeout
[  292.063842][T13072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.136808][T13072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.322476][T13072] team0: Port device team_slave_0 added
[  292.354349][T13072] team0: Port device team_slave_1 added
[  292.474041][T13103] lo speed is unknown, defaulting to 1000
[  292.476052][T13072] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.497562][T13072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.528979][T13072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.580830][T13072] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.587924][T13072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.668369][T13072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.838851][T13072] hsr_slave_0: entered promiscuous mode
[  292.853875][T13072] hsr_slave_1: entered promiscuous mode
[  292.871271][T13072] debugfs: 'hsr0' already exists in 'hsr'
[  292.877242][T13072] Cannot create hsr debugfs directory
[  293.420865][   T50] hsr_slave_0: left promiscuous mode
[  293.431962][   T50] hsr_slave_1: left promiscuous mode
[  294.053174][ T5841] Bluetooth: hci0: command tx timeout
[  294.393321][T13238] netlink: 'syz.3.2754': attribute type 13 has an invalid length.
[  294.676301][T13205] dvmrp0: entered allmulticast mode
[  294.725203][T13237] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2754'.
[  295.353057][T13276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2762'.
[  295.362389][T13276] netlink: 'syz.0.2762': attribute type 1 has an invalid length.
[  295.426991][T13277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2762'.
[  295.580628][T13238] batman_adv: batadv0: Interface deactivated: macvtap2
[  295.659981][ T1098] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  295.668976][ T1098] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  295.700788][ T1098] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  295.709737][ T1098] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  295.733094][ T1098] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  295.742149][ T1098] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  295.850569][ T1098] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  295.863331][ T1098] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  296.133707][ T5841] Bluetooth: hci0: command tx timeout
[  296.759658][T13323] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2776'.
[  296.854231][T13317] wg1: entered promiscuous mode
[  296.859273][T13317] wg1: entered allmulticast mode
[  296.894003][T13072] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  296.906771][T13072] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  296.933374][T13072] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  296.952539][T13072] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  297.042729][T13335] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  297.189466][T13072] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.248749][T13072] 8021q: adding VLAN 0 to HW filter on device team0
[  297.279816][ T3582] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.287138][ T3582] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.319024][ T3582] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.326300][ T3582] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.723256][T13353] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2783'.
[  297.825188][T13072] 8021q: adding VLAN 0 to HW filter on device batadv0
[  297.952740][T13364] x_tables: duplicate underflow at hook 4
[  297.974080][T13072] veth0_vlan: entered promiscuous mode
[  298.027486][T13072] veth1_vlan: entered promiscuous mode
[  298.127101][T13072] veth0_macvtap: entered promiscuous mode
[  298.149390][T13072] veth1_macvtap: entered promiscuous mode
[  298.205761][T13072] batman_adv: batadv0: Interface activated: batadv_slave_0
[  298.222352][ T5841] Bluetooth: hci0: command tx timeout
[  298.256974][T13072] batman_adv: batadv0: Interface activated: batadv_slave_1
[  298.324806][  T997] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  298.341497][  T997] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  298.362064][  T997] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  298.388446][T13385] netlink: 'syz.4.2793': attribute type 49 has an invalid length.
[  298.401849][  T997] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  298.446655][T13385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2793'.
[  298.607601][T13393] batadv1: entered promiscuous mode
[  298.668039][T13399] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2795'.
[  298.735056][ T3502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.790382][ T3502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.968675][ T3473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.987860][ T3473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  299.016706][T13393] wg2 speed is unknown, defaulting to 1000
[  299.328502][T13393] wg1 speed is unknown, defaulting to 1000
[  299.343927][T13393] lo speed is unknown, defaulting to 1000
[  299.480148][T13411] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2700'.
[  299.542473][T13411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2700'.
[  299.561731][T13411] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2700'.
[  299.643521][T13411] geneve2: entered promiscuous mode
[  299.660056][T13411] geneve2: entered allmulticast mode
[  299.703506][T13419] netlink: 'syz.3.2801': attribute type 3 has an invalid length.
[  300.335538][ T5835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  300.346219][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  300.357465][ T5835] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  300.366846][ T5835] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  300.374961][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  300.518458][T13443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2811'.
[  300.559223][T13443] netlink: 'syz.2.2811': attribute type 3 has an invalid length.
[  300.683944][T13438] wg2 speed is unknown, defaulting to 1000
[  301.207844][T13462] vlan0: entered allmulticast mode
[  301.222445][T13462] bridge_slave_0: entered allmulticast mode
[  301.621796][T13473] netlink: 'syz.3.2817': attribute type 27 has an invalid length.
[  301.630188][T13473] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2817'.
[  301.844704][T13438] wg1 speed is unknown, defaulting to 1000
[  301.904753][T13438] lo speed is unknown, defaulting to 1000
[  302.451077][ T5841] Bluetooth: hci5: command tx timeout
[  302.950604][ T1098] bond0 (unregistering): Released all slaves
[  302.965522][ T1098] bond1 (unregistering): Released all slaves
[  303.046027][T13500] macvtap4: entered promiscuous mode
[  303.054498][T13513] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2825'.
[  303.080484][T13500] veth1_to_hsr: entered promiscuous mode
[  303.098096][T13500] macvtap4: entered allmulticast mode
[  303.103691][T13500] veth1_to_hsr: entered allmulticast mode
[  303.211994][T13510] batadv1: entered promiscuous mode
[  303.253014][T13517] xt_CT: No such helper "snmp"
[  303.316899][ T1098] : left promiscuous mode
[  303.368946][T13502] wg2 speed is unknown, defaulting to 1000
[  303.879738][T13438] chnl_net:caif_netlink_parms(): no params data found
[  303.955898][T13522] wg2 speed is unknown, defaulting to 1000
[  304.015876][T13438] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.023740][T13438] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.032085][T13438] bridge_slave_0: entered allmulticast mode
[  304.041577][T13438] bridge_slave_0: entered promiscuous mode
[  304.053999][T13438] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.062764][T13438] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.070332][T13438] bridge_slave_1: entered allmulticast mode
[  304.079064][T13438] bridge_slave_1: entered promiscuous mode
[  304.133422][T13438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.147747][T13438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.199567][T13438] team0: Port device team_slave_0 added
[  304.205605][T13532] wg2 speed is unknown, defaulting to 1000
[  304.209716][T13438] team0: Port device team_slave_1 added
[  304.258838][T13438] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.266211][T13438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  304.294952][T13438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.308918][T13438] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.316641][T13438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  304.350196][T13438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  304.476661][T13438] hsr_slave_0: entered promiscuous mode
[  304.489324][T13438] hsr_slave_1: entered promiscuous mode
[  304.535510][ T5841] Bluetooth: hci5: command tx timeout
[  304.637762][T13522] wg1 speed is unknown, defaulting to 1000
[  304.653600][T13502] wg1 speed is unknown, defaulting to 1000
[  304.680567][T13522] lo speed is unknown, defaulting to 1000
[  304.743795][T13532] wg1 speed is unknown, defaulting to 1000
[  304.762464][T13546] wg2 speed is unknown, defaulting to 1000
[  305.077396][T13502] lo speed is unknown, defaulting to 1000
[  305.145918][T13546] wg1 speed is unknown, defaulting to 1000
[  305.352764][T13438] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  305.363752][T13532] lo speed is unknown, defaulting to 1000
[  305.364216][T13438] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  305.389284][T13438] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  305.405680][T13438] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  305.609000][T13438] 8021q: adding VLAN 0 to HW filter on device bond0
[  305.634400][T13438] 8021q: adding VLAN 0 to HW filter on device team0
[  305.651383][ T3502] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.658580][ T3502] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.701242][T13546] lo speed is unknown, defaulting to 1000
[  305.776477][ T3502] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.783735][ T3502] bridge0: port 2(bridge_slave_1) entered forwarding state
[  305.931494][ T1098] hsr_slave_0: left promiscuous mode
[  305.937770][ T1098] hsr_slave_1: left promiscuous mode
[  306.610065][ T5841] Bluetooth: hci5: command tx timeout
[  307.089818][ T1152] smc: removing ib device s
z1
[  307.127017][T13268] lo speed is unknown, defaulting to 1000
[  307.144818][T13268] s
z1: Port: 1 Link DOWN
[  308.134289][T13568] batman_adv: batadv0: Removing interface: dummy0
[  308.177062][T13568] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  308.397133][T13438] 8021q: adding VLAN 0 to HW filter on device batadv0
[  308.804632][ T5841] Bluetooth: hci5: command tx timeout
[  309.026505][T13583] wg2 speed is unknown, defaulting to 1000
[  309.666542][T13438] veth0_vlan: entered promiscuous mode
[  309.701624][T13438] veth1_vlan: entered promiscuous mode
[  309.765375][T13438] veth0_macvtap: entered promiscuous mode
[  309.794726][T13438] veth1_macvtap: entered promiscuous mode
[  309.835865][T13438] batman_adv: batadv0: Interface activated: batadv_slave_0
[  309.872005][T13438] batman_adv: batadv0: Interface activated: batadv_slave_1
[  309.911661][ T3582] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  309.921841][ T3582] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  309.940674][T13595] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2840'.
[  309.946067][ T3582] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  309.958916][T13595] block nbd0: not configured, cannot reconfigure
[  309.982774][ T3582] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  310.137283][T13598] netlink: 'syz.0.2841': attribute type 10 has an invalid length.
[  310.190524][T13601] netlink: 'syz.0.2841': attribute type 10 has an invalid length.
[  310.207603][T13598] team0: Failed to send options change via netlink (err -105)
[  310.228860][T13598] team0: Port device dummy0 added
[  310.237844][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  310.239575][T13601] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  310.255441][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.263461][T13601] team0: Failed to send options change via netlink (err -105)
[  310.279536][T13601] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  310.292807][T13601] team0: Port device dummy0 removed
[  310.345561][T13599] wg2 speed is unknown, defaulting to 1000
[  310.367801][ T3582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  310.377993][ T1098] IPVS: stop unused estimator thread 0...
[  310.390481][ T3582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.682943][T13608] sch_tbf: burst 1447 is lower than device macvtap0 mtu (1514) !
[  310.731723][T13608] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2800'.
[  310.764876][T13615] netlink: 'syz.1.2846': attribute type 1 has an invalid length.
[  310.832094][T13615] 8021q: adding VLAN 0 to HW filter on device bond3
[  311.260656][T13615] 8021q: adding VLAN 0 to HW filter on device bond3
[  311.268128][T13615] bond3: (slave vxcan5): The slave device specified does not support setting the MAC address
[  311.293529][T13615] bond3: (slave vxcan5): Error -95 calling set_mac_address
[  311.365243][T13617] veth5: entered promiscuous mode
[  311.418482][T13632] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2848'.
[  311.807912][T13643] smc: removing ib device syz0
[  311.946327][T13650] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2852'.
[  312.123804][T13655] batadv1: entered promiscuous mode
[  312.220199][T13658] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2854'.
[  312.950712][T13668] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  313.419324][T13684] netlink: 'syz.2.2863': attribute type 1 has an invalid length.
[  313.440367][T13683] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  313.534396][T13687] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2863'.
[  313.865400][T13695] siw: device registration error -23
[  313.875044][T13695] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  313.895070][T13695] xt_TCPMSS: Only works on TCP SYN packets
[  314.048739][T13698] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  314.381606][T13719] netlink: 'syz.4.2878': attribute type 8 has an invalid length.
[  314.387155][T13717] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  315.098286][T13758] bridge_slave_0: left allmulticast mode
[  315.120958][T13758] bridge_slave_0: left promiscuous mode
[  315.126900][T13758] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.213601][T13758] bridge_slave_1: left allmulticast mode
[  315.267307][T13758] bridge_slave_1: left promiscuous mode
[  315.274194][T13758] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.292360][T13758] bond0: (slave bond_slave_0): Releasing backup interface
[  315.311049][T13758] bond0: (slave bond_slave_1): Releasing backup interface
[  315.334829][T13758] team0: Failed to send options change via netlink (err -105)
[  315.344819][T13758] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  315.355255][T13758] team0: Port device team_slave_0 removed
[  315.394629][T13758] team0: Failed to send options change via netlink (err -105)
[  315.409337][T13758] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  315.421398][T13758] team0: Port device team_slave_1 removed
[  315.446071][T13758] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  315.457441][T13758] batman_adv: batadv0: Removing interface: batadv_slave_0
[  315.613712][T13758] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  315.622066][T13758] batman_adv: batadv0: Removing interface: batadv_slave_1
[  315.631578][T13758] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  315.684708][T13776] sch_tbf: burst 0 is lower than device tunl0 mtu (61406) !
[  315.914968][T13801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2900'.
[  316.047934][T13799] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2900'.
[  316.096812][T13799] Cannot find add_set index 0 as target
[  316.316983][T13816] batadv1: entered promiscuous mode
[  316.440516][T13823] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2904'.
[  316.517777][T13825] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2907'.
[  316.652600][T13827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2908'.
[  316.895722][T13832] SET target dimension over the limit!
[  316.922462][T13836] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2911'.
[  316.949748][T13836] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2911'.
[  317.230798][T13835] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  317.258040][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.673557][T13867] netlink: 'syz.2.2918': attribute type 27 has an invalid length.
[  317.720621][T13867] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2918'.
[  318.126314][T13871] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2920'.
[  318.135437][T13871] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2920'.
[  318.153885][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  318.163419][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  318.173116][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  318.181397][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  318.189292][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  318.244499][T13882] FAULT_INJECTION: forcing a failure.
[  318.244499][T13882] name failslab, interval 1, probability 0, space 0, times 0
[  318.276456][T13882] CPU: 1 UID: 0 PID: 13882 Comm: syz.2.2923 Not tainted syzkaller #0 PREEMPT(full) 
[  318.276484][T13882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  318.276498][T13882] Call Trace:
[  318.276506][T13882]  <TASK>
[  318.276515][T13882]  dump_stack_lvl+0x189/0x250
[  318.276551][T13882]  ? __pfx____ratelimit+0x10/0x10
[  318.276581][T13882]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.276609][T13882]  ? __pfx__printk+0x10/0x10
[  318.276637][T13882]  ? __pfx___might_resched+0x10/0x10
[  318.276658][T13882]  ? fs_reclaim_acquire+0x7d/0x100
[  318.276696][T13882]  should_fail_ex+0x414/0x560
[  318.276734][T13882]  should_failslab+0xa8/0x100
[  318.276757][T13882]  kmem_cache_alloc_node_noprof+0x77/0x710
[  318.276786][T13882]  ? __alloc_skb+0x112/0x2d0
[  318.276805][T13882]  ? netlink_autobind+0xdb/0x300
[  318.276833][T13882]  __alloc_skb+0x112/0x2d0
[  318.276858][T13882]  netlink_sendmsg+0x5c6/0xb30
[  318.276890][T13882]  ? __pfx_netlink_sendmsg+0x10/0x10
[  318.276915][T13882]  ? aa_sock_msg_perm+0xf1/0x1d0
[  318.276949][T13882]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  318.276970][T13882]  ? __pfx_netlink_sendmsg+0x10/0x10
[  318.276993][T13882]  __sock_sendmsg+0x21c/0x270
[  318.277034][T13882]  ____sys_sendmsg+0x505/0x830
[  318.277064][T13882]  ? __pfx_____sys_sendmsg+0x10/0x10
[  318.277097][T13882]  ? import_iovec+0x74/0xa0
[  318.277128][T13882]  ___sys_sendmsg+0x21f/0x2a0
[  318.277154][T13882]  ? __pfx____sys_sendmsg+0x10/0x10
[  318.277216][T13882]  ? __fget_files+0x2a/0x420
[  318.277235][T13882]  ? __fget_files+0x3a0/0x420
[  318.277266][T13882]  __x64_sys_sendmsg+0x19b/0x260
[  318.277293][T13882]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  318.277327][T13882]  ? __pfx_ksys_write+0x10/0x10
[  318.277362][T13882]  ? do_syscall_64+0xbe/0xfa0
[  318.277396][T13882]  do_syscall_64+0xfa/0xfa0
[  318.277425][T13882]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.277459][T13882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.277480][T13882]  ? clear_bhb_loop+0x60/0xb0
[  318.277505][T13882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.277525][T13882] RIP: 0033:0x7fe4c658f6c9
[  318.277544][T13882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.277562][T13882] RSP: 002b:00007fe4c74e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  318.277584][T13882] RAX: ffffffffffffffda RBX: 00007fe4c67e5fa0 RCX: 00007fe4c658f6c9
[  318.277599][T13882] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[  318.277612][T13882] RBP: 00007fe4c74e6090 R08: 0000000000000000 R09: 0000000000000000
[  318.277625][T13882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.277636][T13882] R13: 00007fe4c67e6038 R14: 00007fe4c67e5fa0 R15: 00007ffebde51708
[  318.277671][T13882]  </TASK>
[  318.681648][T13871] team0: entered promiscuous mode
[  318.686775][T13871] team_slave_0: entered promiscuous mode
[  318.693421][T13871] team_slave_1: entered promiscuous mode
[  318.702524][T13871] syz_tun: entered promiscuous mode
[  318.814707][T13902] batadv1: entered promiscuous mode
[  319.247558][T13908] xt_CT: You must specify a L4 protocol and not use inversions on it
[  319.734686][T13927] block nbd0: Unsupported socket: should be TCP or UNIX.
[  319.786161][T13927] netlink: 'syz.4.2930': attribute type 32 has an invalid length.
[  319.862797][T13929] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  320.061219][   T36] dvmrp0 (unregistering): left allmulticast mode
[  320.291249][ T5835] Bluetooth: hci2: command tx timeout
[  320.353139][   T36] bond2 (unregistering): (slave bridge1): Releasing backup interface
[  320.584798][   T36] bond1 (unregistering): Released all slaves
[  320.594468][T13956] netlink: 'syz.3.2939': attribute type 1 has an invalid length.
[  320.605102][   T36] bond0 (unregistering): Released all slaves
[  320.620564][   T36] bond2 (unregistering): Released all slaves
[  320.712665][   T36] bond3 (unregistering): Released all slaves
[  320.742221][T13927] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  320.760220][T13953] geneve3: entered promiscuous mode
[  320.859703][   T36] tipc: Left network mode
[  320.918030][   T36] IPVS: stopping master sync thread 11996 ...
[  320.938078][T13878] chnl_net:caif_netlink_parms(): no params data found
[  321.118965][T13969] __nla_validate_parse: 3 callbacks suppressed
[  321.118985][T13969] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2942'.
[  321.204690][T13971] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2943'.
[  321.293429][T13268] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[  321.315007][T13268] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  321.327865][T13878] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.336335][T13878] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.346530][T13878] bridge_slave_0: entered allmulticast mode
[  321.359957][T13878] bridge_slave_0: entered promiscuous mode
[  321.392609][T13878] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.406139][T13878] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.413767][T13878] bridge_slave_1: entered allmulticast mode
[  321.421991][T13878] bridge_slave_1: entered promiscuous mode
[  321.439204][   T36] hsr_slave_0: left promiscuous mode
[  321.462942][   T36] hsr_slave_1: left promiscuous mode
[  321.469555][   T36] veth1_to_hsr: left allmulticast mode
[  321.475569][   T36] veth1_to_hsr: left promiscuous mode
[  321.944339][T13991] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[  322.370819][ T5835] Bluetooth: hci2: command tx timeout
[  322.436880][T13878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.450422][T13878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  322.547027][T13878] team0: Port device team_slave_0 added
[  322.558328][T13878] team0: Port device team_slave_1 added
[  322.639681][T14000] netlink: 'syz.4.2951': attribute type 1 has an invalid length.
[  322.653275][T13878] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.679709][T13878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.718301][T13878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  322.758608][T13998] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  322.803274][T14005] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2952'.
[  322.826129][T13878] batman_adv: batadv0: Adding interface: batadv_slave_1
[  322.841725][T13878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.868554][T13878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.998640][T14011] netlink: 'syz.1.2954': attribute type 1 has an invalid length.
[  322.998640][T14010] netlink: 'syz.1.2954': attribute type 1 has an invalid length.
[  323.191688][T14017] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2955'.
[  323.205030][T14011] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  323.211726][T14010] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  323.228903][T13878] hsr_slave_0: entered promiscuous mode
[  323.305184][T13878] hsr_slave_1: entered promiscuous mode
[  323.312191][T13878] debugfs: 'hsr0' already exists in 'hsr'
[  323.320792][T13878] Cannot create hsr debugfs directory
[  323.443656][T14013] batadv1: entered promiscuous mode
[  356.183828][ T5835] Bluetooth: hci2: command tx timeout
[  364.997555][ T5835] Bluetooth: hci2: command tx timeout
[  450.954510][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  450.972231][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  507.661735][ T5848] Bluetooth: hci5: command 0x0406 tx timeout
[  507.667865][ T5848] Bluetooth: hci0: command 0x0406 tx timeout
[  521.241653][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  564.924670][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  601.101356][   T31] INFO: task kworker/1:8:13261 blocked for more than 156 seconds.
[  601.109252][   T31]       Not tainted syzkaller #0
[  601.121791][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  601.381539][   T31] task:kworker/1:8     state:D stack:23240 pid:13261 tgid:13261 ppid:2      task_flags:0x4208060 flags:0x00080000
[  601.399827][   T31] Workqueue: events_power_efficient reg_check_chans_work
[  601.407014][   T31] Call Trace:
[  601.419769][   T31]  <TASK>
[  601.422734][   T31]  __schedule+0x1798/0x4cc0
[  601.427284][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  601.949780][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  601.955224][   T31]  ? __pfx___schedule+0x10/0x10
[  601.969816][   T31]  ? schedule+0x91/0x360
[  601.974101][   T31]  schedule+0x165/0x360
[  601.978287][   T31]  schedule_preempt_disabled+0x13/0x30
[  601.999803][   T31]  __mutex_lock+0x7e6/0x1350
[  602.004445][   T31]  ? __mutex_lock+0x5bb/0x1350
[  602.009232][   T31]  ? reg_check_chans_work+0xa1/0xf40
[  602.039789][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  602.044889][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  602.069758][   T31]  ? __lock_acquire+0xab9/0xd20
[  602.074676][   T31]  reg_check_chans_work+0xa1/0xf40
[  602.099766][   T31]  ? register_lock_class+0x51/0x320
[  602.105018][   T31]  ? __lock_acquire+0xab9/0xd20
[  603.139755][   T31]  ? __pfx_reg_check_chans_work+0x10/0x10
[  603.145654][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  603.429811][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  603.435092][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  603.959799][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  603.965585][   T31]  process_scheduled_works+0xae1/0x17b0
[  604.499864][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  604.769878][   T31]  worker_thread+0x8a0/0xda0
[  604.774586][   T31]  kthread+0x711/0x8a0
[  604.778687][   T31]  ? __pfx_worker_thread+0x10/0x10
[  605.059755][   T31]  ? __pfx_kthread+0x10/0x10
[  605.064448][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  605.069679][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  605.095024][   T31]  ? __pfx_kthread+0x10/0x10
[  605.099655][   T31]  ret_from_fork+0x4bc/0x870
[  605.139763][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  605.144961][   T31]  ? __switch_to_asm+0x39/0x70
[  605.159758][   T31]  ? __switch_to_asm+0x33/0x70
[  605.164573][   T31]  ? __pfx_kthread+0x10/0x10
[  605.169539][   T31]  ret_from_fork_asm+0x1a/0x30
[  605.189774][   T31]  </TASK>
[  605.192874][   T31] 
[  605.192874][   T31] Showing all locks held in the system:
[  605.209748][   T31] 3 locks held by kworker/u8:0/12:
[  605.214885][   T31] 1 lock held by khungtaskd/31:
[  605.229753][   T31]  #0: ffffffff8df3d660 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  605.500425][   T31] 3 locks held by kworker/u8:2/36:
[  605.505608][   T31] 2 locks held by kworker/u8:3/50:
[  605.519779][   T31] 3 locks held by kworker/u8:4/60:
[  605.524963][   T31] 2 locks held by kworker/0:2/981:
[  605.539750][   T31] 3 locks held by kworker/u8:6/1098:
[  605.545290][   T31] 3 locks held by kworker/u8:7/1152:
[  606.318682][   T31] 3 locks held by kworker/R-ipv6_/3183:
[  606.324433][   T31]  #0: ffff88814cdbc948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  606.349742][   T31]  #1: ffffc9000b0a7b80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  606.379764][   T31]  #2: ffffffff8f2cbc48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  606.389370][   T31] 5 locks held by kworker/R-bat_e/3408:
[  606.409803][   T31] 2 locks held by kworker/u8:8/3473:
[  606.415198][   T31]  #0: ffff88801a069948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  606.449747][   T31]  #1: ffffc9000b5f7ba0 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  606.489822][   T31] 3 locks held by kworker/u8:9/3502:
[  606.495146][   T31] 2 locks held by kworker/u8:10/3542:
[  606.770871][   T31] 6 locks held by kworker/u8:11/3582:
[  606.776513][   T31]  #0: ffff88801aedf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  609.091189][   T31]  #1: ffffc9000bb37ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  609.631310][   T31]  #2: ffffffff8f2becb0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820
[  610.139762][   T31]  #3: ffffffff8f2cbc48 (rtnl_mutex){+.+.}-{4:4}, at: caif_exit_net+0x6a/0x4a0
[  610.148814][   T31]  #4: ffff88807c008f80 (&caifn->caifdevs.lock){+.+.}-{4:4}, at: caif_exit_net+0x7d/0x4a0
[  610.199803][   T31]  #5: ffffffff8df430f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  610.239746][   T31] 1 lock held by syslogd/5182:
[  610.244554][   T31] 1 lock held by crond/5572:
[  610.249153][   T31] 2 locks held by getty/5589:
[  610.779746][   T31]  #0: ffff888032cc70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  610.789589][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  610.839748][   T31] 1 lock held by syz-executor/5823:
[  610.845008][   T31] 7 locks held by kworker/u9:3/5835:
[  610.879831][   T31]  #0: ffff8880671d6148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0