last executing test programs:

4.145538003s ago: executing program 0 (id=1087):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000fcdbdf251700000008000300", @ANYRES32=r2, @ANYBLOB="12003080050002"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = gettid()
socket$nl_route(0x10, 0x3, 0x0)
r5 = accept(0xffffffffffffffff, &(0x7f0000000000)=@x25, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r7, 0x0, 0x2, &(0x7f0000002fc0), 0x4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r8=>0x0})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002780)={{0xffffffffffffffff, <r9=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000002680)}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000002980)={'gre0\x00', &(0x7f00000006c0)={'ip_vti0\x00', <r10=>0x0, 0x1, 0x40, 0x9, 0x8, {{0x22, 0x4, 0x3, 0x7, 0x88, 0x64, 0x0, 0x2, 0x2f, 0x0, @rand_addr=0x64010102, @remote, {[@end, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x1c, 0x22, 0x3, 0x6, [{@remote, 0xe6b}, {@local, 0x10}, {@empty, 0x7}]}, @timestamp_addr={0x44, 0x1c, 0xc7, 0x1, 0x1, [{@private=0xa010101, 0x90e}, {@multicast1, 0x3}, {@dev={0xac, 0x14, 0x14, 0x1f}, 0x4}]}, @end, @generic={0x94, 0x5, "9e876d"}, @ssrr={0x89, 0x13, 0x60, [@private=0xa010100, @local, @local, @local]}, @lsrr={0x83, 0x1b, 0x93, [@multicast1, @rand_addr=0x64010102, @multicast2, @rand_addr=0x64010100, @remote, @loopback]}]}}}}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000002a00)={0x8, <r11=>0x0}, 0x8)
r12 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt(r12, 0x1, 0xf, &(0x7f0000000440)=""/234, &(0x7f0000000540)=0xea)
setsockopt$MRT6_ASSERT(r5, 0x29, 0xcf, &(0x7f0000002f80)=0x1, 0x4)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000002cc0)={0xa, 0x24, &(0x7f0000002a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0x3}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10}}, @ldst={0x1, 0x0, 0x3, 0x3, 0xb, 0xffffffffffffffe0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @map_fd={0x18, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f0000002b80)='GPL\x00', 0x46e, 0x32, &(0x7f0000002bc0)=""/50, 0x41000, 0x23, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x8, &(0x7f0000002c00)={0x6, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, &(0x7f0000002c40)=[r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000002c80)=[{0x3, 0x4, 0x1, 0x9}, {0x2, 0x1, 0x8, 0xc}, {0x3, 0x5, 0xd, 0x9}, {0x2, 0x3, 0xc, 0x4}], 0x10, 0x5}, 0x94)
r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000009000000000000000500000000010000", @ANYRES32, @ANYBLOB="0500000000000000000000e100000000000000004ce348d78fc4ccbabffd1c09022288c6d1861b1db02ae6ca3b9cf9713a4237e9a2f635636d7e3f0878bf01c65389680380aa0b857a7c219ddc9142c6f683ab7ecf635c643d796c9bb89a4fe91e83706fa4eaa7b3a045a8a2582949125489d38818a1eb20232c2e10f583fc644d7272932119e06339829d550bf07011e986628617aa772b83cb31f45bfcede5a39aa79bb8ba3a50cc2205d396c0c41b7980ab57a064f952cc335e7bd7b5400dcfc6c3f3f6aa8b1e306bbd05cd0d698fbccd6b3b03cfc67871103f158d9c70736cee3623fd95674c13", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000400000002000000d157052c0000000000000050dd0ed8670000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002e80)={0x12, 0x16, &(0x7f00000027c0)=ANY=[@ANYBLOB="1800000077090000000000000800000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70200000000000085000000860000007c22c0ff04000000185a00000d0000000000000000000000bf91000000000000b7020000000004008500000085000000b7000000000000009500000000000000"], &(0x7f0000002880)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x52, '\x00', r10, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0x8, &(0x7f00000029c0)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, r11, r13, 0x1, &(0x7f0000002e00)=[r14], &(0x7f0000002e40)=[{0x3, 0x2, 0x7, 0x8}], 0x10, 0x9}, 0x94)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x38, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8, 0x0, 0x6, 0x0, 0xfffc, 0x84da, 0x40]}}]}]}]}, 0x38}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002700)=ANY=[@ANYBLOB="3c00000000ffffffdd", @ANYRES32=0x0, @ANYBLOB="0085000000000000140012800900010076657468000000000400028008001300", @ANYRES32=r4, @ANYBLOB="259757f137a6b3b0c0e703cb73d7d64c171b"], 0x3c}, 0x1, 0x0, 0x0, 0x24008814}, 0x8000)
r15 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r15, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)={0x18, 0x2d, 0x1, 0x0, 0x80000000, "", [@typed={0x5, 0x65, 0x0, 0x0, @str='\x00'}]}, 0x18}], 0x1, 0x0, 0x0, 0x4040001}, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000002f40)=r11, 0x4)
socket$l2tp(0x2, 0x2, 0x73)
r16 = socket$nl_generic(0x10, 0x3, 0x10)
r17 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r16, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004840)={0x38, r17, 0x731, 0x0, 0x0, {0x38}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x73}}}]}, 0x38}, 0x1, 0x2, 0x0, 0x1bb5818a0d1752a}, 0x4890)

3.388658146s ago: executing program 0 (id=1092):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$L2TP_CMD_SESSION_MODIFY(r3, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000100))
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000020, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000580)="03", 0x1, 0x20000800, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000004c0)='lp\x00', 0x3)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.54457601s ago: executing program 2 (id=1098):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000400)=0x5e5, 0x4)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0x6}, 0x1c)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', r0, 0x4000, r0}, 0x18)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r2)
recvmmsg(r2, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000002c0)}, 0x158}, {{0x0, 0x0, 0x0}, 0xfc}, {{0x0, 0x0, 0x0}, 0x80000001}], 0x3, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10)
r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000005, 0x10013, r3, 0x9a3ed000)
sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001840)=[{0x0}, {&(0x7f0000003140)="c4f5dde90d290241b1574bbcc5ad26606e65ca23cfe9b27ee0e312ee2111b7d39c72eeb12d03902fe40f85492970a92c4c74aeeb0b2e47feae71c8a9fc20c539a42720bb989d95b38de73cb784cd7af6d839952c0897ea696df0eea06a92cb96602abaaa6f7352eb29fe8d2f64c4fa4b25b34c1e298b6466d3f7d1ffda191764835b6c8e9648da2370f9c654bb3a001dd02a4bbc4d73a0d32beef8fec6d69c57f92e45d38c6422ef250f2887fccec0385a3b3ed04188b8b1cf91eb108123", 0xbe}, {0x0}], 0x3}, 0x40008c1)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0xa7c, r4}, 0x38)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'ip6_vti0\x00', <r6=>0x0, 0x2f, 0x86, 0x9, 0x3, 0x24, @local, @rand_addr=' \x01\x00', 0x40, 0x40, 0x6db3, 0x9}})
setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f0000000340)={0x0, 0x2, 0x5, 0x9}, 0x10)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x20010, r5, 0xf65a5000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r5}, 0x8)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[], 0x0, 0x1a, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000006b113600000000009f000000000000009500000000000000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

2.359700137s ago: executing program 0 (id=1101):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000450f0000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001f00)={&(0x7f0000001e80)=ANY=[@ANYBLOB], 0x0, 0x3c}, 0x28)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000380))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="480000002f7f6d62835d9d8f4448f7c1b6e917a7fe985a3f14626e9714ea7a4759f559613e1cf2c136ac30ff406505c18f97085e1e7e5c6fb69fc66fd9fb812b9bf34eca9ef0e563452de8a342014c092d1668279d5cc6282ce105115e21c8ace5ab4d038faa4a5277080bcffa1b22403f0f200e660bf450323177ea80917bbf039505cdb9c3e86c0ab1f36483b92e6b9159c70144eaf250ca5beb4f98cc585b77b9a36db9117a0c9d289eaddba954f349b5388a0ad098a8fa9c4c42c636244db173463d8889c21dc00f30c3889a85a5bea7f9504df10c15d72d2235a43f3b0dfb6d8d8e5f99da9d6e5297", @ANYRES16=r4, @ANYBLOB="010029bd7000fbdbdf25250000000a0001007770616e3000000005002e00fc0000000c0005000203aaaaaaaaaaaa0c002d000201aaaaaaaaaaaa05002b0002000000"], 0x48}, 0x1, 0x0, 0x0, 0x40080c0}, 0x4004)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000110000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701000001ffffffb702000008000000b703000003000000850000001700000095", @ANYRES16=r0, @ANYRESDEC=r0, @ANYRES8=r1], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x0, 0x0, 0x20880, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0xa, &(0x7f0000000140)=0x7, 0x54)
setsockopt$inet6_tcp_int(r5, 0x6, 0xa, &(0x7f0000000000)=0x2, 0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000180)={'wpan0\x00', <r7=>0x0})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r8)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="1800f0000a725569deab82e45755ceeddca01549b987a1df63336a9d5c00c4cd1744f58f79840500000000000000649ac654fc590e7f5cecd4fd6cb2ab9b1e6cc3bb6f49f3c6b13837ff982dd429260bb7546f371f02e3761e395f1bf120259481a8ede6fdc803c7e8aa315ac61c5c3cc0d12e8a7cbffdb2ff054e3bf71ca1448a861c3d2fb397b3ae5442f29efd095d0276f5f0fd77612ba934b99c258089c31b9eea074bf13655c072ede252ff1cb1fa0b42503718be8f971aede382e9f280afe3dbe63fd198ceaa4a06e0cda9e3c9e3264ef82899c8f7105fc996fe9c41c5ec8f74eee89eca9455a3d6d85444903cfda64c31130aa0949df352a278adc5f06bc044a82d455f421a058f", @ANYRES16=r9, @ANYBLOB="4d7e00000000fbdbdf252a00000008002f000000000005003600000000000c000500000000000000000008000200", @ANYRES32=r7, @ANYBLOB], 0x38}, 0x4, 0x700000000000000}, 0x8850)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), r11)
ioctl$sock_SIOCGIFINDEX_802154(r11, 0x8933, &(0x7f0000000180)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010029bd70000300831621031f060eba0000", @ANYRES32=r13, @ANYBLOB='\b\x00*\x00\a\x00\x00\x00'], 0x24}, 0x1, 0x0, 0x0, 0x20008024}, 0x80)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r14, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r15, @ANYBLOB="010700000000000000001600000008000300", @ANYRES32=r16, @ANYBLOB="5f91c413bbea65e2eb3f4885b8d944b29aa1e1e46d51f5f185975a77c1d62bad55c3334ef22d0181fbc952cc679c3a25f016b965b7700a61cbaa4dbffae55c2da6c441830cb5706de97c38a8ba4be5abbf584de0b24901000000000000007b7fc922a981359b9979a516252e08671a332d8cdec489626b397f1f678f56d97b2230560443f05a280207435caae9d69fe83b76e5f62d71f555bb2ba73bf51abed0c0a113e2e6632ee2f88b674c08d0"], 0x1c}}, 0x0)
r17 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r18 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), r17)
ioctl$sock_SIOCGIFINDEX_802154(r17, 0x8933, &(0x7f0000000180)={'wpan0\x00', <r19=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r17, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x24, r18, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r19}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008024}, 0x80)
sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x40, r4, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r13}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r16}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r19}]}, 0x40}, 0x1, 0x0, 0x0, 0xc4}, 0x40000)

2.026745786s ago: executing program 0 (id=1104):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0xb, 0xf, 0xff, 0x0, 0x3, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0xf4, 0x2], 0x1, [0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0xd52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x3}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1], 0x44}}, 0x0)

1.893622414s ago: executing program 0 (id=1106):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[], 0x7c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'ip6_vti0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x29, 0x1, 0x2, 0x93, 0x20, @remote, @private2, 0x1, 0x7, 0x7, 0x40}})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0x1}, &(0x7f0000000380), &(0x7f0000000440)=r1}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1004e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f0000001d80)=[{{&(0x7f00000004c0)=@sco={0x1f, @none}, 0x80, &(0x7f0000001b00)=[{&(0x7f0000000540)=""/139, 0x8b}, {&(0x7f00000006c0)=""/239, 0xef}, {&(0x7f00000007c0)=""/240, 0xf0}, {&(0x7f00000008c0)=""/158, 0x9e}, {&(0x7f0000000980)=""/250, 0xfa}, {&(0x7f0000003100)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/121, 0x79}], 0x7, &(0x7f0000001b80)=""/82, 0x52}, 0x8}, {{&(0x7f0000001c00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000001c80)=""/230, 0xe6}], 0x1, &(0x7f0000000a80)=""/68, 0x44}, 0x1}], 0x2, 0x40000040, 0x0)
ppoll(&(0x7f0000000000)=[{r4, 0x8104}], 0x1, 0x0, 0x0, 0x0)
r5 = socket(0x1d, 0x4, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000280)=ANY=[], 0xf08)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x28, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x2a, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r6, 0x0, 0x0)
close(0x3)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/242, 0xf2}], 0x1}, 0x10022)
recvmmsg$unix(r5, 0x0, 0x0, 0x400122a0, 0x0)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.882611059s ago: executing program 4 (id=1107):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$inet6(r0, &(0x7f0000000040)={&(0x7f0000000000)={0xa, 0x0, 0x4, @empty, 0x7f}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="280000000000000029000000390000002902020100000000ff02000000000000000000000000000120000000000000002900000037"], 0x48}, 0x24000880)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x4, 0x9)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x40000100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000611050000000000073019b0000000000950000000000e2ff"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0)
unshare(0x28040680)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000090601020000000000000000030000000900020073797a31000000000500010007000000280007800c00018008000140e00000010c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

1.719360853s ago: executing program 4 (id=1109):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc)
socket(0x1, 0x80000, 0x6)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="94000000020701020000000000000000000000040c000340000000000000000344000780080001"], 0x94}, 0x1, 0x0, 0x0, 0x24004010}, 0x4040100)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=@newlink={0x4c, 0x10, 0x439, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1801, 0x1103}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x100000}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000100001e5a29e193fa8ea73000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000d05000300be5500000900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@generic={0xd7, 0xa, 0x0, 0x0, 0x40}]}, &(0x7f0000000040)='GPL\x00', 0x9}, 0x90)

1.607402031s ago: executing program 2 (id=1110):
r0 = socket$inet(0x2b, 0x801, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x20800001, 0x4)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000b40)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x31, 0x0, 0x0)

1.499692222s ago: executing program 4 (id=1112):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = gettid()
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8500, 0x23}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)

1.364015037s ago: executing program 2 (id=1113):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000080)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000580)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000006c0)={0x1c, r4, 0x1, 0xf0bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x20004804)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000c80)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x6ecb22e0}, 0x0, 0x0, 0x0, 0x5}}}]}, 0x78}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r9=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r3, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000400)=[0x0], &(0x7f0000000440)=[0x0], 0x0, 0xab, &(0x7f0000000480)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x66, 0x8, 0x8, &(0x7f0000000540)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r11=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000008c0)={'ip6gre0\x00', &(0x7f0000000840)={'ip6tnl0\x00', <r12=>0x0, 0x2d, 0x3, 0x33, 0x5, 0x9, @mcast2, @loopback, 0x1, 0x1, 0x923, 0xfffffffb}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000980)={'syztnl1\x00', &(0x7f0000000900)={'syztnl2\x00', <r13=>0x0, 0x29, 0x0, 0x8, 0x1, 0x3e, @ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x90, 0x7, 0xb9, 0xf}})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000009c0)={'ip6tnl0\x00', <r14=>0x0})
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r15, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r17=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r15, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x3c, r16, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r17}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000)
r18 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r18, 0x8933, &(0x7f0000000080)={'veth0_vlan\x00', <r19=>0x0})
sendmsg$nl_route(r18, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000041000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r19, @ANYBLOB="080004"], 0x4c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a80)={'ip6tnl0\x00', &(0x7f0000000a00)={'syztnl1\x00', <r20=>0x0, 0x4, 0x5, 0x2, 0x0, 0x44, @private2, @mcast2, 0x8, 0x10, 0x7fff, 0x2}})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000b00)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000c80)={0x184, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}, @HEADER={0x4}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xd41224a519f41f8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r19}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r20}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4004001}, 0x8080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00', r3, 0x0, 0x2}, 0x18)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0xbdce6000)
pselect6(0x40, &(0x7f0000000000)={0x2f7a, 0x80000000000, 0x0, 0x9a9, 0x6, 0x7, 0x5, 0x1}, &(0x7f0000000040)={0x6, 0x4, 0x3, 0x3, 0x6, 0x5, 0x6, 0x4}, &(0x7f00000000c0)={0x0, 0x8b, 0x7, 0x9, 0x6, 0x2, 0x1000000000000000}, &(0x7f0000000140)={0x77359400}, &(0x7f0000000200)={&(0x7f0000000180)={[0xa]}, 0x8})

1.171657681s ago: executing program 4 (id=1115):
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
unshare(0x20000400)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000940)={0x1f, @none}, 0x8)
connect$bt_sco(r0, &(0x7f0000000000), 0x8)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x8080)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfe, 0x2000000}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x6, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000b3b200000000000000000000851000000100000095000000000000c536000000ad00000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x9c, &(0x7f0000001300)=""/156, 0x41100, 0x4a}, 0x94)

1.171326233s ago: executing program 1 (id=1116):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0xb, 0xf, 0xff, 0x0, 0x3, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0xf4, 0x2], 0x1, [0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0xd52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x3}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1], 0x44}}, 0x0)

1.120419224s ago: executing program 2 (id=1117):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000280)=0x2, 0x4) (async)
setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000100)=0x6, 0x4) (async)
connect$tipc(r0, &(0x7f0000000140)=@id, 0x10) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000080)=@req3={0x54c, 0x4, 0x3, 0x3, 0xc, 0x6, 0x7}, 0x1c)
recvfrom(r3, &(0x7f0000000040)=""/18, 0x12, 0x6667b9fa4a4fda0, 0x0, 0x0) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
connect$netlink(r4, &(0x7f00000025c0)=@unspec, 0xc) (async)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r5, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040004}, 0x20000000) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = socket(0x400000000010, 0x3, 0x0) (async)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0}) (async)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x4, 0x8, 0x101, 0x0, 0x0, {0xe, 0x0, 0x5}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x24}}, 0x20000000) (async)
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b40)=@newtfilter={0x6c, 0x2c, 0xd27, 0x74fd25, 0x25dfdbfd, {0x0, 0x0, 0xb00, r9, {0x9, 0x8}, {}, {0xd, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xffffffe5, 0x2, [@TCA_CGROUP_ACT={0x0, 0x1, [@m_ctinfo={0x0, 0x20, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x0, 0x7, 0xff}, @TCA_CTINFO_PARMS_DSCP_MASK={0x0, 0x5, 0x46e}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x0, 0x6, 0x9}, @TCA_CTINFO_ACT={0x0, 0x3, {0x2, 0x0, 0xffffffffffffffff, 0x100, 0xfffffffd}}]}, {0x0, 0x6, "0d55ec0765d75ebf98b0d5a1ec8cf62f5291a2c902da689e2eb0a952a495a67d5f9310a8e03bea07f94ab757caca71c000af57d7fd658db13d88174cff3a56dfab7a595b511f85e7da7db7bc1eb7d7bc67084e740218fa69c817c85bd7588de0bf26ca30dec7aaeadf2fe929f30714d95e140839946a39140dde49a431dfc737378a086abd3937751de46c257c6a02a9a661c72947f87180d98c301144bfb72a9b21817636645d"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x1, 0x3}}}}, @m_mpls={0x3, 0x15, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x0, 0x7, 0x2}, @TCA_MPLS_PROTO={0x0, 0x4, 0x6005}]}, {0x0, 0x6, "0faee76edc495023be8f17ad2d93124ccf7fb21a98daa3cea46e46495689fe70d415f18dd835e93d9298bf6391d91df56d79731f0e5d0792b6a76fb5ec11688be570ecd02f63bc16add595112b3954f71511b53747550f288344926e922f01ccdb2ba18ffe080efffcdb7456d4fef331fefe"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0xa92e93f4d0615839, 0x1}}}}, @m_mirred={0x0, 0x12, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x0, 0x2, {{0xf, 0x9, 0x4, 0xfffffff7, 0x3}, 0x1, r9}}, @TCA_MIRRED_PARMS={0x0, 0x2, {{0x401, 0x1000, 0x0, 0x80000000, 0x9d}, 0x3, r9}}, @TCA_MIRRED_PARMS={0x0, 0x2, {{0xea, 0x6, 0x7, 0x8, 0xffffffff}, 0x2, r9}}, @TCA_MIRRED_PARMS={0x0, 0x2, {{0x9, 0xfffffffc, 0x20000000, 0x80, 0xe59}, 0x3, r9}}, @TCA_MIRRED_PARMS={0x0, 0x2, {{0x6, 0x2, 0x4, 0x1, 0xd}, 0x4, r9}}]}, {0x0, 0x6, "ae3a3d56b9e39178eebea1bfd49dc7014c045085d4c7019afe1de464387765cee0973a0c042d446feaba73502c8bf2e5c35963667604d017a93c15e427a4844ba7ef70241355d37ac60373b950188bfc834335535805e485396e282575e00e216c465fb62fcedef7542c87b5b5b1d0b36668d3a7198eee897d5dcf398de61967"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x90}, 0x40010)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="48000000100039042cbd7000eaffffffe9ff02e4", @ANYRES32=0x0, @ANYBLOB="83000400000000002800188018000180140004000a714d65c62d9b0bcf294ff0dd8403310c0001800500020000000000"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

1.088137152s ago: executing program 4 (id=1118):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x3)
syz_emit_ethernet(0x83, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000060c0)=@newtfilter={0x34, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x887}, 0x24040084)

936.3579ms ago: executing program 2 (id=1120):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000400)=0x5e5, 0x4)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0x6}, 0x1c)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', r0, 0x4000, r0}, 0x18)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r2)
recvmmsg(r2, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000002c0)}, 0x158}, {{0x0, 0x0, 0x0}, 0xfc}, {{0x0, 0x0, 0x0}, 0x80000001}], 0x3, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10)
r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000005, 0x10013, r3, 0x9a3ed000)
sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001840)=[{0x0}, {&(0x7f0000003140)="c4f5dde90d290241b1574bbcc5ad26606e65ca23cfe9b27ee0e312ee2111b7d39c72eeb12d03902fe40f85492970a92c4c74aeeb0b2e47feae71c8a9fc20c539a42720bb989d95b38de73cb784cd7af6d839952c0897ea696df0eea06a92cb96602abaaa6f7352eb29fe8d2f64c4fa4b25b34c1e298b6466d3f7d1ffda191764835b6c8e9648da2370f9c654bb3a001dd02a4bbc4d73a0d32beef8fec6d69c57f92e45d38c6422ef250f2887fccec0385a3b3ed04188b8b1cf91eb108123", 0xbe}, {0x0}], 0x3}, 0x40008c1)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0xa7c, r4}, 0x38)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'ip6_vti0\x00', <r6=>0x0, 0x2f, 0x86, 0x9, 0x3, 0x24, @local, @rand_addr=' \x01\x00', 0x40, 0x40, 0x6db3, 0x9}})
setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f0000000340)={0x0, 0x2, 0x5, 0x9}, 0x10)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x20010, r5, 0xf65a5000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r5}, 0x8)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[], 0x0, 0x1a, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000006b113600000000009f000000000000009500000000000000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

876.013451ms ago: executing program 1 (id=1122):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000940)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x40004)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r7}, &(0x7f0000000580), &(0x7f00000005c0)=r2}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r7}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1e, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x2, 0x300}, {0x6e}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x3}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

832.496632ms ago: executing program 0 (id=1123):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8) (async)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r5, 0x1, 0x28, &(0x7f00000003c0)=0x5, 0x4)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r5, &(0x7f00000002c0)="23000000010006", 0x7) (async)
write(r5, &(0x7f00000002c0)="23000000010006", 0x7)
r6 = socket$inet6(0xa, 0x4, 0x7)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x40}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e24, 0x2, @loopback, 0x5}, @in={0x2, 0x4e23, @rand_addr=0x64010101}, @in6={0xa, 0x4e20, 0x2, @mcast1, 0xf}], 0x74)
bind$inet6(r6, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c)
r8 = socket$netlink(0x10, 0x3, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) (async)
setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r9, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r10, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r10, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)

756.474161ms ago: executing program 3 (id=1124):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$L2TP_CMD_SESSION_MODIFY(r3, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000100))
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
sendto$inet6(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000004c0)='lp\x00', 0x3)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

671.861747ms ago: executing program 1 (id=1125):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), r0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)={0x14, r1, 0x400, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4044110}, 0x4000)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080), r0)
sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x10, 0x2, 0x0, 0x1, [{0x51, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}]}, @NFTA_SET_USERDATA={0x8, 0xd, 0x1, 0x0, "1fdcfb63"}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa0}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

596.661973ms ago: executing program 3 (id=1126):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = gettid()
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8500, 0x300}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)

571.588566ms ago: executing program 1 (id=1127):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb8}}, 0x20050800)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000080)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000580)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00', r4, 0x0, 0x2}, 0x18)
socket(0x23, 0x6, 0x10)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0xbdce6000)
pselect6(0x40, &(0x7f0000000000)={0x2f7a, 0x80000000000, 0x0, 0x9a9, 0x6, 0x7, 0x5, 0x1}, &(0x7f0000000040)={0x6, 0x4, 0x3, 0x3, 0x6, 0x5, 0x6, 0x4}, &(0x7f00000000c0)={0x0, 0x8b, 0x7, 0x9, 0x6, 0x2, 0x1000000000000000}, &(0x7f0000000140)={0x77359400}, &(0x7f0000000200)={&(0x7f0000000180)={[0xa]}, 0x8})

512.583884ms ago: executing program 3 (id=1128):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000300)='GPL\x00', 0x9, 0x1003, &(0x7f0000000340)=""/4099, 0x41100, 0x6}, 0x94) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) (async)
r1 = getuid()
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "7f"}]}], {0x14}}, 0x74}}, 0x14) (async)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8)
sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000001380)=@expire={0x344, 0x18, 0x400, 0x70bd26, 0xffff7f7f, {{{@in=@empty, @in=@rand_addr=0x64010102, 0x4e24, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x30, 0x29, 0x0, r1}, {@in=@dev={0xac, 0x14, 0x14, 0x43}, 0x4d5}, @in6=@mcast2, {0x401, 0x2, 0x1, 0x4, 0xf103, 0x2, 0x100000000, 0x7}, {0x600, 0x6d, 0x4, 0x3}, {0x100, 0x1, 0x7}, 0x70bd27, 0x3503, 0x2, 0x4, 0x5}, 0xff}, [@proto={0x5, 0x19, 0x3c}, @sa={0xe4, 0x6, {{@in6=@dev={0xfe, 0x80, '\x00', 0x10}, @in=@dev={0xac, 0x14, 0x14, 0x1b}, 0x5e21, 0x1, 0x4e21, 0x81, 0x2, 0x80, 0x80, 0x5e, 0x0, r3}, {@in6=@empty, 0x4d2, 0x8}, @in6=@private2, {0x8, 0x3, 0x0, 0xdcb3, 0x9, 0x0, 0xffffffffffff0ec9, 0x4}, {0x9, 0x100, 0x9, 0x7}, {0x80000000, 0x80000000, 0xa28}, 0x70bd2d, 0x3505, 0x2, 0x0, 0x8, 0xa}}, @lastused={0xc, 0xf, 0x6}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x4}, @tmpl={0x144, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x84d4, 0x6c}, 0xa, @in=@broadcast, 0x3507, 0x1, 0x3, 0x2, 0xfffffff9, 0x81909921, 0x401}, {{@in=@empty, 0x4d6, 0x2b}, 0x2, @in6=@dev={0xfe, 0x80, '\x00', 0x3b}, 0x0, 0x0, 0x3, 0x4, 0x9, 0xd5, 0x5d1}, {{@in=@broadcast, 0x4d2, 0xff}, 0xa, @in=@local, 0x3505, 0x2, 0x1, 0xff, 0x10, 0x10001, 0x100}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4d2, 0x6c}, 0x2, @in=@local, 0x0, 0x4, 0x2, 0xa, 0x9, 0x11, 0x80000000}, {{@in=@dev={0xac, 0x14, 0x14, 0xc}, 0x4d4, 0x32}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x34ff, 0x0, 0x0, 0x81, 0x7, 0x9, 0x2800}]}, @XFRMA_SET_MARK={0x8, 0x1d, 0x6}]}, 0x344}, 0x1, 0x0, 0x0, 0x20044811}, 0x10)

388.638735ms ago: executing program 1 (id=1129):
sendto$x25(0xffffffffffffffff, 0x0, 0x0, 0x4080, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000010900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000050000000060a010400000000000000000100000808000b400000000028000480240001800b0001007470726f7879000014000280080003400800000a080001400000000a0900010073797a30"], 0xc4}}, 0x4008800)
r2 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000280)=0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x41, 0x3, 0x380, 0x0, 0x19, 0x0, 0x0, 0x0, 0x2e8, 0x1f0, 0x1f0, 0x2e8, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @dev, 0x0, 0x0, 'wlan1\x00', 'wg1\x00'}, 0x0, 0x1f8, 0x218, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@hashlimit2={{0x150}, {'veth1\x00', {0x0, 0x8, 0x0, 0x0, 0x0, 0x687c, 0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@empty, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'netpci0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3e0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x2, 0x0, 0x9, 0xf, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x80, 0x0, @in6={0xa, 0x0, 0x0, @remote, 0x103}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0xfe, 0x6e}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_key={0x1, 0x8}]}, 0x78}, 0x1, 0x7}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000090)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x4c800)
r6 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)

385.223832ms ago: executing program 3 (id=1139):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
writev(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="60b772204a47", 0x6}, {&(0x7f0000000080)="0bc3", 0x2}, {&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00', 0x7}], 0x3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000001400000014000000050000000000000001000006040000000100000000000000005f5fa0"], &(0x7f0000000200)=""/146, 0x31, 0x92, 0x1}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000700)={0x3ec, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1f8, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x48708e4c0bf9835f}, @NL80211_TXRATE_HT={0x50, 0x2, [{0x7, 0x1}, {0x0, 0x6}, {0x1, 0x7}, {0x2, 0x2}, {0x7, 0x7}, {0x1, 0x3}, {0x4, 0x7}, {0x5, 0x1}, {0x4}, {0x2, 0x2}, {0x0, 0x6}, {0x4, 0x7}, {0x1, 0x4}, {0x0, 0x1}, {0x5, 0x2}, {0x3, 0x6}, {0x0, 0x1}, {0x6, 0xa}, {0x6, 0x9}, {0x7, 0x9}, {0x5, 0x1}, {0x1, 0x8}, {0x7, 0x4}, {0x4, 0x7}, {0x4, 0x5}, {0x4, 0x8}, {0x6, 0x7}, {0x5, 0x7}, {0x1, 0x8}, {0x1, 0x3}, {0x5, 0x1}, {0x3, 0x6}, {0x0, 0x4}, {0x1, 0x1}, {0x1, 0x2}, {0x1, 0x4}, {0x6, 0x2}, {0x4, 0x1}, {0x0, 0x2}, {0x2, 0x6}, {0x1}, {0x0, 0x2}, {0x7}, {0x1, 0x3}, {0x3, 0x2}, {0x2, 0x8}, {0x6, 0x9}, {0x1, 0x8}, {0x3, 0x4}, {0x5}, {}, {0x0, 0x8}, {0x7, 0x8}, {0x2, 0xa}, {0x3, 0x2}, {0x3, 0x5}, {0x3}, {0x7, 0x7}, {0x0, 0x3}, {0x1}, {0x6, 0x8}, {0x7, 0x5}, {0x7, 0x9}, {0x7, 0x3}, {0x5, 0x1}, {0x0, 0x9}, {0x3, 0x5}, {0x3, 0x3}, {0x4, 0x3}, {0x7, 0x4}, {0x0, 0x2}, {0x2, 0x2}, {0x5, 0x5}, {0x2, 0x7}, {0x0, 0x3}, {0x3, 0xa}]}, @NL80211_TXRATE_HT={0xc, 0x2, [{0x2, 0x9}, {0x6, 0x1}, {0x1, 0x9}, {0x7, 0x2}, {0x2, 0x2}, {0x4, 0x3}, {0x0, 0x9}, {0x4, 0x8}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0xfc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x38, 0x2, [{0x1, 0x2}, {0x4, 0x2}, {0x7, 0x8}, {0x7, 0x3}, {0x7, 0x8}, {0x2, 0xa}, {0x2, 0x9}, {0x0, 0x9}, {0x0, 0xa}, {0x6, 0x2}, {0x5, 0x2}, {0x5, 0x8}, {0x4, 0x3}, {0x7, 0x3}, {0x5, 0x8}, {0x5, 0x8}, {0x2, 0x9}, {0x5, 0x3}, {0x1, 0x2}, {0x0, 0x6}, {0x1, 0xa}, {0x1, 0x6}, {0x5, 0x1}, {0x6, 0x1}, {0x1, 0x4}, {0x1, 0x6}, {0x4, 0x4}, {0x7, 0x2}, {0x2, 0x9}, {0x3, 0x3}, {0x7}, {0x1, 0x3}, {0x1, 0x2}, {0x2, 0x3}, {0x2, 0x7}, {0x6, 0x3}, {0x3, 0x4}, {0x2, 0x5}, {0x5, 0x7}, {0x6, 0x5}, {0x2, 0x6}, {}, {0x2, 0xa}, {0x0, 0x5}, {0x0, 0xa}, {0x4, 0x3}, {0x1, 0x3}, {0x1, 0x6}, {0x2, 0x6}, {0x4, 0x7}, {}, {0x3}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0xb, 0x2, [{0x1, 0x5}, {0x5, 0xa}, {0x0, 0x7}, {0x1, 0x7}, {0x2, 0x2}, {0x2, 0x3}, {0x1, 0x2}]}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x18, 0x2, 0xc, 0xc, 0x60, 0x3, 0x30, 0x18, 0x16, 0x1f, 0x18, 0x3, 0x4, 0x36, 0xb, 0x36, 0x6c]}, @NL80211_TXRATE_HT={0x4b, 0x2, [{0x7, 0x8}, {0x6, 0x2}, {0x7, 0x8}, {0x7, 0x2}, {0x5, 0x9}, {0x7, 0x5}, {0x2, 0x6}, {0x3, 0xa}, {0x5, 0x1}, {0x2, 0x4}, {0x6}, {0x1, 0x7}, {0x5, 0x8}, {0x1, 0x4}, {0x7, 0x9}, {0x4, 0x7}, {0x2, 0x4}, {0x0, 0x9}, {0x1, 0x4}, {0x5, 0x7}, {0x5, 0x8}, {0x2}, {0x5, 0x8}, {0x5, 0x4}, {0x7, 0x5}, {0x2, 0x5}, {0x1, 0x5}, {0x1, 0x5}, {0x3, 0x4}, {0x6, 0x5}, {0x7, 0x6}, {0x6, 0x7}, {0x6, 0x1}, {0x4, 0x7}, {0x0, 0x9}, {0x6, 0x1}, {0x0, 0x7}, {0x7, 0x7}, {0x4, 0x7}, {0x5, 0x8}, {0x6, 0x5}, {0x1, 0x4}, {0x2, 0xa}, {0x6}, {0x0, 0x7}, {0x7}, {0x5, 0x5}, {0x1, 0x8}, {0x1, 0x4}, {0x5, 0x2}, {0x6, 0x1}, {0x4, 0x6}, {0x0, 0x9}, {0x6, 0x5}, {0x0, 0xa}, {0x6, 0x6}, {0x3, 0x7}, {0x7, 0x4}, {0x1, 0x1}, {0x1, 0xa}, {0x7, 0x9}, {0x7, 0x2}, {0x7, 0x1}, {0x3, 0xa}, {0x6, 0x6}, {0x1, 0x5}, {0x7, 0xa}, {0x2, 0x5}, {0x4, 0x7}, {0x3, 0x7}, {0x7, 0x5}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x0, 0x7}, {0x7, 0x8}, {0x6, 0x7}, {0x5, 0x3}, {0x2, 0x8}, {0x2}, {0x5, 0x6}, {0x0, 0x1}, {0x3, 0x9}, {0x4, 0x4}, {0x6, 0xa}, {0x6, 0x5}, {0x4}, {0x0, 0x2}, {0x6, 0x5}, {0x7, 0xa}, {0x5, 0x7}, {0x4}, {0x5, 0x5}, {0x6, 0x7}, {0x0, 0xa}, {0x2, 0x5}, {0x1, 0x9}, {0x0, 0x6}, {0x4, 0x5}, {0x4, 0xa}, {0x6, 0x5}, {0x3, 0xa}, {0x1, 0x6}, {0x0, 0x2}, {0x0, 0x9}, {0x1, 0xa}, {0x4, 0x6}, {0x1, 0x1}, {0x4, 0x5}, {0x2, 0x6}, {0x5, 0x7}, {}, {0x1, 0x8}, {0x2, 0xa}, {0x3, 0x1}, {0x0, 0x5}, {0x3, 0x9}, {0x2, 0x6}, {0x0, 0x3}, {0x0, 0x5}, {0x5, 0x4}, {0x3, 0x4}, {0x0, 0x7}, {0x1, 0x3}, {0x7}, {0x0, 0x3}, {}, {0x5, 0xa}, {0x5, 0xa}, {0x5, 0x2}, {0x0, 0x2}]}]}, @NL80211_BAND_5GHZ={0x70, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x600, 0x3, 0x6, 0x6, 0x6, 0x8, 0x2]}}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x36, 0x3, 0x3]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x8, 0x81, 0x4, 0x380, 0x3b51, 0x2, 0x51d]}}, @NL80211_TXRATE_HT={0x24, 0x2, [{0x3}, {0x4, 0x4}, {0x2, 0x3}, {0x2, 0xa}, {0x0, 0x5}, {0x3, 0xa}, {0x0, 0x9}, {0x1, 0x7}, {0x3, 0x8}, {0x7}, {0x6, 0xa}, {0x7, 0x3}, {0x1, 0x1}, {0x1}, {0x1, 0x9}, {0x0, 0x2}, {0x5, 0x1}, {0x4, 0x4}, {0x3}, {0x1, 0x4}, {0x1, 0x5}, {0x0, 0x9}, {0x1, 0x8}, {0x3, 0x2}, {0x5, 0x3}, {0x1, 0x2}, {0x6, 0x9}, {0x3, 0x6}, {0x3, 0x6}, {0x2, 0x4}, {0x1, 0x1}, {0x6, 0x2}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0xf8, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x2b, 0x2, [{0x4, 0x6}, {0x0, 0x9}, {0x3, 0x4}, {0x3, 0x7}, {0x3, 0x4}, {0x2, 0x6}, {0x0, 0x7}, {0x0, 0x4}, {0x3, 0x1}, {0x3, 0x5}, {0x4, 0x1}, {0x7, 0x8}, {0x3, 0x1}, {0x4, 0x2}, {0x0, 0x9}, {0x0, 0x4}, {0x1}, {0x2, 0x12}, {0x0, 0x4}, {0x1, 0x7}, {0x0, 0x4}, {0x3, 0x7}, {0x3, 0x8}, {0x7, 0x9}, {0x0, 0x2}, {0x7}, {0x7, 0x4}, {0x6, 0x7}, {}, {0x2, 0x1}, {0x4, 0x8}, {0x1, 0x6}, {0x6, 0x2}, {0x5, 0x2}, {0x1, 0x9}, {0x0, 0x8}, {}, {0x3, 0x4}, {0x4, 0x2}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x100, 0x4, 0xe0, 0x664, 0x8, 0x5, 0x2, 0x9]}}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x9c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x20, 0x1, [0xb, 0x24, 0x60, 0x30, 0x48, 0x60, 0xc, 0x6, 0x18, 0x0, 0x18, 0x0, 0x36, 0x36, 0x30, 0x48, 0x24, 0x5, 0x48, 0x36, 0x48, 0xc, 0x3, 0xb, 0x6, 0x12, 0x2, 0xb]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x1ff, 0x4, 0x4, 0x55a1, 0xc, 0x4, 0x7]}}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x7, 0x9}]}, @NL80211_TXRATE_HT={0x45, 0x2, [{0x1, 0x4}, {0x0, 0x3}, {0x7, 0x8}, {0x5}, {0x7, 0x7}, {0x6, 0x6}, {0x2, 0x4}, {0x5, 0x6}, {0x3, 0x3}, {0x7, 0x3}, {0x6, 0x2}, {0x7, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x0, 0x5}, {0x0, 0x2}, {0x4, 0x8}, {0x0, 0x6}, {0x6, 0x4}, {0x6, 0x5}, {0x2, 0x9}, {0x5}, {0x4}, {0x1, 0x8}, {0x3, 0x8}, {0x4, 0x8}, {0x6, 0x8}, {0x5, 0x4}, {0x6, 0x7}, {0x2, 0x4}, {0x0, 0x2}, {0x7, 0xa}, {0x4, 0x7}, {0x3, 0x3}, {0x6, 0x9}, {0x1, 0x8}, {0x7, 0x9}, {0x4, 0x5}, {0x1, 0x9}, {0x7, 0x6}, {0x0, 0x9}, {0x0, 0x6}, {0x3, 0x8}, {0x0, 0x6}, {0x1, 0x9}, {0x4, 0x3}, {0x7, 0x2}, {0x7, 0x8}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0xa}, {0x1, 0x7}, {0x1}, {0x7, 0x3}, {0x3, 0x8}, {0x5, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x3, 0x4}, {0x4, 0x4}, {0x2, 0x8}, {0x6, 0x5}, {0x2, 0x2}, {0x0, 0x3}, {0x6, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x80, 0x9, 0x4a1, 0x2, 0x0, 0x8, 0x6]}}]}]}, @NL80211_ATTR_TX_RATES={0x3c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x100, 0x8, 0x5, 0x1, 0x7f, 0x3, 0x7, 0xa]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0xb, 0x6, 0x12, 0x18, 0xb, 0x4, 0x18, 0x30, 0x36, 0x3, 0x6c, 0x60, 0x9, 0x36, 0x9, 0x60, 0x3, 0x12, 0x60, 0x5]}]}]}, @NL80211_ATTR_TX_RATES={0xac, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8779, 0x2, 0x5, 0x101, 0x1, 0xfffe, 0x0, 0x4]}}]}, @NL80211_BAND_6GHZ={0x78, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x9701, 0x666f, 0xfff, 0x3ff, 0xfffa, 0xa, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xe7c, 0x800, 0x2400, 0x6, 0x1, 0x8, 0xd]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x1a, 0x2, [{0x6, 0x7}, {0x4, 0x9}, {0x0, 0x5}, {0x7}, {0x1, 0x2}, {0x5, 0x4}, {0x1, 0xa}, {0x4, 0x7}, {0x3, 0x2}, {0x6, 0xa}, {0x3, 0x5}, {0x1, 0x9}, {0x1, 0x3}, {0x6, 0x3}, {0x6, 0x6}, {0x1, 0x8}, {0x6, 0x1}, {0x5, 0x3}, {0x1, 0x3}, {0x5, 0x3}, {0x7, 0x9}, {0x7}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xa, 0x101, 0xe, 0x81, 0x7, 0x7, 0x5]}}]}]}]}, 0x3ec}, 0x1, 0x0, 0x0, 0x40}, 0x8081)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000080)='%+9llu \x00'}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000429bd7000ffdbdf25810000000c0099000400000074000000040067000a00060008021100000000000400670014003300e40003000802110000015050505050500a005d19b89eafce76130000060066000d89000006006600600000000a000802110000000000040067000000"], 0x74}, 0x1, 0x0, 0x0, 0x4004}, 0x4000)
recvmsg$unix(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x2000)
ioctl$sock_inet_SIOCADDRT(r8, 0xff09, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000580)={r4, <r9=>0xffffffffffffffff}, 0x4)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00', r10, 0x0, 0x2}, 0x18)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000b00)={<r11=>r9, 0x766, 0x15, 0x3})
openat$cgroup_freezer_state(r11, &(0x7f0000000b40), 0x2, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001280)={r11, 0xe0, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000f80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, &(0x7f0000000fc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001040)=[0x0, 0x0, 0x0, 0x0], <r14=>0x0, 0x5e, &(0x7f0000001080)=[{}, {}], 0x10, 0x10, &(0x7f00000010c0), &(0x7f0000001100), 0x8, 0x28, 0x8, 0x8, &(0x7f0000001140)}}, 0x10)
r15 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001540)=@bpf_tracing={0x1a, 0x13, &(0x7f00000012c0)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x10}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xffffffff}], &(0x7f0000001380)='syzkaller\x00', 0x5, 0x81, &(0x7f00000013c0)=""/129, 0x40f00, 0x0, '\x00', 0x0, 0x18, r11, 0x8, &(0x7f0000001480)={0x1, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x2d677, r8, 0x1, &(0x7f00000014c0)=[r8, 0x1], &(0x7f0000001500)=[{0x0, 0x5, 0x9, 0x3}], 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0x1e, 0x1d, &(0x7f0000000c80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x101}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @map_val={0x18, 0x8, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @jmp={0x5, 0x0, 0x6, 0x6, 0xb, 0x80, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x43}, @map_val={0x18, 0x2, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0xbce1}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000c00)='syzkaller\x00', 0x4, 0xeb, &(0x7f0000000d80)=""/235, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2c, r8, 0x8, &(0x7f0000000f00)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000f40)={0x5, 0x1, 0x0, 0xffffffff}, 0x10, r14, r15, 0x5, 0x0, &(0x7f0000001600)=[{0x9, 0x5, 0xe, 0x9}, {0x5, 0x3, 0x5, 0x2}, {0x0, 0x4, 0xa, 0x8}, {0x0, 0x3, 0x7, 0xa}, {0x2, 0x1, 0xe}], 0x10, 0xfffffffc}, 0x94)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010000000000000043cc08000000180001801400020073797a5f74756e000000000000000000140002800500010008"], 0x40}}, 0x2008040)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0xbdce6000)
pselect6(0x40, &(0x7f0000000000)={0x2f7a, 0x80000000000, 0x0, 0x9a9, 0x6, 0x7, 0x5, 0x1}, &(0x7f0000000040)={0x6, 0x4, 0x3, 0x3, 0x6, 0x5, 0x6, 0x4}, &(0x7f00000000c0)={0x0, 0x8b, 0x7, 0x9, 0x6, 0x2, 0x1000000000000000}, &(0x7f0000000140)={0x77359400}, &(0x7f0000000200)={&(0x7f0000000180)={[0xa]}, 0x8})

106.65391ms ago: executing program 1 (id=1130):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240))
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000005c0)={0x14, r2, 0x100, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40080c5}, 0x44084)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@getnexthop={0x20, 0x76, 0xb0d, 0x4000, 0x0, {0x3}, [@NHA_ID={0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
unshare(0x68040200)
socket$inet(0x2, 0x3, 0x7)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000540)=ANY=[@ANYBLOB="cd1242bdc9ea000000000000080049000040000800000001907864010102ffffffff01940401009404000094048fcbd9118507be5db652aa53c800000000000308b07800067f4345170fff0065b9f9f5290008ac1e0001ac141404"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x840000000002, 0x6, 0x5)
sendmmsg$inet(r6, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a1c0ffff000039a9029e2d34161c0000", 0x10}, {0x0, 0x2e}], 0x2}}], 0x1, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r5, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, &(0x7f00000003c0)=[{0x2, 0x0, {0x2, 0x1}, {0x0, 0x1}, 0xfd}, {0x0, 0x0, {0x1, 0x1, 0x1}, {0x1, 0xff, 0x3}, 0x2, 0xfe}, {0x2, 0x0, {0x1, 0xf0, 0x3}, {0x1, 0x1, 0x4}, 0xff, 0xfd}, {0x0, 0xffffffffffffffff, {0x1, 0xf0, 0x2}, {0x1, 0x0, 0x3}, 0x0, 0xff}, {0x2, 0x2, {0x2, 0xf0, 0x4}, {0x2, 0x1, 0x3}, 0xfe, 0xff}, {0x1, 0x3, {0x2, 0xf0, 0x3}, {0x0, 0xf0, 0x1}, 0xfe, 0xfe}, {0x1, 0x1, {0x0, 0x1, 0x3}, {0x1, 0x0, 0x3}, 0x1, 0x2}, {0x3, 0x3, {0x0, 0xf0, 0x3}, {0x1, 0xf0}, 0x2}], 0x100)
close(0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x12, 0xffffffffffffffff, 0xfffff000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea1100000005000000", 0x29}], 0x1)

104.544521ms ago: executing program 3 (id=1131):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000000c0)={0x0, 0x0})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d440fe0000000000000100000002000000", 0xfe60)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000000)="b9ff03076003008cb89e08f088a8", 0x0, 0xfdf, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x50)

91.001236ms ago: executing program 3 (id=1132):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0xb, 0xf, 0xff, 0x0, 0x3, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0xf4, 0x2], 0x1, [0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0xd52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x3}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1], 0x44}}, 0x0)

37.203282ms ago: executing program 4 (id=1133):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = gettid()
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000) (fail_nth: 14)

0s ago: executing program 2 (id=1134):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000001900)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x101, @empty, 0x10000}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000040)="ec487a8e5bdc1966a180c67fac119801605004c974c2e22605496e8b14171a2bb36206cdd543949006b21f26d8fb23a3d4fdfe09ae5718b22f", 0x39}, {&(0x7f0000000080)="3adfc301acd76513a2f6b77aba0115f85d46e40131148325ad59279256f74a3e56a0bfc894748218e51df1e07bf920e246722d28ef150356ba312d3b7d63ac140289f9c498043d75679fc2242c820b2e4e833ecd5451d3c7bcd72bb100740a77e6b1c5b21f71d9e349a2835d9beda06764c662b18557867f29373470802ec45d7b6f0239e8d5d65180f128ab2a8a7da635fe0f7c03a96c1042720eef7826df76b2a4ee8b67fde63c536b4eda3c84bd0936d3a77f29e6c10c3fbdca387dc7de68402d807ae80d", 0xc6}], 0x2, &(0x7f0000000640)=[@dstopts_2292={{0x98, 0x29, 0x4, {0x3a, 0xf, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @loopback}, @enc_lim, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @enc_lim={0x4, 0x1, 0x54}, @ra={0x5, 0x2, 0x8}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x1, 0xc, 0x7, 0x7b, [0xffffffffffffffff, 0x81, 0x8, 0x5, 0xa0, 0xff]}}]}}}, @tclass={{0x14, 0x29, 0x43, 0x1}}, @tclass={{0x14, 0x29, 0x43, 0x9}}, @dstopts={{0x40, 0x29, 0x37, {0x11, 0x4, '\x00', [@ra, @hao={0xc9, 0x10, @private1}, @ra, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x5e1d}]}}}, @dstopts_2292={{0x38, 0x29, 0x4, {0x5e, 0x3, '\x00', [@calipso={0x7, 0x18, {0x2, 0x4, 0x7f, 0xc72, [0x100000000, 0xc0000000000000]}}]}}}, @hopopts={{0x58, 0x29, 0x36, {0xc, 0x7, '\x00', [@enc_lim={0x4, 0x1, 0xf}, @enc_lim={0x4, 0x1, 0x3}, @calipso={0x7, 0x30, {0x2, 0xa, 0x0, 0x8d54, [0x2, 0xd2f9, 0x1bcd2b62, 0x9, 0x7f]}}, @jumbo={0xc2, 0x4, 0x2}]}}}, @dstopts={{0xf8, 0x29, 0x37, {0x5c, 0x1b, '\x00', [@generic={0x4, 0x6b, "c53c25ea02df734f78ed54a90fb31e46937dcb7ed5b49d582298ef99c4f95e43c2835ae63ad8e1e25b6e16d3eaf7b41a79fa8fbc4057ec95d872870233bcf46b2808969896bfa44f779b234f71e32440abdbf04f3ca747d2fd2e3d8fe93c612bf4b5f9458c4dfeb81ca40d"}, @jumbo, @enc_lim={0x4, 0x1, 0x9}, @ra={0x5, 0x2, 0x2}, @generic={0x2a, 0x37, "1d495c44d0232586663900332ee5700159bcfdec037bd2952e8a8f938f32d5769f706da836493b0f7c5f56fefec3571ab10eca343dda3e"}, @hao={0xc9, 0x10, @empty}, @hao={0xc9, 0x10, @loopback}, @jumbo={0xc2, 0x4, 0x2}]}}}], 0x290}}, {{&(0x7f00000001c0)={0xa, 0x4e23, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x20a5}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)="4ce86f", 0x3}, {&(0x7f0000000340)="90002e5783c03c482191637752850e76b9da9f7e62e52457367a5c42dce247bbd95459c5ba9f78a9a70c1547f7f7163a6b1bf2db11cbfb935d3ef5cbd99c80fd74b03f711faefdb638309b936899fdf54f2bdc06dd2fbe98411ebac231997907e2d3042e207c0556ea392b3d87b33e5aac7bcc8e4564100afe58d9b4a12898234ac1876cff82ae4ec6288033e2a814776d9311f52684c0e0bae61b4d493ef323a288aa02f0d507f77d6f79b8cc303c3973837d84e9d04b66dfd73247667eefae86690a8d5a6271b9994ff813cfe526e7fa4f0c2ca4774ba7d5f659d1c9429a19b144b4b854a019993c05380570bfa6bd7a01ed73", 0xf4}, {&(0x7f0000000440)="6f6ed55f751c6ad52f2f8ed20501ccdb477e7db2bd99a5e5c7ed473b08ef58cfbf076987d3fd3fef9d25c959193937255f6e66c34c9292280f965f2f0423c64ab1de7156a71900a103c380409318f29fa164d6aacfa3f9562fabdb0b5584dc52e7e4b072a49e35e6c7515b80d3b20e86c242e00d11a3ef8c910d3b3fca6a456708355e89a42adc5c4d0dcbc25f0b11e3e6bf9cb0fb4c90c15c1da9044aef5a68e926a80adba1f87cff6f21ad8befb6400038a77bf4bfd14027df96f4d30a866e9db621bff154f07fae1d98c32860d920870e27aa3075a30dd8ebe895fe4353a8fd06970815b8ddf97c", 0xe9}, {&(0x7f0000000900)="5473adf2ae82b21ae696fa64797dd2a43a98188d51b686627cd594e42c23b40121a17946ebc82ad34b79983d6b5eb91e659433a152e7eeeb5af4e2e1f4444d9d3a06b2afea711633bc11d77e2ef390b00445f4816f136b46d1ef01b947bcbb888e0d1bbf9553780104eb7060d06f74cc9aa4d50238a4b1be19e363eee72fd9328f16c1247379", 0x86}], 0x4}}, {{&(0x7f0000000280)={0xa, 0x4e21, 0x9, @empty, 0x1}, 0x1c, &(0x7f00000009c0)=[{&(0x7f0000000540)="f9", 0x1}], 0x1}}, {{&(0x7f0000000a00)={0xa, 0x4e24, 0x2, @mcast2, 0x12}, 0x1c, &(0x7f0000001040)=[{&(0x7f0000000a40)="5c1b23f8ed10a019c23b7375", 0xc}, {&(0x7f0000000a80)="2b4b288abaad4e821ff26aad8d38d823fbe4c4144f10dc58d6e15f47a4924a2c29e926098d71e41fdfe7db4b580ec7579a72549580f1a16e2687caebbecd546710ab51acd8348ead949eff6324891d060228d5940f9f0f0ac0303f2ead11cd58b0a139ebf1ecdf26c3fb7239ca6847c3d5684778c806ec3aa1df02ba3f1bcadb44507941b2525985e0cbe7fdffabf03072a84904a45e8ebe754c70b79196be3448aa2e1c63f78b2e6bb2ee1e6ec1a08f5e427acd66801d80b5566f57bfc92bdb2e6be121e8e6812cdd001c", 0xcb}, {&(0x7f0000000b80)="4ad169fb0a131bde36d42300ebb57d1df940c6166b24c0b494", 0x19}, {&(0x7f0000000bc0)="f2be813d44da48aa93bfc7caa80917cf840b83eefc391218b19f004ad5f5518b67daa85c663f27ab1eda99417090622d040d9c1ac9e65f3aaf2f5ab71911b76086892301e058f7ec48321b7057a3bb90e327db1a6ae4009fbc44efe9dac81630636ce43acdc389be364062", 0x6b}, {&(0x7f0000000c40)="541093be3465b0fd9df6fbe01b7d3cc62c8021931e2dc0eaf074ca99c51274ee4d6d2ce8dcd74132ab6a668acb7003f2d2aaf5bb9739976436cba4edeea400dc37fbb17ef763256d0217e2e11d32af4444d7c9464b75c3e2e94acbd095aae254593efe67b6ab2cff497ca70e0008d2056fa0b1633aa0be6f28cba6e8d497d0f24210bd2dfb82483e6119ff4f089c4d493f6ad2dbb63764b6fc4fa47840804ae846816fde2fe10eb44e14453895ca034cbbd5e9676f71d62c1245a8c76024be4e3d7850918755", 0xc6}, {&(0x7f0000000d40)="018fd7b1fffead2f8518f9f74681b04d6034191248c62e5c5ce122ca39c94a589fc07339c0b17c58231a7bf569517741", 0x30}, {&(0x7f0000000d80)="310089f48b52a3d80bd206f80fb249f1eeb19a55b9bebd21f70d88ace2620b4bf1f7d613a78bc7c626695ae9d4177d570ba93153d529b884f6a42fdba500ffe77c6dde2a7a9d95b388eba1a80f87787c217c52957b375ed507156a2896d7acf2802d3c70758305765819cd73832235bcbd75d0a650cb77c8cffe6e026890f56f14ed4374e4725bf07e057b02bfa10c583a2e1db1be2a0ebcd9ebb2bbe7aa1ea4ae975ac295b0216371756cad602b6b0870cbaeb59b", 0xb5}, {&(0x7f0000000e40)="9fd0716df6c9e1acb8b34bb9a32a2da8309a4c0497f46690aee2519b4f599c54abd22665043b15aab6e7d322ae1b3b9516f18748c6b884f4cea71646994f1b625f0e1312f5eb5e873ee1cac84cdc2f9d6af1a3638ff2bbc30006f5db7ff22c4c3572122da42e8de2325f41fd82becb593cc0f3e7e6919165020a088d732d14eac706c151d51c4a99c8624dece3b951949f6188307b6244efd05736f55bdd097aed56af2b6646c8db955643a6a50ff6933bb813081f92b8c770bdf369f0961624a41804bde74ebcface31631e147cb354a011301a6cce1bc1e018e0151eda", 0xde}, {&(0x7f0000000f40)="1669b2cd648ffbfc3b0b55ac6fa80620ff59b5d2c98c3bd65edc9e995ef66dd9345755f82bfc00b25220", 0x2a}, {&(0x7f0000000f80)="9b5689ccd0baea9ed7e2b48ab8ba59548e6849ee0975cf3edc3b277ed494ac0c8798d7f311877f048b1e470430138c81f6f2cd7ba784976a31c474188f5cc7092d4b436dc362263a23f451412e859e35449e0e401db6a838ba1ce8be553353d084b4a1317b432f33063ee2310c71839ab8c2a0be7140471aaaa4aec93865ea5550df24915119f1969084597adfa610fd3446fef0d8c94c3e17", 0x99}], 0xa, &(0x7f0000001100)=[@dontfrag={{0x14, 0x29, 0x3e, 0x4}}, @rthdr_2292={{0x68, 0x29, 0x39, {0x0, 0xa, 0x2, 0x4, 0x0, [@private0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @remote, @dev={0xfe, 0x80, '\x00', 0x1c}]}}}, @rthdrdstopts={{0x168, 0x29, 0x37, {0x8, 0x29, '\x00', [@generic={0x80, 0xbe, "425ab2b48eb6deccbe793a45e1b0774fd0868c0b45b01b8b27ef8d7fbc0c6913cf51219fd54e86a6a8db772de7b97582f970d36b626b54f8ce384bdf0eeccff8fe9d2cb5450d6dc4f1c917dc961769452f93bebac961838aaef8329da839b6a1c6c6c3aee56867392807af0372a19023ce2a9067e7cd1cb5daba2c08e6dca79cfad1b0ccde74395b45b5aa0fc868fe3a5aa48df0252f87c7977f7e45ddbc25b553bb8cbe30cfb4270637f9cc0f784cc40fd2b506b7afed38a346054f1dce"}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @remote}}, @generic={0xfd}, @calipso={0x7, 0x58, {0x0, 0x14, 0xd, 0xe, [0x8, 0x1, 0x6, 0x8001, 0x8a, 0x100, 0x9, 0x4, 0x480000000, 0xb]}}, @enc_lim={0x4, 0x1, 0x76}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @mcast1}]}}}, @hopopts={{0x20, 0x29, 0x36, {0x5e, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0xdd}]}}}], 0x208}}, {{&(0x7f0000001340)={0xa, 0x4e20, 0xd5, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x1c1}, 0x1c, &(0x7f00000016c0)=[{&(0x7f0000001380)="0d1d7759a77024d676be2da6d79252749adb0267c0e960dd3f81c2bed97f9892406024ba1bbe9cbf8f2032ab0325f4b02bc2c42cbd7199ed6fc45804eb9b675f5754263e34276342d115f3874bf0e7d3ce06b01588fc22984f1783096324c056c9e03c83b0fe4a5bab9ea22a908491db21d7dce351fb1db19bca8029446f1094a9e261c6dfaae05558fda07724ead6d219899b3829ec1d02a25126f3a8749b233fb1c974f45d2b1fd5f36532a03eaaec", 0xb0}, {&(0x7f0000001440)="19e8c5b69469416e85a458e90998fd6527de6192e34b4da650d54ce13a27fc9cedd17b705b4cd4d4f6baada7b2b75bd9c66f3f45cd25fd7160ef06739bf7717745755278686239f5d0faccb66e12e7dbef31b8d3695b2da7bdfecfad480ac0d10510863ce250b1040f564ee123fb26e64817dc7588cdcc007ecb429267e36200fa09a164459a074e1a6479a7ee21ff2d279712696725bba367", 0x99}, {&(0x7f0000001500)="66fc830a6b4ca1eb540ce8f1899fb43516668cc179760c86d09182b42c431ac6871d8d8e21eb183773625ba115cc20a75f06b23ec4b06eb0f76bc7d26705eb0c0b6659ae3f3b1806250b020c68e023243076a779c067b1b4b482209604b0ce2aeedfcc6ffa43a8843156cebf75abec03b9bfe2c551c9d6fd59da6f918c540a7c2d351a3d01c71503e64b0755a86853321705db", 0x93}, {&(0x7f00000015c0)="59da924e3a3e6760d07bd5e1738c96331dd4f019acf90140a3ce48dfc17a196ab8a1c8405759f33f25bea3d6047f3e903c39d3d1948c0344ed3461e6427c00811c1333080fb326865e09d79991a985c9800b08ce4f1247aa969f0f27cc9ac473702cc8d4c43a76d04f5248fc0e87ed2a14977ca22d224455f66ba18374ddb1db707862133a8ec91cf129cff269f38263d7eac65153418eabdbac07e84247aae088d7c7949406a43ac1d0d322cbdefc354a5b20bcc4cbbd036d4b63608c98e2669e5bd73bff8a5758c7f6f23727bc02bc8a4a04cc0529fa29", 0xd8}], 0x4, &(0x7f0000001700)=[@rthdr_2292={{0x98, 0x29, 0x39, {0x29, 0x10, 0x1, 0x2, 0x0, [@mcast2, @dev={0xfe, 0x80, '\x00', 0x21}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x37}]}}}, @hopopts={{0x130, 0x29, 0x36, {0x1d, 0x22, '\x00', [@jumbo={0xc2, 0x4, 0x5}, @jumbo={0xc2, 0x4, 0x1}, @hao={0xc9, 0x10, @local}, @generic={0x7, 0xda, "62df204d0b09afdcfd4c292e56a03c2c5e9f2220842077e4624f26275b5e822f4e7cf2786007dc066dd32d11c133735819c50e4d30063faf014d1d3196809e111016ebd88e01c994354387be6430d8fdb8a5fd7df3aa49ea2113023e7661557aed371753c8131849e517fe1525f6d9b10b5ed85fb79352d10dd03e439069e83c504b44cd72cee2af6b1de2aff1d24ff2760e9fb281dc602bbc7897d347e66af8e48452f367bf2c89290c8dde5d7ff9a0330f435bdb8780326c14f0f842805e3d3b383000668b700ec670a19ccfd6cf607786fddef360f7c39ec1"}, @enc_lim={0x4, 0x1, 0x3}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @pad1]}}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x27, 0x2, 0x2, 0x0, 0x0, [@mcast2]}}}], 0x1f0}}], 0x5, 0x20000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8, 0x5, 0x20000000}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

kernel console output (not intermixed with test programs):

0 port 8472 - 0
[  112.782905][ T6717] netlink: 'syz.2.159': attribute type 10 has an invalid length.
[  112.794074][ T6701] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.853090][ T6713] team0: Port device dummy0 added
[  112.880120][ T6701] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  112.957803][ T6701] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.990911][ T6722] netlink: 24 bytes leftover after parsing attributes in process `syz.1.160'.
[  113.031418][ T6717] team0: Port device dummy0 removed
[  113.147146][ T6701] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  113.157611][ T6701] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.284199][ T6734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.163'.
[  113.403623][ T6734] geneve2: entered promiscuous mode
[  113.412309][ T6734] geneve2: entered allmulticast mode
[  113.611949][   T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  113.657073][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.734706][ T6753] tipc: Started in network mode
[  113.749945][ T6753] tipc: Node identity be497ecd70d4, cluster identity 4711
[  113.777859][ T6753] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  113.807723][   T12] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  113.830858][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.859927][ T6753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.167'.
[  113.959661][ T6754] syzkaller0: entered promiscuous mode
[  113.973257][ T6754] syzkaller0: entered allmulticast mode
[  113.980891][ T6754] tipc: Resetting bearer <eth:syzkaller0>
[  114.091848][   T12] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  114.108906][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.122003][ T6752] tipc: Resetting bearer <eth:syzkaller0>
[  114.727696][ T6782] netlink: 'syz.4.171': attribute type 10 has an invalid length.
[  114.781077][ T6783] netlink: 'syz.4.171': attribute type 10 has an invalid length.
[  114.827019][   T48] tipc: Node number set to 3466428109
[  115.209185][ T6752] tipc: Disabling bearer <eth:syzkaller0>
[  115.233308][   T12] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  115.241914][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.257264][ T6782] batman_adv: batadv0: Adding interface: team0
[  115.263586][ T6782] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.289551][ T6782] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  115.300699][ T6783] team0: entered promiscuous mode
[  115.306184][ T6783] team_slave_0: entered promiscuous mode
[  115.312012][ T6783] team_slave_1: entered promiscuous mode
[  115.320718][ T6783] 8021q: adding VLAN 0 to HW filter on device team0
[  115.332074][ T6783] batman_adv: batadv0: Interface activated: team0
[  115.339514][ T6783] batman_adv: batadv0: Interface deactivated: team0
[  115.371092][ T6783] batman_adv: batadv0: Removing interface: team0
[  115.389093][ T6783] bridge0: port 4(team0) entered blocking state
[  115.399048][ T6783] bridge0: port 4(team0) entered disabled state
[  115.409071][ T6783] team0: entered allmulticast mode
[  115.414276][ T6783] team_slave_0: entered allmulticast mode
[  115.420345][ T6783] team_slave_1: entered allmulticast mode
[  115.433439][ T6783] bridge0: port 4(team0) entered blocking state
[  115.439860][ T6783] bridge0: port 4(team0) entered forwarding state
[  116.272836][ T6829] sctp: [Deprecated]: syz.3.182 (pid 6829) Use of int in maxseg socket option.
[  116.272836][ T6829] Use struct sctp_assoc_value instead
[  116.491360][ T6848] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  116.781615][ T6854] __nla_validate_parse: 4 callbacks suppressed
[  116.781633][ T6854] netlink: 24 bytes leftover after parsing attributes in process `syz.4.187'.
[  116.889152][ T6024] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  117.154329][ T6024] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  117.202161][ T6024] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  117.970189][ T6896] syzkaller1: entered promiscuous mode
[  117.994384][ T6896] syzkaller1: entered allmulticast mode
[  118.355195][ T5863] Bluetooth: hci4: command tx timeout
[  118.460723][ T6907] netlink: 'syz.3.194': attribute type 1 has an invalid length.
[  118.575509][ T6914] netlink: 256 bytes leftover after parsing attributes in process `syz.1.197'.
[  118.722935][ T6920] netlink: 24 bytes leftover after parsing attributes in process `syz.4.198'.
[  118.736351][ T6907] veth3: entered promiscuous mode
[  118.768297][ T6916] erspan0: entered allmulticast mode
[  118.961629][ T6931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.201'.
[  119.053231][ T6851] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  119.196583][ T6851] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  119.270043][ T6950] netlink: 48 bytes leftover after parsing attributes in process `syz.1.206'.
[  119.293474][ T6851] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  119.413440][   T60] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  119.440963][   T60] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  119.507778][ T6958] netlink: 56 bytes leftover after parsing attributes in process `syz.4.210'.
[  119.507787][   T12] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  119.530756][   T12] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  119.540900][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.209'.
[  119.556554][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.209'.
[  119.673543][ T6961] netlink: 24 bytes leftover after parsing attributes in process `syz.4.212'.
[  119.935889][ T6978] sctp: [Deprecated]: syz.2.216 (pid 6978) Use of int in max_burst socket option deprecated.
[  119.935889][ T6978] Use struct sctp_assoc_value instead
[  119.993592][ T6978] netlink: 44 bytes leftover after parsing attributes in process `syz.2.216'.
[  120.027193][ T6978] netlink: 'syz.2.216': attribute type 6 has an invalid length.
[  120.169893][ T6985] netlink: 'syz.2.216': attribute type 4 has an invalid length.
[  120.190535][ T6991] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  120.204506][ T6978] netlink: 'syz.2.216': attribute type 5 has an invalid length.
[  120.439771][ T6998] IPv6: addrconf: prefix option has invalid lifetime
[  120.449752][ T6997] IPv6: addrconf: prefix option has invalid lifetime
[  120.768226][ T7002] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  120.788494][ T7002] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.933226][ T7002] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  120.960191][ T7002] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.062725][ T7002] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  121.182321][ T7002] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.434235][ T7002] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  121.457071][ T7002] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.681691][ T7040] x_tables: duplicate underflow at hook 2
[  121.710602][   T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  121.725151][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.737494][   T12] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  121.750017][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.786434][   T13] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  121.799880][   T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.856286][   T13] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  121.891687][   T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.917000][ T7047] __nla_validate_parse: 3 callbacks suppressed
[  121.917013][ T7047] netlink: 4 bytes leftover after parsing attributes in process `syz.4.233'.
[  121.941659][ T7042] IPVS: persistence engine module ip_vs_pe_ not found
[  121.994987][ T3095] IPVS: starting estimator thread 0...
[  122.029745][ T7047] netlink: 4 bytes leftover after parsing attributes in process `syz.4.233'.
[  122.117984][ T7050] IPVS: using max 29 ests per chain, 69600 per kthread
[  122.141640][ T7058] netlink: 40 bytes leftover after parsing attributes in process `syz.4.233'.
[  122.228806][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.237'.
[  122.242543][ T7061] netlink: 4 bytes leftover after parsing attributes in process `syz.2.237'.
[  122.263190][ T7061] netlink: 38 bytes leftover after parsing attributes in process `syz.2.237'.
[  122.515425][ T7072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  122.528450][ T7070] netlink: 'syz.1.241': attribute type 1 has an invalid length.
[  122.591350][ T7081] netlink: 596 bytes leftover after parsing attributes in process `syz.0.242'.
[  122.597987][ T7067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  122.663148][ T7082] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  122.680643][ T7076] bond1: (slave gretap1): making interface the new active one
[  122.691949][ T7076] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  122.707222][ T7067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  122.709105][ T7076] syz.1.241 (7076) used greatest stack depth: 18992 bytes left
[  122.857393][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.1.244'.
[  123.313745][ T7092] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  123.346840][ T7092] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.410929][ T7092] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  123.426536][ T7092] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.616930][ T7092] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  123.631332][ T7092] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.736145][ T7092] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  123.767549][ T7092] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.788296][ T7102] netlink: 'syz.4.246': attribute type 13 has an invalid length.
[  123.804860][ T7102] netlink: 64 bytes leftover after parsing attributes in process `syz.4.246'.
[  123.892921][ T6025] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  123.901660][ T6025] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.923590][ T6025] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  123.934134][ T6025] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.967451][   T13] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  123.983112][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.008945][   T13] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  124.018844][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.130002][ T7105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.248'.
[  124.668314][ T7122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  124.679847][ T7122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  124.689508][ T7122] bond0 (unregistering): Released all slaves
[  124.990964][ T7134] 8021q: VLANs not supported on caif0
[  125.821681][ T7159] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0
[  125.920134][ T7153] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  125.988150][ T7164] pimreg: entered allmulticast mode
[  126.013391][ T7153] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  126.038795][ T7164] pimreg: left allmulticast mode
[  126.139070][ T7170] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  126.139894][ T7153] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  126.283339][ T7153] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  126.424402][ T7176] sctp: [Deprecated]: syz.4.267 (pid 7176) Use of int in max_burst socket option deprecated.
[  126.424402][ T7176] Use struct sctp_assoc_value instead
[  126.466075][   T60] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  126.478261][   T60] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  126.488803][ T7176] netlink: 'syz.4.267': attribute type 6 has an invalid length.
[  126.503811][ T7176] netlink: 'syz.4.267': attribute type 5 has an invalid length.
[  126.509830][   T13] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  126.542476][   T79] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  126.574099][ T7176] netlink: 'syz.4.267': attribute type 4 has an invalid length.
[  126.733227][ T7186] trusted_key: syz.2.270 sent an empty control message without MSG_MORE.
[  126.775190][ T7186] unknown channel width for channel at 909000KHz?
[  127.047372][ T7197] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  127.761263][ T7222] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  127.812923][ T7222] macsec1: entered allmulticast mode
[  127.831211][ T7222] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode
[  127.845694][ T7222] mac80211_hwsim hwsim8 wlan0: left allmulticast mode
[  127.855109][ T7222] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  127.893429][ T7237] __nla_validate_parse: 13 callbacks suppressed
[  127.893445][ T7237] netlink: 28 bytes leftover after parsing attributes in process `syz.0.281'.
[  127.924888][ T7229] tipc: Started in network mode
[  127.929863][ T7229] tipc: Node identity 8a14557dc622, cluster identity 4711
[  127.956885][ T7229] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.964879][ T7229] syzkaller0: entered promiscuous mode
[  128.006414][ T7241] netlink: 24 bytes leftover after parsing attributes in process `syz.2.284'.
[  128.015404][ T7229] syzkaller0: entered allmulticast mode
[  128.077575][ T7229] tipc: Resetting bearer <eth:syzkaller0>
[  128.522259][ T7273] netlink: 'syz.0.295': attribute type 3 has an invalid length.
[  128.536892][ T7273] netlink: 132 bytes leftover after parsing attributes in process `syz.0.295'.
[  128.617791][ T7278] netlink: 'syz.2.296': attribute type 1 has an invalid length.
[  128.629230][ T7278] netlink: 236 bytes leftover after parsing attributes in process `syz.2.296'.
[  128.640999][ T7278] NCSI netlink: No device for ifindex 813332851
[  128.648780][ T7226] tipc: Resetting bearer <eth:syzkaller0>
[  128.715479][ T7226] tipc: Disabling bearer <eth:syzkaller0>
[  128.807633][ T7229] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  128.813107][ T7286] netlink: 68 bytes leftover after parsing attributes in process `syz.2.299'.
[  128.930094][ T7296] netlink: 24 bytes leftover after parsing attributes in process `syz.1.303'.
[  128.966908][ T7296] netlink: 24 bytes leftover after parsing attributes in process `syz.1.303'.
[  130.117064][ T5855] Bluetooth: hci4: command 0x0401 tx timeout
[  130.707920][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.311'.
[  130.904046][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.311'.
[  132.174208][ T7344] xt_CT: You must specify a L4 protocol and not use inversions on it
[  132.197124][ T5863] Bluetooth: hci4: command 0x0401 tx timeout
[  132.437554][ T7346] netlink: 72 bytes leftover after parsing attributes in process `syz.3.317'.
[  132.694824][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.736879][ T7363] netlink: 'syz.3.321': attribute type 8 has an invalid length.
[  132.892486][ T7370] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  133.233500][ T7383] sctp: [Deprecated]: syz.0.328 (pid 7383) Use of int in max_burst socket option deprecated.
[  133.233500][ T7383] Use struct sctp_assoc_value instead
[  133.285023][ T7383] __nla_validate_parse: 4 callbacks suppressed
[  133.285038][ T7383] netlink: 44 bytes leftover after parsing attributes in process `syz.0.328'.
[  133.328213][ T7383] netlink: 43 bytes leftover after parsing attributes in process `syz.0.328'.
[  133.356951][ T7383] netlink: 'syz.0.328': attribute type 6 has an invalid length.
[  133.366014][ T7383] netlink: 'syz.0.328': attribute type 5 has an invalid length.
[  133.373816][ T7383] netlink: 43 bytes leftover after parsing attributes in process `syz.0.328'.
[  133.498542][ T7383] netlink: 'syz.0.328': attribute type 4 has an invalid length.
[  133.513034][ T7379] syzkaller0: entered promiscuous mode
[  133.547258][ T7379] syzkaller0: entered allmulticast mode
[  134.540918][ T7394] netlink: 'syz.1.330': attribute type 6 has an invalid length.
[  134.548962][ T7394] netlink: 'syz.1.330': attribute type 7 has an invalid length.
[  134.557111][ T7394] netlink: 'syz.1.330': attribute type 8 has an invalid length.
[  134.584737][ T7400] netlink: 84 bytes leftover after parsing attributes in process `syz.3.331'.
[  134.754994][ T7409] sctp: [Deprecated]: syz.1.332 (pid 7409) Use of int in max_burst socket option deprecated.
[  134.754994][ T7409] Use struct sctp_assoc_value instead
[  134.822259][ T7409] netlink: 44 bytes leftover after parsing attributes in process `syz.1.332'.
[  134.839912][ T7409] netlink: 43 bytes leftover after parsing attributes in process `syz.1.332'.
[  134.894279][ T7409] netlink: 'syz.1.332': attribute type 6 has an invalid length.
[  134.934688][ T7409] netlink: 'syz.1.332': attribute type 5 has an invalid length.
[  134.964086][ T7409] netlink: 43 bytes leftover after parsing attributes in process `syz.1.332'.
[  135.010334][ T7416] netlink: 'syz.1.332': attribute type 4 has an invalid length.
[  135.138145][ T7426] netlink: 12 bytes leftover after parsing attributes in process `syz.2.338'.
[  135.151716][ T7420] netlink: 96 bytes leftover after parsing attributes in process `syz.4.336'.
[  135.210126][ T7426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.338'.
[  135.262408][ T7428] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  135.271916][ T7428] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  135.293042][ T7426] pim6reg: entered allmulticast mode
[  135.459690][ T7426] pim6reg: left allmulticast mode
[  135.800108][ T7457] sctp: [Deprecated]: syz.0.346 (pid 7457) Use of int in max_burst socket option deprecated.
[  135.800108][ T7457] Use struct sctp_assoc_value instead
[  135.875067][ T7460] tipc: Started in network mode
[  135.880152][ T7460] tipc: Node identity 729319deec3, cluster identity 4711
[  135.897126][ T7460] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  135.986625][ T7463] tipc: Resetting bearer <eth:syzkaller0>
[  136.022891][ T7457] syz.0.346 (7457) used greatest stack depth: 16952 bytes left
[  136.077901][ T7467] sctp: [Deprecated]: syz.0.350 (pid 7467) Use of int in max_burst socket option deprecated.
[  136.077901][ T7467] Use struct sctp_assoc_value instead
[  136.579276][ T7485] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  136.713763][ T7459] tipc: Disabling bearer <eth:syzkaller0>
[  137.032072][ T7511] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  137.055524][ T7512] sctp: [Deprecated]: syz.3.363 (pid 7512) Use of int in max_burst socket option deprecated.
[  137.055524][ T7512] Use struct sctp_assoc_value instead
[  137.208867][ T7504] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  137.254076][ T7504] syzkaller0: entered promiscuous mode
[  137.275222][ T7504] syzkaller0: entered allmulticast mode
[  137.332008][ T7524] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  137.378252][ T7524] team0: left allmulticast mode
[  137.383119][ T7524] team_slave_0: left allmulticast mode
[  137.402780][ T7524] team_slave_1: left allmulticast mode
[  137.414201][ T7524] bridge0: port 4(team0) entered disabled state
[  137.429800][ T7524] bridge_slave_0: left allmulticast mode
[  137.438903][ T7524] bridge_slave_0: left promiscuous mode
[  137.445648][ T7524] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.456460][ T7524] bridge_slave_1: left allmulticast mode
[  137.462096][ T7524] bridge_slave_1: left promiscuous mode
[  137.470811][ T7524] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.482235][ T7524] bond0: (slave bond_slave_0): Releasing backup interface
[  137.496609][ T7524] bond0: (slave bond_slave_1): Releasing backup interface
[  137.508824][ T7524] team_slave_0: left promiscuous mode
[  137.518008][ T7524] team0: Port device team_slave_0 removed
[  137.525499][ T7524] team_slave_1: left promiscuous mode
[  137.533706][ T7524] team0: Port device team_slave_1 removed
[  137.540529][ T7524] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  137.548206][ T7524] batman_adv: batadv0: Removing interface: batadv_slave_0
[  137.558194][ T7524] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.565916][ T7524] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.579108][ T7524] macsec0: left allmulticast mode
[  137.584161][ T7524] veth1_macvtap: left allmulticast mode
[  137.590164][ T7524] macsec0: left promiscuous mode
[  137.596210][ T7524] bridge0: port 3(macsec0) entered disabled state
[  137.697538][ T7534] FAULT_INJECTION: forcing a failure.
[  137.697538][ T7534] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  137.711838][ T7534] CPU: 1 UID: 0 PID: 7534 Comm: syz.2.367 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  137.711860][ T7534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.711877][ T7534] Call Trace:
[  137.711884][ T7534]  <TASK>
[  137.711892][ T7534]  dump_stack_lvl+0x189/0x250
[  137.711925][ T7534]  ? __pfx____ratelimit+0x10/0x10
[  137.711953][ T7534]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.711977][ T7534]  ? __pfx__printk+0x10/0x10
[  137.712002][ T7534]  ? __pfx_netif_state_change+0x10/0x10
[  137.712036][ T7534]  should_fail_ex+0x414/0x560
[  137.712059][ T7534]  _copy_to_user+0x31/0xb0
[  137.712086][ T7534]  ip6gre_tunnel_siocdevprivate+0x6dc/0x700
[  137.712108][ T7534]  ? __pfx___mutex_trylock_common+0x10/0x10
[  137.712135][ T7534]  ? __pfx_ip6gre_tunnel_siocdevprivate+0x10/0x10
[  137.712154][ T7534]  ? rcu_is_watching+0x15/0xb0
[  137.712198][ T7534]  ? netdev_name_node_lookup+0xdf/0x120
[  137.712224][ T7534]  dev_ifsioc+0xb54/0xf00
[  137.712267][ T7534]  dev_ioctl+0x84c/0x1150
[  137.712297][ T7534]  sock_ioctl+0x719/0x790
[  137.712322][ T7534]  ? __pfx_sock_ioctl+0x10/0x10
[  137.712347][ T7534]  ? __fget_files+0x3a0/0x420
[  137.712361][ T7534]  ? __fget_files+0x2a/0x420
[  137.712380][ T7534]  ? bpf_lsm_file_ioctl+0x9/0x20
[  137.712401][ T7534]  ? __pfx_sock_ioctl+0x10/0x10
[  137.712423][ T7534]  __se_sys_ioctl+0xf9/0x170
[  137.712447][ T7534]  do_syscall_64+0xfa/0x3b0
[  137.712462][ T7534]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.712488][ T7534]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.712505][ T7534]  ? clear_bhb_loop+0x60/0xb0
[  137.712526][ T7534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.712542][ T7534] RIP: 0033:0x7f454838e9a9
[  137.712563][ T7534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.712577][ T7534] RSP: 002b:00007f45491a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  137.712601][ T7534] RAX: ffffffffffffffda RBX: 00007f45485b5fa0 RCX: 00007f454838e9a9
[  137.712613][ T7534] RDX: 0000200000000000 RSI: 00000000000089f3 RDI: 0000000000000003
[  137.712624][ T7534] RBP: 00007f45491a8090 R08: 0000000000000000 R09: 0000000000000000
[  137.712634][ T7534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.712644][ T7534] R13: 0000000000000000 R14: 00007f45485b5fa0 R15: 00007ffeb8fd84b8
[  137.712670][ T7534]  </TASK>
[  137.953327][ T7537] validate_nla: 6 callbacks suppressed
[  137.953343][ T7537] netlink: 'syz.4.368': attribute type 1 has an invalid length.
[  139.148099][ T7537] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  139.531631][ T7578] FAULT_INJECTION: forcing a failure.
[  139.531631][ T7578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.558552][ T7578] CPU: 0 UID: 0 PID: 7578 Comm: syz.1.379 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  139.558579][ T7578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  139.558591][ T7578] Call Trace:
[  139.558600][ T7578]  <TASK>
[  139.558609][ T7578]  dump_stack_lvl+0x189/0x250
[  139.558636][ T7578]  ? __pfx____ratelimit+0x10/0x10
[  139.558664][ T7578]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.558686][ T7578]  ? __pfx__printk+0x10/0x10
[  139.558711][ T7578]  ? __might_fault+0xb0/0x130
[  139.558748][ T7578]  should_fail_ex+0x414/0x560
[  139.558772][ T7578]  _copy_from_user+0x2d/0xb0
[  139.558798][ T7578]  kstrtouint_from_user+0xc4/0x170
[  139.558822][ T7578]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  139.558862][ T7578]  proc_fail_nth_write+0x88/0x240
[  139.558882][ T7578]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  139.558910][ T7578]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  139.558932][ T7578]  vfs_write+0x27e/0xa90
[  139.558968][ T7578]  ? __pfx_vfs_write+0x10/0x10
[  139.558997][ T7578]  ? __fget_files+0x2a/0x420
[  139.559019][ T7578]  ? __fget_files+0x3a0/0x420
[  139.559035][ T7578]  ? __fget_files+0x2a/0x420
[  139.559063][ T7578]  ksys_write+0x145/0x250
[  139.559085][ T7578]  ? __fget_files+0x3a0/0x420
[  139.559111][ T7578]  ? __pfx_ksys_write+0x10/0x10
[  139.559145][ T7578]  ? do_syscall_64+0xbe/0x3b0
[  139.559167][ T7578]  do_syscall_64+0xfa/0x3b0
[  139.559183][ T7578]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.559210][ T7578]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.559228][ T7578]  ? clear_bhb_loop+0x60/0xb0
[  139.559252][ T7578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.559270][ T7578] RIP: 0033:0x7f417a98d45f
[  139.559287][ T7578] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.559302][ T7578] RSP: 002b:00007f417b7ca030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.559321][ T7578] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f417a98d45f
[  139.559334][ T7578] RDX: 0000000000000001 RSI: 00007f417b7ca0a0 RDI: 0000000000000004
[  139.559345][ T7578] RBP: 00007f417b7ca090 R08: 0000000000000000 R09: 0000000000000000
[  139.559356][ T7578] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  139.559367][ T7578] R13: 0000000000000000 R14: 00007f417abb5fa0 R15: 00007fff8cc706e8
[  139.559401][ T7578]  </TASK>
[  139.809382][ T7580] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  140.067828][ T7585] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.078305][ T7585] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.208980][ T7585] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.231188][ T7585] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.419199][ T7585] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.446420][ T7585] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.585094][ T7585] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.626633][ T7585] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.689064][ T7609] __nla_validate_parse: 10 callbacks suppressed
[  140.689081][ T7609] netlink: 36 bytes leftover after parsing attributes in process `syz.2.390'.
[  140.802840][ T6024] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  140.817386][ T6024] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.876825][ T6024] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  140.899374][ T6024] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.030284][ T7620] xfrm1: entered allmulticast mode
[  141.043268][ T6024] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  141.073432][ T6024] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.124194][ T6024] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  141.146527][ T6024] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.194371][ T7629] sctp: [Deprecated]: syz.2.396 (pid 7629) Use of int in max_burst socket option deprecated.
[  141.194371][ T7629] Use struct sctp_assoc_value instead
[  141.215324][ T7629] netlink: 44 bytes leftover after parsing attributes in process `syz.2.396'.
[  141.238032][ T7629] netlink: 43 bytes leftover after parsing attributes in process `syz.2.396'.
[  141.270227][ T7629] netlink: 'syz.2.396': attribute type 6 has an invalid length.
[  141.303748][ T7629] netlink: 'syz.2.396': attribute type 5 has an invalid length.
[  141.315002][ T7629] netlink: 43 bytes leftover after parsing attributes in process `syz.2.396'.
[  141.373400][ T7630] netlink: 'syz.2.396': attribute type 4 has an invalid length.
[  141.702720][ T7646] netlink: 12 bytes leftover after parsing attributes in process `syz.4.400'.
[  141.844695][ T7635] netlink: 'syz.0.395': attribute type 6 has an invalid length.
[  142.372337][ T7668] netlink: 'syz.2.405': attribute type 10 has an invalid length.
[  142.562491][ T7686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.407'.
[  142.724322][ T7693] netlink: 24 bytes leftover after parsing attributes in process `syz.0.411'.
[  142.745688][ T7673] syzkaller0: entered promiscuous mode
[  142.761362][ T7673] syzkaller0: entered allmulticast mode
[  142.793834][ T7686] bridge_slave_1: left allmulticast mode
[  142.799804][ T7686] bridge_slave_1: left promiscuous mode
[  142.818112][ T7686] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.861501][ T7686] bridge_slave_0: left allmulticast mode
[  142.868003][ T7686] bridge_slave_0: left promiscuous mode
[  142.874026][ T7686] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.020154][ T7687] syzkaller1: entered promiscuous mode
[  143.026091][ T7687] syzkaller1: entered allmulticast mode
[  143.123213][ T7706] FAULT_INJECTION: forcing a failure.
[  143.123213][ T7706] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.137274][ T7706] CPU: 0 UID: 0 PID: 7706 Comm: syz.0.413 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  143.137301][ T7706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.137313][ T7706] Call Trace:
[  143.137321][ T7706]  <TASK>
[  143.137329][ T7706]  dump_stack_lvl+0x189/0x250
[  143.137357][ T7706]  ? __pfx____ratelimit+0x10/0x10
[  143.137387][ T7706]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.137411][ T7706]  ? __pfx__printk+0x10/0x10
[  143.137438][ T7706]  ? __might_fault+0xb0/0x130
[  143.137477][ T7706]  should_fail_ex+0x414/0x560
[  143.137502][ T7706]  _copy_from_user+0x2d/0xb0
[  143.137530][ T7706]  ___sys_sendmsg+0x158/0x2a0
[  143.137556][ T7706]  ? __pfx____sys_sendmsg+0x10/0x10
[  143.137624][ T7706]  ? __fget_files+0x2a/0x420
[  143.137641][ T7706]  ? __fget_files+0x3a0/0x420
[  143.137669][ T7706]  __x64_sys_sendmsg+0x19b/0x260
[  143.137695][ T7706]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  143.137728][ T7706]  ? __pfx_ksys_write+0x10/0x10
[  143.137751][ T7706]  ? rcu_is_watching+0x15/0xb0
[  143.137780][ T7706]  ? do_syscall_64+0xbe/0x3b0
[  143.137803][ T7706]  do_syscall_64+0xfa/0x3b0
[  143.137819][ T7706]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.137848][ T7706]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.137867][ T7706]  ? clear_bhb_loop+0x60/0xb0
[  143.137892][ T7706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.137910][ T7706] RIP: 0033:0x7f897678e9a9
[  143.137927][ T7706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.137943][ T7706] RSP: 002b:00007f89776bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.137963][ T7706] RAX: ffffffffffffffda RBX: 00007f89769b5fa0 RCX: 00007f897678e9a9
[  143.137977][ T7706] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  143.137990][ T7706] RBP: 00007f89776bc090 R08: 0000000000000000 R09: 0000000000000000
[  143.138001][ T7706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.138013][ T7706] R13: 0000000000000000 R14: 00007f89769b5fa0 R15: 00007fff119b9d58
[  143.138043][ T7706]  </TASK>
[  144.502419][ T7701] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  144.621220][ T7701] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  144.848035][ T7701] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  145.034223][ T7701] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  145.172355][ T7744] netlink: 24 bytes leftover after parsing attributes in process `syz.3.423'.
[  145.184065][ T7745] FAULT_INJECTION: forcing a failure.
[  145.184065][ T7745] name failslab, interval 1, probability 0, space 0, times 1
[  145.237963][ T7745] CPU: 0 UID: 0 PID: 7745 Comm: syz.0.424 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  145.237985][ T7745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.237995][ T7745] Call Trace:
[  145.238002][ T7745]  <TASK>
[  145.238009][ T7745]  dump_stack_lvl+0x189/0x250
[  145.238034][ T7745]  ? __pfx____ratelimit+0x10/0x10
[  145.238061][ T7745]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.238081][ T7745]  ? __pfx__printk+0x10/0x10
[  145.238109][ T7745]  ? __pfx___might_resched+0x10/0x10
[  145.238134][ T7745]  should_fail_ex+0x414/0x560
[  145.238155][ T7745]  should_failslab+0xa8/0x100
[  145.238182][ T7745]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  145.238206][ T7745]  ? __alloc_skb+0x112/0x2d0
[  145.238227][ T7745]  __alloc_skb+0x112/0x2d0
[  145.238247][ T7745]  netlink_sendmsg+0x5c6/0xb30
[  145.238273][ T7745]  ? __pfx_netlink_sendmsg+0x10/0x10
[  145.238292][ T7745]  ? aa_sock_msg_perm+0x94/0x160
[  145.238311][ T7745]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  145.238329][ T7745]  ? __pfx_netlink_sendmsg+0x10/0x10
[  145.238346][ T7745]  __sock_sendmsg+0x219/0x270
[  145.238381][ T7745]  ____sys_sendmsg+0x505/0x830
[  145.238405][ T7745]  ? __pfx_____sys_sendmsg+0x10/0x10
[  145.238433][ T7745]  ? import_iovec+0x74/0xa0
[  145.238480][ T7745]  ___sys_sendmsg+0x21f/0x2a0
[  145.238505][ T7745]  ? __pfx____sys_sendmsg+0x10/0x10
[  145.238567][ T7745]  ? __fget_files+0x2a/0x420
[  145.238584][ T7745]  ? __fget_files+0x3a0/0x420
[  145.238613][ T7745]  __x64_sys_sendmsg+0x19b/0x260
[  145.238640][ T7745]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  145.238673][ T7745]  ? __pfx_ksys_write+0x10/0x10
[  145.238698][ T7745]  ? rcu_is_watching+0x15/0xb0
[  145.238727][ T7745]  ? do_syscall_64+0xbe/0x3b0
[  145.238750][ T7745]  do_syscall_64+0xfa/0x3b0
[  145.238767][ T7745]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.238797][ T7745]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.238817][ T7745]  ? clear_bhb_loop+0x60/0xb0
[  145.238841][ T7745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.238860][ T7745] RIP: 0033:0x7f897678e9a9
[  145.238876][ T7745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.238893][ T7745] RSP: 002b:00007f89776bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  145.238913][ T7745] RAX: ffffffffffffffda RBX: 00007f89769b5fa0 RCX: 00007f897678e9a9
[  145.238927][ T7745] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  145.238939][ T7745] RBP: 00007f89776bc090 R08: 0000000000000000 R09: 0000000000000000
[  145.238951][ T7745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.238962][ T7745] R13: 0000000000000000 R14: 00007f89769b5fa0 R15: 00007fff119b9d58
[  145.238992][ T7745]  </TASK>
[  145.268722][ T6025] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  145.529639][ T6025] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  145.537108][ T7747] netlink: 28 bytes leftover after parsing attributes in process `syz.4.425'.
[  145.550756][ T7747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.425'.
[  145.594245][ T7751] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  145.604865][ T7751] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.653326][ T6025] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  145.673571][ T7747] tipc: Started in network mode
[  145.682383][ T7747] tipc: Node identity 0603d3a93e53, cluster identity 4711
[  145.689958][ T7747] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  145.747631][ T7751] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  145.778556][ T7751] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.878837][ T6025] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  146.060127][ T7746] tipc: Disabling bearer <eth:syzkaller0>
[  146.082236][ T7764] workqueue: name exceeds WQ_NAME_LEN. Truncating to: žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–
[  146.171270][ T7751] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  146.304555][ T7751] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.501338][ T7751] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  146.536475][ T7751] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.622552][ T7785] Bluetooth: MGMT ver 1.23
[  146.732499][ T7785] __nla_validate_parse: 1 callbacks suppressed
[  146.732513][ T7785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.434'.
[  146.767699][ T7791] geneve2: entered promiscuous mode
[  146.878430][ T7799] netlink: 24 bytes leftover after parsing attributes in process `syz.4.438'.
[  147.010632][ T7804] sctp: [Deprecated]: syz.2.439 (pid 7804) Use of int in max_burst socket option deprecated.
[  147.010632][ T7804] Use struct sctp_assoc_value instead
[  147.016063][ T6025] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  147.071932][ T6025] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.115052][ T6025] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  147.123255][ T6025] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.146412][ T7809] FAULT_INJECTION: forcing a failure.
[  147.146412][ T7809] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.170049][ T1106] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  147.183491][ T7804] netlink: 'syz.2.439': attribute type 4 has an invalid length.
[  147.186525][ T7809] CPU: 1 UID: 0 PID: 7809 Comm: syz.4.441 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  147.186552][ T7809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.186563][ T7809] Call Trace:
[  147.186571][ T7809]  <TASK>
[  147.186579][ T7809]  dump_stack_lvl+0x189/0x250
[  147.186608][ T7809]  ? __pfx____ratelimit+0x10/0x10
[  147.186639][ T7809]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.186662][ T7809]  ? __pfx__printk+0x10/0x10
[  147.186688][ T7809]  ? __might_fault+0xb0/0x130
[  147.186727][ T7809]  should_fail_ex+0x414/0x560
[  147.186753][ T7809]  _copy_from_iter+0x1db/0x16f0
[  147.186782][ T7809]  ? rcu_is_watching+0x15/0xb0
[  147.186806][ T7809]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  147.186835][ T7809]  ? __pfx__copy_from_iter+0x10/0x10
[  147.186860][ T7809]  ? __build_skb_around+0x257/0x3e0
[  147.186883][ T7809]  ? netlink_sendmsg+0x642/0xb30
[  147.186902][ T7809]  ? skb_put+0x11b/0x210
[  147.186925][ T7809]  netlink_sendmsg+0x6b2/0xb30
[  147.186953][ T7809]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.186975][ T7809]  ? aa_sock_msg_perm+0x94/0x160
[  147.186998][ T7809]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  147.187019][ T7809]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.187038][ T7809]  __sock_sendmsg+0x219/0x270
[  147.187068][ T7809]  ____sys_sendmsg+0x505/0x830
[  147.187097][ T7809]  ? __pfx_____sys_sendmsg+0x10/0x10
[  147.187129][ T7809]  ? import_iovec+0x74/0xa0
[  147.187159][ T7809]  ___sys_sendmsg+0x21f/0x2a0
[  147.187183][ T7809]  ? __pfx____sys_sendmsg+0x10/0x10
[  147.187250][ T7809]  ? __fget_files+0x2a/0x420
[  147.187267][ T7809]  ? __fget_files+0x3a0/0x420
[  147.187294][ T7809]  __x64_sys_sendmsg+0x19b/0x260
[  147.187319][ T7809]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  147.187353][ T7809]  ? __pfx_ksys_write+0x10/0x10
[  147.187376][ T7809]  ? rcu_is_watching+0x15/0xb0
[  147.187403][ T7809]  ? do_syscall_64+0xbe/0x3b0
[  147.187426][ T7809]  do_syscall_64+0xfa/0x3b0
[  147.187442][ T7809]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.187471][ T7809]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.187490][ T7809]  ? clear_bhb_loop+0x60/0xb0
[  147.187514][ T7809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.187532][ T7809] RIP: 0033:0x7fe53758e9a9
[  147.187550][ T7809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.187565][ T7809] RSP: 002b:00007fe53847a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.187585][ T7809] RAX: ffffffffffffffda RBX: 00007fe5377b5fa0 RCX: 00007fe53758e9a9
[  147.187600][ T7809] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  147.187613][ T7809] RBP: 00007fe53847a090 R08: 0000000000000000 R09: 0000000000000000
[  147.187624][ T7809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.187635][ T7809] R13: 0000000000000000 R14: 00007fe5377b5fa0 R15: 00007fff81072658
[  147.187664][ T7809]  </TASK>
[  147.279972][ T1106] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.510337][ T7801] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  147.517765][ T7801] IPv6: NLM_F_CREATE should be set when creating new route
[  147.525083][ T7801] IPv6: NLM_F_CREATE should be set when creating new route
[  147.532308][ T7801] IPv6: NLM_F_CREATE should be set when creating new route
[  147.541053][ T1106] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  147.563867][ T7801] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  147.571148][ T1106] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.581831][ T7814] netlink: 'syz.1.444': attribute type 1 has an invalid length.
[  147.607631][ T7814] netlink: 224 bytes leftover after parsing attributes in process `syz.1.444'.
[  147.743835][ T7821] netlink: 92 bytes leftover after parsing attributes in process `syz.0.447'.
[  147.761830][ T7821] netlink: 24 bytes leftover after parsing attributes in process `syz.0.447'.
[  147.772141][ T7821] netlink: 24 bytes leftover after parsing attributes in process `syz.0.447'.
[  147.812219][ T7823] netlink: 'syz.1.446': attribute type 1 has an invalid length.
[  148.078412][ T7840] FAULT_INJECTION: forcing a failure.
[  148.078412][ T7840] name failslab, interval 1, probability 0, space 0, times 0
[  148.093514][ T7840] CPU: 0 UID: 0 PID: 7840 Comm: syz.3.452 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  148.093538][ T7840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  148.093548][ T7840] Call Trace:
[  148.093555][ T7840]  <TASK>
[  148.093562][ T7840]  dump_stack_lvl+0x189/0x250
[  148.093587][ T7840]  ? __pfx____ratelimit+0x10/0x10
[  148.093613][ T7840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.093633][ T7840]  ? __pfx__printk+0x10/0x10
[  148.093663][ T7840]  ? __pfx___might_resched+0x10/0x10
[  148.093682][ T7840]  ? fs_reclaim_acquire+0x7d/0x100
[  148.093702][ T7840]  should_fail_ex+0x414/0x560
[  148.093725][ T7840]  should_failslab+0xa8/0x100
[  148.093753][ T7840]  __kmalloc_cache_noprof+0x70/0x3d0
[  148.093777][ T7840]  ? rtm_new_nexthop+0x192a/0x7eb0
[  148.093803][ T7840]  rtm_new_nexthop+0x192a/0x7eb0
[  148.093840][ T7840]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  148.093859][ T7840]  ? is_bpf_text_address+0x26/0x2b0
[  148.093885][ T7840]  ? __lock_acquire+0xab9/0xd20
[  148.093915][ T7840]  ? __lock_acquire+0xab9/0xd20
[  148.093952][ T7840]  ? is_bpf_text_address+0x26/0x2b0
[  148.093987][ T7840]  ? __lock_acquire+0xab9/0xd20
[  148.094030][ T7840]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  148.094049][ T7840]  rtnetlink_rcv_msg+0x7cc/0xb70
[  148.094075][ T7840]  ? __lock_acquire+0xab9/0xd20
[  148.094094][ T7840]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  148.094136][ T7840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  148.094177][ T7840]  netlink_rcv_skb+0x208/0x470
[  148.094203][ T7840]  ? __lock_acquire+0xab9/0xd20
[  148.094210][ T7841] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  148.094220][ T7840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  148.094247][ T7840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  148.094286][ T7840]  ? netlink_deliver_tap+0x2e/0x1b0
[  148.094327][ T7840]  netlink_unicast+0x82f/0x9e0
[  148.094365][ T7840]  ? __pfx_netlink_unicast+0x10/0x10
[  148.094394][ T7840]  ? netlink_sendmsg+0x642/0xb30
[  148.094415][ T7840]  ? skb_put+0x11b/0x210
[  148.094440][ T7840]  netlink_sendmsg+0x805/0xb30
[  148.094470][ T7840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  148.094493][ T7840]  ? aa_sock_msg_perm+0x94/0x160
[  148.094514][ T7840]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  148.094535][ T7840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  148.094554][ T7840]  __sock_sendmsg+0x219/0x270
[  148.094585][ T7840]  ____sys_sendmsg+0x505/0x830
[  148.094614][ T7840]  ? __pfx_____sys_sendmsg+0x10/0x10
[  148.094646][ T7840]  ? import_iovec+0x74/0xa0
[  148.094677][ T7840]  ___sys_sendmsg+0x21f/0x2a0
[  148.094701][ T7840]  ? __pfx____sys_sendmsg+0x10/0x10
[  148.094761][ T7840]  ? __fget_files+0x2a/0x420
[  148.094777][ T7840]  ? __fget_files+0x3a0/0x420
[  148.094806][ T7840]  __x64_sys_sendmsg+0x19b/0x260
[  148.094831][ T7840]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  148.094864][ T7840]  ? __pfx_ksys_write+0x10/0x10
[  148.094888][ T7840]  ? rcu_is_watching+0x15/0xb0
[  148.094916][ T7840]  ? do_syscall_64+0xbe/0x3b0
[  148.094940][ T7840]  do_syscall_64+0xfa/0x3b0
[  148.094956][ T7840]  ? lockdep_hardirqs_on+0x9c/0x150
[  148.094984][ T7840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.095003][ T7840]  ? clear_bhb_loop+0x60/0xb0
[  148.095027][ T7840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.095045][ T7840] RIP: 0033:0x7f1eb358e9a9
[  148.095063][ T7840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.095078][ T7840] RSP: 002b:00007f1eb4397038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  148.095107][ T7840] RAX: ffffffffffffffda RBX: 00007f1eb37b5fa0 RCX: 00007f1eb358e9a9
[  148.095121][ T7840] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  148.095133][ T7840] RBP: 00007f1eb4397090 R08: 0000000000000000 R09: 0000000000000000
[  148.095145][ T7840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.095156][ T7840] R13: 0000000000000000 R14: 00007f1eb37b5fa0 R15: 00007ffdcccc6e48
[  148.095185][ T7840]  </TASK>
[  148.293041][ T7845] netlink: 596 bytes leftover after parsing attributes in process `syz.3.453'.
[  149.080513][ T7863] netlink: 830 bytes leftover after parsing attributes in process `syz.3.455'.
[  149.094673][ T7870] netlink: 44 bytes leftover after parsing attributes in process `syz.1.460'.
[  149.130289][ T7868] netlink: 16 bytes leftover after parsing attributes in process `syz.4.459'.
[  149.419295][ T7876] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.462763][ T7876] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.577470][ T7876] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.616004][ T7876] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.767212][ T7876] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.786716][ T7876] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.877837][ T7907] netlink: 'syz.3.468': attribute type 1 has an invalid length.
[  150.027294][ T7906] 8021q: adding VLAN 0 to HW filter on device bond1
[  150.076483][ T7906] bridge0: port 1(bond1) entered blocking state
[  150.097070][ T7906] bridge0: port 1(bond1) entered disabled state
[  150.109737][ T7906] bond1: entered allmulticast mode
[  150.119496][ T7906] bond1: entered promiscuous mode
[  150.128875][ T7906] bridge0: port 1(bond1) entered blocking state
[  150.135468][ T7906] bridge0: port 1(bond1) entered forwarding state
[  150.205474][ T7907] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.215956][ T7876] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  150.226313][ T7876] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.267610][ T7910] bond0: (slave veth5): Enslaving as an active interface with a down link
[  150.283412][ T7913] dummy0: entered promiscuous mode
[  150.292791][ T7913] hsr1: Slave B (team0) is not up; please bring it up to get a fully working HSR network
[  150.305456][ T7913] bridge0: port 2(hsr1) entered blocking state
[  150.311794][ T7913] bridge0: port 2(hsr1) entered disabled state
[  150.319710][ T7913] hsr1: entered allmulticast mode
[  150.326197][ T7913] dummy0: entered allmulticast mode
[  150.331551][ T7913] team0: entered allmulticast mode
[  150.339698][ T7913] hsr1: entered promiscuous mode
[  150.347033][ T7913] bridge0: port 2(hsr1) entered blocking state
[  150.353339][ T7913] bridge0: port 2(hsr1) entered forwarding state
[  150.397741][ T1106] bridge0: port 1(bond1) entered disabled state
[  150.657533][ T7927] netlink: 'syz.4.471': attribute type 21 has an invalid length.
[  150.697175][ T1106] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  150.724775][ T1106] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.822006][ T1106] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  150.841442][ T1106] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.883990][ T1106] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  150.921970][ T1106] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.015450][ T6024] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  151.023787][ T6024] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.171768][ T7948] FAULT_INJECTION: forcing a failure.
[  151.171768][ T7948] name failslab, interval 1, probability 0, space 0, times 0
[  151.186443][ T7948] CPU: 1 UID: 0 PID: 7948 Comm: syz.1.478 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  151.186465][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  151.186476][ T7948] Call Trace:
[  151.186483][ T7948]  <TASK>
[  151.186490][ T7948]  dump_stack_lvl+0x189/0x250
[  151.186515][ T7948]  ? __pfx____ratelimit+0x10/0x10
[  151.186542][ T7948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.186563][ T7948]  ? __pfx__printk+0x10/0x10
[  151.186593][ T7948]  ? __pfx___might_resched+0x10/0x10
[  151.186612][ T7948]  ? fs_reclaim_acquire+0x7d/0x100
[  151.186634][ T7948]  should_fail_ex+0x414/0x560
[  151.186657][ T7948]  should_failslab+0xa8/0x100
[  151.186684][ T7948]  __kmalloc_noprof+0xcb/0x4f0
[  151.186707][ T7948]  ? rtm_new_nexthop+0x1b26/0x7eb0
[  151.186731][ T7948]  rtm_new_nexthop+0x1b26/0x7eb0
[  151.186768][ T7948]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  151.186801][ T7948]  ? kasan_quarantine_put+0xdd/0x220
[  151.186822][ T7948]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.186853][ T7948]  ? nlmon_xmit+0xb0/0x100
[  151.186877][ T7948]  ? kmem_cache_free+0x18f/0x400
[  151.186907][ T7948]  ? __local_bh_enable_ip+0x12d/0x1c0
[  151.186928][ T7948]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.186955][ T7948]  ? __local_bh_enable_ip+0x12d/0x1c0
[  151.186974][ T7948]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  151.187013][ T7948]  ? __lock_acquire+0xab9/0xd20
[  151.187058][ T7948]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  151.187078][ T7948]  rtnetlink_rcv_msg+0x7cc/0xb70
[  151.187116][ T7948]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  151.187142][ T7948]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  151.187167][ T7948]  ? ref_tracker_free+0x63a/0x7d0
[  151.187186][ T7948]  ? __asan_memcpy+0x40/0x70
[  151.187205][ T7948]  ? __pfx_ref_tracker_free+0x10/0x10
[  151.187235][ T7948]  netlink_rcv_skb+0x208/0x470
[  151.187263][ T7948]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  151.187292][ T7948]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  151.187330][ T7948]  ? netlink_deliver_tap+0x2e/0x1b0
[  151.187364][ T7948]  netlink_unicast+0x82f/0x9e0
[  151.187397][ T7948]  ? __pfx_netlink_unicast+0x10/0x10
[  151.187423][ T7948]  ? netlink_sendmsg+0x642/0xb30
[  151.187438][ T7948]  ? skb_put+0x11b/0x210
[  151.187460][ T7948]  netlink_sendmsg+0x805/0xb30
[  151.187485][ T7948]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.187506][ T7948]  ? aa_sock_msg_perm+0x94/0x160
[  151.187526][ T7948]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  151.187544][ T7948]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.187561][ T7948]  __sock_sendmsg+0x219/0x270
[  151.187589][ T7948]  ____sys_sendmsg+0x505/0x830
[  151.187614][ T7948]  ? __pfx_____sys_sendmsg+0x10/0x10
[  151.187643][ T7948]  ? import_iovec+0x74/0xa0
[  151.187671][ T7948]  ___sys_sendmsg+0x21f/0x2a0
[  151.187693][ T7948]  ? __pfx____sys_sendmsg+0x10/0x10
[  151.187749][ T7948]  ? __fget_files+0x2a/0x420
[  151.187763][ T7948]  ? __fget_files+0x3a0/0x420
[  151.187788][ T7948]  __x64_sys_sendmsg+0x19b/0x260
[  151.187811][ T7948]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  151.187841][ T7948]  ? __pfx_ksys_write+0x10/0x10
[  151.187862][ T7948]  ? rcu_is_watching+0x15/0xb0
[  151.187887][ T7948]  ? do_syscall_64+0xbe/0x3b0
[  151.187907][ T7948]  do_syscall_64+0xfa/0x3b0
[  151.187922][ T7948]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.187946][ T7948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.187963][ T7948]  ? clear_bhb_loop+0x60/0xb0
[  151.187985][ T7948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.188002][ T7948] RIP: 0033:0x7f417a98e9a9
[  151.188017][ T7948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.188030][ T7948] RSP: 002b:00007f417b7ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  151.188048][ T7948] RAX: ffffffffffffffda RBX: 00007f417abb5fa0 RCX: 00007f417a98e9a9
[  151.188060][ T7948] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  151.188071][ T7948] RBP: 00007f417b7ca090 R08: 0000000000000000 R09: 0000000000000000
[  151.188091][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.188101][ T7948] R13: 0000000000000000 R14: 00007f417abb5fa0 R15: 00007fff8cc706e8
[  151.188129][ T7948]  </TASK>
[  151.747802][ T7955] __nla_validate_parse: 5 callbacks suppressed
[  151.747821][ T7955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.482'.
[  152.006862][ T7964] bridge0: port 2(hsr1) entered disabled state
[  152.205670][ T7964] mac80211_hwsim hwsim10 wlan1: left allmulticast mode
[  152.223526][ T7965] bridge0: entered promiscuous mode
[  152.241648][ T6025] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.273959][ T6025] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.290657][ T6025] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.365100][ T6025] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.453528][ T5850] IPVS: starting estimator thread 0...
[  152.462154][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.3.488'.
[  152.508285][ T7977] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  152.562365][ T7989] sctp: [Deprecated]: syz.1.492 (pid 7989) Use of int in max_burst socket option deprecated.
[  152.562365][ T7989] Use struct sctp_assoc_value instead
[  152.578989][ T7985] IPVS: using max 32 ests per chain, 76800 per kthread
[  152.795265][ T7990] xt_CT: No such helper "syz0"
[  153.016087][ T7996] netlink: 596 bytes leftover after parsing attributes in process `syz.4.494'.
[  153.072733][ T7998] netlink: 24 bytes leftover after parsing attributes in process `syz.1.495'.
[  153.290922][ T8003] sock: sock_timestamping_bind_phc: sock not bind to device
[  153.398397][ T8007] xt_cgroup: invalid path, errno=-2
[  153.484334][ T8013] netlink: 9 bytes leftover after parsing attributes in process `syz.3.499'.
[  153.526355][ T8013] gretap0: entered promiscuous mode
[  153.572377][ T8013] netlink: 5 bytes leftover after parsing attributes in process `syz.3.499'.
[  153.611856][ T8013] 0ªî{X¹¦: renamed from gretap0
[  153.621948][ T8020] netlink: 24 bytes leftover after parsing attributes in process `syz.2.500'.
[  153.633885][ T8013] 0ªî{X¹¦: left promiscuous mode
[  153.640507][ T8013] 0ªî{X¹¦: entered allmulticast mode
[  153.648560][ T8013] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  153.706911][ T8020] netlink: 48 bytes leftover after parsing attributes in process `syz.2.500'.
[  153.927701][ T8032] sctp: [Deprecated]: syz.2.505 (pid 8032) Use of int in max_burst socket option deprecated.
[  153.927701][ T8032] Use struct sctp_assoc_value instead
[  154.023505][ T8037] netlink: 'syz.3.507': attribute type 5 has an invalid length.
[  154.059900][ T8038] netlink: 24 bytes leftover after parsing attributes in process `syz.4.508'.
[  154.629591][ T8049] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.661089][ T8049] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.743385][ T8049] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.787016][ T8077] netlink: 596 bytes leftover after parsing attributes in process `syz.3.518'.
[  154.792984][ T8049] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.910008][ T8081] netlink: 'syz.4.519': attribute type 1 has an invalid length.
[  154.915277][ T8049] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.935179][ T8085] netlink: 'syz.0.521': attribute type 1 has an invalid length.
[  154.943745][ T8049] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.072177][ T8085] 8021q: adding VLAN 0 to HW filter on device bond2
[  155.126495][ T8094] dvmrp1: entered allmulticast mode
[  155.189213][ T8049] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  155.253858][ T8049] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.280687][ T8094] dvmrp1: left allmulticast mode
[  155.352687][   T60] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  155.374790][   T60] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.420302][   T13] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  155.465197][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.538519][   T60] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  155.557260][   T60] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.634186][ T8109] smc: net device bond0 applied user defined pnetid SYZ2
[  155.643033][ T6025] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  155.659913][ T6025] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.884272][ T8118] netlink: 'syz.2.530': attribute type 4 has an invalid length.
[  156.308388][ T8147] FAULT_INJECTION: forcing a failure.
[  156.308388][ T8147] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.326902][ T8147] CPU: 0 UID: 0 PID: 8147 Comm: syz.4.537 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  156.326924][ T8147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.326934][ T8147] Call Trace:
[  156.326941][ T8147]  <TASK>
[  156.326948][ T8147]  dump_stack_lvl+0x189/0x250
[  156.326974][ T8147]  ? __pfx____ratelimit+0x10/0x10
[  156.327001][ T8147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.327022][ T8147]  ? __pfx__printk+0x10/0x10
[  156.327046][ T8147]  ? __might_fault+0xb0/0x130
[  156.327080][ T8147]  should_fail_ex+0x414/0x560
[  156.327103][ T8147]  _copy_from_user+0x2d/0xb0
[  156.327128][ T8147]  ___sys_sendmsg+0x158/0x2a0
[  156.327151][ T8147]  ? __pfx____sys_sendmsg+0x10/0x10
[  156.327205][ T8147]  ? __fget_files+0x2a/0x420
[  156.327219][ T8147]  ? __fget_files+0x3a0/0x420
[  156.327244][ T8147]  __x64_sys_sendmsg+0x19b/0x260
[  156.327266][ T8147]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  156.327293][ T8147]  ? __pfx_ksys_write+0x10/0x10
[  156.327314][ T8147]  ? rcu_is_watching+0x15/0xb0
[  156.327339][ T8147]  ? do_syscall_64+0xbe/0x3b0
[  156.327358][ T8147]  do_syscall_64+0xfa/0x3b0
[  156.327373][ T8147]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.327396][ T8147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.327412][ T8147]  ? clear_bhb_loop+0x60/0xb0
[  156.327432][ T8147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.327448][ T8147] RIP: 0033:0x7fe53758e9a9
[  156.327462][ T8147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.327475][ T8147] RSP: 002b:00007fe53847a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.327492][ T8147] RAX: ffffffffffffffda RBX: 00007fe5377b5fa0 RCX: 00007fe53758e9a9
[  156.327504][ T8147] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  156.327514][ T8147] RBP: 00007fe53847a090 R08: 0000000000000000 R09: 0000000000000000
[  156.327523][ T8147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.327531][ T8147] R13: 0000000000000000 R14: 00007fe5377b5fa0 R15: 00007fff81072658
[  156.327558][ T8147]  </TASK>
[  156.699101][ T8154] netlink: 'syz.2.542': attribute type 1 has an invalid length.
[  156.857648][ T8162] bond2: (slave ip6gretap2): Enslaving as a backup interface with an up link
[  156.945626][ T8154] 8021q: adding VLAN 0 to HW filter on device bond2
[  156.946137][   T12] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  157.004998][ T8162] veth5: entered promiscuous mode
[  157.012275][ T8162] bond2: (slave veth5): Enslaving as a backup interface with a down link
[  157.029104][ T8173] __nla_validate_parse: 10 callbacks suppressed
[  157.029119][ T8173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.545'.
[  157.075863][   T12] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  157.178016][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.188879][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.647043][ T8193] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  157.990978][ T8196] netlink: 'syz.4.550': attribute type 1 has an invalid length.
[  158.231475][ T8196] 8021q: adding VLAN 0 to HW filter on device bond2
[  158.297664][ T8204] netlink: 24 bytes leftover after parsing attributes in process `syz.3.551'.
[  158.379749][ T8207] netlink: 232 bytes leftover after parsing attributes in process `syz.1.552'.
[  158.437251][ T8207] netlink: 232 bytes leftover after parsing attributes in process `syz.1.552'.
[  158.499134][ T8207] netlink: 44 bytes leftover after parsing attributes in process `syz.1.552'.
[  158.546024][ T8210] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.553'.
[  158.610319][ T8217] netlink: 64 bytes leftover after parsing attributes in process `syz.3.555'.
[  158.623316][ T8217] netlink: 64 bytes leftover after parsing attributes in process `syz.3.555'.
[  158.729262][ T8221] netlink: 596 bytes leftover after parsing attributes in process `syz.4.557'.
[  158.939895][ T8239] netlink: 'syz.0.562': attribute type 1 has an invalid length.
[  159.019874][ T8233] netlink: 596 bytes leftover after parsing attributes in process `syz.3.560'.
[  159.033869][ T8239] 8021q: adding VLAN 0 to HW filter on device bond3
[  159.173649][ T8256] netlink: 'syz.1.564': attribute type 16 has an invalid length.
[  159.192970][ T8256] netlink: 'syz.1.564': attribute type 3 has an invalid length.
[  159.477758][ T8272] FAULT_INJECTION: forcing a failure.
[  159.477758][ T8272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.533358][ T8272] CPU: 1 UID: 0 PID: 8272 Comm: syz.0.568 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  159.533384][ T8272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.533394][ T8272] Call Trace:
[  159.533401][ T8272]  <TASK>
[  159.533409][ T8272]  dump_stack_lvl+0x189/0x250
[  159.533434][ T8272]  ? __pfx____ratelimit+0x10/0x10
[  159.533461][ T8272]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.533481][ T8272]  ? __pfx__printk+0x10/0x10
[  159.533504][ T8272]  ? __might_fault+0xb0/0x130
[  159.533538][ T8272]  should_fail_ex+0x414/0x560
[  159.533561][ T8272]  _copy_from_iter+0x1db/0x16f0
[  159.533585][ T8272]  ? rcu_is_watching+0x15/0xb0
[  159.533610][ T8272]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  159.533636][ T8272]  ? __pfx__copy_from_iter+0x10/0x10
[  159.533658][ T8272]  ? __build_skb_around+0x257/0x3e0
[  159.533680][ T8272]  ? netlink_sendmsg+0x642/0xb30
[  159.533695][ T8272]  ? skb_put+0x11b/0x210
[  159.533716][ T8272]  netlink_sendmsg+0x6b2/0xb30
[  159.533740][ T8272]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.533760][ T8272]  ? aa_sock_msg_perm+0x94/0x160
[  159.533780][ T8272]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  159.533798][ T8272]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.533815][ T8272]  __sock_sendmsg+0x219/0x270
[  159.533842][ T8272]  ____sys_sendmsg+0x505/0x830
[  159.533866][ T8272]  ? __pfx_____sys_sendmsg+0x10/0x10
[  159.533895][ T8272]  ? import_iovec+0x74/0xa0
[  159.533921][ T8272]  ___sys_sendmsg+0x21f/0x2a0
[  159.533942][ T8272]  ? __pfx____sys_sendmsg+0x10/0x10
[  159.533995][ T8272]  ? __fget_files+0x2a/0x420
[  159.534009][ T8272]  ? __fget_files+0x3a0/0x420
[  159.534035][ T8272]  __x64_sys_sendmsg+0x19b/0x260
[  159.534057][ T8272]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  159.534087][ T8272]  ? __pfx_ksys_write+0x10/0x10
[  159.534107][ T8272]  ? rcu_is_watching+0x15/0xb0
[  159.534140][ T8272]  ? do_syscall_64+0xbe/0x3b0
[  159.534161][ T8272]  do_syscall_64+0xfa/0x3b0
[  159.534176][ T8272]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.534201][ T8272]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.534218][ T8272]  ? clear_bhb_loop+0x60/0xb0
[  159.534239][ T8272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.534255][ T8272] RIP: 0033:0x7f897678e9a9
[  159.534271][ T8272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.534285][ T8272] RSP: 002b:00007f89776bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.534303][ T8272] RAX: ffffffffffffffda RBX: 00007f89769b5fa0 RCX: 00007f897678e9a9
[  159.534315][ T8272] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  159.534325][ T8272] RBP: 00007f89776bc090 R08: 0000000000000000 R09: 0000000000000000
[  159.534335][ T8272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.534345][ T8272] R13: 0000000000000000 R14: 00007f89769b5fa0 R15: 00007fff119b9d58
[  159.534372][ T8272]  </TASK>
[  159.817804][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.573645][ T8284] ip6gretap1: entered promiscuous mode
[  160.816116][ T8302] netlink: 'syz.3.577': attribute type 1 has an invalid length.
[  160.984345][ T8311] netlink: 'syz.1.582': attribute type 1 has an invalid length.
[  161.104744][ T8314] tipc: Started in network mode
[  161.111583][ T8314] tipc: Node identity ac14140f, cluster identity 4711
[  161.118884][ T8314] tipc: New replicast peer: 255.255.255.255
[  161.126405][ T8314] tipc: Enabled bearer <udp:syz2>, priority 10
[  161.684888][ T8335] netlink: 'syz.4.589': attribute type 4 has an invalid length.
[  161.733982][ T6025] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  161.755241][ T6025] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  161.765157][ T6025] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  161.773532][ T6025] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  161.926147][ T8345] sctp: [Deprecated]: syz.2.593 (pid 8345) Use of int in max_burst socket option deprecated.
[  161.926147][ T8345] Use struct sctp_assoc_value instead
[  162.254714][    T9] tipc: Node number set to 2886997007
[  162.467979][ T8365] __nla_validate_parse: 14 callbacks suppressed
[  162.467995][ T8365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.598'.
[  162.712798][ T8356] netlink: 248 bytes leftover after parsing attributes in process `syz.2.596'.
[  162.818289][ T8382] netlink: 96 bytes leftover after parsing attributes in process `syz.1.601'.
[  162.826417][ T8356] Bluetooth: MGMT ver 1.23
[  162.849352][ T5863] Bluetooth: hci4: link tx timeout
[  162.854811][ T5863] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  163.083071][ T8393] netlink: 'syz.4.608': attribute type 1 has an invalid length.
[  163.125331][ T8393] netlink: 784 bytes leftover after parsing attributes in process `syz.4.608'.
[  163.148805][ T8399] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  163.345293][ T8401] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  163.578977][ T8412] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  163.631750][ T8417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.617'.
[  163.855234][ T8431] veth1_to_team: entered allmulticast mode
[  163.864849][ T8431] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check.
[  163.972078][ T8440] netlink: 24 bytes leftover after parsing attributes in process `syz.4.623'.
[  163.989902][ T8434] netlink: 'syz.2.622': attribute type 4 has an invalid length.
[  164.015401][ T8443] netlink: 24 bytes leftover after parsing attributes in process `syz.1.624'.
[  164.207109][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.626'.
[  164.813387][ T8461] batadv_slave_0: left promiscuous mode
[  164.830835][ T8461] batadv_slave_0: left allmulticast mode
[  164.853644][ T8461] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  164.901605][ T8490] netlink: 'syz.0.635': attribute type 9 has an invalid length.
[  164.912748][ T8490] netlink: 'syz.0.635': attribute type 7 has an invalid length.
[  164.922458][ T5863] Bluetooth: hci4: command 0x0401 tx timeout
[  164.956759][ T8490] netlink: 'syz.0.635': attribute type 8 has an invalid length.
[  165.070355][ T8461] geneve2: left promiscuous mode
[  165.075742][ T8461] geneve2: left allmulticast mode
[  165.109434][ T8481] FAULT_INJECTION: forcing a failure.
[  165.109434][ T8481] name failslab, interval 1, probability 0, space 0, times 0
[  165.123185][ T8481] CPU: 0 UID: 0 PID: 8481 Comm: syz.2.634 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  165.123209][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.123221][ T8481] Call Trace:
[  165.123228][ T8481]  <TASK>
[  165.123236][ T8481]  dump_stack_lvl+0x189/0x250
[  165.123263][ T8481]  ? __pfx____ratelimit+0x10/0x10
[  165.123291][ T8481]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.123314][ T8481]  ? __pfx__printk+0x10/0x10
[  165.123345][ T8481]  ? __pfx___might_resched+0x10/0x10
[  165.123365][ T8481]  ? fs_reclaim_acquire+0x7d/0x100
[  165.123388][ T8481]  should_fail_ex+0x414/0x560
[  165.123412][ T8481]  should_failslab+0xa8/0x100
[  165.123440][ T8481]  __kmalloc_cache_noprof+0x70/0x3d0
[  165.123465][ T8481]  ? tcf_block_get_ext+0x140/0x17d0
[  165.123491][ T8481]  ? tc_modify_qdisc+0x1538/0x20e0
[  165.123518][ T8481]  tcf_block_get_ext+0x140/0x17d0
[  165.123545][ T8481]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.123574][ T8481]  ? __pfx_drr_init_qdisc+0x10/0x10
[  165.123602][ T8481]  tcf_block_get+0x67/0xa0
[  165.123634][ T8481]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  165.123667][ T8481]  drr_init_qdisc+0x2e/0xd0
[  165.123695][ T8481]  qdisc_create+0x7ac/0xea0
[  165.123729][ T8481]  tc_modify_qdisc+0x1538/0x20e0
[  165.123768][ T8481]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  165.123832][ T8481]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  165.123853][ T8481]  rtnetlink_rcv_msg+0x779/0xb70
[  165.123879][ T8481]  ? __lock_acquire+0xab9/0xd20
[  165.123898][ T8481]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  165.123924][ T8481]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  165.123968][ T8481]  netlink_rcv_skb+0x208/0x470
[  165.123993][ T8481]  ? __lock_acquire+0xab9/0xd20
[  165.124010][ T8481]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  165.124038][ T8481]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  165.124076][ T8481]  ? netlink_deliver_tap+0x2e/0x1b0
[  165.124111][ T8481]  netlink_unicast+0x82f/0x9e0
[  165.124143][ T8481]  ? __pfx_netlink_unicast+0x10/0x10
[  165.124170][ T8481]  ? netlink_sendmsg+0x642/0xb30
[  165.124185][ T8481]  ? skb_put+0x11b/0x210
[  165.124206][ T8481]  netlink_sendmsg+0x805/0xb30
[  165.124232][ T8481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.124252][ T8481]  ? aa_sock_msg_perm+0x94/0x160
[  165.124272][ T8481]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  165.124291][ T8481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.124308][ T8481]  __sock_sendmsg+0x219/0x270
[  165.124336][ T8481]  ____sys_sendmsg+0x52d/0x830
[  165.124361][ T8481]  ? __pfx_____sys_sendmsg+0x10/0x10
[  165.124390][ T8481]  ? import_iovec+0x74/0xa0
[  165.124420][ T8481]  ___sys_sendmsg+0x21f/0x2a0
[  165.124443][ T8481]  ? __pfx____sys_sendmsg+0x10/0x10
[  165.124498][ T8481]  ? __fget_files+0x2a/0x420
[  165.124513][ T8481]  ? __fget_files+0x3a0/0x420
[  165.124539][ T8481]  __sys_sendmmsg+0x227/0x430
[  165.124565][ T8481]  ? __pfx___sys_sendmmsg+0x10/0x10
[  165.124582][ T8481]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  165.124638][ T8481]  ? rcu_is_watching+0x15/0xb0
[  165.124666][ T8481]  __x64_sys_sendmmsg+0xa0/0xc0
[  165.124688][ T8481]  do_syscall_64+0xfa/0x3b0
[  165.124703][ T8481]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.124729][ T8481]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.124746][ T8481]  ? clear_bhb_loop+0x60/0xb0
[  165.124767][ T8481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.124783][ T8481] RIP: 0033:0x7f454838e9a9
[  165.124798][ T8481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.124813][ T8481] RSP: 002b:00007f45491a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  165.124831][ T8481] RAX: ffffffffffffffda RBX: 00007f45485b5fa0 RCX: 00007f454838e9a9
[  165.124844][ T8481] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005
[  165.124855][ T8481] RBP: 00007f45491a8090 R08: 0000000000000000 R09: 0000000000000000
[  165.124865][ T8481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.124875][ T8481] R13: 0000000000000000 R14: 00007f45485b5fa0 R15: 00007ffeb8fd84b8
[  165.124903][ T8481]  </TASK>
[  165.573575][ T8486] bond0: entered promiscuous mode
[  165.578721][ T8486] bond_slave_0: entered promiscuous mode
[  165.584753][ T8486] bond_slave_1: entered promiscuous mode
[  165.593867][ T1106] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  165.602306][ T1106] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.612056][ T1106] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  165.620495][ T1106] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.665795][ T1106] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  165.706679][ T1106] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.752394][ T1106] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  165.762436][ T1106] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.801253][ T8504] netlink: 'syz.2.638': attribute type 1 has an invalid length.
[  165.826050][ T8506] netlink: 24 bytes leftover after parsing attributes in process `syz.0.637'.
[  165.866992][ T8510] netlink: 14 bytes leftover after parsing attributes in process `syz.1.639'.
[  165.892472][ T8504] bond4: entered promiscuous mode
[  165.898520][ T8504] 8021q: adding VLAN 0 to HW filter on device bond4
[  165.923902][ T8508] batadv1: entered promiscuous mode
[  165.931517][ T8508] batadv1: entered allmulticast mode
[  165.941069][ T8508] 8021q: adding VLAN 0 to HW filter on device batadv1
[  165.953360][ T8508] bond4: (slave batadv1): making interface the new active one
[  165.963449][ T8508] bond4: (slave batadv1): Enslaving as an active interface with an up link
[  165.973254][ T8511] macsec0: entered promiscuous mode
[  166.110526][ T8510] bond0 (unregistering): (slave 
1
@ÿ): Releasing backup interface
[  166.122934][ T8510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.132540][ T8510] bond0 (unregistering): Released all slaves
[  166.446253][ T8526] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  166.454099][ T8526] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  166.588476][ T8531] netlink: 'syz.3.645': attribute type 1 has an invalid length.
[  167.245054][ T8553] 8021q: VLANs not supported on vcan0
[  167.617875][ T8569] FAULT_INJECTION: forcing a failure.
[  167.617875][ T8569] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  167.677573][ T8569] CPU: 0 UID: 0 PID: 8569 Comm: syz.0.656 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  167.677601][ T8569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.677611][ T8569] Call Trace:
[  167.677619][ T8569]  <TASK>
[  167.677627][ T8569]  dump_stack_lvl+0x189/0x250
[  167.677654][ T8569]  ? __pfx____ratelimit+0x10/0x10
[  167.677683][ T8569]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.677704][ T8569]  ? __pfx__printk+0x10/0x10
[  167.677729][ T8569]  ? __might_fault+0xb0/0x130
[  167.677767][ T8569]  should_fail_ex+0x414/0x560
[  167.677790][ T8569]  _copy_from_user+0x2d/0xb0
[  167.677816][ T8569]  ___sys_sendmsg+0x158/0x2a0
[  167.677841][ T8569]  ? __pfx____sys_sendmsg+0x10/0x10
[  167.677899][ T8569]  ? __fget_files+0x2a/0x420
[  167.677916][ T8569]  ? __fget_files+0x3a0/0x420
[  167.677942][ T8569]  __x64_sys_sendmsg+0x19b/0x260
[  167.677967][ T8569]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  167.677998][ T8569]  ? __pfx_ksys_write+0x10/0x10
[  167.678020][ T8569]  ? rcu_is_watching+0x15/0xb0
[  167.678058][ T8569]  ? do_syscall_64+0xbe/0x3b0
[  167.678078][ T8569]  do_syscall_64+0xfa/0x3b0
[  167.678094][ T8569]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.678119][ T8569]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.678137][ T8569]  ? clear_bhb_loop+0x60/0xb0
[  167.678158][ T8569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.678175][ T8569] RIP: 0033:0x7f897678e9a9
[  167.678191][ T8569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.678206][ T8569] RSP: 002b:00007f89776bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  167.678224][ T8569] RAX: ffffffffffffffda RBX: 00007f89769b5fa0 RCX: 00007f897678e9a9
[  167.678237][ T8569] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  167.678248][ T8569] RBP: 00007f89776bc090 R08: 0000000000000000 R09: 0000000000000000
[  167.678259][ T8569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.678269][ T8569] R13: 0000000000000000 R14: 00007f89769b5fa0 R15: 00007fff119b9d58
[  167.678296][ T8569]  </TASK>
[  167.922291][ T8574] __nla_validate_parse: 8 callbacks suppressed
[  167.922307][ T8574] netlink: 56 bytes leftover after parsing attributes in process `syz.3.657'.
[  168.212606][ T8588] gtp0: entered promiscuous mode
[  168.249922][ T8588] gtp0: entered allmulticast mode
[  168.263631][ T8591] netlink: 32 bytes leftover after parsing attributes in process `syz.3.662'.
[  168.381010][ T8595] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  168.433893][ T8595] batman_adv: batadv0: Removing interface: batadv_slave_1
[  168.475059][ T8599] netlink: 4 bytes leftover after parsing attributes in process `syz.3.665'.
[  168.791342][ T8612] netlink: 'syz.2.670': attribute type 4 has an invalid length.
[  168.802427][ T8612] netlink: 1 bytes leftover after parsing attributes in process `syz.2.670'.
[  168.967205][ T8617] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  168.974393][ T8617] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  169.101852][ T8623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.674'.
[  169.174234][ T8622] netlink: 16 bytes leftover after parsing attributes in process `syz.4.675'.
[  169.558864][ T8639] openvswitch: netlink: Key type 251 is out of range max 32
[  169.971741][ T8657] netlink: 'syz.0.685': attribute type 2 has an invalid length.
[  169.990032][ T8657] netlink: 244 bytes leftover after parsing attributes in process `syz.0.685'.
[  170.024461][ T8657] Driver unsupported XDP return value 0 on prog  (id 213) dev N/A, expect packet loss!
[  170.100143][ T8662] sctp: [Deprecated]: syz.2.686 (pid 8662) Use of int in max_burst socket option deprecated.
[  170.100143][ T8662] Use struct sctp_assoc_value instead
[  170.127537][ T8629] netlink: 28 bytes leftover after parsing attributes in process `syz.1.677'.
[  170.147500][ T8629] syzkaller1: entered promiscuous mode
[  170.153150][ T8629] syzkaller1: entered allmulticast mode
[  170.621241][ T8671] netlink: 8 bytes leftover after parsing attributes in process `syz.0.689'.
[  170.632066][ T8671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.689'.
[  170.728179][ T8672] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  170.919318][ T8675] bond4: entered promiscuous mode
[  170.982414][ T8675] 8021q: adding VLAN 0 to HW filter on device bond4
[  171.031225][ T8682] 8021q: VLANs not supported on wg2
[  171.118130][ T8691] netlink: 'syz.0.695': attribute type 3 has an invalid length.
[  171.682294][ T8712] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  172.117411][ T8723] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  172.139080][ T8723] netlink: 'syz.0.703': attribute type 1 has an invalid length.
[  172.242568][ T8723] 8021q: adding VLAN 0 to HW filter on device bond5
[  172.630490][ T8738] bridge2: entered promiscuous mode
[  172.635947][ T8738] bridge2: entered allmulticast mode
[  172.643602][ T8738] team0: Port device bridge2 added
[  172.752086][ T8744] SET target dimension over the limit!
[  172.763000][ T8742] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  172.867177][ T8740] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (6)
[  173.160416][ T8756] __nla_validate_parse: 3 callbacks suppressed
[  173.160432][ T8756] netlink: 112 bytes leftover after parsing attributes in process `syz.1.711'.
[  173.250824][ T8756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.711'.
[  173.291670][ T8738] infiniband syz1: set down
[  173.296444][ T8738] infiniband syz1: added macvlan1
[  173.359469][ T8738] RDS/IB: syz1: added
[  173.364054][ T8738] smc: adding ib device syz1 with port count 1
[  173.370419][ T8738] smc:    ib device syz1 port 1 has pnetid 
[  173.422750][ T8765] FAULT_INJECTION: forcing a failure.
[  173.422750][ T8765] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.437948][ T8765] CPU: 1 UID: 0 PID: 8765 Comm: syz.2.713 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  173.437971][ T8765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.437982][ T8765] Call Trace:
[  173.437990][ T8765]  <TASK>
[  173.437997][ T8765]  dump_stack_lvl+0x189/0x250
[  173.438022][ T8765]  ? __pfx____ratelimit+0x10/0x10
[  173.438048][ T8765]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.438068][ T8765]  ? __pfx__printk+0x10/0x10
[  173.438091][ T8765]  ? __might_fault+0xb0/0x130
[  173.438124][ T8765]  should_fail_ex+0x414/0x560
[  173.438144][ T8765]  _copy_from_iter+0x1db/0x16f0
[  173.438174][ T8765]  ? rcu_is_watching+0x15/0xb0
[  173.438194][ T8765]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  173.438216][ T8765]  ? __pfx__copy_from_iter+0x10/0x10
[  173.438235][ T8765]  ? __build_skb_around+0x257/0x3e0
[  173.438254][ T8765]  ? netlink_sendmsg+0x642/0xb30
[  173.438270][ T8765]  ? skb_put+0x11b/0x210
[  173.438290][ T8765]  netlink_sendmsg+0x6b2/0xb30
[  173.438315][ T8765]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.438335][ T8765]  ? aa_sock_msg_perm+0x94/0x160
[  173.438355][ T8765]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  173.438374][ T8765]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.438392][ T8765]  __sock_sendmsg+0x219/0x270
[  173.438420][ T8765]  ____sys_sendmsg+0x505/0x830
[  173.438465][ T8765]  ? __pfx_____sys_sendmsg+0x10/0x10
[  173.438499][ T8765]  ? import_iovec+0x74/0xa0
[  173.438531][ T8765]  ___sys_sendmsg+0x21f/0x2a0
[  173.438557][ T8765]  ? __pfx____sys_sendmsg+0x10/0x10
[  173.438621][ T8765]  ? __fget_files+0x2a/0x420
[  173.438638][ T8765]  ? __fget_files+0x3a0/0x420
[  173.438669][ T8765]  __x64_sys_sendmsg+0x19b/0x260
[  173.438695][ T8765]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  173.438731][ T8765]  ? __pfx_ksys_write+0x10/0x10
[  173.438755][ T8765]  ? rcu_is_watching+0x15/0xb0
[  173.438784][ T8765]  ? do_syscall_64+0xbe/0x3b0
[  173.438809][ T8765]  do_syscall_64+0xfa/0x3b0
[  173.438826][ T8765]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.438857][ T8765]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.438877][ T8765]  ? clear_bhb_loop+0x60/0xb0
[  173.438902][ T8765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.438923][ T8765] RIP: 0033:0x7f454838e9a9
[  173.438941][ T8765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.438958][ T8765] RSP: 002b:00007f45491a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.438979][ T8765] RAX: ffffffffffffffda RBX: 00007f45485b5fa0 RCX: 00007f454838e9a9
[  173.438994][ T8765] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  173.439006][ T8765] RBP: 00007f45491a8090 R08: 0000000000000000 R09: 0000000000000000
[  173.439019][ T8765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.439030][ T8765] R13: 0000000000000000 R14: 00007f45485b5fa0 R15: 00007ffeb8fd84b8
[  173.439063][ T8765]  </TASK>
[  173.986852][ T8770] netlink: 'syz.2.715': attribute type 2 has an invalid length.
[  174.042670][ T5901] IPVS: starting estimator thread 0...
[  174.164660][ T8772] IPVS: using max 28 ests per chain, 67200 per kthread
[  174.452651][ T8779] netlink: 596 bytes leftover after parsing attributes in process `syz.3.716'.
[  174.835658][ T8786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'.
[  174.876059][ T8786] 8021q: VLANs not supported on bond0
[  175.113875][ T8790] netlink: 408 bytes leftover after parsing attributes in process `syz.2.721'.
[  175.518509][ T8799] netlink: 'syz.2.724': attribute type 13 has an invalid length.
[  175.546809][ T8801] ieee802154 phy0 wpan0: encryption failed: -22
[  175.554316][ T8799] netlink: 'syz.2.724': attribute type 17 has an invalid length.
[  175.563507][ T8801] ieee802154 phy0 wpan0: encryption failed: -22
[  175.650855][ T8803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.724'.
[  175.792713][ T8799] bridge0: left promiscuous mode
[  175.825349][ T8809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.848695][ T8799] 8021q: adding VLAN 0 to HW filter on device bond0
[  175.860225][ T8799] 8021q: adding VLAN 0 to HW filter on device team0
[  175.900669][ T8799] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  175.927169][ T8809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  176.102048][ T8803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  176.430930][ T8824] x_tables: duplicate underflow at hook 1
[  176.702238][   T12] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x31
[  177.473913][ T8851] netlink: 14 bytes leftover after parsing attributes in process `syz.4.734'.
[  177.483743][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.735'.
[  177.502372][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.735'.
[  177.552419][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.735'.
[  177.572323][ T8855] 0ªî{X¹¦: left allmulticast mode
[  177.589709][ T8855] erspan0: left allmulticast mode
[  177.623050][ T8855] veth1_to_team: left allmulticast mode
[  177.698122][ T8855] veth3: left promiscuous mode
[  177.712079][ T8855] gtp0: left promiscuous mode
[  177.721090][ T8855] gtp0: left allmulticast mode
[  177.754146][ T8851] hsr_slave_0: left promiscuous mode
[  177.769900][ T8851] hsr_slave_1: left promiscuous mode
[  178.131959][ T8858] 8021q: adding VLAN 0 to HW filter on device bond6
[  178.148372][ T6025] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  178.173728][ T8864] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  178.183357][ T8864] bond6: (slave macvlan2): Enslaving as a backup interface with an up link
[  178.298222][ T8872] veth7: entered promiscuous mode
[  178.303578][ T6025] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  178.325647][ T6025] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  178.371867][   T36] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  178.458951][ T8878] sock: sock_timestamping_bind_phc: sock not bind to device
[  178.784597][ T8886] netlink: 'syz.3.743': attribute type 12 has an invalid length.
[  178.792439][ T8886] netlink: 'syz.3.743': attribute type 29 has an invalid length.
[  178.821005][ T8886] __nla_validate_parse: 86 callbacks suppressed
[  178.821595][ T8886] netlink: 148 bytes leftover after parsing attributes in process `syz.3.743'.
[  178.871986][ T8886] netlink: 'syz.3.743': attribute type 2 has an invalid length.
[  178.893007][ T8891] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  178.990274][ T8897] netlink: 'syz.3.747': attribute type 5 has an invalid length.
[  179.245284][ T8905] macsec1: entered promiscuous mode
[  179.245592][ T8906] netlink: 16 bytes leftover after parsing attributes in process `syz.3.749'.
[  179.250523][ T8905] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  179.323795][ T8908] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  179.336610][ T8905] macsec1: entered allmulticast mode
[  179.341922][ T8905] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  179.431929][ T8911] netlink: 'syz.4.751': attribute type 11 has an invalid length.
[  179.442797][ T8911] netlink: 244 bytes leftover after parsing attributes in process `syz.4.751'.
[  179.678682][ T8914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.752'.
[  179.692989][ T8919] netlink: 32 bytes leftover after parsing attributes in process `syz.2.753'.
[  179.706273][ T8914] pim6reg1: entered promiscuous mode
[  179.711774][ T8914] pim6reg1: entered allmulticast mode
[  180.603610][ T8943] veth1_to_bond: entered allmulticast mode
[  181.768203][ T8962] netlink: 432 bytes leftover after parsing attributes in process `syz.1.767'.
[  181.782415][ T8962] netlink: 7728 bytes leftover after parsing attributes in process `syz.1.767'.
[  181.882312][ T8966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.768'.
[  181.892036][ T8966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.768'.
[  182.811259][ T8960] FAULT_INJECTION: forcing a failure.
[  182.811259][ T8960] name failslab, interval 1, probability 0, space 0, times 0
[  182.828420][ T8960] CPU: 1 UID: 0 PID: 8960 Comm: syz.2.766 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  182.828465][ T8960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.828478][ T8960] Call Trace:
[  182.828486][ T8960]  <TASK>
[  182.828495][ T8960]  dump_stack_lvl+0x189/0x250
[  182.828526][ T8960]  ? __pfx____ratelimit+0x10/0x10
[  182.828558][ T8960]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.828583][ T8960]  ? __pfx__printk+0x10/0x10
[  182.828617][ T8960]  ? __pfx___might_resched+0x10/0x10
[  182.828641][ T8960]  ? fs_reclaim_acquire+0x7d/0x100
[  182.828667][ T8960]  should_fail_ex+0x414/0x560
[  182.828693][ T8960]  should_failslab+0xa8/0x100
[  182.828726][ T8960]  __kmalloc_noprof+0xcb/0x4f0
[  182.828754][ T8960]  ? rtm_new_nexthop+0x1b77/0x7eb0
[  182.828782][ T8960]  rtm_new_nexthop+0x1b77/0x7eb0
[  182.828827][ T8960]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  182.828867][ T8960]  ? kasan_quarantine_put+0xdd/0x220
[  182.828893][ T8960]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.828931][ T8960]  ? nlmon_xmit+0xb0/0x100
[  182.828958][ T8960]  ? kmem_cache_free+0x18f/0x400
[  182.828995][ T8960]  ? __local_bh_enable_ip+0x12d/0x1c0
[  182.829019][ T8960]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.829050][ T8960]  ? __local_bh_enable_ip+0x12d/0x1c0
[  182.829072][ T8960]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  182.829117][ T8960]  ? __lock_acquire+0xab9/0xd20
[  182.829166][ T8960]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  182.829188][ T8960]  rtnetlink_rcv_msg+0x7cc/0xb70
[  182.829224][ T8960]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  182.829255][ T8960]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.829285][ T8960]  ? ref_tracker_free+0x63a/0x7d0
[  182.829308][ T8960]  ? __asan_memcpy+0x40/0x70
[  182.829331][ T8960]  ? __pfx_ref_tracker_free+0x10/0x10
[  182.829374][ T8960]  netlink_rcv_skb+0x208/0x470
[  182.829408][ T8960]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.829447][ T8960]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  182.829493][ T8960]  ? netlink_deliver_tap+0x2e/0x1b0
[  182.829535][ T8960]  netlink_unicast+0x82f/0x9e0
[  182.829575][ T8960]  ? __pfx_netlink_unicast+0x10/0x10
[  182.829618][ T8960]  ? netlink_sendmsg+0x642/0xb30
[  182.829635][ T8960]  ? skb_put+0x11b/0x210
[  182.829670][ T8960]  netlink_sendmsg+0x805/0xb30
[  182.829695][ T8960]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.829716][ T8960]  ? aa_sock_msg_perm+0x94/0x160
[  182.829736][ T8960]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  182.829755][ T8960]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.829773][ T8960]  __sock_sendmsg+0x219/0x270
[  182.829801][ T8960]  ____sys_sendmsg+0x505/0x830
[  182.829827][ T8960]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.829856][ T8960]  ? import_iovec+0x74/0xa0
[  182.829883][ T8960]  ___sys_sendmsg+0x21f/0x2a0
[  182.829906][ T8960]  ? __pfx____sys_sendmsg+0x10/0x10
[  182.829962][ T8960]  ? __fget_files+0x2a/0x420
[  182.829977][ T8960]  ? __fget_files+0x3a0/0x420
[  182.830003][ T8960]  __x64_sys_sendmsg+0x19b/0x260
[  182.830027][ T8960]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  182.830057][ T8960]  ? __pfx_ksys_write+0x10/0x10
[  182.830078][ T8960]  ? rcu_is_watching+0x15/0xb0
[  182.830104][ T8960]  ? do_syscall_64+0xbe/0x3b0
[  182.830125][ T8960]  do_syscall_64+0xfa/0x3b0
[  182.830140][ T8960]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.830165][ T8960]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.830182][ T8960]  ? clear_bhb_loop+0x60/0xb0
[  182.830203][ T8960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.830220][ T8960] RIP: 0033:0x7f454838e9a9
[  182.830236][ T8960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.830250][ T8960] RSP: 002b:00007f45491a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.830268][ T8960] RAX: ffffffffffffffda RBX: 00007f45485b5fa0 RCX: 00007f454838e9a9
[  182.830281][ T8960] RDX: 0000000004000080 RSI: 0000200000000300 RDI: 0000000000000003
[  182.830290][ T8960] RBP: 00007f45491a8090 R08: 0000000000000000 R09: 0000000000000000
[  182.830299][ T8960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.830307][ T8960] R13: 0000000000000000 R14: 00007f45485b5fa0 R15: 00007ffeb8fd84b8
[  182.830329][ T8960]  </TASK>
[  183.405999][ T8942] veth1_to_bond: left allmulticast mode
[  183.547375][ T8991] syzkaller1: entered promiscuous mode
[  183.565418][ T8982] netlink: 20 bytes leftover after parsing attributes in process `syz.4.771'.
[  183.574344][ T8991] syzkaller1: entered allmulticast mode
[  183.907055][ T9014] netlink: 'syz.2.779': attribute type 1 has an invalid length.
[  183.951736][ T9014] __nla_validate_parse: 1 callbacks suppressed
[  183.951752][ T9014] netlink: 24 bytes leftover after parsing attributes in process `syz.2.779'.
[  184.014339][ T9019] netlink: 'syz.0.778': attribute type 1 has an invalid length.
[  184.033665][ T9019] netlink: 16110 bytes leftover after parsing attributes in process `syz.0.778'.
[  184.571761][ T9043] netlink: 20 bytes leftover after parsing attributes in process `syz.3.789'.
[  185.208661][ T9065] IPVS: stopping backup sync thread 7159 ...
[  185.837124][ T9098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.805'.
[  185.942751][ T9092] netlink: 596 bytes leftover after parsing attributes in process `syz.0.804'.
[  186.131302][ T9104] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  186.145327][ T9105] syzkaller0: entered promiscuous mode
[  186.159853][ T9105] syzkaller0: entered allmulticast mode
[  186.173917][ T9104] tipc: Resetting bearer <eth:syzkaller0>
[  186.183787][ T9104] syzkaller0: tun_net_xmit 90
[  186.195488][ T9103] tipc: Resetting bearer <eth:syzkaller0>
[  186.213555][ T9103] tipc: Disabling bearer <eth:syzkaller0>
[  186.350432][ T9107] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  186.518108][ T9108] FAULT_INJECTION: forcing a failure.
[  186.518108][ T9108] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.546548][ T9108] CPU: 1 UID: 0 PID: 9108 Comm: syz.3.807 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  186.546572][ T9108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.546580][ T9108] Call Trace:
[  186.546586][ T9108]  <TASK>
[  186.546591][ T9108]  dump_stack_lvl+0x189/0x250
[  186.546609][ T9108]  ? __pfx____ratelimit+0x10/0x10
[  186.546629][ T9108]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.546644][ T9108]  ? __pfx__printk+0x10/0x10
[  186.546661][ T9108]  ? __might_fault+0xb0/0x130
[  186.546685][ T9108]  should_fail_ex+0x414/0x560
[  186.546701][ T9108]  _copy_from_user+0x2d/0xb0
[  186.546719][ T9108]  ___sys_sendmsg+0x158/0x2a0
[  186.546736][ T9108]  ? __pfx____sys_sendmsg+0x10/0x10
[  186.546773][ T9108]  ? __fget_files+0x2a/0x420
[  186.546783][ T9108]  ? __fget_files+0x3a0/0x420
[  186.546800][ T9108]  __x64_sys_sendmsg+0x19b/0x260
[  186.546818][ T9108]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  186.546839][ T9108]  ? __pfx_ksys_write+0x10/0x10
[  186.546854][ T9108]  ? rcu_is_watching+0x15/0xb0
[  186.546872][ T9108]  ? do_syscall_64+0xbe/0x3b0
[  186.546887][ T9108]  do_syscall_64+0xfa/0x3b0
[  186.546897][ T9108]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.546915][ T9108]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.546927][ T9108]  ? clear_bhb_loop+0x60/0xb0
[  186.546943][ T9108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.546955][ T9108] RIP: 0033:0x7f1eb358e9a9
[  186.546966][ T9108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.546977][ T9108] RSP: 002b:00007f1eb4376038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.546990][ T9108] RAX: ffffffffffffffda RBX: 00007f1eb37b6080 RCX: 00007f1eb358e9a9
[  186.546999][ T9108] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 0000000000000010
[  186.547007][ T9108] RBP: 00007f1eb4376090 R08: 0000000000000000 R09: 0000000000000000
[  186.547014][ T9108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.547022][ T9108] R13: 0000000000000000 R14: 00007f1eb37b6080 R15: 00007ffdcccc6e48
[  186.547040][ T9108]  </TASK>
[  187.023148][ T9111] netlink: 'syz.0.808': attribute type 4 has an invalid length.
[  187.307740][ T9120] !
: renamed from dummy0
[  188.085345][ T9151] sctp: [Deprecated]: syz.1.817 (pid 9151) Use of struct sctp_assoc_value in delayed_ack socket option.
[  188.085345][ T9151] Use struct sctp_sack_info instead
[  188.160692][ T9155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.819'.
[  188.241976][ T9160] netlink: 596 bytes leftover after parsing attributes in process `syz.2.818'.
[  189.713789][ T9203] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.762796][ T9204] netlink: 12 bytes leftover after parsing attributes in process `syz.0.829'.
[  190.809267][ T9211] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.832'.
[  190.984375][ T9225] netlink: 8 bytes leftover after parsing attributes in process `syz.2.836'.
[  190.996374][ T9226] netlink: 596 bytes leftover after parsing attributes in process `syz.4.834'.
[  191.279698][ T9238] netlink: 40 bytes leftover after parsing attributes in process `syz.2.839'.
[  191.599336][ T9250] netlink: 'syz.1.843': attribute type 1 has an invalid length.
[  191.624532][ T9250] netlink: 224 bytes leftover after parsing attributes in process `syz.1.843'.
[  192.100384][ T9272] netlink: 'syz.3.851': attribute type 303 has an invalid length.
[  192.174139][ T9272] ieee802154 phy0 wpan0: encryption failed: -22
[  192.398081][ T9290] tun0: tun_chr_ioctl cmd 1074812117
[  192.434481][ T9297] !
: renamed from dummy0 (while UP)
[  192.788184][ T9312] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  192.798605][ T9319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.862'.
[  192.834295][ T9312] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  193.186613][ T9344] netlink: 24 bytes leftover after parsing attributes in process `syz.4.866'.
[  193.625226][ T9359] netlink: 36 bytes leftover after parsing attributes in process `syz.2.870'.
[  193.770724][ T9365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.872'.
[  193.865340][ T9365] syzkaller0: entered promiscuous mode
[  193.890307][ T9365] syzkaller0: entered allmulticast mode
[  194.030599][ T9360] lo speed is unknown, defaulting to 1000
[  194.063777][ T9360] lo speed is unknown, defaulting to 1000
[  194.096913][ T9360] lo speed is unknown, defaulting to 1000
[  194.108730][ T9360] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  194.127856][ T9360] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  194.136041][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.173682][ T9360] lo speed is unknown, defaulting to 1000
[  194.182512][ T9360] lo speed is unknown, defaulting to 1000
[  194.243173][ T9360] lo speed is unknown, defaulting to 1000
[  194.369837][ T9360] lo speed is unknown, defaulting to 1000
[  194.389957][ T9360] lo speed is unknown, defaulting to 1000
[  194.405678][ T9360] lo speed is unknown, defaulting to 1000
[  195.786639][ T9389] xt_nat: multiple ranges no longer supported
[  195.983804][ T9392] netlink: 'syz.1.878': attribute type 10 has an invalid length.
[  196.101781][ T9388] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  196.148532][ T9395] __nla_validate_parse: 3 callbacks suppressed
[  196.148551][ T9395] netlink: 24 bytes leftover after parsing attributes in process `syz.4.879'.
[  196.178660][ T9392] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  196.528610][ T9409] netlink: 8 bytes leftover after parsing attributes in process `syz.1.882'.
[  196.622252][ T9410] netlink: 28 bytes leftover after parsing attributes in process `syz.3.883'.
[  196.731766][ T9413] netlink: 'syz.4.884': attribute type 4 has an invalid length.
[  196.759406][ T9383] lo speed is unknown, defaulting to 1000
[  196.805761][ T9418] netlink: 24 bytes leftover after parsing attributes in process `syz.3.885'.
[  197.123780][ T9425] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  197.245490][ T9401] lo speed is unknown, defaulting to 1000
[  197.477790][ T9435] netlink: 4 bytes leftover after parsing attributes in process `syz.1.890'.
[  197.524664][ T9435] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.537113][ T9435] batman_adv: batadv0: Removing interface: batadv_slave_1
[  197.555778][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.890'.
[  198.150788][ T9458] veth7: entered promiscuous mode
[  198.179295][ T9459] ip6tnl2: entered promiscuous mode
[  198.185299][ T9459] ip6tnl2: entered allmulticast mode
[  198.790787][ T9471] lo speed is unknown, defaulting to 1000
[  199.150648][ T9488] netlink: 'syz.4.901': attribute type 4 has an invalid length.
[  199.358721][ T9499] wireguard1: entered promiscuous mode
[  199.389164][ T9499] wireguard1: entered allmulticast mode
[  199.420159][ T9482] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.431915][ T9506] openvswitch: netlink: IP tunnel dst address not specified
[  199.512845][ T9508] netlink: 24 bytes leftover after parsing attributes in process `syz.3.908'.
[  200.001546][ T9526] netlink: 132 bytes leftover after parsing attributes in process `syz.4.913'.
[  200.166047][ T9528] netlink: 20 bytes leftover after parsing attributes in process `syz.4.914'.
[  200.283361][ T9521] lo speed is unknown, defaulting to 1000
[  200.452939][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.917'.
[  201.208291][ T9570] __nla_validate_parse: 3 callbacks suppressed
[  201.208307][ T9570] netlink: 20 bytes leftover after parsing attributes in process `syz.1.927'.
[  201.223827][ T9571] netlink: 24 bytes leftover after parsing attributes in process `syz.2.924'.
[  202.079712][ T9607] netlink: 24 bytes leftover after parsing attributes in process `syz.2.935'.
[  202.245347][ T9614] netlink: 24 bytes leftover after parsing attributes in process `syz.3.939'.
[  202.262652][ T9621] netlink: 16 bytes leftover after parsing attributes in process `syz.2.941'.
[  202.280385][ T9621] sctp: [Deprecated]: syz.2.941 (pid 9621) Use of int in max_burst socket option.
[  202.280385][ T9621] Use struct sctp_assoc_value instead
[  202.408508][ T9628] netlink: 40 bytes leftover after parsing attributes in process `syz.3.944'.
[  202.450979][ T9630] unknown channel width for channel at 909000KHz?
[  202.541103][ T9635] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:20001
[  202.552551][ T9635] IPVS: set_ctl: invalid protocol: 41 0.0.0.0:20001
[  202.591991][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056af1000: rx timeout, send abort
[  202.651865][ T9642] gtp1: entered promiscuous mode
[  202.671438][ T9643] pimreg: entered allmulticast mode
[  202.730802][ T9643] pimreg: left allmulticast mode
[  202.819044][ T9650] bridge4: entered promiscuous mode
[  202.849541][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.954'.
[  202.861066][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.954'.
[  202.878073][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.954'.
[  202.887313][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.954'.
[  203.097990][ T5937] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  203.106132][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056af1000: abort rx timeout. Force session deactivation
[  203.123131][ T5937] hid-generic 0005:16C0:5505.0001: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa
[  203.145014][ T9661] x_tables: duplicate entry at hook 1
[  203.317979][ T9666] fido_id[9666]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  203.770254][ T9694] veth9: entered promiscuous mode
[  204.048586][ T9705] netlink: 'syz.1.969': attribute type 8 has an invalid length.
[  204.080306][ T9712] macsec1: entered promiscuous mode
[  204.097203][ T9712] macsec1: entered allmulticast mode
[  204.946656][ T9739] lo speed is unknown, defaulting to 1000
[  205.700587][ T9783] FAULT_INJECTION: forcing a failure.
[  205.700587][ T9783] name failslab, interval 1, probability 0, space 0, times 0
[  205.721661][ T9783] CPU: 1 UID: 0 PID: 9783 Comm: syz.4.995 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  205.721686][ T9783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  205.721696][ T9783] Call Trace:
[  205.721702][ T9783]  <TASK>
[  205.721709][ T9783]  dump_stack_lvl+0x189/0x250
[  205.721732][ T9783]  ? __pfx____ratelimit+0x10/0x10
[  205.721756][ T9783]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.721774][ T9783]  ? __pfx__printk+0x10/0x10
[  205.721800][ T9783]  ? __pfx___might_resched+0x10/0x10
[  205.721817][ T9783]  ? fs_reclaim_acquire+0x7d/0x100
[  205.721836][ T9783]  should_fail_ex+0x414/0x560
[  205.721857][ T9783]  should_failslab+0xa8/0x100
[  205.721881][ T9783]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  205.721902][ T9783]  ? __d_alloc+0x31/0x6f0
[  205.721923][ T9783]  __d_alloc+0x31/0x6f0
[  205.721944][ T9783]  d_alloc_parallel+0xe0/0x14e0
[  205.721972][ T9783]  ? __lock_acquire+0xab9/0xd20
[  205.721993][ T9783]  ? __pfx_d_alloc_parallel+0x10/0x10
[  205.722015][ T9783]  ? __raw_spin_lock_init+0x45/0x100
[  205.722038][ T9783]  ? __init_waitqueue_head+0xa9/0x150
[  205.722065][ T9783]  __lookup_slow+0x116/0x3d0
[  205.722084][ T9783]  ? __pfx___lookup_slow+0x10/0x10
[  205.722110][ T9783]  ? d_lookup+0x8a/0xa0
[  205.722135][ T9783]  ? lookup_noperm+0x112/0x220
[  205.722155][ T9783]  start_creating+0x22e/0x3c0
[  205.722178][ T9783]  ? __pfx_start_creating+0x10/0x10
[  205.722199][ T9783]  ? snprintf+0xda/0x120
[  205.722224][ T9783]  __debugfs_create_file+0x79/0x4f0
[  205.722249][ T9783]  debugfs_create_file_full+0x3f/0x60
[  205.722272][ T9783]  ref_tracker_dir_debugfs+0x14e/0x270
[  205.722289][ T9783]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  205.722329][ T9783]  ? rcu_is_watching+0x15/0xb0
[  205.722346][ T9783]  ? alloc_netdev_mqs+0xa3/0x1170
[  205.722370][ T9783]  ? __raw_spin_lock_init+0x45/0x100
[  205.722395][ T9783]  alloc_netdev_mqs+0x26f/0x1170
[  205.722413][ T9783]  ? __pfx_veth_setup+0x10/0x10
[  205.722436][ T9783]  rtnl_create_link+0x31f/0xd10
[  205.722462][ T9783]  rtnl_newlink_create+0x25c/0xb00
[  205.722485][ T9783]  ? __pfx_aa_get_newest_label+0x10/0x10
[  205.722508][ T9783]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  205.722523][ T9783]  ? rtnl_newlink+0x8db/0x1c70
[  205.722539][ T9783]  ? __pfx___mutex_lock+0x10/0x10
[  205.722562][ T9783]  ? ns_capable+0x8a/0xf0
[  205.722583][ T9783]  rtnl_newlink+0x16d6/0x1c70
[  205.722611][ T9783]  ? __pfx_rtnl_newlink+0x10/0x10
[  205.722632][ T9783]  ? is_bpf_text_address+0x26/0x2b0
[  205.722705][ T9783]  ? __lock_acquire+0xab9/0xd20
[  205.722742][ T9783]  ? __pfx_rtnl_newlink+0x10/0x10
[  205.722756][ T9783]  rtnetlink_rcv_msg+0x7cc/0xb70
[  205.722779][ T9783]  ? __lock_acquire+0xab9/0xd20
[  205.722795][ T9783]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  205.722818][ T9783]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  205.722856][ T9783]  netlink_rcv_skb+0x208/0x470
[  205.722878][ T9783]  ? __lock_acquire+0xab9/0xd20
[  205.722893][ T9783]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  205.722918][ T9783]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  205.722952][ T9783]  ? netlink_deliver_tap+0x2e/0x1b0
[  205.722983][ T9783]  netlink_unicast+0x82f/0x9e0
[  205.723011][ T9783]  ? __pfx_netlink_unicast+0x10/0x10
[  205.723035][ T9783]  ? netlink_sendmsg+0x642/0xb30
[  205.723047][ T9783]  ? skb_put+0x11b/0x210
[  205.723066][ T9783]  netlink_sendmsg+0x805/0xb30
[  205.723088][ T9783]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.723106][ T9783]  ? aa_sock_msg_perm+0x94/0x160
[  205.723127][ T9783]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  205.723143][ T9783]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.723158][ T9783]  __sock_sendmsg+0x219/0x270
[  205.723182][ T9783]  ____sys_sendmsg+0x505/0x830
[  205.723204][ T9783]  ? __pfx_____sys_sendmsg+0x10/0x10
[  205.723229][ T9783]  ? import_iovec+0x74/0xa0
[  205.723253][ T9783]  ___sys_sendmsg+0x21f/0x2a0
[  205.723273][ T9783]  ? __pfx____sys_sendmsg+0x10/0x10
[  205.723321][ T9783]  ? __fget_files+0x2a/0x420
[  205.723334][ T9783]  ? __fget_files+0x3a0/0x420
[  205.723356][ T9783]  __x64_sys_sendmsg+0x19b/0x260
[  205.723377][ T9783]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  205.723403][ T9783]  ? __pfx_ksys_write+0x10/0x10
[  205.723421][ T9783]  ? rcu_is_watching+0x15/0xb0
[  205.723443][ T9783]  ? do_syscall_64+0xbe/0x3b0
[  205.723460][ T9783]  do_syscall_64+0xfa/0x3b0
[  205.723473][ T9783]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.723495][ T9783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.723510][ T9783]  ? clear_bhb_loop+0x60/0xb0
[  205.723529][ T9783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.723543][ T9783] RIP: 0033:0x7fe53758e9a9
[  205.723557][ T9783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.723570][ T9783] RSP: 002b:00007fe53847a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.723586][ T9783] RAX: ffffffffffffffda RBX: 00007fe5377b5fa0 RCX: 00007fe53758e9a9
[  205.723597][ T9783] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000003
[  205.723607][ T9783] RBP: 00007fe53847a090 R08: 0000000000000000 R09: 0000000000000000
[  205.723616][ T9783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.723625][ T9783] R13: 0000000000000000 R14: 00007fe5377b5fa0 R15: 00007fff81072658
[  205.723650][ T9783]  </TASK>
[  206.307829][ T9783] veth3: entered promiscuous mode
[  206.325748][ T9759] pimreg: entered allmulticast mode
[  206.339502][ T9784] pimreg: left allmulticast mode
[  206.445017][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  206.445643][ T5859] Bluetooth: hci3: command 0x0406 tx timeout
[  206.451056][ T5857] Bluetooth: hci2: command 0x0406 tx timeout
[  206.703152][ T9799] sch_tbf: burst 0 is lower than device batadv_slave_0 mtu (1514) !
[  206.754213][ T9803] __nla_validate_parse: 3 callbacks suppressed
[  206.754229][ T9803] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1000'.
[  206.774204][ T9803] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1000'.
[  206.774344][ T9802] netlink: 12 bytes leftover after parsing attributes in process `syz.0.998'.
[  206.889878][ T9767] lo speed is unknown, defaulting to 1000
[  206.901759][ T9752] lo speed is unknown, defaulting to 1000
[  207.866256][ T9808] lo speed is unknown, defaulting to 1000
[  208.245543][ T9837] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  208.394013][ T9839] vlan2: entered promiscuous mode
[  208.403138][ T9845] xt_socket: unknown flags 0x8
[  208.409453][ T9843] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1012'.
[  208.423049][ T9839] bridge0: entered promiscuous mode
[  208.430593][ T9839] vlan2: entered allmulticast mode
[  208.454793][ T9839] bridge0: entered allmulticast mode
[  208.475666][ T9845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1014'.
[  208.704782][ T9830] lo speed is unknown, defaulting to 1000
[  208.782554][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  208.804125][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.060849][ T9856] veth11: entered promiscuous mode
[  209.364677][ T9871] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1022'.
[  209.667219][ T9881] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1026'.
[  209.933132][ T9849] lo speed is unknown, defaulting to 1000
[  209.995637][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1015'.
[  210.108139][ T9883] netlink: 'syz.3.1021': attribute type 6 has an invalid length.
[  210.706804][ T9903] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1032'.
[  210.760351][ T9902] veth3: entered promiscuous mode
[  210.889774][ T9868] lo speed is unknown, defaulting to 1000
[  211.097026][ T9917] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1037'.
[  211.768420][ T9940] __nla_validate_parse: 1 callbacks suppressed
[  211.768455][ T9940] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1043'.
[  212.134339][ T9946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1045'.
[  212.168142][ T9946] IPVS: length: 209 != 24
[  212.294279][ T9953] netlink: 'syz.3.1048': attribute type 11 has an invalid length.
[  212.303451][ T9953] netlink: 'syz.3.1048': attribute type 4 has an invalid length.
[  212.312174][ T9953] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1048'.
[  212.377344][ T9958] netlink: 'syz.3.1048': attribute type 11 has an invalid length.
[  212.425793][ T9958] netlink: 'syz.3.1048': attribute type 4 has an invalid length.
[  212.471903][ T9958] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1048'.
[  212.521118][ T9967] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1051'.
[  213.128264][ T9964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  213.169718][ T9971] lo speed is unknown, defaulting to 1000
[  213.423548][ T9991] openvswitch: netlink: Key 3 has unexpected len 8 expected 4
[  213.433451][ T9991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  213.445627][ T9991] netlink: 'syz.4.1058': attribute type 58 has an invalid length.
[  213.471810][ T9993] netlink: 'syz.3.1059': attribute type 1 has an invalid length.
[  213.613175][ T9999] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1059'.
[  213.658823][ T9993] bond2: (slave geneve2): making interface the new active one
[  213.688076][ T9993] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  213.709550][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  213.743265][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  213.765587][ T9999] 8021q: adding VLAN 0 to HW filter on device bond2
[  213.797550][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  213.847914][   T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  214.080174][T10006] netlink: 'syz.2.1063': attribute type 1 has an invalid length.
[  214.083726][T10008] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1064'.
[  214.102104][T10006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1063'.
[  214.149263][T10006] netlink: 'syz.2.1063': attribute type 12 has an invalid length.
[  214.444485][T10019] veth0_to_bridge: entered promiscuous mode
[  214.498708][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.534067][T10018] veth0_to_bridge: left promiscuous mode
[  214.543694][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  214.632268][T10029] x_tables: duplicate underflow at hook 2
[  214.632305][T10030] x_tables: duplicate underflow at hook 2
[  214.683603][T10033] !
: renamed from dummy0
[  214.924692][T10045] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1072'.
[  214.942750][T10043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1073'.
[  215.136496][T10015] lo speed is unknown, defaulting to 1000
[  215.322206][T10053] x_tables: duplicate underflow at hook 2
[  215.342214][T10043] lo speed is unknown, defaulting to 1000
[  215.580485][T10058] C: renamed from team_slave_0
[  215.599444][T10058] netlink: 'syz.3.1077': attribute type 1 has an invalid length.
[  215.609571][T10058] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  215.678733][T10058] macvlan0: entered allmulticast mode
[  216.544152][T10092] netlink: 'syz.2.1088': attribute type 21 has an invalid length.
[  216.627971][T10097] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  217.715661][T10119] 8021q: adding VLAN 0 to HW filter on device bond3
[  217.754650][T10119] bridge0: port 3(bond3) entered blocking state
[  217.790048][T10126] __nla_validate_parse: 7 callbacks suppressed
[  217.790063][T10126] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1094'.
[  217.798686][T10119] bridge0: port 3(bond3) entered disabled state
[  217.812461][T10119] bond3: entered allmulticast mode
[  217.826759][T10119] bond3: entered promiscuous mode
[  217.832811][T10126] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1094'.
[  218.293870][T10154] netlink: 83 bytes leftover after parsing attributes in process `syz.4.1100'.
[  218.300986][T10106] lo speed is unknown, defaulting to 1000
[  218.381091][T10156] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1101'.
[  218.631013][T10171] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  218.897983][T10182] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1109'.
[  218.907631][T10182] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1109'.
[  218.923067][T10183] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1108'.
[  218.934075][T10183] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1108'.
[  219.001928][T10188] netlink: 'syz.0.1106': attribute type 4 has an invalid length.
[  219.051309][T10186] can: request_module (can-proto-0) failed.
[  219.166063][ T5901] lo speed is unknown, defaulting to 1000
[  219.195144][ T5901] syz2: Port: 1 Link DOWN
[  219.580678][T10219] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1119'.
[  219.713278][T10226] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1121'.
[  219.823259][T10236] geneve3: entered promiscuous mode
[  219.835788][   T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.882188][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.909890][T10233] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  219.936585][T10233] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.965799][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  219.974270][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.009863][T10245] veth13: entered promiscuous mode
[  220.025969][T10233] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  220.043098][T10233] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.132145][T10233] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  220.143081][T10233] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.224053][T10233] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  220.238162][T10233] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.290110][T10254] netlink: 'syz.1.1129': attribute type 1 has an invalid length.
[  220.353922][   T60] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  220.370122][   T60] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  220.390321][   T60] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  220.400202][   T60] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  220.442543][ T1106] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  220.464526][ T1106] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.494052][   T13] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  220.504357][   T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.597737][T10238] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  220.630219][T10238] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.656395][   T13] ==================================================================
[  220.664512][   T13] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80
[  220.671989][   T13] Read of size 8 at addr ffff8880274252b0 by task kworker/u8:1/13
[  220.679804][   T13] 
[  220.682140][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  220.682164][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  220.682177][   T13] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  220.682209][   T13] Call Trace:
[  220.682216][   T13]  <TASK>
[  220.682223][   T13]  dump_stack_lvl+0x189/0x250
[  220.682245][   T13]  ? __kasan_check_byte+0x12/0x40
[  220.682271][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  220.682292][   T13]  ? lock_release+0x4b/0x3e0
[  220.682313][   T13]  ? __virt_addr_valid+0x4a5/0x5c0
[  220.682337][   T13]  print_report+0xca/0x230
[  220.682353][   T13]  ? __mutex_lock+0x144/0xe80
[  220.682368][   T13]  kasan_report+0x118/0x150
[  220.682391][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  220.682416][   T13]  ? __mutex_lock+0x144/0xe80
[  220.682435][   T13]  __mutex_lock+0x144/0xe80
[  220.682450][   T13]  ? __lock_acquire+0xab9/0xd20
[  220.682467][   T13]  ? __mutex_lock+0x51b/0xe80
[  220.682484][   T13]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  220.682512][   T13]  ? __pfx___mutex_lock+0x10/0x10
[  220.682531][   T13]  ? __lock_acquire+0xab9/0xd20
[  220.682553][   T13]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  220.682583][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  220.682602][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  220.682622][   T13]  process_scheduled_works+0xae1/0x17b0
[  220.682655][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  220.682683][   T13]  worker_thread+0x8a0/0xda0
[  220.682715][   T13]  kthread+0x70e/0x8a0
[  220.682740][   T13]  ? __pfx_worker_thread+0x10/0x10
[  220.682759][   T13]  ? __pfx_kthread+0x10/0x10
[  220.682783][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  220.682806][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  220.682831][   T13]  ? __pfx_kthread+0x10/0x10
[  220.682854][   T13]  ret_from_fork+0x3fc/0x770
[  220.682873][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  220.682894][   T13]  ? __switch_to_asm+0x39/0x70
[  220.682915][   T13]  ? __switch_to_asm+0x33/0x70
[  220.682936][   T13]  ? __pfx_kthread+0x10/0x10
[  220.682960][   T13]  ret_from_fork_asm+0x1a/0x30
[  220.682989][   T13]  </TASK>
[  220.682996][   T13] 
[  220.893337][   T13] Allocated by task 10233:
[  220.897741][   T13]  kasan_save_track+0x3e/0x80
[  220.902437][   T13]  __kasan_kmalloc+0x93/0xb0
[  220.907025][   T13]  __kmalloc_noprof+0x27a/0x4f0
[  220.911886][   T13]  udp_tunnel_nic_netdevice_event+0x854/0x19f0
[  220.918048][   T13]  notifier_call_chain+0x1b3/0x3e0
[  220.923163][   T13]  register_netdevice+0x1608/0x1ae0
[  220.928381][   T13]  nsim_create+0xae8/0xf10
[  220.932793][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[  220.937900][   T13]  nsim_dev_port_add_all+0x37/0xf0
[  220.942999][   T13]  nsim_dev_reload_up+0x451/0x780
[  220.948013][   T13]  devlink_reload+0x4ec/0x8d0
[  220.952688][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[  220.958063][   T13]  genl_family_rcv_msg_doit+0x212/0x300
[  220.963610][   T13]  genl_rcv_msg+0x60e/0x790
[  220.968105][   T13]  netlink_rcv_skb+0x208/0x470
[  220.972868][   T13]  genl_rcv+0x28/0x40
[  220.976845][   T13]  netlink_unicast+0x82f/0x9e0
[  220.981603][   T13]  netlink_sendmsg+0x805/0xb30
[  220.986354][   T13]  __sock_sendmsg+0x219/0x270
[  220.991074][   T13]  ____sys_sendmsg+0x505/0x830
[  220.995832][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  221.000497][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  221.005426][   T13]  do_syscall_64+0xfa/0x3b0
[  221.009920][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.015814][   T13] 
[  221.018132][   T13] Freed by task 10238:
[  221.022187][   T13]  kasan_save_track+0x3e/0x80
[  221.026858][   T13]  kasan_save_free_info+0x46/0x50
[  221.031927][   T13]  __kasan_slab_free+0x62/0x70
[  221.036705][   T13]  kfree+0x18e/0x440
[  221.040593][   T13]  udp_tunnel_nic_netdevice_event+0x1332/0x19f0
[  221.046833][   T13]  notifier_call_chain+0x1b3/0x3e0
[  221.051941][   T13]  unregister_netdevice_many_notify+0x14d7/0x1ff0
[  221.058355][   T13]  unregister_netdevice_queue+0x33c/0x380
[  221.064075][   T13]  nsim_destroy+0x217/0x6a0
[  221.068594][   T13]  __nsim_dev_port_del+0x14d/0x1b0
[  221.073705][   T13]  nsim_dev_reload_destroy+0x288/0x490
[  221.079159][   T13]  nsim_dev_reload_down+0x8a/0xc0
[  221.084194][   T13]  devlink_reload+0x1b6/0x8d0
[  221.088868][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[  221.094268][   T13]  genl_family_rcv_msg_doit+0x212/0x300
[  221.099832][   T13]  genl_rcv_msg+0x60e/0x790
[  221.104327][   T13]  netlink_rcv_skb+0x208/0x470
[  221.109122][   T13]  genl_rcv+0x28/0x40
[  221.113105][   T13]  netlink_unicast+0x82f/0x9e0
[  221.117893][   T13]  netlink_sendmsg+0x805/0xb30
[  221.122645][   T13]  __sock_sendmsg+0x219/0x270
[  221.127316][   T13]  ____sys_sendmsg+0x505/0x830
[  221.132077][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  221.136747][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  221.141676][   T13]  do_syscall_64+0xfa/0x3b0
[  221.146170][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.152077][   T13] 
[  221.154395][   T13] Last potentially related work creation:
[  221.160110][   T13]  kasan_save_stack+0x3e/0x60
[  221.164783][   T13]  kasan_record_aux_stack+0xbd/0xd0
[  221.169986][   T13]  insert_work+0x3d/0x330
[  221.174316][   T13]  __queue_work+0xbd9/0xfe0
[  221.178815][   T13]  queue_work_on+0x181/0x270
[  221.183404][   T13]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  221.189045][   T13]  udp_tunnel_push_rx_port+0x17d/0x200
[  221.194517][   T13]  geneve_offload_rx_ports+0xd7/0x160
[  221.199883][   T13]  geneve_netdevice_event+0x6a/0x80
[  221.205072][   T13]  notifier_call_chain+0x1b3/0x3e0
[  221.210174][   T13]  call_netdevice_notifiers+0x88/0xc0
[  221.215545][   T13]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  221.221804][   T13]  notifier_call_chain+0x1b3/0x3e0
[  221.226911][   T13]  register_netdevice+0x1608/0x1ae0
[  221.232105][   T13]  nsim_create+0xae8/0xf10
[  221.236522][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[  221.241623][   T13]  nsim_dev_port_add_all+0x37/0xf0
[  221.246731][   T13]  nsim_dev_reload_up+0x451/0x780
[  221.251747][   T13]  devlink_reload+0x4ec/0x8d0
[  221.256417][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[  221.261788][   T13]  genl_family_rcv_msg_doit+0x212/0x300
[  221.267331][   T13]  genl_rcv_msg+0x60e/0x790
[  221.271830][   T13]  netlink_rcv_skb+0x208/0x470
[  221.276592][   T13]  genl_rcv+0x28/0x40
[  221.280566][   T13]  netlink_unicast+0x82f/0x9e0
[  221.285346][   T13]  netlink_sendmsg+0x805/0xb30
[  221.290111][   T13]  __sock_sendmsg+0x219/0x270
[  221.294790][   T13]  ____sys_sendmsg+0x505/0x830
[  221.299571][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  221.304263][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  221.309205][   T13]  do_syscall_64+0xfa/0x3b0
[  221.313704][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.319587][   T13] 
[  221.321957][   T13] Second to last potentially related work creation:
[  221.328533][   T13]  kasan_save_stack+0x3e/0x60
[  221.333208][   T13]  kasan_record_aux_stack+0xbd/0xd0
[  221.338396][   T13]  insert_work+0x3d/0x330
[  221.342761][   T13]  __queue_work+0xcfc/0xfe0
[  221.347256][   T13]  queue_work_on+0x181/0x270
[  221.351849][   T13]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  221.357479][   T13]  udp_tunnel_push_rx_port+0x17d/0x200
[  221.362934][   T13]  vxlan_offload_rx_ports+0x139/0x200
[  221.368299][   T13]  vxlan_netdevice_event+0x111/0x470
[  221.373591][   T13]  notifier_call_chain+0x1b3/0x3e0
[  221.378710][   T13]  call_netdevice_notifiers+0x88/0xc0
[  221.384091][   T13]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  221.390328][   T13]  notifier_call_chain+0x1b3/0x3e0
[  221.395434][   T13]  register_netdevice+0x1608/0x1ae0
[  221.400627][   T13]  nsim_create+0xae8/0xf10
[  221.405042][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[  221.410150][   T13]  nsim_dev_port_add_all+0x37/0xf0
[  221.415272][   T13]  nsim_dev_reload_up+0x451/0x780
[  221.420288][   T13]  devlink_reload+0x4ec/0x8d0
[  221.424967][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[  221.430349][   T13]  genl_family_rcv_msg_doit+0x212/0x300
[  221.435895][   T13]  genl_rcv_msg+0x60e/0x790
[  221.440398][   T13]  netlink_rcv_skb+0x208/0x470
[  221.445166][   T13]  genl_rcv+0x28/0x40
[  221.449146][   T13]  netlink_unicast+0x82f/0x9e0
[  221.453912][   T13]  netlink_sendmsg+0x805/0xb30
[  221.458665][   T13]  __sock_sendmsg+0x219/0x270
[  221.463357][   T13]  ____sys_sendmsg+0x505/0x830
[  221.468121][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  221.472788][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  221.477720][   T13]  do_syscall_64+0xfa/0x3b0
[  221.482216][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.488098][   T13] 
[  221.490415][   T13] The buggy address belongs to the object at ffff888027425200
[  221.490415][   T13]  which belongs to the cache kmalloc-256 of size 256
[  221.504484][   T13] The buggy address is located 176 bytes inside of
[  221.504484][   T13]  freed 256-byte region [ffff888027425200, ffff888027425300)
[  221.518276][   T13] 
[  221.520614][   T13] The buggy address belongs to the physical page:
[  221.527027][   T13] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27424
[  221.535778][   T13] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  221.544285][   T13] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  221.552205][   T13] page_type: f5(slab)
[  221.556187][   T13] raw: 00fff00000000040 ffff88801a441b40 ffffea0000cc2100 dead000000000007
[  221.564761][   T13] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  221.573350][   T13] head: 00fff00000000040 ffff88801a441b40 ffffea0000cc2100 dead000000000007
[  221.582014][   T13] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  221.590672][   T13] head: 00fff00000000001 ffffea00009d0901 00000000ffffffff 00000000ffffffff
[  221.599344][   T13] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  221.608008][   T13] page dumped because: kasan: bad access detected
[  221.614425][   T13] page_owner tracks the page as allocated
[  221.620150][   T13] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6144, tgid 6142 (syz.2.30), ts 95473088459, free_ts 95472442884
[  221.641148][   T13]  post_alloc_hook+0x240/0x2a0
[  221.645910][   T13]  get_page_from_freelist+0x21e4/0x22c0
[  221.651451][   T13]  __alloc_frozen_pages_noprof+0x181/0x370
[  221.657250][   T13]  alloc_pages_mpol+0x232/0x4a0
[  221.662102][   T13]  allocate_slab+0x8a/0x3b0
[  221.666596][   T13]  ___slab_alloc+0xbfc/0x1480
[  221.671271][   T13]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  221.677681][   T13]  krealloc_noprof+0x124/0x340
[  221.682448][   T13]  copy_array+0x63/0xf0
[  221.686593][   T13]  copy_verifier_state+0x848/0xed0
[  221.691692][   T13]  do_check+0x4c44/0xd450
[  221.696019][   T13]  do_check_common+0x168d/0x20b0
[  221.700954][   T13]  bpf_check+0x13664/0x19c60
[  221.705550][   T13]  bpf_prog_load+0x1318/0x1930
[  221.710304][   T13]  __sys_bpf+0x5f1/0x860
[  221.714574][   T13]  __x64_sys_bpf+0x7c/0x90
[  221.719001][   T13] page last free pid 6144 tgid 6142 stack trace:
[  221.725318][   T13]  __free_frozen_pages+0xc71/0xe70
[  221.730450][   T13]  __slab_free+0x326/0x400
[  221.734857][   T13]  qlist_free_all+0x97/0x140
[  221.739451][   T13]  kasan_quarantine_reduce+0x148/0x160
[  221.744925][   T13]  __kasan_slab_alloc+0x22/0x80
[  221.749780][   T13]  __kmalloc_cache_noprof+0x1be/0x3d0
[  221.755158][   T13]  do_check+0x4239/0xd450
[  221.759503][   T13]  do_check_common+0x168d/0x20b0
[  221.764453][   T13]  bpf_check+0x13664/0x19c60
[  221.769063][   T13]  bpf_prog_load+0x1318/0x1930
[  221.773838][   T13]  __sys_bpf+0x5f1/0x860
[  221.778084][   T13]  __x64_sys_bpf+0x7c/0x90
[  221.782500][   T13]  do_syscall_64+0xfa/0x3b0
[  221.786996][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.792885][   T13] 
[  221.795222][   T13] Memory state around the buggy address:
[  221.800847][   T13]  ffff888027425180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  221.808913][   T13]  ffff888027425200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  221.816976][   T13] >ffff888027425280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  221.825025][   T13]                                      ^
[  221.830642][   T13]  ffff888027425300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  221.838695][   T13]  ffff888027425380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  221.846753][   T13] ==================================================================
[  221.878182][   T13] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  221.885408][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-syzkaller-01565-ge7ce59d9205e #0 PREEMPT(full) 
[  221.897395][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  221.907458][   T13] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  221.914799][   T13] Call Trace:
[  221.918178][   T13]  <TASK>
[  221.921128][   T13]  dump_stack_lvl+0x99/0x250
[  221.925755][   T13]  ? __asan_memcpy+0x40/0x70
[  221.930357][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.935568][   T13]  ? __pfx__printk+0x10/0x10
[  221.940180][   T13]  panic+0x2db/0x790
[  221.944093][   T13]  ? __pfx_panic+0x10/0x10
[  221.948528][   T13]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  221.954450][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  221.960796][   T13]  ? print_memory_metadata+0x314/0x400
[  221.966268][   T13]  ? __mutex_lock+0x144/0xe80
[  221.970956][   T13]  check_panic_on_warn+0x89/0xb0
[  221.975922][   T13]  ? __mutex_lock+0x144/0xe80
[  221.980616][   T13]  end_report+0x78/0x160
[  221.984882][   T13]  kasan_report+0x129/0x150
[  221.989405][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  221.995339][   T13]  ? __mutex_lock+0x144/0xe80
[  222.000029][   T13]  __mutex_lock+0x144/0xe80
[  222.004543][   T13]  ? __lock_acquire+0xab9/0xd20
[  222.009410][   T13]  ? __mutex_lock+0x51b/0xe80
[  222.014115][   T13]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  222.020380][   T13]  ? __pfx___mutex_lock+0x10/0x10
[  222.025419][   T13]  ? __lock_acquire+0xab9/0xd20
[  222.030289][   T13]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  222.036386][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  222.042121][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  222.047854][   T13]  process_scheduled_works+0xae1/0x17b0
[  222.053421][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  222.059428][   T13]  worker_thread+0x8a0/0xda0
[  222.064054][   T13]  kthread+0x70e/0x8a0
[  222.068143][   T13]  ? __pfx_worker_thread+0x10/0x10
[  222.073267][   T13]  ? __pfx_kthread+0x10/0x10
[  222.077883][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.083097][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.088312][   T13]  ? __pfx_kthread+0x10/0x10
[  222.092919][   T13]  ret_from_fork+0x3fc/0x770
[  222.097527][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  222.102664][   T13]  ? __switch_to_asm+0x39/0x70
[  222.107447][   T13]  ? __switch_to_asm+0x33/0x70
[  222.112225][   T13]  ? __pfx_kthread+0x10/0x10
[  222.116832][   T13]  ret_from_fork_asm+0x1a/0x30
[  222.121618][   T13]  </TASK>
[  222.124984][   T13] Kernel Offset: disabled
[  222.129317][   T13] Rebooting in 86400 seconds..