last executing test programs:

35.70233349s ago: executing program 2 (id=5821):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x18, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000001010000000000e50003000000000085100000fcffffff2500fefffcffffff85100000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x8}, 0x94)

35.428778872s ago: executing program 2 (id=5824):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)
setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x80000002, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200008ddd0000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e6ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ac141400"/400], 0x190)
setsockopt$inet_group_source_req(r3, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000000)=0x80000002, 0x4)
sendto$inet(r4, &(0x7f0000000040)='@', 0x1, 0x20044890, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10)
connect$inet(r1, &(0x7f0000000400)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)
close(r0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYRES16], 0x7c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x4004890}, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r8 = accept4(r7, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r8)
sendmsg$NFT_MSG_GETRULE(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[], 0x100}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r9)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x14, r10, 0xc8036ab6d6cbef07, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x45080)

35.331393195s ago: executing program 3 (id=5828):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r1=>0x0}, &(0x7f0000000040)=0x8) (async)
r2 = accept4(r0, &(0x7f0000000080)=@ax25={{}, [@null, @bcast, @null, @null, @default, @default, @null, @rose]}, &(0x7f0000000100)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000140)={r1, 0x7, 0x3}, 0x8) (async, rerun: 32)
bind(r0, &(0x7f0000000180)=@phonet={0x23, 0x3d, 0x6}, 0x80) (async, rerun: 32)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000200)={r1, 0xffffffff}, 0x8) (async)
sendmsg$AUDIT_USER(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xfc, 0x3ed, 0x200, 0x70bd2c, 0x25dfdbfb, "6e6876a6ad2a7b7cb6b2b12965c5d7314f3df873cf482609062787538e4edecf14aa4adfe1c94ad1600b47899f18a96525e3a79e806650c4cdb7a1c4d24795bf5c68187e7d07a7a46a40352abe9a06b0c93ce627464f38a4112d34c2fb277e2bfc5503b076d611d8a4de89f8b2091568cabf1621a48e74ffa8fb5cb4b2da30d6f174ad5ca5d889e6d29014b23d7784f23d5156ae9f39819a2910101516cd2b669ec7de9ca523563cd0cd0f35e3bdceb7b29e55ab4a34d205ddc97c4fc4b053e94bd2baa12b42b60f34fb5b8b5bacc0dc363acf4cb13a1275d169afb09de85367d169df01eef3086ffd1b", [""]}, 0xfc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r2)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x64, r3, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008010}, 0x4000004) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000580)={r1, 0x3, 0x4}, 0x8) (async)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f00000005c0), &(0x7f0000000600)=0x4)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x4c, r6, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x4c}}, 0x40880) (async)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000007c0)={<r7=>r1, 0xad}, &(0x7f0000000800)=0x8)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000840)={r7, 0xf001, 0xd0}, 0x8) (async)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000880)={<r8=>r7, 0x250, 0xe1, 0x9}, &(0x7f00000008c0)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000900)={r8, 0x7, 0x6}, 0x8) (async, rerun: 64)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000940)={r1, 0x3}, 0x8) (async, rerun: 64)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r9, &(0x7f0000000980)="972bb200ac881f6dde0b951b2f21a94d5d8b0808b22b75d7a294cd0f04adcce075dd7f53aecb0db1f09389e43833e4ab8f1fbda2e35c388a493fc43b693e4f22936651e2dcae432e568d760b37638eed1eec5f8c3d5a7ce642d6ef91b97b048127232f642058aa0486a039abe8eb03ed095fb05ef458a209f4517ecbfe4c7a490729dbbb64574bec8e092eb9a778cdaceca13f807b8cde440a6b62a25751a7badc05ddb22b4cdece4c1da220462485c243032550ead5d09a8ffeb6aa8f517a6561240b3a8d129b26c24df1a50b853d4479e541ff8c0d157fd292a51549f850ae00", 0xe1, 0x4000005, &(0x7f0000000a80)={0xa, 0x4e21, 0xfffffff8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x78ce0c52}, 0x1c) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), r2) (async)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001380)={&(0x7f0000000b80)={0x7e8, r10, 0x20, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0xe, 0x6c}}}}, [@NL80211_ATTR_NAN_FUNC={0x598, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_ID={0x5, 0x6, 0x41}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x3}, @NL80211_NAN_FUNC_TYPE={0x5}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0x568, 0xd, 0x0, 0x1, [{0xe3, 0x0, "fbfe31c3501d9a38f1e181920b09e8af913dafa8e78c5029d99168a6fc254b1abcb1dc9166c7459688c21d6528b0e3bde66549a34a64cf2d0e6f6e17ac99092adcf40192aa98b915469bcdea2cd38245bbd42199b2bbedb7231c7a3c295e76a503f82ec8781a7022769938ca1aae0b4bb05cccbafd08dcc8252a0a753463025d0a4d76581e0ee6915ef7199a37989aa81446b854383adcd3b37cdeef8cba61e56784b0b10b21348457f9cb09df5b63ffd74c7cbe21e59ac9dfeb71da726d934e20658923eefa52088ded4037d0f1ab7ff29a12c4cd905145539f9d568ae776"}, {0x7f, 0x0, "b1160e43521f70472a709a4bc03eaa9724144a708d936c5574828b451138187d035a3b5421cfb978ce3a3de60d528ba8ce878029250fcde11e48636495d4139f3aa00755aa01b5970a1d7ef61f4352153c4fb348839122cdc41d0985c7dbb7c86e48b04a77169849d211f055166bfe304c521186c1323d0c6ba860"}, {0x87, 0x0, "3b090d9571ff2258ee55ab54735016d1e8be3ff6e5ba9d5e1a0484dbe6405b83648c59572d864f15afc2759e83cd9b68fd2a9423d5d7dd5b99c3a5af28e7d85d6981332d82b34b5836140e25c37688107c6b42bc9f4027c07ac82d794aa90778c723c7d0b61b65a8765d617d86f44c37cfb1f0e7ee198d3024f3534b7969b0fd48092e"}, {0x69, 0x0, "b1a8df1bf39b9e3e5d7f0a7aea34c50aa50f095f6909dfddd457b069b62bac02f749c09c1a93a12217d1069169a69efe9a2ebff9ed3c05ecd86a8ec33b7391022ceb32a1db43752500b112b1e772d77666482dcb0d2e832e2dc831b7951c63c0fcd1a4f95e"}, {0x77, 0x0, "47eb9c9d02f5d874f0ec53482e4e4ee78a026843c448155357f19e3a6e26108c33e726d9a61f7d3a6f68064fe17d982d55c7b80220c50efec26b4130e3a5e734ba68c69b9dfbafb9ed529285604500b640dabfa2c2092e1c09618449808b1857385649fcef75b6acba111df23e002bec8db955"}, {0x89, 0x0, "14ded616630481a4ebecfac091990b79bb6ccafc4c6b45b6424ede08b3c4c9bf9b679131bde93725dde1465124e320138d469fa34ca96091046274b63da565090fe1abe5c800c26e20905428061e6f8a97e001a3b6901d69da937fa9de6ff046adb193ff01d27c29afe263d8c91ce9a22ef481e6be273b0ff464d158ba01e70093ed09b8c6"}, {0xc3, 0x0, "4b0171d8438816b53176fda60200c769bb5515d030165afe3edef1fcd6cf10af123525e39079b8edc5b2d9a8c617e2dde8db71b03cfb318fab58651ecc4c75d958dad0e4e218838a46f9f852ed987e317f5ee5700d9f0e04bd91b6ac97123d020dfcae2db28e7d9327c3cdbc9526ecaa566b54deca62012d6234c326bf6ae27373f3362647f361fa1e329ac891dbfb19734ad6405c81173f3965644a95d9da1826bb634d886e6fc44f6a8e276a6a525f9492aa5af82f3851bc27b4c815a24e"}, {0xbc, 0x0, "6e9383598ab35e90248a3ed6abb9d07c7cd1081dd54eda86420d51c8ad0cda02624391261b44fc4adcabf32316b93e7bc4c9bd218f1f251ca7468adf9896625f11f05ffdf7e9959afff3e0efebf703682103243049d39914780892310f5954b0feef0f473b43cac96665924b23a43851cec31a93313bd7da59d8c8c950bf52d8f969c73fbd2f8792e7fe040bf5bc9bcdb58611e10ae9a1bdc535841acf8154bee4fd8c624cece005932114a546d245c4810a801cce96eadd"}, {0x87, 0x0, "fc8bd2193aca087d43b15c5315329b7593b84524095fa32b01d782fc4c43c1b5114585fa49d4aac599aa6500d5b499bae8c5926a91d0f30dcff5a77ea2c19c5c84076007b2415643fa28dfb5a35ca47caedfe53d83725970eeb8e0340f7739973d53dbf6383dd21a21b91f3d855c2fd160d1a3c2feab2357d82d346fb98c39743a9d5e"}]}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x6}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x17}]}, @NL80211_ATTR_NAN_FUNC={0xf4, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_SERVICE_INFO={0xe8, 0xb, "26d40064b67e529c11dbeec944f7aba1a3463c1647f31647f524ecc022f3fdb89c7af06313ea4e3d99220ac139d88d57d0f783d8cb0a20be500c6695de55cc3c4358088fa3be8d9e3f6fe55184d43efcca403de8b7d4a4d127db6bb5d63d3af746cea83fb1f52ba6f5eef5adc7ce4bc97561e3627da8c9ee8a7545789a5ea794a59c2354c51a7a7ec3209a815325084d923b7b4642773ed8c19668167721e725f8b7db8b8bcd6a4c1708b163d1c209e0a38a0721e84a9816cf97b3d426d99f7d908b0ab749bb3029eb836d7daf5d0d7776387f6b4ff9179d83eb34ad591231c2fa8ee500"}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x8}]}, @NL80211_ATTR_NAN_FUNC={0x130, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0xf7}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @device_b}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x6}, @NL80211_NAN_FUNC_SRF={0x110, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_BF={0x103, 0x2, "a6c4cf1b491eb5f02c8789d2bce74386f2f2e6395eaf626785ebb11e48bc9f0c0b59742dd630856ad32a388a4fb98d1dd7bfeb0fa94810cfb7e279fd8517f11c08ab50beae99c4955073e486370e0b074f1c67eff4cc14bc849958cd2982a6839989bdf5f7b541cda631958a87a5e875497cacd4e34711122e216f899f8f3de119fa9f954d4474586650b16b9a7e1c81da648ce41e94dc2d9782a104f38ea1b9d553da7dd01493837d0b8d115de63c6375fd7c338b6350f8f9303842a892638cb396fef1defcc9f278f931b73c10e2e56c24adb0576cb1c717ebe225d0ca848d7f3a605f75a6d27f9d48cf1de7c7ad585b8184a2ccfb7af1cc2dce45eb4b76"}, @NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x1}]}]}, @NL80211_ATTR_NAN_FUNC={0x4}]}, 0x7e8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async, rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001700)={0xffffffffffffffff, 0xe0, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001440)=[0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000001480)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000014c0)=[0x0], 0x0, 0xb7, &(0x7f0000001500)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000001540), &(0x7f0000001580), 0x8, 0xbb, 0x8, 0x8, &(0x7f00000015c0)}}, 0x10) (rerun: 32)
sendmsg$nl_route_sched(r2, &(0x7f0000001800)={&(0x7f0000001400), 0xc, &(0x7f00000017c0)={&(0x7f0000001740)=@getchain={0x4c, 0x66, 0x10, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0xe, 0xc}, {0x4, 0x7}, {0x10, 0xfff1}}, [{0x8, 0xb, 0x3}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x4}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24028081}, 0x42094) (async)
ioctl$sock_ifreq(r9, 0x8990, &(0x7f0000001880)={'batadv_slave_0\x00', @ifru_settings={0x5, 0x349f, @te1=&(0x7f0000001840)={0x1, 0x4, 0x2, 0x8}}})
getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f00000018c0)=""/235, &(0x7f00000019c0)=0xeb) (async)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000001a00), r5)

33.871919581s ago: executing program 3 (id=5829):
r0 = socket$pppoe(0x18, 0x1, 0x0)
preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/182, 0xb6}], 0x1, 0x7, 0x8)
pread64(r0, &(0x7f0000000100)=""/243, 0xf3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x60, r2, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x3}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xdb}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x10}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f00000003c0)=0x2)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000400)={<r4=>0x0}, &(0x7f0000000440)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000480)=@assoc_value={r4, 0x8}, 0x8)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000500), r3)
r6 = ioctl$NS_GET_PARENT(r3, 0xb702, 0x0)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x34, r5, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_NET_NS_FD={0x8, 0x7, r6}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}, @GTPA_FAMILY={0x5, 0xd, 0x1e}]}, 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0xc800)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000600)={r3}, 0x4)
setsockopt$netrom_NETROM_T4(r3, 0x103, 0x6, &(0x7f0000000640)=0x7, 0x4)
setsockopt(r1, 0x4, 0xb, &(0x7f0000000680)="64d0bf3f280e2fb46627b7906e7435981518a8f1c6bc4895d2edfe61defd28a8f46ff6995616db957cde568fdd89f33357860fd90a5a362e9e45f203b50cc354d2b9874e5eba98882c566df7270477b60b2584ff523818d5f5f74bee2179c6b47fcbcc158867470c7e1c469acb64ab2df0e0c5e44380e0ccae16480d281e26087c4e6c456333dbb040edd978d51c275121e51353f01ed0", 0x97)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000740)={r4, 0x8}, 0x8)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000780))
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000980)={0x1}, 0x4)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000a40)=<r9=>0x0)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x24, r8, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x40804)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000b40)=0x6, 0x4)
r10 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSGCAUSE(r10, 0x89e0, &(0x7f0000000b80))
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x28, 0x3f7, 0x4, 0x70bd29, 0x9, {0x7, 0x7, './file0', './file0'}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x400c000}, 0x4010)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000cc0)={r4, 0x9}, &(0x7f0000000d00)=0x8)

33.842099263s ago: executing program 2 (id=5830):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000180)={r1, r1, 0xa, 0x0, 0x0, 0xb, 0x88, 0x0, 0x4006, 0xc33c, 0x3, 0x5, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

33.729313067s ago: executing program 3 (id=5834):
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300ef5839c900910000", 0x48}], 0x1)

33.597797033s ago: executing program 2 (id=5836):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@initr0={0x18, 0x0, 0x0, 0xff90}]}, &(0x7f0000000440)='GPL\x00'}, 0x90)

33.577300636s ago: executing program 3 (id=5837):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6})
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = socket$inet(0x2, 0x3, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x28, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r4, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x20000)

33.451887609s ago: executing program 2 (id=5839):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000007c0)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c46f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0}, 0x90) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x6, 0xff, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000080), 0x619, r1}, 0x38) (async)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x30, 0xcf, 0x5, 0xfffff000}, {0x6}]})

33.416482755s ago: executing program 3 (id=5841):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x1, 0x2, 0xff, 0x1474e2531632564b, 0xd0, 0x5}, 0x20)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r2, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x11)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000640)=@allocspi={0x100, 0x16, 0x401, 0x0, 0x0, {{{@in=@local, @in6=@mcast1}, {@in=@broadcast, 0x0, 0x33}, @in6=@loopback, {}, {}, {}, 0x70bd26}}, [@XFRMA_IF_ID={0x8}]}, 0x100}, 0x1, 0x0, 0x0, 0x10040080}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x11, 0x4, 0x4, 0x9}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x2, 0x4, 0x3, 0x0, r4, 0xfffffffe}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r6}, &(0x7f0000000840), &(0x7f0000000880)=r5}, 0x20)
shutdown(r2, 0x1)
r7 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="44ee0e0010f0a0c4aa884f3a20157166b3cf6b00", @ANYRES32=r8, @ANYRESDEC=r8], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

33.20778199s ago: executing program 2 (id=5844):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfffffffffffffff9)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b28, &(0x7f0000000000)={'wlan1\x00'})
listen(r0, 0x0)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x18, &(0x7f0000000100)=0xbc38, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x7}, 0x8)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001700)=ANY=[], 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r3)
sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r5, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7fff}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040040}, 0x20008000)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@exit]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x24}, 0x94)
ioctl$sock_SIOCSIFBR(r6, 0x8941, &(0x7f0000001e40)=@get={0x1, 0x0, 0x7fffffffffffffff})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r8, &(0x7f00000000c0)={0xa, 0x4e22, 0x2, @loopback, 0x4}, 0x1c)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

33.19074708s ago: executing program 3 (id=5845):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$nci(r1, &(0x7f0000000080)=@NCI_OP_CORE_INIT_RSP={0x0, 0x1, 0x2, 0x1, 0x7, {{0x0, 0x5, 0x27, "a3a12578a19acd049a56665288cf5ef73af89db22f65f292a5ce438bbb402c64c9e4c89b2d6329"}, {0x2, 0xc, 0x1, 0xbc23, 0x4, 0x8}}}, 0x3b)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="18003500430007010100000000000000017c000004004280"], 0x18}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)

19.374940342s ago: executing program 4 (id=6090):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x7, 0x7fe2, 0x3}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c00000004000000040000000900000000000000", @ANYRES32=r1, @ANYBLOB="0d00000000000000000000000000000006000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r2}, &(0x7f0000000880), &(0x7f00000008c0)=r0}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x26020480) (async)
unshare(0x26020480)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000007c0), 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xbf}]}, &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x53}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)={0x38, r5, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x38}}, 0x0)

19.271780746s ago: executing program 4 (id=6091):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x7, 0x0, 0x0, 0x9, 0x1, 0xc45, 0x1012, 0xc3, 0x2, 0x7, 'syz1\x00'}) (fail_nth: 2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [], {0x14, 0x10}}, 0x28}}, 0x0)

18.993357595s ago: executing program 4 (id=6094):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x1000000, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x10}}, 0xb4}}, 0x0)

18.903596792s ago: executing program 4 (id=6096):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={0x18, r1, 0x1, 0x70bd28, 0x0, {}, [@TIPC_NLA_MON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x240280d0}, 0x2000c890)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c85bde06fbf19", "bc5ec28f", "b200"}, 0x38)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x13, r3, 0xffffd000)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x4, &(0x7f0000000100)=@gcm_256={{}, "24747942338921a1", "d830005894bf527ae179a7173985202bbfb61b36f3678de8ea2d0d6616076243", "5615d9f5", "7c5cec21291a43fe"}, 0x38)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
setsockopt$inet6_tcp_buf(r6, 0x6, 0x21, &(0x7f0000000200)="3e6891102567f6f91f39c4e55da45f90b9fa9cbfb6a9cf418b688fc677daa1d0665b3742395b0a7180d4d53fa7d57e3d5de2b0174f59583f0b11b35b373d285c7d3e025e1c81c60d8447323395d3b18b9184b65ba1342a7b3d4b1dd2e1", 0x5d)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SECURITY(r7, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x1f)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x7, 0x0, 0x0, 0x4, 0x1, 0xc45, 0x10, 0xc3, 0x2, 0x7, 'syz1\x00'})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000010a140000001000010000000000000000000000000a0b6f85be9cf4f1a0dddd8ad80fdaab0752c5ed4bd7cd6a72138bf608352d3c12a14c267c23873574ae35a750efc74e52d65422a4947364d030f3f3a7e6c625d821f42944643717b2f700ed48ef7952a3e234586fd418996b285c4887b341388d7e5182"], 0x28}}, 0x0)

18.829160377s ago: executing program 4 (id=6098):
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0xffffffffffffff97)

18.724748296s ago: executing program 4 (id=6100):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000001200010a000000000000000000000200a1bafb4483be62445f3936d8a4bbd02dfa6438f20075a05e9e78646835c60e3d36f0347fc5327c6f0e373fbfb05f9a900c444f7d76619fa65379dc229ae173289c459a78f4d292e21de55882ee95f00d4e0a6da155311ce984f6edcad5d3f4ef"], 0x26}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xac, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x458}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xfffd}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfffffffd}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x10}, 0x40881)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ac0)={{0x14}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000880)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0xa, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r9=>0x0)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r9], 0x1c}}, 0x0)
r10 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_DECOMPRESS_FILE(r6, 0xf517, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r11)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$inet(0x2, 0xa, 0xd)
r13 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r13, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r12, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @local}, {0x0, 0x0, 0x8}}}}}}, 0x2e)
ioctl$IOCTL_GET_NCIDEV_IDX(r10, 0x0, &(0x7f00000000c0))

18.183522277s ago: executing program 32 (id=5844):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfffffffffffffff9)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b28, &(0x7f0000000000)={'wlan1\x00'})
listen(r0, 0x0)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x18, &(0x7f0000000100)=0xbc38, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x7}, 0x8)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001700)=ANY=[], 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r3)
sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r5, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7fff}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040040}, 0x20008000)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@exit]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x24}, 0x94)
ioctl$sock_SIOCSIFBR(r6, 0x8941, &(0x7f0000001e40)=@get={0x1, 0x0, 0x7fffffffffffffff})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r8, &(0x7f00000000c0)={0xa, 0x4e22, 0x2, @loopback, 0x4}, 0x1c)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

18.155777889s ago: executing program 33 (id=5845):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$nci(r1, &(0x7f0000000080)=@NCI_OP_CORE_INIT_RSP={0x0, 0x1, 0x2, 0x1, 0x7, {{0x0, 0x5, 0x27, "a3a12578a19acd049a56665288cf5ef73af89db22f65f292a5ce438bbb402c64c9e4c89b2d6329"}, {0x2, 0xc, 0x1, 0xbc23, 0x4, 0x8}}}, 0x3b)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="18003500430007010100000000000000017c000004004280"], 0x18}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)

16.86183967s ago: executing program 0 (id=6138):
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000000203050000000000deffffff02000007080004400000001708000440000000100800034080000000"], 0x2c}, 0x1, 0x0, 0x0, 0x45}, 0x4000804)
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
shutdown(r2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000068000000090a0104000000008be4e624000000000700000008000a37d55e5c96b7a06e0073797a30000000000900010073797a3000000000080005400000000d24001280140001800c000100636f756e74657200040002800c00018008000100647570000800034000000110140000001000010000000000000000000084000a130d15702fea2c13d182f71079b7630901cef6c83bfcb7ef2eca07624253f2449030c8d11d7d67fcf215df72380b68890b1cd76b9d65b1594bb90605"], 0xb0}}, 0x20050800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000040)=@bpq0, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240)={<r5=>0xffffffffffffffff})
sendmsg$AUDIT_TRIM(r5, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x3f6, 0x200, 0x70bd2b, 0x25dfdbfc, "", [""]}, 0x10}}, 0x40000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000b00), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)={0x34, r7, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004004}, 0x20000000)
r8 = socket$netlink(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r9, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000)
sendmsg$DEVLINK_CMD_TRAP_GET(r5, &(0x7f0000000180)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x88, r9, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x2f}, 0x1, 0x0, 0x0, 0x80}, 0x0)

16.156812085s ago: executing program 0 (id=6142):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r2 = gettid()
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYRES8=r2, @ANYRESHEX=r1, @ANYRES32=r2, @ANYRES8=r2], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

16.015884775s ago: executing program 0 (id=6144):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x18, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000410000000000e50003000000000085100000fcffffff2500fefffcffffff85100000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x8}, 0x94)

16.010935368s ago: executing program 0 (id=6146):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="200000006a000100"], 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x3, 0x33)
getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x200, 0x0, {0x2, 0x0, 0x20, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1a}, [@FRA_SRC={0x8, 0x2, @private=0xa010101}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

15.989366083s ago: executing program 0 (id=6148):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x102}]}, &(0x7f0000000440)='GPL\x00'}, 0x90)

15.89185355s ago: executing program 0 (id=6149):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_WANTLQI(r3, 0x0, 0x3, &(0x7f0000000000)=0x1, 0x4)
setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000440)={0x8000, 0x98, 0x7, 0x401}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$AUDIT_TTY_GET(r5, 0x0, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000900020073797a31000000000500010007000000070105000a0000000c00078008001240ffffffff1100030e60e96c403819f7b5602e2c0b00686196683a69702c6d61726b000000000500040000000000a1e60d4dbd0bf310ef97b726385249f2d14d5d4b02c13bdb437eba34294d75330ae99e888b5aa21261856867a4bd94babc2f57f85c3d57"], 0x58}}, 0x0)
sendmsg$key(r4, 0x0, 0x0)
r8 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0xfcbe}], 0x2, &(0x7f0000000040)=[@ip_tos_u8={{0x11, 0x0, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x38}, 0x40010)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16, @ANYBLOB="00042bbd7000ffdbdf52120000000a000600ff"], 0x48}, 0x1, 0x0, 0x0, 0x4040810}, 0x40000)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r9, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r9, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0xfdef)
sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)

15.258557296s ago: executing program 1 (id=6157):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r2, &(0x7f0000000480), &(0x7f0000000340)=@udp6=r0}, 0x20)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x0, 0x7f81, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})
sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x33}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}}, 0x4000cd0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="620ac4ff000000007110ac000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xd, 0x40010, r1, 0xe552e000)

15.254658909s ago: executing program 1 (id=6158):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newsa={0x13c, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@rand_addr=' \x01\x00', 0xfffd, 0x1, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in=@rand_addr=0x64010100, 0x4d5, 0x32}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, {0x0, 0x7, 0x0, 0x4, 0x2000000000000000, 0x4, 0x20000000008}, {0x100000001, 0x8, 0xcc, 0x1900}, {0xf8}, 0x0, 0x4, 0x2, 0x0, 0x1}, [@algo_aead={0x4c, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x0, 0x40}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x804}, 0x844)

15.25425212s ago: executing program 1 (id=6159):
r0 = socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x100000000)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
close(0x3)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x6}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r5, @ANYBLOB="06001500070000000c0016800800", @ANYRES64=r4], 0x38}}, 0x10)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
setsockopt$inet_tcp_int(r0, 0x6, 0x1f, &(0x7f0000000180)=0xb8, 0x4)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, r6, 0x1}, 0x14}}, 0x0)

15.253048997s ago: executing program 1 (id=6160):
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c900910000", 0x48}], 0x1)

15.252541689s ago: executing program 1 (id=6161):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r0, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300, 0x0, 0xc090}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x300}, 0x0)

15.251868627s ago: executing program 1 (id=6162):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x2000, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0xfdef)
syz_extract_tcp_res(&(0x7f0000000080), 0xfffffffb, 0x8)
syz_extract_tcp_res$synack(&(0x7f00000000c0), 0x1, 0x0)
write$tun(r0, &(0x7f0000000340)={@val={0x0, 0x4}, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @random="90bbff945642", @loopback, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}, @remote}}, 0x20)

3.502220236s ago: executing program 34 (id=6100):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000001200010a000000000000000000000200a1bafb4483be62445f3936d8a4bbd02dfa6438f20075a05e9e78646835c60e3d36f0347fc5327c6f0e373fbfb05f9a900c444f7d76619fa65379dc229ae173289c459a78f4d292e21de55882ee95f00d4e0a6da155311ce984f6edcad5d3f4ef"], 0x26}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xac, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x458}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xfffd}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfffffffd}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x10}, 0x40881)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ac0)={{0x14}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000880)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0xa, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r9=>0x0)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r9], 0x1c}}, 0x0)
r10 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_DECOMPRESS_FILE(r6, 0xf517, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r11)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$inet(0x2, 0xa, 0xd)
r13 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r13, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r12, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @local}, {0x0, 0x0, 0x8}}}}}}, 0x2e)
ioctl$IOCTL_GET_NCIDEV_IDX(r10, 0x0, &(0x7f00000000c0))

483.492245ms ago: executing program 35 (id=6149):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_WANTLQI(r3, 0x0, 0x3, &(0x7f0000000000)=0x1, 0x4)
setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000440)={0x8000, 0x98, 0x7, 0x401}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$AUDIT_TTY_GET(r5, 0x0, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000900020073797a31000000000500010007000000070105000a0000000c00078008001240ffffffff1100030e60e96c403819f7b5602e2c0b00686196683a69702c6d61726b000000000500040000000000a1e60d4dbd0bf310ef97b726385249f2d14d5d4b02c13bdb437eba34294d75330ae99e888b5aa21261856867a4bd94babc2f57f85c3d57"], 0x58}}, 0x0)
sendmsg$key(r4, 0x0, 0x0)
r8 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0xfcbe}], 0x2, &(0x7f0000000040)=[@ip_tos_u8={{0x11, 0x0, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x38}, 0x40010)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16, @ANYBLOB="00042bbd7000ffdbdf52120000000a000600ff"], 0x48}, 0x1, 0x0, 0x0, 0x4040810}, 0x40000)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r9, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r9, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0xfdef)
sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 36 (id=6162):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x2000, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0xfdef)
syz_extract_tcp_res(&(0x7f0000000080), 0xfffffffb, 0x8)
syz_extract_tcp_res$synack(&(0x7f00000000c0), 0x1, 0x0)
write$tun(r0, &(0x7f0000000340)={@val={0x0, 0x4}, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @random="90bbff945642", @loopback, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}, @remote}}, 0x20)

kernel console output (not intermixed with test programs):

][T20741]  ? security_capable+0x7e/0x2e0
[  425.801992][T20741]  genl_rcv_msg+0x5da/0x790
[  425.802021][T20741]  ? __pfx_genl_rcv_msg+0x10/0x10
[  425.802041][T20741]  ? __pfx_batadv_hardif_neigh_dump+0x10/0x10
[  425.802083][T20741]  netlink_rcv_skb+0x208/0x470
[  425.802098][T20741]  ? __lock_acquire+0xab9/0xd20
[  425.802117][T20741]  ? __pfx_genl_rcv_msg+0x10/0x10
[  425.802140][T20741]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  425.802178][T20741]  ? down_read+0x1ad/0x2e0
[  425.802198][T20741]  genl_rcv+0x28/0x40
[  425.802217][T20741]  netlink_unicast+0x82f/0x9e0
[  425.802250][T20741]  ? __pfx_netlink_unicast+0x10/0x10
[  425.802277][T20741]  ? netlink_sendmsg+0x642/0xb30
[  425.802292][T20741]  ? skb_put+0x11b/0x210
[  425.802314][T20741]  netlink_sendmsg+0x805/0xb30
[  425.802343][T20741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.802363][T20741]  ? aa_sock_msg_perm+0xf1/0x1d0
[  425.802408][T20741]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  425.802426][T20741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.802445][T20741]  __sock_sendmsg+0x21c/0x270
[  425.802472][T20741]  ____sys_sendmsg+0x505/0x830
[  425.802497][T20741]  ? __pfx_____sys_sendmsg+0x10/0x10
[  425.802528][T20741]  ? import_iovec+0x74/0xa0
[  425.802554][T20741]  ___sys_sendmsg+0x21f/0x2a0
[  425.802576][T20741]  ? __pfx____sys_sendmsg+0x10/0x10
[  425.802633][T20741]  ? __fget_files+0x2a/0x420
[  425.802649][T20741]  ? __fget_files+0x3a0/0x420
[  425.802675][T20741]  __x64_sys_sendmsg+0x19b/0x260
[  425.802697][T20741]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  425.802727][T20741]  ? __pfx_ksys_write+0x10/0x10
[  425.802755][T20741]  ? do_syscall_64+0xbe/0xfa0
[  425.802783][T20741]  do_syscall_64+0xfa/0xfa0
[  425.802803][T20741]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.802825][T20741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.802842][T20741]  ? clear_bhb_loop+0x60/0xb0
[  425.802863][T20741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.802888][T20741] RIP: 0033:0x7faebf78f749
[  425.802905][T20741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.802920][T20741] RSP: 002b:00007faec0550038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.802940][T20741] RAX: ffffffffffffffda RBX: 00007faebf9e6090 RCX: 00007faebf78f749
[  425.802953][T20741] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003
[  425.802965][T20741] RBP: 00007faec0550090 R08: 0000000000000000 R09: 0000000000000000
[  425.802975][T20741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.802986][T20741] R13: 00007faebf9e6128 R14: 00007faebf9e6090 R15: 00007fffaf244c78
[  425.803020][T20741]  </TASK>
[  426.276423][T13250] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  426.440710][T20750] 8021q: adding VLAN 0 to HW filter on device bond1
[  426.478077][T20758] bond_slave_0: entered promiscuous mode
[  426.478816][T20750] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  426.483862][T20758] bond_slave_1: entered promiscuous mode
[  426.494297][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  426.500964][T20758] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  426.520235][T20758] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  426.522074][T20747] IPVS: sh: FWM 3 0x00000003 - no destination available
[  426.788770][T20305] 8021q: adding VLAN 0 to HW filter on device batadv0
[  426.812125][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  426.821389][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  426.829820][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  426.911118][T20305] veth0_vlan: entered promiscuous mode
[  426.934018][T20305] veth1_vlan: entered promiscuous mode
[  426.994708][T20305] veth0_macvtap: entered promiscuous mode
[  427.008892][T20782] netlink: 'syz.4.4618': attribute type 4 has an invalid length.
[  427.023445][T20783] team0: Device gtp0 is of different type
[  427.031968][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  427.061228][T20305] veth1_macvtap: entered promiscuous mode
[  427.193716][T20785] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.201775][T20785] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.242257][T20785] bond_slave_0: left promiscuous mode
[  427.249034][T20785] bond_slave_1: left promiscuous mode
[  427.337107][T20799] __nla_validate_parse: 4 callbacks suppressed
[  427.337127][T20799] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4621'.
[  427.475394][T20785] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  427.494805][T20785] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  428.024666][T20788] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4618'.
[  428.067871][T20805] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  428.080372][  T152] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  428.112167][  T152] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  428.131636][T20810] syzkaller0: entered promiscuous mode
[  428.147962][T20810] syzkaller0: entered allmulticast mode
[  428.198215][  T152] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  428.225436][  T152] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  428.286356][T20821] tipc: Resetting bearer <eth:syzkaller0>
[  428.326090][T20801] tipc: Resetting bearer <eth:syzkaller0>
[  428.367843][T20801] tipc: Disabling bearer <eth:syzkaller0>
[  428.504278][T20305] batman_adv: batadv0: Interface activated: batadv_slave_0
[  428.547960][T20305] batman_adv: batadv0: Interface activated: batadv_slave_1
[  428.580801][T20852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4627'.
[  428.599440][   T50] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  428.633452][   T50] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  428.685268][   T50] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  428.718764][   T50] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  428.923357][T20873] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4631'.
[  429.021717][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  429.029745][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  429.129204][T12699] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  429.159313][T12699] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  429.172417][T20885] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  429.364185][T20893] syzkaller0: refused to change device tx_queue_len
[  429.890514][   T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  429.903536][   T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  429.911934][   T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  429.920676][   T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  429.929498][   T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  430.128727][T20914] netlink: 'syz.0.4641': attribute type 11 has an invalid length.
[  430.171980][T20914] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4641'.
[  430.260496][T20915] ieee802154 phy0 wpan0: encryption failed: -22
[  430.285383][T20909] wg1 speed is unknown, defaulting to 1000
[  430.345390][T20909] lo speed is unknown, defaulting to 1000
[  430.553243][T20930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4645'.
[  431.354815][T20966] netlink: 'syz.1.4653': attribute type 4 has an invalid length.
[  431.363176][T20966] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4653'.
[  431.803833][T13250] wg1 speed is unknown, defaulting to 1000
[  431.809852][T13250] syz2: Port: 1 Link DOWN
[  431.929083][T20909] chnl_net:caif_netlink_parms(): no params data found
[  431.967986][T20983] netlink: 'syz.0.4659': attribute type 1 has an invalid length.
[  432.021929][ T5828] Bluetooth: hci5: command tx timeout
[  432.145355][T20996] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4661'.
[  432.197969][T20991] bond18: (slave gretap1): making interface the new active one
[  432.239076][T20991] bond18: (slave gretap1): Enslaving as an active interface with an up link
[  432.421578][T21000] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  432.459001][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  432.495085][T21014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4664'.
[  432.546815][T21014] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4664'.
[  432.566729][T21027] netlink: 'syz.4.4668': attribute type 1 has an invalid length.
[  432.574038][T21018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4664'.
[  432.586604][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  432.602406][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  432.614251][T21028] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4667'.
[  432.624667][T21028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4667'.
[  432.639165][T21027] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  432.684765][T21018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4664'.
[  432.715730][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  432.843757][T20909] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.862220][T20909] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.873616][T20909] bridge_slave_0: entered allmulticast mode
[  432.882015][T20909] bridge_slave_0: entered promiscuous mode
[  432.913587][T20909] bridge0: port 2(bridge_slave_1) entered blocking state
[  432.932687][T20909] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.944205][T20909] bridge_slave_1: entered allmulticast mode
[  432.956566][T20909] bridge_slave_1: entered promiscuous mode
[  433.094781][ T6034] dummy0: left allmulticast mode
[  433.100729][ T6034] dummy0: left promiscuous mode
[  433.111131][ T6034] bridge0: port 3(dummy0) entered disabled state
[  433.144320][T21059] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4677'.
[  433.162141][T21059] netlink: 'syz.0.4677': attribute type 7 has an invalid length.
[  433.170600][T21059] netlink: 'syz.0.4677': attribute type 8 has an invalid length.
[  433.185344][ T6034] bridge_slave_1: left allmulticast mode
[  433.196968][ T6034] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.204647][T21059] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4677'.
[  433.216770][ T6034] bridge_slave_0: left allmulticast mode
[  433.231486][ T6034] bridge_slave_0: left promiscuous mode
[  433.237476][ T6034] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.375160][T21070] netlink: 1 bytes leftover after parsing attributes in process `syz.2.4678'.
[  433.582346][ T6034] bond5 (unregistering): (slave gretap1): Releasing active interface
[  433.609104][ T6034] bond12 (unregistering): (slave gretap0): Releasing active interface
[  433.619825][ T6034] gretap0 (unregistering): left allmulticast mode
[  433.784672][ T6034] bond10 (unregistering): (slave geneve3): Releasing backup interface
[  433.807287][ T6034] bond7 (unregistering): (slave geneve2): Releasing active interface
[  433.972448][ T6034] bond4 (unregistering): (slave bridge2): Releasing active interface
[  434.091743][ T5828] Bluetooth: hci5: command tx timeout
[  434.225165][ T6034] bond0 (unregistering): Released all slaves
[  434.322795][ T6034] bond1 (unregistering): Released all slaves
[  434.336596][ T6034] bond2 (unregistering): Released all slaves
[  434.430315][ T6034] bond3 (unregistering): (slave veth7): Releasing backup interface
[  434.440679][ T6034] bond3 (unregistering): (slave veth9): Releasing backup interface
[  434.449891][ T6034] bond3 (unregistering): Released all slaves
[  434.463747][ T6034] bond4 (unregistering): Released all slaves
[  434.476383][ T6034] bond5 (unregistering): Released all slaves
[  434.578209][ T6034] bond6 (unregistering): Released all slaves
[  434.591766][ T6034] bond7 (unregistering): Released all slaves
[  434.695554][ T6034] bond8 (unregistering): Released all slaves
[  434.708766][ T6034] bond9 (unregistering): Released all slaves
[  434.721998][ T6034] bond10 (unregistering): Released all slaves
[  434.737196][ T6034] bond11 (unregistering): Released all slaves
[  434.752433][ T6034] bond12 (unregistering): Released all slaves
[  434.766466][ T6034] bond13 (unregistering): Released all slaves
[  434.874641][ T6034] bond14 (unregistering): Released all slaves
[  434.887472][ T6034] bond15 (unregistering): Released all slaves
[  434.900532][ T6034] bond16 (unregistering): Released all slaves
[  434.915875][T20909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  434.928590][T20909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  435.170203][T21094] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4687'.
[  435.289137][ T6034] tipc: Disabling bearer <eth:ipvlan1>
[  435.306667][ T6034] tipc: Left network mode
[  435.491109][T20909] team0: Port device team_slave_0 added
[  435.552317][T20909] team0: Port device team_slave_1 added
[  435.750412][T20909] batman_adv: batadv0: Adding interface: batadv_slave_0
[  435.768884][T20909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  435.809360][T20909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  435.906353][T20909] batman_adv: batadv0: Adding interface: batadv_slave_1
[  435.918532][T21139] netlink: 'syz.2.4695': attribute type 4 has an invalid length.
[  435.926472][T20909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  435.955369][T20909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  436.172572][ T5828] Bluetooth: hci5: command tx timeout
[  437.705957][T21141] __nla_validate_parse: 2 callbacks suppressed
[  437.705976][T21141] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4695'.
[  437.725791][T21159] gre0: entered allmulticast mode
[  437.832710][T21173] FAULT_INJECTION: forcing a failure.
[  437.832710][T21173] name failslab, interval 1, probability 0, space 0, times 0
[  437.903205][T21173] CPU: 1 UID: 0 PID: 21173 Comm: syz.1.4701 Not tainted syzkaller #0 PREEMPT(full) 
[  437.903230][T21173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  437.903242][T21173] Call Trace:
[  437.903249][T21173]  <TASK>
[  437.903258][T21173]  dump_stack_lvl+0x189/0x250
[  437.903293][T21173]  ? __pfx____ratelimit+0x10/0x10
[  437.903316][T21173]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.903338][T21173]  ? __pfx__printk+0x10/0x10
[  437.903363][T21173]  ? __pfx___might_resched+0x10/0x10
[  437.903381][T21173]  ? fs_reclaim_acquire+0x7d/0x100
[  437.903403][T21173]  should_fail_ex+0x414/0x560
[  437.903433][T21173]  should_failslab+0xa8/0x100
[  437.903453][T21173]  kmem_cache_alloc_node_noprof+0x77/0x710
[  437.903477][T21173]  ? __alloc_skb+0x112/0x2d0
[  437.903492][T21173]  ? netlink_autobind+0xdb/0x300
[  437.903515][T21173]  __alloc_skb+0x112/0x2d0
[  437.903536][T21173]  netlink_sendmsg+0x5c6/0xb30
[  437.903571][T21173]  ? __pfx_netlink_sendmsg+0x10/0x10
[  437.903592][T21173]  ? aa_sock_msg_perm+0xf1/0x1d0
[  437.903619][T21173]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  437.903636][T21173]  ? __pfx_netlink_sendmsg+0x10/0x10
[  437.903655][T21173]  __sock_sendmsg+0x21c/0x270
[  437.903680][T21173]  ____sys_sendmsg+0x505/0x830
[  437.903705][T21173]  ? __pfx_____sys_sendmsg+0x10/0x10
[  437.903733][T21173]  ? import_iovec+0x74/0xa0
[  437.903758][T21173]  ___sys_sendmsg+0x21f/0x2a0
[  437.903780][T21173]  ? __pfx____sys_sendmsg+0x10/0x10
[  437.903835][T21173]  ? __fget_files+0x2a/0x420
[  437.903852][T21173]  ? __fget_files+0x3a0/0x420
[  437.903878][T21173]  __x64_sys_sendmsg+0x19b/0x260
[  437.903898][T21173]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  437.903923][T21173]  ? __pfx_ksys_write+0x10/0x10
[  437.903949][T21173]  ? do_syscall_64+0xbe/0xfa0
[  437.903975][T21173]  do_syscall_64+0xfa/0xfa0
[  437.903996][T21173]  ? lockdep_hardirqs_on+0x9c/0x150
[  437.904018][T21173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.904036][T21173]  ? clear_bhb_loop+0x60/0xb0
[  437.904056][T21173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.904071][T21173] RIP: 0033:0x7faebf78f749
[  437.904088][T21173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.904102][T21173] RSP: 002b:00007faec0571038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  437.904121][T21173] RAX: ffffffffffffffda RBX: 00007faebf9e5fa0 RCX: 00007faebf78f749
[  437.904134][T21173] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  437.904146][T21173] RBP: 00007faec0571090 R08: 0000000000000000 R09: 0000000000000000
[  437.904158][T21173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.904169][T21173] R13: 00007faebf9e6038 R14: 00007faebf9e5fa0 R15: 00007fffaf244c78
[  437.904199][T21173]  </TASK>
[  438.251589][ T5828] Bluetooth: hci5: command tx timeout
[  438.345952][T20909] hsr_slave_0: entered promiscuous mode
[  438.370874][T20909] hsr_slave_1: entered promiscuous mode
[  438.377847][T20909] debugfs: 'hsr0' already exists in 'hsr'
[  438.386906][T20909] Cannot create hsr debugfs directory
[  438.455484][T21197] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4709'.
[  438.490225][T21196] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4709'.
[  438.598569][T21202] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3
[  438.628105][T21202] gretap3: default qdisc (pfifo_fast) fail, fallback to noqueue
[  438.654126][T21202] gretap3: entered promiscuous mode
[  438.660577][T21202] gretap3: entered allmulticast mode
[  438.771594][T21210] netlink: 'syz.1.4712': attribute type 1 has an invalid length.
[  438.821021][T21210] 8021q: adding VLAN 0 to HW filter on device bond13
[  438.851810][ T6034] hsr_slave_0: left promiscuous mode
[  438.858364][ T6034] hsr_slave_1: left promiscuous mode
[  438.865356][ T6034] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.873942][ T6034] batman_adv: batadv0: Removing interface: batadv_slave_1
[  439.076929][T21183] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  440.092185][T21252] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4720'.
[  440.336042][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  440.685862][T21268] syzkaller0: entered promiscuous mode
[  440.692167][T21268] syzkaller0: entered allmulticast mode
[  440.706308][ T6034] IPVS: stop unused estimator thread 0...
[  440.716749][T21287] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[  442.948292][T20909] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  442.977976][T20909] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  443.050269][T20909] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  443.060491][T21359] x_tables: duplicate underflow at hook 2
[  443.078589][T20909] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  443.144236][T21362] syzkaller0: entered promiscuous mode
[  443.149771][T21362] syzkaller0: entered allmulticast mode
[  443.174225][T21362] Bluetooth: MGMT ver 1.23
[  443.207173][T21372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4743'.
[  443.358765][T20909] 8021q: adding VLAN 0 to HW filter on device bond0
[  443.397438][T21382] x_tables: duplicate underflow at hook 3
[  443.418151][T21386] netlink: 256 bytes leftover after parsing attributes in process `syz.1.4747'.
[  443.444250][T20909] 8021q: adding VLAN 0 to HW filter on device team0
[  443.463492][T21388] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4749'.
[  443.478762][  T134] bridge0: port 1(bridge_slave_0) entered blocking state
[  443.485957][  T134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  443.497933][T21388] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4749'.
[  443.517915][ T6034] bridge0: port 2(bridge_slave_1) entered blocking state
[  443.525279][ T6034] bridge0: port 2(bridge_slave_1) entered forwarding state
[  443.565447][T21394] netlink: 'syz.0.4750': attribute type 10 has an invalid length.
[  443.599933][T21394] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  444.056224][T21432] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4761'.
[  444.130914][T20909] 8021q: adding VLAN 0 to HW filter on device batadv0
[  444.267257][T20909] veth0_vlan: entered promiscuous mode
[  444.290795][T20909] veth1_vlan: entered promiscuous mode
[  444.391840][T20909] veth0_macvtap: entered promiscuous mode
[  444.470711][T20909] veth1_macvtap: entered promiscuous mode
[  444.534948][T20909] batman_adv: batadv0: Interface activated: batadv_slave_0
[  444.558018][T20909] batman_adv: batadv0: Interface activated: batadv_slave_1
[  444.578000][   T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  444.597751][   T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  444.637534][   T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  444.643025][T21458] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4769'.
[  444.651764][   T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  444.843640][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  444.843749][T21462] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  444.859657][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  444.901427][T21462] syzkaller0: entered promiscuous mode
[  444.907155][T21462] syzkaller0: entered allmulticast mode
[  444.967626][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  444.977521][T21473] netlink: 'syz.2.4776': attribute type 1 has an invalid length.
[  444.997623][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  445.008828][T21462] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  445.042944][T21476] netlink: 'syz.2.4776': attribute type 6 has an invalid length.
[  445.083403][T21473] 8021q: adding VLAN 0 to HW filter on device bond1
[  445.111007][T21473] bond1: (slave geneve2): making interface the new active one
[  445.120397][T21473] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  445.172774][T21462] tipc: Resetting bearer <eth:syzkaller0>
[  445.223652][T21459] tipc: Resetting bearer <eth:syzkaller0>
[  445.311981][T21459] tipc: Disabling bearer <eth:syzkaller0>
[  445.430493][T21500] netlink: 'syz.3.4785': attribute type 2 has an invalid length.
[  445.457833][T21500] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4785'.
[  445.644471][T21509] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4788'.
[  445.758120][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4789'.
[  445.798511][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4789'.
[  445.841929][T21511] netlink: 'syz.0.4789': attribute type 3 has an invalid length.
[  446.118636][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  446.137265][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  446.147205][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  446.159095][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  446.170125][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  446.247035][T21527] netlink: 'syz.3.4794': attribute type 2 has an invalid length.
[  446.286138][T21539] netlink: 'syz.0.4797': attribute type 4 has an invalid length.
[  446.303940][T21527] �9: entered promiscuous mode
[  446.310922][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.317461][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.329873][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.354125][T21541] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  446.460234][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.509799][  T134] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[  446.519265][  T134] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[  446.528473][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.569808][T21548] veth3: entered allmulticast mode
[  446.576444][  T134] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[  446.586266][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.594469][T21529] lo speed is unknown, defaulting to 1000
[  446.600481][  T134] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[  446.666407][   T50] bond0: (slave netdevsim0): Releasing backup interface
[  446.699147][T21541] xfrm0 speed is unknown, defaulting to 1000
[  446.720355][T21529] xfrm0 speed is unknown, defaulting to 1000
[  446.749322][T21541] xfrm0 speed is unknown, defaulting to 1000
[  448.255305][ T5828] Bluetooth: hci0: command tx timeout
[  448.541022][   T50] bond11 (unregistering): (slave ip6gretap1): Releasing active interface
[  448.654899][   T50] erspan0 (unregistering): left promiscuous mode
[  448.695729][   T50] bond12 (unregistering): (slave gretap2): Releasing active interface
[  449.134662][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  449.146381][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  449.155942][   T50] bond0 (unregistering): Released all slaves
[  449.169794][   T50] bond1 (unregistering): Released all slaves
[  449.183189][   T50] bond2 (unregistering): (slave bond3): Releasing backup interface
[  449.193971][   T50] bond2 (unregistering): Released all slaves
[  449.289357][   T50] bond3 (unregistering): Released all slaves
[  449.380927][   T50] bond4 (unregistering): (slave veth5): Releasing active interface
[  449.390105][   T50] bond4 (unregistering): (slave veth7): Releasing active interface
[  449.399040][   T50] bond4 (unregistering): Released all slaves
[  449.487746][   T50] bond5 (unregistering): Released all slaves
[  449.576613][   T50] bond6 (unregistering): Released all slaves
[  449.588995][   T50] bond7 (unregistering): Released all slaves
[  449.601769][   T50] bond8 (unregistering): Released all slaves
[  449.615509][   T50] bond9 (unregistering): Released all slaves
[  449.634349][   T50] bond10 (unregistering): Released all slaves
[  449.736460][   T50] bond11 (unregistering): Released all slaves
[  449.749105][   T50] bond12 (unregistering): Released all slaves
[  449.838914][   T50] bond13 (unregistering): Released all slaves
[  450.210636][   T50] tipc: Left network mode
[  450.262975][   T50] IPVS: stopping backup sync thread 21287 ...
[  450.346834][ T5828] Bluetooth: hci0: command tx timeout
[  450.498642][T21529] chnl_net:caif_netlink_parms(): no params data found
[  450.628280][T21660] __nla_validate_parse: 2 callbacks suppressed
[  450.628299][T21660] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4823'.
[  451.144187][T21529] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.168372][T21690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4830'.
[  451.178484][T21529] bridge0: port 1(bridge_slave_0) entered disabled state
[  451.192900][T21529] bridge_slave_0: entered allmulticast mode
[  451.209899][T21690] netlink: 'syz.3.4830': attribute type 1 has an invalid length.
[  451.221434][T21529] bridge_slave_0: entered promiscuous mode
[  451.244692][T21529] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.253848][T21529] bridge0: port 2(bridge_slave_1) entered disabled state
[  451.261911][T21529] bridge_slave_1: entered allmulticast mode
[  451.279604][T21529] bridge_slave_1: entered promiscuous mode
[  451.316894][T21698] netlink: 'syz.0.4831': attribute type 4 has an invalid length.
[  451.327894][T21698] netlink: 152 bytes leftover after parsing attributes in process `syz.0.4831'.
[  451.435177][T21705] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4831'.
[  451.600134][T21710] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  452.093342][   T50] team0 (unregistering): Port device team_slave_1 removed
[  452.127891][   T50] team0 (unregistering): Port device team_slave_0 removed
[  452.414601][ T5828] Bluetooth: hci0: command tx timeout
[  452.514099][T21698] `: renamed from bond0
[  452.534942][T21701] veth3: entered promiscuous mode
[  452.547786][T13250] lo speed is unknown, defaulting to 1000
[  452.564169][T13250] infiniband syz1: ib_query_port failed (-19)
[  452.570596][T21529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  452.591595][T21529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  452.730220][T21730] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  452.765508][T21730] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  452.826579][T21730] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  452.839214][T21726] tipc: Started in network mode
[  452.845641][T21726] tipc: Node identity aac088d08b88, cluster identity 4711
[  452.864502][T21726] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  452.887007][T21529] team0: Port device team_slave_0 added
[  452.903262][T21731] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  452.916465][T21529] team0: Port device team_slave_1 added
[  452.932340][T21731] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  452.937955][T21735] syzkaller0: entered promiscuous mode
[  452.950919][T21731] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  452.988840][T21735] syzkaller0: entered allmulticast mode
[  453.098797][T21726] tipc: Resetting bearer <eth:syzkaller0>
[  453.211148][T21529] batman_adv: batadv0: Adding interface: batadv_slave_0
[  453.228166][T21529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  453.294824][T21529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  453.322728][T21529] batman_adv: batadv0: Adding interface: batadv_slave_1
[  453.339995][T21529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  453.400157][T21529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  453.414507][T21725] tipc: Resetting bearer <eth:syzkaller0>
[  453.458491][T21725] tipc: Disabling bearer <eth:syzkaller0>
[  453.552691][   T50] IPVS: stop unused estimator thread 0...
[  453.683070][T21790] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4851'.
[  453.717241][T21790] block nbd0: Unsupported socket: should be TCP or UNIX.
[  453.764066][T21790] netlink: 'syz.2.4851': attribute type 4 has an invalid length.
[  453.782915][T21529] hsr_slave_0: entered promiscuous mode
[  453.790637][T21529] hsr_slave_1: entered promiscuous mode
[  453.797496][T21529] debugfs: 'hsr0' already exists in 'hsr'
[  453.805353][T21529] Cannot create hsr debugfs directory
[  453.959169][T21804] Bluetooth: MGMT ver 1.23
[  453.989092][T21806] syzkaller0: entered promiscuous mode
[  453.996404][T21806] syzkaller0: entered allmulticast mode
[  454.007365][T21804] veth0: entered promiscuous mode
[  454.075779][T21811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4854'.
[  454.503150][ T5828] Bluetooth: hci0: command tx timeout
[  454.765982][T21837] policy can only be matched on NF_INET_PRE_ROUTING
[  454.766006][T21837] unable to load match
[  454.798312][T21841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4864'.
[  454.865010][T21851] No such timeout policy "syz0"
[  454.882234][T21837] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4864'.
[  455.078890][T21864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4874'.
[  455.149048][T21864] geneve3: entered promiscuous mode
[  455.254971][T21874] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4875'.
[  455.584939][T21891] netlink: 'syz.3.4879': attribute type 4 has an invalid length.
[  455.640500][T21895] netlink: 'syz.3.4879': attribute type 4 has an invalid length.
[  455.813545][T21888] __nla_validate_parse: 3 callbacks suppressed
[  455.813565][T21888] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4880'.
[  455.945171][T21898] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4879'.
[  456.176521][T21529] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  456.275584][T21529] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  456.317755][T21529] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  456.393450][T21529] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  456.737292][T21946] !
: renamed from dummy0
[  456.990663][T21529] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.020065][T21958] netlink: 'syz.2.4895': attribute type 4 has an invalid length.
[  457.065818][T21958] netlink: 'syz.2.4895': attribute type 4 has an invalid length.
[  457.090601][T21529] 8021q: adding VLAN 0 to HW filter on device team0
[  457.138026][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.145325][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  457.203398][T21958] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4895'.
[  457.228643][  T134] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.236141][  T134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  457.611454][    C0] af_packet: tpacket_rcv: packet too big, clamped from 56 to 4294967272. macoff=96
[  457.845472][T22000] netlink: 'syz.2.4904': attribute type 1 has an invalid length.
[  457.850052][T21529] 8021q: adding VLAN 0 to HW filter on device batadv0
[  457.959062][T22002] bond2: (slave geneve3): making interface the new active one
[  457.967399][T22002] bond2: (slave geneve3): Enslaving as an active interface with an up link
[  457.979201][   T12] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  458.007970][   T12] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  458.029865][   T12] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  458.050854][   T12] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  458.175116][T21529] veth0_vlan: entered promiscuous mode
[  458.225344][T21529] veth1_vlan: entered promiscuous mode
[  458.406436][T21529] veth0_macvtap: entered promiscuous mode
[  458.454078][T21529] veth1_macvtap: entered promiscuous mode
[  458.647401][T21529] batman_adv: batadv0: Interface activated: batadv_slave_0
[  458.729380][T21529] batman_adv: batadv0: Interface activated: batadv_slave_1
[  458.777736][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  458.797546][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  458.824937][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  458.842009][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  459.008528][T22041] bond3: option resend_igmp: invalid value (32767)
[  459.017826][T22041] bond3: option resend_igmp: allowed values 0 - 255
[  459.033337][T22041] bond3 (unregistering): Released all slaves
[  459.113282][T22050] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4916'.
[  459.155050][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.189613][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.296205][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.332857][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.738082][T22093] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4927'.
[  459.800447][T22090] x_tables: unsorted underflow at hook 2
[  459.988785][T22102] FAULT_INJECTION: forcing a failure.
[  459.988785][T22102] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  460.030529][T22102] CPU: 0 UID: 0 PID: 22102 Comm: syz.3.4930 Not tainted syzkaller #0 PREEMPT(full) 
[  460.030556][T22102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  460.030567][T22102] Call Trace:
[  460.030575][T22102]  <TASK>
[  460.030584][T22102]  dump_stack_lvl+0x189/0x250
[  460.030612][T22102]  ? __pfx____ratelimit+0x10/0x10
[  460.030636][T22102]  ? __pfx_dump_stack_lvl+0x10/0x10
[  460.030658][T22102]  ? __pfx__printk+0x10/0x10
[  460.030676][T22102]  ? __might_fault+0xb0/0x130
[  460.030710][T22102]  should_fail_ex+0x414/0x560
[  460.030739][T22102]  _copy_from_user+0x2d/0xb0
[  460.030763][T22102]  ___sys_sendmsg+0x158/0x2a0
[  460.030786][T22102]  ? __pfx____sys_sendmsg+0x10/0x10
[  460.030840][T22102]  ? __fget_files+0x2a/0x420
[  460.030857][T22102]  ? __fget_files+0x3a0/0x420
[  460.030883][T22102]  __x64_sys_sendmsg+0x19b/0x260
[  460.030906][T22102]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  460.030935][T22102]  ? __pfx_ksys_write+0x10/0x10
[  460.030962][T22102]  ? do_syscall_64+0xbe/0xfa0
[  460.031012][T22102]  do_syscall_64+0xfa/0xfa0
[  460.031033][T22102]  ? lockdep_hardirqs_on+0x9c/0x150
[  460.031056][T22102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.031074][T22102]  ? clear_bhb_loop+0x60/0xb0
[  460.031095][T22102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.031112][T22102] RIP: 0033:0x7fba0ef8f749
[  460.031128][T22102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  460.031144][T22102] RSP: 002b:00007fba0fdfd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  460.031170][T22102] RAX: ffffffffffffffda RBX: 00007fba0f1e5fa0 RCX: 00007fba0ef8f749
[  460.031183][T22102] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  460.031195][T22102] RBP: 00007fba0fdfd090 R08: 0000000000000000 R09: 0000000000000000
[  460.031210][T22102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.031220][T22102] R13: 00007fba0f1e6038 R14: 00007fba0f1e5fa0 R15: 00007ffe3136f088
[  460.031247][T22102]  </TASK>
[  460.365639][T22109] x_tables: duplicate underflow at hook 1
[  460.410058][T22107] netlink: 112 bytes leftover after parsing attributes in process `syz.1.4933'.
[  460.449451][T22109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4932'.
[  460.562024][T22119] Set syz1 is full, maxelem 14 reached
[  460.568856][   T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  460.579146][   T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  460.587453][   T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  460.596531][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  460.604436][   T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  460.648422][T22121] xfrm0 speed is unknown, defaulting to 1000
[  461.039485][T22139] Set syz1 is full, maxelem 14 reached
[  461.125813][T22147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4943'.
[  461.138175][T22148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4943'.
[  461.229979][T22121] chnl_net:caif_netlink_parms(): no params data found
[  461.316259][T22153] netlink: 'syz.1.4944': attribute type 8 has an invalid length.
[  461.700087][T22184] netlink: zone id is out of range
[  461.707140][T22121] bridge0: port 1(bridge_slave_0) entered blocking state
[  461.708211][T22184] netlink: del zone limit has 4 unknown bytes
[  461.751504][T22121] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.787332][T22121] bridge_slave_0: entered allmulticast mode
[  461.808615][T22121] bridge_slave_0: entered promiscuous mode
[  461.829070][T22121] bridge0: port 2(bridge_slave_1) entered blocking state
[  461.846891][T22121] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.857812][T22121] bridge_slave_1: entered allmulticast mode
[  461.871472][T22121] bridge_slave_1: entered promiscuous mode
[  461.963524][T22121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  461.985926][T22121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  462.082776][T22199] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4956'.
[  462.084304][T22121] team0: Port device team_slave_0 added
[  462.115776][T22121] team0: Port device team_slave_1 added
[  462.216814][T22121] batman_adv: batadv0: Adding interface: batadv_slave_0
[  462.241458][T22121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  462.299642][T22121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  462.359021][T22121] batman_adv: batadv0: Adding interface: batadv_slave_1
[  462.375953][T22121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  462.411326][T22121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  462.541689][T22121] hsr_slave_0: entered promiscuous mode
[  462.558623][T22121] hsr_slave_1: entered promiscuous mode
[  462.568264][T22121] debugfs: 'hsr0' already exists in 'hsr'
[  462.577858][T22121] Cannot create hsr debugfs directory
[  462.586203][T22216] �
: renamed from veth1_vlan (while UP)
[  462.653402][   T52] Bluetooth: hci1: command tx timeout
[  462.776829][T22220] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4963'.
[  462.866033][T22225] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  462.993499][T22225] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  463.027008][T22238] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4969'.
[  463.036980][T22239] netlink: 'syz.1.4970': attribute type 30 has an invalid length.
[  463.066749][T22238] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4969'.
[  463.068918][T22244] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4970'.
[  463.139252][T22225] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  463.269786][T22225] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  463.401155][T22255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4976'.
[  463.473452][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  463.493456][T22259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4977'.
[  463.504568][   T36] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  463.539476][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  463.599666][   T50] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  463.728046][T22270] FAULT_INJECTION: forcing a failure.
[  463.728046][T22270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  463.743924][T22270] CPU: 0 UID: 0 PID: 22270 Comm: syz.3.4983 Not tainted syzkaller #0 PREEMPT(full) 
[  463.743950][T22270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  463.743961][T22270] Call Trace:
[  463.743970][T22270]  <TASK>
[  463.743978][T22270]  dump_stack_lvl+0x189/0x250
[  463.744005][T22270]  ? __pfx____ratelimit+0x10/0x10
[  463.744028][T22270]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.744049][T22270]  ? __pfx__printk+0x10/0x10
[  463.744068][T22270]  ? __might_fault+0xb0/0x130
[  463.744102][T22270]  should_fail_ex+0x414/0x560
[  463.744131][T22270]  _copy_from_user+0x2d/0xb0
[  463.744153][T22270]  ___sys_sendmsg+0x158/0x2a0
[  463.744174][T22270]  ? __pfx____sys_sendmsg+0x10/0x10
[  463.744228][T22270]  ? __fget_files+0x2a/0x420
[  463.744243][T22270]  ? __fget_files+0x3a0/0x420
[  463.744268][T22270]  __x64_sys_sendmsg+0x19b/0x260
[  463.744290][T22270]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  463.744318][T22270]  ? __pfx_ksys_write+0x10/0x10
[  463.744345][T22270]  ? do_syscall_64+0xbe/0xfa0
[  463.744371][T22270]  do_syscall_64+0xfa/0xfa0
[  463.744393][T22270]  ? lockdep_hardirqs_on+0x9c/0x150
[  463.744415][T22270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.744432][T22270]  ? clear_bhb_loop+0x60/0xb0
[  463.744453][T22270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.744470][T22270] RIP: 0033:0x7fba0ef8f749
[  463.744485][T22270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.744500][T22270] RSP: 002b:00007fba0fdfd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  463.744520][T22270] RAX: ffffffffffffffda RBX: 00007fba0f1e5fa0 RCX: 00007fba0ef8f749
[  463.744532][T22270] RDX: 0000000000000080 RSI: 0000200000000440 RDI: 0000000000000003
[  463.744544][T22270] RBP: 00007fba0fdfd090 R08: 0000000000000000 R09: 0000000000000000
[  463.744555][T22270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.744565][T22270] R13: 00007fba0f1e6038 R14: 00007fba0f1e5fa0 R15: 00007ffe3136f088
[  463.744596][T22270]  </TASK>
[  463.773976][T22121] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  463.986847][T22271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4981'.
[  464.019586][T22121] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  464.037207][T22121] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  464.088163][T22279] team0: Device gtp2 is of different type
[  464.145331][T22121] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  464.156954][   T43] IPVS: starting estimator thread 0...
[  464.370229][T22286] IPVS: using max 31 ests per chain, 74400 per kthread
[  464.406340][T22121] 8021q: adding VLAN 0 to HW filter on device bond0
[  464.442722][T22121] 8021q: adding VLAN 0 to HW filter on device team0
[  464.488970][  T134] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.496182][  T134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.572900][  T134] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.580298][  T134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.704941][T22121] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  464.715582][T22121] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  464.736808][   T52] Bluetooth: hci1: command tx timeout
[  464.753162][T22308] netlink: 'syz.1.4992': attribute type 4 has an invalid length.
[  465.076565][T22338] syzkaller0: entered promiscuous mode
[  465.082654][T22338] syzkaller0: entered allmulticast mode
[  465.271146][T22121] 8021q: adding VLAN 0 to HW filter on device batadv0
[  465.348609][T22121] veth0_vlan: entered promiscuous mode
[  465.362531][T22121] veth1_vlan: entered promiscuous mode
[  465.463229][T22121] veth0_macvtap: entered promiscuous mode
[  465.471815][T22362] netlink: 'syz.4.5004': attribute type 2 has an invalid length.
[  465.500175][T22362] netlink: 'syz.4.5004': attribute type 2 has an invalid length.
[  465.504157][T22121] veth1_macvtap: entered promiscuous mode
[  465.517812][T22362] netlink: 'syz.4.5004': attribute type 2 has an invalid length.
[  465.544958][T22121] batman_adv: batadv0: Interface activated: batadv_slave_0
[  465.576875][T22121] batman_adv: batadv0: Interface activated: batadv_slave_1
[  465.625575][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  465.650957][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  465.676197][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  465.693208][ T1110] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  465.875575][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  465.900612][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  465.951025][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  465.966339][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.109737][T22389] netlink: 'syz.0.4928': attribute type 4 has an invalid length.
[  466.144270][T22389] netlink: 'syz.0.4928': attribute type 4 has an invalid length.
[  466.162225][T22396] __nla_validate_parse: 5 callbacks suppressed
[  466.162243][T22396] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5017'.
[  466.172598][T22389] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4928'.
[  466.333166][T22402] netlink: 'syz.0.5019': attribute type 58 has an invalid length.
[  466.341783][T22402] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5019'.
[  466.378166][T22405] FAULT_INJECTION: forcing a failure.
[  466.378166][T22405] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  466.408670][T22405] CPU: 1 UID: 0 PID: 22405 Comm: syz.1.5021 Not tainted syzkaller #0 PREEMPT(full) 
[  466.408696][T22405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  466.408707][T22405] Call Trace:
[  466.408716][T22405]  <TASK>
[  466.408724][T22405]  dump_stack_lvl+0x189/0x250
[  466.408752][T22405]  ? __pfx____ratelimit+0x10/0x10
[  466.408775][T22405]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.408797][T22405]  ? __pfx__printk+0x10/0x10
[  466.408815][T22405]  ? __might_fault+0xb0/0x130
[  466.408848][T22405]  should_fail_ex+0x414/0x560
[  466.408877][T22405]  _copy_from_iter+0x1de/0x1790
[  466.408904][T22405]  ? rcu_is_watching+0x15/0xb0
[  466.408926][T22405]  ? kmalloc_reserve+0xbd/0x290
[  466.408943][T22405]  ? __pfx__copy_from_iter+0x10/0x10
[  466.408964][T22405]  ? __build_skb_around+0x262/0x3f0
[  466.408991][T22405]  ? netlink_sendmsg+0x642/0xb30
[  466.409006][T22405]  ? skb_put+0x11b/0x210
[  466.409027][T22405]  netlink_sendmsg+0x6b2/0xb30
[  466.409051][T22405]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.409068][T22405]  ? aa_sock_msg_perm+0xf1/0x1d0
[  466.409093][T22405]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  466.409110][T22405]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.409126][T22405]  __sock_sendmsg+0x21c/0x270
[  466.409149][T22405]  ____sys_sendmsg+0x505/0x830
[  466.409174][T22405]  ? __pfx_____sys_sendmsg+0x10/0x10
[  466.409201][T22405]  ? import_iovec+0x74/0xa0
[  466.409226][T22405]  ___sys_sendmsg+0x21f/0x2a0
[  466.409247][T22405]  ? __pfx____sys_sendmsg+0x10/0x10
[  466.409301][T22405]  ? __fget_files+0x2a/0x420
[  466.409317][T22405]  ? __fget_files+0x3a0/0x420
[  466.409344][T22405]  __x64_sys_sendmsg+0x19b/0x260
[  466.409365][T22405]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  466.409394][T22405]  ? __pfx_ksys_write+0x10/0x10
[  466.409421][T22405]  ? do_syscall_64+0xbe/0xfa0
[  466.409447][T22405]  do_syscall_64+0xfa/0xfa0
[  466.409468][T22405]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.409490][T22405]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.409508][T22405]  ? clear_bhb_loop+0x60/0xb0
[  466.409529][T22405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.409545][T22405] RIP: 0033:0x7f365838f749
[  466.409562][T22405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.409585][T22405] RSP: 002b:00007f3659147038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  466.409604][T22405] RAX: ffffffffffffffda RBX: 00007f36585e5fa0 RCX: 00007f365838f749
[  466.409618][T22405] RDX: 0000000000000080 RSI: 0000200000000440 RDI: 0000000000000003
[  466.409629][T22405] RBP: 00007f3659147090 R08: 0000000000000000 R09: 0000000000000000
[  466.409638][T22405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.409648][T22405] R13: 00007f36585e6038 R14: 00007f36585e5fa0 R15: 00007fff1c5c8ba8
[  466.409675][T22405]  </TASK>
[  466.701637][T22407] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5022'.
[  466.745251][T22409] ip6t_srh: unknown srh invflags 4000
[  466.820411][   T52] Bluetooth: hci1: command tx timeout
[  466.828989][T13250] IPVS: starting estimator thread 0...
[  466.921622][T22413] IPVS: using max 29 ests per chain, 69600 per kthread
[  466.957576][T22415] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5024'.
[  466.967411][T22416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5026'.
[  466.983844][T22416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5026'.
[  466.996298][T22416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5026'.
[  467.005524][T22416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5026'.
[  467.026230][T22419] netlink: 'syz.1.5025': attribute type 1 has an invalid length.
[  467.256120][T22436] netlink: 'syz.4.5033': attribute type 1 has an invalid length.
[  467.336370][T22442] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5036'.
[  467.414976][T22446] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  467.429819][ T1110] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  467.442041][ T1110] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  467.452292][ T1110] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  467.471608][ T1110] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  467.711070][T22462] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  467.728271][   T36] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  467.751588][   T36] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  467.769085][   T36] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  467.781110][   T36] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  467.895338][T22486] xt_hashlimit: size too large, truncated to 1048576
[  467.958292][T22491] sctp: [Deprecated]: syz.1.5048 (pid 22491) Use of struct sctp_assoc_value in delayed_ack socket option.
[  467.958292][T22491] Use struct sctp_sack_info instead
[  468.014613][T22495] sctp: [Deprecated]: syz.0.5051 (pid 22495) Use of struct sctp_assoc_value in delayed_ack socket option.
[  468.014613][T22495] Use struct sctp_sack_info instead
[  468.112723][T22493] hsr_slave_0 (unregistering): left promiscuous mode
[  468.311018][T22510] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  468.380296][T22518] netlink: 'syz.2.5055': attribute type 1 has an invalid length.
[  468.528329][T22526] netlink: 'syz.0.5059': attribute type 1 has an invalid length.
[  468.892165][   T52] Bluetooth: hci1: command tx timeout
[  469.118091][T13251] IPVS: starting estimator thread 0...
[  469.174244][T22570] IPVS: sh: FWM 3 0x00000003 - no destination available
[  469.191178][T22570] netlink: 'syz.0.5071': attribute type 1 has an invalid length.
[  469.221357][T22571] IPVS: using max 35 ests per chain, 84000 per kthread
[  469.469224][T22598] xfrm0 speed is unknown, defaulting to 1000
[  470.151615][T22649] netlink: 'syz.0.5095': attribute type 1 has an invalid length.
[  470.199336][T22652] xt_l2tp: unknown flags: 10
[  470.288841][T22657] IPVS: set_ctl: invalid protocol: 29 224.0.0.2:20000
[  470.292501][T22658] xt_hashlimit: overflow, rate too high: 0
[  470.384485][T22662] team0: Device gtp0 is of different type
[  470.567354][T22671] bridge0: port 3(ipvlan2) entered blocking state
[  470.574677][T22671] bridge0: port 3(ipvlan2) entered disabled state
[  470.582412][T22671] ipvlan2: entered allmulticast mode
[  470.587903][T22671] bridge0: entered allmulticast mode
[  470.603007][T22671] ipvlan2: left allmulticast mode
[  470.608064][T22671] bridge0: left allmulticast mode
[  470.717319][T22683] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.724814][T22683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  470.759988][T22679] xt_CT: No such helper "snmp_trap"
[  470.996489][T22697] syzkaller1: entered promiscuous mode
[  471.027385][T22697] syzkaller1: entered allmulticast mode
[  471.048601][T22702] team0: Device gtp0 is of different type
[  471.321526][T22713] tipc: Started in network mode
[  471.326533][T22713] tipc: Node identity ac1414aa, cluster identity 4711
[  471.337358][T22713] tipc: Enabled bearer <udp:s>, priority 10
[  471.361173][T22719] __nla_validate_parse: 20 callbacks suppressed
[  471.382069][T22719] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5120'.
[  471.504442][T22732] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5124'.
[  471.514042][T22732] netlink: 80 bytes leftover after parsing attributes in process `syz.1.5124'.
[  471.523882][T22732] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5124'.
[  471.561670][T22732] netlink: 'syz.1.5124': attribute type 4 has an invalid length.
[  471.576462][T22732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5124'.
[  471.604970][T22740] ipt_ECN: cannot use operation on non-tcp rule
[  471.684194][T22745] team0: Device gtp2 is of different type
[  471.749387][T22752] netlink: 'syz.1.5131': attribute type 2 has an invalid length.
[  471.773598][T22752] netlink: 'syz.1.5131': attribute type 8 has an invalid length.
[  471.781706][T22752] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5131'.
[  471.801839][T22743] sch_fq: defrate 128 ignored.
[  471.822172][T22757] netlink: 'syz.4.5134': attribute type 13 has an invalid length.
[  471.978220][T22768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5136'.
[  472.014633][T22772] nbd: must specify a device to reconfigure
[  472.112818][T22779] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  472.138702][T22779] syzkaller0: entered promiscuous mode
[  472.168594][T22779] syzkaller0: entered allmulticast mode
[  472.223726][T22783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5142'.
[  472.311474][T22783] macvtap1: entered promiscuous mode
[  472.316900][T22783] vlan0: entered promiscuous mode
[  472.323213][T22783] macvtap1: entered allmulticast mode
[  472.328894][T22783] vlan0: entered allmulticast mode
[  472.338718][T22783] veth0_vlan: entered allmulticast mode
[  472.369106][T22779] tipc: Resetting bearer <eth:syzkaller0>
[  472.403902][T22778] tipc: Resetting bearer <eth:syzkaller0>
[  472.451908][T22778] tipc: Disabling bearer <eth:syzkaller0>
[  472.498665][T13251] tipc: Node number set to 2886997162
[  472.763247][   T50] nci: nci_rx_work: unknown MT 0x7
[  472.882339][T22813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5151'.
[  472.898367][T22813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5151'.
[  473.101099][T22824] syzkaller0: entered promiscuous mode
[  473.107015][T22824] syzkaller0: entered allmulticast mode
[  473.727856][T22844] bridge_slave_1: left allmulticast mode
[  473.738568][T22844] bridge_slave_1: left promiscuous mode
[  473.745590][T22844] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.771933][T22844] bridge_slave_0: left allmulticast mode
[  473.790078][T22844] bridge_slave_0: left promiscuous mode
[  473.805991][T22844] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.030183][ T1110] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  474.049254][ T1110] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  474.077832][ T1110] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  474.097282][ T1110] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  474.538621][T22896] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20002
[  474.561758][T22895] netlink: 'syz.4.5176': attribute type 7 has an invalid length.
[  474.577192][T22895] netlink: 'syz.4.5176': attribute type 8 has an invalid length.
[  474.923151][T22915] netlink: 'syz.2.5182': attribute type 30 has an invalid length.
[  475.272929][T22940] team0: Device gtp0 is of different type
[  475.415110][T22941] xt_TPROXY: Can be used only with -p tcp or -p udp
[  475.624199][T22962] netlink: 'syz.4.5203': attribute type 30 has an invalid length.
[  475.747964][   T50] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x82
[  475.836766][T22979] bond3: option resend_igmp: invalid value (32767)
[  475.845488][T22979] bond3: option resend_igmp: allowed values 0 - 255
[  475.856279][T22979] bond3 (unregistering): Released all slaves
[  476.466845][T22994] __nla_validate_parse: 9 callbacks suppressed
[  476.466857][T22994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5211'.
[  476.554198][T22994] wireguard: wg1: Could not create IPv4 socket
[  476.563556][T22994] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5211'.
[  476.617666][T22994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5211'.
[  476.880561][T23011] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5216'.
[  477.094788][T23028] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5221'.
[  477.099348][T23032] netlink: 'syz.2.5223': attribute type 30 has an invalid length.
[  477.108104][T23028] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5221'.
[  477.123357][T23030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5224'.
[  477.204573][T23032] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5223'.
[  477.260285][T23038] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  477.278907][T23040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5228'.
[  477.309764][T23038] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  477.318365][T23038] gretap1: entered promiscuous mode
[  477.324824][T23038] gretap1: entered allmulticast mode
[  477.383955][T23038] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5226'.
[  477.576001][T23059] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  477.604784][T23059] syzkaller0: entered promiscuous mode
[  477.620905][T23059] syzkaller0: entered allmulticast mode
[  477.670012][T23059] tipc: Resetting bearer <eth:syzkaller0>
[  477.749223][T23058] tipc: Resetting bearer <eth:syzkaller0>
[  477.780386][T23058] tipc: Disabling bearer <eth:syzkaller0>
[  477.806873][T23074] nbd: couldn't find a device at index 0
[  477.889401][T23074] can: request_module (can-proto-0) failed.
[  477.958504][T23084] netlink: 'syz.1.5237': attribute type 30 has an invalid length.
[  479.326213][T23171] netlink: 'syz.4.5254': attribute type 4 has an invalid length.
[  479.380442][T23174] netlink: 'syz.4.5254': attribute type 4 has an invalid length.
[  479.574572][T23128] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  479.622536][T23128] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  480.219184][T23128] vlan0: left allmulticast mode
[  480.224194][T23128] veth0_vlan: left allmulticast mode
[  480.229776][T23128] vlan0: left promiscuous mode
[  480.235449][T23128] macvtap1: left promiscuous mode
[  480.241116][T23128] macvtap1: left allmulticast mode
[  480.316154][T23161] dummy0: entered promiscuous mode
[  480.322734][T23161] macvtap1: entered promiscuous mode
[  480.328709][T23161] macvtap1: entered allmulticast mode
[  480.336370][T23161] dummy0: entered allmulticast mode
[  480.350329][T23163] dummy0: left allmulticast mode
[  480.357088][T23163] dummy0: left promiscuous mode
[  480.383412][  T134] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.412970][  T134] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  480.443080][  T134] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.457474][  T134] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  480.646772][  T134] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.657380][  T134] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  480.668018][  T134] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.678506][  T134] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  480.699084][T23207] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  480.712049][T23207] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  480.779770][T23210] team0: Device gtp0 is of different type
[  480.987169][T23226] syzkaller0: entered promiscuous mode
[  480.994681][T23226] syzkaller0: entered allmulticast mode
[  481.305464][T23238] bond4: (slave bridge3): Enslaving as an active interface with an up link
[  481.380272][T23249] macvlan3: entered promiscuous mode
[  481.405958][T23249] macvlan3: entered allmulticast mode
[  481.435805][T23249] bond4: entered promiscuous mode
[  481.447073][T23249] bridge3: entered promiscuous mode
[  481.460019][T23249] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  481.472750][T23249] bond4: left promiscuous mode
[  481.478575][T23249] bridge3: left promiscuous mode
[  481.693932][   T43] hid-generic 0005:0C45:1012.0001: unknown main item tag 0x1
[  481.706863][   T43] hid-generic 0005:0C45:1012.0001: ignoring exceeding usage max
[  481.716342][   T43] hid-generic 0005:0C45:1012.0001: unknown main item tag 0x4
[  481.725592][   T43] hid-generic 0005:0C45:1012.0001: unknown main item tag 0x5
[  481.734085][   T43] hid-generic 0005:0C45:1012.0001: reserved main item tag 0xd
[  481.742065][   T43] hid-generic 0005:0C45:1012.0001: unexpected long global item
[  481.750629][   T43] hid-generic 0005:0C45:1012.0001: probe with driver hid-generic failed with error -22
[  481.917392][T23286] netlink: 'syz.1.5280': attribute type 3 has an invalid length.
[  482.006079][T23292] __nla_validate_parse: 10 callbacks suppressed
[  482.006098][T23292] netlink: 167264 bytes leftover after parsing attributes in process `syz.3.5283'.
[  482.269523][T23317] netlink: 'syz.4.5290': attribute type 3 has an invalid length.
[  482.271546][T23300] bond1: option miimon: invalid value (18446744073709551585)
[  482.301828][T23300] bond1: option miimon: allowed values 0 - 2147483647
[  482.343845][T23300] bond1 (unregistering): Released all slaves
[  482.529170][T23327] vlan3: entered promiscuous mode
[  482.535176][T23327] bridge0: entered promiscuous mode
[  482.584023][T23330] netlink: 'syz.1.5295': attribute type 1 has an invalid length.
[  482.637393][T23330] 8021q: adding VLAN 0 to HW filter on device bond3
[  482.678146][T23340] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5296'.
[  482.712449][T23336] bond3: (slave geneve3): making interface the new active one
[  482.743014][T23336] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  482.776852][ T1110] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.792088][ T1110] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.814636][ T1110] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.861085][ T1110] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  482.998378][T23359] netlink: 'syz.2.5305': attribute type 30 has an invalid length.
[  483.026501][T23357] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5304'.
[  483.038137][T23357] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5304'.
[  483.058976][T23357] netlink: 'syz.3.5304': attribute type 5 has an invalid length.
[  483.075810][T23357] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5304'.
[  483.087535][T23357] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5304'.
[  483.097005][T23357] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5304'.
[  483.212490][T23366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5307'.
[  483.248676][T23366] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5307'.
[  483.383237][T23374] xfrm0 speed is unknown, defaulting to 1000
[  483.554003][T23388] netlink: 'syz.0.5316': attribute type 11 has an invalid length.
[  483.625328][T23388] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5316'.
[  483.816865][T23405] IPVS: nq: FWM 3 0x00000003 - no destination available
[  483.967345][T23414] netlink: 'syz.1.5320': attribute type 30 has an invalid length.
[  484.261838][T23426] bond0: (slave rose0): Error: Device can not be enslaved while up
[  484.284479][T23426] netlink: 'syz.2.5323': attribute type 16 has an invalid length.
[  484.312626][T23426] netlink: 'syz.2.5323': attribute type 3 has an invalid length.
[  484.787039][T23462] netlink: 'syz.4.5334': attribute type 30 has an invalid length.
[  484.869267][T23471] FAULT_INJECTION: forcing a failure.
[  484.869267][T23471] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  484.914052][T23473] delete_channel: no stack
[  484.921654][T23471] CPU: 1 UID: 0 PID: 23471 Comm: syz.1.5335 Not tainted syzkaller #0 PREEMPT(full) 
[  484.921678][T23471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  484.921690][T23471] Call Trace:
[  484.921697][T23471]  <TASK>
[  484.921705][T23471]  dump_stack_lvl+0x189/0x250
[  484.921734][T23471]  ? __pfx____ratelimit+0x10/0x10
[  484.921757][T23471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.921779][T23471]  ? __pfx__printk+0x10/0x10
[  484.921798][T23471]  ? __might_fault+0xb0/0x130
[  484.921832][T23471]  should_fail_ex+0x414/0x560
[  484.921861][T23471]  _copy_from_user+0x2d/0xb0
[  484.921884][T23471]  ___sys_recvmsg+0x12e/0x510
[  484.921910][T23471]  ? __pfx____sys_recvmsg+0x10/0x10
[  484.921954][T23471]  ? __fget_files+0x3a0/0x420
[  484.921983][T23471]  do_recvmmsg+0x307/0x770
[  484.922010][T23471]  ? __pfx_do_recvmmsg+0x10/0x10
[  484.922042][T23471]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  484.922084][T23471]  __x64_sys_recvmmsg+0x190/0x240
[  484.922106][T23471]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  484.922130][T23471]  ? do_syscall_64+0xbe/0xfa0
[  484.922157][T23471]  do_syscall_64+0xfa/0xfa0
[  484.922178][T23471]  ? lockdep_hardirqs_on+0x9c/0x150
[  484.922200][T23471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.922217][T23471]  ? clear_bhb_loop+0x60/0xb0
[  484.922237][T23471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.922259][T23471] RIP: 0033:0x7f365838f749
[  484.922275][T23471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  484.922289][T23471] RSP: 002b:00007f36565f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  484.922309][T23471] RAX: ffffffffffffffda RBX: 00007f36585e6090 RCX: 00007f365838f749
[  484.922322][T23471] RDX: 0000000000000002 RSI: 0000200000004880 RDI: 0000000000000003
[  484.922333][T23471] RBP: 00007f36565f6090 R08: 0000000000000000 R09: 0000000000000000
[  484.922345][T23471] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  484.922355][T23471] R13: 00007f36585e6128 R14: 00007f36585e6090 R15: 00007fff1c5c8ba8
[  484.922387][T23471]  </TASK>
[  485.296327][T23486] netlink: 'syz.0.5340': attribute type 11 has an invalid length.
[  485.442224][T23496] hsr_slave_0: left promiscuous mode
[  485.479741][T23496] hsr_slave_1: left promiscuous mode
[  485.774028][T23516] 8021q: VLANs not supported on ip6_vti0
[  485.862170][T23525] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  486.194883][T23546] syzkaller0: entered promiscuous mode
[  486.211299][T23546] syzkaller0: entered allmulticast mode
[  486.426691][T23553] syzkaller0: entered promiscuous mode
[  486.453381][T23553] syzkaller0: entered allmulticast mode
[  486.516367][T23571] 8021q: adding VLAN 0 to HW filter on device bond6
[  486.525188][T23571] bond5: (slave bond6): making interface the new active one
[  486.533344][T23571] bond5: (slave bond6): Enslaving as an active interface with an up link
[  486.633709][T23565] bond5: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  486.649053][T23565] bond5: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  486.674388][T23578] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  487.091148][T23613] __nla_validate_parse: 18 callbacks suppressed
[  487.091166][T23613] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5375'.
[  487.185614][T23551] tipc: Resetting bearer <eth:syzkaller0>
[  487.204369][T23615] netlink: 92 bytes leftover after parsing attributes in process `syz.3.5376'.
[  487.379749][T23621] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5378'.
[  487.473134][T23623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5378'.
[  489.076162][T23551] tipc: Disabling bearer <eth:syzkaller0>
[  489.115735][T13256] tipc: Node number set to 558401744
[  489.365414][T23653] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5385'.
[  489.368653][T23654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5386'.
[  489.552415][T23666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5390'.
[  489.602177][T23673] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5393'.
[  489.843693][T23670] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5392'.
[  490.228540][T23701] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5402'.
[  490.356738][T23709] validate_nla: 8 callbacks suppressed
[  490.356755][T23709] netlink: 'syz.4.5408': attribute type 3 has an invalid length.
[  490.396007][T23710] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  490.449609][T23717] "syz.4.5409" (23717) uses obsolete ecb(arc4) skcipher
[  490.549793][T23720] delete_channel: no stack
[  490.777551][T23731] netlink: 'syz.1.5413': attribute type 20 has an invalid length.
[  490.797351][T23731] netlink: 'syz.1.5413': attribute type 20 has an invalid length.
[  490.799437][ T1110] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  490.818544][ T1110] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  490.842217][ T1110] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  490.862097][ T1110] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  491.112632][T23743] netlink: 'syz.0.5419': attribute type 3 has an invalid length.
[  491.202129][T23749] netlink: 'syz.3.5420': attribute type 3 has an invalid length.
[  491.334431][T23758] IPVS: nq: FWM 3 0x00000003 - no destination available
[  491.490657][T23766] netlink: 'syz.0.5429': attribute type 2 has an invalid length.
[  491.499615][T23762] bond3: entered promiscuous mode
[  491.509320][T23762] bond3: entered allmulticast mode
[  491.516074][T23762] 8021q: adding VLAN 0 to HW filter on device bond3
[  491.734848][T23783] FAULT_INJECTION: forcing a failure.
[  491.734848][T23783] name failslab, interval 1, probability 0, space 0, times 0
[  491.783302][T23783] CPU: 0 UID: 0 PID: 23783 Comm: syz.2.5432 Not tainted syzkaller #0 PREEMPT(full) 
[  491.783328][T23783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  491.783339][T23783] Call Trace:
[  491.783347][T23783]  <TASK>
[  491.783355][T23783]  dump_stack_lvl+0x189/0x250
[  491.783383][T23783]  ? __pfx____ratelimit+0x10/0x10
[  491.783406][T23783]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.783428][T23783]  ? __pfx__printk+0x10/0x10
[  491.783452][T23783]  ? __pfx___might_resched+0x10/0x10
[  491.783471][T23783]  ? fs_reclaim_acquire+0x7d/0x100
[  491.783493][T23783]  should_fail_ex+0x414/0x560
[  491.783523][T23783]  should_failslab+0xa8/0x100
[  491.783542][T23783]  kmem_cache_alloc_node_noprof+0x77/0x710
[  491.783565][T23783]  ? __alloc_skb+0x112/0x2d0
[  491.783589][T23783]  __alloc_skb+0x112/0x2d0
[  491.783609][T23783]  netlink_dump+0x1b7/0xe90
[  491.783647][T23783]  ? __pfx_netlink_dump+0x10/0x10
[  491.783694][T23783]  ? netlink_recvmsg+0x5b2/0xa30
[  491.783709][T23783]  ? kmem_cache_free+0x19b/0x690
[  491.783740][T23783]  netlink_recvmsg+0x676/0xa30
[  491.783767][T23783]  ? __pfx_netlink_recvmsg+0x10/0x10
[  491.783783][T23783]  ? __lock_acquire+0xab9/0xd20
[  491.783806][T23783]  ? aa_sock_msg_perm+0xf1/0x1d0
[  491.783831][T23783]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  491.783850][T23783]  ? __pfx_netlink_recvmsg+0x10/0x10
[  491.783869][T23783]  sock_recvmsg_nosec+0x186/0x1c0
[  491.783896][T23783]  ____sys_recvmsg+0x3aa/0x460
[  491.783922][T23783]  ? __pfx_____sys_recvmsg+0x10/0x10
[  491.783957][T23783]  ? import_iovec+0x74/0xa0
[  491.783982][T23783]  ___sys_recvmsg+0x1b5/0x510
[  491.784007][T23783]  ? __pfx____sys_recvmsg+0x10/0x10
[  491.784060][T23783]  ? __might_fault+0xb0/0x130
[  491.784087][T23783]  do_recvmmsg+0x307/0x770
[  491.784116][T23783]  ? __pfx_do_recvmmsg+0x10/0x10
[  491.784148][T23783]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  491.784195][T23783]  __x64_sys_recvmmsg+0x190/0x240
[  491.784218][T23783]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  491.784243][T23783]  ? do_syscall_64+0xbe/0xfa0
[  491.784270][T23783]  do_syscall_64+0xfa/0xfa0
[  491.784291][T23783]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.784313][T23783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.784330][T23783]  ? clear_bhb_loop+0x60/0xb0
[  491.784350][T23783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.784366][T23783] RIP: 0033:0x7f9ca098f749
[  491.784382][T23783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.784396][T23783] RSP: 002b:00007f9ca1778038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  491.784415][T23783] RAX: ffffffffffffffda RBX: 00007f9ca0be5fa0 RCX: 00007f9ca098f749
[  491.784428][T23783] RDX: 0000000000000002 RSI: 0000200000004880 RDI: 0000000000000003
[  491.784444][T23783] RBP: 00007f9ca1778090 R08: 0000000000000000 R09: 0000000000000000
[  491.784454][T23783] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  491.784464][T23783] R13: 00007f9ca0be6038 R14: 00007f9ca0be5fa0 R15: 00007ffd960b0108
[  491.784494][T23783]  </TASK>
[  492.238559][T23789] team0: Device gtp3 is of different type
[  492.410962][T23806] __nla_validate_parse: 8 callbacks suppressed
[  492.410982][T23806] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5439'.
[  492.590865][T23811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.886502][T23834] netlink: 140 bytes leftover after parsing attributes in process `syz.3.5449'.
[  492.907095][T23840] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5452'.
[  492.912194][T23834] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5449'.
[  492.929423][T23838] netem: incorrect ge model size
[  492.935363][T23838] netem: change failed
[  492.979597][T23843] netlink: 'syz.0.5451': attribute type 1 has an invalid length.
[  493.327892][T23863] tipc: Started in network mode
[  493.338313][T23863] tipc: Node identity fa10b01b618f, cluster identity 4711
[  493.346491][T23863] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  493.357356][T23872] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5461'.
[  493.407825][T23874] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  493.450713][T23863] tipc: Disabling bearer <eth:syzkaller0>
[  493.475371][T23879] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  493.598232][T23889] team0: Device gtp3 is of different type
[  493.633364][T23891] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5467'.
[  493.967847][T23917] netlink: 'syz.2.5479': attribute type 30 has an invalid length.
[  494.219618][T23929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5482'.
[  494.261003][T23930] team0: Device gtp0 is of different type
[  494.325529][T23937] FAULT_INJECTION: forcing a failure.
[  494.325529][T23937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  494.345297][T23937] CPU: 0 UID: 0 PID: 23937 Comm: syz.3.5485 Not tainted syzkaller #0 PREEMPT(full) 
[  494.345322][T23937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  494.345331][T23937] Call Trace:
[  494.345337][T23937]  <TASK>
[  494.345344][T23937]  dump_stack_lvl+0x189/0x250
[  494.345372][T23937]  ? __pfx____ratelimit+0x10/0x10
[  494.345394][T23937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.345413][T23937]  ? __pfx__printk+0x10/0x10
[  494.345442][T23937]  should_fail_ex+0x414/0x560
[  494.345470][T23937]  _copy_to_user+0x31/0xb0
[  494.345492][T23937]  simple_read_from_buffer+0xe1/0x170
[  494.345521][T23937]  proc_fail_nth_read+0x1b3/0x220
[  494.345545][T23937]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  494.345570][T23937]  ? rw_verify_area+0x2a6/0x4d0
[  494.345591][T23937]  ? __lock_acquire+0xab9/0xd20
[  494.345607][T23937]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  494.345629][T23937]  vfs_read+0x200/0xa30
[  494.345649][T23937]  ? fdget_pos+0x247/0x320
[  494.345671][T23937]  ? __pfx___mutex_lock+0x10/0x10
[  494.345706][T23937]  ? __pfx_vfs_read+0x10/0x10
[  494.345728][T23937]  ? __fget_files+0x2a/0x420
[  494.345745][T23937]  ? __fget_files+0x3a0/0x420
[  494.345759][T23937]  ? __fget_files+0x2a/0x420
[  494.345783][T23937]  ksys_read+0x145/0x250
[  494.345817][T23937]  ? __pfx_ksys_read+0x10/0x10
[  494.345842][T23937]  ? do_syscall_64+0xbe/0xfa0
[  494.345868][T23937]  do_syscall_64+0xfa/0xfa0
[  494.345887][T23937]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.345908][T23937]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.345924][T23937]  ? clear_bhb_loop+0x60/0xb0
[  494.345945][T23937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.345962][T23937] RIP: 0033:0x7fba0ef8e15c
[  494.345977][T23937] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  494.345992][T23937] RSP: 002b:00007fba0fddc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  494.346011][T23937] RAX: ffffffffffffffda RBX: 00007fba0f1e6090 RCX: 00007fba0ef8e15c
[  494.346024][T23937] RDX: 000000000000000f RSI: 00007fba0fddc0a0 RDI: 0000000000000004
[  494.346035][T23937] RBP: 00007fba0fddc090 R08: 0000000000000000 R09: 0000000000000000
[  494.346046][T23937] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  494.346057][T23937] R13: 00007fba0f1e6128 R14: 00007fba0f1e6090 R15: 00007ffe3136f088
[  494.346088][T23937]  </TASK>
[  494.921300][T23958] ieee802154 phy0 wpan0: encryption failed: -22
[  495.115244][T23979] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5498'.
[  495.133378][T23977] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5499'.
[  495.208535][T23984] netlink: 'syz.3.5501': attribute type 4 has an invalid length.
[  495.229053][T23984] netlink: 'syz.3.5501': attribute type 4 has an invalid length.
[  495.299721][T23989] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5503'.
[  495.344055][T23984] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.351690][T23984] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.440934][T23984] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  495.456950][T23984] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  495.611184][T23989] team1 (uninitialized): Failed to send options change via netlink (err -105)
[  495.653205][T23989] team1: entered promiscuous mode
[  495.658367][T23989] team1: entered allmulticast mode
[  495.667241][ T1110] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  495.676848][ T1110] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  495.706204][ T1110] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  495.727969][ T1110] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  495.752428][T24002] openvswitch: netlink: Flow key attr not present in new flow.
[  495.760886][ T1110] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  495.771909][T24003] openvswitch: netlink: Flow key attr not present in new flow.
[  495.779634][ T1110] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  495.796168][ T1110] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  495.814613][T24005] Cannot find add_set index 2 as target
[  495.827802][ T1110] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  496.350630][T24039] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  496.444643][T24039] syzkaller0: entered promiscuous mode
[  496.452118][T24039] syzkaller0: entered allmulticast mode
[  496.460520][T24039] tipc: Resetting bearer <eth:syzkaller0>
[  496.489481][T24046] IPVS: set_ctl: invalid protocol: 11612 172.20.20.11:21
[  496.520522][T24053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.608193][T24053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.670640][T24053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.699170][T24053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.730289][T24053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.163493][T24052] tipc: Resetting bearer <eth:syzkaller0>
[  498.172078][  T152] tipc: Resetting bearer <eth:syzkaller0>
[  498.182841][T24064] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.273372][T24038] tipc: Resetting bearer <eth:syzkaller0>
[  498.302210][T24038] tipc: Disabling bearer <eth:syzkaller0>
[  498.339373][T24088] --map-set only usable from mangle table
[  498.347327][T24088] __nla_validate_parse: 4 callbacks suppressed
[  498.347345][T24088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5532'.
[  498.356665][T24081] bond0: entered promiscuous mode
[  498.400621][T24081] bond_slave_0: entered promiscuous mode
[  498.433020][T24090] IPVS: nq: FWM 3 0x00000003 - no destination available
[  498.442796][T24081] bond_slave_1: entered promiscuous mode
[  498.462950][T24095] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5538'.
[  498.620186][T24098] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.629575][T24098] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.638322][T24098] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.762708][T24104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5543'.
[  498.779118][T24105] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5542'.
[  498.908184][T24109] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  499.201040][T24132] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  499.339042][T24144] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input6
[  499.421418][T24148] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5558'.
[  499.532307][T24156] bond1: (slave geneve3): Enslaving as an active interface with an up link
[  499.546748][  T134] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  499.556597][  T134] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  499.566722][  T134] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  499.576094][  T134] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  499.589579][T24164] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5563'.
[  499.971525][T24186] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5570'.
[  500.039931][T24188] IPv6: sit1: Disabled Multicast RS
[  500.046694][T24188] sit1: entered allmulticast mode
[  500.390102][T24213] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5581'.
[  501.039056][T24266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5603'.
[  501.228851][T24274] netlink: 284 bytes leftover after parsing attributes in process `syz.4.5606'.
[  501.288901][T24282] netlink: 'syz.0.5608': attribute type 3 has an invalid length.
[  501.693772][T24309] xfrm0 speed is unknown, defaulting to 1000
[  501.777218][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  502.010359][T24318] xfrm0 speed is unknown, defaulting to 1000
[  502.297993][T24347] tipc: Started in network mode
[  502.302994][T24347] tipc: Node identity a69539f99cd, cluster identity 4711
[  502.312309][T24347] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  502.385168][T24347] syzkaller0: entered promiscuous mode
[  502.390864][T24347] syzkaller0: entered allmulticast mode
[  502.398069][T24347] tipc: Resetting bearer <eth:syzkaller0>
[  502.445048][T24346] tipc: Resetting bearer <eth:syzkaller0>
[  502.517306][T24358] FAULT_INJECTION: forcing a failure.
[  502.517306][T24358] name failslab, interval 1, probability 0, space 0, times 0
[  502.535097][T24358] CPU: 1 UID: 0 PID: 24358 Comm: syz.2.5635 Not tainted syzkaller #0 PREEMPT(full) 
[  502.535123][T24358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  502.535134][T24358] Call Trace:
[  502.535142][T24358]  <TASK>
[  502.535150][T24358]  dump_stack_lvl+0x189/0x250
[  502.535177][T24358]  ? __pfx____ratelimit+0x10/0x10
[  502.535200][T24358]  ? __pfx_dump_stack_lvl+0x10/0x10
[  502.535221][T24358]  ? __pfx__printk+0x10/0x10
[  502.535243][T24358]  ? __pfx___might_resched+0x10/0x10
[  502.535260][T24358]  ? fs_reclaim_acquire+0x7d/0x100
[  502.535280][T24358]  should_fail_ex+0x414/0x560
[  502.535308][T24358]  should_failslab+0xa8/0x100
[  502.535327][T24358]  kmem_cache_alloc_node_noprof+0x77/0x710
[  502.535350][T24358]  ? __alloc_skb+0x112/0x2d0
[  502.535365][T24358]  ? netlink_autobind+0xdb/0x300
[  502.535388][T24358]  __alloc_skb+0x112/0x2d0
[  502.535408][T24358]  netlink_sendmsg+0x5c6/0xb30
[  502.535435][T24358]  ? __pfx_netlink_sendmsg+0x10/0x10
[  502.535454][T24358]  ? trace_irq_disable+0x37/0x110
[  502.535469][T24358]  ? aa_sock_msg_perm+0xf1/0x1d0
[  502.535504][T24358]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  502.535520][T24358]  ? __pfx_netlink_sendmsg+0x10/0x10
[  502.535537][T24358]  __sock_sendmsg+0x21c/0x270
[  502.535562][T24358]  ____sys_sendmsg+0x505/0x830
[  502.535586][T24358]  ? __pfx_____sys_sendmsg+0x10/0x10
[  502.535614][T24358]  ? import_iovec+0x74/0xa0
[  502.535638][T24358]  ___sys_sendmsg+0x21f/0x2a0
[  502.535660][T24358]  ? __pfx____sys_sendmsg+0x10/0x10
[  502.535711][T24358]  ? __fget_files+0x2a/0x420
[  502.535726][T24358]  ? __fget_files+0x3a0/0x420
[  502.535752][T24358]  __x64_sys_sendmsg+0x19b/0x260
[  502.535772][T24358]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  502.535801][T24358]  ? rcu_is_watching+0x15/0xb0
[  502.535828][T24358]  do_syscall_64+0xfa/0xfa0
[  502.535851][T24358]  ? lockdep_hardirqs_on+0x9c/0x150
[  502.535872][T24358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.535890][T24358]  ? clear_bhb_loop+0x60/0xb0
[  502.535911][T24358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.535928][T24358] RIP: 0033:0x7f9ca098f749
[  502.535943][T24358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.535957][T24358] RSP: 002b:00007f9ca1778038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  502.535976][T24358] RAX: ffffffffffffffda RBX: 00007f9ca0be5fa0 RCX: 00007f9ca098f749
[  502.535989][T24358] RDX: 0000000000000010 RSI: 0000200000000440 RDI: 0000000000000003
[  502.536000][T24358] RBP: 00007f9ca1778090 R08: 0000000000000000 R09: 0000000000000000
[  502.536011][T24358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.536021][T24358] R13: 00007f9ca0be6038 R14: 00007f9ca0be5fa0 R15: 00007ffd960b0108
[  502.536052][T24358]  </TASK>
[  502.924754][T24366] netlink: 'syz.2.5636': attribute type 4 has an invalid length.
[  502.987564][T24369] netlink: 'syz.2.5636': attribute type 4 has an invalid length.
[  504.210047][T24346] tipc: Disabling bearer <eth:syzkaller0>
[  504.223444][T24356] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  504.309215][T24379] __nla_validate_parse: 14 callbacks suppressed
[  504.309236][T24379] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5639'.
[  504.359233][T24372] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.367006][T24372] bridge0: port 1(bridge_slave_0) entered disabled state
[  504.509888][T24395] netlink: 232 bytes leftover after parsing attributes in process `syz.1.5643'.
[  504.615977][T24372] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  504.649099][T24372] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  504.766737][T24373] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5636'.
[  504.776134][ T5944] tipc: Node number set to 977615353
[  504.831743][T24392] syzkaller0: entered promiscuous mode
[  504.837432][T24392] syzkaller0: entered allmulticast mode
[  504.849390][   T43] xfrm0 speed is unknown, defaulting to 1000
[  504.856923][ T1110] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  504.861339][   T43] syz0: Port: 1 Link DOWN
[  504.880757][ T1110] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0
[  504.891849][ T1110] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  504.903389][ T1110] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0
[  504.980787][T24411] Bluetooth: MGMT ver 1.23
[  504.991944][T24411] Bluetooth: hci1: too big key_count value 32778
[  505.074544][T24414] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5648'.
[  505.220592][T24425] netlink: 108 bytes leftover after parsing attributes in process `syz.4.5650'.
[  505.291043][T24427] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5652'.
[  505.303672][T24427] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5652'.
[  506.587709][ T1110] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  506.597433][ T1110] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0
[  506.607048][ T1110] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  506.616161][ T1110] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0
[  506.798838][T24436] pim6reg: entered allmulticast mode
[  506.907656][T24444] net_ratelimit: 3 callbacks suppressed
[  506.907674][T24444] IPVS: sh: FWM 3 0x00000003 - no destination available
[  506.939735][T24447] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5661'.
[  506.956304][T24448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5660'.
[  506.993150][T24448] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5660'.
[  507.049529][T24456] bridge0: entered promiscuous mode
[  507.069833][T24455] bridge0: left promiscuous mode
[  507.423629][T24491] netlink: 'syz.4.5670': attribute type 1 has an invalid length.
[  507.445187][T24491] bond7: entered promiscuous mode
[  507.451670][T24491] 8021q: adding VLAN 0 to HW filter on device bond7
[  507.471766][T24491] bond7: (slave bridge5): making interface the new active one
[  507.479347][T24491] bridge5: entered promiscuous mode
[  507.485940][T24491] bond7: (slave bridge5): Enslaving as an active interface with an up link
[  508.036289][T24499] netlink: 'syz.2.5671': attribute type 9 has an invalid length.
[  508.078384][T24509] netlink: 'syz.1.5674': attribute type 2 has an invalid length.
[  508.143255][T24512] netlink: 'syz.0.5679': attribute type 1 has an invalid length.
[  508.165192][T24512] netlink: 'syz.0.5679': attribute type 2 has an invalid length.
[  508.336184][T24528] SET target dimension over the limit!
[  508.398089][T24529] ieee802154 phy0 wpan0: encryption failed: -22
[  508.705481][T24554] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  508.925554][T24578] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.934484][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.340262][T24589] xt_CT: No such helper "snmp_trap"
[  509.357242][T24597] bond8: down delay (33554432) is not a multiple of miimon (640), value rounded to 33553920 ms
[  509.375056][T24597] __nla_validate_parse: 13 callbacks suppressed
[  509.375076][T24597] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5709'.
[  509.531385][   T50] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  509.550084][   T50] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[  509.672147][T24620] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5713'.
[  509.679930][T24611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5710'.
[  509.713271][   T50] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  509.722057][   T50] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[  509.742420][   T50] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  509.754219][   T50] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[  509.763289][T24624] sctp: [Deprecated]: syz.2.5714 (pid 24624) Use of struct sctp_assoc_value in delayed_ack socket option.
[  509.763289][T24624] Use struct sctp_sack_info instead
[  509.808017][T24624] sctp: [Deprecated]: syz.2.5714 (pid 24624) Use of struct sctp_assoc_value in delayed_ack socket option.
[  509.808017][T24624] Use struct sctp_sack_info instead
[  509.853192][   T50] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  509.881480][   T50] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[  510.118861][T24643] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5719'.
[  510.149695][T24646] v: renamed from vlan0
[  510.285784][T24655] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.5723'.
[  510.345651][T24655] netdevsim netdevsim3: Direct firmware load for 	 failed with error -2
[  510.371184][T24655] netdevsim netdevsim3: Falling back to sysfs fallback for: 	
[  510.440480][T24661] bond3: option packets_per_slave: invalid value (18446744073709551615)
[  510.467818][T24661] bond3: option packets_per_slave: allowed values 0 - 65535
[  510.487510][T24661] bond3 (unregistering): Released all slaves
[  510.525567][T24667] team0: Caught tx_queue_len zero misconfig
[  510.555500][T24671] syzkaller0: entered promiscuous mode
[  510.561011][T24671] syzkaller0: entered allmulticast mode
[  510.730285][T24687] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5733'.
[  510.763006][T24686] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5733'.
[  510.775060][T24690] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5735'.
[  510.799503][T24694] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5736'.
[  510.823028][T24694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5736'.
[  511.037142][T24711] openvswitch: netlink: IP tunnel dst address not specified
[  511.066180][T24711] netlink: 'syz.4.5742': attribute type 5 has an invalid length.
[  511.074448][T24711] netlink: 'syz.4.5742': attribute type 6 has an invalid length.
[  511.192046][T24726] xt_hashlimit: size too large, truncated to 1048576
[  511.956431][T24782] netlink: 'syz.0.5766': attribute type 1 has an invalid length.
[  512.008311][T24782] bond3: (slave ip6gretap1): making interface the new active one
[  512.023912][T24782] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  512.033174][T24782] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  512.041268][T24782] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  512.398735][T24805] xfrm0 speed is unknown, defaulting to 1000
[  512.485786][T24819] syzkaller1: entered promiscuous mode
[  512.491972][T24819] syzkaller1: entered allmulticast mode
[  512.766243][T24833] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  512.982279][T24847] 8021q: adding VLAN 0 to HW filter on device bond3
[  513.099495][T24856] syzkaller0: entered promiscuous mode
[  513.109342][T24856] syzkaller0: entered allmulticast mode
[  513.176506][T24875] netlink: 'syz.0.5793': attribute type 1 has an invalid length.
[  513.237662][T24876] netlink: 'syz.0.5793': attribute type 1 has an invalid length.
[  514.519605][T24875] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  514.524032][T24876] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  514.971443][T24853] Bluetooth: hci1: command 0x0405 tx timeout
[  515.342048][T24884] netlink: 'syz.2.5796': attribute type 1 has an invalid length.
[  515.349932][T24884] __nla_validate_parse: 15 callbacks suppressed
[  515.349949][T24884] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5796'.
[  515.449837][T24895] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5799'.
[  515.579209][T24906] netlink: 'syz.0.5805': attribute type 1 has an invalid length.
[  515.648370][T24906] 8021q: adding VLAN 0 to HW filter on device bond4
[  515.755017][T24908] 8021q: adding VLAN 0 to HW filter on device bond4
[  515.762423][T24908] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  515.773877][T24908] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  515.863424][T24906] veth5: entered promiscuous mode
[  515.873340][T24906] bond4: (slave veth5): Enslaving as an active interface with a down link
[  515.875024][T24927] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5809'.
[  515.927320][T24919] bond4: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  515.942813][T24919] bond4 (unregistering): Released all slaves
[  515.976759][T24921] vlan2: entered allmulticast mode
[  515.982447][T24921] bond4: entered allmulticast mode
[  516.206885][T24940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5815'.
[  516.372227][T24957] netlink: 'syz.0.5817': attribute type 2 has an invalid length.
[  516.424766][T24957] netlink: 'syz.0.5817': attribute type 8 has an invalid length.
[  516.460795][T24957] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5817'.
[  516.486141][T24944] syzkaller0: entered promiscuous mode
[  516.492125][T24944] syzkaller0: entered allmulticast mode
[  516.514955][T24964] gtp0: entered promiscuous mode
[  516.532179][T24964] gtp0: entered allmulticast mode
[  516.561813][T24964] sctp: [Deprecated]: syz.1.5823 (pid 24964) Use of struct sctp_assoc_value in delayed_ack socket option.
[  516.561813][T24964] Use struct sctp_sack_info instead
[  518.243491][T24986] xt_l2tp: invalid flags combination: 8
[  518.243846][T24989] xt_l2tp: invalid flags combination: 8
[  518.264411][T24987] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input7
[  518.293368][T24993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5833'.
[  518.354667][T24993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5833'.
[  518.361626][   T36] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  518.382276][  T152] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  518.405221][  T152] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  518.431077][  T152] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  518.500172][T25007] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input8
[  518.728095][T25020] netlink: 'syz.0.5842': attribute type 2 has an invalid length.
[  518.894887][T25020] �9: entered promiscuous mode
[  519.112865][T25041] !��: renamed from bond_slave_0
[  519.178311][T25038] ip6gretap1: entered allmulticast mode
[  519.299657][T25052] netlink: 'syz.0.5849': attribute type 1 has an invalid length.
[  519.602969][T25075] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5854'.
[  519.611926][T25070] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  519.654402][T25070] syzkaller0: entered promiscuous mode
[  519.656823][T25031] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  519.661667][T25070] syzkaller0: entered allmulticast mode
[  519.668079][T25031] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  519.678403][T25070] tipc: Resetting bearer <eth:syzkaller0>
[  519.690448][T25080] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5855'.
[  519.716161][T25080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5855'.
[  519.728538][T25068] tipc: Resetting bearer <eth:syzkaller0>
[  519.777423][T25068] tipc: Disabling bearer <eth:syzkaller0>
[  519.794226][T25031] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  519.800191][T25031] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  519.903603][T25031] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  519.913045][T25031] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  519.996808][T25031] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  520.003187][T25031] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  520.407563][T25116] netlink: 'syz.0.5865': attribute type 8 has an invalid length.
[  520.550175][T25125] geneve4: entered promiscuous mode
[  520.566262][  T152] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20002 - 0
[  520.576103][  T152] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20002 - 0
[  520.595719][  T152] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20002 - 0
[  520.615048][  T152] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20002 - 0
[  520.783685][T25140] xt_cgroup: xt_cgroup: no path or classid specified
[  521.378866][T25172] netlink: 'syz.1.5878': attribute type 4 has an invalid length.
[  521.437187][T25173] netlink: 'syz.1.5878': attribute type 4 has an invalid length.
[  521.785792][T25193] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  522.187629][T25211] __nla_validate_parse: 2 callbacks suppressed
[  522.187647][T25211] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5884'.
[  522.204817][T25211] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5884'.
[  522.356949][T25219] bridge_slave_0: default FDB implementation only supports local addresses
[  522.386391][T25219] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5886'.
[  522.668285][T25243] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5892'.
[  522.696529][T25245] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5893'.
[  522.714489][T25245] netlink: 596 bytes leftover after parsing attributes in process `syz.1.5893'.
[  522.839198][T25255] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5895'.
[  522.885857][T25255] vlan2: entered allmulticast mode
[  522.891024][T25255] gretap0: entered allmulticast mode
[  522.936590][T25260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5897'.
[  522.947755][T25260] lo: Caught tx_queue_len zero misconfig
[  523.318479][T25284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5902'.
[  523.439051][T25293] netlink: 'syz.4.5905': attribute type 39 has an invalid length.
[  523.915752][T25321] netlink: 272 bytes leftover after parsing attributes in process `syz.4.5913'.
[  524.569380][T25362] xt_TPROXY: Can be used only with -p tcp or -p udp
[  524.683397][T25372] netlink: 'syz.4.5929': attribute type 1 has an invalid length.
[  525.204930][T25387] netlink: 'syz.1.5932': attribute type 10 has an invalid length.
[  525.231753][T25387] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  525.239019][T25387] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  525.304232][T25387] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  525.921792][T25416] FAULT_INJECTION: forcing a failure.
[  525.921792][T25416] name failslab, interval 1, probability 0, space 0, times 0
[  525.945931][T25416] CPU: 1 UID: 0 PID: 25416 Comm: syz.0.5941 Not tainted syzkaller #0 PREEMPT(full) 
[  525.945958][T25416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  525.945969][T25416] Call Trace:
[  525.945978][T25416]  <TASK>
[  525.945986][T25416]  dump_stack_lvl+0x189/0x250
[  525.946015][T25416]  ? __pfx____ratelimit+0x10/0x10
[  525.946039][T25416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  525.946061][T25416]  ? __pfx__printk+0x10/0x10
[  525.946086][T25416]  ? __pfx___might_resched+0x10/0x10
[  525.946105][T25416]  ? fs_reclaim_acquire+0x7d/0x100
[  525.946127][T25416]  should_fail_ex+0x414/0x560
[  525.946158][T25416]  should_failslab+0xa8/0x100
[  525.946179][T25416]  kmem_cache_alloc_node_noprof+0x77/0x710
[  525.946203][T25416]  ? __alloc_skb+0x112/0x2d0
[  525.946219][T25416]  ? netlink_autobind+0xdb/0x300
[  525.946242][T25416]  __alloc_skb+0x112/0x2d0
[  525.946263][T25416]  netlink_sendmsg+0x5c6/0xb30
[  525.946290][T25416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  525.946312][T25416]  ? aa_sock_msg_perm+0xf1/0x1d0
[  525.946339][T25416]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  525.946356][T25416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  525.946375][T25416]  __sock_sendmsg+0x21c/0x270
[  525.946402][T25416]  ____sys_sendmsg+0x505/0x830
[  525.946427][T25416]  ? __pfx_____sys_sendmsg+0x10/0x10
[  525.946462][T25416]  ? import_iovec+0x74/0xa0
[  525.946487][T25416]  ___sys_sendmsg+0x21f/0x2a0
[  525.946508][T25416]  ? __pfx____sys_sendmsg+0x10/0x10
[  525.946562][T25416]  ? __fget_files+0x2a/0x420
[  525.946577][T25416]  ? __fget_files+0x3a0/0x420
[  525.946605][T25416]  __x64_sys_sendmsg+0x19b/0x260
[  525.946626][T25416]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  525.946655][T25416]  ? __pfx_ksys_write+0x10/0x10
[  525.946682][T25416]  ? do_syscall_64+0xbe/0xfa0
[  525.946708][T25416]  do_syscall_64+0xfa/0xfa0
[  525.946729][T25416]  ? lockdep_hardirqs_on+0x9c/0x150
[  525.946751][T25416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.946769][T25416]  ? clear_bhb_loop+0x60/0xb0
[  525.946790][T25416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.946807][T25416] RIP: 0033:0x7fd2e178f749
[  525.946824][T25416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.946839][T25416] RSP: 002b:00007fd2e2706038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  525.946859][T25416] RAX: ffffffffffffffda RBX: 00007fd2e19e5fa0 RCX: 00007fd2e178f749
[  525.946873][T25416] RDX: 0000000004000880 RSI: 0000200000000280 RDI: 0000000000000003
[  525.946885][T25416] RBP: 00007fd2e2706090 R08: 0000000000000000 R09: 0000000000000000
[  525.946897][T25416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  525.946908][T25416] R13: 00007fd2e19e6038 R14: 00007fd2e19e5fa0 R15: 00007ffd4ce17428
[  525.946939][T25416]  </TASK>
[  527.346219][T25479] ipt_REJECT: TCP_RESET invalid for non-tcp
[  527.781970][T25511] sock: sock_set_timeout: `syz.1.5967' (pid 25511) tries to set negative timeout
[  527.872332][T25517] __nla_validate_parse: 8 callbacks suppressed
[  527.872352][T25517] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5971'.
[  527.972856][T25517] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5971'.
[  527.982568][T25517] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5971'.
[  528.032399][T25530] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5971'.
[  528.058070][T25530] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5971'.
[  528.084454][T25533] 8021q: adding VLAN 0 to HW filter on device macvtap2
[  528.095693][T25533] team0: Device macvtap2 is already an upper device of the team interface
[  528.146005][T25535] ipt_REJECT: TCP_RESET invalid for non-tcp
[  528.173372][T25540] netlink: 112 bytes leftover after parsing attributes in process `syz.4.5976'.
[  528.306816][T25548] netlink: 404 bytes leftover after parsing attributes in process `syz.4.5981'.
[  528.320938][T25548] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5981'.
[  528.332442][T25548] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5981'.
[  528.342091][T25548] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5981'.
[  528.515555][T25562] nbd: couldn't find a device at index 0
[  528.804560][T25570] IPVS: nq: FWM 3 0x00000003 - no destination available
[  529.090374][T25593] netlink: 'syz.0.5997': attribute type 3 has an invalid length.
[  529.335493][T25606] netlink: 'syz.1.6003': attribute type 11 has an invalid length.
[  529.465182][T25618] netlink: 'syz.1.6009': attribute type 10 has an invalid length.
[  529.477389][T25618] team0: Port device dummy0 added
[  530.472250][T25685] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  530.718472][T25710] "syz.0.6047" (25710) uses obsolete ecb(arc4) skcipher
[  530.733558][T25711] tipc: Enabling of bearer <u˩:s> rejected, media not registered
[  530.804687][T25715] IPVS: set_ctl: invalid protocol: 137 224.0.0.1:20003
[  531.228893][T25745] netlink: 'syz.4.6061': attribute type 17 has an invalid length.
[  531.241528][T25745] gretap0: entered promiscuous mode
[  531.247918][T25745] gretap0: left promiscuous mode
[  531.656683][T25766] xt_CT: No such helper "snmp_trap"
[  531.955416][T25782] FAULT_INJECTION: forcing a failure.
[  531.955416][T25782] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.971513][T25782] CPU: 1 UID: 0 PID: 25782 Comm: syz.1.6077 Not tainted syzkaller #0 PREEMPT(full) 
[  531.971539][T25782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  531.971550][T25782] Call Trace:
[  531.971558][T25782]  <TASK>
[  531.971567][T25782]  dump_stack_lvl+0x189/0x250
[  531.971595][T25782]  ? __pfx____ratelimit+0x10/0x10
[  531.971617][T25782]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.971640][T25782]  ? __pfx__printk+0x10/0x10
[  531.971658][T25782]  ? __might_fault+0xb0/0x130
[  531.971692][T25782]  should_fail_ex+0x414/0x560
[  531.971722][T25782]  _copy_from_user+0x2d/0xb0
[  531.971744][T25782]  ___sys_sendmsg+0x158/0x2a0
[  531.971767][T25782]  ? __pfx____sys_sendmsg+0x10/0x10
[  531.971820][T25782]  ? __fget_files+0x2a/0x420
[  531.971837][T25782]  ? __fget_files+0x3a0/0x420
[  531.971864][T25782]  __x64_sys_sendmsg+0x19b/0x260
[  531.971885][T25782]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  531.971914][T25782]  ? __pfx_ksys_write+0x10/0x10
[  531.971948][T25782]  ? do_syscall_64+0xbe/0xfa0
[  531.971976][T25782]  do_syscall_64+0xfa/0xfa0
[  531.971997][T25782]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.972020][T25782]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.972038][T25782]  ? clear_bhb_loop+0x60/0xb0
[  531.972058][T25782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.972080][T25782] RIP: 0033:0x7f365838f749
[  531.972096][T25782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.972111][T25782] RSP: 002b:00007f3659147038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  531.972131][T25782] RAX: ffffffffffffffda RBX: 00007f36585e5fa0 RCX: 00007f365838f749
[  531.972144][T25782] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[  531.972156][T25782] RBP: 00007f3659147090 R08: 0000000000000000 R09: 0000000000000000
[  531.972168][T25782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.972179][T25782] R13: 00007f36585e6038 R14: 00007f36585e5fa0 R15: 00007fff1c5c8ba8
[  531.972208][T25782]  </TASK>
[  532.381398][T25794] xt_CT: No such helper "snmp_trap"
[  532.704199][T25819] FAULT_INJECTION: forcing a failure.
[  532.704199][T25819] name failslab, interval 1, probability 0, space 0, times 0
[  532.727296][T25819] CPU: 0 UID: 0 PID: 25819 Comm: syz.4.6091 Not tainted syzkaller #0 PREEMPT(full) 
[  532.727321][T25819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  532.727331][T25819] Call Trace:
[  532.727339][T25819]  <TASK>
[  532.727348][T25819]  dump_stack_lvl+0x189/0x250
[  532.727376][T25819]  ? __pfx____ratelimit+0x10/0x10
[  532.727398][T25819]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.727417][T25819]  ? __pfx__printk+0x10/0x10
[  532.727439][T25819]  ? __pfx___might_resched+0x10/0x10
[  532.727456][T25819]  ? fs_reclaim_acquire+0x7d/0x100
[  532.727475][T25819]  should_fail_ex+0x414/0x560
[  532.727506][T25819]  should_failslab+0xa8/0x100
[  532.727525][T25819]  __kmalloc_noprof+0xcb/0x7f0
[  532.727546][T25819]  ? tomoyo_encode+0x28b/0x550
[  532.727575][T25819]  tomoyo_encode+0x28b/0x550
[  532.727606][T25819]  tomoyo_realpath_from_path+0x58d/0x5d0
[  532.727633][T25819]  ? tomoyo_domain+0xd9/0x130
[  532.727654][T25819]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  532.727675][T25819]  tomoyo_path_number_perm+0x1e8/0x5a0
[  532.727701][T25819]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  532.727760][T25819]  ? __fget_files+0x2a/0x420
[  532.727779][T25819]  ? __fget_files+0x3a0/0x420
[  532.727794][T25819]  ? __fget_files+0x2a/0x420
[  532.727815][T25819]  security_file_ioctl+0xcb/0x2d0
[  532.727837][T25819]  __se_sys_ioctl+0x47/0x170
[  532.727860][T25819]  do_syscall_64+0xfa/0xfa0
[  532.727893][T25819]  ? lockdep_hardirqs_on+0x9c/0x150
[  532.727915][T25819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.727931][T25819]  ? clear_bhb_loop+0x60/0xb0
[  532.727950][T25819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.727964][T25819] RIP: 0033:0x7f60bc78f749
[  532.727979][T25819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.727992][T25819] RSP: 002b:00007f60bd602038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  532.728009][T25819] RAX: ffffffffffffffda RBX: 00007f60bc9e5fa0 RCX: 00007f60bc78f749
[  532.728021][T25819] RDX: 0000200000000340 RSI: 00000000400448c8 RDI: 0000000000000005
[  532.728031][T25819] RBP: 00007f60bd602090 R08: 0000000000000000 R09: 0000000000000000
[  532.728040][T25819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.728050][T25819] R13: 00007f60bc9e6038 R14: 00007f60bc9e5fa0 R15: 00007ffccc1f8368
[  532.728080][T25819]  </TASK>
[  532.728214][T25819] ERROR: Out of memory at tomoyo_realpath_from_path.
[  533.109683][T25830] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  533.436781][T25857] FAULT_INJECTION: forcing a failure.
[  533.436781][T25857] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.452956][T25857] CPU: 1 UID: 0 PID: 25857 Comm: syz.1.6105 Not tainted syzkaller #0 PREEMPT(full) 
[  533.452982][T25857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  533.452993][T25857] Call Trace:
[  533.453001][T25857]  <TASK>
[  533.453010][T25857]  dump_stack_lvl+0x189/0x250
[  533.453036][T25857]  ? __pfx____ratelimit+0x10/0x10
[  533.453060][T25857]  ? __pfx_dump_stack_lvl+0x10/0x10
[  533.453082][T25857]  ? __pfx__printk+0x10/0x10
[  533.453101][T25857]  ? __might_fault+0xb0/0x130
[  533.453130][T25857]  should_fail_ex+0x414/0x560
[  533.453156][T25857]  _copy_from_user+0x2d/0xb0
[  533.453179][T25857]  hidp_sock_ioctl+0x257/0x560
[  533.453207][T25857]  ? __pfx_hidp_sock_ioctl+0x10/0x10
[  533.453249][T25857]  ? kasan_quarantine_put+0xdd/0x220
[  533.453290][T25857]  ? do_vfs_ioctl+0xbe8/0x1430
[  533.453310][T25857]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  533.453345][T25857]  sock_do_ioctl+0xdc/0x300
[  533.453370][T25857]  ? __pfx_sock_do_ioctl+0x10/0x10
[  533.453408][T25857]  sock_ioctl+0x576/0x790
[  533.453432][T25857]  ? __pfx_sock_ioctl+0x10/0x10
[  533.453453][T25857]  ? __fget_files+0x3a0/0x420
[  533.453467][T25857]  ? __fget_files+0x2a/0x420
[  533.453486][T25857]  ? bpf_lsm_file_ioctl+0x9/0x20
[  533.453513][T25857]  ? __pfx_sock_ioctl+0x10/0x10
[  533.453531][T25857]  __se_sys_ioctl+0xfc/0x170
[  533.453551][T25857]  do_syscall_64+0xfa/0xfa0
[  533.453571][T25857]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.453592][T25857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.453609][T25857]  ? clear_bhb_loop+0x60/0xb0
[  533.453629][T25857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.453646][T25857] RIP: 0033:0x7f365838f749
[  533.453663][T25857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.453678][T25857] RSP: 002b:00007f3659147038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  533.453696][T25857] RAX: ffffffffffffffda RBX: 00007f36585e5fa0 RCX: 00007f365838f749
[  533.453710][T25857] RDX: 0000200000000340 RSI: 00000000400448c8 RDI: 0000000000000005
[  533.453722][T25857] RBP: 00007f3659147090 R08: 0000000000000000 R09: 0000000000000000
[  533.453734][T25857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.453745][T25857] R13: 00007f36585e6038 R14: 00007f36585e5fa0 R15: 00007fff1c5c8ba8
[  533.453776][T25857]  </TASK>
[  533.971809][T25870] __nla_validate_parse: 19 callbacks suppressed
[  533.971830][T25870] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6110'.
[  534.286699][T25880] netlink: 116 bytes leftover after parsing attributes in process `syz.1.6113'.
[  534.564785][T25902] netlink: 92 bytes leftover after parsing attributes in process `syz.0.6122'.
[  534.679663][T25910] netlink: 212360 bytes leftover after parsing attributes in process `syz.0.6126'.
[  534.747147][T25915] Set syz1 is full, maxelem 14 reached
[  534.807211][T25919] IPVS: set_ctl: invalid protocol: 92 224.0.0.2:20003
[  534.855002][T25923] netlink: 'syz.0.6132': attribute type 62 has an invalid length.
[  534.865116][T25923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6132'.
[  534.874984][T25923] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6132'.
[  534.949622][T25928] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6134'.
[  535.202639][T25936] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6138'.
[  535.249050][T25936] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.259722][T25936] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.271128][T25936] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  535.344020][T25936] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.355073][T25936] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.366513][T25936] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  535.448858][T25936] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.459798][T25936] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.471025][T25936] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  535.545605][T25936] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.557202][T25936] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.568224][T25936] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  535.663790][ T6034] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  535.674081][ T6034] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  535.682953][ T6034] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  535.701262][  T134] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  535.710035][  T134] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  535.718968][  T134] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  535.740056][  T134] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  535.748703][  T134] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  535.757702][  T134] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  535.778607][  T134] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  535.787466][  T134] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  535.796448][  T134] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  535.965275][T25955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6146'.
[  536.015503][T25957] sctp: [Deprecated]: syz.1.6147 (pid 25957) Use of struct sctp_assoc_value in delayed_ack socket option.
[  536.015503][T25957] Use struct sctp_sack_info instead
[  536.124872][T25965] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6151'.
[  536.135733][T25965] openvswitch: netlink: Key type 226 is out of range max 32
[  536.205161][T25971] netlink: 'syz.1.6153': attribute type 1 has an invalid length.
[  536.226720][T25971] 8021q: adding VLAN 0 to HW filter on device bond4
[  536.246672][T25971] bond4: entered promiscuous mode
[  536.252670][T25971] A link change request failed with some changes committed already. Interface bond4 may have been left with an inconsistent configuration, please check.
[  563.214602][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  624.653942][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  672.011345][   T31] INFO: task kworker/1:1:43 blocked for more than 143 seconds.
[  672.018991][   T31]       Not tainted syzkaller #0
[  672.024102][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  672.033038][   T31] task:kworker/1:1     state:D stack:22792 pid:43    tgid:43    ppid:2      task_flags:0x4208060 flags:0x00080000
[  672.045447][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  672.052243][   T31] Call Trace:
[  672.055523][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  672.058458][   T31]  __schedule+0x1798/0x4cc0
[  672.063414][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  672.068840][   T31]  ? __pfx___schedule+0x10/0x10
[  672.074449][   T31]  ? schedule+0x91/0x360
[  672.078723][   T31]  schedule+0x165/0x360
[  672.083578][   T31]  schedule_preempt_disabled+0x13/0x30
[  672.091310][   T31]  __mutex_lock+0x7e6/0x1350
[  672.095953][   T31]  ? __mutex_lock+0x5bb/0x1350
[  672.100741][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  672.153263][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  672.158351][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  672.164401][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  672.170137][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  672.176348][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  672.182114][   T31]  process_scheduled_works+0xae1/0x17b0
[  672.187680][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  672.194074][   T31]  worker_thread+0x8a0/0xda0
[  672.198693][   T31]  kthread+0x711/0x8a0
[  672.202873][   T31]  ? __pfx_worker_thread+0x10/0x10
[  672.208002][   T31]  ? __pfx_kthread+0x10/0x10
[  672.212663][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  672.217877][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.223324][   T31]  ? __pfx_kthread+0x10/0x10
[  672.227929][   T31]  ret_from_fork+0x4bc/0x870
[  672.232600][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  672.237743][   T31]  ? __switch_to_asm+0x39/0x70
[  672.242715][   T31]  ? __switch_to_asm+0x33/0x70
[  672.247489][   T31]  ? __pfx_kthread+0x10/0x10
[  672.252361][   T31]  ret_from_fork_asm+0x1a/0x30
[  672.257155][   T31]  </TASK>
[  672.260300][   T31] INFO: task syz.2.5844:25031 blocked for more than 143 seconds.
[  672.268111][   T31]       Not tainted syzkaller #0
[  672.273083][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  672.282087][   T31] task:syz.2.5844      state:D stack:24856 pid:25031 tgid:25030 ppid:20305  task_flags:0x400140 flags:0x00080003
[  672.294328][   T31] Call Trace:
[  672.297623][   T31]  <TASK>
[  672.300545][   T31]  __schedule+0x1798/0x4cc0
[  672.305396][   T31]  ? __lock_acquire+0xab9/0xd20
[  672.310278][   T31]  ? __lock_acquire+0xab9/0xd20
[  672.315398][   T31]  ? __pfx___schedule+0x10/0x10
[  672.320271][   T31]  ? schedule+0x91/0x360
[  672.324628][   T31]  schedule+0x165/0x360
[  672.328800][   T31]  schedule_preempt_disabled+0x13/0x30
[  672.334445][   T31]  __mutex_lock+0x7e6/0x1350
[  672.339056][   T31]  ? __mutex_lock+0x5bb/0x1350
[  672.344092][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  672.349377][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  672.354521][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.359729][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  672.365731][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  672.372460][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  672.378195][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  672.383384][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  672.389184][   T31]  rfkill_set_block+0x1d2/0x440
[  672.394078][   T31]  rfkill_fop_write+0x44b/0x570
[  672.398939][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  672.404628][   T31]  ? security_kernfs_init_security+0x250/0x290
[  672.410839][   T31]  ? rw_verify_area+0x255/0x4d0
[  672.415977][   T31]  ? __lock_acquire+0xab9/0xd20
[  672.420849][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  672.426266][   T31]  vfs_write+0x27e/0xb30
[  672.430521][   T31]  ? __pfx_vfs_write+0x10/0x10
[  672.435543][   T31]  ? __fget_files+0x2a/0x420
[  672.440140][   T31]  ? __fget_files+0x2a/0x420
[  672.444816][   T31]  ? __fget_files+0x3a0/0x420
[  672.449554][   T31]  ? __fget_files+0x2a/0x420
[  672.454181][   T31]  ksys_write+0x145/0x250
[  672.458521][   T31]  ? __pfx_ksys_write+0x10/0x10
[  672.463632][   T31]  ? do_syscall_64+0xbe/0xfa0
[  672.468310][   T31]  do_syscall_64+0xfa/0xfa0
[  672.472851][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.478920][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  672.485161][   T31]  ? clear_bhb_loop+0x60/0xb0
[  672.489850][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.496116][   T31] RIP: 0033:0x7f9ca098f749
[  672.500544][   T31] RSP: 002b:00007f9ca1778038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  672.509001][   T31] RAX: ffffffffffffffda RBX: 00007f9ca0be5fa0 RCX: 00007f9ca098f749
[  672.517036][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000008
[  672.525228][   T31] RBP: 00007f9ca0a13f91 R08: 0000000000000000 R09: 0000000000000000
[  672.533232][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  672.541253][   T31] R13: 00007f9ca0be6038 R14: 00007f9ca0be5fa0 R15: 00007ffd960b0108
[  672.549230][   T31]  </TASK>
[  672.552510][   T31] INFO: task syz.3.5845:25032 blocked for more than 143 seconds.
[  672.560230][   T31]       Not tainted syzkaller #0
[  672.565263][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  672.574125][   T31] task:syz.3.5845      state:D stack:27904 pid:25032 tgid:25032 ppid:20909  task_flags:0x400040 flags:0x00080002
[  672.586789][   T31] Call Trace:
[  672.590135][   T31]  <TASK>
[  672.593094][   T31]  __schedule+0x1798/0x4cc0
[  672.597613][   T31]  ? __lock_acquire+0xab9/0xd20
[  672.602536][   T31]  ? __lock_acquire+0xab9/0xd20
[  672.607395][   T31]  ? __pfx___schedule+0x10/0x10
[  672.612508][   T31]  ? schedule+0x91/0x360
[  672.616746][   T31]  schedule+0x165/0x360
[  672.620887][   T31]  schedule_preempt_disabled+0x13/0x30
[  672.626385][   T31]  __mutex_lock+0x7e6/0x1350
[  672.630997][   T31]  ? __mutex_lock+0x5bb/0x1350
[  672.635835][   T31]  ? rfkill_unregister+0xc8/0x220
[  672.640877][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  672.646230][   T31]  ? __pfx_device_del+0x10/0x10
[  672.651094][   T31]  rfkill_unregister+0xc8/0x220
[  672.656000][   T31]  nfc_unregister_device+0x96/0x2a0
[  672.661499][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  672.667226][   T31]  virtual_ncidev_close+0x56/0x90
[  672.672518][   T31]  __fput+0x44c/0xa70
[  672.676501][   T31]  task_work_run+0x1d4/0x260
[  672.681083][   T31]  ? __pfx_task_work_run+0x10/0x10
[  672.686237][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[  672.691780][   T31]  exit_to_user_mode_loop+0xe9/0x130
[  672.697076][   T31]  do_syscall_64+0x2bd/0xfa0
[  672.701930][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.708000][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  672.714176][   T31]  ? clear_bhb_loop+0x60/0xb0
[  672.718865][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.724828][   T31] RIP: 0033:0x7fba0ef8f749
[  672.729289][   T31] RSP: 002b:00007ffe3136f1e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  672.738012][   T31] RAX: 0000000000000000 RBX: 000000000007eab3 RCX: 00007fba0ef8f749
[  672.746056][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  672.754082][   T31] RBP: 00007fba0f1e7da0 R08: 0000000000000001 R09: 000000043136f4df
[  672.762348][   T31] R10: 0000001b2e120000 R11: 0000000000000246 R12: 00007fba0f1e5fac
[  672.770338][   T31] R13: 00007fba0f1e5fa0 R14: ffffffffffffffff R15: 00007ffe3136f300
[  672.778385][   T31]  </TASK>
[  672.781477][   T31] 
[  672.781477][   T31] Showing all locks held in the system:
[  672.789190][   T31] 1 lock held by khungtaskd/31:
[  672.796925][   T31]  #0: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  672.807071][   T31] 3 locks held by kworker/1:1/43:
[  672.812309][   T31]  #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  672.823660][   T31]  #1: ffffc90000b37ba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  672.837204][   T31]  #2: ffffffff8f5ab728 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  672.848631][   T31] 2 locks held by getty/5587:
[  672.853585][   T31]  #0: ffff88814ddb40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  672.863388][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  672.873561][   T31] 2 locks held by syz.2.5844/25031:
[  672.878757][   T31]  #0: ffffffff8f5ab728 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  672.889126][   T31]  #1: ffff8880330c5100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  672.899126][   T31] 2 locks held by syz.3.5845/25032:
[  672.904591][   T31]  #0: ffff8880330c5100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  672.914632][   T31]  #1: ffffffff8f5ab728 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  672.924841][   T31] 3 locks held by syz.4.6100/25841:
[  672.930036][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  672.938520][   T31]  #1: ffff88802c2d0100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  672.948263][   T31]  #2: ffffffff8f5ab728 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  672.958214][   T31] 1 lock held by syz.4.6100/25850:
[  672.963339][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  672.972085][   T31] 1 lock held by syz.4.6100/25853:
[  672.977203][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  672.985707][   T31] 1 lock held by syz.4.6100/25858:
[  672.990816][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  672.999320][   T31] 1 lock held by syz-executor/25871:
[  673.004835][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.013318][   T31] 1 lock held by syz-executor/25879:
[  673.018609][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.027130][   T31] 1 lock held by syz.0.6149/25967:
[  673.032510][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.040995][   T31] 1 lock held by syz.1.6162/25992:
[  673.046149][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.054744][   T31] 1 lock held by syz-executor/25997:
[  673.060032][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.068902][   T31] 1 lock held by syz-executor/25999:
[  673.074520][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.083067][   T31] 1 lock held by syz-executor/26001:
[  673.088375][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.097108][   T31] 1 lock held by syz-executor/26006:
[  673.102434][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.110894][   T31] 1 lock held by syz-executor/26007:
[  673.116235][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.124976][   T31] 1 lock held by syz-executor/26009:
[  673.130247][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.139096][   T31] 1 lock held by syz-executor/26012:
[  673.144413][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.153086][   T31] 1 lock held by syz-executor/26013:
[  673.158369][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.166828][   T31] 1 lock held by syz-executor/26018:
[  673.172132][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.180599][   T31] 1 lock held by syz-executor/26019:
[  673.186215][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.194728][   T31] 1 lock held by syz-executor/26021:
[  673.199991][   T31]  #0: ffffffff8e775528 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  673.208488][   T31] 
[  673.210808][   T31] =============================================
[  673.210808][   T31] 
[  673.219635][   T31] NMI backtrace for cpu 0
[  673.219651][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  673.219671][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  673.219690][   T31] Call Trace:
[  673.219698][   T31]  <TASK>
[  673.219706][   T31]  dump_stack_lvl+0x189/0x250
[  673.219736][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  673.219758][   T31]  ? __pfx__printk+0x10/0x10
[  673.219790][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  673.219814][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  673.219836][   T31]  ? __pfx__printk+0x10/0x10
[  673.219859][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  673.219886][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  673.219909][   T31]  watchdog+0xf60/0xfa0
[  673.219931][   T31]  ? watchdog+0x1e2/0xfa0
[  673.219952][   T31]  kthread+0x711/0x8a0
[  673.219973][   T31]  ? __pfx_watchdog+0x10/0x10
[  673.219989][   T31]  ? __pfx_kthread+0x10/0x10
[  673.220012][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  673.220034][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  673.220056][   T31]  ? __pfx_kthread+0x10/0x10
[  673.220079][   T31]  ret_from_fork+0x4bc/0x870
[  673.220100][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  673.220124][   T31]  ? __switch_to_asm+0x39/0x70
[  673.220138][   T31]  ? __switch_to_asm+0x33/0x70
[  673.220151][   T31]  ? __pfx_kthread+0x10/0x10
[  673.220172][   T31]  ret_from_fork_asm+0x1a/0x30
[  673.220201][   T31]  </TASK>
[  673.220208][   T31] Sending NMI from CPU 0 to CPUs 1:
[  673.365346][    C1] NMI backtrace for cpu 1
[  673.365375][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  673.365392][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  673.365402][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  673.365427][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 d0 21 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  673.365441][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  673.365455][    C1] RAX: 3f36fd58862c4600 RBX: ffffffff81967b47 RCX: 3f36fd58862c4600
[  673.365467][    C1] RDX: 0000000000000001 RSI: ffffffff8d70e025 RDI: ffffffff8bbf0760
[  673.365477][    C1] RBP: ffffc90000197f10 R08: ffff8880b8932fdb R09: 1ffff110171265fb
[  673.365488][    C1] R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f7ce870
[  673.365499][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100395eb58
[  673.365508][    C1] FS:  0000000000000000(0000) GS:ffff88812623b000(0000) knlGS:0000000000000000
[  673.365521][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  673.365532][    C1] CR2: 000056206a6ba000 CR3: 000000000dd38000 CR4: 00000000003526f0
[  673.365546][    C1] Call Trace:
[  673.365552][    C1]  <TASK>
[  673.365559][    C1]  default_idle+0x13/0x20
[  673.365573][    C1]  default_idle_call+0x73/0xb0
[  673.365588][    C1]  do_idle+0x1e7/0x510
[  673.365607][    C1]  ? __pfx_do_idle+0x10/0x10
[  673.365630][    C1]  cpu_startup_entry+0x44/0x60
[  673.365645][    C1]  start_secondary+0x101/0x110
[  673.365659][    C1]  common_startup_64+0x13e/0x147
[  673.365685][    C1]  </TASK>