last executing test programs:

21.398473949s ago: executing program 0 (id=6183):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000304000000000400000000000000", @ANYBLOB="06cb9bd1f97c2417a452aef143a3752b30842a489e832f72e75448b03c4bb0ccdf1405ba650b10af43c1cb92609e5eefd2722aab900d1b33126a53d41b3660816b40814779caab93b0822ef73b2097bb10b0b9e40ea58300ef19fdecc1f284888a06f1aaabe373cc15322c9354", @ANYBLOB="00000000140000002400128009000100626f6e6400000000140002800500130d0000000008001e"], 0x44}, 0x1, 0x2000000000000000}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x3, {0x1c}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x28}}, 0x4)
ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0xffff)

21.168143738s ago: executing program 0 (id=6184):
socket$kcm(0x2, 0x6, 0x2)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}, {0x4}}]}]}, 0x50}}, 0x4000010)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000180)={<r3=>r2, &(0x7f0000000080)='bridge0\x00', 0x501a00, &(0x7f00000000c0)={@_ha_fsid={[0x14b4, 0x400]}, {0x2, 0x9, 0x7fff, 0x5}}, 0xf6, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000140)=0x1})
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xffffffffffffff86, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x6}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000200000001b9e2c11267000100950000000000000009a6da736d762d4b7eb078e3548e098e73ea0b54c08f07"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x2}, 0x94)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
getsockopt$sock_buf(r6, 0x1, 0x1c, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4028800)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0xf5, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a300000000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x54}, 0x20008000)
connect$bt_rfcomm(r5, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xa)
shutdown(r5, 0x1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="180000fe279d00000000000000ffffff18110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000095000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000cc0)={0x6, 0x3a, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000d000000850000000600000018350000050000000000000000000000a7871800fcffffffb7080000000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018010000696c6c2500000000002020207b1a77a6fbe8cf0d72298af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001000000085000000060000001811000053937ac394b04c396ad6ce48feb5f46a944bc0de21e333fb24ac5f7155d3000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018630000040000000000000008000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000b80)='GPL\x00', 0x2, 0xd, &(0x7f0000000bc0)=""/13, 0x41000, 0x58, '\x00', 0x0, 0x25, r4, 0x8, &(0x7f0000000c00)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000c40)={0x2, 0x6, 0x0, 0x400}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[0xffffffffffffffff, r8, r3], 0x0, 0x10, 0xffff0001}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)

9.281202743s ago: executing program 1 (id=6283):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001180)=ANY=[@ANYBLOB="640000000206050000000000000000000000000005000400000000000900020073797a320000000014000780050015000a00000008001240010000000500050002000000050001000600000016000300686173683a6e65742c706f72742c6e6574000000"], 0x64}}, 0x40000010)

8.459971294s ago: executing program 2 (id=6290):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af342e93c39d97e5d74d5a8e96c15fdcde7526b0af54b145e61b042c1e600390590a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0x10e, 0x0, &(0x7f0000000f40)="b9ff03310644268cb89614e886dd6f8ec0a5fa7a80339e916b28fea3fc5c6afe0189acc82c8112eb153b3415124ef9ab1d0dd98b72de1b26e4fd2e609528a070fae09a0635da2ffd387c6fd5e5ac46aac8451354edc649517ae97180e7cc2be6b7b30cbf598462873e96b66fe2e235531119304df361dbf40cf5de780eb639d138ede237de3544bc0a6a503b6594c88569ad44f647345e1f699a4a6912b1d7b56a43371305ccf8541970c523754a0776012f3071e0034e4ddfec8b0412fd69f9a891997e8976852eccc5b2f845e2e0131858f6640f68e9cf7d7d61e68a7b92759839e1e70b217117b106075ec6470ba5c75052d8bf1847aabbe2a40dfb0fc3f6d7b2fd244cc5fce5fe6526454130", 0x0, 0x3, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000100)={'ip_vti0\x00', <r2=>0x0, 0x40, 0x7800, 0x8, 0x961, {{0x2d, 0x4, 0x1, 0x24, 0xb4, 0x68, 0x0, 0x9, 0x4, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x3c}, {[@timestamp_addr={0x44, 0x54, 0xcd, 0x1, 0x8, [{@multicast1}, {@private=0xa010100, 0x401}, {@multicast2, 0x7fffffff}, {@multicast1, 0xfffffffe}, {@local, 0x2}, {@loopback, 0x5}, {@remote, 0x7}, {@private=0xa010101, 0x2}, {@private=0xa010100, 0x5}, {@loopback, 0x85b}]}, @timestamp_addr={0x44, 0x4c, 0x90, 0x1, 0x9, [{@rand_addr=0x64010100, 0x9383}, {@local, 0x2}, {@dev={0xac, 0x14, 0x14, 0x26}}, {@private=0xa010101, 0x9}, {@multicast2, 0xfffffffa}, {@multicast1, 0xfffffff8}, {@broadcast, 0x7}, {@multicast2, 0x4}, {@local, 0xe}]}]}}}}})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf670000000000001507"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xf0f, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313b, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x1ff}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
syz_emit_ethernet(0x13f, &(0x7f0000000500)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x109, 0x3a, 0xff, @rand_addr=' \x01\x00', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0xd6, '\x00', @ipv4={'\x00', '\xff\xff', @empty}, [{0x19, 0x1e, "0a824e09786ecdf1f8f79e9da8b0d0bd6b334ac4ffd705951e76f87b1be8587d381d32da950ee621954f048f12939a9e7609713705713af6f9f6d3328964fddbcc0ad2baa9630ccc0981c5cdd2beae6bc85917ba25d3598d92aec42753dfc9c220f3380cb0c4f233c16589b4f907806b5da41ff3b62bebf785fa755d8d28fdfaeb90bedd43df57ce64a10c18c6ea058fc59575ad1f0436b8458ebab0159edddf8466c0b57add56f8620ca873ce792737a91848380afbe71f9c5e695492ea8d7fda6b5a6a7bd5e4c8d188eb26a21e986e7d20ef358ab31568c9ed74c6cbcc3ff83f413f602c49a2ab67bab5e2aeafb8"}]}}}}}}, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
unshare(0xe040400)
ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180))
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0xf)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000002000010327bd7000ffdbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r7}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x48044)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newlink={0x5c, 0x10, 0xffffffffffffffff, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x50afa, 0x70823}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @loopback={0xfec0ffffffffffff}}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private1}]}}}]}, 0x5c}}, 0x24000800)

5.732599545s ago: executing program 1 (id=6295):
syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000eaaaaaaaaaabb080045000078fff8000000019078ac1e00ec03962b9378fa1bcec26b01ac4700f17db69be13d2324bb9205cec26139000000000000002f0000ac1414bb7f00000101441c00f1ac1414aa00000007ac1414aa000000046401010100000009862300000003020684924d890602020df413567c09029e947789b80504c92d000200028606000000000000"], 0x0)

5.630690941s ago: executing program 1 (id=6296):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="21000000000000002c00128009000100626f6e64000000001c00028005002100010400080500010004"], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x1c, 0x68, 0x1, 0x70bd26, 0x25dfdbfb, {0xa, 0x0, 0x1, 0x0, 0x4}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x20044014)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="08000000040000000400000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f00000000c0), &(0x7f0000000100)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0xfff0)

5.606337845s ago: executing program 1 (id=6297):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffff}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0xeefd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r5, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r6, 0x89fb, &(0x7f0000000040)={'veth1_to_team\x00', 0x100007})
connect$inet(r5, &(0x7f00000001c0)={0x2, 0x200, @local}, 0x10)
sendto$inet(r5, &(0x7f0000000240)="e1caa8fbbde4", 0x6, 0xc840, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)
shutdown(r7, 0x2)
splice(r5, 0x0, r4, 0x0, 0x6, 0xa)
r9 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)="9f000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7811e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08123d00030008000140010000009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff55e461247604821d35c86ee54bbab3eaf8956e2ca426", 0x9f}], 0x1}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0x4, [@union={0x9, 0x3, 0x0, 0x5, 0x0, 0x6, [{0x4, 0x3, 0x6}, {0x10, 0x3, 0x1000}, {0x7, 0x5, 0x9}]}, @enum64={0x7, 0x1, 0x0, 0x13, 0x0, 0x2, [{0x2, 0x9, 0x3}]}, @volatile={0x3, 0x0, 0x0, 0x9, 0x5}, @struct={0x6, 0x5, 0x0, 0x4, 0x0, 0x0, [{0x7, 0x2, 0xfff}, {0xe, 0x4, 0x5}, {0xb, 0x4, 0x2}, {0x2, 0x2}, {0xb, 0x4, 0x5}]}]}, {0x0, [0x61, 0x0]}}, &(0x7f0000000700)=""/213, 0xb8, 0xd5, 0x0, 0x7}, 0x28)
sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newnexthop={0x38, 0x68, 0x1, 0x100004, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_GATEWAY={0x14, 0x6, @ip4=@loopback}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}]}], {0x14}}, 0xa4}, 0x1, 0x0, 0x0, 0x2000c045}, 0x24000004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0x41e}, @func={0x85, 0x0, 0x1, 0x0, 0x6}], &(0x7f0000000200)='GPL\x00', 0x2, 0x3c, &(0x7f0000000240)=""/60, 0x40f00, 0x5, '\x00', r3, 0x0, r4, 0x8, &(0x7f00000003c0)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x2, 0x5, 0x81, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000440)=[r0], 0x0, 0x10, 0x6}, 0x94)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x30, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid}, @typed={0x8, 0x13, 0x0, 0x0, @uid}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)

4.628300586s ago: executing program 3 (id=6298):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x1410, 0x1, 0x70bd2d, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000811}, 0xc0)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x1410, 0x1, 0x70bd2d, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000811}, 0xc0) (async)

4.510913725s ago: executing program 3 (id=6300):
unshare(0x24020400) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000480)=ANY=[], 0x10448) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x48) (async)
unshare(0x90d64207486d71f8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2, 0x1}, 0xc) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) (async)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r4], 0x54}}, 0x0) (async)
r5 = socket(0x1e, 0x5, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) (async)
listen(r5, 0x0)
r6 = socket(0x1e, 0x805, 0x0)
sendmsg$tipc(r6, &(0x7f0000000400)={&(0x7f0000000100)=@name, 0x10, 0x0}, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2}, 0x1c) (async)
accept4$inet6(r5, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x18, &(0x7f0000000180)=0x400, 0x4)
sendmsg$tipc(r6, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x1, 0x2, {0x43, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x0, '\x00', r4, r0, 0x4, 0x2, 0x2}, 0x50) (async)
unshare(0x1000000)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x6c5b87e185b08c0f}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8, 0x27}}}}, [@NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x2}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x55}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000) (async)
bind$bt_sco(r7, &(0x7f0000000000), 0x8)

4.48169886s ago: executing program 1 (id=6301):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xffffff2b, @local, 0x7}, 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DONE(r4, 0x0, 0xc9, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000024000180060005004e230007060001000200000008000300ac1414aa0800060001"], 0x38}}, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000240)={'netpci0\x00', &(0x7f00000001c0)=@ethtool_sset_info={0x37, 0x7fffffff, 0x2ccc, [0x8000, 0x9]}})
listen(r1, 0xc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a00)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r9, {0xe, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffff55a, 0x4, 0x1, 0x3, 0x9}, 0x25}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x884}, 0x2)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x922bac8576bdadce)
close(r7)
socket(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = socket$kcm(0x11, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_attach_bpf(r10, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r10, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r9, 0x42, 0x30000}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)="27030200dc0f14000e00203c002400004000ff1100000066c1532cc10200000003125ce882cbf490d90812533f00", 0x2e}], 0x1}, 0x4005)
socket$nl_generic(0x10, 0x3, 0x10)

4.282133203s ago: executing program 3 (id=6302):
ioctl$OCFS2_IOC_UNRESVSP64(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x1, 0x2, 0x4, 0x3, 0x7, 0x8})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
socket$inet_sctp(0x2, 0x5, 0x84)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000007, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000001980)=""/4099, 0x1003}, {&(0x7f0000000180)=""/178, 0xb2}], 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000040)=0x1000)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20000c40)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r6)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtfilter={0x88, 0x2c, 0xd3f, 0x10bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xc, 0xfff3}, {}, {0x8, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x48000, 0x9, 0x1, 0x4, 0xffff}, 0x8d23}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x8080)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000140)=@xdp={0x2c, 0x8, r5, 0x3c}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000540)='\'', 0x5dc}], 0x1}, 0x4011)
bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x20000000}, 0x20)

3.679534231s ago: executing program 1 (id=6304):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001180)=ANY=[@ANYBLOB="640000000206050000000000000000000000000005000400000000000900020073797a32000000001400078005001500020000000800124001000000050005000a000000050001000600000016000300686173683a6e65742c706f72742c6e6574000000"], 0x64}}, 0x40000010)

2.631928508s ago: executing program 3 (id=6307):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x25dfdbfd, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x9, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3a, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x9, 0x7e, 0x5, 0x4, 0x8000, 0x9, 0x257bf7b4, 0xd8c}})
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20010840)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req={0x9, 0x2, 0xa32a}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

2.430371826s ago: executing program 3 (id=6309):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x6, 0x1}]}, 0x10)
listen(r0, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000006000000040000000000000700000000000000000000000b010000000000000001000085fdffffff00000000020000000000000000000004da00"], &(0x7f0000000340)=""/142, 0x4e, 0x8e, 0x1}, 0x28)

2.198214353s ago: executing program 3 (id=6310):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000004a008d2a00000000000000000a"], 0x1c}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x37}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x5c}}, 0x0)

1.986143492s ago: executing program 2 (id=6311):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000500000073017e000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)

1.841869283s ago: executing program 2 (id=6313):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
r4 = socket$kcm(0x29, 0x5, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a)
r6 = socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000b00)="b6bd7e4983a45b31f79d80060400000000000000a33734d88229acf96457ad59d0b87f8659b614043e3d21a7cacecab8bbd26251b93b28b4d83e618673f9c74d0a28a5146c5511549fa617e908352c87d8ddff2ce0", 0x55}, {&(0x7f0000000880)="3aa854", 0x3}, {&(0x7f0000000a40)="746b9120a32aaf78043a9b07000000000000003c44", 0x15}], 0x3}, 0xc854)
setsockopt$sock_int(r6, 0x1, 0x12, &(0x7f0000000180)=0x4c, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendfile(r4, r5, 0x0, 0xffffffff000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r5, 0x0, 0x40000)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r7, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r5)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f00000000c0)='bbr', 0x3)
recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f00000019c0)=@delchain={0x22dc, 0x65, 0x100, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x2, 0xfff3}, {0x5, 0x8}, {0x1f, 0x3}}, [@TCA_CHAIN={0x8, 0xb, 0xd76}, @filter_kind_options=@f_bpf={{0x8}, {0x22a8, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_OPS={{0x6, 0x4, 0x4}, {0x24, 0x5, [{0x4, 0x4, 0xd9, 0x3ff}, {0x8, 0x98, 0x8, 0x3}, {0x4, 0x3, 0x9, 0xfffffff4}, {0x5, 0x1, 0x2, 0x6}]}}, @TCA_BPF_ACT={0x2250, 0x1, [@m_csum={0x160, 0xb, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x9, 0x7, 0xc, 0x8000}, 0x36}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x6, 0x2, 0x2, 0xffffffff}, 0x66}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x7, 0x1, 0x7, 0x401}, 0x2c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0xff, 0x20000000, 0x4, 0x1}, 0x21}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x3ff, 0x20000000, 0x7ff, 0xfffffe5a}, 0x5f}}]}, {0xa6, 0x6, "7248d3ec12973d09fcd027791dae7e2f903439d3a94e9eb7adf72919ec4c43895d5713f19521b6324a537841f1ebc41db34c02bab7cd31fca7f71778c8a4c2b2b35c29cc299424d4bdb1f7005f8e0bcf48d1627fcf40755ab429e041fefbed1968b849aa35d510281cfa8dd35c3b334b628a8f94a14fae1c71694d35b1ee1e35c959b609e0f82b156b61bf6a460ac478758b430e9f29ada12c95a015637c0cc3394b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0x1cf4, 0x5, 0x0, 0x0, {{0xa}, {0x1ca4, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x5, 0xfffffff8, 0x5, 0x8, 0x1}, 0xa, 0x2, [{0x1, 0x1, 0x4, 0x24000, 0x1, 0x7}, {0xfffffffd, 0x8, 0x5, 0x7023, 0x7ff, 0x3}]}, [{0x8, 0x2, 0x4, 0x9, 0x2, 0x5}, {0xffffffff, 0x1571, 0x7, 0x2, 0x1, 0x6}, {0x1, 0x7, 0x0, 0x2, 0x3, 0x8}, {0x80000001, 0x8, 0x8, 0x4, 0x1, 0x73}, {0x3, 0x6, 0xe, 0x7, 0x7918f95c, 0x4}, {0x1b, 0x9, 0x62b1dada, 0xfff, 0x7fff, 0x6b}, {0x6, 0x3, 0x1, 0x10001, 0x44, 0x3}, {0x4, 0x4, 0x1, 0xe31, 0x4, 0x68}, {0xffff7b7a, 0x5, 0xffffffff, 0x9, 0x10, 0x1}, {0x1126, 0x4, 0xffffffff, 0x0, 0x2}, {0x40, 0x7, 0xbcc, 0x7, 0x0, 0x3ff}, {0x7, 0x2, 0x4, 0x8001, 0x2, 0x6}, {0xe46, 0x4, 0x7, 0x2, 0x2, 0x57}, {0x7, 0x3d27, 0x4, 0x5, 0x2, 0x4}, {0x3, 0x3, 0x3, 0x3, 0x7, 0x5}, {0x5, 0x4d5, 0x7, 0x2, 0x5, 0x9}, {0x8, 0x2, 0xa5, 0x8, 0xfff, 0x7}, {0x3, 0x5, 0x8001, 0x8}, {0x200, 0x2, 0x1, 0x8, 0xff, 0x5c7b}, {0x28, 0x7, 0x6, 0x10, 0x2}, {0x2, 0x2, 0xffff8000, 0x6, 0x0, 0x3a}, {0x800, 0x2, 0x7, 0x5, 0x7fffffff, 0x8}, {0xc9, 0x3, 0xb, 0x3, 0x7fffffff, 0xff}, {0xfffffffe, 0x5c4, 0x9, 0x0, 0xfffffbff, 0xfffffff7}, {0x1fffc000, 0xffffbf54, 0xea, 0x6, 0x8d7, 0x1}, {0x8, 0x5, 0x6c2, 0x8, 0x7ff, 0x3}, {0x0, 0x3, 0x5, 0x40, 0x4, 0x6}, {0xffffffff, 0x730, 0x4, 0x8001, 0xe0, 0x1ff}, {0xfffffff7, 0x3, 0x8, 0x62f3, 0x4, 0x3}, {0x800, 0x1, 0x1ff, 0x35547e4, 0x6, 0x1000}, {0x1, 0x5, 0x0, 0x4, 0x81, 0x9}, {0x400, 0x101, 0x9, 0x0, 0x2, 0x3}, {0x4, 0x7, 0x401, 0xb, 0x1}, {0x1317, 0x1, 0x0, 0x80000001, 0x7, 0x94d}, {0x2, 0x40, 0x6, 0x19c, 0x9, 0x5}, {0x1, 0xc0fa, 0x2, 0x80, 0x0, 0xff}, {0x81, 0x0, 0x44c, 0x3, 0x1, 0x6}, {0x3, 0xff, 0x5eac1937, 0x100, 0x1}, {0xfffffffe, 0xfff, 0x4, 0x2, 0x28000, 0x7fffffff}, {0x5, 0x1, 0x8, 0x3, 0x1, 0x80}, {0x101, 0x889c, 0xb, 0x8000, 0x0, 0x5}, {0x8, 0x300, 0x1, 0x9, 0x5f80c74e, 0xa59}, {0x6, 0x4, 0x4, 0x4, 0x3, 0x2}, {0x8, 0x0, 0x1, 0x6, 0xade7, 0xfffffffc}, {0x574b, 0x7, 0x4, 0x8}, {0xc, 0x4, 0x8, 0xc1f, 0xf, 0x8000}, {0x5, 0x37f, 0x1000, 0x4, 0x1fc, 0x9}, {0xffff3ecd, 0xffffff45, 0x7f, 0xaee, 0xb, 0x7}, {0x3ff, 0x0, 0xc3, 0x7, 0x80}, {0xc9, 0x9, 0x1, 0x7b0a7f11, 0x200, 0x9}, {0x8, 0xf37, 0x80000001, 0xe, 0x2, 0x500}, {0x0, 0x3, 0x2a81, 0x8001, 0x2, 0x9}, {0x5, 0x6, 0x1000, 0xfffffff9, 0x70e, 0x4}, {0x7, 0x1, 0x5, 0x9, 0xc34, 0x8001}, {0x4, 0x7, 0xcd89, 0x565f, 0x6, 0x1000}, {0x5, 0x3f29cd3c, 0x81, 0x6, 0x6, 0x1ef}, {0x6, 0x9, 0x2, 0x7ff, 0x1, 0x800}, {0x8ab, 0xd3a, 0x4, 0x3, 0xa, 0x3}, {0x80, 0x7fff, 0xc2c000, 0x1, 0x5f3c, 0x1}, {0x10000, 0x8, 0xffffffff, 0xcf, 0x2, 0x1}, {0x9, 0x86af, 0x7a, 0x3e, 0x1}, {0x2, 0x8000, 0x2, 0x7c, 0x80000001, 0xffffc3d8}, {0xa, 0xb, 0x4, 0x2, 0x4, 0x9}, {0x1, 0x7ff, 0x24, 0x1e, 0x7, 0x1}, {0xffffffff, 0x8, 0x0, 0x8001, 0x89, 0x3}, {0xc, 0x1, 0xfffff182, 0x400, 0x2, 0x7fff}, {0xcc, 0x8000, 0x9, 0xfffffff7, 0x4, 0xd08f}, {0xe, 0x9, 0x8, 0xb, 0x0, 0x8}, {0xdb15, 0x40, 0x46fe, 0x5, 0x4, 0x80}, {0x2, 0x200, 0x3, 0x7, 0xe0, 0xcbc1}, {0x7, 0x3, 0x0, 0xed0, 0x3, 0x8}, {0x3, 0x2, 0x8, 0x1, 0xffffffc0, 0x8}, {0x7, 0x3, 0x5, 0xffffffff, 0x400}, {0x14a, 0x7, 0x0, 0x4df6, 0x2, 0x7}, {0x10, 0x0, 0x4, 0xfffffffc, 0x2, 0x101}, {0x4, 0x6, 0x608d, 0x9427, 0x9, 0x1}, {0x40, 0x3, 0x11, 0x9, 0x80000000, 0x8000}, {0x6, 0x3, 0x32c8, 0xef, 0x9346, 0x800}, {0xf, 0x4, 0xfa6, 0x1, 0x7ff, 0x5}, {0x8, 0x5, 0xc, 0x6, 0x4, 0x7}, {0x0, 0x400, 0x1ff, 0x53, 0x10, 0x7f}, {0x4, 0x8, 0x2, 0x7, 0x40, 0x4}, {0x2, 0x6e, 0x4, 0x7, 0x2, 0xffff039d}, {0x6, 0x7, 0x80000000, 0x5, 0x6d, 0x8}, {0x9, 0x6, 0x7, 0xf1, 0x3, 0x1}, {0x10, 0x2, 0x745, 0xfffffff9, 0x7, 0x7}, {0x8, 0x9, 0x17e6, 0x8, 0x101, 0x9}, {0xd, 0x9, 0x61, 0x0, 0x916, 0xf8}, {0xfffff870, 0x2, 0x4, 0x89, 0x8, 0x8}, {0x1, 0x9, 0x0, 0x0, 0x6, 0x1}, {0x5a, 0xffff0000, 0x80000001, 0x81, 0x1, 0xfffffff4}, {0x1, 0x4, 0x3, 0x0, 0x4, 0xfffffffc}, {0x1, 0x2, 0xe, 0xcd33, 0x9, 0x8}, {0x5, 0x400, 0x1, 0xd, 0x80000001, 0xf}, {0xffff, 0x4, 0x3, 0x6b, 0x5, 0x3}, {0x2, 0x100000, 0x5, 0xcc, 0x88e, 0x2}, {0x7fffffff, 0x80, 0x5de1d231, 0x6, 0x3, 0x3}, {0x0, 0x6, 0x200, 0x2, 0x9, 0x9}, {0x400, 0xd, 0x5, 0x7, 0x0, 0xd9}, {0xf238, 0x4, 0x1, 0xffff, 0xf99, 0x8}, {0x3, 0x401, 0x1, 0xfffffffa, 0x8000}, {0x5, 0xfff, 0x8100000, 0x100, 0x3, 0x2}, {0x39, 0x5, 0x5, 0x9, 0xffffffff, 0x6}, {0x0, 0xb3df, 0x8, 0xffff, 0x2, 0xa1c7}, {0x800, 0x1, 0x2, 0xb8, 0x4, 0x7}, {0xc1, 0x6, 0x8, 0x6, 0x6}, {0x2, 0x8, 0xfffff001, 0x2, 0x10000, 0x53}, {0xd3, 0x10001, 0xf1, 0x9, 0xa9, 0x7b2f}, {0x76, 0x4, 0xb06e, 0x9, 0x70, 0x1}, {0xf, 0x1, 0x8, 0x9668, 0x1fcf, 0xb70}, {0x6, 0xffffffff, 0xfffffff5, 0x7, 0x80000001, 0x3}, {0x8, 0x8, 0x6ad, 0x1fa1, 0x29, 0x1ff}, {0x2e90, 0xffff, 0x58, 0xab, 0x3, 0x5}, {0x7, 0x5, 0x5, 0xffffffff, 0x1, 0x6}, {0xfbbb, 0x2, 0x7, 0x5, 0x8, 0x9}, {0x7, 0x5, 0x2, 0x1000, 0xc}, {0x401, 0xee1, 0xfffffe00, 0x0, 0x2, 0x4}, {0x0, 0x480000, 0x282, 0x6, 0xffff2d43, 0x8}, {0x7, 0x4, 0x9, 0xac6, 0x6, 0x9}, {0xfffffff7, 0x0, 0xd, 0x2, 0x4, 0x6}, {0x7fff, 0x10001, 0x1000, 0xffff, 0x4, 0x4}, {0xffff, 0xecb, 0x5, 0x81, 0xfffffe01, 0x10001}, {0x9, 0x8e01, 0xc5, 0xae06, 0x4000, 0x7f}, {0x2, 0x8, 0x5, 0x2, 0x0, 0x5}, {0x0, 0x3225, 0x41, 0x8, 0x1, 0x4}, {0x3, 0x8, 0x8, 0x1, 0x2c1d, 0x6}, {0xe, 0x1, 0xc, 0x8, 0x8, 0xfffffe01}, {0x1d, 0x2, 0x7, 0x0, 0x159, 0x1}], [{0x1}, {0x4}, {0x0, 0x1}, {0x6, 0x1}, {0x1}, {0x0, 0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x6f430f49ed6ac6bd}, {}, {0x3, 0x1}, {0x1, 0x1}, {0x4}, {0x1, 0x1}, {}, {0x1, 0xf61cabe603c30892}, {0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x2}, {0x5}, {0x1}, {0x3, 0x1}, {0x6}, {0x5, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x4}, {0x1}, {}, {0x4, 0xc6ccb7e81ed9de50}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x2}, {0x0, 0x1}, {0x4}, {0x1, 0x1}, {0x2, 0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x4}, {0x2}, {0x2}, {0x3}, {0x2}, {0x3, 0x1}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {}, {0x2}, {0x1}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x2}, {0x1}, {0xb28d00a83ffcc2c7}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x4}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x5}, {0x3}, {0x1}, {0x3, 0x2}, {}, {0x2}, {0x3, 0x1}, {0x3}, {0x3}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {}, {0x3}, {}, {0x1}, {0x0, 0x1}, {0x6, 0x1}, {0x5}, {0x3, 0x119e686731f243b4}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x5}, {0x2}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x3}], 0x1}}, @TCA_PEDIT_PARMS={0xe50, 0x2, {{{0xf9, 0xc, 0x0, 0x0, 0x6}, 0xc5, 0x5, [{0x4, 0x1d9, 0x6f37, 0x3, 0x1}, {0x0, 0x67497ca5, 0x6ba6, 0x80000000, 0x4, 0x3002}]}, [{0x1, 0x8, 0x8, 0x7, 0x5, 0xfffffe74}, {0x1, 0x6, 0x9, 0xfffffffe, 0x7, 0x9}, {0x0, 0x21a, 0x9, 0x1, 0x800, 0x40}, {0x6, 0x24, 0x111, 0xf, 0x1}, {0x7, 0x6a0, 0x400, 0xc7f, 0x5, 0x71}, {0xb40, 0x8, 0xe, 0x9, 0x45a47ecd, 0x5}, {0x3, 0x6b, 0x880, 0x8, 0x1, 0x1000}, {0x9, 0x3, 0xd, 0xfffffff7, 0x4a77, 0x10001}, {0x9, 0x8b5f, 0x2, 0x9, 0xf1a, 0x7}, {0x200, 0xf0000000, 0x3, 0xa6f, 0xb49, 0x7}, {0x8790, 0xffffffb0, 0x7, 0x8, 0xfffff000, 0xffff8000}, {0x3, 0x7, 0x9, 0x7313f36f, 0x1, 0x7ff}, {0xcd9, 0x5c, 0x3ff, 0x7, 0xc0e3, 0xf93e}, {0x4, 0xffffffff, 0x9e, 0xd, 0x3, 0x4}, {0x5, 0xf6, 0x7, 0x1, 0x5, 0x5}, {0x1, 0x1, 0xe, 0x7, 0x2}, {0x82, 0x7c17, 0x770c, 0x4, 0x1, 0x7fff}, {0x5, 0x9, 0x522, 0x7, 0xd23, 0x4}, {0x1, 0x8b29, 0x1, 0x8, 0x2, 0x8}, {0x9, 0x9, 0x9, 0xffff, 0x669, 0xe}, {0x8000, 0x0, 0x6, 0xfb13, 0x291, 0x6}, {0x6, 0x0, 0xc, 0x9}, {0x5658747, 0x3, 0x0, 0x8, 0x6, 0x8}, {0x6, 0x89, 0x5, 0xea, 0x800, 0x7}, {0x4, 0xa, 0x6, 0x3, 0x76, 0x1ff}, {0x7e7, 0x1, 0xd, 0xb9, 0x8, 0x7ff}, {0x3, 0x2, 0x9, 0x7, 0xf72}, {0xe0f, 0x5, 0x800, 0x5, 0x44f5, 0x3}, {0x8, 0x9, 0x1, 0x2a, 0x4, 0x6}, {0x8, 0x9, 0x2, 0x7, 0x3, 0x3}, {0x5, 0x5, 0x1, 0x8, 0x9, 0xfffffffd}, {0x9, 0xe, 0x5, 0x5, 0xfffffe47}, {0x1, 0x8000, 0xf, 0x1, 0x8, 0x7ef}, {0x0, 0x5ae, 0x10, 0x4, 0xd8f, 0x6}, {0x9, 0xc, 0x6, 0xd, 0x8, 0x5}, {0x10000, 0x2, 0x4, 0x80, 0x4, 0x2}, {0x100, 0xc, 0x10000, 0x9, 0x6, 0x7fff}, {0x6, 0x3ff800, 0x0, 0xd, 0x8, 0x1d}, {0x80000000, 0x4, 0x8, 0x7819, 0x400, 0x10}, {0x596, 0x1, 0x1, 0x0, 0x4c81ae93, 0x5d4c}, {0x101, 0x0, 0xe, 0x1948, 0x111, 0x1ff}, {0x7, 0x3, 0x5f31, 0x8, 0x8, 0x8a6b}, {0xf1, 0xffffff80, 0x5, 0x6, 0x5, 0x10000}, {0x5, 0xfffff38e, 0x8, 0x0, 0x2, 0xda}, {0x7, 0x5, 0x95, 0x10f, 0xffffffff, 0x8001}, {0x1, 0x6, 0x0, 0x0, 0x1, 0xa}, {0x5, 0x1, 0x0, 0x0, 0x1000, 0x7}, {0x8, 0x2, 0x5, 0xf4, 0xf8, 0xe}, {0x80, 0x8f7, 0x5714, 0x6, 0x7fffffff, 0x7}, {0x8, 0x3, 0xb708, 0x80000001, 0x5, 0xff}, {0x6, 0x80000000, 0x354, 0x1ff, 0x3, 0x1}, {0x1, 0x3, 0x758, 0x1, 0xa, 0xfffffffa}, {0x9, 0x0, 0x5, 0xc15, 0x80000001, 0x9}, {0x3, 0x8, 0x4, 0x6, 0x9, 0x5}, {0x101, 0x9, 0x87, 0x1000, 0x8, 0x1}, {0x9, 0x0, 0xfffff000, 0x9, 0x10, 0x7}, {0x86a7, 0x1dbe, 0x6e41, 0xfffffff6, 0x7, 0x101}, {0x7, 0x2, 0x2, 0x7, 0x7, 0xdd9a}, {0x3, 0x4, 0x4, 0x5, 0x2, 0x7}, {0x2, 0x9, 0x2d, 0x2, 0x2, 0x8}, {0xded8, 0x6, 0x9a3, 0xffff, 0x67, 0xa}, {0x4, 0x7, 0x1, 0xffffffff, 0xb, 0x9a2}, {0x21641a49, 0x3, 0x1ff, 0x40, 0x5, 0x2}, {0x18e000, 0x6, 0x8001, 0xffffffff, 0x10001, 0x1}, {0x0, 0x7fff, 0x0, 0xffffffb0, 0x0, 0x140000}, {0x9, 0x101, 0x80000000, 0x2, 0xc39, 0x7}, {0x5, 0x1, 0x8000, 0x4, 0x2, 0x3f3}, {0x7, 0x8000, 0x1, 0x0, 0x1, 0x3}, {0xf, 0x9, 0xb, 0x0, 0xfffffffc, 0xc}, {0x1, 0x5, 0x7, 0x8001, 0x0, 0xb}, {0x6b9, 0x4, 0x7, 0x4, 0x9, 0x2}, {0x2, 0x3, 0x4d147f5d, 0x3, 0x7fc00, 0x2}, {0x4, 0x1, 0x9, 0x3ff, 0x3, 0x81}, {0x101, 0x7fff, 0x5, 0x7fff, 0x8, 0x6}, {0x6cc, 0xd, 0xe880, 0x1, 0x3, 0x4}, {0x74f2, 0x1c, 0x7f, 0x1aa, 0x1000, 0x7f}, {0x9, 0x1, 0x7fffffff, 0x1, 0x3, 0x6}, {0x100, 0x8, 0x4, 0x7, 0x4, 0x8000000}, {0x4, 0x926, 0x1ff, 0xfffffffb, 0x1, 0x3}, {0x5, 0x6, 0xb, 0x3ff, 0xfffeffff, 0x5}, {0x8, 0x5, 0x6ad, 0x0, 0x5, 0x7}, {0x7, 0x6348, 0xc20, 0xffff7fff, 0xfffffffe, 0x800}, {0x6, 0xa655, 0x7, 0xf4, 0x7, 0x10}, {0x6, 0x5, 0xffff, 0x40, 0x60a45127, 0xd}, {0xec, 0xffffffff, 0x1128, 0x192c, 0xa, 0x800}, {0x5, 0x9, 0x100, 0x8, 0xfffffffa, 0x8}, {0xfff, 0xfff, 0x4, 0x8001, 0x5, 0xe289}, {0xe, 0x1ff, 0x4, 0x4, 0x0, 0x8}, {0x1, 0x9, 0x9, 0x0, 0x6, 0xbfb5}, {0x40000, 0x96, 0xbe5, 0x1ff, 0x8, 0x9}, {0x0, 0x67, 0xff, 0x5, 0x10, 0x8}, {0x20000000, 0x0, 0x7, 0x7, 0x0, 0x8000}, {0x9, 0x4, 0x1, 0x9, 0x3, 0x8000}, {0xb, 0x3, 0x0, 0x8, 0x8b4, 0x7}, {0x86f, 0x1, 0x1, 0x2, 0x3, 0x3}, {0x47, 0x6012, 0x8001, 0xfffffff8, 0x0, 0x5}, {0x0, 0x100, 0x9, 0x6, 0x5, 0x7}, {0xffffffff, 0x8, 0x5a6, 0x8000, 0x2, 0x2}, {0x2e, 0xc7c, 0x4, 0x8000, 0xd, 0xfff}, {0x6, 0x9, 0x0, 0x7, 0x3, 0x6}, {0x4, 0xb3, 0x1, 0x8, 0x7fffffff, 0x2}, {0x28a, 0x5, 0x8, 0x4, 0x7, 0x5}, {0x38, 0x4, 0x4, 0x6, 0x81, 0x3}, {0x80000004, 0x1000, 0x8, 0x5, 0x5, 0x2}, {0x400, 0xbb, 0x8, 0x5, 0x5, 0x2}, {0x8, 0x9, 0x1, 0xfff, 0x200, 0x471}, {0x2, 0x0, 0x0, 0x1, 0x0, 0xfffffffe}, {0x1, 0xa, 0x3a, 0x3ff, 0x7, 0x1137}, {0x0, 0x0, 0x8000, 0x5, 0x5, 0x9}, {0x8001, 0x8e2, 0x7, 0x8, 0x4, 0x1b43}, {0x400, 0x4, 0xc, 0x6, 0x698, 0x6}, {0x6314, 0x0, 0x10001, 0x3ff, 0x8000, 0x7fff}, {0x6, 0x1, 0x5, 0x8, 0x88}, {0x2, 0xf22a, 0xe475, 0xa, 0x4, 0x744b8102}, {0x7, 0x2a6, 0x8, 0x5, 0x1, 0xd}, {0x5, 0x2, 0x5, 0x9, 0xd9eb12d, 0x5}, {0xd8, 0x1, 0x7, 0x3d, 0x100}, {0xe, 0x0, 0x10000, 0x3, 0x800, 0x6}, {0x68000000, 0x1, 0xfff, 0x3, 0x67, 0x8}, {0x101, 0x4, 0x8, 0x4, 0x1000, 0xfffffffe}, {0xa28d, 0x4, 0xffffff7e, 0xcf, 0x7fffffff, 0x2}, {0x80b, 0x54, 0xe02, 0xd90a, 0xd, 0x3}, {0x7645, 0x2, 0x4c9, 0x800, 0x3, 0x1}, {0x8, 0x37, 0x3, 0x9, 0x2, 0x3}, {0x3, 0x3, 0x8, 0x3, 0x0, 0xfffffdbc}, {0xfffffffe, 0x1, 0xd89e, 0x1000, 0x3, 0xffff}, {0x9, 0xf574e1e, 0x3, 0x0, 0x8, 0xb}, {0xfffffff2, 0x8, 0x3, 0x6, 0x5, 0x7ff}], [{0x3}, {0x3, 0x1}, {0x3}, {0x3, 0x1}, {0x2, 0x1}, {0x4}, {}, {0x2}, {0x5}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x3}, {0x2}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x1, 0x1}, {0x3}, {0x3}, {0xaf8bba8d0517b9e0, 0x1}, {0x2}, {0x4}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x5}, {0x3, 0x1}, {0x5}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x3}, {0x5}, {0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x2}, {0x2}, {0x4, 0x1}, {0x0, 0x1}, {0x4}, {0x3}, {0x2, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x2, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {}, {0x2, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {}, {0x1, 0x1}, {0x1}, {0x2}, {}, {}, {0x3}, {0x5}, {0x3, 0x1}, {0x2}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1}, {0x5, 0x46ad83950480526d}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x1}, {0x1, 0x1}, {0x3}, {0x4}, {0x1}, {0x5}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3}, {0x3}, {0x5}, {0x5, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x3}, {0x1}, {0x5}, {0x4, 0x1}, {0x2}, {0x1}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x4}, {0x5, 0x1}], 0x3}}]}, {0x25, 0x6, "ad708099198a0ec1c38872c6b6baebd4c106afa40a3f91a999ddfd290aff460197"}, {0xc, 0x7, {0x1}}, {0xc}}}, @m_bpf={0x88, 0xb, 0x0, 0x0, {{0x8}, {0x40, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6, 0x6, 0x2, 0x4, 0x400}}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x0, 0xff, 0xfe, 0x8}]}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x0, 0x7, 0x2, 0x80}]}]}, {0x22, 0x6, "6d36347a1242181465b574a64f523ba2c253db69f9aaae8e13306c1ee24b"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x114, 0x5, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0xde, 0x6, "69deacbdb4d5354b30928698782d736f79e7c689cee4c3027b569f62a841f2be5fc5fa659f7c79d435fdb9eb4130bd9a6e3eb3200751586ff5ebdbe62df3b5244259af3f5ab21497e550eb025982bb3aa9d76283e85cc2b6f4eba308b31283715dd3781e328e5a49c8fc610eb9a8974697a5f320053b221f97769a90b0caea859a8a0cbe58102aaff47f853d9ee7bf8f72ca959b7262a0819604a2d6ba6413d1e50f9c88ed91e089a5c2afb38e863f46d780a1b627ed66d93754d9a23cc9588ffebf1dd4753859e1a9c0d2ed16fd969b8d5943a06cfc9b822dcf"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_mirred={0x25c, 0x15, 0x0, 0x0, {{0xb}, {0x144, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xc, 0x72523fe1, 0x7, 0x0, 0x6}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x4, 0x9, 0x4, 0x5, 0x2}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1ff, 0x3, 0x20000004, 0xb, 0x3}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x4674, 0xa444, 0x2, 0x7d2b, 0xb}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x81, 0x6, 0xffffffffffffffff, 0x2, 0x9}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x6366, 0x5, 0xc, 0x4}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x7, 0x2, 0x2, 0x4}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x7, 0x20000003, 0x6, 0x8}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xa3c, 0x967, 0x5, 0x6, 0x80000001}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xd, 0x480, 0x3, 0x8001, 0x2d5}, 0x1}}]}, {0xee, 0x6, "d5ef8b5f42f53bb630ae6a50d648f8db0da6ec9de7b6ed4b891485781d2737a05144751ea216feb8fea7f028badf7d9963b01a1342cb62d463074d2b2a31fda8391398621e9540f33c7156ca45fda84d4f64296dcbd827f37628708490db199c49ad999ec23719dfa8575af2554fde2bc5a24ea7eca62ed49122be5e79147a6b087cda880c7b4cfd2a29f74807ee36fe5c6584c9e5aa2d114b4d0dbc2a672d21e1f20f6acee403ac8599a3095cd44241a7ca22609226f1108b4d2467c57efec0af77b76e2326fcb8b5c378501c0d2a914d28304beac051584d3f064e9f573a85b5b42c8dd95d94696b4d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}, @TCA_BPF_FLAGS={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x7}]}}]}, 0x22dc}, 0x1, 0x0, 0x0, 0x40}, 0x0)

972.156073ms ago: executing program 4 (id=6314):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x78, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_LABELS={0x14, 0x16, 0x1, 0x0, [0x2, 0x3, 0xc3, 0x3]}]}, 0x78}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, 0x10, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x7}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc841}, 0x40000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r0}, 0x8)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0xce, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={0x3c, 0x0, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_LABELS={0x4}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004881}, 0x20008820)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$tun(r3, &(0x7f0000000000)=ANY=[], 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000a, 0x80010, r3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockopt$SO_COOKIE(r4, 0x1, 0x47, 0x0, &(0x7f0000000180))

954.907574ms ago: executing program 2 (id=6315):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x221, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r2 = socket(0x2, 0x80805, 0x0) (async)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000300)={r4, 0x1}, 0x8) (async)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={r4, @in={{0x2, 0x4e21, @multicast1}}, 0x10001, 0x43d, 0x0, 0x0, 0x1, 0x6, 0x6}, &(0x7f0000000200)=0x9c)

774.164066ms ago: executing program 4 (id=6316):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbff, 0x10000}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000040)=0x6de, 0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) (async)
r4 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x10000}, 0x1c) (async)
getsockopt$sock_buf(r4, 0x1, 0x1c, &(0x7f0000000100)=""/157, &(0x7f0000000040)=0x9d)
socket(0xf, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) (async)
close(0x3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0xffffffffffffffff, 0x3e, 0x0, 0x2}, 0x28)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000000004000000480311802e"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1450b43d6864f27bb68352dd3889cb79f9947a80fc22522c7729395897665e1459098e3aedeabfb047725449dbc9fc", @ANYRES16=r5, @ANYRES8=r3], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010)

582.718786ms ago: executing program 0 (id=6198):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x6c, 0x10, 0x401, 0x4002, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1d188, 0x10130}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x4}, @IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x9, 0x7}}]}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x18, 0xf}}, @IFLA_VLAN_INGRESS_QOS={0x4}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040010}, 0x24004004)
r2 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCGETSGCNT(r2, 0x89e1, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast})
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="db", 0x1}], 0x1}}], 0x1, 0x40040)
sendmmsg$inet(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000540)="a3be", 0x2}], 0x1, &(0x7f0000000a80)=ANY=[@ANYBLOB="1084"], 0x10}}], 0x1, 0x4810)

473.98585ms ago: executing program 0 (id=6317):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_int(r0, 0x29, 0x38, 0x0, &(0x7f0000000000))

468.899146ms ago: executing program 4 (id=6318):
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e20, @broadcast}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e1e, @initdev={0xac, 0x1e, 0x0, 0x0}}})

397.862549ms ago: executing program 0 (id=6319):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480100001a000100feffffff00010000fe8000000000000000000000000000aafc0100000000000000000000000000014001071c4e23000802000000330000000cfd9bfec8f4ea3845850cf8003b17a6", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000000004d4000000000000000000000000fcffffffffffffff9201000000000000a39b000000000000ffff0000000000001c25080000000000050000000000000081000000000000000000000000000000ffffffffffffffff00000000000000001f00000000000000fbffffffffffffff09000000fc030000ff0000008000000000350000020001002000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000a0026bd700029bd700003000000"], 0x148}}, 0x844)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r1, 0x313}, 0x14}}, 0x0)

346.124679ms ago: executing program 2 (id=6320):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000a, 0x204031, 0xffffffffffffffff, 0x5f456000)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000040)={0x3, 0x4}, 0x2)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, 0x0, &(0x7f0000000400))
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ed0759cb47cd90df41fa7a40c72a22dcc53a83731c39b01fceb7"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r2, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x37, 0x0, 0x8, 0x0, 0x0}}, 0x10)

255.824289ms ago: executing program 4 (id=6321):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0x4c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x38, 0x1, [@m_tunnel_key={0x34, 0x1, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4c}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x16, 0xc, &(0x7f0000000d40)=ANY=[@ANYRESOCT=r0], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x7b)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="0cff0900a244984f2595f43dfb1e", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 32)
r2 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="3000000010000108fdffffff0000000800000000875c998211ad6a964135c08ff2292cf8cf6a28689ea72592a755bd650bf024fb1454b813a1ef71bbc1dfa1fa6b380021519eebb46e4d1fe0a36cdc52587442d71b649f4ff868758b57493ae6395e3a9ddd5cdbce37504f5833684f6e05", @ANYRES32=0x0, @ANYBLOB="000000002104020008001b000000000008001a8004002d80"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x8024)

204.284544ms ago: executing program 0 (id=6322):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
setsockopt(r1, 0x84, 0x7d, &(0x7f0000000440)='\a\x00\x00\x00\x00\x00\x00\x00', 0x8)
r2 = socket(0x10, 0x803, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff})
ioctl$SIOCGETNODEID(r3, 0x89e1, 0x0)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000003a00)=[{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000000480)="0848602780eafa53e92a0848a52d62d799a1b9ad048fb782f9b301c1277fdfaba367dae958c4326ad50d94cb40b28b185c67073483e080e6eb587eba5271607f022ad5c4126eec746fc4e7c5233fc3cc65c4d7fdc9ea714ba1ccaecdd1ea34ee1641c87c25e593982bc8e0fc06de00b619a64c0dc490a4e1908126d2f6be0af057a4fd28fd8ef4f06ae8eed5f07997f600feb33b62b4c6b4890469e998dce21b93e4055a0de40a63a7b9bac615cc4e9a651c3dbd90aa1efd75992b49aedadef3c7ff19cd1d3d8865aa843554824278829054fa2e3eb91df9d974639b699bee30182c575c4ed5e2b9a95f2b98", 0xec}, {&(0x7f0000000580)="2e3a3154084af158f755df5f1122c0fbe75b6c8491233ff707ca6e29fd729526dfa6cc38bc52caf81b44685a217c5f17a07a923c1115f642e7d107af", 0x3c}, {&(0x7f00000005c0)="4f63b5270210a91b9fb6df9b6c928177132ad4f08918f52f35d2939452b2d623b7929a00acc88e3a6a", 0x29}, {&(0x7f00000015c0)="2946d08252e4540fd5d91fad5c37795eaf6e8c4c84d292b08dd169a012d95e6934a01258a694aced872c7778bef9763c6dcfe25fbb38e04c5233ace4dc20b6c1dde063a7ebf9dec8b49d6b290d465c84a66e38c9a04173ee2033bd813bdc249079adb6d507587727d2fa42bfea6f9462d10d2f66e91431da3d72080face7cfd6d2c47f91c7be40909ccb4c73bbf6d3063270b5ae8b84cda9c1045ddab3207f68c58721aeebf67dad7a840a574ed2c95e53132191c542565f8b099a5effb5b59da17ddd8b4020494912ebd7ff9c193e70396e4e481faa47d911d0ca3756255f5c3d6b5a02e13add422d8662acb5b7d15434c76187e54aa6dbfa9f884f2dfa792ce827dffc10c0dafa272db2898d54143beecf73325aec850dbcd968d62f56ea7b1fd7ee6cf727396d99e5969c0be8e7f33575529d7002fcb4220a0df75faa52f5f6c04142debe63b61164a198594be59d86011f267351beb5c67d88dc74af130b5278596db8b6833c6a4519501967a4048c7f8cb78c21ffc335978be6a17bf0ba34c8cc3a5640b82f023a00fcff17d0bdabc33d1787c8bdf4cbfe80122845fb3cefca4c98ca1f69d204cee9683e5bd9392fda5370485013bb6b0a2e2955c46cf5a701ed00858d426f2da84623c3a93aebf124c0550dd174437751a4f5f9768ea10ca2093c7937d79f355fa5adf0ff858af50b7896301c6b314b7877baa40a96316556875d6f41b72a6d1dde7f56f869a22a5abc05dcb68c13b77af7aaa4d1bc6e5d6a2f8ad3d47fc21ed2cfaabd015e9a1a2d003ecfad4e3c7d42013552ea835485b7ec66c845f385cd173a42c9f23ea4a7cce3f8d578be0f7e9f9e0c828cf10fe35783710bc860938ee52be414ee0dc379dfc4dd3f4b66100dd4e52c2a78d1d9a49ed8324c390e86f0ac1049df18b75e8a17278872378c0a63af1fdd1db6d9ae9d0f6a29106691729137288d5985c9a1ab2894ecda3e0d8906c14f254462eb52e7e6b05ac9c077e6b5adca1998e9263e03d768d714b7677fe235b7f30a92800daf70b588144e61110ec4c460eccc7cc011c25195c147e198a4923a59cd6f684a1217b9638daec9e5b555cfc58d6d68ea4486e84da0c5a14233087cde350c950b2007e5fd2525009ffe8e7a94c4e242f6ddabb34e351bae9092e90926d01c5e9b067530e278adef7bc2e0efb6ed243eb81be73fd2b06e20ee255567673d431f26cc86c9f3b8af73e63c30282b6196c8e0de578add5d91d51d6cf7bc5a3bfe692d9a684cbc0479b800f5a370f115116b074ff73c483548ee3191fda470f4320dad1ecc5a0546d5ee9e6f04477829025460afbd35de7acf1c57f01a149d3c6c901c1904954da25d7a77cf2011698de96678d2739d3c7bc884ad7d41946c9489a45b06cf11bf17cde66abae232b70bdb502bd0ed873d50d2422c108ed6eda5e7096b8b5d5b1bb42a1ae6678efa78b4a6a99725658702b3a06a35f0e47e2589fa620fec32876ddae335ceeb7a2b3f8870f7862fe05df3ce9a6878f0a384730a52834e98e7e82d860cbbe3f03896f92655a754a67e0b61fee4df3af3399b93c08455a30ea345ae1468998d0c04d4bd5fa7e64a81898ca5aa45c22a6134dbcdfd1e05254b0ee25db2dc53f4ef3ca1795c9999845b9ba61b6953b53643f6d9c3db9966f1be3b5d058d28cebb48cb406e6232d7b47902c52f7e05e46c3d0d11c9041b1138b7322e40a6db63aa3d1bff288b4a2f0afbdee1d498096e884cb54d3ce15ec20b16aaa6e9758a4f745a8d8a73844be72f732d5883f7a4d74919d9bf4f6de489ee3a3b1798a3e144d364381c2f726f89b4932049355ac2b421a7b7b33fdba0f9917ed5bf51c22b8620e2bafe170eb03865e754099b2442631703a26d36d2087da7f7e46871412fab773cb504714086139411e97ca97567a55f762b9264698e9fb96b60e2990fc8c9958fc3fe2801296e9a2af6f0e674b5aacc9588e209c9f4b206516786b2caaae4c1b9dcc89faf3f14e2d1ff5c1779606de6def9637196ba349ff98b7d1fc958ce771633adc6e71a5182d8fe0e0e73ae17f410af337db18259a33b43f57ddff2ec219d66397360ccfbf08f41108cd17cf9d0a1f9763a27f477ca72479ae64d510a632bbca6624d4c65110353f3db3263bbe172fefd7fa591f806fbce339f58e542464e6152e952c24439ab70199267bf3935ee78d5599c028ba3b8286dec92d43a8341b92040284218cc041b113b1a47d90361762692a0b30c3e35f81421690bad1dfa355a791222334e957e21b844835cbb0513a2aa5849f29ef16c0531d48f4e0cee71a4460b1326c41ff36396397afdba790ee8882364395bccb164cbc9a9839646c1c86b7ac17be1e6ae5a544d3322d5643d4fd3f2338eaccab92de32434445d1e74f389c63e0fdb1e05ec7b03a892c2b0b1c66d4a3dbe5f251ead22760c3c23f8e46d932497ccda2dc7e8a0c3a21c4e567933369165f246fe719fc2692570e80d4373d2d3c179d3651963043902874d5a048081fbb43d244d60588104011e04acb26c60b17c457208c0feb2a43d528054602b570463fafc6cdab1bf6dcb6a7650eda161a3cc0d87819afd06f6015d86388ef5019fea4e2f77ab0587c669bb3391eceaabde88e3806c8e7c0bc54154c7f6b985c85d9b116e89ac17c59a8957c0f422431519e2fd86be3ba15ff389b0f6c3a1b07fe704a4a499df4526c2c09adf757725f7395bc920b0d64d890d2cc18739b4f89a73f76872c54f209c84f8aa5f8b69ae905905c79f964763a24ac993bb88b1d95d1766f87a3c019efc43cd3d2285afdac897b9d7e856160421d821d9d1abdbee3787d79e1e42b37ab34aa863d52a1f19e376a648c3465b881923d70b4ee270b5098d0861725ee2382c5d07799d8007cb679c4d3616235c6fcc2f1bf52fb4e0301ee30b2081b5fe3edda4915ff0e68dd38b23ff54893e7c67823c679b0c70c628c9551b967fce1c804a5700648843dff1434d05fc51826a8737ea814a2e328f6b903cd68fde4e9f2dd4f10788a32849a3d78aa2d5bddea33e7e84d3be4639ca7bdf18a585b6af2b2734342e0cf2afe3e2d8c2ffd1a9bfab1a5f6d9bc4fb569c0ac6ab459aff19c4f7b694bb49bbbc932d0abda746fef1e7076520e0b4b0722e1307d94ba3b90b9b78383299d5812c2df8e4703d2a176e9f97d8764087b7306e38fd2cd014a49abbe1ceca5bb71f93734668f803b884cd9d08c7e66d7ec8137af20b160452137d733ead4d68342ac3d5f97b489ce380774a5d3cd5f0ca2a4f477515a45aac5c34d07fe5d86b3eee13217355b6afe64d489e9e0280c1dfb5691ac465f1164653fbde3fd0a8ad50a84fe398fc8acfeefb993221b94ddf4ebf8dc361ecf78b2a4ab2daeb8b390986f7e19fef1d0d8249979f4c51d2124388dc0354a0a73b849e41978f63ac49ef4a0e34db2b1fac252c0750ac321e3591b44581a5e581c3102e4855c532e0c829cf55e84047e84e8ec5068d95d0bcf7e8824075425b8ba6ce15d0aa08aca2ee77a1a8d2b5432ce9d6d162f4adfb6cc1e38f9923dcacdfe915e2c4f6b3c65998101ffc2f56657159f6f1c47ae844effa8ce3f0d48b0eba6061767ed3ee398cc091cc0931c20a4b10dea3e95ae0168976e123bddb9c3211e1401720811546a009121250da2a100dce7c42037239f15706b23deac90258fb2c54ce2801c352e9aae39609d482fe3a0b39da8caf83f762a7b4fc321804ed2604eb414dded25e7ec1c67ccfc7582afd392ea14da621a61ba72e383ad711bdd2282d03ff96de2af66372336f6ad7e0c4a6900edcbefe129f14e5fbbad55ca4813a42a5fb23d1f7891e9a1af72572e93387c062b0b2dcfd1d62135701e553d083bfde6d13a6bb6ac1c47f8cab891819e62d7b8cf474e9873175acbedb734d955bd16f8c808e1ce22f9aced53e7d06b46fdebabfa16f111333f55c0c7598391c10b6f3f50a89719ed8ab44479f840195cb61a75f6766db53596d74413e3744cae397b497af84d31948224c634fead481a34f0c5785bf18eebce191ca43be12273cdde320ddbf5407bcb3bdd2d15d106b51fee5d99bc5098a395628abaa83c78d143e5e4d5700ee3144cbdcdfbf08128035c2e86bb9973b0e346e8cf1cc163d6ecf57e68ad61d25077f87e51c4c5c4a6674820f7b4c9e34e0aab742289d892e3cd1daede309bafdcfbb4c648d4b9d6d592e50293e3e2d448a44686d5aa7ba865fe1beb10a158b9e673627e90b38a0d470de0609750c60f88d7c044d5c8f002abf546acbbd2384d796d120bfbaf2b69e6c4181fe76dd2dc03b17c14f1457e46288787f0d031467a2f2dc5dc4b2f4b6df226b9f7cf9839f592e96c12d85bce1e08c3b9a77780a6f137d41d10e1d14f47b71b4ba69168c5d7f3fda2bb1e5872c97b36ab931d04e39867286cd018ef99a24838132cfa79ac50344024896aea65c6bcaccb27463ad89ff964aca2232dd6d8e129ef2e247a7381677a725ee9abb5c3b236276d908edcfdedc184681dccbf6274a3d4b9aeafd100f7d0d32c5d0e64fb44593c950377c0ff01d8b8e4e4cfd208768470bb47a928db260766f4896a5508b935d1a91761d108cc34c0be53c2100e583990f60feb13732ba0f645f23e24a5ea7990c0a080beb8beef1ef38bcc666e0ee66e578a87b229776aab61c7a904f5a20a78426f999ae24495ab2dc4639cace950f38e2bdb5f064bf54efb4c597488763e2490c90a03f091af3164dd90fd4fbc6bab7266cecf3f644f3ee90e9906289d7432347eaa4a93fafdaa901f0638de106912578d3405f4cb967e3d9772733b6353a7428d9300c64dcef47903633a8f2372c7411dbca89dc5903be0c616a223771a9528a92cb7a515e9af4883e858fdede726ecd5ec805bd9abeaa10c49bde1e6327206b77a95218cc30cb04962ef7bb064478a3ebfd869a2974b43af9d0c4ae9ca6a6580b7a80bef62b534e089eb8d0c05645864a0e581fc031d8fcb2535e6eb4da809a371cd73eb241f581ac7f2db0d32aa88757a640cc36a53317d645f4a2b1c853c8816378f152c20e436718fda88970d1c36427de3968b2c70c8301bf29af54c043f74954589ae63efaed656cb9656aebbf19f198cc861f4072ddd93994503085744af0c38ac765b3a9829f2fcecb584199241765e4577129bd58d5c51559869f288c3ae35129162b95cd2d065622d4b66eac798a3bfa9d1ccd4c1813352ed2a3ec1c4bdd071e2b11dc2155e593ec2c126916ef4bba2c8a4cda0f6a1d424998a43f1c984e774368bf380a5fbf62a096f7c8063cad961b15c77aaaf29ac287b8b9dc5175fd1ce4f496e617665ed74c8f89eeff4491f8651c1aed0964dadb32372f4e7319ec353807b3b5c8a87aa8ab00746b98472c544ce406c568fb3473449c7be00467975e57c4f37f15f6cd5ceabd7cce5b0e15d968c10aa5e9b8a39105a40248e075b3a1857397032e84e642c3bfb4bff42e7b0e67ff4661dd37c414527174f4cb047c86be7558fc3943b927fa35a92eef6c8839357d822d39d1fa4f76507e3b33d33bae3e0a4d70f623a35b2591685dde7c9ea3a618cbf12d15b46a386ce0460eeb82a42e11ebf6dc2113d9efe5f80fd8104122fb0cbbfb6d83dfbdd60f73fc0ebf2ffa95d58b3d3d9d4b23d46e1078807be507df2741365f3d16f49c14bfd0f913a0898562a5fdad53e5d1eefbca95a6da52571fa301f751399ed0809f191bba7a96f09359a559739843b84ea1058e1679d787f3e2187850a6c7ded0cc6cec14ea", 0x1000}], 0x4, &(0x7f0000002600)=[@assoc={0x18, 0x117, 0x4, 0x7}], 0x18, 0xc854}, {0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000002640)="101244a18864e84b2b4d56399474d35e7049578df39b1d4459ebdbcc6c2e505c81f3e10ae8973ffbf9cc9b0cd0b32bf18d2e422de66bf04efe2b92685edafc44c1ea45377984c04813e362110ca4610516d071b64d52afe5d560a633d53989e413b8569ace1ad5242cf937a6b808c36f84c8cf16b5630a755a43009c9a0988aeb53d9b9c52aa1518a8981473a4876cbe93e41203b3a5aa73979cb263cc0e1e0abc0f63669438c953836b49834e9b27a22ff215c08814a391e7e6e083e270823180224d37cd8afc93092f0b0535c27adf33b5c390db8c51f3e1212664f11aefb31b22d70f086774c8947229c2807b0e4c92938f8d223ef3709891dcdba7e6b569f21653aeb0f1f88c7f15cddad532281fa919771e7dbb9b179a9f67436fcd7b861339f2d1369f9c92aff2330820b9125622eaee167d2c33badbfd33326a28781f71a3250f8ad1296d1c593aa842c79c06e9aaa2e8c97f28c390f45815b39218f809455558f8101163a5c98e22423c38d046f1f01bae218b4a19f7feb42c767e1b6cbd0c893eb099b3a449b088d5cf870adbef0f96ecc8fb9453db6b4f22e291b92f8a07b65ed83712d0761951067327eafbea2518d1cca5a99a9257cc277dac13980c14299a78f99ca0c0f622a5dd7d3e2ceda52cf4a499709017ef3b00ca98051c71520fb4affb616b619c0c6cd04231e97b60ed04a57c33988d85c94b05deb44a3fe6755f1039bd053e6c2e32c789b6614350f17e319012a7399063ca688ccd781db2bad7cc5da0a5b0183eca63af93fe63dfbaaf066b087ec4dc9301a6d1faf3154aa55035e97421ba8835f23d34770cc17dc9798d633ff5653607b44783ac192d4c2b4db1cb5310e72eed8986f0884260d248f416546b4f8095fb509299bac327fbd8b2ed1d8516b403cf6758680c4aaeebf3f52fff97df36b20f62d11348f52126891aac100f77b5ed77f483e7a88aa14054080dbe0c7377a9ee8a90573ba25284f432a6f1d1a3d23810d5ebec30db6823ca8da4ed54e0a05c912b2d8b337cc88af7d70abc4208a58b93c26c892bea2f7405b45e2392fe1dc5691a8bdbff404de1f425cdf9009ee210d46573a80ea760006e8903a221a4e6c24e9eb5f80ad8ae7a1e7c7bc59a42b33fc5254448c0823cad8e4628bf3ec1cc140a59ba16cab5d573e82223ceff7ba7865d0f10f3638e83a36de444a68105fd952f1ba7a6278d60702ebb721ae254c3400b39dd672dc6914cc9e7e8c865f2782a9dba050d04c2353108e791a8045e8289b6b463e9bba4b23d7905e6a7f88249e66ef7df78dab06fbe75c41e9c1bf119def4d6fed8fdf3980aef084370a103d0cba10a0c7cf1eddff939651a7163d60199ec2bc3619d2c936d3315bef00ac9a2876587540759eee8f1627b2658929d90293261b23867228b5e76c0d29e0f1e73f5ad765325b8b5f2e5d2ddeb71f409176fccdc4175d7e96565b3c0cb779392f6ae38511286401abc899ae7839f43e29b08682c1cf325f77ddb6fc215eb56b131ee3f8fbe4a6531d54c613e42892aa05ed881db9bebff4515c2788e9f57678c0171d162edc43da374f8027d1e02acc0722bc8f6a55d076bde52ee604c85c21ce5260a74c6aae04a794c239545896e150bb7f4006a980b68a2f0e10f529926c83a168a5c865eddd1ee588eafee5ac9b30a7ed9ab2c56859b2d393803275d92812720933b59abf22b3fc357a0d397808831bd5427fa95be51bf28ee4fba86c1e46bfdea7ec57d24c5286b1f20324406becc71eebeef615207d9dbe7917abd37c8509f8b0475fb2e8948147823d0e216c50cebe9305efbaf59f647eee09bf7e46bb306fa5c347c18296e599859b29d1b66cb0684243e4362a83e86163ed5d780e43e2c3496b84f6fed8174b3797e58f3fb3cc5b1ac18e93594a6da00c061d4884866c8f20cb69a2b4c270ae845879ff64a9dd5d6440bfb6c9ea3e382052040a69283c1ca7defaf36b6e6fcce6a25e6c7755baa4c4fbc872d1df707934b55844b3a2a1511ae16354ee1dc8a1205de5215cd4e97259a50e9ec61745b3cd2557060c6483a9a815153e4e60b5bf4ab1e0ab255c1325a70a38671847708ab4068398af9b2cf775a35ff57f483c80f7ff7bee4436d22b24e688021d703a27006c82bc650a53b69ce37c911c1c64fa0052d95ae50a744768add72eec693381dbb9372e6e690adf5f5ac4fe98f532fac0952ffcde6059f32bdbed1a9ab97a16f574abd66bded318dd82b97314a9aa0013d966774100d718ee7ce2071fa4bf73486188e7667f0ea3b04d2d19f277a79b8eb3155dea0b832a534818d8491b2dacbb3bd1b32ecf8d527e9ca4b1628273eca05a56322429aebede77014a6b39255bee4557c98f9649a3a0a9921b902695945d5d58024aa12acf0ac99167b64a45419b25c46df163f1ffa125f8e8d605976d95ad50130d2f211313fdf59bec338fabb4030e026977bcba7211b83d1ebd09b9ef0c9d74f95b0a7cfe1f24167f9e464d862191e861f5af77f38ac4551102f91515e6091ded1cf7ee69625bd653efaff53c863bf17d6713a80cf35cf9e2d8aebd8f15214fa18a3e5d5f08a6ba0a9b7417f678f13e339e3f01ef73be296d117b7c2a29b517c332fdcf07d397d9f0b2682327bfbce2fc5b0987503e2fda9ba0fc41b05682e548252d91a9900822a956e685954e315c191a6b28fd9b19ab7f2eb4a347d51d881fdf37cfa662c2cf454af3e7d9fdc2547616fce81a536e002272845ce3d3c4977d4be154753f4cfb65fdd6919a7aa5dc98a7205b8a747c562a26e8c9aa15152907cec1664050ecb2c3043dc7cfa9a7b94b393bd8e20ee1510a4bf0764e126f7568142c71b63a848a0c9f263e7f47514117aabc155e61641224384f769b6b42eecd4b78092cf2298a6c66c6c64a7cfc058270b69ff38e90aa3709aefaa71d31515d809cbaa2356a7531536362b412adc0dade71b3f0af0e25f2371c7c177267457515c953e86785cba9a7387bd8ace62a1216e99ab27464a3f665ac7875f11aa1ed60926235276d1c33df22c80ae784e14e43048cfc6e9e9117dc51b71ac53b1fbc630d96f4dab5a454f935ba27e3ab7956f2e805525fe5d778ff5b07c1306513654d2fdb650c6a8da4e1f5dcce6ccb3b068befa1a192494f630d896554bfc88fd81bd183a3a35cc57157d394057bc843e895213ff2f5124f4546f0ee1215dbdbd2f9e80a4ff3595c9a3fa7eecb95dbef1ba1c7cd2b585614b09223838bc7499be24269c6eeffd91a5c6989da9c5fc93452bf4b193f15daff9003d46c739a9ff924a383da9de91a8cddc6b552fda51f9ad90a4b0ecc5a7279324b0d527f4187a72be54b7fc324b57db44884929da95ac94b149dbceeaccc96dea2bc4e61d1cac33719f542fd0e5ac883a65ad8feb1f28808f1189f6592114ff4e28ca1dd3c27366b7c905395a328993c9bf458301bf37ebdfb64ed0aa30422b5c0756fd3dcfb6eac44b1efd8ea39d689e11272c77e23616e6ed4700984d6f62ea133a63341520360342d9941a9b4e2a659932ea3960be19a4334cf1ebd4edbe425fb1b7912f3e8131064c7a2b5b4678a393ecaebd46a51e2dfe2026dbdf38bdf1e9c8bc2803d593afd064cfc6843bc129733cdfe21a3d243129df43b6b560341453323efb178d10314258b7a1bd8adf3dddb94062b53db32508c75d98f3a24d8de4cf3756d2a87bef58bf13950e47f1868798c99c0929f41e80aa9e13736e9b5f3bf100dd0982814b32dbabf0837390da56906bb5de74d43fdb9f8c19db891d22290f1f63013401895bbbad4c01752a3584540c47b0d0204ed3090f293c91ad049080bca97616894775f5d54807eadc9fe4c4e0cba071d8595ef64644d8e204c36599873d22000d1f0c1199776911ad551693e9db832905664b11a07d04adcbef810adf3eea5c844a7da3999d461a3c529e0230f149c4adb0b25b727889d3d56e540f00b40f7cfaf02ab470ec83ba86dd4fb5af89dcb33d52aaea7df35b7b6b9abfc887dc6b18bee149631a79830c75b14d9489fb7f56166345418809c5b1de4f4bbeda9d1f736c52a6acc6932dbd45470cd0899415c363986c2b7498f7595113bec0543e35c74e1bbaef999ba5193434fde5b6fd714fad76fdc5cd099f7c74cd201eca14b570bf0d7c847e1ec2a865887859ea715daec5a53948815474949ada0bab4924c1228f7405d03b5a8117d5354eb95b52550ac8d22343e0a11275d40863cbe2fd78d3e378ad8dc72bf0611c6971f584a666a3901ea9036abb8b685fd6203367ac4eeae1ce6b856cd20797768b35040c9e76d53c3b994e4ec9e0717743a89b4000a83389f9cfb0e91516f171e7958087e2ea2563e8372b4cbd5ce6a49a18b2eac4a913b6802b3f05194285e005cda901e89b85bdf22e3b4fef66414fd5630525b83a01871cafbf6de44f3e55713bf97c21433ea06a72cd88a5cbebae2e10c8f98c6aa87333fc3bf1f9d4b983c4509ea36f7b5af977fafea64ffbda2d88663ce0ce8b8280f0cfb5668a937fb95186618180526996c7d4da1c71c00f364a58afafbd19d89e1e654dde8f9c651a2172d547524eb6400f1fa3e3aec91d7711264f9765d4d756faadce336315a24f2b99cf81c0714d13be173aa7a2b40e844579905886db672cecd9574f6b31b59ee32a2c7b177c6f38b4d87baea863b49c060bf1ad83b5ff1cb1306f9656b4bc115b088967e071808de8ef15f4c2f71ab4d6801cbdaae2f84570f9d1a2b6ce093cba2e018d6eeeae790292cbbc0ac60e75620face8ec451fcf3b95c7d89509a394edd794f66f7de7b139782237f6b725ada9813bae8b9e3d2ecb1ee3b90b5f52c8fee4c051d640a8fb1e1e7a2f4d743f53428dd77b0e883a3c42db1577295b708b7b1cf0376024a1e5c63157be2c3c71ce050f61fea1f3bebc3d749b6d4a2e0657421ae244c4817c710a49dae6d5e9ed79d9e2c7137d1a9dd1fbffb83f89c8fd5174f6dd4d09b4824d54bf7ad7d2e08970704a63e43731315a8f429558694b1a96fc9f6301b534a10d66345babc400cb90aa8f74513d3a0ce33d8413d62fc039e9ebc06744038e7ed13ff41111a9cb89c57427ea87e0b454f83a76b741e523148325cb05c3244d7316ef73638c2e1f2ee05cee95addc58cf7de587fe9ec3a23d99aa661c4b5ec1815b6989e491b80780e63d8917949fa307e180e962374de7290c4229091d99b1022566f66ba016f204ece0b0ce84fbe9f728265d239371d2554421ec8fbf1693462c6a7d2a04de6bab46ef8042a87261acbe95869e3b0e6b91e309fe8c8342df94292e0afc403935dd35670a136fae6df4b06d463bd3ba8e6cb2c97885378fd81314ccf9a5073a63f585b7b1d6abd88b35721d0926056b5299dbf6d1cbe436a0c8f82f6a5e0719798165efac4e201b8ed3bf72b413ea472a1aec037fd7c6a0f47b1c02e168c29f4c384a103a58cc18dae4787f0e2874264b1bb45e44a8abf92dc71310751d59f6f3a85afdb6248c9f8b7a5ff046c3cfbde4be120a896aac2a4b9084556136a602773e43a49c13a0005dde328cd8203a467518dcefc7f0f8062030efd096de242f689cff8d5fe7b30091f7721e3799216f1f2ebf1ae23e3c73aa63f9baf2192e597f47b754ced47b04366381c23256c00d81ff991d8377b1265a12e537b7bd94f333183a6444ac18217f0d5f4712c408a08bfedb19275ce9af566813cee8758848f9e2ae40a1f393c0c91455f0e171ce63abef71a2a7e936d07a70fca474c85341dd209e", 0x1000}, {&(0x7f0000003640)="6cd7f55c056dcad7a93620d0c37fd1f013a198ffdd094c9ae8d335a4f3cfcb9354e13dc5761bbb20f18a9d9dad41ed8761819b283838f9e6fb54b0bc8cfec229e0dd2a885755a5ce87a5118aa5f960b8dac04098e0944bf288cf897468a17edaa8e6362fce09693765673b612a040ce0162e7e2e1e279de9c906cf3a8d03d94fd1ac5b196a6588d7c44844ecc1cb93220b0073a7e6e582c4c8409d008aaeb08f1a9442274881b890ddd09618f11d7119323d8692cd0aa7c40ec78e673d23351717542e3b93cf99ef0b7c1c3f5b646d61", 0xd0}, {&(0x7f0000003740)="a47456b2b2dafaa578de8ce7ac57d3a67f8f70f27be75a9d3e049acf610a2706f67fd3", 0x23}], 0x3, &(0x7f00000037c0)=ANY=[@ANYBLOB="08010000000000001701000002000095f1000000def1e4505b987c38068242abd6bed3c1299d77db124b6c1f8b10690b11de145538ce93409f8196486d24442054773fe86e6c5403222cf4529270c0c35b558023555e189960edb70e45425fff524dee8bb25dc9a66080a623b7c1b4ade801267679514881d36893000b95a73539b2ea7577e879457b9c625332af712bd6b29f8672655cd8f9f113f7ad2d4f121015228398d1ac8548fe736e29e083e2cdb8f09ee977f01fc1977ad3972da95182acfeb00a13185dba6625c77d03005f92550fda06003111198f1cb81ea52be20a83df6a5705142d1e37841d0c29aebd1e73181ccdba4b2162d7c195c3acf0d422fa296493000000"], 0x108, 0x10}, {0x0, 0x0, &(0x7f0000003940)=[{&(0x7f0000003900)="d566a15593d26f4a66418a87b8b229dbf3d039a80f62699577b5aa626fbd3fd7", 0x20}], 0x1, &(0x7f0000003980)=[@assoc={0x18, 0x117, 0x4, 0x6}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x8000}], 0x48, 0x80}], 0x3, 0x20048084)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="440000001000090600000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a7ffa888000000001c00128009000100766c616e000000000c000280060001000100000008000500", @ANYRES32=r6], 0x44}}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$inet_sctp(r10, &(0x7f00000000c0)={&(0x7f00000001c0)=@in={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000180)="951756", 0x3}], 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="300000000021ea55c200000001000000f7ff000008000000ff0f0000d3ffa6bd9a463c20a4170531a4a5f2fdbd4281bb83eb8f7cdf7298b86dc300"/76, @ANYRES32=0x0], 0x30, 0x2004a000}, 0x4000000)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r11, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r12 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', <r13=>0x0})
sendto$packet(r12, 0x0, 0x0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r13, 0x1, 0x0, 0x6, @multicast}, 0x14)
socket(0x6, 0xa, 0xa)

137.825805ms ago: executing program 2 (id=6323):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \"\x00\x00\x00\x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x4000880}, 0x40891)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r2)
write(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000005d00)={0x18, 0x2f, 0x1, 0x0, 0x25dfdbfc, "", [@typed={0x8, 0x115, 0x0, 0x0, @u32=0x7}]}, 0x18}], 0x1, 0x0, 0x0, 0x20040000}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x20040000)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r5, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000780)}}], 0x1, 0x2, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
splice(r5, 0x0, r4, 0x0, 0x7d, 0x8)

81.440951ms ago: executing program 4 (id=6324):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000005000000730188000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)

0s ago: executing program 4 (id=6325):
r0 = socket(0x2a, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x4000, 0x4, 0x200, 0x3, 0x8, 0x0, 0x10000000, 0x4, <r1=>0x0}, &(0x7f0000000040)=0x20)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={r1, 0x0, &(0x7f0000000080)}, &(0x7f0000000100)=0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r3}, 0x8)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$FIOCLEX(r5, 0x5451)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="4401000010000100fefffffffddbdf25fe8800051a0000000000000000000001fc010000000000000000000000000001000107144e230005000000803c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff000000000000000000000000000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0200000000000000ffffffffffffffff2a000000000000001f00000000000000b80700000000000002000000fcffffffbcfbffff2abd700000000000020001002000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015005b07350008000000"], 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0x6c}}, 0x0)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x22, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000}, 0x94)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0x2c, 0x2c, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xf, 0xc}, {}, {0x1c, 0xfff2}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xf7}}]}, 0x84}, 0x1, 0x0, 0x0, 0x41bd31d4576420eb}, 0x8851)
r10 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff0000000071100900000000009500000000000000"], &(0x7f0000000480)='GPL\x00'}, 0x80)
sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000240)={0x7, &(0x7f0000000200)=[{0x0, 0x3, 0x80, 0xf}, {0x5, 0xb0, 0x4, 0x1}, {0x3, 0x2, 0x3, 0x8000}, {0x7, 0xf, 0x8, 0x723dde45}, {0x400, 0xfa, 0x3, 0x1}, {0x3, 0xe5, 0x4, 0x7fff}, {0x2, 0x2, 0x1, 0x527bc1ad}]}, 0x10)

kernel console output (not intermixed with test programs):

oop+0x40/0x90
[  810.962557][T27601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.962577][T27601] RIP: 0033:0x7fe3ce59ce59
[  810.962597][T27601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  810.962614][T27601] RSP: 002b:00007fe3cf378028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  810.962636][T27601] RAX: ffffffffffffffda RBX: 00007fe3ce815fa0 RCX: 00007fe3ce59ce59
[  810.962652][T27601] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004
[  810.962664][T27601] RBP: 00007fe3cf378090 R08: 00002000000000c0 R09: 0000000000000000
[  810.962678][T27601] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  810.962691][T27601] R13: 00007fe3ce816038 R14: 00007fe3ce815fa0 R15: 00007fff1f97e1a8
[  810.962732][T27601]  </TASK>
[  811.602668][T27628] xt_hashlimit: size too large, truncated to 1048576
[  811.627959][T27630] netlink: 244 bytes leftover after parsing attributes in process `syz.4.5434'.
[  811.690997][T27635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5434'.
[  812.193085][T27644] hsr_slave_0: left promiscuous mode
[  812.208741][T27644] hsr_slave_1: left promiscuous mode
[  812.366917][T27649] lo speed is unknown, defaulting to 1000
[  812.382566][T27653] FAULT_INJECTION: forcing a failure.
[  812.382566][T27653] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  812.396745][T27653] CPU: 1 UID: 0 PID: 27653 Comm: syz.1.5440 Not tainted syzkaller #0 PREEMPT(full) 
[  812.396769][T27653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  812.396781][T27653] Call Trace:
[  812.396789][T27653]  <TASK>
[  812.396796][T27653]  dump_stack_lvl+0xe8/0x150
[  812.396822][T27653]  should_fail_ex+0x412/0x560
[  812.396846][T27653]  _copy_from_user+0x2d/0xb0
[  812.396869][T27653]  sctp_getsockopt_local_addrs+0x116/0xf10
[  812.397020][T27653]  ? do_user_addr_fault+0xc6f/0x1340
[  812.397048][T27653]  ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10
[  812.397073][T27653]  ? do_raw_spin_lock+0x12b/0x2f0
[  812.397099][T27653]  ? lock_sock_nested+0x6a/0x100
[  812.397126][T27653]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  812.397159][T27653]  ? __local_bh_enable_ip+0xd0/0x130
[  812.397181][T27653]  sctp_getsockopt+0x68f/0xb90
[  812.397199][T27653]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  812.397224][T27653]  do_sock_getsockopt+0x51d/0x7e0
[  812.397252][T27653]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  812.397284][T27653]  ? __fget_files+0x3a0/0x420
[  812.397305][T27653]  ? __fget_files+0x2a/0x420
[  812.397332][T27653]  __x64_sys_getsockopt+0x1a4/0x240
[  812.397356][T27653]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.397375][T27653]  do_syscall_64+0x174/0x580
[  812.397392][T27653]  ? trace_irq_disable+0x3b/0x140
[  812.397417][T27653]  ? clear_bhb_loop+0x40/0x90
[  812.397438][T27653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.397455][T27653] RIP: 0033:0x7f461ed9ce59
[  812.397471][T27653] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  812.397486][T27653] RSP: 002b:00007f461fbea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  812.397505][T27653] RAX: ffffffffffffffda RBX: 00007f461f015fa0 RCX: 00007f461ed9ce59
[  812.397517][T27653] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004
[  812.397527][T27653] RBP: 00007f461fbea090 R08: 00002000000000c0 R09: 0000000000000000
[  812.397547][T27653] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  812.397558][T27653] R13: 00007f461f016038 R14: 00007f461f015fa0 R15: 00007ffd9af7d538
[  812.397587][T27653]  </TASK>
[  813.077027][T27677] netlink: 'syz.3.5446': attribute type 10 has an invalid length.
[  813.091471][T27675] netlink: 'syz.3.5446': attribute type 10 has an invalid length.
[  813.139818][T27677] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  813.922969][T27719] __nla_validate_parse: 3 callbacks suppressed
[  813.922990][T27719] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5454'.
[  814.034494][T27715] debugfs: '1��^!�Y������
[  814.034494][T27715] 3�UH�5r�Bn���\' already exists in 'ieee80211'
[  814.612504][T27743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5462'.
[  815.318230][T27752] netlink: 'syz.3.5465': attribute type 27 has an invalid length.
[  815.379897][T27752] netlink: 'syz.3.5465': attribute type 4 has an invalid length.
[  815.409156][T27757] FAULT_INJECTION: forcing a failure.
[  815.409156][T27757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  815.420679][T27752] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5465'.
[  815.429260][T27755] netlink: 112 bytes leftover after parsing attributes in process `syz.0.5467'.
[  815.452454][T27757] CPU: 0 UID: 0 PID: 27757 Comm: syz.2.5466 Not tainted syzkaller #0 PREEMPT(full) 
[  815.452485][T27757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  815.452498][T27757] Call Trace:
[  815.452507][T27757]  <TASK>
[  815.452516][T27757]  dump_stack_lvl+0xe8/0x150
[  815.452548][T27757]  should_fail_ex+0x412/0x560
[  815.452578][T27757]  _copy_to_user+0x31/0xb0
[  815.452608][T27757]  sctp_getsockopt_local_addrs+0xd27/0xf10
[  815.452644][T27757]  ? do_user_addr_fault+0xc6f/0x1340
[  815.452678][T27757]  ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10
[  815.452708][T27757]  ? do_raw_spin_lock+0x12b/0x2f0
[  815.452735][T27757]  ? lock_sock_nested+0x6a/0x100
[  815.452768][T27757]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  815.452810][T27757]  ? __local_bh_enable_ip+0xd0/0x130
[  815.452838][T27757]  sctp_getsockopt+0x68f/0xb90
[  815.452862][T27757]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  815.452892][T27757]  do_sock_getsockopt+0x51d/0x7e0
[  815.452923][T27757]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  815.452980][T27757]  ? __fget_files+0x3a0/0x420
[  815.453007][T27757]  ? __fget_files+0x2a/0x420
[  815.453041][T27757]  __x64_sys_getsockopt+0x1a4/0x240
[  815.453072][T27757]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.453095][T27757]  do_syscall_64+0x174/0x580
[  815.453116][T27757]  ? trace_irq_disable+0x3b/0x140
[  815.453146][T27757]  ? clear_bhb_loop+0x40/0x90
[  815.453172][T27757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.453192][T27757] RIP: 0033:0x7fe3ce59ce59
[  815.453212][T27757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  815.453228][T27757] RSP: 002b:00007fe3cf378028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  815.453250][T27757] RAX: ffffffffffffffda RBX: 00007fe3ce815fa0 RCX: 00007fe3ce59ce59
[  815.453264][T27757] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004
[  815.453276][T27757] RBP: 00007fe3cf378090 R08: 00002000000000c0 R09: 0000000000000000
[  815.453290][T27757] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  815.453303][T27757] R13: 00007fe3ce816038 R14: 00007fe3ce815fa0 R15: 00007fff1f97e1a8
[  815.453340][T27757]  </TASK>
[  815.797784][T27764] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5470'.
[  815.925138][T27769] ip6tnl0: Caught tx_queue_len zero misconfig
[  815.938917][T27769] netlink: 748 bytes leftover after parsing attributes in process `syz.0.5471'.
[  816.064063][T27775] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5473'.
[  816.084184][T27775] x_tables: arp_tables: NFQUEUE target: not valid for this family
[  816.118759][T27778] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  816.358933][T27778] syzkaller0: entered promiscuous mode
[  816.375687][T27778] syzkaller0: entered allmulticast mode
[  816.590854][T27798] FAULT_INJECTION: forcing a failure.
[  816.590854][T27798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  816.626743][T27798] CPU: 1 UID: 0 PID: 27798 Comm: syz.2.5479 Not tainted syzkaller #0 PREEMPT(full) 
[  816.626773][T27798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  816.626786][T27798] Call Trace:
[  816.626796][T27798]  <TASK>
[  816.626805][T27798]  dump_stack_lvl+0xe8/0x150
[  816.626837][T27798]  should_fail_ex+0x412/0x560
[  816.626866][T27798]  _copy_to_user+0x31/0xb0
[  816.626896][T27798]  simple_read_from_buffer+0xe1/0x170
[  816.626929][T27798]  proc_fail_nth_read+0x1bb/0x230
[  816.626964][T27798]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  816.626996][T27798]  ? rw_verify_area+0x2a6/0x4d0
[  816.627026][T27798]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  816.627056][T27798]  vfs_read+0x20c/0xa70
[  816.627092][T27798]  ? __pfx___mutex_lock+0x10/0x10
[  816.627118][T27798]  ? __pfx_vfs_read+0x10/0x10
[  816.627149][T27798]  ? __fget_files+0x2a/0x420
[  816.627179][T27798]  ? __fget_files+0x3a0/0x420
[  816.627205][T27798]  ? __fget_files+0x2a/0x420
[  816.627241][T27798]  ksys_read+0x150/0x270
[  816.627280][T27798]  ? __pfx_ksys_read+0x10/0x10
[  816.627307][T27798]  ? fput+0xa0/0xd0
[  816.627339][T27798]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.627370][T27798]  do_syscall_64+0x174/0x580
[  816.627392][T27798]  ? trace_irq_disable+0x3b/0x140
[  816.627424][T27798]  ? clear_bhb_loop+0x40/0x90
[  816.627450][T27798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.627472][T27798] RIP: 0033:0x7fe3ce55d68e
[  816.627492][T27798] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  816.627510][T27798] RSP: 002b:00007fe3cf377fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  816.627532][T27798] RAX: ffffffffffffffda RBX: 00007fe3cf3786c0 RCX: 00007fe3ce55d68e
[  816.627547][T27798] RDX: 000000000000000f RSI: 00007fe3cf3780a0 RDI: 0000000000000005
[  816.627561][T27798] RBP: 00007fe3cf378090 R08: 0000000000000000 R09: 0000000000000000
[  816.627574][T27798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  816.627587][T27798] R13: 00007fe3ce816038 R14: 00007fe3ce815fa0 R15: 00007fff1f97e1a8
[  816.627623][T27798]  </TASK>
[  839.429572][T27809] netlink: 84 bytes leftover after parsing attributes in process `syz.2.5482'.
[  839.477877][T27816] netlink: 200 bytes leftover after parsing attributes in process `syz.4.5484'.
[  839.629781][T27824] netlink: 'syz.3.5483': attribute type 22 has an invalid length.
[  839.655223][T27824] bond0: option ad_select: unable to set because the bond device is up
[  840.189023][T27841] netlink: 'syz.3.5489': attribute type 4 has an invalid length.
[  840.297958][T27841] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.5489'.
[  840.470164][T27871] x_tables: duplicate underflow at hook 2
[  840.670861][T27877] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5494'.
[  840.944399][T27889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5497'.
[  841.079580][T27901] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5499'.
[  841.096415][T27908] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5501'.
[  841.108964][T27908] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5501'.
[  841.127134][T27909] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5499'.
[  841.882433][T27939] netlink: 'syz.3.5509': attribute type 1 has an invalid length.
[  842.365377][T27963] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  842.398104][T27966] veth0: entered promiscuous mode
[  842.428802][T27966] bond0: entered promiscuous mode
[  842.451912][T27966] dummy0: entered promiscuous mode
[  842.524968][T27968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5517'.
[  842.565351][T27968] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  842.622151][T27968] ip6tnl1: entered allmulticast mode
[  843.170872][T27957] bond0: left promiscuous mode
[  843.231758][T27957] dummy0: left promiscuous mode
[  843.242920][T27957] veth0: left promiscuous mode
[  843.305071][T28010] lo speed is unknown, defaulting to 1000
[  843.332055][T28013] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  843.587066][ T1164] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  843.611452][ T1164] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  843.622292][   T24] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  843.642493][T28021] erspan0: entered promiscuous mode
[  843.653334][T28021] erspan0: left promiscuous mode
[  844.075710][T28044] netlink: 'syz.3.5533': attribute type 15 has an invalid length.
[  844.107147][   T24] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  844.186376][   T24] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  844.281247][T28056] netlink: 'syz.2.5536': attribute type 1 has an invalid length.
[  844.357036][T28056] bond9: entered promiscuous mode
[  844.367395][T28056] 8021q: adding VLAN 0 to HW filter on device bond9
[  844.470318][T28067] netlink: 'syz.0.5538': attribute type 4 has an invalid length.
[  844.505995][T28062] bond9: (slave bridge10): making interface the new active one
[  844.550279][T28062] bridge10: entered promiscuous mode
[  844.557489][T28073] netlink: 'syz.0.5538': attribute type 4 has an invalid length.
[  844.587917][T28062] bond9: (slave bridge10): Enslaving as an active interface with an up link
[  844.794982][T28060] lo speed is unknown, defaulting to 1000
[  845.394218][T28112] __nla_validate_parse: 8 callbacks suppressed
[  845.394252][T28112] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5546'.
[  845.607955][T28107] lo speed is unknown, defaulting to 1000
[  846.098259][T28125] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5549'.
[  847.091899][T28142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5554'.
[  847.404150][T28142] netlink: 36764 bytes leftover after parsing attributes in process `syz.2.5554'.
[  847.506206][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  847.705409][T28154] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5556'.
[  847.726495][T28153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5556'.
[  848.053366][T28161] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.5557'.
[  848.120202][T28161] netlink: ct family unspecified
[  848.136848][T28168] netlink: 43 bytes leftover after parsing attributes in process `syz.0.5559'.
[  848.317559][T28172] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5561'.
[  848.343491][T28172] syzkaller0: entered promiscuous mode
[  848.352669][T28172] syzkaller0: entered allmulticast mode
[  848.403587][T28177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5563'.
[  849.058585][T28204] batadv0: Caught tx_queue_len zero misconfig
[  849.508962][T28218] lo speed is unknown, defaulting to 1000
[  849.844229][T28241] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  849.929167][T28247] x_tables: duplicate underflow at hook 1
[  850.053279][T28254] geneve5: entered promiscuous mode
[  850.081703][T28254] geneve5: entered allmulticast mode
[  850.097595][T28255] openvswitch: netlink: Message has 28 unknown bytes.
[  850.457343][T28272] __nla_validate_parse: 6 callbacks suppressed
[  850.457360][T28272] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5592'.
[  850.963322][T28291] netlink: 'syz.1.5598': attribute type 4 has an invalid length.
[  851.019075][T28291] netlink: 'syz.1.5598': attribute type 4 has an invalid length.
[  851.389992][T28303] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5602'.
[  851.544719][T28305] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5603'.
[  851.576975][T28310] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5605'.
[  851.619211][T28310] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5605'.
[  851.633535][T28305] ip6tnl2: entered allmulticast mode
[  851.644141][T28312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5606'.
[  851.659997][T28310] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5605'.
[  851.683459][T28307] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  851.703266][T28307] syzkaller0: entered promiscuous mode
[  851.712459][T28307] syzkaller0: entered allmulticast mode
[  851.740326][T28317] pimreg: entered allmulticast mode
[  851.808719][T28317] pimreg: left allmulticast mode
[  851.909013][T28320] bridge0: entered allmulticast mode
[  851.932366][T28307] tipc: Resetting bearer <eth:syzkaller0>
[  851.977254][T28306] tipc: Resetting bearer <eth:syzkaller0>
[  852.107583][T28306] tipc: Disabling bearer <eth:syzkaller0>
[  852.138475][T28338] netlink: 'syz.1.5611': attribute type 1 has an invalid length.
[  852.159458][T28338] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5611'.
[  852.442329][T28309] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5604'.
[  852.650280][T28368] syzkaller0: entered promiscuous mode
[  852.674188][T28368] syzkaller0: entered allmulticast mode
[  852.735727][T28372] IPVS: set_ctl: invalid protocol: 98 10.1.1.1:20001
[  853.031583][T28395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5624'.
[  854.532099][T28309] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  854.912476][T28417] xt_hashlimit: size too large, truncated to 1048576
[  855.060045][T28425] openvswitch: netlink: IPv4 frag type 127 is out of range max 2
[  855.109185][T28432] netlink: 'syz.3.5635': attribute type 1 has an invalid length.
[  855.138942][T28422] xt_hashlimit: size too large, truncated to 1048576
[  855.169926][T28422] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  855.425787][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  855.487376][T28438] bond10: (slave gretap2): making interface the new active one
[  855.530939][T28438] bond10: (slave gretap2): Enslaving as an active interface with an up link
[  855.649076][T28439] bond10: (slave bridge4): Enslaving as an active interface with a down link
[  855.719914][T28447] macvlan3: entered promiscuous mode
[  855.737055][T28447] macvlan3: entered allmulticast mode
[  855.767471][T28447] bond10: entered promiscuous mode
[  855.793333][T28447] gretap2: entered promiscuous mode
[  855.811540][T28447] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  855.826992][T28447] bond10: (slave macvlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  855.850678][T28447] bond10: left promiscuous mode
[  855.856705][T28447] gretap2: left promiscuous mode
[  856.174353][T28469] syzkaller0: entered promiscuous mode
[  856.198703][T28469] syzkaller0: entered allmulticast mode
[  856.253233][T28473] netlink: 'syz.4.5644': attribute type 6 has an invalid length.
[  856.337522][T28481] __nla_validate_parse: 1 callbacks suppressed
[  856.337545][T28481] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5643'.
[  856.392678][T28483] --map-set only usable from mangle table
[  856.402484][T28485] --map-set only usable from mangle table
[  870.786052][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  871.096388][T28496] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5652'.
[  871.534913][T28501] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5650'.
[  871.588726][T28509] lo speed is unknown, defaulting to 1000
[  871.978652][T28529] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:20001
[  872.004797][T28530] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5658'.
[  872.380852][T28541] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  872.481279][T28548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5662'.
[  872.567143][T28545] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5661'.
[  872.579800][T28548] vlan2: entered promiscuous mode
[  872.590852][T28548] gretap0: entered promiscuous mode
[  872.949913][T28564] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303
[  873.520213][T28568] lo speed is unknown, defaulting to 1000
[  873.529118][T28577] tunl0: Caught tx_queue_len zero misconfig
[  873.812061][T28587] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  874.042030][T28594] netlink: 196 bytes leftover after parsing attributes in process `syz.0.5670'.
[  874.320969][T28611] netlink: 176 bytes leftover after parsing attributes in process `syz.4.5672'.
[  874.549965][T28616] veth1: entered promiscuous mode
[  874.570905][T28616] macsec0: entered promiscuous mode
[  874.593507][T28616] macsec0: entered allmulticast mode
[  874.608947][T28616] veth1: entered allmulticast mode
[  874.624764][T28616] veth1: left allmulticast mode
[  874.636461][T28616] veth1: left promiscuous mode
[  874.783166][T28593] lo speed is unknown, defaulting to 1000
[  874.880658][   T30] audit: type=1107 audit(1780572158.027:19): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  874.906843][   T30] audit: type=1107 audit(1780572158.047:20): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  874.921930][   T30] audit: type=1107 audit(1780572158.047:21): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  874.934966][   T30] audit: type=1107 audit(1780572158.047:22): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  874.967590][   T30] audit: type=1107 audit(1780572158.047:23): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  874.983303][   T30] audit: type=1107 audit(1780572158.047:24): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  874.999645][   T30] audit: type=1107 audit(1780572158.047:25): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  875.014162][   T30] audit: type=1107 audit(1780572158.047:26): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  875.027898][   T30] audit: type=1107 audit(1780572158.047:27): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  875.042858][   T30] audit: type=1107 audit(1780572158.047:28): pid=28622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�b�'
[  875.386570][T28636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5677'.
[  875.612544][T28644] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5680'.
[  875.796575][T28652] netlink: 'syz.2.5683': attribute type 1 has an invalid length.
[  876.883356][T28666] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  876.983294][T28663] bond11 (unregistering): Released all slaves
[  877.114526][T28678] xt_l2tp: invalid flags combination: 8
[  877.299009][T28678] netlink: 802 bytes leftover after parsing attributes in process `syz.0.5690'.
[  877.500141][T28692] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5695'.
[  877.735281][T28704] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5697'.
[  877.771819][T28704] netlink: 'syz.2.5697': attribute type 2 has an invalid length.
[  877.921886][T28716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5701'.
[  878.000377][T28716] veth17: entered allmulticast mode
[  878.017513][T28716] bond11: (slave veth17): Enslaving as an active interface with an up link
[  878.160188][T28723] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  878.170236][T28719] lo speed is unknown, defaulting to 1000
[  878.258925][T28722] syzkaller0: entered promiscuous mode
[  878.264659][T28722] syzkaller0: entered allmulticast mode
[  878.271728][T28722] tipc: Resetting bearer <eth:syzkaller0>
[  878.317941][T28722] tipc: Resetting bearer <eth:syzkaller0>
[  881.941264][T28722] tipc: Disabling bearer <eth:syzkaller0>
[  882.213929][T28755] netlink: 'syz.0.5710': attribute type 2 has an invalid length.
[  882.356521][T28761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5712'.
[  883.091216][T28792] veth0_virt_wifi: Caught tx_queue_len zero misconfig
[  883.290789][T28803] netlink: 'syz.4.5726': attribute type 21 has an invalid length.
[  883.328566][T28803] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5726'.
[  883.641038][T28825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5734'.
[  883.674522][T28825] netlink: 'syz.2.5734': attribute type 8 has an invalid length.
[  883.783580][T28831] sctp: [Deprecated]: syz.3.5736 (pid 28831) Use of int in maxseg socket option.
[  883.783580][T28831] Use struct sctp_assoc_value instead
[  883.898094][T28833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5735'.
[  884.134597][T28850] netlink: 'syz.2.5741': attribute type 1 has an invalid length.
[  884.259580][T28859] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5742'.
[  884.375919][T28850] 8021q: adding VLAN 0 to HW filter on device bond10
[  884.440202][T28861] vlan2: entered allmulticast mode
[  884.446892][T28861] bond10: entered allmulticast mode
[  884.923225][T28891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5748'.
[  884.932677][T28891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5748'.
[  885.018408][T28895] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  885.172909][T28901] FAULT_INJECTION: forcing a failure.
[  885.172909][T28901] name failslab, interval 1, probability 0, space 0, times 0
[  885.190774][T28901] CPU: 0 UID: 0 PID: 28901 Comm: syz.0.5752 Not tainted syzkaller #0 PREEMPT(full) 
[  885.190802][T28901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  885.190816][T28901] Call Trace:
[  885.190826][T28901]  <TASK>
[  885.190834][T28901]  dump_stack_lvl+0xe8/0x150
[  885.190863][T28901]  should_fail_ex+0x412/0x560
[  885.190891][T28901]  should_failslab+0xa8/0x100
[  885.190914][T28901]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  885.190944][T28901]  ? __alloc_skb+0x186/0x7d0
[  885.190965][T28901]  ? __alloc_skb+0x1d0/0x7d0
[  885.190982][T28901]  ? __local_bh_enable_ip+0xd0/0x130
[  885.191009][T28901]  __alloc_skb+0x1d0/0x7d0
[  885.191036][T28901]  alloc_skb_with_frags+0xc8/0x760
[  885.191158][T28901]  sock_alloc_send_pskb+0x878/0x990
[  885.191196][T28901]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  885.191215][T28901]  ? kasan_quarantine_put+0xbb/0x1f0
[  885.191239][T28901]  ? lockdep_hardirqs_on+0x7a/0x110
[  885.191262][T28901]  ? unix_dgram_sendmsg+0x57c/0x18d0
[  885.191332][T28901]  ? kmem_cache_free+0x182/0x650
[  885.191358][T28901]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  885.191388][T28901]  unix_dgram_sendmsg+0x460/0x18d0
[  885.191418][T28901]  ? __lock_acquire+0x6b5/0x2cf0
[  885.191446][T28901]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  885.191471][T28901]  ? aa_sock_msg_perm+0xda/0x1b0
[  885.191500][T28901]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[  885.191545][T28901]  ____sys_sendmsg+0x972/0x9f0
[  885.191564][T28901]  ? __might_fault+0xaf/0x130
[  885.191592][T28901]  ? __pfx_____sys_sendmsg+0x10/0x10
[  885.191619][T28901]  ? import_iovec+0x73/0xa0
[  885.191645][T28901]  ___sys_sendmsg+0x2a5/0x360
[  885.191664][T28901]  ? __lock_acquire+0x6b5/0x2cf0
[  885.191685][T28901]  ? __pfx____sys_sendmsg+0x10/0x10
[  885.191702][T28901]  ? __lock_acquire+0x6b5/0x2cf0
[  885.191724][T28901]  ? kstrtouint+0x6e/0xe0
[  885.191784][T28901]  __sys_sendmmsg+0x27c/0x4e0
[  885.191808][T28901]  ? __pfx___sys_sendmmsg+0x10/0x10
[  885.191826][T28901]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  885.191867][T28901]  ? ksys_write+0x242/0x270
[  885.191894][T28901]  ? __pfx_ksys_write+0x10/0x10
[  885.191924][T28901]  __x64_sys_sendmmsg+0xa0/0xc0
[  885.191944][T28901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.191961][T28901]  do_syscall_64+0x174/0x580
[  885.191979][T28901]  ? trace_irq_disable+0x3b/0x140
[  885.192005][T28901]  ? clear_bhb_loop+0x40/0x90
[  885.192025][T28901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.192045][T28901] RIP: 0033:0x7f8faab9ce59
[  885.192062][T28901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  885.192076][T28901] RSP: 002b:00007f8fa8df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  885.192094][T28901] RAX: ffffffffffffffda RBX: 00007f8faae15fa0 RCX: 00007f8faab9ce59
[  885.192107][T28901] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  885.192118][T28901] RBP: 00007f8fa8df6090 R08: 0000000000000000 R09: 0000000000000000
[  885.192134][T28901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  885.192144][T28901] R13: 00007f8faae16038 R14: 00007f8faae15fa0 R15: 00007fff6899eb88
[  885.192172][T28901]  </TASK>
[  885.550854][T28904] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5754'.
[  885.637750][T28913] netlink: 'syz.1.5757': attribute type 61 has an invalid length.
[  886.200889][T28942] netlink: 242 bytes leftover after parsing attributes in process `syz.2.5764'.
[  886.226602][T28946] FAULT_INJECTION: forcing a failure.
[  886.226602][T28946] name failslab, interval 1, probability 0, space 0, times 0
[  886.250643][T28946] CPU: 1 UID: 0 PID: 28946 Comm: syz.3.5766 Not tainted syzkaller #0 PREEMPT(full) 
[  886.250672][T28946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  886.250686][T28946] Call Trace:
[  886.250696][T28946]  <TASK>
[  886.250705][T28946]  dump_stack_lvl+0xe8/0x150
[  886.250735][T28946]  should_fail_ex+0x412/0x560
[  886.250764][T28946]  should_failslab+0xa8/0x100
[  886.250789][T28946]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  886.250819][T28946]  ? __alloc_skb+0x186/0x7d0
[  886.250838][T28946]  ? __alloc_skb+0x1d0/0x7d0
[  886.250855][T28946]  ? __local_bh_enable_ip+0xd0/0x130
[  886.250882][T28946]  __alloc_skb+0x1d0/0x7d0
[  886.250908][T28946]  alloc_skb_with_frags+0xc8/0x760
[  886.250945][T28946]  sock_alloc_send_pskb+0x878/0x990
[  886.250993][T28946]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  886.251017][T28946]  ? kasan_quarantine_put+0xbb/0x1f0
[  886.251047][T28946]  ? lockdep_hardirqs_on+0x7a/0x110
[  886.251075][T28946]  ? unix_dgram_sendmsg+0x57c/0x18d0
[  886.251098][T28946]  ? kmem_cache_free+0x182/0x650
[  886.251175][T28946]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  886.251209][T28946]  unix_dgram_sendmsg+0x460/0x18d0
[  886.251246][T28946]  ? __lock_acquire+0x6b5/0x2cf0
[  886.251280][T28946]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  886.251311][T28946]  ? aa_sock_msg_perm+0xda/0x1b0
[  886.251343][T28946]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[  886.251372][T28946]  ____sys_sendmsg+0x972/0x9f0
[  886.251396][T28946]  ? __might_fault+0xaf/0x130
[  886.251429][T28946]  ? __pfx_____sys_sendmsg+0x10/0x10
[  886.251463][T28946]  ? import_iovec+0x73/0xa0
[  886.251492][T28946]  ___sys_sendmsg+0x2a5/0x360
[  886.251514][T28946]  ? __lock_acquire+0x6b5/0x2cf0
[  886.251540][T28946]  ? __pfx____sys_sendmsg+0x10/0x10
[  886.251561][T28946]  ? __lock_acquire+0x6b5/0x2cf0
[  886.251588][T28946]  ? kstrtouint+0x6e/0xe0
[  886.251664][T28946]  __sys_sendmmsg+0x27c/0x4e0
[  886.251694][T28946]  ? __pfx___sys_sendmmsg+0x10/0x10
[  886.251716][T28946]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  886.251769][T28946]  ? ksys_write+0x242/0x270
[  886.251801][T28946]  ? __pfx_ksys_write+0x10/0x10
[  886.251838][T28946]  __x64_sys_sendmmsg+0xa0/0xc0
[  886.251862][T28946]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.251885][T28946]  do_syscall_64+0x174/0x580
[  886.251907][T28946]  ? trace_irq_disable+0x3b/0x140
[  886.251938][T28946]  ? clear_bhb_loop+0x40/0x90
[  886.251968][T28946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.251989][T28946] RIP: 0033:0x7f132699ce59
[  886.252010][T28946] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  886.252028][T28946] RSP: 002b:00007f13277c0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  886.252050][T28946] RAX: ffffffffffffffda RBX: 00007f1326c15fa0 RCX: 00007f132699ce59
[  886.252065][T28946] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  886.252079][T28946] RBP: 00007f13277c0090 R08: 0000000000000000 R09: 0000000000000000
[  886.252091][T28946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  886.252111][T28946] R13: 00007f1326c16038 R14: 00007f1326c15fa0 R15: 00007ffd2d4d8388
[  886.252147][T28946]  </TASK>
[  886.603418][T28952] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5767'.
[  886.617474][T28944] Set syz1 is full, maxelem 65536 reached
[  886.626220][T28952] netlink: 'syz.4.5767': attribute type 1 has an invalid length.
[  886.768233][T28952] 8021q: adding VLAN 0 to HW filter on device bond12
[  886.848151][T28959] netlink: 'syz.2.5769': attribute type 1 has an invalid length.
[  887.847191][T29010] lo speed is unknown, defaulting to 1000
[  888.861925][T29051] netlink: 'syz.4.5791': attribute type 16 has an invalid length.
[  888.891697][T29051] __nla_validate_parse: 5 callbacks suppressed
[  888.891717][T29051] netlink: 64138 bytes leftover after parsing attributes in process `syz.4.5791'.
[  888.943604][T29059] netlink: 'syz.4.5791': attribute type 16 has an invalid length.
[  888.986916][T29059] netlink: 64138 bytes leftover after parsing attributes in process `syz.4.5791'.
[  889.243658][T29068] netlink: 'syz.4.5796': attribute type 13 has an invalid length.
[  889.416767][T29068] netlink: 'syz.4.5796': attribute type 13 has an invalid length.
[  889.484097][T22472] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  889.512869][T22472] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  889.560436][T22472] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  889.618344][T22472] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  889.846930][T29090] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5800'.
[  889.880935][T29090] nbd: must specify at least one socket
[  889.897197][T29092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5801'.
[  890.480404][T29105] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5805'.
[  890.490725][T29107] netlink: 'syz.2.5806': attribute type 4 has an invalid length.
[  890.541842][T29107] netlink: 'syz.2.5806': attribute type 4 has an invalid length.
[  890.801887][T29121] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5809'.
[  890.859341][T29126] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5811'.
[  891.163841][T29142] dummy0: entered allmulticast mode
[  891.233430][T29141] dummy0: left allmulticast mode
[  891.896579][T29152] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5817'.
[  892.148728][T29157] netlink: 'syz.0.5820': attribute type 4 has an invalid length.
[  892.224707][T29157] netlink: 'syz.0.5820': attribute type 4 has an invalid length.
[  892.519832][T29173] netlink: 'syz.0.5822': attribute type 1 has an invalid length.
[  892.531522][T29173] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5822'.
[  892.550542][T29173] netlink: 'syz.0.5822': attribute type 9 has an invalid length.
[  892.560272][T29173] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5822'.
[  892.590856][T29172] syzkaller0: entered promiscuous mode
[  892.615713][T29172] syzkaller0: entered allmulticast mode
[  892.642054][T29172] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) !
[  892.854220][T29178] macvlan3: entered promiscuous mode
[  892.883190][T29178] macvlan3: entered allmulticast mode
[  892.910161][T29178] bond11: entered promiscuous mode
[  892.917364][T29178] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  892.932267][T29178] bond11: left promiscuous mode
[  893.002276][T29189] syz_tun: entered promiscuous mode
[  893.014131][T29189] vlan2: entered promiscuous mode
[  894.467759][T29252] gre0: left promiscuous mode
[  894.496451][T29252] gre0: left allmulticast mode
[  894.541363][T29252] geneve1: left promiscuous mode
[  894.560423][T29252] mac80211_hwsim hwsim40 wlan0: left promiscuous mode
[  894.594603][T29252] xfrm1: left allmulticast mode
[  894.602316][T29252] bridge4: left allmulticast mode
[  894.609348][T29252] bond5: left promiscuous mode
[  894.614447][T29252] bridge7: left promiscuous mode
[  894.622419][T29252] vlan1: left allmulticast mode
[  894.632725][T29252] bond0: left allmulticast mode
[  894.643540][T29252] bond_slave_0: left allmulticast mode
[  894.658219][T29252] bond_slave_1: left allmulticast mode
[  894.663909][T29252] geneve1: left allmulticast mode
[  894.670224][T29252] mac80211_hwsim hwsim40 wlan0: left allmulticast mode
[  894.679342][T29252] gtp1: left promiscuous mode
[  894.684231][T29252] gtp1: left allmulticast mode
[  894.690698][T29252] geneve2: left promiscuous mode
[  894.697318][T29252] bond6: left promiscuous mode
[  894.702306][T29252] veth9: left promiscuous mode
[  894.711980][T29252] geneve3: left promiscuous mode
[  894.718135][T29252] geneve3: left allmulticast mode
[  894.723698][T29252] bond7: left promiscuous mode
[  894.730207][T29252] erspan1: left promiscuous mode
[  894.736188][T29252] bond7: left allmulticast mode
[  894.741568][T29252] erspan1: left allmulticast mode
[  894.748834][T29252] bond8: left promiscuous mode
[  894.769781][T29252] bond9: left promiscuous mode
[  894.774860][T29252] bridge10: left promiscuous mode
[  894.802697][T29252] vlan2: left allmulticast mode
[  894.809010][T29252] bond10: left allmulticast mode
[  894.954391][T29264] lo speed is unknown, defaulting to 1000
[  895.255170][T29277] __nla_validate_parse: 4 callbacks suppressed
[  895.255190][T29277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5857'.
[  895.362286][T29279] validate_nla: 4 callbacks suppressed
[  895.362306][T29279] netlink: 'syz.4.5856': attribute type 1 has an invalid length.
[  895.434779][T29279] 8021q: adding VLAN 0 to HW filter on device bond13
[  895.734671][T29109] udevd[29109]: inotify_add_watch(7, /dev/nbd12, 10) failed: No such file or directory
[  895.752768][T29298] netlink: 64 bytes leftover after parsing attributes in process `syz.2.5860'.
[  896.092399][T29307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5865'.
[  896.136621][T29307] netlink: 'syz.3.5865': attribute type 30 has an invalid length.
[  896.301762][T29311] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  896.317034][T29311] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  896.333400][T29311] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  896.352771][T29311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  896.364600][T29311] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  896.623872][T17437] bond2: (slave syz_tun): Removing an active aggregator
[  896.643622][T17437] bond2: (slave syz_tun): Releasing backup interface
[  896.726271][T17437] syz_tun (unregistering): left allmulticast mode
[  896.855235][T29324] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5867'.
[  896.876837][T29323] netlink: 188 bytes leftover after parsing attributes in process `syz.1.5868'.
[  896.911477][T29326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5867'.
[  896.964376][T29327] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  897.110571][T29337] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5870'.
[  897.187428][T22475] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  897.210041][T22475] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  897.256719][T22475] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  897.285131][T22475] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  897.305300][T29343] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5871'.
[  897.321751][T29323] mac80211_hwsim hwsim46 syzkaller0: left promiscuous mode
[  897.355295][T29323] mac80211_hwsim hwsim46 syzkaller0: left allmulticast mode
[  897.367286][T29343] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5871'.
[  897.393568][T29323] tipc: Resetting bearer <eth:syzkaller0>
[  897.651867][T29358] netlink: 'syz.3.5874': attribute type 4 has an invalid length.
[  897.704065][T29363] netlink: 'syz.3.5874': attribute type 4 has an invalid length.
[  897.737853][T29364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5875'.
[  897.799151][T29366] netlink: 'syz.0.5875': attribute type 9 has an invalid length.
[  897.862864][T22472] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  897.913654][T22472] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.072023][T29371] kthread_run failed with err -4
[  898.158373][T29308] lo speed is unknown, defaulting to 1000
[  898.178776][T22472] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  898.201070][T22472] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.373173][T29387] bond12 (unregistering): Released all slaves
[  898.466373][ T5636] Bluetooth: hci4: command tx timeout
[  898.578865][T22472] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  898.612012][T22472] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.761692][T29398] lo speed is unknown, defaulting to 1000
[  898.797183][T22472] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  898.820971][T22472] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.360847][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  899.360866][   T30] audit: type=1800 audit(1780572182.507:52): pid=29422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5888" name="memory.events" dev="tmpfs" ino=2728 res=0 errno=0
[  899.590598][   T70] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.687773][   T70] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.914294][T29443] netlink: 'syz.0.5895': attribute type 11 has an invalid length.
[  900.032703][T22462] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  900.285431][   T70] netdevsim netdevsim4 eth4: set [1, 0] type 2 family 0 port 6081 - 0
[  900.545644][ T5636] Bluetooth: hci4: command tx timeout
[  901.196680][T22472] bond4 (unregistering): (slave erspan1): Releasing active interface
[  901.208568][T22472] erspan1 (unregistering): left promiscuous mode
[  901.268009][T22472] bond6 (unregistering): (slave geneve2): Releasing active interface
[  901.276443][T22472] geneve2 (unregistering): left allmulticast mode
[  901.361951][T22472] bond1 (unregistering): (slave lo): Releasing backup interface
[  901.370632][T22472] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[  901.382285][T22472] bond1 (unregistering): Released all slaves
[  901.408581][T22472] bond0 (unregistering): Released all slaves
[  901.437866][T22472] bond2 (unregistering): Released all slaves
[  901.454031][T22472] bond3 (unregistering): Released all slaves
[  901.470812][T22472] bond4 (unregistering): Released all slaves
[  901.487710][T22472] bond5 (unregistering): Released all slaves
[  901.515782][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  901.533841][T22472] bond6 (unregistering): Released all slaves
[  901.549713][T22472] bond7 (unregistering): Released all slaves
[  901.566265][T22472] bond8 (unregistering): Released all slaves
[  901.582251][T22472] bond9 (unregistering): Released all slaves
[  901.605309][T22472] bond10 (unregistering): Released all slaves
[  901.622690][T22472] bond11 (unregistering): (slave veth17): Releasing backup interface
[  901.634359][T22472] bond11 (unregistering): Released all slaves
[  901.652034][T22472] bond12 (unregistering): Released all slaves
[  901.668371][T22472] bond13 (unregistering): Released all slaves
[  902.053649][T22472] tipc: Left network mode
[  902.419248][T29488] sctp: [Deprecated]: syz.0.5905 (pid 29488) Use of int in max_burst socket option deprecated.
[  902.419248][T29488] Use struct sctp_assoc_value instead
[  902.627408][ T5636] Bluetooth: hci4: command tx timeout
[  902.713849][T29308] bridge0: port 1(bridge_slave_0) entered blocking state
[  902.765877][T29308] bridge0: port 1(bridge_slave_0) entered disabled state
[  902.798066][T29308] bridge_slave_0: entered allmulticast mode
[  902.839801][T29308] bridge_slave_0: entered promiscuous mode
[  903.010193][T29308] bridge0: port 2(bridge_slave_1) entered blocking state
[  903.036733][T29308] bridge0: port 2(bridge_slave_1) entered disabled state
[  903.070541][T29308] bridge_slave_1: entered allmulticast mode
[  903.099931][T29308] bridge_slave_1: entered promiscuous mode
[  903.306643][T29530] bond_slave_0: entered allmulticast mode
[  903.484985][ T5295] 8021q: adding VLAN 0 to HW filter on device eth1
[  903.586672][T29308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  903.685286][T29546] batman_adv: batadv0: Adding interface: vlan3
[  903.703913][T29546] batman_adv: batadv0: The MTU of interface vlan3 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  903.750729][T29546] batman_adv: batadv0: Not using interface vlan3 (retrying later): interface not active
[  903.794544][T29308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  903.862952][T29559] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  903.919490][T29308] team0: Port device team_slave_0 added
[  903.943172][T29308] team0: Port device team_slave_1 added
[  904.272881][ T1115] bond8: (slave veth0_to_bond): link status definitely down, disabling slave
[  904.309605][ T1115] bond8: now running without any active interface!
[  904.337111][T29308] batman_adv: batadv0: Adding interface: batadv_slave_0
[  904.351441][T29308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  904.393938][T29308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  904.457122][T29308] batman_adv: batadv0: Adding interface: batadv_slave_1
[  904.472719][T29308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  904.583949][T29308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  904.718209][ T5636] Bluetooth: hci4: command tx timeout
[  904.798817][T29601] __nla_validate_parse: 9 callbacks suppressed
[  904.798841][T29601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5927'.
[  904.814835][T29601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5927'.
[  905.168021][T29612] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5930'.
[  905.232440][T29617] sctp: [Deprecated]: syz.0.5929 (pid 29617) Use of struct sctp_assoc_value in delayed_ack socket option.
[  905.232440][T29617] Use struct sctp_sack_info instead
[  905.290878][T29308] hsr_slave_0: entered promiscuous mode
[  905.324210][T29308] hsr_slave_1: entered promiscuous mode
[  905.349968][T29308] debugfs: 'hsr0' already exists in 'hsr'
[  905.369831][T29308] Cannot create hsr debugfs directory
[  905.418458][T29625] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  905.547814][ T5295] 8021q: adding VLAN 0 to HW filter on device eth2
[  905.633719][T29625] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  905.827598][T29620] syzkaller0: entered promiscuous mode
[  905.848493][T29620] syzkaller0: entered allmulticast mode
[  905.872275][T29637] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  906.050492][T29615] tipc: Resetting bearer <eth:syzkaller0>
[  906.164766][T29615] tipc: Disabling bearer <eth:syzkaller0>
[  906.197962][T29656] netlink: 14 bytes leftover after parsing attributes in process `syz.0.5935'.
[  906.373100][T29648] mac80211_hwsim hwsim46 syzkaller0: entered promiscuous mode
[  906.387804][T29648] mac80211_hwsim hwsim46 syzkaller0: entered allmulticast mode
[  906.417959][T29648] tipc: Resetting bearer <eth:syzkaller0>
[  906.491704][T22472] hsr_slave_0: left promiscuous mode
[  906.506864][T22472] hsr_slave_1: left promiscuous mode
[  906.519249][T22472] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  906.536496][T22472] batman_adv: batadv0: Removing interface: batadv_slave_0
[  906.827117][T22472] pim6reg (unregistering): left allmulticast mode
[  907.437070][T29655] sit0: Caught tx_queue_len zero misconfig
[  907.727413][T29694] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5947'.
[  907.759359][T29695] netlink: 'syz.0.5945': attribute type 27 has an invalid length.
[  907.770551][T29308] netdevsim netdevsim4 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.894000][T29706] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5944'.
[  908.079655][T29700] vlan0: entered allmulticast mode
[  908.113415][T29700] bond0: entered allmulticast mode
[  908.134205][T29700] dummy0: entered allmulticast mode
[  908.319351][T29706] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  908.341881][T29706] dummy0: left allmulticast mode
[  908.354676][T29706] bond0 (unregistering): Released all slaves
[  908.728685][T29308] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.841360][T29742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5951'.
[  908.895589][T29742] netlink: 'syz.0.5951': attribute type 5 has an invalid length.
[  908.917174][T29742] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5951'.
[  909.076267][T29742] geneve5: entered promiscuous mode
[  909.093428][T29742] geneve5: entered allmulticast mode
[  909.159918][T29750] netlink: 100 bytes leftover after parsing attributes in process `syz.2.5953'.
[  909.177132][T29750] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  909.256492][T29308] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.353399][ T1028] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  909.369695][T22472] IPVS: stop unused estimator thread 0...
[  909.386254][ T1028] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  909.432979][ T1028] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  909.455638][ T1028] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  909.551841][T29308] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.918233][T29767] netlink: 52 bytes leftover after parsing attributes in process `syz.2.5956'.
[  910.091714][T29771] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  910.277608][T29785] netlink: 'syz.2.5959': attribute type 4 has an invalid length.
[  910.329467][T29790] netlink: 'syz.2.5959': attribute type 4 has an invalid length.
[  910.357798][T29783] ip6tnl4: entered allmulticast mode
[  910.484712][ T1028] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  910.495351][ T1028] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  910.509521][T10917] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  910.562900][T29783] bridge0: port 1(vlan2) entered blocking state
[  910.596074][T29783] bridge0: port 1(vlan2) entered disabled state
[  910.633417][T29783] vlan2: entered allmulticast mode
[  910.639924][T10917] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  910.666468][T29783] bridge_slave_1: entered allmulticast mode
[  910.675261][T29783] vlan2: entered promiscuous mode
[  910.686365][T29783] bridge_slave_1: entered promiscuous mode
[  910.943198][T29308] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  911.018038][T29308] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  911.049807][T29308] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  911.084956][T29308] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  911.117615][T29308] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  911.175057][T29308] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  911.242186][T29308] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  911.277598][T29308] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  911.426054][T10917] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  911.566331][T29831] syzkaller0: entered promiscuous mode
[  911.579105][T29831] syzkaller0: entered allmulticast mode
[  911.709900][T29842] netlink: 65051 bytes leftover after parsing attributes in process `syz.2.5968'.
[  911.818307][T29846] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.5969'.
[  911.983015][T29308] 8021q: adding VLAN 0 to HW filter on device bond0
[  912.081635][T29308] 8021q: adding VLAN 0 to HW filter on device team0
[  912.133995][T22475] bridge0: port 1(bridge_slave_0) entered blocking state
[  912.141278][T22475] bridge0: port 1(bridge_slave_0) entered forwarding state
[  912.181947][T22475] bridge0: port 2(bridge_slave_1) entered blocking state
[  912.189211][T22475] bridge0: port 2(bridge_slave_1) entered forwarding state
[  912.640825][T29870] vlan0: entered promiscuous mode
[  912.673944][T29870] bridge0: entered promiscuous mode
[  912.754575][T29880] netlink: 'syz.3.5975': attribute type 4 has an invalid length.
[  913.164782][T29893] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5977'.
[  913.595744][T29907] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5979'.
[  913.854898][T29905] lo speed is unknown, defaulting to 1000
[  914.073045][T29308] 8021q: adding VLAN 0 to HW filter on device batadv0
[  914.280849][T29924] nbd: couldn't find device at index 0
[  914.314474][T29923] nbd: couldn't find device at index 0
[  914.626209][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  915.396741][T29961] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  915.499727][T29308] veth0_vlan: entered promiscuous mode
[  915.538190][T29308] veth1_vlan: entered promiscuous mode
[  915.680288][T29308] veth0_macvtap: entered promiscuous mode
[  915.692375][T29968] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5990'.
[  915.731663][T29308] veth1_macvtap: entered promiscuous mode
[  915.810619][T29308] batman_adv: batadv0: Interface activated: batadv_slave_0
[  915.834221][T29968] Can't find ip_set type hash'net,port
[  915.875192][T29308] batman_adv: batadv0: Interface activated: batadv_slave_1
[  915.931151][T22472] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  915.959013][T22472] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  916.001909][T22472] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  916.071050][T22472] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  916.436530][T22463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  916.464093][T22463] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  916.544640][T22463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  916.571405][T22463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  916.797055][T29991] bond0: option arp_all_targets: invalid value (8)
[  917.345258][T29311] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  917.367913][T29311] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  917.380188][T29311] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  917.391873][T29311] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  917.405190][T29311] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  917.459423][T30014] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6000'.
[  917.889765][T30036] xt_addrtype: ipv6 BLACKHOLE matching not supported
[  918.431061][T30055] netlink: 'syz.4.6009': attribute type 1 has an invalid length.
[  918.458313][T30055] netlink: 'syz.4.6009': attribute type 1 has an invalid length.
[  918.499206][ T1028] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  918.789026][T30070] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  918.837630][T30069] tipc: Resetting bearer <eth:syzkaller0>
[  918.914542][ T1028] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  919.078087][T30009] lo speed is unknown, defaulting to 1000
[  919.163520][ T1028] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  919.359141][T30111] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6017'.
[  919.507753][T29311] Bluetooth: hci5: command tx timeout
[  919.522750][T30115] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  919.572475][ T1028] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  919.801756][T30123] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6019'.
[  920.227851][T30129] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6019'.
[  920.313011][T30129] nbd: device at index 64 is going down
[  920.611952][T29109] udevd[29109]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  920.714941][T30128] bond1: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  920.789268][T29109] udevd[29109]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  920.821153][T30128] bond1 (unregistering): Released all slaves
[  921.171584][T22463] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  921.371043][ T1115] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  921.491131][T30166] bond5: (slave bond_slave_1): Device is not bonding slave
[  921.498751][T30166] bond5: option active_slave: invalid value (bond_slave_1)
[  921.513823][T30166] bond5 (unregistering): Released all slaves
[  921.571642][ T1115] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  921.587757][T29311] Bluetooth: hci5: command tx timeout
[  921.641884][T22472] netdevsim netdevsim2 eth4: set [1, 0] type 2 family 0 port 6081 - 0
[  921.704715][ T1028] bond1: left allmulticast mode
[  921.727017][ T1028] bond1: left promiscuous mode
[  921.735101][ T1028] bridge0: port 3(bond1) entered disabled state
[  921.774811][ T1028] bridge_slave_1: left allmulticast mode
[  921.787356][ T1028] bridge_slave_1: left promiscuous mode
[  921.799115][ T1028] bridge0: port 2(bridge_slave_1) entered disabled state
[  921.910501][   T30] audit: type=1804 audit(1780572205.047:53): pid=30185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.6025" name="/newroot/590/cgroup.controllers" dev="tmpfs" ino=3036 res=1 errno=0
[  922.020693][   T30] audit: type=1800 audit(1780572205.057:54): pid=30185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6025" name="cgroup.controllers" dev="tmpfs" ino=3036 res=0 errno=0
[  922.580676][ T1028] bond7 (unregistering): (slave erspan1): Releasing active interface
[  922.670546][ T1028] batman_adv: batadv0: Removing interface: vlan3
[  922.770635][ T1028] bond4 (unregistering): (slave gretap2): Releasing active interface
[  922.906996][ T1028] batman_adv: batadv0: Removing interface: gretap4
[  923.081211][ T1028] bond0 (unregistering): (slave geneve1): Releasing backup interface
[  923.154634][ T1028] bond2 (unregistering): (slave bridge3): Releasing backup interface
[  923.262790][ T1028] bond5 (unregistering): (slave bridge7): Releasing backup interface
[  923.276052][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  923.336157][ T1028] bond9 (unregistering): (slave bridge10): Releasing backup interface
[  923.394367][ T1028] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  923.448501][ T1028] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  923.473065][ T1028] bond0 (unregistering): (slave wlan0): Releasing backup interface
[  923.493627][ T1028] bond0 (unregistering): Released all slaves
[  923.522743][ T1028] bond1 (unregistering): Released all slaves
[  923.572581][ T1028] bond2 (unregistering): Released all slaves
[  923.621434][ T1028] bond3 (unregistering): Released all slaves
[  923.656560][ T1028] bond4 (unregistering): Released all slaves
[  923.665755][T29311] Bluetooth: hci5: command tx timeout
[  923.692670][ T1028] bond5 (unregistering): Released all slaves
[  923.739998][ T1028] bond6 (unregistering): (slave veth9): Releasing backup interface
[  923.765040][ T1028] bond6 (unregistering): Released all slaves
[  923.813235][ T1028] bond7 (unregistering): Released all slaves
[  923.869868][ T1028] bond8 (unregistering): Released all slaves
[  923.891474][ T1028] bond9 (unregistering): Released all slaves
[  923.942386][ T1028] bond10 (unregistering): Released all slaves
[  923.984340][ T1028] bond11 (unregistering): Released all slaves
[  924.109306][T30182] lo speed is unknown, defaulting to 1000
[  924.233327][ T1028] hmac(sha224: left promiscuous mode
[  924.763490][ T1028] tipc: Disabling bearer <udp:s��%>
[  924.799921][ T1028] tipc: Left network mode
[  924.897035][T30240] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  925.756779][T29311] Bluetooth: hci5: command tx timeout
[  926.130871][T30009] bridge0: port 1(bridge_slave_0) entered blocking state
[  926.152811][T30009] bridge0: port 1(bridge_slave_0) entered disabled state
[  926.175878][T30009] bridge_slave_0: entered allmulticast mode
[  926.198222][T30009] bridge_slave_0: entered promiscuous mode
[  926.303114][T30009] bridge0: port 2(bridge_slave_1) entered blocking state
[  926.320073][T30009] bridge0: port 2(bridge_slave_1) entered disabled state
[  926.328246][T30009] bridge_slave_1: entered allmulticast mode
[  926.340719][T30009] bridge_slave_1: entered promiscuous mode
[  926.460077][T30009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  926.534967][T30009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  926.675955][T30009] team0: Port device team_slave_0 added
[  926.700139][T30009] team0: Port device team_slave_1 added
[  926.891797][T30009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  926.916048][T30009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  926.981034][T30009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  927.088332][T30009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  927.121727][T30009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  927.226391][T30009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  927.527901][T30306] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6040'.
[  927.687251][ T1028] batman_adv: batadv0: Removing interface: batadv_slave_0
[  927.708339][ T1028] batman_adv: batadv0: Removing interface: batadv_slave_1
[  927.753573][ T1028] pim6reg (unregistering): left allmulticast mode
[  928.206067][ T1028] team0 (unregistering): Port device team_slave_1 removed
[  928.237027][ T1028] team0 (unregistering): Port device team_slave_0 removed
[  928.419153][T30339] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  928.452400][T30341] netlink: 'syz.1.6046': attribute type 3 has an invalid length.
[  928.462434][ T5295] 8021q: adding VLAN 0 to HW filter on device eth1
[  928.478028][T30349] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  928.513458][T30009] hsr_slave_0: entered promiscuous mode
[  928.520286][T30349] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  928.536200][T30349] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  928.547915][T30009] hsr_slave_1: entered promiscuous mode
[  928.554825][T30009] debugfs: 'hsr0' already exists in 'hsr'
[  928.568530][T30009] Cannot create hsr debugfs directory
[  928.853685][T30364] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6052'.
[  929.157278][T30372] netlink: 36764 bytes leftover after parsing attributes in process `syz.1.6052'.
[  929.199725][ T1028] IPVS: stop unused estimator thread 0...
[  929.416860][T30009] netdevsim netdevsim2 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.483872][T30388] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6057'.
[  929.507829][T30388] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6057'.
[  929.732168][T30009] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.743730][T30393] netlink: 'syz.4.6057': attribute type 3 has an invalid length.
[  929.849067][T30398] netlink: 'syz.1.6058': attribute type 1 has an invalid length.
[  929.909854][T30400] bond4: Unable to set down delay as MII monitoring is disabled
[  929.920465][T30400] bond4 (unregistering): Released all slaves
[  929.957576][T30398] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  929.968703][T30009] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.269739][T30009] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.494266][T30408] lo speed is unknown, defaulting to 1000
[  931.161693][T30440] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input18
[  931.482318][T30009] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  931.521023][T30009] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  931.548226][T30009] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  931.620060][T30009] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  931.653776][T30009] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  931.692838][T30009] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  931.719101][T30009] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  931.816717][T30009] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  932.673110][T30009] 8021q: adding VLAN 0 to HW filter on device bond0
[  932.771118][T30009] 8021q: adding VLAN 0 to HW filter on device team0
[  932.833695][T20189] bridge0: port 1(bridge_slave_0) entered blocking state
[  932.840978][T20189] bridge0: port 1(bridge_slave_0) entered forwarding state
[  932.953459][T20189] bridge0: port 2(bridge_slave_1) entered blocking state
[  932.960745][T20189] bridge0: port 2(bridge_slave_1) entered forwarding state
[  933.044733][T30487] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  933.957959][T30507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6071'.
[  934.135806][T30507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6071'.
[  934.153291][T30517] pimreg: entered allmulticast mode
[  934.183630][T30516] pimreg: left allmulticast mode
[  934.378639][T30507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6071'.
[  934.621615][T30009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  934.787233][T30009] veth0_vlan: entered promiscuous mode
[  934.829964][T30533] netlink: 'syz.0.6076': attribute type 1 has an invalid length.
[  934.840725][T30009] veth1_vlan: entered promiscuous mode
[  934.892364][T30533] bond5: entered promiscuous mode
[  934.898811][T30533] 8021q: adding VLAN 0 to HW filter on device bond5
[  935.034159][T30009] veth0_macvtap: entered promiscuous mode
[  935.069656][T30009] veth1_macvtap: entered promiscuous mode
[  935.094334][T30009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  935.117649][T30009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  935.163253][T30549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6077'.
[  935.196393][T30549] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6077'.
[  935.210742][   T70] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  935.242906][   T70] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  935.313740][   T70] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  935.327274][T30555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6081'.
[  935.343233][   T70] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  935.453941][T30558] netlink: 'syz.0.6080': attribute type 3 has an invalid length.
[  935.484072][T30558] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6080'.
[  935.637755][T22463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  935.658894][T22463] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  935.798525][ T1028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  935.813231][ T1028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  935.821657][T30571] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6085'.
[  935.839030][T30568] batadv_slave_0: Caught tx_queue_len zero misconfig
[  936.047807][T30577] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6086'.
[  936.105643][T30577] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6086'.
[  936.213579][T30584] netlink: 'syz.2.5995': attribute type 1 has an invalid length.
[  936.590692][ T5636] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  936.609581][ T5636] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  936.620509][ T5636] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  936.633600][ T5636] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  936.644934][ T5636] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  937.409691][ T1028] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  937.434798][T30626] FAULT_INJECTION: forcing a failure.
[  937.434798][T30626] name failslab, interval 1, probability 0, space 0, times 0
[  937.477802][ T1028] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  937.495898][T30626] CPU: 0 UID: 0 PID: 30626 Comm: syz.2.6096 Not tainted syzkaller #0 PREEMPT(full) 
[  937.495943][T30626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  937.495966][T30626] Call Trace:
[  937.495975][T30626]  <TASK>
[  937.495985][T30626]  dump_stack_lvl+0xe8/0x150
[  937.496021][T30626]  should_fail_ex+0x412/0x560
[  937.496060][T30626]  should_failslab+0xa8/0x100
[  937.496086][T30626]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  937.496118][T30626]  ? __alloc_skb+0x186/0x7d0
[  937.496140][T30626]  ? __alloc_skb+0x1d0/0x7d0
[  937.496163][T30626]  ? __local_bh_enable_ip+0xd0/0x130
[  937.496192][T30626]  __alloc_skb+0x1d0/0x7d0
[  937.496219][T30626]  alloc_skb_with_frags+0xc8/0x760
[  937.496255][T30626]  sock_alloc_send_pskb+0x878/0x990
[  937.496309][T30626]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  937.496334][T30626]  ? kasan_quarantine_put+0xbb/0x1f0
[  937.496363][T30626]  ? lockdep_hardirqs_on+0x7a/0x110
[  937.496394][T30626]  ? unix_dgram_sendmsg+0x57c/0x18d0
[  937.496419][T30626]  ? kmem_cache_free+0x182/0x650
[  937.496451][T30626]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  937.496486][T30626]  unix_dgram_sendmsg+0x460/0x18d0
[  937.496524][T30626]  ? __lock_acquire+0x6b5/0x2cf0
[  937.496558][T30626]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  937.496590][T30626]  ? aa_sock_msg_perm+0xda/0x1b0
[  937.496625][T30626]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[  937.496654][T30626]  ____sys_sendmsg+0x972/0x9f0
[  937.496678][T30626]  ? __might_fault+0xaf/0x130
[  937.496712][T30626]  ? __pfx_____sys_sendmsg+0x10/0x10
[  937.496745][T30626]  ? import_iovec+0x73/0xa0
[  937.496780][T30626]  ___sys_sendmsg+0x2a5/0x360
[  937.496803][T30626]  ? __lock_acquire+0x6b5/0x2cf0
[  937.496831][T30626]  ? __pfx____sys_sendmsg+0x10/0x10
[  937.496852][T30626]  ? __lock_acquire+0x6b5/0x2cf0
[  937.496880][T30626]  ? kstrtouint+0x6e/0xe0
[  937.496957][T30626]  __sys_sendmmsg+0x27c/0x4e0
[  937.496989][T30626]  ? __pfx___sys_sendmmsg+0x10/0x10
[  937.497010][T30626]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  937.497062][T30626]  ? ksys_write+0x242/0x270
[  937.497098][T30626]  ? __pfx_ksys_write+0x10/0x10
[  937.497135][T30626]  __x64_sys_sendmmsg+0xa0/0xc0
[  937.497159][T30626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  937.497183][T30626]  do_syscall_64+0x174/0x580
[  937.497204][T30626]  ? trace_irq_disable+0x3b/0x140
[  937.497237][T30626]  ? clear_bhb_loop+0x40/0x90
[  937.497263][T30626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  937.497283][T30626] RIP: 0033:0x7f8bc439ce59
[  937.497313][T30626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  937.497335][T30626] RSP: 002b:00007f8bc51b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  937.497357][T30626] RAX: ffffffffffffffda RBX: 00007f8bc4615fa0 RCX: 00007f8bc439ce59
[  937.497371][T30626] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  937.497385][T30626] RBP: 00007f8bc51b3090 R08: 0000000000000000 R09: 0000000000000000
[  937.497398][T30626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  937.497410][T30626] R13: 00007f8bc4616038 R14: 00007f8bc4615fa0 R15: 00007ffeaf102fa8
[  937.497443][T30626]  </TASK>
[  937.913566][T30631] tipc: Started in network mode
[  937.918955][T30631] tipc: Node identity 329d226d8d16, cluster identity 4711
[  937.927138][T30631] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  937.944615][T30631] syzkaller0: entered promiscuous mode
[  937.951122][T30631] syzkaller0: entered allmulticast mode
[  937.958956][T30614] veth0_to_bond: Caught tx_queue_len zero misconfig
[  937.968275][T30631] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) !
[  938.138210][ T1028] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  938.162108][ T1028] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  938.194363][T30594] lo speed is unknown, defaulting to 1000
[  938.208049][T30638] tipc: Resetting bearer <eth:syzkaller0>
[  938.269182][T30630] tipc: Resetting bearer <eth:syzkaller0>
[  938.280803][T30640] netlink: 'syz.0.6100': attribute type 10 has an invalid length.
[  938.300411][T30642] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  938.332322][T30644] netlink: 'syz.4.6099': attribute type 1 has an invalid length.
[  938.350000][T30630] tipc: Disabling bearer <eth:syzkaller0>
[  938.430001][ T1028] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  938.470363][ T1028] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  938.594643][T30645] erspan1: entered allmulticast mode
[  938.687342][T30644] bond1: entered promiscuous mode
[  938.692615][T30644] bond1: entered allmulticast mode
[  938.699421][T30644] 8021q: adding VLAN 0 to HW filter on device bond1
[  938.715899][T29311] Bluetooth: hci3: command tx timeout
[  938.835186][T30660] FAULT_INJECTION: forcing a failure.
[  938.835186][T30660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  938.866664][T30660] CPU: 1 UID: 0 PID: 30660 Comm: syz.4.6106 Not tainted syzkaller #0 PREEMPT(full) 
[  938.866693][T30660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  938.866706][T30660] Call Trace:
[  938.866715][T30660]  <TASK>
[  938.866724][T30660]  dump_stack_lvl+0xe8/0x150
[  938.866753][T30660]  should_fail_ex+0x412/0x560
[  938.866781][T30660]  _copy_from_user+0x2d/0xb0
[  938.866808][T30660]  ___sys_sendmsg+0x1c6/0x360
[  938.866831][T30660]  ? __lock_acquire+0x6b5/0x2cf0
[  938.866859][T30660]  ? __pfx____sys_sendmsg+0x10/0x10
[  938.866881][T30660]  ? __lock_acquire+0x6b5/0x2cf0
[  938.866906][T30660]  ? kstrtouint+0x6e/0xe0
[  938.866979][T30660]  __sys_sendmmsg+0x27c/0x4e0
[  938.867015][T30660]  ? __pfx___sys_sendmmsg+0x10/0x10
[  938.867037][T30660]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  938.867099][T30660]  ? ksys_write+0x242/0x270
[  938.867133][T30660]  ? __pfx_ksys_write+0x10/0x10
[  938.867170][T30660]  __x64_sys_sendmmsg+0xa0/0xc0
[  938.867195][T30660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.867217][T30660]  do_syscall_64+0x174/0x580
[  938.867239][T30660]  ? trace_irq_disable+0x3b/0x140
[  938.867270][T30660]  ? clear_bhb_loop+0x40/0x90
[  938.867295][T30660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.867316][T30660] RIP: 0033:0x7fbc4ed9ce59
[  938.867342][T30660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  938.867360][T30660] RSP: 002b:00007fbc4fc7d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  938.867383][T30660] RAX: ffffffffffffffda RBX: 00007fbc4f015fa0 RCX: 00007fbc4ed9ce59
[  938.867398][T30660] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  938.867412][T30660] RBP: 00007fbc4fc7d090 R08: 0000000000000000 R09: 0000000000000000
[  938.867425][T30660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  938.867438][T30660] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  938.867472][T30660]  </TASK>
[  939.093082][ T1028] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  939.103711][ T1028] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  939.372719][T30651] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  939.539608][   T70] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  939.641585][   T70] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  939.734305][T22463] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  939.788645][T30681] x_tables: duplicate underflow at hook 1
[  939.790289][T30684] __nla_validate_parse: 5 callbacks suppressed
[  939.790348][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  939.872136][   T70] netdevsim netdevsim3 eth4: set [1, 0] type 2 family 0 port 6081 - 0
[  939.901306][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  939.915953][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  939.945894][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  939.965321][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  939.987742][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  940.006303][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  940.022364][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  940.077051][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  940.111278][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  940.169378][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6114'.
[  940.788850][T29311] Bluetooth: hci3: command tx timeout
[  940.838889][ T1028] erspan0 (unregistering): left allmulticast mode
[  941.017751][ T1028] bond10 (unregistering): (slave gretap2): Releasing active interface
[  941.028265][ T1028] bond10 (unregistering): (slave gretap2): the permanent HWaddr of slave - 42:5b:07:61:29:f3 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  941.275326][ T1028] bond10 (unregistering): (slave bridge4): Releasing active interface
[  941.294763][ T1028] bond1 (unregistering): Released all slaves
[  941.326643][ T1028] bond2 (unregistering): Released all slaves
[  941.352567][ T1028] bond3 (unregistering): Released all slaves
[  941.383756][ T1028] bond4 (unregistering): Released all slaves
[  941.427402][ T1028] bond5 (unregistering): Released all slaves
[  941.460145][ T1028] bond6 (unregistering): Released all slaves
[  941.485579][ T1028] bond7 (unregistering): Released all slaves
[  941.510884][ T1028] bond8 (unregistering): (slave veth0_to_bond): Releasing active interface
[  941.528135][ T1028] bond8 (unregistering): Released all slaves
[  941.554551][ T1028] bond9 (unregistering): Released all slaves
[  941.578643][ T1028] bond10 (unregistering): Released all slaves
[  941.607690][ T1028] bond11 (unregistering): Released all slaves
[  941.878296][ T5295] 8021q: adding VLAN 0 to HW filter on device eth1
[  941.889150][T30737] openvswitch: netlink: Missing valid actions attribute.
[  941.933115][T30737] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  942.088074][ T1028] 5n�: left promiscuous mode
[  942.275155][ T1028] tipc: Disabling bearer <udp:s>
[  942.312813][ T1028] tipc: Disabling bearer <udp:syz2>
[  942.335882][ T1028] tipc: Disabling bearer <eth:syzkaller0>
[  942.372730][ T1028] tipc: Left network mode
[  942.658394][T30594] bridge0: port 1(bridge_slave_0) entered blocking state
[  942.686433][T30594] bridge0: port 1(bridge_slave_0) entered disabled state
[  942.735882][T30594] bridge_slave_0: entered allmulticast mode
[  942.759417][T30594] bridge_slave_0: entered promiscuous mode
[  942.868791][T29311] Bluetooth: hci3: command tx timeout
[  942.963666][T30594] bridge0: port 2(bridge_slave_1) entered blocking state
[  943.034048][T30594] bridge0: port 2(bridge_slave_1) entered disabled state
[  943.058291][T30594] bridge_slave_1: entered allmulticast mode
[  943.087602][T30594] bridge_slave_1: entered promiscuous mode
[  943.152798][T30765] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  943.190488][T30770] veth0: Caught tx_queue_len zero misconfig
[  943.199272][T30765] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  943.231515][T30765] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  943.977849][T30594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  944.001207][ T5295] 8021q: adding VLAN 0 to HW filter on device eth2
[  944.026334][T30594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  944.197013][T30594] team0: Port device team_slave_0 added
[  944.243370][T30594] team0: Port device team_slave_1 added
[  944.402299][T30800] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  944.411345][T30805] TCP: tcp_parse_options: Illegal window scaling value 81 > 14 received
[  944.420937][T30802] syzkaller0: entered promiscuous mode
[  944.430179][T30802] syzkaller0: entered allmulticast mode
[  944.460737][T30594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  944.497433][T30594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  944.528879][T30594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  944.540991][T30800] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) !
[  944.629212][T30810] FAULT_INJECTION: forcing a failure.
[  944.629212][T30810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  944.662580][T30594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  944.679565][T30810] CPU: 1 UID: 0 PID: 30810 Comm: syz.4.6137 Not tainted syzkaller #0 PREEMPT(full) 
[  944.679594][T30810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  944.679608][T30810] Call Trace:
[  944.679617][T30810]  <TASK>
[  944.679637][T30810]  dump_stack_lvl+0xe8/0x150
[  944.679667][T30810]  should_fail_ex+0x412/0x560
[  944.679697][T30810]  _copy_from_user+0x2d/0xb0
[  944.679724][T30810]  ___sys_sendmsg+0x1c6/0x360
[  944.679749][T30810]  ? __lock_acquire+0x6b5/0x2cf0
[  944.679778][T30810]  ? __pfx____sys_sendmsg+0x10/0x10
[  944.679841][T30810]  ? __fget_files+0x2a/0x420
[  944.679868][T30810]  ? __fget_files+0x3a0/0x420
[  944.679905][T30810]  __x64_sys_sendmsg+0x1bd/0x2a0
[  944.679933][T30810]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  944.679969][T30810]  ? __pfx_ksys_write+0x10/0x10
[  944.680008][T30810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  944.680031][T30810]  do_syscall_64+0x174/0x580
[  944.680054][T30810]  ? trace_irq_disable+0x3b/0x140
[  944.680087][T30810]  ? clear_bhb_loop+0x40/0x90
[  944.680113][T30810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  944.680135][T30810] RIP: 0033:0x7fbc4ed9ce59
[  944.680156][T30810] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  944.680174][T30810] RSP: 002b:00007fbc4fc7d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  944.680196][T30810] RAX: ffffffffffffffda RBX: 00007fbc4f015fa0 RCX: 00007fbc4ed9ce59
[  944.680211][T30810] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003
[  944.680224][T30810] RBP: 00007fbc4fc7d090 R08: 0000000000000000 R09: 0000000000000000
[  944.680237][T30810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  944.680258][T30810] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  944.680293][T30810]  </TASK>
[  944.682344][T30594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  944.973274][T29311] Bluetooth: hci3: command tx timeout
[  945.026910][T30594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  945.056766][T30808] tipc: Resetting bearer <eth:syzkaller0>
[  945.084110][T30799] tipc: Resetting bearer <eth:syzkaller0>
[  945.258567][T30799] tipc: Disabling bearer <eth:syzkaller0>
[  945.272871][T30825] __nla_validate_parse: 24 callbacks suppressed
[  945.272894][T30825] netlink: 277 bytes leftover after parsing attributes in process `syz.1.6140'.
[  945.548526][T30840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  945.563341][T30594] hsr_slave_0: entered promiscuous mode
[  945.597938][T30594] hsr_slave_1: entered promiscuous mode
[  945.612826][T30842] netlink: 'syz.0.6144': attribute type 1 has an invalid length.
[  945.630833][T30594] debugfs: 'hsr0' already exists in 'hsr'
[  945.645874][T30840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  945.654612][T30594] Cannot create hsr debugfs directory
[  945.693593][ T5295] 8021q: adding VLAN 0 to HW filter on device eth3
[  945.982583][T30861] FAULT_INJECTION: forcing a failure.
[  945.982583][T30861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  946.053157][T30861] CPU: 0 UID: 0 PID: 30861 Comm: syz.4.6147 Not tainted syzkaller #0 PREEMPT(full) 
[  946.053187][T30861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  946.053200][T30861] Call Trace:
[  946.053209][T30861]  <TASK>
[  946.053219][T30861]  dump_stack_lvl+0xe8/0x150
[  946.053251][T30861]  should_fail_ex+0x412/0x560
[  946.053280][T30861]  _copy_to_user+0x31/0xb0
[  946.053310][T30861]  simple_read_from_buffer+0xe1/0x170
[  946.053344][T30861]  proc_fail_nth_read+0x1bb/0x230
[  946.053378][T30861]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  946.053418][T30861]  ? rw_verify_area+0x2a6/0x4d0
[  946.053449][T30861]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  946.053482][T30861]  vfs_read+0x20c/0xa70
[  946.053518][T30861]  ? __pfx___mutex_lock+0x10/0x10
[  946.053545][T30861]  ? __pfx_vfs_read+0x10/0x10
[  946.053578][T30861]  ? __fget_files+0x2a/0x420
[  946.053609][T30861]  ? __fget_files+0x3a0/0x420
[  946.053634][T30861]  ? __fget_files+0x2a/0x420
[  946.053672][T30861]  ksys_read+0x150/0x270
[  946.053705][T30861]  ? __pfx_ksys_read+0x10/0x10
[  946.053747][T30861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  946.053770][T30861]  do_syscall_64+0x174/0x580
[  946.053792][T30861]  ? trace_irq_disable+0x3b/0x140
[  946.053824][T30861]  ? clear_bhb_loop+0x40/0x90
[  946.053849][T30861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  946.053869][T30861] RIP: 0033:0x7fbc4ed5d68e
[  946.053889][T30861] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  946.053907][T30861] RSP: 002b:00007fbc4fc7cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  946.053929][T30861] RAX: ffffffffffffffda RBX: 00007fbc4fc7d6c0 RCX: 00007fbc4ed5d68e
[  946.053945][T30861] RDX: 000000000000000f RSI: 00007fbc4fc7d0a0 RDI: 0000000000000005
[  946.053958][T30861] RBP: 00007fbc4fc7d090 R08: 0000000000000000 R09: 0000000000000000
[  946.053970][T30861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  946.053982][T30861] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  946.054018][T30861]  </TASK>
[  946.799547][T30594] netdevsim netdevsim3 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  946.879117][T30890] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  946.973078][T30888] netlink: 149 bytes leftover after parsing attributes in process `syz.4.6153'.
[  947.222683][T30594] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.549785][T30594] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.670005][T30915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6160'.
[  947.697370][ T1028] hsr_slave_0: left promiscuous mode
[  947.706681][T30915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6160'.
[  947.727160][ T1028] hsr_slave_1: left promiscuous mode
[  948.070208][ T1028] pim6reg (unregistering): left allmulticast mode
[  949.127912][T30594] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.208496][T30942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6163'.
[  950.053383][ T1028] IPVS: stop unused estimator thread 0...
[  950.120825][T30974] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6169'.
[  950.209062][T30594] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  950.258446][T30594] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  950.273367][T30981] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6171'.
[  950.283002][T30594] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  950.313639][T30594] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  950.333409][T30594] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  950.353483][T30594] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  950.369010][T30980] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  950.397654][T30594] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  950.450672][T30594] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  950.519481][T30991] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  950.681632][T30594] 8021q: adding VLAN 0 to HW filter on device bond0
[  950.746741][T30594] 8021q: adding VLAN 0 to HW filter on device team0
[  950.782935][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state
[  950.790198][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  950.820354][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state
[  950.827649][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  951.052949][T31015] netlink: 196 bytes leftover after parsing attributes in process `syz.4.6179'.
[  951.293350][T31025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6180'.
[  951.584358][T31042] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6183'.
[  952.047487][T30594] 8021q: adding VLAN 0 to HW filter on device batadv0
[  952.261235][T30594] veth0_vlan: entered promiscuous mode
[  952.326085][T30594] veth1_vlan: entered promiscuous mode
[  952.420355][T31076] syzkaller0: entered promiscuous mode
[  952.447815][T31076] syzkaller0: entered allmulticast mode
[  952.547346][T30594] veth0_macvtap: entered promiscuous mode
[  952.574334][T30594] veth1_macvtap: entered promiscuous mode
[  952.645376][T30594] batman_adv: batadv0: Interface activated: batadv_slave_0
[  952.684181][T31083] netlink: 'syz.1.6189': attribute type 4 has an invalid length.
[  952.698164][T30594] batman_adv: batadv0: Interface activated: batadv_slave_1
[  952.730247][T31083] netlink: 'syz.1.6189': attribute type 8 has an invalid length.
[  952.751738][T20189] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  952.764049][T31083] netlink: 212 bytes leftover after parsing attributes in process `syz.1.6189'.
[  952.791574][T20189] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  952.802492][T31084] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6189'.
[  952.830399][T20189] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  952.856605][T20189] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  953.070961][T22472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  953.090614][T22472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  953.193999][T22472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  953.224222][T22472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  953.391150][T31105] bond0: Caught tx_queue_len zero misconfig
[  953.412963][T31108] netlink: 'syz.4.6195': attribute type 4 has an invalid length.
[  953.480095][T31108] netlink: 'syz.4.6195': attribute type 4 has an invalid length.
[  953.578720][T31114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6196'.
[  953.839509][T31114] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6196'.
[  953.944199][T31123] netlink: 200 bytes leftover after parsing attributes in process `syz.1.6196'.
[  953.961667][T31127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6200'.
[  954.187671][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  954.207774][ T5636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  954.222940][ T5636] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  954.236515][ T5636] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  954.244981][ T5636] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  954.292160][T31139] netlink: 'syz.1.6203': attribute type 4 has an invalid length.
[  954.302992][T31132] pim6reg: entered allmulticast mode
[  954.370945][T31131] pim6reg: left allmulticast mode
[  954.385168][    T9] IPVS: starting estimator thread 0...
[  954.403456][T31145] netlink: 'syz.1.6203': attribute type 4 has an invalid length.
[  954.515620][T31144] IPVS: using max 29 ests per chain, 69600 per kthread
[  954.841656][T18155] syz_tun (unregistering): left allmulticast mode
[  954.925156][T31164] pimreg: entered allmulticast mode
[  954.953575][T31164] pimreg: left allmulticast mode
[  954.985394][T31168] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6208'.
[  955.132238][T31174] netlink: 'syz.3.6208': attribute type 1 has an invalid length.
[  955.168303][T31178] xt_hashlimit: invalid rate
[  955.248897][T31184] netlink: 'syz.1.6213': attribute type 22 has an invalid length.
[  955.321509][T31134] lo speed is unknown, defaulting to 1000
[  955.429848][T31190] gtp0: entered allmulticast mode
[  955.541416][T31195] FAULT_INJECTION: forcing a failure.
[  955.541416][T31195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  955.562070][T31195] CPU: 1 UID: 0 PID: 31195 Comm: syz.4.6216 Not tainted syzkaller #0 PREEMPT(full) 
[  955.562099][T31195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  955.562113][T31195] Call Trace:
[  955.562121][T31195]  <TASK>
[  955.562130][T31195]  dump_stack_lvl+0xe8/0x150
[  955.562162][T31195]  should_fail_ex+0x412/0x560
[  955.562191][T31195]  _copy_from_iter+0x1d3/0x1670
[  955.562219][T31195]  ? rcu_is_watching+0x15/0xb0
[  955.562252][T31195]  ? __pfx__copy_from_iter+0x10/0x10
[  955.562284][T31195]  ? netlink_sendmsg+0x650/0xb40
[  955.562308][T31195]  ? skb_put+0x11b/0x210
[  955.562334][T31195]  netlink_sendmsg+0x6c0/0xb40
[  955.562370][T31195]  ? __pfx_netlink_sendmsg+0x10/0x10
[  955.562398][T31195]  ? aa_sock_msg_perm+0xf1/0x1b0
[  955.562433][T31195]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  955.562466][T31195]  ____sys_sendmsg+0x972/0x9f0
[  955.562491][T31195]  ? __might_fault+0xaf/0x130
[  955.562526][T31195]  ? __pfx_____sys_sendmsg+0x10/0x10
[  955.562561][T31195]  ? import_iovec+0x73/0xa0
[  955.562589][T31195]  ___sys_sendmsg+0x2a5/0x360
[  955.562612][T31195]  ? __lock_acquire+0x6b5/0x2cf0
[  955.562640][T31195]  ? __pfx____sys_sendmsg+0x10/0x10
[  955.562703][T31195]  ? __fget_files+0x2a/0x420
[  955.562729][T31195]  ? __fget_files+0x3a0/0x420
[  955.562766][T31195]  __x64_sys_sendmsg+0x1bd/0x2a0
[  955.562794][T31195]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  955.562829][T31195]  ? __pfx_ksys_write+0x10/0x10
[  955.562870][T31195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.562894][T31195]  do_syscall_64+0x174/0x580
[  955.562916][T31195]  ? trace_irq_disable+0x3b/0x140
[  955.562956][T31195]  ? clear_bhb_loop+0x40/0x90
[  955.562983][T31195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.563004][T31195] RIP: 0033:0x7fbc4ed9ce59
[  955.563024][T31195] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  955.563042][T31195] RSP: 002b:00007fbc4fc7d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  955.563069][T31195] RAX: ffffffffffffffda RBX: 00007fbc4f015fa0 RCX: 00007fbc4ed9ce59
[  955.563084][T31195] RDX: 0000000040000010 RSI: 0000200000002900 RDI: 0000000000000003
[  955.563098][T31195] RBP: 00007fbc4fc7d090 R08: 0000000000000000 R09: 0000000000000000
[  955.563112][T31195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  955.563125][T31195] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  955.563160][T31195]  </TASK>
[  956.094747][T31205] __nla_validate_parse: 2 callbacks suppressed
[  956.094768][T31205] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6218'.
[  956.273829][T31213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6223'.
[  956.307650][ T5636] Bluetooth: hci1: command tx timeout
[  956.319398][T31216] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6222'.
[  956.330486][T31215] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6222'.
[  956.340314][T31216] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  956.347646][T31216] IPv6: NLM_F_CREATE should be set when creating new route
[  956.356228][T31215] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  956.524977][T31213] gretap0: left promiscuous mode
[  956.536578][T31213] bridge0: left allmulticast mode
[  956.557111][T31213] bond1: left allmulticast mode
[  956.562204][T31213] erspan1: left allmulticast mode
[  956.568666][T31213] vti0: left promiscuous mode
[  956.573457][T31213] vti0: left allmulticast mode
[  956.581338][T31213] hsr2: left allmulticast mode
[  956.586423][T31213] batadv0: left allmulticast mode
[  956.591537][T31213] veth1_to_hsr: left allmulticast mode
[  956.597918][T31213] vlan4: left allmulticast mode
[  956.602851][T31213] bond0: left allmulticast mode
[  956.607897][T31213] bond_slave_0: left allmulticast mode
[  956.613445][T31213] bond_slave_1: left allmulticast mode
[  956.620780][T31213] tipc: Resetting bearer <eth:syzkaller0>
[  956.632690][T31213] mac80211_hwsim hwsim46 syzkaller0: left promiscuous mode
[  956.640050][T31213] mac80211_hwsim hwsim46 syzkaller0: left allmulticast mode
[  956.652061][T31213] ip6tnl1: left allmulticast mode
[  956.659787][T31213] ip6tnl2: left allmulticast mode
[  956.805112][T31236] netlink: 'syz.2.6227': attribute type 1 has an invalid length.
[  956.863390][T31236] 8021q: adding VLAN 0 to HW filter on device bond1
[  956.874003][T31134] bridge0: port 1(bridge_slave_0) entered blocking state
[  956.890405][T31134] bridge0: port 1(bridge_slave_0) entered disabled state
[  956.898056][T31134] bridge_slave_0: entered allmulticast mode
[  956.907476][T31134] bridge_slave_0: entered promiscuous mode
[  956.938255][T31236] bond1: (slave veth3): Enslaving as an active interface with a down link
[  956.967578][T31134] bridge0: port 2(bridge_slave_1) entered blocking state
[  956.974850][T31134] bridge0: port 2(bridge_slave_1) entered disabled state
[  956.982406][T31134] bridge_slave_1: entered allmulticast mode
[  956.991471][T31134] bridge_slave_1: entered promiscuous mode
[  957.012847][T31236] 8021q: adding VLAN 0 to HW filter on device batadv1
[  957.031149][T31236] bond1: (slave batadv1): making interface the new active one
[  957.043015][T31236] batadv1: entered promiscuous mode
[  957.049075][T31236] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  957.122851][T31240] bond1 (unregistering): (slave veth3): Releasing active interface
[  957.152046][T31240] bond1 (unregistering): (slave batadv1): Releasing active interface
[  957.171937][T31240] bond1 (unregistering): Released all slaves
[  957.278592][T31134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  957.340387][T31134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  957.424382][T31134] team0: Port device team_slave_0 added
[  957.439169][T31134] team0: Port device team_slave_1 added
[  957.463056][T31251] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6233'.
[  957.492311][T31254] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6234'.
[  957.521008][T31251] vlan2: entered promiscuous mode
[  957.526754][T31251] veth0_to_bond: entered promiscuous mode
[  957.636020][T31134] batman_adv: batadv0: Adding interface: batadv_slave_0
[  957.646621][T31134] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  957.683799][T31134] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  957.769762][T31134] batman_adv: batadv0: Adding interface: batadv_slave_1
[  957.800971][T31134] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  957.845411][T31269] netlink: 'syz.3.6237': attribute type 4 has an invalid length.
[  957.867393][T31134] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  957.915787][T31272] netlink: 'syz.3.6237': attribute type 4 has an invalid length.
[  958.105303][T31134] hsr_slave_0: entered promiscuous mode
[  958.124232][T31134] hsr_slave_1: entered promiscuous mode
[  958.146756][T31134] debugfs: 'hsr0' already exists in 'hsr'
[  958.162791][T31134] Cannot create hsr debugfs directory
[  958.327603][T31283] hma(����kX�: entered promiscuous mode
[  958.385606][T29311] Bluetooth: hci1: command tx timeout
[  958.393080][T31290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6245'.
[  958.595768][T31290] vlan2: entered promiscuous mode
[  958.606429][T31290] geneve1: entered promiscuous mode
[  958.611927][T31290] vlan2: entered allmulticast mode
[  958.618032][T31290] geneve1: entered allmulticast mode
[  958.744159][ T1028] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  958.758386][ T1028] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  958.789916][ T1028] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  958.913635][T31317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6249'.
[  959.098980][ T1028] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  959.136460][ T1028] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.166739][ T1028] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  959.248680][ T1028] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  959.274738][ T1028] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.292316][ T1028] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  959.348755][ T1028] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  959.362290][T31336] netlink: 'syz.4.6255': attribute type 4 has an invalid length.
[  959.370842][ T1028] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.381090][ T1028] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  959.416552][T31336] netlink: 'syz.4.6255': attribute type 4 has an invalid length.
[  959.471744][T31339] lo: Caught tx_queue_len zero misconfig
[  959.727359][T31345] syzkaller1: entered promiscuous mode
[  959.733228][T31345] syzkaller1: entered allmulticast mode
[  959.761908][T20189] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  959.876391][T20189] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  959.903554][T31357] mac80211_hwsim hwsim84 wlan0: entered promiscuous mode
[  959.911366][T31357] mac80211_hwsim hwsim84 wlan0: entered allmulticast mode
[  959.934040][T31357] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  960.029852][ T1164] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  960.099700][   T70] netdevsim netdevsim0 eth4: set [1, 0] type 2 family 0 port 6081 - 0
[  960.173269][ T1028] vlan2: left allmulticast mode
[  960.205207][ T1028] bridge_slave_1: left allmulticast mode
[  960.226492][ T1028] vlan2: left promiscuous mode
[  960.236407][ T1028] bridge_slave_1: left promiscuous mode
[  960.250695][ T1028] bridge0: port 1(vlan2) entered disabled state
[  960.486361][T29311] Bluetooth: hci1: command 0x040f tx timeout
[  960.893999][ T1028] team0: Port device geneve1 removed
[  961.016127][ T1028] team0: Port device bridge4 removed
[  961.054891][ T1028] bond1 (unregistering): Released all slaves
[  961.080045][ T1028] bond0 (unregistering): Released all slaves
[  961.096952][ T1028] bond2 (unregistering): Released all slaves
[  961.120996][ T1028] bond4 (unregistering): Released all slaves
[  961.144592][ T1028] bond3 (unregistering): Released all slaves
[  961.161226][ T1028] bond5 (unregistering): Released all slaves
[  961.177080][ T1028] bond6 (unregistering): Released all slaves
[  961.249445][T20189] tipc: Resetting bearer <eth:team0>
[  961.273065][ T5295] 8021q: adding VLAN 0 to HW filter on device eth1
[  961.370441][T31399] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6267'.
[  961.428420][T31134] netdevsim netdevsim0 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  961.529429][T31409] netlink: 'syz.3.6270': attribute type 1 has an invalid length.
[  961.582912][T31411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6270'.
[  961.615860][T31411] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6270'.
[  961.680766][ T1028] tipc: Disabling bearer <eth:team0>
[  961.718665][ T1028] tipc: Left network mode
[  961.921946][T31423] FAULT_INJECTION: forcing a failure.
[  961.921946][T31423] name failslab, interval 1, probability 0, space 0, times 0
[  961.945789][T31423] CPU: 0 UID: 0 PID: 31423 Comm: syz.4.6272 Not tainted syzkaller #0 PREEMPT(full) 
[  961.945819][T31423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  961.945834][T31423] Call Trace:
[  961.945843][T31423]  <TASK>
[  961.945852][T31423]  dump_stack_lvl+0xe8/0x150
[  961.945884][T31423]  should_fail_ex+0x412/0x560
[  961.945913][T31423]  should_failslab+0xa8/0x100
[  961.945937][T31423]  __kmalloc_cache_node_noprof+0x8a/0x6b0
[  961.945971][T31423]  ? __get_vm_area_node+0x13f/0x300
[  961.946004][T31423]  __get_vm_area_node+0x13f/0x300
[  961.946038][T31423]  __vmalloc_node_range_noprof+0x36a/0x1750
[  961.946069][T31423]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  961.946096][T31423]  ? __lock_acquire+0x6b5/0x2cf0
[  961.946146][T31423]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  961.946177][T31423]  ? __lock_acquire+0x6b5/0x2cf0
[  961.946203][T31423]  ? _parse_integer_limit+0x1ae/0x1f0
[  961.946242][T31423]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  961.946273][T31423]  __vmalloc_noprof+0xd2/0x120
[  961.946303][T31423]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  961.946327][T31423]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[  961.946354][T31423]  bpf_prog_alloc+0x3c/0x1a0
[  961.946378][T31423]  bpf_prog_load+0x779/0x1a10
[  961.946413][T31423]  ? __pfx_bpf_prog_load+0x10/0x10
[  961.946435][T31423]  ? __might_fault+0xaf/0x130
[  961.946480][T31423]  ? bpf_lsm_bpf+0x9/0x20
[  961.946499][T31423]  ? security_bpf+0x7e/0x2d0
[  961.946611][T31423]  __sys_bpf+0x618/0x950
[  961.946646][T31423]  ? __pfx___sys_bpf+0x10/0x10
[  961.946699][T31423]  ? ksys_write+0x242/0x270
[  961.946734][T31423]  ? __pfx_ksys_write+0x10/0x10
[  961.946770][T31423]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  961.946793][T31423]  __x64_sys_bpf+0x7c/0x90
[  961.946823][T31423]  do_syscall_64+0x174/0x580
[  961.946849][T31423]  ? trace_irq_disable+0x3b/0x140
[  961.946880][T31423]  ? clear_bhb_loop+0x40/0x90
[  961.946907][T31423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  961.946928][T31423] RIP: 0033:0x7fbc4ed9ce59
[  961.946949][T31423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  961.946965][T31423] RSP: 002b:00007fbc4fc7d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  961.946988][T31423] RAX: ffffffffffffffda RBX: 00007fbc4f015fa0 RCX: 00007fbc4ed9ce59
[  961.947003][T31423] RDX: 0000000000000094 RSI: 00002000000006c0 RDI: 0000000000000005
[  961.947017][T31423] RBP: 00007fbc4fc7d090 R08: 0000000000000000 R09: 0000000000000000
[  961.947030][T31423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  961.947042][T31423] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  961.947076][T31423]  </TASK>
[  961.947098][T31423] syz.4.6272: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  962.282628][T31423] CPU: 0 UID: 0 PID: 31423 Comm: syz.4.6272 Not tainted syzkaller #0 PREEMPT(full) 
[  962.282654][T31423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  962.282666][T31423] Call Trace:
[  962.282675][T31423]  <TASK>
[  962.282684][T31423]  dump_stack_lvl+0xe8/0x150
[  962.282715][T31423]  warn_alloc+0x249/0x340
[  962.282754][T31423]  ? __pfx_warn_alloc+0x10/0x10
[  962.282787][T31423]  ? __get_vm_area_node+0x13f/0x300
[  962.282820][T31423]  ? __get_vm_area_node+0x2b5/0x300
[  962.282856][T31423]  __vmalloc_node_range_noprof+0x38f/0x1750
[  962.282889][T31423]  ? __lock_acquire+0x6b5/0x2cf0
[  962.282939][T31423]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  962.282969][T31423]  ? __lock_acquire+0x6b5/0x2cf0
[  962.282994][T31423]  ? _parse_integer_limit+0x1ae/0x1f0
[  962.283033][T31423]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  962.283052][T31423]  __vmalloc_noprof+0xd2/0x120
[  962.283081][T31423]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  962.283105][T31423]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[  962.283131][T31423]  bpf_prog_alloc+0x3c/0x1a0
[  962.283154][T31423]  bpf_prog_load+0x779/0x1a10
[  962.283189][T31423]  ? __pfx_bpf_prog_load+0x10/0x10
[  962.283209][T31423]  ? __might_fault+0xaf/0x130
[  962.283254][T31423]  ? bpf_lsm_bpf+0x9/0x20
[  962.283273][T31423]  ? security_bpf+0x7e/0x2d0
[  962.283304][T31423]  __sys_bpf+0x618/0x950
[  962.283337][T31423]  ? __pfx___sys_bpf+0x10/0x10
[  962.283386][T31423]  ? ksys_write+0x242/0x270
[  962.283429][T31423]  ? __pfx_ksys_write+0x10/0x10
[  962.283464][T31423]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.283488][T31423]  __x64_sys_bpf+0x7c/0x90
[  962.283517][T31423]  do_syscall_64+0x174/0x580
[  962.283539][T31423]  ? trace_irq_disable+0x3b/0x140
[  962.283568][T31423]  ? clear_bhb_loop+0x40/0x90
[  962.283592][T31423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.283610][T31423] RIP: 0033:0x7fbc4ed9ce59
[  962.283629][T31423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  962.283645][T31423] RSP: 002b:00007fbc4fc7d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  962.283668][T31423] RAX: ffffffffffffffda RBX: 00007fbc4f015fa0 RCX: 00007fbc4ed9ce59
[  962.283681][T31423] RDX: 0000000000000094 RSI: 00002000000006c0 RDI: 0000000000000005
[  962.283693][T31423] RBP: 00007fbc4fc7d090 R08: 0000000000000000 R09: 0000000000000000
[  962.283703][T31423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.283714][T31423] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  962.283745][T31423]  </TASK>
[  962.283836][T31423] Mem-Info:
[  962.551602][T31134] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  962.562311][T29311] Bluetooth: hci1: command 0x040f tx timeout
[  962.576101][T31423] active_anon:6312 inactive_anon:0 isolated_anon:0
[  962.576101][T31423]  active_file:1968 inactive_file:41857 isolated_file:0
[  962.576101][T31423]  unevictable:768 dirty:311 writeback:0
[  962.576101][T31423]  slab_reclaimable:13774 slab_unreclaimable:233933
[  962.576101][T31423]  mapped:29969 shmem:1299 pagetables:1373
[  962.576101][T31423]  sec_pagetables:0 bounce:0
[  962.576101][T31423]  kernel_misc_reclaimable:0
[  962.576101][T31423]  free:1081922 free_pcp:22912 free_cma:0
[  962.623271][T31423] Node 0 active_anon:25248kB inactive_anon:0kB active_file:7872kB inactive_file:167216kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:21480kB dirty:1240kB writeback:0kB shmem:3660kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:16608kB pagetables:5320kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  962.709296][T31423] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98396kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  962.797555][T31423] Node 0 DMA free:11124kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:140kB local_pcp:52kB free_cma:0kB
[  962.918399][T31423] lowmem_reserve[]: 0 2492 2493 2493 2493
[  962.931687][T31423] Node 0 DMA32 free:925492kB boost:0kB min:34188kB low:42732kB high:51276kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25336kB inactive_anon:0kB active_file:7872kB inactive_file:167216kB unevictable:1536kB writepending:1244kB zspages:0kB present:3129332kB managed:2552596kB mlocked:0kB bounce:0kB free_pcp:34436kB local_pcp:20932kB free_cma:0kB
[  963.038797][T31423] lowmem_reserve[]: 0 0 0 0 0
[  963.050455][T31423] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:672kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  963.088719][T31444] netlink: 424 bytes leftover after parsing attributes in process `syz.2.6276'.
[  963.112043][T31444] netlink: 'syz.2.6276': attribute type 1 has an invalid length.
[  963.140970][T31423] lowmem_reserve[]: 0 0 0 0 0
[  963.146026][T31423] Node 1 Normal free:3391476kB boost:0kB min:55704kB low:69628kB high:83552kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:57276kB local_pcp:27628kB free_cma:0kB
[  963.191391][T31134] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  963.275658][T31423] lowmem_reserve[]: 0 0 0 0 0
[  963.312327][T31423] Node 0 DMA: 3*4kB (U) 1*8kB (U) 2*16kB (U) 2*32kB (U) 2*64kB (U) 3*128kB (U) 1*256kB (U) 2*512kB (U) 3*1024kB (U) 1*2048kB (M) 1*4096kB (U) = 11124kB
[  963.378527][T31423] Node 0 DMA32: 825*4kB (UM) 5681*8kB (UME) 4079*16kB (UM) 262*32kB (UME) 94*64kB (UME) 906*128kB (UME) 739*256kB (UM) 408*512kB (UME) 223*1024kB (UME) 27*2048kB (UM) 0*4096kB = 926108kB
[  963.461564][T31423] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  963.515647][T31423] Node 1 Normal: 15*4kB (U) 13*8kB (UM) 21*16kB (UM) 22*32kB (UM) 31*64kB (UM) 25*128kB (UM) 23*256kB (UM) 22*512kB (UM) 19*1024kB (UM) 17*2048kB (U) 809*4096kB (UM) = 3391476kB
[  963.571552][T31134] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  963.577804][T31423] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  963.626741][T31423] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  963.647994][T31423] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  963.688822][T31423] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  963.721886][T31423] 45119 total pagecache pages
[  963.744964][T31423] 0 pages in swap cache
[  963.760774][T31423] Free swap  = 124996kB
[  963.777766][T31423] Total swap = 124996kB
[  963.798445][T31423] 2097051 pages RAM
[  963.814179][T31423] 0 pages HighMem/MovableOnly
[  963.847840][T31423] 427119 pages reserved
[  963.865768][T31423] 0 pages cma reserved
[  963.918731][T31472] netlink: 'syz.2.6284': attribute type 22 has an invalid length.
[  964.013605][T31472] netlink: 68 bytes leftover after parsing attributes in process `syz.2.6284'.
[  964.375380][T31488] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6288'.
[  964.582792][T31488] 8021q: adding VLAN 0 to HW filter on device bond2
[  964.640103][T29311] Bluetooth: hci1: command 0x040f tx timeout
[  964.770200][T31491] bond2: (slave veth5): Enslaving as an active interface with an up link
[  964.860588][T31494] 8021q: adding VLAN 0 to HW filter on device batadv1
[  964.910111][T31494] bond2: (slave batadv1): Enslaving as an active interface with an up link
[  965.234675][T31515] xt_hashlimit: overflow, try lower: 9/9223372036854775808
[  965.503174][ T1028] pim6reg (unregistering): left allmulticast mode
[  965.553756][T31493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6290'.
[  965.630557][T31500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6290'.
[  967.464006][T31548] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  968.249247][T31503] lo speed is unknown, defaulting to 1000
[  968.347023][T31134] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  968.419295][T31134] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  968.547085][T31134] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  968.576456][T31134] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  968.606336][T31134] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  968.643330][T31134] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  968.687695][T31134] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  968.749490][T31134] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  968.910454][T31563] mac80211_hwsim hwsim46 syzkaller0: entered promiscuous mode
[  968.944603][T31563] mac80211_hwsim hwsim46 syzkaller0: entered allmulticast mode
[  968.977841][T31563] tipc: Resetting bearer <eth:syzkaller0>
[  969.056363][T29311] block nbd13: Receive control failed (result -22)
[  969.104257][T31578] nbd13: detected capacity change from 0 to 32
[  969.129899][T31550] block nbd13: Dead connection, failed to find a fallback
[  969.139139][T31550] block nbd13: shutting down sockets
[  969.147172][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.159833][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.184908][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.194794][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.203368][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.219730][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.230402][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.287510][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.299268][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.325481][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.344980][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.365892][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.411006][ T1028] IPVS: stop unused estimator thread 0...
[  969.428812][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.458215][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.483244][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.504902][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.539034][T31550] ldm_validate_partition_table(): Disk read failed.
[  969.564047][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.595193][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.623846][T31587] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6305'.
[  969.636970][T31550] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  969.657013][T31550] Buffer I/O error on dev nbd13, logical block 0, async page read
[  969.673182][T31550] Dev nbd13: unable to read RDB block 0
[  969.684626][T31584] netlink: 64 bytes leftover after parsing attributes in process `syz.4.6305'.
[  969.710869][T31550]  nbd13: unable to read partition table
[  969.722042][T31134] 8021q: adding VLAN 0 to HW filter on device bond0
[  969.853644][T31550] ldm_validate_partition_table(): Disk read failed.
[  969.874845][T31550] Dev nbd13: unable to read RDB block 0
[  969.900953][T31550]  nbd13: unable to read partition table
[  970.046260][T31134] 8021q: adding VLAN 0 to HW filter on device team0
[  970.098721][T22463] bridge0: port 1(bridge_slave_0) entered blocking state
[  970.106027][T22463] bridge0: port 1(bridge_slave_0) entered forwarding state
[  970.199025][T22463] bridge0: port 2(bridge_slave_1) entered blocking state
[  970.206359][T22463] bridge0: port 2(bridge_slave_1) entered forwarding state
[  970.379295][T31594] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6307'.
[  971.027371][T31616] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6312'.
[  971.165081][T31622] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6313'.
[  971.350610][T31134] 8021q: adding VLAN 0 to HW filter on device batadv0
[  971.589479][T31134] veth0_vlan: entered promiscuous mode
[  971.619062][T31134] veth1_vlan: entered promiscuous mode
[  971.697029][T31134] veth0_macvtap: entered promiscuous mode
[  971.743000][T31134] veth1_macvtap: entered promiscuous mode
[  971.789880][T31134] batman_adv: batadv0: Interface activated: batadv_slave_0
[  971.810371][T31134] batman_adv: batadv0: Interface activated: batadv_slave_1
[  971.839386][ T1028] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  971.854921][ T1028] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  971.880496][ T1028] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  971.928795][ T1028] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  972.175326][T22463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  972.206530][T22463] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  972.261166][T20189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  972.275023][T20189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  972.373208][T31636] vlan0: entered promiscuous mode
[  972.620626][T31647] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6319'.
[  972.743822][T31652] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6321'.
[  972.802615][T31655] netlink: 'syz.0.6322': attribute type 1 has an invalid length.
[  972.850821][T31655] syzkaller0: entered promiscuous mode
[  972.852150][T31657] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6323'.
[  972.865734][T31655] syzkaller0: entered allmulticast mode
[  972.967429][T31662] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6325'.
[  973.053043][T31662] 
[  973.055449][T31662] ======================================================
[  973.062495][T31662] WARNING: possible circular locking dependency detected
[  973.069567][T31662] syzkaller #0 Not tainted
[  973.074040][T31662] ------------------------------------------------------
[  973.081093][T31662] syz.4.6325/31662 is trying to acquire lock:
[  973.087188][T31662] ffff888075978698 (set->srcu){.+.+}-{0:0}, at: __synchronize_srcu+0xb6/0x300
[  973.096127][T31662] 
[  973.096127][T31662] but task is already holding lock:
[  973.103533][T31662] ffff88802af93418 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1b3/0x450
[  973.113271][T31662] 
[  973.113271][T31662] which lock already depends on the new lock.
[  973.113271][T31662] 
[  973.123733][T31662] 
[  973.123733][T31662] the existing dependency chain (in reverse order) is:
[  973.132873][T31662] 
[  973.132873][T31662] -> #6 (&q->elevator_lock){+.+.}-{4:4}:
[  973.140747][T31662]        __mutex_lock+0x1a3/0x1550
[  973.145911][T31662]        elevator_change+0x1b3/0x450
[  973.151239][T31662]        elevator_set_none+0xb5/0x140
[  973.156652][T31662]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  973.163143][T31662]        nbd_start_device+0x17f/0xb10
[  973.168710][T31662]        nbd_genl_connect+0x165b/0x1cf0
[  973.174309][T31662]        genl_family_rcv_msg_doit+0x22a/0x330
[  973.180425][T31662]        genl_rcv_msg+0x61c/0x7a0
[  973.185500][T31662]        netlink_rcv_skb+0x232/0x4b0
[  973.190824][T31662]        genl_rcv+0x28/0x40
[  973.195378][T31662]        netlink_unicast+0x75c/0x8e0
[  973.200698][T31662]        netlink_sendmsg+0x813/0xb40
[  973.206026][T31662]        ____sys_sendmsg+0x972/0x9f0
[  973.211349][T31662]        ___sys_sendmsg+0x2a5/0x360
[  973.216582][T31662]        __x64_sys_sendmsg+0x1bd/0x2a0
[  973.222086][T31662]        do_syscall_64+0x174/0x580
[  973.227239][T31662]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.233691][T31662] 
[  973.233691][T31662] -> #5 (&q->q_usage_counter(io)#52){++++}-{0:0}:
[  973.242348][T31662]        blk_alloc_queue+0x546/0x680
[  973.247756][T31662]        __blk_mq_alloc_disk+0x197/0x390
[  973.253434][T31662]        nbd_dev_add+0x499/0xb50
[  973.258418][T31662]        nbd_init+0x168/0x1f0
[  973.263251][T31662]        do_one_initcall+0x250/0x870
[  973.268585][T31662]        do_initcall_level+0x104/0x190
[  973.274228][T31662]        do_initcalls+0x59/0xa0
[  973.279120][T31662]        kernel_init_freeable+0x2a6/0x3e0
[  973.284964][T31662]        kernel_init+0x1d/0x1d0
[  973.289876][T31662]        ret_from_fork+0x514/0xb70
[  973.295034][T31662]        ret_from_fork_asm+0x1a/0x30
[  973.300367][T31662] 
[  973.300367][T31662] -> #4 (fs_reclaim){+.+.}-{0:0}:
[  973.307646][T31662]        fs_reclaim_acquire+0x71/0x100
[  973.313162][T31662]        kmem_cache_alloc_node_noprof+0x4a/0x690
[  973.319543][T31662]        __alloc_skb+0x1d0/0x7d0
[  973.324521][T31662]        __ip6_append_data+0x2d3c/0x3f60
[  973.330322][T31662]        ip6_append_data+0x10f/0x280
[  973.335656][T31662]        rawv6_sendmsg+0x12d3/0x18e0
[  973.341093][T31662]        ____sys_sendmsg+0x80a/0x9f0
[  973.346420][T31662]        ___sys_sendmsg+0x2a5/0x360
[  973.351685][T31662]        __x64_sys_sendmsg+0x1bd/0x2a0
[  973.357195][T31662]        do_syscall_64+0x174/0x580
[  973.362347][T31662]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.368895][T31662] 
[  973.368895][T31662] -> #3 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  973.376689][T31662]        lock_sock_nested+0x41/0x100
[  973.382037][T31662]        inet_shutdown+0x6a/0x390
[  973.387206][T31662]        nbd_mark_nsock_dead+0x2e9/0x560
[  973.393201][T31662]        sock_shutdown+0x15e/0x260
[  973.403795][T31662]        nbd_clear_sock+0x24/0x170
[  973.408958][T31662]        nbd_config_put+0x2dd/0x580
[  973.414298][T31662]        nbd_genl_connect+0x19d5/0x1cf0
[  973.419985][T31662]        genl_family_rcv_msg_doit+0x22a/0x330
[  973.426291][T31662]        genl_rcv_msg+0x61c/0x7a0
[  973.431373][T31662]        netlink_rcv_skb+0x232/0x4b0
[  973.436713][T31662]        genl_rcv+0x28/0x40
[  973.441265][T31662]        netlink_unicast+0x75c/0x8e0
[  973.446588][T31662]        netlink_sendmsg+0x813/0xb40
[  973.451914][T31662]        ____sys_sendmsg+0x972/0x9f0
[  973.457243][T31662]        ___sys_sendmsg+0x2a5/0x360
[  973.462484][T31662]        __x64_sys_sendmsg+0x1bd/0x2a0
[  973.467983][T31662]        do_syscall_64+0x174/0x580
[  973.473137][T31662]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.479614][T31662] 
[  973.479614][T31662] -> #2 (&nsock->tx_lock){+.+.}-{4:4}:
[  973.487350][T31662]        __mutex_lock+0x1a3/0x1550
[  973.492513][T31662]        nbd_queue_rq+0x37b/0x1100
[  973.497686][T31662]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  973.503797][T31662]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  973.510693][T31662]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  973.517247][T31662]        blk_mq_run_hw_queue+0x348/0x4f0
[  973.522958][T31662]        blk_mq_dispatch_list+0xd16/0xe10
[  973.528731][T31662]        blk_mq_flush_plug_list+0x48d/0x570
[  973.534667][T31662]        __blk_flush_plug+0x3ed/0x4d0
[  973.540091][T31662]        __submit_bio+0x28d/0x580
[  973.545174][T31662]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  973.551445][T31662]        block_read_full_folio+0x7b7/0x830
[  973.557324][T31662]        filemap_read_folio+0x137/0x3b0
[  973.562927][T31662]        do_read_cache_folio+0x358/0x590
[  973.568593][T31662]        read_part_sector+0xb6/0x2b0
[  973.573977][T31662]        adfspart_check_ICS+0xb1/0x960
[  973.579459][T31662]        bdev_disk_changed+0x817/0x1770
[  973.585026][T31662]        blkdev_get_whole+0x380/0x510
[  973.590496][T31662]        bdev_open+0x31e/0xd30
[  973.595320][T31662]        blkdev_open+0x470/0x610
[  973.600291][T31662]        do_dentry_open+0x822/0x13a0
[  973.605600][T31662]        vfs_open+0x3b/0x340
[  973.610211][T31662]        path_openat+0x2e08/0x3860
[  973.615347][T31662]        do_file_open+0x23e/0x4a0
[  973.620400][T31662]        do_sys_openat2+0x113/0x200
[  973.625617][T31662]        __x64_sys_openat+0x138/0x170
[  973.631011][T31662]        do_syscall_64+0x174/0x580
[  973.636151][T31662]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.642588][T31662] 
[  973.642588][T31662] -> #1 (&cmd->lock){+.+.}-{4:4}:
[  973.649824][T31662]        __mutex_lock+0x1a3/0x1550
[  973.654959][T31662]        nbd_queue_rq+0xc6/0x1100
[  973.660010][T31662]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  973.666118][T31662]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  973.672998][T31662]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  973.679535][T31662]        blk_mq_run_hw_queue+0x348/0x4f0
[  973.685370][T31662]        blk_mq_dispatch_list+0xd16/0xe10
[  973.691113][T31662]        blk_mq_flush_plug_list+0x48d/0x570
[  973.697030][T31662]        __blk_flush_plug+0x3ed/0x4d0
[  973.702427][T31662]        __submit_bio+0x28d/0x580
[  973.707477][T31662]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  973.713649][T31662]        block_read_full_folio+0x7b7/0x830
[  973.719473][T31662]        filemap_read_folio+0x137/0x3b0
[  973.725043][T31662]        do_read_cache_folio+0x358/0x590
[  973.730715][T31662]        read_part_sector+0xb6/0x2b0
[  973.736020][T31662]        adfspart_check_ICS+0xb1/0x960
[  973.741505][T31662]        bdev_disk_changed+0x817/0x1770
[  973.747087][T31662]        blkdev_get_whole+0x380/0x510
[  973.752502][T31662]        bdev_open+0x31e/0xd30
[  973.757288][T31662]        blkdev_open+0x470/0x610
[  973.762276][T31662]        do_dentry_open+0x822/0x13a0
[  973.767585][T31662]        vfs_open+0x3b/0x340
[  973.772194][T31662]        path_openat+0x2e08/0x3860
[  973.777336][T31662]        do_file_open+0x23e/0x4a0
[  973.782398][T31662]        do_sys_openat2+0x113/0x200
[  973.787636][T31662]        __x64_sys_openat+0x138/0x170
[  973.793059][T31662]        do_syscall_64+0x174/0x580
[  973.798217][T31662]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.804662][T31662] 
[  973.804662][T31662] -> #0 (set->srcu){.+.+}-{0:0}:
[  973.811817][T31662]        __lock_acquire+0x15a5/0x2cf0
[  973.817221][T31662]        lock_sync+0x9d/0x120
[  973.821915][T31662]        __synchronize_srcu+0xca/0x300
[  973.827403][T31662]        elevator_switch+0x1e8/0x7a0
[  973.832732][T31662]        elevator_change+0x2cc/0x450
[  973.838039][T31662]        elevator_set_default+0x36c/0x430
[  973.843783][T31662]        blk_register_queue+0x3e9/0x4e0
[  973.849357][T31662]        __add_disk+0x677/0xd50
[  973.854231][T31662]        add_disk_fwnode+0xfb/0x480
[  973.859451][T31662]        nbd_dev_add+0x72c/0xb50
[  973.864430][T31662]        nbd_genl_connect+0x962/0x1cf0
[  973.869933][T31662]        genl_family_rcv_msg_doit+0x22a/0x330
[  973.876036][T31662]        genl_rcv_msg+0x61c/0x7a0
[  973.881102][T31662]        netlink_rcv_skb+0x232/0x4b0
[  973.886412][T31662]        genl_rcv+0x28/0x40
[  973.890942][T31662]        netlink_unicast+0x75c/0x8e0
[  973.896246][T31662]        netlink_sendmsg+0x813/0xb40
[  973.901565][T31662]        ____sys_sendmsg+0x972/0x9f0
[  973.906878][T31662]        ___sys_sendmsg+0x2a5/0x360
[  973.912102][T31662]        __x64_sys_sendmsg+0x1bd/0x2a0
[  973.917579][T31662]        do_syscall_64+0x174/0x580
[  973.922705][T31662]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.929136][T31662] 
[  973.929136][T31662] other info that might help us debug this:
[  973.929136][T31662] 
[  973.939383][T31662] Chain exists of:
[  973.939383][T31662]   set->srcu --> &q->q_usage_counter(io)#52 --> &q->elevator_lock
[  973.939383][T31662] 
[  973.953087][T31662]  Possible unsafe locking scenario:
[  973.953087][T31662] 
[  973.960554][T31662]        CPU0                    CPU1
[  973.965932][T31662]        ----                    ----
[  973.971311][T31662]   lock(&q->elevator_lock);
[  973.975925][T31662]                                lock(&q->q_usage_counter(io)#52);
[  973.983849][T31662]                                lock(&q->elevator_lock);
[  973.990987][T31662]   sync(set->srcu);
[  973.994919][T31662] 
[  973.994919][T31662]  *** DEADLOCK ***
[  973.994919][T31662] 
[  974.003090][T31662] 6 locks held by syz.4.6325/31662:
[  974.008317][T31662]  #0: ffffffff8fe392e8 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  974.016566][T31662]  #1: ffffffff8fe39120 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0
[  974.025595][T31662]  #2: ffff88807a07a9c0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: add_disk_fwnode+0xe7/0x480
[  974.036002][T31662]  #3: ffff88802af934a0 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_register_queue+0x119/0x4e0
[  974.045883][T31662]  #4: ffff88802af92f28 (&q->q_usage_counter(queue)#52){+.+.}-{0:0}, at: elevator_change+0x198/0x450
[  974.056816][T31662]  #5: ffff88802af93418 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1b3/0x450
[  974.066699][T31662] 
[  974.066699][T31662] stack backtrace:
[  974.072644][T31662] CPU: 1 UID: 0 PID: 31662 Comm: syz.4.6325 Not tainted syzkaller #0 PREEMPT(full) 
[  974.072667][T31662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  974.072678][T31662] Call Trace:
[  974.072685][T31662]  <TASK>
[  974.072693][T31662]  dump_stack_lvl+0xe8/0x150
[  974.072717][T31662]  print_circular_bug+0x2e1/0x300
[  974.072744][T31662]  check_noncircular+0x12e/0x150
[  974.072769][T31662]  __lock_acquire+0x15a5/0x2cf0
[  974.072792][T31662]  ? lockdep_unlock+0x5d/0xd0
[  974.072809][T31662]  ? __lock_acquire+0x146e/0x2cf0
[  974.072828][T31662]  ? __lock_acquire+0x146e/0x2cf0
[  974.072847][T31662]  ? __synchronize_srcu+0xb6/0x300
[  974.072862][T31662]  lock_sync+0x9d/0x120
[  974.072879][T31662]  ? __synchronize_srcu+0xb6/0x300
[  974.072898][T31662]  __synchronize_srcu+0xca/0x300
[  974.072914][T31662]  ? do_raw_spin_lock+0x12b/0x2f0
[  974.072938][T31662]  ? __pfx___synchronize_srcu+0x10/0x10
[  974.072960][T31662]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  974.072988][T31662]  ? ktime_get_mono_fast_ns+0x2d2/0x2f0
[  974.073016][T31662]  ? synchronize_srcu+0x20d/0x270
[  974.073033][T31662]  elevator_switch+0x1e8/0x7a0
[  974.073054][T31662]  ? blk_mq_cancel_work_sync+0xa5/0xe0
[  974.073077][T31662]  elevator_change+0x2cc/0x450
[  974.073097][T31662]  ? do_raw_spin_unlock+0xf5/0x210
[  974.073123][T31662]  elevator_set_default+0x36c/0x430
[  974.073144][T31662]  ? __pfx_elevator_set_default+0x10/0x10
[  974.073169][T31662]  ? disk_register_independent_access_ranges+0x2db/0x380
[  974.073275][T31662]  ? blk_crypto_sysfs_register+0x11c/0x170
[  974.073322][T31662]  blk_register_queue+0x3e9/0x4e0
[  974.073350][T31662]  __add_disk+0x677/0xd50
[  974.073376][T31662]  ? down_read+0x270/0x2e0
[  974.073397][T31662]  add_disk_fwnode+0xfb/0x480
[  974.073424][T31662]  nbd_dev_add+0x72c/0xb50
[  974.073452][T31662]  ? __pfx_nbd_dev_add+0x10/0x10
[  974.073485][T31662]  ? bpf_lsm_capable+0x9/0x20
[  974.073502][T31662]  ? security_capable+0x7e/0x2c0
[  974.073527][T31662]  ? radix_tree_lookup+0x25c/0x290
[  974.073554][T31662]  nbd_genl_connect+0x962/0x1cf0
[  974.073578][T31662]  ? __pfx___nla_validate_parse+0x10/0x10
[  974.073604][T31662]  ? __pfx_nbd_genl_connect+0x10/0x10
[  974.073630][T31662]  ? rcu_is_watching+0x15/0xb0
[  974.073650][T31662]  ? trace_kmalloc+0x2a/0xf0
[  974.073676][T31662]  ? __nla_parse+0x40/0x60
[  974.073697][T31662]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  974.073724][T31662]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  974.073752][T31662]  genl_family_rcv_msg_doit+0x22a/0x330
[  974.073780][T31662]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  974.073811][T31662]  ? __lock_acquire+0x6b5/0x2cf0
[  974.073833][T31662]  genl_rcv_msg+0x61c/0x7a0
[  974.073859][T31662]  ? __pfx_genl_rcv_msg+0x10/0x10
[  974.073882][T31662]  ? __pfx_nbd_genl_connect+0x10/0x10
[  974.073913][T31662]  netlink_rcv_skb+0x232/0x4b0
[  974.073932][T31662]  ? __pfx_genl_rcv_msg+0x10/0x10
[  974.073956][T31662]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  974.073983][T31662]  ? down_read+0x270/0x2e0
[  974.074001][T31662]  ? genl_rcv+0xd/0x40
[  974.074024][T31662]  genl_rcv+0x28/0x40
[  974.074046][T31662]  netlink_unicast+0x75c/0x8e0
[  974.074067][T31662]  netlink_sendmsg+0x813/0xb40
[  974.074090][T31662]  ? __pfx_netlink_sendmsg+0x10/0x10
[  974.074111][T31662]  ? aa_sock_msg_perm+0xf1/0x1b0
[  974.074137][T31662]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  974.074161][T31662]  ____sys_sendmsg+0x972/0x9f0
[  974.074181][T31662]  ? __might_fault+0xaf/0x130
[  974.074206][T31662]  ? __pfx_____sys_sendmsg+0x10/0x10
[  974.074229][T31662]  ? import_iovec+0x73/0xa0
[  974.074250][T31662]  ___sys_sendmsg+0x2a5/0x360
[  974.074268][T31662]  ? __lock_acquire+0x6b5/0x2cf0
[  974.074287][T31662]  ? __pfx____sys_sendmsg+0x10/0x10
[  974.074439][T31662]  ? futex_wait+0x2a2/0x390
[  974.074482][T31662]  ? __fget_files+0x2a/0x420
[  974.074505][T31662]  ? __fget_files+0x3a0/0x420
[  974.074531][T31662]  __x64_sys_sendmsg+0x1bd/0x2a0
[  974.074553][T31662]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  974.074577][T31662]  ? rcu_is_watching+0x15/0xb0
[  974.074601][T31662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.074619][T31662]  do_syscall_64+0x174/0x580
[  974.074637][T31662]  ? trace_irq_disable+0x3b/0x140
[  974.074664][T31662]  ? clear_bhb_loop+0x40/0x90
[  974.074682][T31662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.074700][T31662] RIP: 0033:0x7fbc4ed9ce59
[  974.074717][T31662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  974.074732][T31662] RSP: 002b:00007fbc4fc7d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  974.074751][T31662] RAX: ffffffffffffffda RBX: 00007fbc4f015fa0 RCX: 00007fbc4ed9ce59
[  974.074765][T31662] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 000000000000000a
[  974.074776][T31662] RBP: 00007fbc4ee32d6f R08: 0000000000000000 R09: 0000000000000000
[  974.074787][T31662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  974.074797][T31662] R13: 00007fbc4f016038 R14: 00007fbc4f015fa0 R15: 00007fff6f917d58
[  974.074818][T31662]  </TASK>
[  974.630651][T31665] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6325'.
[  974.662992][T31665] nbd: device at index 64 is going down
[  974.693295][T31674] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6327'.
[  974.742402][T31674] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6327'.
[  974.763487][T31637] udevd[31637]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory