last executing test programs:

25.335141405s ago: executing program 3 (id=2581):
write$tun(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0xfdef)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b *:'], 0x47)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, 0x2, 0x7, 0x301, 0x0, 0x0, {0xa}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x1}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x8}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x2}, @NFACCT_FLAGS={0x8}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x80}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
openat$cgroup(r2, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0)

25.208545893s ago: executing program 3 (id=2582):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001400)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000c000000000000000000000085000000d00000001801000020786c2500000000002020207b1a16077684dd7dc0d3adc16cf8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000009b0000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="b40800000000000073114200000000008510000002000000b7000000000000009500c200000000009500001200000000db45f0eb50b03cbbe2"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

25.071642053s ago: executing program 3 (id=2583):
pipe(&(0x7f0000001200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0x3)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$BTRFS_IOC_RESIZE(r2, 0x50009403, &(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYBLOB='\x00x'])
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, 0x0, 0x4800)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
unshare(0x6020400)
poll(0x0, 0x0, 0x9)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r5)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r7=>0x0}, 0x8)
r8 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r7, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r8, r6, 0x0, r5}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r9 = socket(0x848000000015, 0x805, 0x0)
setsockopt$RDS_FREE_MR(r9, 0x114, 0x3, &(0x7f00000005c0), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d9854591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b17590818020000000000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, @fallback, r1, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x6}, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='io_uring_poll_arm\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)

23.99597608s ago: executing program 3 (id=2586):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x200008d4)

23.941035832s ago: executing program 3 (id=2587):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000180)=0xfffffff9, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6c370c8900083c0120010000000000000000000000000000fe8000000000000000000000000000aaff"], 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x2, 'veth1_to_batadv\x00', {0x1}, 0x780})
recvmmsg(r0, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000000, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000000000040000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af180200010000000500000000260004001818fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000030b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107f5000000000000000007000200fe8000000000000000000000008879e66485201a0015ca8374000000000000000000000000000000000000145e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c0305d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"], 0x0)

23.017725383s ago: executing program 3 (id=2598):
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0xda, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4001}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x40}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pwritev(r0, &(0x7f0000000400)=[{&(0x7f0000000340)="577a29be4c834fe105e3399e08de3d945090b935490a65b37419c3391c7a68c302f06f897abc0381c27dd32f", 0x2c}], 0x1, 0x48, 0x3)

19.467026267s ago: executing program 1 (id=2629):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x10, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x41)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0)=<r4=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000200)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000240)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000280)=<r7=>0x0)
sendmsg$NFC_CMD_DEV_DOWN(r3, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, 0x0, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x40085)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x24000000)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000004c0)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r8, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040885}, 0x48040)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000005c0)={0x4}, 0x1)
r11 = accept$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000640)=0x1c)
getsockopt$inet6_int(r11, 0x29, 0xbe, &(0x7f0000000680), &(0x7f00000006c0)=0x4)
writev(r0, &(0x7f00000019c0)=[{&(0x7f0000000700)="8165e145059d45e748ce668c1c58f397f37b900b96a32ec4bebd41", 0x1b}, {&(0x7f0000000740)="da0cbe9ecdbf30a36ce96c8766de91e3ecbb5da6756d7ed06a14cabd014bd3010ef34fb8f13f671a13d6010d14988cfd8c0c99a3de2d5554b9e8fe1caee225251cf08742ec1e4f257cb02c75cfa58ba6fbfd5048f5f9884468e501e973a79b280ce499631288d2fddfd1846b19cea83f57dacc4a17988bb33ac0e9d6d0da6ceef3210fd33a589716047a746a541e162fe89a27cbefaa4c546b64d557bef753bbecbb9d3d2f934f26d622e0ef9e0b6933519b17c54b725b1ea105343738412a6df4222e9555f6efd609e9ba35cc56b6407394582e0b", 0xd5}, {&(0x7f0000000840)="87ed3bc22908b6078a2a92687a26dd6b77b578e239ed292d8243198ea98a20a1c06ddc50aaec024b962c5c1131c9b8067070f631edf2623bce", 0x39}, {&(0x7f0000000880)="3aa7e6181f12f5be12750b7435ac79206dfb133793b23d232115e26c76243c857b8cdcbb7cd0d6a27750f59e688a588311deebd1f99fcc1a1a54e2629a01b749b282a38460cb9a99d9c146d3bd0f71c848b688ddf63c3779ae1a09f7eeb796b5bac6e8179cdf88d2a29f3991d7c9aca24542ce6a0b73f525390cb00c43dc0ed6e77211242ccbafcaf5b6939baabdccf77ae9a6ac280f5759e324e9bef5aca2b8742c5e6041707bbcc5feaa30890ec28557ca3fd7d731b2bb020d2552954b614f8da608d8f3938fe850c852285f57609d260a415c278b1e6328176e0cac5305b062e79e302041669b28e18283235814b9d179d0cb3acd4cdc5547dd20d70987ec44c87a57929649facca45250c0be402da638def0860a288b7777b09aafdc91a40d620d8b8a687385c572b5e688f8891dcb812a21a2c49f3c2f93a8e8355b06e88ea8811996b85d0eec0529bc6e59a08508e225106dcd5201786ba4328f1ab5e636c787f2f1c0f938c5811b18ea3e6f87f522e0fbed9eec9c6b2e9cc69d716d8bd09a9688520a90a4075f32cdfdca1ffaf537978ed459407e70815c8e98fa05c1f1022d0e9129f9cb017e4df5a28e0fb541462a3e31c6dc958a6e3e020a5659da1ee37d7a97c10883956ffc1874a41e9ca725bc0c5268fee40767f73ac286234f48725fadc0fce2dc5a7bd35bc749913543b10d7453003004a79214d41f3a1d602c2d9771d06e05841e7fb5d243059edce2349f83404ccb155083e5c6e419ed4b055b7166dec2cd52942e7f3ac541440bcbeacd8440034bac72ef9f382aa18633a8ec22ea8f7e154a2832df3e14926d37b247aff28a8ce94a014f40f73eb2eada2ceefb4522628b657783dfd9df093a22e14afe1aa52fe31a4da8ee923c26c3ea14d1dd5cccc44163ed60cd0451f6f47e69bc6c90281e25abf9eac1ccceb414d17c98bbf8596ff31a40b6551a9d0ac34e7879df234bc8a3a7e50a763bac3943c97c295ec61eba997f34c4ff15ccb7f89e1cec4d89ee8de7418f467b3ff5827a060eb949e9d80233f49a9a02a1f78f7e9e39ee1e87bc1855c6014439c8076a010661a2124fe5cebcf60352c29ee3e2c0752b6b046ea2832a089244d24a1da4552b82eb0d9317d0341cdda2ab441e44b6135646b899f1fc25f569023a2b8ecaf1a7f2691beec5a69f738ef572c3903e5b58ac78b75db8db5a6a920652b7489b7fb2002c9f4188d387b6ef539f00b57edf90130bdf82504bee03dd271e8eb670ad4785efd5898319b4a98c038e768ac5448e6c3ef37f216c0070f79549026057df8327ebd50248852d12b022a730266e391db4a2a829c5ac706b86e5e9e53452f0f915ff6cd1e444016829012260791cc038eb5d254c640a5604aed18a9c873943c938b375a0937e32efa0c113780a147d703ea6471d431980a376f7299a9bfd5170a066fdb0b0b5e356454e3adc561620424c8ce14416c26447644154cdf43cbcde58a8e69c30aa06bf778e5c47ef3c41fd503ff85ffb15b43c83d5dd6ecb4294fe85b5f37995d4d980703d5d01741fff355900de6eeef6ab4606a2c992feae9f888543e987ccbe6079ea47d895bde67862e69fb0df8e54e8d839d41a8419a2cae5ec8571be441d9d83315c62e3d0fb7c79325273168ccec527982c3bb81810f9ec7a8e2982fe36b629a2d7d45d95cd8e92cbd6de5f8f32cf2e61f01ae5e21149660bafe8cb8c5111e7ef66bfc9ee6e75d244141a1100c85f4f1017935f873d07d50ac9baf210a56e44657bd5db927bb8ad85a4439dbfb92a2bd9628ee22d1ee6f908f99ea18c3633c15acb11c7a45f4bc9e9808a4879535dc961bb8ae7159ae09c6cab52fffeaf42980b63572085eddad8cba631d42917ec9506f3cd52c96a4250b69929d0622e094fd68577d5fd4ae0cdeda43cb091eb9adac4aa05656c762561d76b50c43dabecae98c941ad74be23caf489b28c0af6c6f2bdbd92f53a1212fb4df332c7afc370c67be41939c9d0b6202ba41e63ba6a1207856b87f0adc2a26fe34d4139bd2b42531c0bf0ccf67468a56432ece25e59a1482ff58e1cf9147f8ebe6b17663316e8be8200f1d063c1a15c71eb3238167a55ee0e0df5753a9cb5fac2199d9d2ab571eb529e8e1e25cccc7314fd48dc5f111665daae7d363372ffdf985ba68c22eccbda4d8092b550673b9a9cb122644efca2baa644b0461a955860c956526f8c7abc87ca841c0303d6d2ccf992f7b70a55b4f06995ffde59c8b6128b4046c5535b068d57196cd76746da81f6feb76ce9e3d17f46ff2013d24eba8134ea55ec667542e028fe875c7b8cb872edb9af6787a1f250f0ed9635e9319d7c73da25e33710b53e811a0481317c0f633a46532ddc64fff49b5853e47b5dcf3cd51f1db43794ea8344e36dfc10adf7fb70c1bc3030687248f6e69eee7b96fcede94eb9b8a0bed28b90088b4b037176652e6f4aa6bb1bef21939c840b732da78ee2e3aa7755b4fe874b70f1c570b615e84d352f2a6bf0dd0a188e56a72e1eb847023d804712163bb93dae0b1203c104cbb576bb35bef21a2cca686574c699cd474a847caeb660e39220650d9eb48f689d74e3685337ebc9cc9f5ee3a4410bacdd95b385075d7899196b3f71925a11753cb7cfde067f7d86dff0e5fb99f64d40e37a95a043a31da42c4b58c7c5721e18a301be32ce40c43fa39cb3e69cf65c28251d40b8ae16c939fdb3480e1c23c30a6922a5af4ffa24a6bb324e6cceeb74ccc6fd6316b55ce6b3d679132e502e5b2abce011d0afa0d26faf2d4a48d973360ecf67c086f9db1c170a11379313ad9e61f0779bdbc4ae67b18f4922fdc65d156cc4596136fa692ce16a06acd64ddb294dd233004664e167bb84f2d3619f881326f8368e6fed55ae44fa16085b4d1c97c41d79ee20dea0b45e6baecbcb05278250c336ccddee4ca7b19c2dbc38c93668f63f337dbc93290b4ef29f15db483b6a8a2ab612809309a8d71c6b2e7c09700d7fc0dbde90e41974de73c7e975a4055af10e975d5c00f24a57d460829a4c0031e7dc949dfaee4045d74a70fb9ee15acb7fe1f9542dbf49fc4b0a28b8b6e973c92822b715f8c303cbb9a293b32667e5dad695a9696a02aa01b1fdd59e26d315c6f5c3c4b4d000982d65fad59a26019fe8dc5fa736fe3625e2b298aeb4a6c4652ca9fc8817270d9acd6d08f8a86d7d444a1bd4cb9d7e13d563a632aa4da32e426d79a70aad8f125e68207dc3599151abab6523f250b57ef9ccea006760d0714c7f0e96baf2bea056c7f63ae1b4f7d6e41885ad6c32a6c19d7240ee733a16ce779de87f32817399093bc94439b1c7abf6ddf6d823ddf4114827929a6391db4bff5052d860e63cec83e6b3f0abc2d5ab27285481fe5b25a3fa542d1b22d3fc78660925a68552931bf20d76223cc6f760e6ce793261114cb04e23d7f8b07e9a5371c368f3c562a765ab12c9ea680c5cf8f520a6bed63c1d553b9ce424e2054681795b168d658870e98031e1a1e2d1381d2155a9705865f8731e3d5ab0529d5f991fb88cde1eda043ffb64864e4b94519c208e51c73d40c53ed6d3cb215006c490404eb33e797aec79377b1fd881161b8fa30f33760b2162ebf8123e9a91f1aac0add6674635c2005550687b184ab03943a85b4e765641eb9abd6dd2087274c8a4754509fd4947f755284f028910700074e4e46142e0687cdcc5eba6cff110ffa3d544b029d96942d67903ac856dc430635f25498967d0d3929ac7e0c9f9060ff143ec46ce701e3ac65759bfdbe7edd823fbb7cc5b736340dfc2a4aaa3df748f2ec9dc0dacaf1da575bc9d16770e8bc6d5bdfbed1f0545f5b00d832f3418e515cc0574e0819c662136c91a10ac0e57aa4bdb6b69aeeac1886334d80541247d1e394e09323e0d525338b9f687cbacf17eba659e9a86324c994d3c466fae07027dc56549b108dc3504c80990765fd5766ea96a17e45da8e47d977be978f576a8ea305598d2f82bdb22fb195e0c1434b8f249a98a350f7c33f92538020029ccf1759f6f5158d68d7e4e86682a76cab0dff20cef9019d49ac85bccb8ce82acd6b49f43e25d8b6cef6f7bda45e56869298361ab4e3a68a37a8fe73ba2630414e53d367de36ebb037b267029599102c17ef0dcf40ac89ab20117dfd73897483216fdbb50c1e436fedde6fc4a1b8be8e455a620860cbfb53089a42fed9d4e377909e9d7c62610d34e0642327896c173dbf6ee913df55af5deddc2091c8bf736327f0ad011550011ef007edc7b70aafb42071cde0407c73b944f5903a25c91ef38494744ef7dcd925fe8dab145600531d8bb64fa73e50c078745f98b4065eeb559641bf7e80481a449e518cefdc85c8b5bc7afc50b86ff082b5d234e4038730f5eb193511201366853e98173f48abe514cbd1e8d962ec018951752bd255a334cc6d07570335ba3ce924f87429247d8a603c3f243425316d4978d525b74ec847ff95bd3430f81b6809d667ae438a41e7c4ec41f81dfd931e4124467c02d972c9975364695513913c6e3faf86c08263b2159a31672a0342326176759c3c135c15bdaf4554af5cabce98e9acb7aa8f14ad4a53e3a4d36eb6f993b1edad4cd40778b6de106e0d4293c2866fc178861754ad21d1f582dccc8215c8453415e9e1f1b4edab6974aa7e01574eab1f5cfbf407209fdc3101d02eb6bed98a5dd8abfc8903a4abdd131ffe7c58da4ee6730555a769ac3b10e67d3536e2f8f0b6e7b02d5ce9eafd9e5e81414b93d167db15b0837c03ebc50304eb6b19cbd9b9f83cfaf3bfa6d594e3be3f3e0dfc9f5ca1b1bc7b5d093213d3e1edb4a3f017776cc1ebd7bc0ce1dacad2399db250eff72af4e74d2f899b3b14e1ded99b6c5fdd15fa01d3ba54848403abef0303108719093ed28580df74a54285385e252e861ac55c425d7a9e8f80d425a54fdc08f1687e23408a79e2a845d56009930335f641d82071d0cf55ebae374b730a4a67315618f042e5e42390a5dbefaea9dc4ef297ddcefc1f8be7de81bdba8eeb0ff20396a4f8c792a08ffa381d71d56679546fd8fe1e26d0e78ec12e79ad64312beb9f3dad75621803c6b31384e0e275adda36a67f883bb4c90a81acd821fbcd3645e300de7eaecadd110a6ccb7e9f0dc504d8d708054b79926f88803941fcb8444fba67550c82fb56dd228be48aec8ffe8670fef555c81b56a2af73d3527235dee89e68f45c9e619061c95cc72b9a998e4516c22c1f086e8e2574b4703601f230209af7f44542bdb8cf10566cdd0edb149c620c44db9475ca4d4c8bfc55bae28b1e537e8eee80cfd7eadabea5185ad6bd2571c68e257218d26988558a065814fb1d0c6de02baab3c884423d96454916289b8b87d22bc9b5af8b76f50f31033fe63a7e922e9e416fd1a1820ff8e7bdd11d71788932e11c23a85e3f4f8cbcde8135024e0c9098ad4b7e21d2a4c34d1c1b3acfad8cdafa596990ba94d37192338638343a081f059f9061faec873fb4ee8de30e9b1716b860a07fbabc73d165eca05503bff823f409429a223bc9920970a3771dca083000f91c0f0b790faef48968e8d8c557620aab6f8502edb06a4087a918c7d94550b479fb5b8b6f57ab586ce63d5face1e7dca2747269ea87b96ba12bbe09da9324ef4902548e63f414ac1b0cc7b3f903ce0146f18efc51107dea1a5ee29285c0306ac63cccb9b59590dea60d37ad1caccb6572a1a26da4ad3758dff3715afa1257f1ff55084d1845d985584c26bfb494c6b4b15a952430c98a478f286e6c454", 0x1000}, {&(0x7f0000001880)="bcbfe51226625ae3799da1ed9e6a", 0xe}, {&(0x7f00000018c0)="606509404bf965fe1b73b54262d02796c9159c009f0465766827c15b67d1dd03d9d215070c3203c0fc52acc07d70b252b78308c9a31be9ffe8fe6a5400fee4b013079f2c9e5a6dc65f4b4ecae065ad4e0c15b50a576f64a9c9f164b778da2190ce2c21f0df0817a27332f7f44dfadbf747a06bfb5d2661dcdeefbc8a7c3ff7f470c55e82ac64a5631eb0636a4f7235634d3fafa23c9b623e56b78613f9fb7eaafdf771a487f013c199338b2ee69862cada42e702472e01fe", 0xb8}, {&(0x7f0000001980)="b8a1cdedc66ae86168cb12b7834524e7", 0x10}], 0x7)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a40), 0x80000, 0x0)
recvmsg(r2, &(0x7f0000002e80)={&(0x7f0000001a80)=@hci, 0x80, &(0x7f0000002d40)=[{&(0x7f0000001b00)=""/206, 0xce}, {&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000002c00)=""/178, 0xb2}, {&(0x7f0000002cc0)=""/125, 0x7d}], 0x4, &(0x7f0000002d80)=""/244, 0xf4}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000002f40)={{r0}, &(0x7f0000002ec0), &(0x7f0000002f00)='%-010d \x00'}, 0x20)
ioctl$AUTOFS_IOC_PROTOVER(r10, 0x80049363, &(0x7f0000002f80))
ioctl$sock_rose_SIOCRSCLRRT(r0, 0x89e4)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TUNGETVNETBE(r0, 0x800454df, &(0x7f0000002fc0))
ioctl$AUTOFS_IOC_READY(r12, 0x9360, 0x10000)

18.962862109s ago: executing program 0 (id=2633):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
close(0x3) (async)
r1 = socket(0x2, 0x80805, 0x0) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) (async)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000100)=@sack_info={0x0, 0x5, 0xbb1}, 0xc) (async)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x76}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x24, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xf8}}, 0x0) (async)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
r7 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0xcc, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r8, {}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0xa0, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0x1000000}, @TCA_U32_SEL={0x94, 0x5, {0x7, 0x4, 0x8, 0x800, 0xffff, 0xc8, 0x18, 0x8, [{0x4, 0x5, 0xd8, 0x5}, {0x81, 0x8, 0x8000000, 0x3}, {0x7fffffff, 0x0, 0x6, 0x2}, {0x3, 0x6, 0x8000}, {0x10001, 0x30, 0x80, 0x4}, {0x200, 0x6, 0xffffffff, 0x8}, {0xfffffeff, 0x3, 0x10, 0x10000}, {0x4, 0x7, 0x5, 0x1000}]}}]}}]}, 0xcc}}, 0x0) (async)
syz_emit_ethernet(0x6a, &(0x7f0000000740)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0008004503005c00000000002f907800000000e000000124806558000000000000100008000000000086dd86dd88be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000e1c1ddbb1f186a40fa0a86111b8e3af6d1171f9b08676aa16864aa0506bb2ae55a50cf69b9407c474f89c30c9baa517f0b25b62aa157cc6af9e2c492c12a78dac634c87439b383b0f32d20484f2bc4f2f72d675ee598495d838d4d4a42327e56ee38d331b6d07e6043637615966f5999737bf5688603de6627dd1fa64d93925918c2453929bc117dd50abb23f493f0811fa910a43a3ed43446a996d75a4fee564eadb8b6de51f024ea3f5188ae6b9e84c680fabdd48159e0768de1f62b6c604d6f3971"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000002000000a8cc1dd9cc356e1140e1f614e80271105300000000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r9=>0x0})
r10 = socket$netlink(0x10, 0x3, 0x0)
writev(r10, &(0x7f0000000080)=[{&(0x7f0000000000)="290000002000190f00003fffffffda0602000000ffe80001dd0000040d000600ea11004a35f4667d41", 0x29}], 0x1) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000480)={'syztnl0\x00', r9, 0x7800, 0x8000, 0x1, 0x0, {{0x43, 0x4, 0x0, 0x0, 0x10c, 0x3, 0x0, 0x0, 0x0, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x41}, {[@noop, @ssrr={0x89, 0x1b, 0xa6, [@broadcast, @dev={0xac, 0x14, 0x14, 0x11}, @loopback, @loopback, @empty, @local]}, @timestamp_addr={0x44, 0x1c, 0xe3, 0x1, 0x9, [{@multicast2, 0x3ff}, {@remote, 0xc}, {@local, 0x8000}]}, @cipso={0x86, 0x6a, 0x1, [{0x0, 0x10, "0e441c3d58db5e39f098b9efb07f"}, {0x2, 0xb, "200143ccf863f7baba"}, {0x4, 0x8, "a20021a1cba0"}, {0x2, 0xa, "591688724974f79f"}, {0x2, 0x3, '\b'}, {0x1, 0xc, "95001a9bf9231904c9b1"}, {0x2, 0x12, "75709a13210baba00fb8d1a0d880fb4c"}, {0x1, 0xf, "d197a826fde6d5873f61452706"}, {0x6, 0x7, "668e376b4c"}]}, @ssrr={0x89, 0x27, 0xad, [@broadcast, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0xc}, @local, @broadcast, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @rand_addr=0x64010102]}, @noop, @cipso={0x86, 0x25, 0x2, [{0x5, 0x9, "78ec8109e34b71"}, {0x2, 0x4, "5518"}, {0x6, 0x12, "87b7047c2600"/16}]}, @lsrr={0x83, 0x7, 0x45, [@loopback]}]}}}}})

18.823751281s ago: executing program 0 (id=2634):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0xfffffffe, 0x0, 0x100}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000300), 0x4)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newqdisc={0xd4, 0x14, 0xf0b, 0x70bd26, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd, 0xc}, {0x0, 0xffe0}, {0xf, 0xa}}, [@TCA_STAB={0xb0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd4, 0x3, 0x200, 0xc, 0x1, 0x40000002, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x10, 0x7, 0xd, 0x0, 0x4, 0xa}}, {0x4}}, {{0x1c, 0x1, {0x4, 0x4, 0x3ff, 0x4, 0x0, 0x401, 0xffff, 0x1}}, {0x6, 0x2, [0x4]}}, {{0x1c, 0x1, {0xc, 0x2, 0x6, 0x10, 0x2, 0x9, 0x1, 0x2}}, {0x8, 0x2, [0x0, 0x4]}}, {{0x1c, 0x1, {0x3, 0x6, 0xffff, 0x8, 0x1, 0x200, 0x8, 0x2}}, {0x8, 0x2, [0x4, 0x4]}}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x10000000}, 0x0)

18.758432182s ago: executing program 0 (id=2635):
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000001070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b"], 0x140}}, 0x0)
unshare(0x26020480)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f0000000500)={0x92b, {{0xa, 0x4e20, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1}}, {{0xa, 0x4e21, 0x7, @empty, 0x7e}}}, 0x108)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x0, 0x5, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_CHAIN_TABLE={0x0, 0x1, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x0, 0x3, 'syz1\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x40050}, 0x0)
close(r1)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={<r4=>0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in={{0x2, 0x4, @initdev={0xac, 0x1e, 0x2, 0x0}}}}, &(0x7f0000000700)=0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb02f818"], &(0x7f0000001f80)=""/212, 0x1a, 0xd4, 0xa}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000006911300000000000851000000200000085000000b400000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x6}, 0x70)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x8, 0x4, 0x4, 0x9}, 0x50)
syz_emit_ethernet(0xfdef, &(0x7f0000000380)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x33, 0x0, @private, @broadcast}, {0x0, 0x0, 0x8}}}}}, 0x0)
unshare(0x8010080)
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f00000000c0)={r5, 0x3, 0x7, 0x3})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r5}, &(0x7f0000000380), &(0x7f00000003c0)=r6}, 0x20)
socket$tipc(0x1e, 0x2, 0x0)

18.569985859s ago: executing program 0 (id=2637):
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x2, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x1000}, @CTA_EXPECT_MASK={0x44, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @multicast2}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x821)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000050030000090a030000000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d04001280080003400000011008000c400000edd8f802098060000280040001803c000180080001400000000108000140000001d0080001400000000008000140000000090800014000000009080901400000800008000140000000091c000180080001407fffffff0800014000009af7080081400000000708000140000003ff70"], 0x398}}, 0x0)
unshare(0x2a020400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000002fc0)=""/4096, &(0x7f0000000040)=0x1000)

18.506582367s ago: executing program 1 (id=2638):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x9)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000540)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000010025bd7000ffdbdf2500000000", @ANYRES32=r2, @ANYBLOB="200404000300000024001280110001006272696467655f736c617665000000000c000580080022"], 0x44}, 0x1, 0x0, 0x0, 0x200404c1}, 0x4000000)

18.421515788s ago: executing program 0 (id=2639):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x14, 0x3, "f4f03b0200000000010007116b61979e"}, @NFTA_MATCH_NAME={0x9, 0x1, 'l2tp\x00'}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x7, 0x7, 0x1, 0x0, "2072ef"}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

18.30158577s ago: executing program 1 (id=2641):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x8, <r0=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0xffffffffffffffda, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r1, &(0x7f0000000340)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24)
listen(r1, 0x4)
listen(r1, 0x0)
r2 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000180)={{0x3, @null}, [@null, @bcast, @rose, @default, @default, @bcast, @bcast, @bcast]}, &(0x7f0000000200)=0x48, 0x80000)
sendmmsg(r2, &(0x7f00000009c0)=[{{&(0x7f0000000280)=@pppoe={0x18, 0x0, {0x4, @multicast, 'team_slave_1\x00'}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000300)="ff3ee4cf11ae881641d4d9431b46dbb66fbbad03453e74b338f4a08457d749ddab09d67e81e1fcbfe9386021acbf5e2a4ee4c16593a34dd65feadd31d886aa85a8cab61f7dc11b27e2be4dc28b4cd97e4f6f3f848781ea2ee48299b50555e5273a68d395bfd784d1625a95b321fdd2635e2cb4ce66e257a43fb1119ec1e4cb24b938ed592fdec0b53859eee682aeaea79bfb88f42537117c36399b7315322d624402a0c790a565ca9e2d83fb24811de99698f6f7ad67668d09cea261d7766a33af03e25485710cb1ec19a7f4fcd6b6a47c86ade1fb401f5cafe7311393a9ee61403f885d4a", 0xfffffffffffffef5}, {&(0x7f0000000400)="f209116bf640bcc2fc161a07", 0xc}, {&(0x7f0000000480)="c6920c0191234430bf86771b7f6e8dd89dfc207d48238d9f72bc881fed415a959ebcf498f2d867d941ce16e31a6cb860eb450029734755", 0x37}, {&(0x7f00000004c0)="88e8e11f399fb4de63f3d46f53", 0xd}, {&(0x7f0000000500)="89", 0x1}, {&(0x7f0000000540)="8c80d2c10e775cf5d90c495b027b2e4952e9fec243e713f2f36513b4cd60ac537ca7e4c9fe18eda129b3d051effb3ce328a9ed821aa633a581b7ac6dc0a32f8c6d1837a7b734e3", 0x47}], 0x6}}, {{&(0x7f0000000740)=@vsock, 0x80, &(0x7f0000000640)=[{&(0x7f00000007c0)="ea2221a37a2b19b1a6782961c9fafef6308d3b22021b8d3564085dffdad959975ec745f6932db814c1e5f9ae1c35b3476478998904c93685ee0d7f0cf6ea5ab28f6e515455b99b206ad4cafc38edbcfcd2bd34928c4a929a82df4f9b6dccf2138d7f8869f9362138cd4db2898d378e560630e665ebee22480cad23244e202d390cbfdc7a37ddd651d0", 0x89}, {&(0x7f0000000880)="9c5bb45cebbd36ec2118099444d1b15de302823b71de8845335bdc84fb38683df452d1ec5f4ebd789edce5f64ca1f2e18bd2fa3ac2edc896bf0c8740d18cdcd2692bd39c860359cdaad5cf61d1a6ea", 0x4f}], 0x2, &(0x7f0000000900)=[{0x90, 0x104, 0xf, "1edfe79226e23c52f303ab06902f2536d2da43772184e80c690f5a02d9fc4cc746cf683e62944b766efa21ca9a58362ef913a3ad7d97ac36e3214a01cb9ad723e0e2d03d34ee4a80c4175af25a6ce228c751535ce7c5e5255c64aebd0224de1eeb3fc22e444999121cfffbf0b424148f0bdb796f27586fe8f062f4d0"}], 0x90}}], 0x2, 0x4000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

18.199471108s ago: executing program 0 (id=2642):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b000000000000000000000080000000eb1e17d92a8d335c3a23d6d4f67c85f9b800"/47, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="040100001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010062726964676500001400028008000500012000000800010000000000080029007e6b0000080028"], 0x104}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x27, 0x14, 0x0, &(0x7f00000005c0)="f8ad48cc02cb29dcc8007f5b0800a2e2bb131826", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, 0x0)

18.147886479s ago: executing program 1 (id=2644):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xfffd}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x7}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @counter={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}, @NFTA_COUNTER_PACKETS={0xc}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r1 = getpid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003180)={0x20, 0x25, 0x301, 0x670bd24, 0x25dfdbfd, {0x15}, [@nested={0xc, 0x131, 0x0, 0x1, [@typed={0x8, 0x87, 0x0, 0x0, @pid=0xffffffffffffffff}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r6, 0x1, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000020688279000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffffffd}, 0x94)
recvmsg(r7, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000003c0), 0x4)
r9 = socket(0x25, 0x2, 0x6)
bind$can_j1939(r9, &(0x7f0000000080)={0x1d, 0x0, 0x400000000000002, {0x1}, 0xff}, 0x18)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000006c0), 0x60}, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="5c0000001000ffff27bd700000dbee2500000000", @ANYRES32=0x0, @ANYBLOB="100a0500079a07003c0012800b00010062726964676500002c00028005002a000200000005002d0001000000060009"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xfffffffc}, 0x10}, 0x94)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r12, @ANYRESDEC=r2, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r12}, &(0x7f0000000000), &(0x7f0000000080)=r10}, 0x20)

17.143717963s ago: executing program 1 (id=2655):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x10}}, 0x8c}}, 0x0)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x19}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0xb}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x5}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0xe}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x18}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1b}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x16}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040081}, 0x80)

17.100536624s ago: executing program 1 (id=2656):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="60010000", @ANYRES16=r4, @ANYBLOB="01002cbd7000ffdbdf251a00000008009a000000000007002100616100000500920005000000080001001a000000180122802400008008000700090000000800060079000000080004000400000000000000030000000c00008008000100ffffffff3c0000800800020007000000080001006300000008000396478e9a397162fa000a000000080001004d000000080006000900000008000600040000001c0000800800020007000000080005000800000008000500080000004600"], 0x160}, 0x1, 0x0, 0x0, 0x840}, 0x4020)
sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xfffffffffffffdaa, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r4, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x31}, @void, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x40041)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r5, 0x0, 0xcf, 0xfffffffffffffffc, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xe27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r6, {0xf, 0xc}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_FLAGS={0x8}]}}]}, 0x3c}}, 0x20040054)

16.463735435s ago: executing program 2 (id=2663):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r4}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@cgroup=r0, 0x13, 0x1, 0x0, &(0x7f0000000580)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000600)=[0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0]}, 0x40)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x3c, r6, 0x7, 0x2, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x2710}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000002000010000000000000000000a0020400000000700000a001400110076657468305f746f5f62726964676500080017004e224e24140002"], 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x48000)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', <r9=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r9, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7338}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x29}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005)
recvmmsg(r0, &(0x7f0000003500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r10 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r10, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r10, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)

16.070187311s ago: executing program 4 (id=2665):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x4, &(0x7f0000000180)=@framed={{}, [@ldst={0x0, 0x0, 0x1, 0x0, 0xb, 0xffffffffffffffe0, 0xfffffffffffffffc}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[], 0xbc}, 0x1, 0x0, 0x0, 0x40408d1}, 0x1)

16.069240682s ago: executing program 4 (id=2666):
r0 = socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000000)='/proc/net/\x00\x00t4/c+\x0fG\xf9aK\fX\a0\x04\x00\x00\x82D\x80'}, 0x30) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f00000000c0), 0x4) (async)
setsockopt$MRT_TABLE(r0, 0x0, 0xcf, 0x0, 0x0)

16.035109111s ago: executing program 4 (id=2667):
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000004679100000000000000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)={{0x14, 0x10, 0x30}, [@NFT_MSG_NEWCHAIN={0x5c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0x14, 0x3, 'wlan0\x00'}]}]}], {0x14}}, 0x84}}, 0x4048000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'veth0_vlan\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r2, r5, 0x25, 0x8, @void}, 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="8db42c43ffcf53c600000000000000204fcae0bbc9ed5c820080000200000003", 0x20)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x1401, 0x116, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8010)

15.994750924s ago: executing program 4 (id=2668):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000240), 0x4)
recvmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/239, 0xef}], 0x1}, 0x40000040)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f00000004c0)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, 0x0, &(0x7f0000000400))
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000000)={0xc, 0x1, 0x9, 0x10000, @vifc_lcl_addr=@loopback, @multicast1}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000001400030500008000ffdb5cec2d"], 0x20}, 0x1, 0x0, 0x0, 0xc091}, 0x20008840)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00'})
syz_emit_ethernet(0x76, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffff0180c2feff0281004b000805010c2331ce96e0f47279d338c4488b166ed164bb4eb626e36c8a8e6729462585359152691a8c623f49c45abc2e7014db2cf1ced50b59e78bc172ab473121e55d8a7c1b94b9e4d8c90a9639c698c27ee4bd11385e05323ff22e254a61f2772d6d24a6cc79"], 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x1ff)

15.831415512s ago: executing program 4 (id=2669):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001840)={'veth0_to_bond\x00'})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="1c0000004e000100"], 0x1c}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYRESHEX=r1], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010f000000000000000003000000080004"], 0x1c}}, 0x0)
unshare(0x24020400)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
vmsplice(r7, &(0x7f00000001c0)=[{&(0x7f0000000640)="ec", 0x1}], 0x1, 0xf)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=<r9=>0xffffffffffffffff, @ANYBLOB="e80ca944866fdd75d0b69d415500000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x23)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xff48, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffc9d, 0x0, 0x0, 0x0}, 0x94)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r11=>0x0})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000480)={'syztnl0\x00', r11, 0x4, 0x8a, 0x7, 0x8000ff, 0x32, @local, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x8000, 0x700, 0x11, 0x2080}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000540)='io_uring_create\x00', r5, 0x0, 0x100000001}, 0x18)
r12 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r12, 0x0, 0x11, &(0x7f00000007c0)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x4000}}, {{@in=@remote, 0x0, 0x6c}, 0x0, @in=@loopback, 0x200000, 0x0, 0x0, 0x0, 0x0, 0xbeaf}}, 0xe8)
syz_emit_ethernet(0x117c, &(0x7f0000002a00)=ANY=[@ANYBLOB="000000000000bbbbbbbbbbbb88a820008100320008004715116600680000042f9078e0000002ac14141844081940000000060421880b001d008000300008773ef4ba34048e801fb75959421bc900df2963da3a65603e6171afa57f0900080001ff220347805688c6e09f0594fae91a1fdeaee0cd1693bce666dd4d6c051d332b82363229ea20d85ba69b32d14d1d1fc1e4ced313c70450d1a4ee6fc61ad65ebdcd89d71bbb72d0b236f5ec76a3bec58ef429922b43d199636277ae8cb744e222f88a545a84ff754bdd1ddf5a8e09ea2c9ca4fbbb5ed1565695147599dcbb384af9c62b92bf1ff49f91c6b042625c2b7d7912fcbdcab826c72d0f277e1654c1ab3b625499edc45c8444490ec4f3f37df95ac43214f4040086dd09397114852d849a1edad63a1e05873536ffbd02430660d8081d310e82ecfc181628d85fc60fe896386367b3f39f40080088be0000000116038c070100000000000002080022eb00000002278164050200000000000096014d911308006558000000000be3173748326b77128ba94214d1f61621f55395f68cb8be677f7c662ea694fbd5b9dd10d8df425fc14dfa4ad62268ebf06311b14f5e33c81aea34b3b00e86af31821ef32fceef4574cf2dc905abe0bc2544293ce913e170ffa432a2304cb86990d5231663c0f7689195a8f65fe5079be58149a2818ea680e43f1924fc1ef7388202791e40eae243c54cd97f0bdcc63b40b2d5b1efca7629e8cbe56b98a0187a9ef50a3c1623a742ae6e079b07af9457d20f50d191dc574838b928c33fb78b589d49a82a6246a28c03498c1df312e3a6c6d99c2770687a59602efd4b6b5ebba7c0f9b92821ef9e4984c75c01adadad25d22613854c751e78f4d826795285870f203a84ad775f09d12af8a9f62a7ce5bdf25cb4bc26b8f9854e704877cbececb288f2a7898ae3035b7c2c0d708fc0d1d7cd6e1c3f87866cf9a3a36ff2d42a7decea66aeefcf2eb9c1d20517d057abc9e58087d9b407a568cc01ac19278f303e9fdb1ae4bb03995644cd2a21abb52c098321b69d50258a3e0dbc5241e458b37ef56042068deb8f539973623973e92f32ec7b1235ba7e2d01df6de503f241a9843bc57e8e09e1f804e83e6ef96a05b67aefb4bdfb92724d236544c072b02c36085c8ce1d0f863d5e2b82040d75ad2c2a38871b4718189947df76352c4f0c51b5064ce560fcfa1a27f2a46931417764b7657a55680fc6fde37efd9e0da516200f23c57ec5e969a7ae4d7c08fb503ca46c19256d9ed26d0e390c2b315c44c9ba3622aed90a15a4e22a6b4f9e5b9a2ebf3565ea5d0759292d97db0989f2bda519efe3b04ecdd44f1fa5c11f49abfc250fa2adf15f142db27533b92a9e460c0a24e9ad5c897bf22e7721d7a57abef2ef8864660942eafda48bb58bdc349904f524928df3cfec7752f67eaff5ab69c1707c19e6e5971f355ec1e586e84a715ea826fde646e9a0564896e7275ae9bae089e2165a97fefba781cc369038c701029b6be1f0ac4d7d35e5269b5b4faecb7d29634d1edded58352870a56c7f73965d378cafb268bebd2b16c6cd843433cd2cfcd8b579117a307fe9a18cc68f62cffadb78fc5144db09397201720e55ee07ce101f657c44ba8bdf073f1c21c90e952f5ba569e5edbff04506d726f930c4033b85e7f4a28038ab711c2c97c06e3f6302500a69a17575ff8978231230277f5a1d988ffc4d16118722aba107251ea1b131247d8094b1a9a9fba3a3024668a52db8a3c880c8c327c53e5dae1f86beba022bb1ae438cf523cb739bd4c16d5ead1ba200f2320f54d593e4ffb9b618da3caa8714284ae88d40860c283a6e02a739b786c964b545eeb484f0d09f23a7322c8c23e39dcc041c464abbd127307362eae1cc656c04141c16128f9e9917771063bd00f8614293230e4636fe1dba3c92931ad4e02abb77738c0a650de6d4b4528472f137851c61d0fa5ace9f69f000ad6ef960464327e7ad1484205e4437d65a6d191a9180952e3a61ca021c656a9e35d674325b85edf10134c818ee5ea69d3e6d031f8d3afe3187f125a59b442f3c29af80da77076fd3f6dd85c6875b920fde2514603d93145758c7b7a3b1bbec0af0ca49fe733e09f1ede59096a602508c06f9dcaf2d87c4e9e762e9fb2f91dd3d7a2088196f251a5430dae7143de9fc8cf4a133bfcaf7516ac0bbf0e5f25e22b9e304958ac5627638df96b6d63c37a17e38715bf38890fd45c1bbb30211df6ab6a3680266d921e12f6bac4803c556f733ef3796a30ca80bffe6e0f7f9f7e4089d75761d391d228a352d7d1258383a42439508e3a4927703e1b2fbee00f25113e242fbe51e3f9e1d74fcd34defb460cc91ec9ac5fa28d7be7194cc3843d4252a5a7946f9af777515da428dde9f730b9296e282b1c1da11cc33abbefb3846afbe5feedfabd2ead10b89ffe832b40fabb8611f47180aaeaee99a6c536368b4aef00707c80969e7fde5f3348fa303f86c47bb022fe66bc771c3295d934f768465f29582de20d5eff18af07fdf578c7b684d4e59a6b848879e882ca43b349889b3e985f517b373d74a417f0350b83e0c03e54555840bba996713a75d5d174b87e5e1ad11eb83a26c3dcea5f99a3c7bd539a499045187892583340ce119ffd4f8f9227adfc3f8f401b9c3adf0d923074edd87ed8d3f3c361349dd014945c7fae578b04e6bdf76e64bdc3e8abb17b133ffb6d604b2e22f9c405c1a31589a9f41fbfaab887303cb396d13b97ad700d05c5ffa47a9f9026e60bfeb3226d2a3c071c27151c995003cfe547d2ca113d67a62bbd2ba135dd5a450357f440cc18504a484fa067700893728b81d9859e0af7b4b05d93320655bffdfb445170084b514d14e5a2649d7778a84a19df5f584d3814087b93e1b73d184ce145cf4aa7daacd99147c9de2e9adc5f472272f6293bbab189f5739a01d50a9c3520c6eb1ac9af469f9e80ed60f9f827ee89369019cede3cd5dd861f896fe8aa12a2127b618d3856c1da2771eb98c6ae6ae4fe764e7d82e2dbee576171c1383c3fb53248469f1cf156571876ae212ba01988972ac97f01c043286f6e8cfc7d2ff87391200466e29c3035a6d897cb558f8ce318b85eda09e6498f33e9ab009b6d7e16903905bdefac8305887bd20164b7b834a106fa3e4fbf8ac04b4e6d278a4df75686edf9d01e76cc3cfc50d1f42e3d3ee42e440d00f74b915519be311c6836ff0668f3d2618e35f703023ac775efb7754da2f598e635497ecd0f118dc994964967dd1a1b4701bd7e036091ceb1fa47f9f2fe6f482b05edd44ccedad29f1a874936bc18bc5f7146fc79f6e416816ba91b1380f93315faefcd631a310f5f60b49f0abccb694dc647823407de4c6c7c47a92b5119785706000d45ae0d0c571d4e285366c8ba02c60a7d1987b6b3edf876b0e3cd227d5122fdb194ab6dcfefdcd5378bc30dff9bf4ba3ea142408c4436a3f3d55ef1b9a72e9ff0ca7e371db044e7e8bf24e6cafed75875dcb6e1e5eb90db891a51704798ee64995b83604ec6c4c5ec5604b59b56bdfd1715c5320b6496ef0abb3f319f74e35d723a9d477ef3eef343008844cdb7f4160b3b0da1ef6dd0fe073a9e1663df6653349b7ea2cbed5bfbb528700f1fd4ee517193eaa961919879dd1b31ef5782ee2c7aaaa5966f29f7fd9eee32ca8898764e3c74b43ee26612a60823bb5b22b41322a38fabfc39d67f66ee6c84884585620ed570c8b8a98807aace7f6a1419a262cfc21516bf1c65b85e8c7975f9f325309747d623dda7e8b664719b4a8f0475b34f00f1b4898bbe892e9777cee8ec2d98c29c32810c67c717cb5f6e1bdcdcded8c998c4c0ccaf75ef49450550bf7ff2feef79183c6acfe35eafcce63573644ce1b247cd3d28a21e28cf91bb63970f648944bbb1d232827a66de4d8480ce349c1600268684512f89948e639cdb43988111139218123513d3837bd75cb9e61ed79e3ea63f24b8a28ada4e149774a3d4528cea58bd1750a32fa5142f572f6a4e6f947812bde157d0ecde8fd063092abf75f9bb6976fa778b9d6635e1cd3240ca7fe407a35633e55a4a9c11ad70168dbcb1e90b26a6ca7271298ef4b490621c6f7bcee1dce58155813d1e5011ab99855c1a5fe0d323a7e47116acb2508be8bd24f91205e415b1f67cc26f009a2eb306ef75bbb0c8f7d6cb0bf767a541177102fde61c6525b764916bc87cb6d51b3a852aa3255afe9fa30d392cbc9974971ec91685f30b35282548c2ec32870332afef752a575ecccf84f1159b94d9b35edee0e932613bd9671fa1225f509e6911917f6a295755a269c61096662c8764c18d95ebc72001de114f2fe558bb6b3afc4383e5f52f141a5c210aa4326664686508bb3cc2b72546dc1d661667f4916a340ccac10b6dab8ed7efedbc67dbe94a0f95a99fa2d36bf607be786b7a91aa36691100f8bf96f042b0f723532a49a44c4b87796c23041ea6a4489560cd24441d24a081f15dcd4074c68ee3e719b6fc6c439af0084b47da8b78ba160d68144ba0835571569a474f7a9854945c8f6877235589d6bb03985e4074f410a28a5e5611c6a0b68760f5f1d5ed6f0d1972734a35403053288c72e870145fbf72f18b4912e99112ee471d3be25805cd317951a3224dc1b364297a5850805810af9ec92b508246ca0d81f4fd6e5a738769392aaf0c85ee6d5e42f2ef196236768685af728cb4810c87e9b69a191b7c1f1344078751706fa7cfc6a877e15885c428cc02f81fccfd171fc60673d7190fa0e17d454215ea024167d80c933113281f7750f63f8626522e2ab0b66584083cd24ceef56906ef5030d796fe3c3067699aad2e795d3cc0ef5bccf80e5ddbbef5ecc506e1549b4c8eeef185d5dffd561e5fd0c6a9875f766d5a660106b15185f045b4749df618d3c420f13ba2eaa5ad7eaedff9a016e83ae24687a40ebe050ae76539307f12e774e20f325641d1d65643f14a38c285f6cfc58d6e876d450c17f8d0d61fa4dcd4fba7b60c014c0151934f828fa07aebd2d654b02920d9434f264c630717440b43c18444b12ae619b5d2ecde4fe6f000cb460b1811849cf08fbd6f6fa3431e240aab7d98927bf4ebc33f633f0c45cb0aba0160e4d22624744665499a5fbda6b557feace6498001e0daf7bb31ff311baf54a76a6c6abe2daefdf824bf86a3d75a0014bb3ef54ab29577d438222a085a30654972352507aa189951710dcc1492e2c3447c2b1d841e553af9240b54ba974c88a71650fa5e3164b6ed44dac6abb0f496f51f0dfc396dfcb80ffe5cbf461ed4602ad4bce0872ce49b9dd0d2d9289eed616fb34f6a8cc2b4634ea047335e749d3687f5d46cff96b697643a2a0b01342fc890c0ced8b661f8bec62e0638eb6a455f2a6dfd515350c69aa528ac11f8189d415bac0fb3c27f19b74336eeee656d56d1e3780ca4a61bbb0725e00550c3302640fb9933a5836c0d04ee7de2612e8c310d9bbd6cdfb0b6d744c90c95b85de9ee587cb5c50d4c7e75f59e75f93929e8f6379dc8ba683d7e703a4d7e246a2ae028354215c9af5cae4710336eaa443615640e82214327abe5cbb0f3f44c673290aca1d4f042fbcd7e8b711e159adacf0cb2aec05b9bf124f7f66e4a9905899afdad378ae97e2806f26377df0cbb2abcea361ae92349bdb39ff105f4e24a4bb5af25c3b05aac52dec45c4b04377e005386daae50ca804878ea9e73583a654d15b20feac475e75a42de940cb5c30af1b48894a536ea27cfdf67b27eaf0ce27ad6e18319234b5e38f33ef674195407a6b20e01d824a134b4c28184249fa9701e6d7754cab4f2ab63e677f2124a162a3d124826f5068908ba13c87925fcbe5402050a612db451c96e2bb2076b934b9b363249bcc4ac2cdee5e690ce9c41017d107e352bb8bce279e44e573443262bce0a5b2bac6e405b264d4c4c3d0480a212ed635a200f8c1ab3be1c97a80b14320091323d4aad01b9c2692042c5f1bab97557818563b05ba7a51cf304d1ed297b9937a5495155a2f7533c55b4ef5b9b9e925f0116eb4ad5271894704816c63e170c53a5e5146e36e67fb3fdf75dadbd1204929335491e2a7be80466cd259797648f20e5613ab701146f458ca69581518f89b6a1a81f89c443e7603ddc1fc27c0bcc2999aa41adeddf2be564d7d99445ec2d2f44a06f708c730bc17777e4d2c4e6dcce930baddbc0895faafa9c0e574d75212b714210b7b5d462be1c0c873f5303f73f6d4b6a8c9ab2a21dbff24dad93405d944ed08a1770bce0a064004811d32ff0e27dd4070f31c8861f000a5e5923"], 0x0)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000d00)=ANY=[@ANYRESDEC, @ANYRESOCT=r9, @ANYRESDEC=r12], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000380)={0x0, @null, @bpq0, 0xc3, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x10, 0x3, [@null, @default, @bcast, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @default]})
sendmsg$AUDIT_USER_TTY(r6, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x28}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000006404000126bd7000ffdbdf258614566b699fa30bcea8d521f5c924d79d4513566fe31c2a54109e0d02508714ef2656bc93c80900"/68], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x1)

15.813334957s ago: executing program 4 (id=2670):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="000000f707000600000014"], 0xca)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x4, 0x90, [0x0, 0x200000000180, 0x2000000002c6, 0x2000000004dc], 0x0, 0x0, &(0x7f0000000180)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x108)
socketpair(0x11, 0x3, 0x5, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f00000000c0)=0xf, 0x4)

15.585603416s ago: executing program 2 (id=2671):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f00000006c0)=0x81, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000000d40)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e068000000110000000000000000dbc790ad000000fc000000000000001400000000000000000000003400000004000000000000001c000000000000000000000008"], 0x68}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000380)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='b 75:*\tw\nr'], 0xa)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c00000042000701feffffff00000000017c000004004280440001804000258008004700", @ANYRES32, @ANYBLOB="10002f800800cd00", @ANYRES32=0x0, @ANYBLOB="0400d58018007f8014a4d3002b00ff0100000000000000000000000000010c00908008001800e0000001"], 0x5c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
pipe(&(0x7f0000000000))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20084084)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r6], 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x88010)

15.531526495s ago: executing program 2 (id=2672):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000080), 0x4)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
recvmmsg(r0, &(0x7f0000005cc0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/205}, {&(0x7f00000001c0)=""/190}], 0x1, 0x0, 0xfffffffffffffdcc}, 0x5}], 0x1, 0x0, 0x0)
close(r1)

15.296071028s ago: executing program 2 (id=2673):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="2000000017140197"], 0x20}}, 0x0)

15.295464068s ago: executing program 2 (id=2674):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b00000005000000020000000900000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000800)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYRES8=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="62a02a3a34099c3a72"], 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

15.264380834s ago: executing program 2 (id=2675):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
accept$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket(0x1e, 0x805, 0x0)
connect$tipc(r2, &(0x7f0000000600)=@id={0x1e, 0x3, 0x3}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x3c, 0x2, [@TCA_FLOW_EMATCHES={0x38, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x9, 0x3, 0x67e6}, {0x9, 0x3, 0x5, 0x9}}}, @TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0x3, 0x9, 0x5}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x881}, 0x0)

7.540686155s ago: executing program 32 (id=2598):
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0xda, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4001}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x40}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pwritev(r0, &(0x7f0000000400)=[{&(0x7f0000000340)="577a29be4c834fe105e3399e08de3d945090b935490a65b37419c3391c7a68c302f06f897abc0381c27dd32f", 0x2c}], 0x1, 0x48, 0x3)

2.535211834s ago: executing program 33 (id=2642):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b000000000000000000000080000000eb1e17d92a8d335c3a23d6d4f67c85f9b800"/47, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="040100001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010062726964676500001400028008000500012000000800010000000000080029007e6b0000080028"], 0x104}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x27, 0x14, 0x0, &(0x7f00000005c0)="f8ad48cc02cb29dcc8007f5b0800a2e2bb131826", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, 0x0)

2.03564257s ago: executing program 34 (id=2656):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="60010000", @ANYRES16=r4, @ANYBLOB="01002cbd7000ffdbdf251a00000008009a000000000007002100616100000500920005000000080001001a000000180122802400008008000700090000000800060079000000080004000400000000000000030000000c00008008000100ffffffff3c0000800800020007000000080001006300000008000396478e9a397162fa000a000000080001004d000000080006000900000008000600040000001c0000800800020007000000080005000800000008000500080000004600"], 0x160}, 0x1, 0x0, 0x0, 0x840}, 0x4020)
sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xfffffffffffffdaa, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r4, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x31}, @void, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x40041)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r5, 0x0, 0xcf, 0xfffffffffffffffc, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xe27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r6, {0xf, 0xc}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_FLAGS={0x8}]}}]}, 0x3c}}, 0x20040054)

33.476115ms ago: executing program 35 (id=2675):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
accept$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket(0x1e, 0x805, 0x0)
connect$tipc(r2, &(0x7f0000000600)=@id={0x1e, 0x3, 0x3}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x3c, 0x2, [@TCA_FLOW_EMATCHES={0x38, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x9, 0x3, 0x67e6}, {0x9, 0x3, 0x5, 0x9}}}, @TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0x3, 0x9, 0x5}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x881}, 0x0)

0s ago: executing program 36 (id=2670):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="000000f707000600000014"], 0xca)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x4, 0x90, [0x0, 0x200000000180, 0x2000000002c6, 0x2000000004dc], 0x0, 0x0, &(0x7f0000000180)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x108)
socketpair(0x11, 0x3, 0x5, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f00000000c0)=0xf, 0x4)

kernel console output (not intermixed with test programs):

left promiscuous mode
[  266.721339][T11858] xfrm0: left allmulticast mode
[  267.888199][T11872] lo: Caught tx_queue_len zero misconfig
[  267.897350][T11887] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  268.260027][T11903] __nla_validate_parse: 8 callbacks suppressed
[  268.260046][T11903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1404'.
[  268.350242][T11903] ip6gre2: entered promiscuous mode
[  268.407509][T11895] syzkaller0: entered promiscuous mode
[  268.437194][T11895] syzkaller0: entered allmulticast mode
[  268.456259][T11901] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  268.496030][T11904] syzkaller0: entered promiscuous mode
[  268.531591][T11904] syzkaller0: entered allmulticast mode
[  268.583338][T11901] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  268.678473][T11899] tipc: Resetting bearer <eth:syzkaller0>
[  268.727974][T11899] tipc: Disabling bearer <eth:syzkaller0>
[  269.313267][T11922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1410'.
[  269.337195][T11913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1408'.
[  269.484084][T11926] xt_hashlimit: size too large, truncated to 1048576
[  270.743722][T11921] lo speed is unknown, defaulting to 1000
[  270.765233][T11921] vxcan1 speed is unknown, defaulting to 1000
[  270.775280][T11922] lo speed is unknown, defaulting to 1000
[  271.073127][T11955] netlink: 'syz.1.1418': attribute type 1 has an invalid length.
[  271.241886][T11922] vxcan1 speed is unknown, defaulting to 1000
[  271.857005][T11982] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1425'.
[  271.876852][T11982] block nbd0: not configured, cannot reconfigure
[  271.908791][T11982] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1425'.
[  272.269500][T11992] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1430'.
[  272.427059][T11992] veth7: entered promiscuous mode
[  272.790230][T11995] lo speed is unknown, defaulting to 1000
[  272.805522][T11995] vxcan1 speed is unknown, defaulting to 1000
[  272.997119][T12003] syzkaller0: entered promiscuous mode
[  273.002991][T12003] syzkaller0: entered allmulticast mode
[  273.021646][T11997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1431'.
[  274.600144][T12011] lo speed is unknown, defaulting to 1000
[  274.608544][T12011] vxcan1 speed is unknown, defaulting to 1000
[  274.847326][T12020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1438'.
[  274.866703][T12020] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1438'.
[  274.952895][T12024] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1438'.
[  274.977306][T12024] nbd: must specify at least one socket
[  275.222794][T12029] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1441'.
[  275.266361][T12029] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1441'.
[  275.448247][T12029] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1441'.
[  275.461746][T12033] netlink: 'syz.4.1441': attribute type 1 has an invalid length.
[  275.474868][T12033] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1441'.
[  276.925775][T12046] netlink: 'syz.4.1447': attribute type 13 has an invalid length.
[  276.989415][T12046] netlink: 'syz.4.1447': attribute type 17 has an invalid length.
[  277.921137][T12046] erspan0: entered promiscuous mode
[  278.408523][T12046] ip6tnl0: left promiscuous mode
[  278.545951][T12046] ip6gretap0: entered promiscuous mode
[  278.870400][T12046] bond0: left promiscuous mode
[  278.998367][T12046] dummy0: left promiscuous mode
[  279.194793][T12046] 8021q: adding VLAN 0 to HW filter on device `
[  279.541079][T12046] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  279.730169][T12061] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.153732][T12073] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1452'.
[  280.254200][T12061] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.355942][T12061] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.458577][T12061] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.638066][ T1341] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  280.762061][   T49] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  280.874082][ T1341] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  280.979351][ T1341] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  281.827582][T12126] wg1 speed is unknown, defaulting to 1000
[  281.834248][T12126] wg1 speed is unknown, defaulting to 1000
[  281.852565][T12126] wg1 speed is unknown, defaulting to 1000
[  281.885501][T12129] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1464'.
[  281.897618][T12128] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1465'.
[  281.913573][T12126] infiniband syz: RDMA CMA: cma_listen_on_dev, error -98
[  281.965724][T12114] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1459'.
[  282.009364][T12131] netlink: 'syz.3.1459': attribute type 17 has an invalid length.
[  282.022719][T12130] xt_TCPMSS: Only works on TCP SYN packets
[  282.033755][T12131] lo: left promiscuous mode
[  282.044859][T12131] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  282.079938][T12126] wg1 speed is unknown, defaulting to 1000
[  282.089576][T12126] wg1 speed is unknown, defaulting to 1000
[  282.099817][T12126] wg1 speed is unknown, defaulting to 1000
[  282.109623][T12126] wg1 speed is unknown, defaulting to 1000
[  282.119521][T12126] wg1 speed is unknown, defaulting to 1000
[  282.349373][T12136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1466'.
[  282.391106][T12137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1467'.
[  282.411067][T12132] bond0: (slave erspan0): Enslaving as an active interface with an up link
[  282.736525][T12148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1469'.
[  282.736525][T12147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1469'.
[  282.802291][   T49] smc: removing ib device syz2
[  282.998057][T12170] netlink: 'syz.1.1471': attribute type 8 has an invalid length.
[  283.182436][T12154] lo speed is unknown, defaulting to 1000
[  283.199436][T12174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1474'.
[  283.290018][T12170] lo speed is unknown, defaulting to 1000
[  283.448408][T12176] bond5: option arp_validate: invalid value (18446744073709551614)
[  283.525256][T12176] bond5 (unregistering): Released all slaves
[  283.976367][T12200] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1481'.
[  284.080354][T12154] wg1 speed is unknown, defaulting to 1000
[  284.217139][T12200] nbd: socks must be embedded in a SOCK_ITEM attr
[  284.490703][T12214] netlink: 'syz.3.1480': attribute type 1 has an invalid length.
[  285.689113][T12217] lo speed is unknown, defaulting to 1000
[  285.903311][T12170] wg1 speed is unknown, defaulting to 1000
[  285.916401][T12224] FAULT_INJECTION: forcing a failure.
[  285.916401][T12224] name failslab, interval 1, probability 0, space 0, times 0
[  285.963356][T12224] CPU: 1 UID: 0 PID: 12224 Comm: syz.0.1484 Not tainted syzkaller #0 PREEMPT(full) 
[  285.963384][T12224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  285.963397][T12224] Call Trace:
[  285.963404][T12224]  <TASK>
[  285.963413][T12224]  dump_stack_lvl+0x189/0x250
[  285.963444][T12224]  ? __pfx____ratelimit+0x10/0x10
[  285.963472][T12224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.963498][T12224]  ? __pfx__printk+0x10/0x10
[  285.963522][T12224]  ? __pfx___might_resched+0x10/0x10
[  285.963542][T12224]  ? fs_reclaim_acquire+0x7d/0x100
[  285.963565][T12224]  should_fail_ex+0x414/0x560
[  285.963598][T12224]  should_failslab+0xa8/0x100
[  285.963619][T12224]  kmem_cache_alloc_noprof+0x74/0x6e0
[  285.963645][T12224]  ? skb_clone+0x212/0x3a0
[  285.963674][T12224]  skb_clone+0x212/0x3a0
[  285.963695][T12224]  ? nfnetlink_rcv+0x4ba/0x2590
[  285.963736][T12224]  nfnetlink_rcv+0x4ec/0x2590
[  285.963768][T12224]  ? is_bpf_text_address+0x26/0x2b0
[  285.963804][T12224]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  285.963838][T12224]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  285.963873][T12224]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  285.963903][T12224]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  285.963957][T12224]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  285.964001][T12224]  ? __lock_acquire+0xab9/0xd20
[  285.964033][T12224]  ? netlink_deliver_tap+0x2e/0x1b0
[  285.964076][T12224]  netlink_unicast+0x82f/0x9e0
[  285.964117][T12224]  ? __pfx_netlink_unicast+0x10/0x10
[  285.964149][T12224]  ? netlink_sendmsg+0x642/0xb30
[  285.964167][T12224]  ? skb_put+0x11b/0x210
[  285.964192][T12224]  netlink_sendmsg+0x805/0xb30
[  285.964225][T12224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.964248][T12224]  ? aa_sock_msg_perm+0xf1/0x1d0
[  285.964278][T12224]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  285.964297][T12224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.964319][T12224]  __sock_sendmsg+0x21c/0x270
[  285.964351][T12224]  ____sys_sendmsg+0x505/0x830
[  285.964381][T12224]  ? __pfx_____sys_sendmsg+0x10/0x10
[  285.964411][T12224]  ? import_iovec+0x74/0xa0
[  285.964439][T12224]  ___sys_sendmsg+0x21f/0x2a0
[  285.964463][T12224]  ? __pfx____sys_sendmsg+0x10/0x10
[  285.964520][T12224]  ? __fget_files+0x2a/0x420
[  285.964535][T12224]  ? __fget_files+0x3a0/0x420
[  285.964562][T12224]  __x64_sys_sendmsg+0x19b/0x260
[  285.964586][T12224]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  285.964631][T12224]  do_syscall_64+0xfa/0xfa0
[  285.964650][T12224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.964667][T12224]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  285.964684][T12224]  ? clear_bhb_loop+0x60/0xb0
[  285.964706][T12224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.964724][T12224] RIP: 0033:0x7fcf4fd8f6c9
[  285.964743][T12224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.964759][T12224] RSP: 002b:00007fcf50cac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  285.964780][T12224] RAX: ffffffffffffffda RBX: 00007fcf4ffe5fa0 RCX: 00007fcf4fd8f6c9
[  285.964794][T12224] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  285.964806][T12224] RBP: 00007fcf50cac090 R08: 0000000000000000 R09: 0000000000000000
[  285.964819][T12224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.964831][T12224] R13: 00007fcf4ffe6038 R14: 00007fcf4ffe5fa0 R15: 00007ffceaec20b8
[  285.964875][T12224]  </TASK>
[  286.649997][T12236] __nla_validate_parse: 1 callbacks suppressed
[  286.650020][T12236] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1486'.
[  286.748429][T12217] wg1 speed is unknown, defaulting to 1000
[  286.987857][T12231] lo speed is unknown, defaulting to 1000
[  287.108610][T12241] lo speed is unknown, defaulting to 1000
[  287.487361][T12253] veth0: entered promiscuous mode
[  287.505504][T12252] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1488'.
[  287.575288][T12252] veth0 (unregistering): left promiscuous mode
[  287.638361][T12241] wg1 speed is unknown, defaulting to 1000
[  287.842616][T12255] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1489'.
[  288.172242][T12267] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1492'.
[  288.191497][T12267] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1492'.
[  288.211669][T12267] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1492'.
[  288.225527][T12267] netlink: 'syz.4.1492': attribute type 1 has an invalid length.
[  288.233699][T12267] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1492'.
[  288.309757][T12269] FAULT_INJECTION: forcing a failure.
[  288.309757][T12269] name failslab, interval 1, probability 0, space 0, times 0
[  288.326172][T12269] CPU: 1 UID: 0 PID: 12269 Comm: syz.4.1495 Not tainted syzkaller #0 PREEMPT(full) 
[  288.326201][T12269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  288.326212][T12269] Call Trace:
[  288.326220][T12269]  <TASK>
[  288.326229][T12269]  dump_stack_lvl+0x189/0x250
[  288.326262][T12269]  ? __pfx____ratelimit+0x10/0x10
[  288.326291][T12269]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.326318][T12269]  ? __pfx__printk+0x10/0x10
[  288.326341][T12269]  ? __pfx___might_resched+0x10/0x10
[  288.326363][T12269]  ? fs_reclaim_acquire+0x7d/0x100
[  288.326386][T12269]  should_fail_ex+0x414/0x560
[  288.326421][T12269]  should_failslab+0xa8/0x100
[  288.326444][T12269]  kmem_cache_alloc_noprof+0x74/0x6e0
[  288.326471][T12269]  ? skb_clone+0x212/0x3a0
[  288.326509][T12269]  skb_clone+0x212/0x3a0
[  288.326530][T12269]  ? nfnetlink_rcv+0x4ba/0x2590
[  288.326563][T12269]  nfnetlink_rcv+0x4ec/0x2590
[  288.326592][T12269]  ? __dev_queue_xmit+0x284/0x3740
[  288.326616][T12269]  ? __dev_queue_xmit+0x1bfb/0x3740
[  288.326657][T12269]  ? __dev_queue_xmit+0x284/0x3740
[  288.326692][T12269]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  288.326741][T12269]  ? ref_tracker_free+0x63a/0x7d0
[  288.326760][T12269]  ? __asan_memcpy+0x40/0x70
[  288.326793][T12269]  ? __pfx_ref_tracker_free+0x10/0x10
[  288.326809][T12269]  ? __skb_clone+0x63/0x7a0
[  288.326836][T12269]  ? __skb_clone+0x483/0x7a0
[  288.326867][T12269]  ? skb_clone+0x246/0x3a0
[  288.326894][T12269]  ? __netlink_deliver_tap+0x807/0x850
[  288.326923][T12269]  ? netlink_deliver_tap+0x2e/0x1b0
[  288.326964][T12269]  netlink_unicast+0x82f/0x9e0
[  288.327003][T12269]  ? __pfx_netlink_unicast+0x10/0x10
[  288.327035][T12269]  ? netlink_sendmsg+0x642/0xb30
[  288.327052][T12269]  ? skb_put+0x11b/0x210
[  288.327076][T12269]  netlink_sendmsg+0x805/0xb30
[  288.327108][T12269]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.327133][T12269]  ? aa_sock_msg_perm+0xf1/0x1d0
[  288.327163][T12269]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  288.327182][T12269]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.327204][T12269]  __sock_sendmsg+0x21c/0x270
[  288.327235][T12269]  ____sys_sendmsg+0x505/0x830
[  288.327264][T12269]  ? __pfx_____sys_sendmsg+0x10/0x10
[  288.327298][T12269]  ? import_iovec+0x74/0xa0
[  288.327327][T12269]  ___sys_sendmsg+0x21f/0x2a0
[  288.327353][T12269]  ? __pfx____sys_sendmsg+0x10/0x10
[  288.327418][T12269]  ? __fget_files+0x2a/0x420
[  288.327435][T12269]  ? __fget_files+0x3a0/0x420
[  288.327466][T12269]  __x64_sys_sendmsg+0x19b/0x260
[  288.327493][T12269]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  288.327534][T12269]  ? __pfx_ksys_write+0x10/0x10
[  288.327566][T12269]  ? do_syscall_64+0xbe/0xfa0
[  288.327590][T12269]  do_syscall_64+0xfa/0xfa0
[  288.327607][T12269]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.327626][T12269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.327645][T12269]  ? clear_bhb_loop+0x60/0xb0
[  288.327669][T12269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.327687][T12269] RIP: 0033:0x7fb3f658f6c9
[  288.327705][T12269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.327722][T12269] RSP: 002b:00007fb3f47f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  288.327744][T12269] RAX: ffffffffffffffda RBX: 00007fb3f67e5fa0 RCX: 00007fb3f658f6c9
[  288.327757][T12269] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  288.327770][T12269] RBP: 00007fb3f47f6090 R08: 0000000000000000 R09: 0000000000000000
[  288.327782][T12269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.327794][T12269] R13: 00007fb3f67e6038 R14: 00007fb3f67e5fa0 R15: 00007ffed738c088
[  288.327829][T12269]  </TASK>
[  288.717416][T12231] wg1 speed is unknown, defaulting to 1000
[  288.890926][T12271] macsec2: entered promiscuous mode
[  288.914432][T12271] macsec2: entered allmulticast mode
[  289.129394][T12285] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1498'.
[  289.166622][T12280] syzkaller0: entered promiscuous mode
[  289.185100][T12280] syzkaller0: entered allmulticast mode
[  289.205855][T12286] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  289.568438][T12303] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1505'.
[  289.755521][T12308] lo speed is unknown, defaulting to 1000
[  290.434904][T12334] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1513'.
[  290.843107][T12330] lo speed is unknown, defaulting to 1000
[  290.853318][T12322] lo speed is unknown, defaulting to 1000
[  290.870451][T12331] lo speed is unknown, defaulting to 1000
[  290.918001][T12308] wg1 speed is unknown, defaulting to 1000
[  291.106792][T12340] netlink: 'syz.1.1515': attribute type 2 has an invalid length.
[  291.512833][T12343] dvmrp1: tun_chr_ioctl cmd 1074025677
[  291.518488][T12343] dvmrp1: linktype set to 774
[  291.765251][T12347] tun0: tun_chr_ioctl cmd 1074025675
[  291.770616][T12347] tun0: persist enabled
[  291.776142][T12347] tun0: tun_chr_ioctl cmd 1074025675
[  291.782154][T12347] tun0: persist enabled
[  291.898462][T12331] wg1 speed is unknown, defaulting to 1000
[  291.925203][T12330] wg1 speed is unknown, defaulting to 1000
[  291.935510][T12322] wg1 speed is unknown, defaulting to 1000
[  292.813774][T12361] __nla_validate_parse: 1 callbacks suppressed
[  292.813794][T12361] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1522'.
[  293.701385][T12389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1529'.
[  293.722570][T12389] syzkaller0: entered promiscuous mode
[  293.741449][T12389] syzkaller0: entered allmulticast mode
[  293.843063][T12398] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1530'.
[  294.177627][T12408] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1533'.
[  294.192769][T12408] netlink: 'syz.2.1533': attribute type 1 has an invalid length.
[  294.200558][T12408] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1533'.
[  294.309761][T12411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1534'.
[  294.385806][T12411] netlink: 'syz.0.1534': attribute type 1 has an invalid length.
[  294.399876][T12411] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1534'.
[  294.532935][T12425] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1538'.
[  294.671400][T12436] netlink: 'syz.0.1539': attribute type 1 has an invalid length.
[  294.757436][T12441] bond5: (slave vxcan1): The slave device specified does not support setting the MAC address
[  294.792775][T12441] bond5: (slave vxcan1): Error -95 calling set_mac_address
[  294.800605][T12436] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1539'.
[  294.860556][T12436] bond5: (slave bridge5): Enslaving as an active interface with a down link
[  294.890374][T12445] ieee802154 phy0 wpan0: encryption failed: -22
[  294.913013][T12436] macvlan2: entered promiscuous mode
[  294.928370][T12436] macvlan2: entered allmulticast mode
[  294.935389][T12436] bond5: entered promiscuous mode
[  294.961838][T12436] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  294.983055][T12436] bond5: left promiscuous mode
[  295.035849][T12447] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  295.046289][T12447] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.062927][T12447] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  295.175190][T12447] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  295.193283][T12447] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.204329][T12447] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  295.269997][T12447] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  295.281558][T12447] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.293977][T12447] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  295.352798][T12447] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  295.364958][T12447] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.377049][T12447] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  295.500531][T12459] team_slave_0 (unregistering): left promiscuous mode
[  295.521822][T12459] team0: Port device team_slave_0 removed
[  295.662280][ T1341] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  295.682761][ T1341] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  295.690987][ T1341] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  295.783303][ T1341] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  295.803794][ T1341] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  295.831963][T12469] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1547'.
[  295.841431][ T1341] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  295.895627][ T1341] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  295.914803][ T1341] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  295.934566][ T1341] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  295.987503][ T1341] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  295.987642][T12476] netlink: 'syz.4.1548': attribute type 1 has an invalid length.
[  296.016127][ T1341] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  296.051225][ T1341] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  296.575804][T12495] lo speed is unknown, defaulting to 1000
[  296.612003][T12500] batadv_slave_1: Caught tx_queue_len zero misconfig
[  296.808412][T12506] vlan3: entered promiscuous mode
[  296.819177][T12506] bond0: entered promiscuous mode
[  296.837120][T12506] dummy0: entered promiscuous mode
[  296.871081][T12503] netlink: 'syz.4.1558': attribute type 14 has an invalid length.
[  297.157975][T12495] wg1 speed is unknown, defaulting to 1000
[  297.249669][T12517] netlink: 'syz.0.1562': attribute type 1 has an invalid length.
[  297.444325][T12523] netlink: 'syz.1.1563': attribute type 1 has an invalid length.
[  297.460563][T12527] can: request_module (can-proto-3) failed.
[  297.577200][T12523] 8021q: adding VLAN 0 to HW filter on device bond10
[  297.616048][T12536] bond10: (slave geneve3): making interface the new active one
[  297.625453][T12536] bond10: (slave geneve3): Enslaving as an active interface with an up link
[  297.660892][T12541] bridge7: entered promiscuous mode
[  297.669007][ T1341] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  297.681462][ T1341] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  297.704580][ T1341] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  297.839605][ T1341] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  297.873161][T12535] lo speed is unknown, defaulting to 1000
[  297.884505][T12554] netlink: 'syz.4.1573': attribute type 7 has an invalid length.
[  297.906015][T12554] __nla_validate_parse: 21 callbacks suppressed
[  297.906036][T12554] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1573'.
[  297.991416][T12552] lo speed is unknown, defaulting to 1000
[  298.240625][T12562] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1576'.
[  298.268843][T12562] netlink: 'syz.0.1576': attribute type 1 has an invalid length.
[  298.291364][T12562] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1576'.
[  298.566283][T12535] wg1 speed is unknown, defaulting to 1000
[  298.798073][T12583] wg1: left promiscuous mode
[  298.810094][T12583] wg1: left allmulticast mode
[  298.861617][T12583] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  298.868946][T12583] geneve2: left promiscuous mode
[  298.924322][T12583] veth5: left promiscuous mode
[  298.934474][T12583] mac80211_hwsim hwsim8 wlan0: left allmulticast mode
[  298.955383][T12583] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  298.965716][T12583] macsec1: left promiscuous mode
[  298.970912][T12583] macsec1: left allmulticast mode
[  298.984137][T12583] veth7: left promiscuous mode
[  298.999197][T12583] veth1_to_hsr: left allmulticast mode
[  299.005221][T12583] veth1_to_hsr: left promiscuous mode
[  299.011883][T12583] macvtap1: left promiscuous mode
[  299.017209][T12583] macvtap1: left allmulticast mode
[  299.030060][T12599] ieee802154 phy0 wpan0: encryption failed: -22
[  299.042033][T12583] ip6gretap0: left allmulticast mode
[  299.047676][T12583] ip6gretap0: left promiscuous mode
[  299.058087][T12583] macsec2: left promiscuous mode
[  299.063767][T12583] macsec2: left allmulticast mode
[  299.097791][T12583] bridge7: left promiscuous mode
[  299.177942][T12599] netlink: 'syz.4.1583': attribute type 9 has an invalid length.
[  299.214247][T12552] wg1 speed is unknown, defaulting to 1000
[  299.449363][T12612] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1586'.
[  299.481781][T12617] IPVS: set_ctl: invalid protocol: 125 0.0.0.0:20002
[  299.983217][T12633] lo speed is unknown, defaulting to 1000
[  300.433093][T12645] svc: failed to register nfsdv3 RPC service (errno 111).
[  300.455937][T12645] svc: failed to register nfsaclv3 RPC service (errno 111).
[  300.853986][T12633] wg1 speed is unknown, defaulting to 1000
[  300.860584][T12652] netlink: 'syz.2.1595': attribute type 9 has an invalid length.
[  301.059694][T12665] FAULT_INJECTION: forcing a failure.
[  301.059694][T12665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  301.080918][T12665] CPU: 0 UID: 0 PID: 12665 Comm: syz.2.1598 Not tainted syzkaller #0 PREEMPT(full) 
[  301.080948][T12665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  301.080960][T12665] Call Trace:
[  301.080968][T12665]  <TASK>
[  301.080977][T12665]  dump_stack_lvl+0x189/0x250
[  301.081010][T12665]  ? __pfx____ratelimit+0x10/0x10
[  301.081038][T12665]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.081065][T12665]  ? __pfx__printk+0x10/0x10
[  301.081086][T12665]  ? __might_fault+0xb0/0x130
[  301.081125][T12665]  should_fail_ex+0x414/0x560
[  301.081162][T12665]  _copy_from_user+0x2d/0xb0
[  301.081189][T12665]  do_ip_vs_set_ctl+0x2d3/0xa60
[  301.081220][T12665]  ? rcu_is_watching+0x15/0xb0
[  301.081241][T12665]  ? __pfx_do_ip_vs_set_ctl+0x10/0x10
[  301.081265][T12665]  ? trace_contention_end+0x39/0x120
[  301.081309][T12665]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  301.081347][T12665]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  301.081380][T12665]  ? __pfx_aa_sk_perm+0x10/0x10
[  301.081413][T12665]  nf_setsockopt+0x26f/0x290
[  301.081441][T12665]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  301.081472][T12665]  do_sock_setsockopt+0x17c/0x1b0
[  301.081498][T12665]  __x64_sys_setsockopt+0x13f/0x1b0
[  301.081526][T12665]  do_syscall_64+0xfa/0xfa0
[  301.081544][T12665]  ? lockdep_hardirqs_on+0x9c/0x150
[  301.081562][T12665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.081581][T12665]  ? clear_bhb_loop+0x60/0xb0
[  301.081603][T12665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.081621][T12665] RIP: 0033:0x7f7bc658f6c9
[  301.081638][T12665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.081653][T12665] RSP: 002b:00007f7bc7462038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  301.081673][T12665] RAX: ffffffffffffffda RBX: 00007f7bc67e5fa0 RCX: 00007f7bc658f6c9
[  301.081686][T12665] RDX: 0000000000000488 RSI: 0000000000000000 RDI: 0000000000000003
[  301.081697][T12665] RBP: 00007f7bc7462090 R08: 0000000000000044 R09: 0000000000000000
[  301.081708][T12665] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  301.081720][T12665] R13: 00007f7bc67e6038 R14: 00007f7bc67e5fa0 R15: 00007ffd95bf2568
[  301.081755][T12665]  </TASK>
[  301.492901][T12668] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  301.510515][T12675] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1602'.
[  301.528959][T12675] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1602'.
[  301.638235][T12675] batadv0: entered promiscuous mode
[  301.655801][T12675] dummy0: entered promiscuous mode
[  301.666800][T12675] hsr1: Slave A (batadv0) is not up; please bring it up to get a fully working HSR network
[  301.677346][T12675] hsr1: Slave B (dummy0) is not up; please bring it up to get a fully working HSR network
[  301.861929][T12683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1605'.
[  302.141922][T12699] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1611'.
[  302.152931][T12699] netlink: 'syz.3.1611': attribute type 1 has an invalid length.
[  302.160697][T12699] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1611'.
[  302.203957][T12702] FAULT_INJECTION: forcing a failure.
[  302.203957][T12702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.244886][T12701] lo speed is unknown, defaulting to 1000
[  302.281112][T12702] CPU: 0 UID: 0 PID: 12702 Comm: syz.1.1612 Not tainted syzkaller #0 PREEMPT(full) 
[  302.281147][T12702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  302.281159][T12702] Call Trace:
[  302.281168][T12702]  <TASK>
[  302.281175][T12702]  dump_stack_lvl+0x189/0x250
[  302.281208][T12702]  ? __pfx____ratelimit+0x10/0x10
[  302.281237][T12702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.281261][T12702]  ? __pfx__printk+0x10/0x10
[  302.281294][T12702]  should_fail_ex+0x414/0x560
[  302.281329][T12702]  _copy_to_user+0x31/0xb0
[  302.281357][T12702]  simple_read_from_buffer+0xe1/0x170
[  302.281399][T12702]  proc_fail_nth_read+0x1b3/0x220
[  302.281427][T12702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  302.281456][T12702]  ? rw_verify_area+0x2a6/0x4d0
[  302.281481][T12702]  ? __lock_acquire+0xab9/0xd20
[  302.281497][T12702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  302.281523][T12702]  vfs_read+0x200/0xa30
[  302.281548][T12702]  ? fdget_pos+0x247/0x320
[  302.281573][T12702]  ? __pfx___mutex_lock+0x10/0x10
[  302.281594][T12702]  ? __pfx_vfs_read+0x10/0x10
[  302.281622][T12702]  ? __fget_files+0x2a/0x420
[  302.281645][T12702]  ? __fget_files+0x3a0/0x420
[  302.281662][T12702]  ? __fget_files+0x2a/0x420
[  302.281691][T12702]  ksys_read+0x145/0x250
[  302.281722][T12702]  ? __pfx_ksys_read+0x10/0x10
[  302.281753][T12702]  ? do_syscall_64+0xbe/0xfa0
[  302.281776][T12702]  do_syscall_64+0xfa/0xfa0
[  302.281792][T12702]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.281810][T12702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.281829][T12702]  ? clear_bhb_loop+0x60/0xb0
[  302.281852][T12702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.281870][T12702] RIP: 0033:0x7f511f18e0dc
[  302.281888][T12702] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  302.281905][T12702] RSP: 002b:00007f5120056030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  302.281927][T12702] RAX: ffffffffffffffda RBX: 00007f511f3e5fa0 RCX: 00007f511f18e0dc
[  302.281941][T12702] RDX: 000000000000000f RSI: 00007f51200560a0 RDI: 0000000000000005
[  302.281954][T12702] RBP: 00007f5120056090 R08: 0000000000000000 R09: 0000000000000000
[  302.281966][T12702] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  302.281978][T12702] R13: 00007f511f3e6038 R14: 00007f511f3e5fa0 R15: 00007fff47741018
[  302.282015][T12702]  </TASK>
[  302.728376][T12701] wg1 speed is unknown, defaulting to 1000
[  303.008573][T12723] syz.2.1618: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  303.056974][T12723] CPU: 1 UID: 0 PID: 12723 Comm: syz.2.1618 Not tainted syzkaller #0 PREEMPT(full) 
[  303.057004][T12723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  303.057016][T12723] Call Trace:
[  303.057024][T12723]  <TASK>
[  303.057033][T12723]  dump_stack_lvl+0x189/0x250
[  303.057071][T12723]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.057099][T12723]  ? __pfx__printk+0x10/0x10
[  303.057121][T12723]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  303.057147][T12723]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  303.057177][T12723]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  303.057207][T12723]  warn_alloc+0x214/0x310
[  303.057242][T12723]  ? __pfx_warn_alloc+0x10/0x10
[  303.057282][T12723]  ? __get_vm_area_node+0x28f/0x300
[  303.057308][T12723]  ? fq_pie_init+0x435/0x840
[  303.057338][T12723]  __vmalloc_node_range_noprof+0x690/0x12d0
[  303.057366][T12723]  ? __alloc_frozen_pages_noprof+0x9f/0x370
[  303.057418][T12723]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  303.057445][T12723]  ? fq_pie_init+0x435/0x840
[  303.057477][T12723]  ? rcu_is_watching+0x15/0xb0
[  303.057500][T12723]  ? fq_pie_init+0x435/0x840
[  303.057528][T12723]  __kvmalloc_node_noprof+0x674/0x910
[  303.057557][T12723]  ? fq_pie_init+0x435/0x840
[  303.057595][T12723]  ? tcf_block_get+0x67/0xa0
[  303.057613][T12723]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  303.057638][T12723]  fq_pie_init+0x435/0x840
[  303.057669][T12723]  ? __pfx_fq_pie_init+0x10/0x10
[  303.057697][T12723]  qdisc_create+0x7ac/0xea0
[  303.057737][T12723]  tc_modify_qdisc+0x1538/0x20e0
[  303.057784][T12723]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  303.057850][T12723]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  303.057875][T12723]  rtnetlink_rcv_msg+0x77c/0xb70
[  303.057894][T12723]  ? __lock_acquire+0xab9/0xd20
[  303.057917][T12723]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  303.057936][T12723]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  303.057973][T12723]  netlink_rcv_skb+0x208/0x470
[  303.057990][T12723]  ? __lock_acquire+0xab9/0xd20
[  303.058007][T12723]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  303.058027][T12723]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  303.058057][T12723]  ? netlink_deliver_tap+0x2e/0x1b0
[  303.058087][T12723]  netlink_unicast+0x82f/0x9e0
[  303.058129][T12723]  ? __pfx_netlink_unicast+0x10/0x10
[  303.058160][T12723]  ? netlink_sendmsg+0x642/0xb30
[  303.058177][T12723]  ? skb_put+0x11b/0x210
[  303.058199][T12723]  netlink_sendmsg+0x805/0xb30
[  303.058231][T12723]  ? __pfx_netlink_sendmsg+0x10/0x10
[  303.058255][T12723]  ? aa_sock_msg_perm+0xf1/0x1d0
[  303.058285][T12723]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  303.058305][T12723]  ? __pfx_netlink_sendmsg+0x10/0x10
[  303.058325][T12723]  __sock_sendmsg+0x21c/0x270
[  303.058352][T12723]  ____sys_sendmsg+0x505/0x830
[  303.058376][T12723]  ? __pfx_____sys_sendmsg+0x10/0x10
[  303.058404][T12723]  ? import_iovec+0x74/0xa0
[  303.058431][T12723]  ___sys_sendmsg+0x21f/0x2a0
[  303.058455][T12723]  ? __pfx____sys_sendmsg+0x10/0x10
[  303.058519][T12723]  ? __fget_files+0x2a/0x420
[  303.058537][T12723]  ? __fget_files+0x3a0/0x420
[  303.058565][T12723]  __x64_sys_sendmsg+0x19b/0x260
[  303.058599][T12723]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  303.058643][T12723]  ? do_syscall_64+0xbe/0xfa0
[  303.058668][T12723]  do_syscall_64+0xfa/0xfa0
[  303.058684][T12723]  ? lockdep_hardirqs_on+0x9c/0x150
[  303.058702][T12723]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.058720][T12723]  ? clear_bhb_loop+0x60/0xb0
[  303.058743][T12723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.058760][T12723] RIP: 0033:0x7f7bc658f6c9
[  303.058777][T12723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.058792][T12723] RSP: 002b:00007f7bc7462038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  303.058812][T12723] RAX: ffffffffffffffda RBX: 00007f7bc67e5fa0 RCX: 00007f7bc658f6c9
[  303.058826][T12723] RDX: 000000002000400c RSI: 00002000000000c0 RDI: 0000000000000004
[  303.058840][T12723] RBP: 00007f7bc6611f91 R08: 0000000000000000 R09: 0000000000000000
[  303.058852][T12723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  303.058864][T12723] R13: 00007f7bc67e6038 R14: 00007f7bc67e5fa0 R15: 00007ffd95bf2568
[  303.058899][T12723]  </TASK>
[  303.059070][T12723] Mem-Info:
[  303.476510][T12723] active_anon:5757 inactive_anon:0 isolated_anon:0
[  303.476510][T12723]  active_file:3209 inactive_file:39966 isolated_file:0
[  303.476510][T12723]  unevictable:1768 dirty:247 writeback:0
[  303.476510][T12723]  slab_reclaimable:12151 slab_unreclaimable:151301
[  303.476510][T12723]  mapped:29209 shmem:2340 pagetables:1180
[  303.476510][T12723]  sec_pagetables:0 bounce:0
[  303.476510][T12723]  kernel_misc_reclaimable:0
[  303.476510][T12723]  free:1274919 free_pcp:13149 free_cma:0
[  303.531360][T12723] Node 0 active_anon:23028kB inactive_anon:0kB active_file:12836kB inactive_file:159664kB unevictable:5536kB isolated(anon):0kB isolated(file):0kB mapped:116836kB dirty:984kB writeback:0kB shmem:7824kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14640kB pagetables:4380kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  303.564545][T12723] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  303.596555][T12723] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  303.627688][T12723] lowmem_reserve[]: 0 2504 2505 2505 2505
[  303.637909][T12723] Node 0 DMA32 free:1189924kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23228kB inactive_anon:0kB active_file:12836kB inactive_file:159664kB unevictable:5536kB writepending:984kB zspages:0kB present:3129332kB managed:2565112kB mlocked:4000kB bounce:0kB free_pcp:37588kB local_pcp:19012kB free_cma:0kB
[  303.642822][T12745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1623'.
[  303.672213][T12723] lowmem_reserve[]: 0 0 0 0 0
[  303.685747][T12723] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  303.716186][T12723] lowmem_reserve[]: 0 0 0 0 0
[  303.721079][T12723] Node 1 Normal free:3894392kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15296kB local_pcp:10336kB free_cma:0kB
[  303.754416][T12723] lowmem_reserve[]: 0 0 0 0 0
[  303.759193][T12723] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  303.772151][T12723] Node 0 DMA32: 1439*4kB (UM) 647*8kB (UME) 245*16kB (UM) 1001*32kB (UM) 236*64kB (UM) 32*128kB (UME) 34*256kB (UM) 18*512kB (UM) 20*1024kB (UME) 8*2048kB (UME) 261*4096kB (UM) = 1189924kB
[  303.791061][T12723] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  303.803702][T12723] Node 1 Normal: 204*4kB (UME) 53*8kB (UME) 53*16kB (UME) 155*32kB (UME) 49*64kB (UME) 6*128kB (UME) 2*256kB (M) 6*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 946*4096kB (M) = 3894472kB
[  303.823307][T12723] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  303.833523][T12723] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  303.843623][T12723] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  303.853670][T12723] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  303.863278][T12723] 45511 total pagecache pages
[  303.868000][T12723] 0 pages in swap cache
[  303.872325][T12723] Free swap  = 124996kB
[  303.876495][T12723] Total swap = 124996kB
[  303.880778][T12723] 2097051 pages RAM
[  303.884913][T12723] 0 pages HighMem/MovableOnly
[  303.889620][T12723] 424131 pages reserved
[  303.893850][T12723] 0 pages cma reserved
[  303.908131][T12724] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  303.945834][T12748] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1624'.
[  303.986219][T12749] netlink: 'syz.0.1624': attribute type 1 has an invalid length.
[  304.002065][T12724] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  304.031264][T12749] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1624'.
[  304.115593][T12724] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  304.240804][T12724] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  304.373147][T12762] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1627'.
[  304.398346][ T9378] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  304.439657][T12767] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1630'.
[  304.451364][ T8395] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  304.494143][T12770] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1632'.
[  304.522216][ T9378] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  304.565187][ T1341] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  304.718987][T12774] lo speed is unknown, defaulting to 1000
[  304.730760][T12778] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1633'.
[  304.883507][T12783] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1638'.
[  304.901483][T12783] netlink: 'syz.1.1638': attribute type 1 has an invalid length.
[  304.904044][T12779] lo speed is unknown, defaulting to 1000
[  304.929699][T12783] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1638'.
[  305.053457][T12791] lo speed is unknown, defaulting to 1000
[  305.250451][T12774] wg1 speed is unknown, defaulting to 1000
[  305.711724][T12779] wg1 speed is unknown, defaulting to 1000
[  305.846669][T12813] netlink: 'syz.0.1646': attribute type 13 has an invalid length.
[  306.039657][T12818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1647'.
[  306.288788][T12791] wg1 speed is unknown, defaulting to 1000
[  306.567463][T12836] veth5: entered promiscuous mode
[  307.184410][T12864] dvmrp0: entered allmulticast mode
[  308.946628][T12896] __nla_validate_parse: 4 callbacks suppressed
[  308.946650][T12896] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1669'.
[  308.995478][T12897] netlink: 'syz.3.1669': attribute type 50 has an invalid length.
[  309.147309][T12913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1672'.
[  309.183793][T12913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1672'.
[  309.216303][T12916] syzkaller0: entered promiscuous mode
[  309.222924][T12916] syzkaller0: entered allmulticast mode
[  309.505496][T12930] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1677'.
[  309.514964][T12930] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1677'.
[  309.524876][T12930] netlink: 'syz.1.1677': attribute type 6 has an invalid length.
[  309.541311][T12930] netlink: 'syz.1.1677': attribute type 5 has an invalid length.
[  309.557014][T12943] tipc: Started in network mode
[  309.562038][T12943] tipc: Node identity 66d849d59979, cluster identity 4711
[  309.569385][T12943] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  309.593432][T12930] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1677'.
[  309.603222][T12943] syzkaller0: entered promiscuous mode
[  309.608727][T12943] syzkaller0: entered allmulticast mode
[  309.645857][T12943] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1681'.
[  309.663287][T12943] tipc: Resetting bearer <eth:syzkaller0>
[  309.672397][T12941] tipc: Resetting bearer <eth:syzkaller0>
[  309.702074][T12941] tipc: Disabling bearer <eth:syzkaller0>
[  310.222011][T12971] veth9: entered promiscuous mode
[  310.321867][T12979] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  310.329382][T12979] syzkaller0: entered promiscuous mode
[  310.335071][T12979] syzkaller0: entered allmulticast mode
[  310.356758][T12978] tipc: Resetting bearer <eth:syzkaller0>
[  310.447002][T12978] tipc: Disabling bearer <eth:syzkaller0>
[  310.526024][T12991] netlink: 'syz.1.1692': attribute type 1 has an invalid length.
[  310.550245][T12996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.673008][T13001] macvtap2: entered promiscuous mode
[  310.679356][T13001] syz_tun: entered promiscuous mode
[  310.691922][T13001] syz_tun: left promiscuous mode
[  310.999168][T13015] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.1701'.
[  311.020283][T13015] openvswitch: netlink: Missing key (keys=40, expected=100)
[  311.058915][T13014] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1701'.
[  311.279361][T13017] netlink: 264 bytes leftover after parsing attributes in process `syz.4.1702'.
[  311.314432][T13017] netlink: 'syz.4.1702': attribute type 1 has an invalid length.
[  311.547069][T13026] sit0: entered promiscuous mode
[  311.586279][T13026] netlink: 'syz.4.1706': attribute type 1 has an invalid length.
[  311.758900][T13037] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  311.801550][T13037] netlink: 'syz.4.1710': attribute type 83 has an invalid length.
[  311.831830][T13041] nbd: must specify a size in bytes for the device
[  311.846419][T13042] SET target dimension over the limit!
[  312.157013][T13059] nbd: couldn't find device at index -1544945664
[  312.211588][T13063] lo speed is unknown, defaulting to 1000
[  312.835103][T13063] wg1 speed is unknown, defaulting to 1000
[  312.949468][T13086] syzkaller0: entered promiscuous mode
[  312.966196][T13086] syzkaller0: entered allmulticast mode
[  313.249667][T13100] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  313.452620][T13107] syzkaller0: entered promiscuous mode
[  313.462097][T13107] syzkaller0: entered allmulticast mode
[  313.487756][T13090] tipc: Resetting bearer <eth:syzkaller0>
[  313.549530][T13090] tipc: Disabling bearer <eth:syzkaller0>
[  313.666385][T13115] hsr0: entered allmulticast mode
[  313.671922][T13115] hsr_slave_0: entered allmulticast mode
[  313.728233][T13115] hsr_slave_0: left promiscuous mode
[  313.796651][T13115] hsr0 (unregistering): left allmulticast mode
[  314.920184][T13150] lo speed is unknown, defaulting to 1000
[  315.377707][T13150] wg1 speed is unknown, defaulting to 1000
[  315.417086][T13175] __nla_validate_parse: 5 callbacks suppressed
[  315.417106][T13175] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1747'.
[  315.486277][T13181] netlink: 'syz.3.1748': attribute type 11 has an invalid length.
[  315.542687][T13185] netlink: 'syz.3.1748': attribute type 3 has an invalid length.
[  315.583627][T13185] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1748'.
[  315.694292][T13190] SET target dimension over the limit!
[  315.854468][T13190] netlink: 16312 bytes leftover after parsing attributes in process `syz.2.1749'.
[  315.878593][T13194] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  315.938271][T13199] netlink: 'syz.3.1752': attribute type 1 has an invalid length.
[  315.939680][T13191] lo speed is unknown, defaulting to 1000
[  316.019130][T13200] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1752'.
[  316.222919][T13214] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  316.226701][T13199] bond7: entered promiscuous mode
[  316.245080][T13199] 8021q: adding VLAN 0 to HW filter on device bond7
[  316.256868][T13215] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  316.388569][T13210] lo speed is unknown, defaulting to 1000
[  316.670638][T13225] lo speed is unknown, defaulting to 1000
[  316.770837][T13191] wg1 speed is unknown, defaulting to 1000
[  316.943155][T13192] tipc: Disabling bearer <eth:syzkaller0>
[  316.983735][T13237] lo speed is unknown, defaulting to 1000
[  317.160769][T13210] wg1 speed is unknown, defaulting to 1000
[  317.348116][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.357585][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.549596][T13243] Bluetooth: MGMT ver 1.23
[  317.615947][T13245] atomic_op ffff888056a49198 conn xmit_atomic 0000000000000000
[  317.829716][T13237] wg1 speed is unknown, defaulting to 1000
[  317.969697][T13225] wg1 speed is unknown, defaulting to 1000
[  318.045860][T13252] IPv6: sit2: Disabled Multicast RS
[  318.784503][T13267] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1770'.
[  319.042262][T13271] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1772'.
[  319.055985][T13274] lo speed is unknown, defaulting to 1000
[  319.391047][T13286] lo speed is unknown, defaulting to 1000
[  319.462236][T13274] wg1 speed is unknown, defaulting to 1000
[  320.135160][T13318] syzkaller1: entered promiscuous mode
[  320.157835][T13318] syzkaller1: entered allmulticast mode
[  320.189704][T13318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1782'.
[  320.210229][T13318] chnl_net:caif_netlink_parms(): no params data found
[  320.271533][T13286] wg1 speed is unknown, defaulting to 1000
[  321.038145][T13343] lo speed is unknown, defaulting to 1000
[  321.214374][T13350] netlink: 'syz.1.1792': attribute type 39 has an invalid length.
[  321.297958][T13350] hsr_slave_1 (unregistering): left promiscuous mode
[  321.691678][T13366] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1797'.
[  321.730159][T13361] lo speed is unknown, defaulting to 1000
[  321.734543][T13343] wg1 speed is unknown, defaulting to 1000
[  321.993850][T13381] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1802'.
[  322.401698][T13403] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1806'.
[  322.464619][T13404] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1806'.
[  322.502388][T13361] wg1 speed is unknown, defaulting to 1000
[  322.736820][T13410] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1809'.
[  322.826704][T13409] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1808'.
[  322.917130][T13417] netlink: 'syz.3.1810': attribute type 5 has an invalid length.
[  322.976105][T13422] batadv0: entered promiscuous mode
[  322.983030][T13422] debugfs: 'hsr0' already exists in 'hsr'
[  322.988922][T13422] Cannot create hsr debugfs directory
[  322.997709][T13422] hsr0: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  323.012397][T13422] 8021q: adding VLAN 0 to HW filter on device hsr0
[  323.024088][T13422] batadv0: left promiscuous mode
[  323.068611][T13427] pim6reg: entered allmulticast mode
[  323.242193][T13429] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1813'.
[  323.252453][T13434] netlink: 'syz.4.1816': attribute type 23 has an invalid length.
[  323.278999][T13431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1814'.
[  323.436328][T13437] tc_dump_action: action bad kind
[  323.469158][T13440] netlink: 'syz.2.1813': attribute type 1 has an invalid length.
[  323.475355][T13448] x_tables: duplicate underflow at hook 2
[  323.483053][T13440] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1813'.
[  323.867856][T13452] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1820'.
[  324.006094][T13481] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  324.186211][T13490] sctp: [Deprecated]: syz.0.1824 (pid 13490) Use of int in max_burst socket option deprecated.
[  324.186211][T13490] Use struct sctp_assoc_value instead
[  324.306035][T13495] netlink: 'syz.2.1826': attribute type 2 has an invalid length.
[  324.324274][T13495] netlink: 'syz.2.1826': attribute type 1 has an invalid length.
[  324.549033][T13501] netlink: 'syz.2.1827': attribute type 12 has an invalid length.
[  324.624597][T13507] netlink: 'syz.3.1830': attribute type 1 has an invalid length.
[  324.990678][T13525] openvswitch: netlink: Actions may not be safe on all matching packets
[  325.030284][T13532] lo speed is unknown, defaulting to 1000
[  325.286242][T13543] netlink: 'syz.1.1839': attribute type 5 has an invalid length.
[  325.577756][T13550] lo speed is unknown, defaulting to 1000
[  325.616970][T13557] netlink: 'syz.1.1842': attribute type 1 has an invalid length.
[  325.652128][T13532] wg1 speed is unknown, defaulting to 1000
[  326.380403][T13571] netlink: 'syz.3.1846': attribute type 3 has an invalid length.
[  326.392173][T13571] netlink: 'syz.3.1846': attribute type 1 has an invalid length.
[  326.400395][T13573] nbd: device at index 64 is going down
[  326.457577][T13550] wg1 speed is unknown, defaulting to 1000
[  326.502385][T13584] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0
[  326.754692][T13593] __nla_validate_parse: 14 callbacks suppressed
[  326.754713][T13593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1852'.
[  326.822859][T13591] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1852'.
[  326.874954][T13598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1852'.
[  326.994703][T13601] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1854'.
[  327.004060][T13601] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1854'.
[  327.017875][T13601] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1854'.
[  327.059674][T13601] netlink: 'syz.4.1854': attribute type 1 has an invalid length.
[  327.071221][T13601] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1854'.
[  327.306088][T13610] netlink: 'syz.3.1857': attribute type 21 has an invalid length.
[  327.335177][T13610] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1857'.
[  327.355735][T13610] netlink: 'syz.3.1857': attribute type 5 has an invalid length.
[  327.378153][T13610] netlink: 'syz.3.1857': attribute type 6 has an invalid length.
[  327.402422][T13610] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1857'.
[  327.451556][T13618] lo speed is unknown, defaulting to 1000
[  327.643264][T13629] netlink: 'syz.2.1863': attribute type 4 has an invalid length.
[  327.664798][T13629] netlink: 'syz.2.1863': attribute type 4 has an invalid length.
[  327.799063][T13637] lo speed is unknown, defaulting to 1000
[  327.854977][T13645] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1864'.
[  328.036553][T13618] wg1 speed is unknown, defaulting to 1000
[  328.174567][T13656] netlink: 'syz.3.1869': attribute type 11 has an invalid length.
[  328.346775][T13661] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  328.359031][T13661] lo: entered allmulticast mode
[  328.373856][T13660] lo: left allmulticast mode
[  328.397104][T13637] wg1 speed is unknown, defaulting to 1000
[  328.707613][T13672] netlink: 'syz.3.1875': attribute type 29 has an invalid length.
[  330.220150][T13724] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  330.369678][T13726] lo speed is unknown, defaulting to 1000
[  330.847139][T13726] wg1 speed is unknown, defaulting to 1000
[  331.200457][T13759] x_tables: ip6_tables: esp match: only valid for protocol 50
[  331.389484][T13771] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  331.534185][T13781] validate_nla: 1 callbacks suppressed
[  331.534205][T13781] netlink: 'syz.1.1898': attribute type 1 has an invalid length.
[  331.548421][T13761] syzkaller0: entered promiscuous mode
[  331.557943][T13761] syzkaller0: entered allmulticast mode
[  331.679493][T13775] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  331.817383][T13787] netlink: 'syz.0.1900': attribute type 1 has an invalid length.
[  331.879312][T13791] __nla_validate_parse: 11 callbacks suppressed
[  331.879333][T13791] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1903'.
[  331.903716][T13787] 8021q: adding VLAN 0 to HW filter on device bond6
[  331.927341][T13795] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1901'.
[  331.989481][T13791] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1903'.
[  332.003298][T13796] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1903'.
[  332.041568][T13791] netlink: 'syz.1.1903': attribute type 1 has an invalid length.
[  332.059062][T13791] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1903'.
[  332.416709][T13804] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1905'.
[  332.517923][T13820] lo speed is unknown, defaulting to 1000
[  332.622891][T13826] netlink: 'syz.4.1909': attribute type 1 has an invalid length.
[  332.844828][T13820] wg1 speed is unknown, defaulting to 1000
[  332.923966][T13832] bond3: (slave geneve3): making interface the new active one
[  332.934353][T13832] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  332.970142][ T9379] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20004 - 0
[  333.029806][ T9379] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20004 - 0
[  333.039081][ T9379] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20004 - 0
[  333.058883][ T9379] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20004 - 0
[  333.531644][T13851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1914'.
[  333.781919][T13851] bond2: (slave bridge0): Releasing backup interface
[  333.804355][T13851] bridge0 (unregistering): left promiscuous mode
[  333.810753][T13851] bridge0 (unregistering): left allmulticast mode
[  334.280938][T13881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1923'.
[  334.292615][T13881] netlink: 'syz.1.1923': attribute type 21 has an invalid length.
[  334.302703][T13878] lo speed is unknown, defaulting to 1000
[  334.453169][T13889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1921'.
[  334.474625][T13887] netlink: 'syz.1.1924': attribute type 12 has an invalid length.
[  334.498178][T13890] netlink: 'syz.1.1924': attribute type 12 has an invalid length.
[  334.713873][T13878] wg1 speed is unknown, defaulting to 1000
[  334.899810][T13908] FAULT_INJECTION: forcing a failure.
[  334.899810][T13908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.913674][T13908] CPU: 1 UID: 0 PID: 13908 Comm: syz.1.1929 Not tainted syzkaller #0 PREEMPT(full) 
[  334.913702][T13908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  334.913714][T13908] Call Trace:
[  334.913722][T13908]  <TASK>
[  334.913731][T13908]  dump_stack_lvl+0x189/0x250
[  334.913763][T13908]  ? __pfx____ratelimit+0x10/0x10
[  334.913793][T13908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.913829][T13908]  ? __pfx__printk+0x10/0x10
[  334.913862][T13908]  should_fail_ex+0x414/0x560
[  334.913897][T13908]  _copy_to_user+0x31/0xb0
[  334.913922][T13908]  bpf_test_finish+0x56f/0x700
[  334.913955][T13908]  ? __pfx_bpf_test_finish+0x10/0x10
[  334.913992][T13908]  bpf_prog_test_run_skb+0xef8/0x1550
[  334.914031][T13908]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  334.914053][T13908]  bpf_prog_test_run+0x2c7/0x340
[  334.914079][T13908]  __sys_bpf+0x562/0x860
[  334.914106][T13908]  ? __pfx___sys_bpf+0x10/0x10
[  334.914144][T13908]  ? ksys_write+0x22a/0x250
[  334.914221][T13908]  ? __pfx_ksys_write+0x10/0x10
[  334.914255][T13908]  __x64_sys_bpf+0x7c/0x90
[  334.914283][T13908]  do_syscall_64+0xfa/0xfa0
[  334.914300][T13908]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.914319][T13908]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.914338][T13908]  ? clear_bhb_loop+0x60/0xb0
[  334.914359][T13908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.914375][T13908] RIP: 0033:0x7f511f18f6c9
[  334.914389][T13908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.914403][T13908] RSP: 002b:00007f5120056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  334.914424][T13908] RAX: ffffffffffffffda RBX: 00007f511f3e5fa0 RCX: 00007f511f18f6c9
[  334.914438][T13908] RDX: 0000000000000048 RSI: 00002000000002c0 RDI: 000000000000000a
[  334.914450][T13908] RBP: 00007f5120056090 R08: 0000000000000000 R09: 0000000000000000
[  334.914462][T13908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.914474][T13908] R13: 00007f511f3e6038 R14: 00007f511f3e5fa0 R15: 00007fff47741018
[  334.914509][T13908]  </TASK>
[  335.379473][T13923] sctp: [Deprecated]: syz.1.1931 (pid 13923) Use of int in maxseg socket option.
[  335.379473][T13923] Use struct sctp_assoc_value instead
[  335.868778][T13939] 8021q: adding VLAN 0 to HW filter on device bond11
[  335.879194][T13939] bridge0: port 1(bond11) entered blocking state
[  335.888615][T13939] bridge0: port 1(bond11) entered disabled state
[  335.895938][T13939] bond11: entered allmulticast mode
[  335.906464][T13939] bond11: entered promiscuous mode
[  335.964009][T13940] pimreg: entered allmulticast mode
[  335.973395][T13940] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1939'.
[  336.137832][T13955] FAULT_INJECTION: forcing a failure.
[  336.137832][T13955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  336.184147][T13955] CPU: 1 UID: 0 PID: 13955 Comm: syz.1.1941 Not tainted syzkaller #0 PREEMPT(full) 
[  336.184178][T13955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  336.184189][T13955] Call Trace:
[  336.184197][T13955]  <TASK>
[  336.184205][T13955]  dump_stack_lvl+0x189/0x250
[  336.184238][T13955]  ? __pfx____ratelimit+0x10/0x10
[  336.184267][T13955]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.184293][T13955]  ? __pfx__printk+0x10/0x10
[  336.184326][T13955]  should_fail_ex+0x414/0x560
[  336.184361][T13955]  _copy_to_user+0x31/0xb0
[  336.184388][T13955]  simple_read_from_buffer+0xe1/0x170
[  336.184423][T13955]  proc_fail_nth_read+0x1b3/0x220
[  336.184452][T13955]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  336.184481][T13955]  ? rw_verify_area+0x2a6/0x4d0
[  336.184506][T13955]  ? __lock_acquire+0xab9/0xd20
[  336.184524][T13955]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  336.184550][T13955]  vfs_read+0x200/0xa30
[  336.184574][T13955]  ? fdget_pos+0x247/0x320
[  336.184599][T13955]  ? __pfx___mutex_lock+0x10/0x10
[  336.184621][T13955]  ? __pfx_vfs_read+0x10/0x10
[  336.184648][T13955]  ? __fget_files+0x2a/0x420
[  336.184672][T13955]  ? __fget_files+0x3a0/0x420
[  336.184689][T13955]  ? __fget_files+0x2a/0x420
[  336.184719][T13955]  ksys_read+0x145/0x250
[  336.184749][T13955]  ? __pfx_ksys_read+0x10/0x10
[  336.184780][T13955]  ? do_syscall_64+0xbe/0xfa0
[  336.184803][T13955]  do_syscall_64+0xfa/0xfa0
[  336.184820][T13955]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.184838][T13955]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.184857][T13955]  ? clear_bhb_loop+0x60/0xb0
[  336.184882][T13955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.184900][T13955] RIP: 0033:0x7f511f18e0dc
[  336.184927][T13955] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  336.184943][T13955] RSP: 002b:00007f5120056030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  336.184965][T13955] RAX: ffffffffffffffda RBX: 00007f511f3e5fa0 RCX: 00007f511f18e0dc
[  336.184978][T13955] RDX: 000000000000000f RSI: 00007f51200560a0 RDI: 0000000000000004
[  336.184990][T13955] RBP: 00007f5120056090 R08: 0000000000000000 R09: 0000000000000000
[  336.185002][T13955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  336.185014][T13955] R13: 00007f511f3e6038 R14: 00007f511f3e5fa0 R15: 00007fff47741018
[  336.185051][T13955]  </TASK>
[  336.541023][T13962] 8021q: adding VLAN 0 to HW filter on device bond4
[  336.550538][T13962] bond4: entered promiscuous mode
[  336.556607][T13962] bond0: (slave bond4): Enslaving as an active interface with a down link
[  336.678965][T13977] netlink: 'syz.0.1948': attribute type 15 has an invalid length.
[  336.688763][T13969] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  336.699048][T13969] dummy0: left promiscuous mode
[  336.713572][T13969] bond0 (unregistering): (slave bond4): Releasing backup interface
[  336.723333][T13969] bond4: left promiscuous mode
[  336.733169][T13969] bond0 (unregistering): Released all slaves
[  337.200569][T13998] dvmrp1: tun_chr_ioctl cmd 1074025677
[  337.210545][T13998] dvmrp1: linktype set to 774
[  337.225132][T13998] netlink: 'syz.1.1955': attribute type 32 has an invalid length.
[  337.258611][T13998] __nla_validate_parse: 2 callbacks suppressed
[  337.258633][T13998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1955'.
[  337.345072][T13998] bond12: option coupled_control: invalid value (12)
[  337.367165][T13998] bond12 (unregistering): Released all slaves
[  337.436517][T14013] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1960'.
[  337.447684][T14013] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1960'.
[  337.488683][T14013] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1960'.
[  337.501015][T14008] lo speed is unknown, defaulting to 1000
[  337.503133][T14013] netlink: 'syz.3.1960': attribute type 1 has an invalid length.
[  337.549325][T14013] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1960'.
[  337.892420][T14035] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1964'.
[  337.943202][T14038] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[  337.954100][T14037] ieee802154 phy1 wpan1: encryption failed: -90
[  337.984954][T14038] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  338.086683][T14008] wg1 speed is unknown, defaulting to 1000
[  338.474832][T14062] batadv1: entered promiscuous mode
[  338.532733][T14060] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1970'.
[  338.809316][T14062] can: request_module (can-proto-0) failed.
[  338.830942][T14064] lo speed is unknown, defaulting to 1000
[  339.420242][T14086] lo speed is unknown, defaulting to 1000
[  339.513477][T14092] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1979'.
[  339.527218][T14064] wg1 speed is unknown, defaulting to 1000
[  339.624625][T14098] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1978'.
[  339.712423][T14099] sit0: left promiscuous mode
[  339.811722][   T30] audit: type=1800 audit(1762997720.791:9): pid=14103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1983" name="memory.events" dev="tmpfs" ino=2155 res=0 errno=0
[  339.997924][T14086] wg1 speed is unknown, defaulting to 1000
[  340.199419][T14108] IPVS: Error connecting to the multicast addr
[  340.400872][T14117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1986'.
[  341.131692][T14142] siw: device registration error -23
[  341.305267][T14150] lo speed is unknown, defaulting to 1000
[  341.981471][T14175] netlink: 'syz.2.2001': attribute type 3 has an invalid length.
[  342.087772][T14150] wg1 speed is unknown, defaulting to 1000
[  342.295366][T14191] __nla_validate_parse: 3 callbacks suppressed
[  342.295387][T14191] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2004'.
[  342.375117][T14193] lo speed is unknown, defaulting to 1000
[  342.552076][T14198] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2005'.
[  342.684602][T14190] lo speed is unknown, defaulting to 1000
[  342.701071][T14193] wg1 speed is unknown, defaulting to 1000
[  343.005554][T14210] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2011'.
[  343.087561][T14210] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  343.104924][T14210] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  343.115306][T14210] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  343.215924][T14210] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  343.259173][T14210] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  343.304530][T14210] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  343.373990][T14214] bridge0: entered promiscuous mode
[  343.381734][T14190] wg1 speed is unknown, defaulting to 1000
[  343.428343][T14210] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  343.440757][T14210] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  343.463421][T14210] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  343.578433][T14210] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  343.609991][T14210] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  343.640649][T14210] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  343.990550][ T9378] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  344.013652][ T9378] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  344.024691][ T9378] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  344.084875][ T9378] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  344.109291][T14250] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2020'.
[  344.118592][T14250] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2020'.
[  344.128896][ T9378] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  344.145437][ T9378] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  344.276010][ T9366] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  344.302278][ T9366] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  344.310820][ T9366] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  344.330137][ T9366] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  344.348712][ T9366] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  344.362401][T14259] IPVS: set_ctl: invalid protocol: 135 224.0.0.1:20003
[  344.374398][ T9366] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  344.598853][T14267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2026'.
[  344.620877][T14269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2026'.
[  344.715260][T14269] : entered promiscuous mode
[  344.772110][T14266] lo speed is unknown, defaulting to 1000
[  345.133928][T14282] syzkaller0: entered promiscuous mode
[  345.139486][T14282] syzkaller0: entered allmulticast mode
[  345.547078][T14290] lo speed is unknown, defaulting to 1000
[  345.602520][T14266] wg1 speed is unknown, defaulting to 1000
[  345.858327][T14299] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2035'.
[  346.072747][T14307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2038'.
[  346.132674][T14299] bond0 (unregistering): Released all slaves
[  346.163392][T14290] wg1 speed is unknown, defaulting to 1000
[  346.163442][T14298] lo speed is unknown, defaulting to 1000
[  346.561537][T14318] lo speed is unknown, defaulting to 1000
[  346.931862][T14325] openvswitch: netlink: Tunnel attr 3 has unexpected len 0 expected 1
[  347.165293][T14318] wg1 speed is unknown, defaulting to 1000
[  347.229563][T14298] wg1 speed is unknown, defaulting to 1000
[  347.605809][T14335] lo speed is unknown, defaulting to 1000
[  347.683957][T14342] netlink: 6 bytes leftover after parsing attributes in process `syz.0.2047'.
[  347.717363][T14342] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  347.971947][T14350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2048'.
[  347.993803][T14350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2048'.
[  348.090028][T14335] wg1 speed is unknown, defaulting to 1000
[  348.898871][T14370] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2055'.
[  349.957307][T14405] syzkaller1: entered promiscuous mode
[  349.963430][T14405] syzkaller1: entered allmulticast mode
[  350.558355][T14407] netlink: 'syz.4.2064': attribute type 1 has an invalid length.
[  350.861488][T14445] pimreg: entered allmulticast mode
[  351.008157][T14444] pimreg: left allmulticast mode
[  351.067622][T14445] vlan0: entered allmulticast mode
[  351.073100][T14445] bridge_slave_0: entered allmulticast mode
[  351.426741][T14465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2080'.
[  351.436345][T14465] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2080'.
[  353.008627][T14485] netlink: 'syz.3.2085': attribute type 1 has an invalid length.
[  353.140223][T14485] 8021q: adding VLAN 0 to HW filter on device bond8
[  353.173317][T14497] netlink: 'syz.1.2088': attribute type 12 has an invalid length.
[  353.238727][T14495] veth3: entered promiscuous mode
[  353.261539][T14495] bond8: (slave veth3): Enslaving as an active interface with a down link
[  353.593954][T14515] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  353.676488][T14520] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2094'.
[  353.886129][T14526] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2097'.
[  353.922846][T14531] lo: entered promiscuous mode
[  353.932876][T14531] tunl0: entered promiscuous mode
[  353.970793][T14531] gre0: entered promiscuous mode
[  354.016636][T14531] gretap0: entered promiscuous mode
[  354.024367][T14531] ip_vti0: entered promiscuous mode
[  354.038723][T14531] ip6_vti0: entered promiscuous mode
[  354.068435][T14543] netlink: 'syz.3.2100': attribute type 27 has an invalid length.
[  354.086007][T14531] ip6tnl0: entered promiscuous mode
[  354.097050][T14531] ip6gre0: entered promiscuous mode
[  354.104504][T14531] vcan0: entered promiscuous mode
[  354.110751][T14531] `: entered promiscuous mode
[  354.117597][T14531] dummy0: entered promiscuous mode
[  354.125589][T14531] nlmon0: entered promiscuous mode
[  354.132753][T14531] caif0: entered promiscuous mode
[  354.137984][T14531] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  354.139197][T14549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2102'.
[  354.166684][T14549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2102'.
[  354.176039][T14534] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  354.252420][T14544] tunl0: left promiscuous mode
[  354.269817][T14544] gre0: left promiscuous mode
[  354.301288][T14544] gretap0: left promiscuous mode
[  354.320512][T14544] erspan0: left promiscuous mode
[  354.329177][T14544] erspan0: left allmulticast mode
[  354.352209][T14544] ip_vti0: left promiscuous mode
[  354.373177][T14544] ip6_vti0: left promiscuous mode
[  354.380630][T14544] ip6tnl0: left promiscuous mode
[  354.434611][T14544] ip6gre0: left promiscuous mode
[  354.442146][T14544] ip6gretap0: left promiscuous mode
[  354.460860][T14544] vcan0: left promiscuous mode
[  354.474077][T14544] bond0: left promiscuous mode
[  354.482938][T14544] bond_slave_0: left promiscuous mode
[  354.489824][T14544] bond_slave_1: left promiscuous mode
[  354.502790][T14544] team0: left promiscuous mode
[  354.507743][T14544] team_slave_1: left promiscuous mode
[  354.507860][T14568] netlink: 'syz.4.2108': attribute type 1 has an invalid length.
[  354.513592][T14544] batadv1: left promiscuous mode
[  354.535971][T14544] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.552608][T14544] nlmon0: left promiscuous mode
[  354.559693][T14544] caif0: left promiscuous mode
[  354.565582][T14544] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  354.592759][T14573] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2109'.
[  354.610067][T14573] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2109'.
[  354.670708][T14543] gretap1: left promiscuous mode
[  354.676048][T14543] gretap1: left allmulticast mode
[  354.683936][T14543] bridge1: left allmulticast mode
[  354.689297][T14543] xfrm1: left promiscuous mode
[  354.704760][T14543] xfrm1: left allmulticast mode
[  354.725154][T14543] macsec2: left promiscuous mode
[  354.730455][T14543] macsec2: left allmulticast mode
[  354.738636][T14543] bond7: left promiscuous mode
[  354.761870][T14543] veth3: left promiscuous mode
[  354.824603][T14577] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  354.831456][ T1160] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 20004 - 0
[  354.918849][T14574] syzkaller0: entered promiscuous mode
[  354.928361][T14574] syzkaller0: entered allmulticast mode
[  354.952207][ T1160] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 20004 - 0
[  354.960997][ T1160] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 20004 - 0
[  354.993748][T14580] syzkaller0: entered promiscuous mode
[  354.999460][T14580] syzkaller0: entered allmulticast mode
[  355.029501][T14572] tipc: Resetting bearer <eth:syzkaller0>
[  355.037453][T14592] netlink: 'syz.2.2112': attribute type 13 has an invalid length.
[  355.051512][T14592] netlink: 'syz.2.2112': attribute type 17 has an invalid length.
[  355.902450][  T981] tipc: Node number set to 2342079156
[  356.692373][ T1160] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 20004 - 0
[  356.725685][T14592] 8021q: adding VLAN 0 to HW filter on device team0
[  356.736787][T14592] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  356.754518][T14563] tipc: Resetting bearer <eth:syzkaller0>
[  356.779734][T14563] tipc: Disabling bearer <eth:syzkaller0>
[  356.892800][T14600] lo speed is unknown, defaulting to 1000
[  356.975287][T14606] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2115'.
[  356.993006][T14606] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2115'.
[  357.029227][T14606] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2115'.
[  357.062751][T14606] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2115'.
[  357.159842][T14613] lo speed is unknown, defaulting to 1000
[  357.180274][T14615] syzkaller0: entered promiscuous mode
[  357.203055][T14615] syzkaller0: entered allmulticast mode
[  357.274380][T14615] vlan0: entered promiscuous mode
[  357.299355][T14615] netlink: 'syz.3.2119': attribute type 5 has an invalid length.
[  357.307723][T14626] pim6reg: left allmulticast mode
[  357.322532][T14615] netlink: 'syz.3.2119': attribute type 6 has an invalid length.
[  357.377954][T14600] wg1 speed is unknown, defaulting to 1000
[  357.707579][T14634] pim6reg1: entered promiscuous mode
[  357.713040][T14634] pim6reg1: entered allmulticast mode
[  357.945539][T14613] wg1 speed is unknown, defaulting to 1000
[  358.155183][T14656] lo speed is unknown, defaulting to 1000
[  358.191816][T14662] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  358.666561][T14656] wg1 speed is unknown, defaulting to 1000
[  359.437927][T14698] __nla_validate_parse: 149 callbacks suppressed
[  359.437951][T14698] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2142'.
[  359.456926][T14698] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2142'.
[  359.681444][T14704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  359.863807][T14701] "syz.2.2143" (14701) uses obsolete ecb(arc4) skcipher
[  360.447930][T14746] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2152'.
[  360.733921][T14757] netlink: 'syz.2.2155': attribute type 16 has an invalid length.
[  360.742271][T14757] netlink: 'syz.2.2155': attribute type 17 has an invalid length.
[  360.794283][T14758] IPv6: NLM_F_REPLACE set, but no existing node found!
[  360.989173][T14757] team0: left allmulticast mode
[  361.024436][ T9366] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  361.046073][ T9366] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.105632][ T9366] netdevsim netdevsim2 eth0: unset [1, 1] type 2 family 0 port 256 - 0
[  361.117319][ T9366] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  361.126189][ T9366] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.140975][ T9366] netdevsim netdevsim2 eth1: unset [1, 1] type 2 family 0 port 256 - 0
[  361.149757][ T9366] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  361.158490][ T9366] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.175764][ T9366] netdevsim netdevsim2 eth2: unset [1, 1] type 2 family 0 port 256 - 0
[  361.185635][ T9366] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  361.194641][ T9366] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.204936][ T9366] netdevsim netdevsim2 eth3: unset [1, 1] type 2 family 0 port 256 - 0
[  361.427026][T14782] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2162'.
[  361.600331][T14792] lo speed is unknown, defaulting to 1000
[  361.882610][T14803] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2168'.
[  361.915441][T14792] wg1 speed is unknown, defaulting to 1000
[  362.010636][T14807] batadv_slave_1: Caught tx_queue_len zero misconfig
[  362.024003][T14808] smc: ib device syz0 ibport 1 applied user defined pnetid SYZ0
[  362.032653][T14804] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2168'.
[  362.052868][T14808] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2168'.
[  362.080802][T14804] 8021q: VLANs not supported on `
[  362.087747][T14808] 8021q: VLANs not supported on `
[  362.251831][T14816] netlink: 'syz.4.2171': attribute type 3 has an invalid length.
[  362.396038][T14824] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2173'.
[  362.742059][T14838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2173'.
[  362.762611][T14838] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2173'.
[  363.153109][T14844] ip6tnl0: Caught tx_queue_len zero misconfig
[  363.337165][T14858] x_tables: ip_tables: osf match: only valid for protocol 6
[  363.373037][T14860] netlink: 'syz.2.2178': attribute type 4 has an invalid length.
[  363.663818][T14852] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  363.759186][T14852] xt_TCPMSS: Only works on TCP SYN packets
[  363.923693][T14882] ip6tnl3: entered promiscuous mode
[  363.944042][T14882] ip6tnl3: entered allmulticast mode
[  364.244441][T14900] netlink: 'syz.1.2186': attribute type 4 has an invalid length.
[  364.316687][   T49] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 20004 - 0
[  364.338085][   T49] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 20004 - 0
[  364.378688][   T49] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 20004 - 0
[  364.408857][   T49] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 20004 - 0
[  364.639972][T14918] tipc: Started in network mode
[  364.652431][T14918] tipc: Node identity 4, cluster identity 4711
[  364.658639][T14918] tipc: Node number set to 4
[  364.911559][T14942] netlink: 'syz.4.2194': attribute type 13 has an invalid length.
[  364.919438][T14942] netlink: 'syz.4.2194': attribute type 17 has an invalid length.
[  365.101004][T14942] lo: left promiscuous mode
[  365.112704][T14942] tunl0: left promiscuous mode
[  365.160166][T14942] gre0: left promiscuous mode
[  365.197654][T14942] gretap0: left promiscuous mode
[  365.220492][T14942] ip_vti0: left promiscuous mode
[  365.247399][T14942] ip6_vti0: left promiscuous mode
[  365.286606][T14942] sit0: left promiscuous mode
[  365.318362][T14942] ip6tnl0: left promiscuous mode
[  365.324590][T14942] ip6gre0: left promiscuous mode
[  365.359218][T14962] __nla_validate_parse: 5 callbacks suppressed
[  365.359239][T14962] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2197'.
[  365.385063][T14942] vcan0: left promiscuous mode
[  365.416664][T14963] x_tables: duplicate entry at hook 2
[  365.427054][T14942] `: left promiscuous mode
[  365.482329][T14942] dummy0: left promiscuous mode
[  365.517630][T14942] nlmon0: left promiscuous mode
[  365.533296][T14942] caif0: left promiscuous mode
[  365.541164][T14942] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  365.782231][T14979] syzkaller1: entered promiscuous mode
[  365.792716][T14979] syzkaller1: entered allmulticast mode
[  365.811244][T14936] wg1 speed is unknown, defaulting to 1000
[  365.920131][T14987] netlink: 'syz.2.2204': attribute type 1 has an invalid length.
[  365.937515][T14991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2204'.
[  366.007364][T14987] 8021q: adding VLAN 0 to HW filter on device bond0
[  366.085681][T14988] bond0: (slave gretap2): making interface the new active one
[  366.096657][T14988] bond0: (slave gretap2): Enslaving as an active interface with an up link
[  366.300925][T14991] bond0 (unregistering): (slave gretap2): Releasing active interface
[  366.329061][T14991] bond0 (unregistering): Released all slaves
[  366.355251][T14920] wg1 speed is unknown, defaulting to 1000
[  366.388393][T15001] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2208'.
[  366.431662][T15002] netlink: 'syz.0.2208': attribute type 1 has an invalid length.
[  366.454880][T15002] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2208'.
[  366.623368][T15008] tipc: New replicast peer: 255.255.255.255
[  366.635076][T15008] tipc: Enabled bearer <udp:syz2>, priority 10
[  366.759505][T15008] bridge9: entered promiscuous mode
[  366.771469][T15008] bridge9: entered allmulticast mode
[  367.003305][T15022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2212'.
[  367.029313][T15022] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2212'.
[  367.199691][T15026] bridge0: entered allmulticast mode
[  367.501336][T14998] wg1 speed is unknown, defaulting to 1000
[  367.542669][T15038] delete_channel: no stack
[  367.552217][T15038] delete_channel: no stack
[  367.584267][T15040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2216'.
[  368.135304][T15051] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2220'.
[  368.168895][T15053] netlink: 'syz.2.2220': attribute type 1 has an invalid length.
[  368.199191][T15053] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2220'.
[  368.727928][T15071] gtp0: entered promiscuous mode
[  368.759853][T15076] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2223'.
[  368.770080][T15076] IPv6: NLM_F_REPLACE set, but no existing node found!
[  369.405824][T15087] netlink: 'syz.1.2229': attribute type 1 has an invalid length.
[  369.435583][T15087] netlink: 'syz.1.2229': attribute type 2 has an invalid length.
[  369.720765][T15103] ip6gretap1: entered promiscuous mode
[  369.737013][T15103] ip6gretap1: entered allmulticast mode
[  370.132414][T15124] netlink: 'syz.3.2240': attribute type 1 has an invalid length.
[  370.349462][T15123] infiniband syû: set down
[  370.354458][T15123] infiniband syû: added bond_slave_0
[  370.431037][T15123] RDS/IB: syû: added
[  370.450597][T15123] smc: adding ib device syû with port count 1
[  370.476869][T15123] smc:    ib device syû port 1 has no pnetid
[  370.498839][T15139] netlink: 'syz.3.2242': attribute type 6 has an invalid length.
[  370.648340][T15139] __nla_validate_parse: 6 callbacks suppressed
[  370.648363][T15139] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2242'.
[  371.170006][T15139] wg1 speed is unknown, defaulting to 1000
[  371.254737][T15151] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2247'.
[  371.263952][T15151] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  371.692989][T15167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2250'.
[  372.111350][T15181] netlink: 272 bytes leftover after parsing attributes in process `syz.2.2255'.
[  372.256673][T15184] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2255'.
[  372.346793][T15181] netlink: 'syz.2.2255': attribute type 1 has an invalid length.
[  372.355190][T15181] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2255'.
[  372.453877][T15189] netlink: 'syz.2.2257': attribute type 1 has an invalid length.
[  372.462194][T15190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2257'.
[  372.474148][T15190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2257'.
[  372.646308][T15189] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR
[  372.692177][T15188] veth7: entered promiscuous mode
[  373.672698][ T5830] block nbd0: Receive control failed (result -32)
[  373.963584][T15227] netlink: 272 bytes leftover after parsing attributes in process `syz.2.2267'.
[  374.002457][T15227] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2267'.
[  374.033157][T15227] netlink: 'syz.2.2267': attribute type 1 has an invalid length.
[  374.466775][T15240] FAULT_INJECTION: forcing a failure.
[  374.466775][T15240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  374.512145][T15240] CPU: 1 UID: 0 PID: 15240 Comm: syz.2.2270 Not tainted syzkaller #0 PREEMPT(full) 
[  374.512177][T15240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  374.512189][T15240] Call Trace:
[  374.512198][T15240]  <TASK>
[  374.512207][T15240]  dump_stack_lvl+0x189/0x250
[  374.512238][T15240]  ? __pfx____ratelimit+0x10/0x10
[  374.512275][T15240]  ? __pfx_dump_stack_lvl+0x10/0x10
[  374.512302][T15240]  ? __pfx__printk+0x10/0x10
[  374.512340][T15240]  should_fail_ex+0x414/0x560
[  374.512384][T15240]  _copy_from_user+0x2d/0xb0
[  374.512411][T15240]  __copy_msghdr+0x3c5/0x5b0
[  374.512438][T15240]  ___sys_sendmsg+0x1a5/0x2a0
[  374.512463][T15240]  ? __pfx____sys_sendmsg+0x10/0x10
[  374.512524][T15240]  ? __fget_files+0x2a/0x420
[  374.512541][T15240]  ? __fget_files+0x3a0/0x420
[  374.512570][T15240]  __x64_sys_sendmsg+0x19b/0x260
[  374.512595][T15240]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  374.512626][T15240]  ? __pfx_ksys_write+0x10/0x10
[  374.512657][T15240]  ? do_syscall_64+0xbe/0xfa0
[  374.512679][T15240]  do_syscall_64+0xfa/0xfa0
[  374.512695][T15240]  ? lockdep_hardirqs_on+0x9c/0x150
[  374.512713][T15240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.512732][T15240]  ? clear_bhb_loop+0x60/0xb0
[  374.512756][T15240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.512774][T15240] RIP: 0033:0x7f7bc658f6c9
[  374.512805][T15240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.512822][T15240] RSP: 002b:00007f7bc7441038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  374.512845][T15240] RAX: ffffffffffffffda RBX: 00007f7bc67e6090 RCX: 00007f7bc658f6c9
[  374.512859][T15240] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 000000000000000b
[  374.512872][T15240] RBP: 00007f7bc7441090 R08: 0000000000000000 R09: 0000000000000000
[  374.512884][T15240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.512895][T15240] R13: 00007f7bc67e6128 R14: 00007f7bc67e6090 R15: 00007ffd95bf2568
[  374.512931][T15240]  </TASK>
[  375.388960][T15215] wg1 speed is unknown, defaulting to 1000
[  375.864622][T15260] netlink: 'syz.4.2274': attribute type 23 has an invalid length.
[  376.460986][T15272] __nla_validate_parse: 1 callbacks suppressed
[  376.461006][T15272] netlink: 272 bytes leftover after parsing attributes in process `syz.3.2278'.
[  376.533783][T15272] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2278'.
[  376.561652][T15272] netlink: 'syz.3.2278': attribute type 1 has an invalid length.
[  376.579797][T15272] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2278'.
[  376.681817][T15280] xt_hashlimit: max too large, truncated to 1048576
[  376.789196][T15286] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2282'.
[  376.804650][T15283] FAULT_INJECTION: forcing a failure.
[  376.804650][T15283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.820132][T15283] CPU: 0 UID: 0 PID: 15283 Comm: syz.3.2281 Not tainted syzkaller #0 PREEMPT(full) 
[  376.820160][T15283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  376.820173][T15283] Call Trace:
[  376.820181][T15283]  <TASK>
[  376.820190][T15283]  dump_stack_lvl+0x189/0x250
[  376.820219][T15283]  ? __pfx____ratelimit+0x10/0x10
[  376.820247][T15283]  ? __pfx_dump_stack_lvl+0x10/0x10
[  376.820273][T15283]  ? __pfx__printk+0x10/0x10
[  376.820292][T15283]  ? __might_fault+0xb0/0x130
[  376.820331][T15283]  should_fail_ex+0x414/0x560
[  376.820362][T15283]  _copy_from_user+0x2d/0xb0
[  376.820386][T15283]  ____sys_sendmsg+0x2fe/0x830
[  376.820413][T15283]  ? __pfx_____sys_sendmsg+0x10/0x10
[  376.820446][T15283]  ? import_iovec+0x74/0xa0
[  376.820474][T15283]  ___sys_sendmsg+0x21f/0x2a0
[  376.820498][T15283]  ? __pfx____sys_sendmsg+0x10/0x10
[  376.820562][T15283]  ? __fget_files+0x2a/0x420
[  376.820579][T15283]  ? __fget_files+0x3a0/0x420
[  376.820610][T15283]  __x64_sys_sendmsg+0x19b/0x260
[  376.820635][T15283]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  376.820676][T15283]  ? __pfx_ksys_write+0x10/0x10
[  376.820709][T15283]  ? do_syscall_64+0xbe/0xfa0
[  376.820732][T15283]  do_syscall_64+0xfa/0xfa0
[  376.820749][T15283]  ? lockdep_hardirqs_on+0x9c/0x150
[  376.820768][T15283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.820787][T15283]  ? clear_bhb_loop+0x60/0xb0
[  376.820810][T15283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.820828][T15283] RIP: 0033:0x7fbd1df8f6c9
[  376.820846][T15283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.820864][T15283] RSP: 002b:00007fbd1edd9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.820885][T15283] RAX: ffffffffffffffda RBX: 00007fbd1e1e5fa0 RCX: 00007fbd1df8f6c9
[  376.820899][T15283] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 000000000000000a
[  376.820911][T15283] RBP: 00007fbd1edd9090 R08: 0000000000000000 R09: 0000000000000000
[  376.820923][T15283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.820935][T15283] R13: 00007fbd1e1e6038 R14: 00007fbd1e1e5fa0 R15: 00007ffc2773ea38
[  376.820970][T15283]  </TASK>
[  377.115498][T15290] xt_CT: You must specify a L4 protocol and not use inversions on it
[  377.180971][T15299] netlink: 212360 bytes leftover after parsing attributes in process `syz.2.2283'.
[  377.225607][T15300] No such timeout policy "syz1"
[  377.941256][T15313] IPVS: set_ctl: invalid protocol: 136 172.20.20.187:20000
[  377.980122][T15316] netlink: 272 bytes leftover after parsing attributes in process `syz.0.2291'.
[  378.000613][T15318] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2290'.
[  378.051037][T15316] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2291'.
[  378.070120][T15316] netlink: 'syz.0.2291': attribute type 1 has an invalid length.
[  378.079737][T15316] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2291'.
[  378.308378][T15338] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2298'.
[  378.350082][T15343] FAULT_INJECTION: forcing a failure.
[  378.350082][T15343] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.411340][T15343] CPU: 0 UID: 0 PID: 15343 Comm: syz.1.2296 Not tainted syzkaller #0 PREEMPT(full) 
[  378.411371][T15343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  378.411382][T15343] Call Trace:
[  378.411391][T15343]  <TASK>
[  378.411399][T15343]  dump_stack_lvl+0x189/0x250
[  378.411430][T15343]  ? __pfx____ratelimit+0x10/0x10
[  378.411459][T15343]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.411485][T15343]  ? __pfx__printk+0x10/0x10
[  378.411520][T15343]  should_fail_ex+0x414/0x560
[  378.411556][T15343]  _copy_to_user+0x31/0xb0
[  378.411583][T15343]  simple_read_from_buffer+0xe1/0x170
[  378.411618][T15343]  proc_fail_nth_read+0x1b3/0x220
[  378.411647][T15343]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.411675][T15343]  ? rw_verify_area+0x2a6/0x4d0
[  378.411700][T15343]  ? __lock_acquire+0xab9/0xd20
[  378.411717][T15343]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.411743][T15343]  vfs_read+0x200/0xa30
[  378.411767][T15343]  ? fdget_pos+0x247/0x320
[  378.411791][T15343]  ? __pfx___mutex_lock+0x10/0x10
[  378.411813][T15343]  ? __pfx_vfs_read+0x10/0x10
[  378.411840][T15343]  ? __fget_files+0x2a/0x420
[  378.411865][T15343]  ? __fget_files+0x3a0/0x420
[  378.411881][T15343]  ? __fget_files+0x2a/0x420
[  378.411911][T15343]  ksys_read+0x145/0x250
[  378.411940][T15343]  ? __pfx_ksys_read+0x10/0x10
[  378.411971][T15343]  ? do_syscall_64+0xbe/0xfa0
[  378.411995][T15343]  do_syscall_64+0xfa/0xfa0
[  378.412012][T15343]  ? lockdep_hardirqs_on+0x9c/0x150
[  378.412030][T15343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.412048][T15343]  ? clear_bhb_loop+0x60/0xb0
[  378.412073][T15343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.412091][T15343] RIP: 0033:0x7f511f18e0dc
[  378.412109][T15343] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  378.412125][T15343] RSP: 002b:00007f5120035030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  378.412147][T15343] RAX: ffffffffffffffda RBX: 00007f511f3e6090 RCX: 00007f511f18e0dc
[  378.412161][T15343] RDX: 000000000000000f RSI: 00007f51200350a0 RDI: 000000000000000c
[  378.412173][T15343] RBP: 00007f5120035090 R08: 0000000000000000 R09: 0000000000000000
[  378.412186][T15343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.412197][T15343] R13: 00007f511f3e6128 R14: 00007f511f3e6090 R15: 00007fff47741018
[  378.412234][T15343]  </TASK>
[  378.706911][T15352] netlink: 'syz.0.2300': attribute type 1 has an invalid length.
[  378.758631][T15352] netlink: 'syz.0.2300': attribute type 11 has an invalid length.
[  378.813032][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.160267][T15370] netlink: 'syz.1.2305': attribute type 1 has an invalid length.
[  379.499019][T15383] netlink: 'syz.3.2308': attribute type 1 has an invalid length.
[  379.772857][T15384] bond9: (slave bridge3): making interface the new active one
[  379.836307][T15384] bond9: (slave bridge3): Enslaving as an active interface with an up link
[  379.950358][T15387] bond9: (slave bridge4): Enslaving as an active interface with a down link
[  380.111796][T15359] wg1 speed is unknown, defaulting to 1000
[  380.378440][T15394] IPVS: Scheduler module ip_vs_ not found
[  380.590256][T15410] batadv2: entered promiscuous mode
[  380.677274][T15423] sctp: [Deprecated]: syz.1.2319 (pid 15423) Use of int in max_burst socket option deprecated.
[  380.677274][T15423] Use struct sctp_assoc_value instead
[  380.694189][T15423] sctp: [Deprecated]: syz.1.2319 (pid 15423) Use of int in max_burst socket option deprecated.
[  380.694189][T15423] Use struct sctp_assoc_value instead
[  380.847019][T15436] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  381.169407][T15457] netlink: 'syz.1.2328': attribute type 15 has an invalid length.
[  381.365936][T15467] netlink: 'syz.0.2330': attribute type 1 has an invalid length.
[  381.392699][T15467] netlink: 'syz.0.2330': attribute type 9 has an invalid length.
[  381.400587][T15467] netlink: 'syz.0.2330': attribute type 11 has an invalid length.
[  381.895307][T15480] netlink: 'syz.0.2332': attribute type 11 has an invalid length.
[  381.914968][T15480] netlink: 'syz.0.2332': attribute type 11 has an invalid length.
[  381.934576][T15480] __nla_validate_parse: 12 callbacks suppressed
[  381.934990][T15480] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2332'.
[  381.981907][T15492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2336'.
[  382.043996][T15464] wg1 speed is unknown, defaulting to 1000
[  382.310068][T15504] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  382.339913][T15480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  382.470832][T15507] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2339'.
[  382.540383][T15508] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2340'.
[  383.103347][T15528] siw: device registration error -23
[  383.325023][T15530] netlink: 'syz.2.2346': attribute type 16 has an invalid length.
[  383.347884][T15530] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2346'.
[  383.358080][T15528] xt_TCPMSS: Only works on TCP SYN packets
[  383.461848][T15539] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2347'.
[  384.183834][T15556] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2350'.
[  384.282342][T15559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2353'.
[  384.299842][T15559] vxlan0: entered promiscuous mode
[  384.321437][T15559] vxlan0: entered allmulticast mode
[  384.328962][   T49] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  384.348423][   T49] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  384.361386][   T49] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  384.378360][   T49] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  384.596760][T15573] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  384.618443][T15573] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  384.630742][T15573] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  384.755383][T15573] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  384.766928][T15573] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  384.778634][T15573] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  384.938599][T15573] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  385.051279][T15573] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  385.081181][T15573] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  385.305542][T15584] bond0: (slave team0): Releasing backup interface
[  385.346559][T15584] bond0: (slave bond_slave_0): Releasing backup interface
[  385.530148][T15584] bond0: (slave bond_slave_1): Releasing backup interface
[  385.593441][T15584] team0: Port device team_slave_1 removed
[  385.606357][T15584] batman_adv: batadv0: Removing interface: batadv_slave_0
[  385.633808][T15584] batman_adv: batadv0: Removing interface: batadv_slave_1
[  385.659031][T15584] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  385.691722][T15568] wg1 speed is unknown, defaulting to 1000
[  385.697688][T15590] netlink: 'syz.2.2362': attribute type 3 has an invalid length.
[  385.709941][T15590] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2362'.
[  385.738842][T15573] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  385.759151][T15573] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  385.793259][T15573] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  385.976101][   T49] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  385.984955][   T49] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  386.018398][   T49] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  386.079140][   T49] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  386.107728][   T49] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  386.137340][   T49] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  386.187647][   T49] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  386.193227][T15601] x_tables: duplicate underflow at hook 3
[  386.201248][   T49] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  386.230427][   T49] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  386.301948][ T9378] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  386.310185][ T9378] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  386.331312][ T9378] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  386.364866][T15605] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2367'.
[  386.727161][T15617] netlink: 'syz.2.2369': attribute type 1 has an invalid length.
[  387.699462][T15645] __nla_validate_parse: 6 callbacks suppressed
[  387.699483][T15645] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2375'.
[  387.699999][T15642] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2374'.
[  387.776117][T15647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2376'.
[  387.919298][T15652] netlink: 'syz.3.2377': attribute type 1 has an invalid length.
[  387.988481][T15652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2377'.
[  388.241569][T15667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2381'.
[  388.256785][T15667] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2381'.
[  388.388731][T15667] xt_CT: No such helper "pptp"
[  388.520065][T15676] netlink: 'syz.1.2385': attribute type 5 has an invalid length.
[  388.574563][T15676] netlink: 'syz.1.2385': attribute type 1 has an invalid length.
[  388.601399][T15686] netlink: 'syz.2.2386': attribute type 16 has an invalid length.
[  388.619530][T15687] netlink: 'syz.2.2386': attribute type 16 has an invalid length.
[  388.635833][T15686] netlink: 'syz.2.2386': attribute type 3 has an invalid length.
[  388.661687][T15687] netlink: 'syz.2.2386': attribute type 3 has an invalid length.
[  388.690236][T15686] netlink: 63210 bytes leftover after parsing attributes in process `syz.2.2386'.
[  388.712515][T15687] netlink: 63210 bytes leftover after parsing attributes in process `syz.2.2386'.
[  388.963575][T15697] netlink: 'syz.2.2390': attribute type 3 has an invalid length.
[  389.035168][T15698] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2390'.
[  389.097329][T15702] caif0: entered promiscuous mode
[  389.103061][T15702] caif0: entered allmulticast mode
[  389.114405][T15702] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  389.214565][T15702] syzkaller0: entered promiscuous mode
[  389.228215][T15702] syzkaller0: entered allmulticast mode
[  389.253774][T15700] tipc: Resetting bearer <eth:syzkaller0>
[  389.305016][T15706] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2393'.
[  390.251279][ T6000] tipc: Node number set to 4288760277
[  391.459633][T15700] tipc: Disabling bearer <eth:syzkaller0>
[  391.481258][T15719] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[  391.770646][T15744] netlink: 'syz.2.2403': attribute type 1 has an invalid length.
[  391.907554][T15744] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.915286][T15705] wg1 speed is unknown, defaulting to 1000
[  391.989147][T15749] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.996760][T15749] bond0: (slave vxcan1): The slave device specified does not support setting the MAC address
[  392.009468][T15749] bond0: (slave vxcan1): Error -95 calling set_mac_address
[  392.238321][T15714] wg1 speed is unknown, defaulting to 1000
[  393.132447][T15755] netlink: 'syz.0.2405': attribute type 1 has an invalid length.
[  393.184221][T15762] __nla_validate_parse: 4 callbacks suppressed
[  393.184244][T15762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2405'.
[  394.022902][T15772] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2409'.
[  394.085338][T15775] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.103962][T15771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2408'.
[  394.118656][T15771] dummy0: Device is already in use.
[  394.278796][T15778] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2411'.
[  394.340734][T15782] syzkaller0: entered promiscuous mode
[  394.371357][T15782] syzkaller0: entered allmulticast mode
[  394.394900][T15782] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  394.423324][T15781] tipc: Resetting bearer <eth:syzkaller0>
[  394.493025][T15781] tipc: Disabling bearer <eth:syzkaller0>
[  394.749453][T15792] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2414'.
[  394.775529][T15792] 8021q: adding VLAN 0 to HW filter on device bond0
[  394.804049][T15797] veth0_to_bond: left allmulticast mode
[  394.809670][T15797] veth0_to_bond: left promiscuous mode
[  394.831687][T15797] bridge2: port 2(veth0_to_bond) entered disabled state
[  394.886642][T15797] veth3: left allmulticast mode
[  394.893053][T15797] veth3: left promiscuous mode
[  394.898758][T15797] bridge2: port 1(veth3) entered disabled state
[  394.924140][T15797] bond3: (slave geneve3): Releasing active interface
[  394.949751][ T9378] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 20004 - 0
[  394.961919][ T9378] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 20004 - 0
[  394.979091][ T9378] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 20004 - 0
[  395.008061][ T9378] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 20004 - 0
[  395.461372][T15806] wg1 speed is unknown, defaulting to 1000
[  395.733240][T15813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2419'.
[  395.993637][T15817] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2421'.
[  396.073516][T15822] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2422'.
[  396.123812][T15824] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2422'.
[  396.174499][T15829] netlink: 220 bytes leftover after parsing attributes in process `syz.0.2424'.
[  396.345196][T15804] wg1 speed is unknown, defaulting to 1000
[  396.982020][T15852] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6_vti0, syncid = 1, id = 0
[  397.100840][T15860] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  397.228148][T15860] tipc: Disabling bearer <eth:syzkaller0>
[  397.753647][T15881] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  398.455344][T15897] __nla_validate_parse: 2 callbacks suppressed
[  398.455366][T15897] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2445'.
[  398.483975][T15897] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  399.567634][T15934] netlink: 'syz.1.2456': attribute type 13 has an invalid length.
[  399.725136][T15943] netlink: 'syz.4.2458': attribute type 1 has an invalid length.
[  399.897288][T15941] 8021q: adding VLAN 0 to HW filter on device bond13
[  400.189863][T15965] netlink: 'syz.1.2462': attribute type 25 has an invalid length.
[  400.218556][T15967] pim6reg99999999: entered allmulticast mode
[  400.371854][T15948] wg1 speed is unknown, defaulting to 1000
[  400.629696][T15988] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2467'.
[  400.694681][T15981] netlink: 'syz.2.2465': attribute type 4 has an invalid length.
[  400.926017][T16002] netlink: 'syz.1.2470': attribute type 3 has an invalid length.
[  400.936992][T16002] netlink: 'syz.1.2470': attribute type 3 has an invalid length.
[  401.093039][T16010] veth1_to_bond: entered allmulticast mode
[  401.099902][T16010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2473'.
[  401.160930][T16017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2475'.
[  401.161534][T16012] netlink: 'syz.2.2473': attribute type 10 has an invalid length.
[  401.294254][T16010] veth1_to_bond (unregistering): left allmulticast mode
[  401.504200][T16032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2480'.
[  401.535250][T15939] wg1 speed is unknown, defaulting to 1000
[  401.630257][T16032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2480'.
[  402.157858][T16026] wg1 speed is unknown, defaulting to 1000
[  402.964285][T16070] geneve4: entered promiscuous mode
[  402.978205][T16070] geneve4: entered allmulticast mode
[  403.474522][T16095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2492'.
[  403.501146][T16046] wg1 speed is unknown, defaulting to 1000
[  403.554258][T16045] wg1 speed is unknown, defaulting to 1000
[  405.506445][T16135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2499'.
[  405.539074][T16117] wg1 speed is unknown, defaulting to 1000
[  405.791922][T16140] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2501'.
[  405.803415][T16140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2501'.
[  406.156763][T16144] netlink: 'syz.0.2503': attribute type 1 has an invalid length.
[  406.242572][T16146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2503'.
[  406.503762][T16149] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2504'.
[  406.643052][T16135] wg1 speed is unknown, defaulting to 1000
[  406.743080][T16153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2505'.
[  407.063024][T16159] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2506'.
[  408.576071][T16183] netlink: 'syz.1.2514': attribute type 10 has an invalid length.
[  408.593856][T16183] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2514'.
[  408.610511][T16183] batadv0: entered promiscuous mode
[  408.617765][T16183] batadv0: entered allmulticast mode
[  408.623855][T16183] bridge0: port 2(batadv0) entered blocking state
[  408.630842][T16183] bridge0: port 2(batadv0) entered disabled state
[  408.646034][T16188] x_tables: duplicate underflow at hook 2
[  408.679294][T16155] wg1 speed is unknown, defaulting to 1000
[  408.724263][T16187] syzkaller0: entered promiscuous mode
[  408.758265][T16188] netlink: 'syz.1.2514': attribute type 21 has an invalid length.
[  408.766436][T16187] syzkaller0: entered allmulticast mode
[  408.791859][T16156] wg1 speed is unknown, defaulting to 1000
[  408.825113][T16188] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2514'.
[  408.839810][T16185] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2515'.
[  408.873911][T16187] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2515'.
[  408.930280][ T9379] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  408.939902][ T9379] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  409.270603][T16186] wg1 speed is unknown, defaulting to 1000
[  410.052157][T16209] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2520'.
[  411.430252][T16239] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2527'.
[  411.509973][T16243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2528'.
[  411.587167][T16243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2528'.
[  412.068386][T16260] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2532'.
[  412.089960][T16260] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2532'.
[  412.110438][T16261] netlink: 'syz.2.2531': attribute type 23 has an invalid length.
[  412.943022][T16286] netlink: 'syz.0.2538': attribute type 1 has an invalid length.
[  413.199843][T16305] lo: entered allmulticast mode
[  413.232074][T16304] lo: left allmulticast mode
[  413.426871][T16290] wg1 speed is unknown, defaulting to 1000
[  413.825695][T16326] macvtap2: entered promiscuous mode
[  413.831062][T16326] veth1_to_hsr: entered promiscuous mode
[  413.844868][T16326] macvtap2: entered allmulticast mode
[  413.850307][T16326] veth1_to_hsr: entered allmulticast mode
[  413.898313][T16328] geneve4: entered promiscuous mode
[  413.905905][ T9378] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  413.921338][ T9378] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  413.994901][T16332] 8021q: adding VLAN 0 to HW filter on device bond9
[  413.995653][T16338] __nla_validate_parse: 5 callbacks suppressed
[  413.995670][T16338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2556'.
[  414.014374][ T9378] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  414.026142][ T9378] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  414.093750][T16338] 8021q: adding VLAN 0 to HW filter on device bond15
[  414.335512][T16349] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2558'.
[  414.335512][T16348] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2558'.
[  414.587712][T16359] netlink: 'syz.1.2560': attribute type 8 has an invalid length.
[  415.358876][T16377] netlink: 'syz.0.2566': attribute type 6 has an invalid length.
[  415.387876][T16377] netlink: 'syz.0.2566': attribute type 13 has an invalid length.
[  415.627887][T16358] wg1 speed is unknown, defaulting to 1000
[  415.644145][T16383] ¾x9ÿ: renamed from bridge_slave_0
[  416.356463][T16381] wg1 speed is unknown, defaulting to 1000
[  416.468841][T16406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2573'.
[  416.479721][T16408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2573'.
[  417.208044][T16422] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2576'.
[  417.297851][T16422] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2576'.
[  417.518105][T16384] wg1 speed is unknown, defaulting to 1000
[  417.533603][T16386] wg1 speed is unknown, defaulting to 1000
[  417.805543][T16440] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2579'.
[  417.851291][T16440] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  418.900614][T16457] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2584'.
[  418.955129][T16458] netlink: 'syz.4.2584': attribute type 1 has an invalid length.
[  418.963674][T16458] netlink: 228 bytes leftover after parsing attributes in process `syz.4.2584'.
[  418.983779][T16457] geneve5: entered promiscuous mode
[  418.989706][T16457] geneve5: entered allmulticast mode
[  419.023384][ T9379] netdevsim netdevsim4 eth0: set [1, 2] type 2 family 0 port 48205 - 0
[  419.026092][T16458] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2584'.
[  419.049165][ T9379] netdevsim netdevsim4 eth1: set [1, 2] type 2 family 0 port 48205 - 0
[  419.080637][ T9379] netdevsim netdevsim4 eth2: set [1, 2] type 2 family 0 port 48205 - 0
[  419.357194][ T9379] netdevsim netdevsim4 eth3: set [1, 2] type 2 family 0 port 48205 - 0
[  419.722356][T16471] tipc: Invalid UDP bearer configuration
[  419.722423][T16471] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  419.810844][T16473] gretap4: entered promiscuous mode
[  419.817186][T16473] gretap4: entered allmulticast mode
[  419.951586][T16481] bond0: option arp_interval: mode dependency failed, not supported in mode balance-alb(6)
[  419.967264][T16481] netlink: 'syz.2.2591': attribute type 13 has an invalid length.
[  420.146381][T16488] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2592'.
[  420.161453][T16488] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2592'.
[  420.172526][T16488] netlink: 'syz.4.2592': attribute type 5 has an invalid length.
[  420.181608][T16488] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2592'.
[  420.598455][ T9379] nci: nci_rsp_packet: unknown rsp opcode 0x73a
[  420.709142][T16508] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2599'.
[  420.821610][T16511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2599'.
[  420.848329][T16511] gtp1: entered promiscuous mode
[  420.871456][T16511] gtp1: entered allmulticast mode
[  421.336294][T16522] netlink: 'syz.4.2603': attribute type 6 has an invalid length.
[  421.345539][T16522] netlink: 176 bytes leftover after parsing attributes in process `syz.4.2603'.
[  421.473335][T16530] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2605'.
[  421.528340][T16531] veth0_to_hsr: left promiscuous mode
[  421.616842][T16531] veth0_to_hsr: left allmulticast mode
[  421.625711][T16531] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  421.633708][T16531] gretap1: left promiscuous mode
[  421.638939][T16531] gretap1: left allmulticast mode
[  421.646937][T16531] bond2: left promiscuous mode
[  421.685694][T16531] bond4: left promiscuous mode
[  421.694266][T16531] wireguard0: left promiscuous mode
[  421.703703][T16538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2604'.
[  421.704807][T16531] bond5: left promiscuous mode
[  421.740430][T16531] bond6: left promiscuous mode
[  421.746892][T16531] veth3: left promiscuous mode
[  421.753434][T16531] macsec1: left promiscuous mode
[  421.774904][T16531] macsec1: left allmulticast mode
[  421.784731][T16531] bridge2: left promiscuous mode
[  421.800978][T16531] bridge2: left allmulticast mode
[  421.820922][T16531] veth5: left promiscuous mode
[  421.827796][T16531] ip6tnl3: left promiscuous mode
[  421.833010][T16531] ip6tnl3: left allmulticast mode
[  421.838605][T16531] gtp0: left promiscuous mode
[  421.873534][T16538] hsr_slave_0: left promiscuous mode
[  421.993756][T16540] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2607'.
[  422.014093][T16540] xfrm1: entered allmulticast mode
[  422.370905][T16551] netlink: 'syz.0.2612': attribute type 1 has an invalid length.
[  422.635947][T16568] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  422.649604][T16569] netlink: 'syz.0.2618': attribute type 1 has an invalid length.
[  422.848206][T16548] wg1 speed is unknown, defaulting to 1000
[  423.191273][T16586] netlink: 'syz.1.2623': attribute type 1 has an invalid length.
[  423.708023][T16589] wg1 speed is unknown, defaulting to 1000
[  424.690991][T16635] __nla_validate_parse: 5 callbacks suppressed
[  424.691013][T16635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2635'.
[  424.708814][T16635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2635'.
[  424.833704][T16638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2637'.
[  424.846672][T16638] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2637'.
[  424.858694][T16638] netlink: 532 bytes leftover after parsing attributes in process `syz.0.2637'.
[  425.117374][T16647] xt_l2tp: wrong L2TP version: 1
[  425.305781][T16656] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2642'.
[  425.433527][T16667] netlink: 'syz.2.2645': attribute type 6 has an invalid length.
[  425.441573][T16667] IPv6: NLM_F_CREATE should be specified when creating new route
[  425.478817][T16669] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2644'.
[  425.498223][T16669] bridge5: entered allmulticast mode
[  425.630308][T16678] netlink: 'syz.2.2649': attribute type 1 has an invalid length.
[  426.068983][T16674] wg1 speed is unknown, defaulting to 1000
[  426.132902][T16691] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2653'.
[  426.259567][T16696] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2654'.
[  426.342911][T16696] 8021q: adding VLAN 0 to HW filter on device bond3
[  426.419709][T16707] netlink: 'syz.2.2657': attribute type 10 has an invalid length.
[  426.424728][T16705] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2656'.
[  426.508159][T16713] netlink: 'syz.2.2658': attribute type 21 has an invalid length.
[  426.737298][T16720] netlink: 'syz.2.2660': attribute type 1 has an invalid length.
[  427.851296][T16753] netlink: 'syz.2.2671': attribute type 1 has an invalid length.
[  440.224254][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.665690][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  563.104712][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  575.901385][   T31] INFO: task kworker/1:10:5981 blocked for more than 143 seconds.
[  575.909239][   T31]       Not tainted syzkaller #0
[  575.914264][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  575.922980][   T31] task:kworker/1:10    state:D stack:24232 pid:5981  tgid:5981  ppid:2      task_flags:0x4208060 flags:0x00080000
[  575.935021][   T31] Workqueue: events rfkill_sync_work
[  575.940311][   T31] Call Trace:
[  575.943615][   T31]  <TASK>
[  575.946563][   T31]  __schedule+0x1798/0x4cc0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  575.951202][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  575.956812][   T31]  ? __pfx___schedule+0x10/0x10
[  575.961767][   T31]  ? schedule+0x91/0x360
[  575.966494][   T31]  schedule+0x165/0x360
[  575.970811][   T31]  schedule_preempt_disabled+0x13/0x30
[  575.976343][   T31]  __mutex_lock+0x7e6/0x1350
[  575.981193][   T31]  ? __mutex_lock+0x5bb/0x1350
[  575.985988][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  576.006536][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  576.021359][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  576.026620][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  576.042328][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  576.048736][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  576.054611][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  576.059760][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  576.065908][   T31]  rfkill_set_block+0x1d2/0x440
[  576.070811][   T31]  rfkill_sync_work+0x114/0x200
[  576.075844][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  576.082439][   T31]  process_scheduled_works+0xae1/0x17b0
[  576.088475][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  576.094941][   T31]  worker_thread+0x8a0/0xda0
[  576.099566][   T31]  kthread+0x711/0x8a0
[  576.103858][   T31]  ? __pfx_worker_thread+0x10/0x10
[  576.109078][   T31]  ? __pfx_kthread+0x10/0x10
[  576.113795][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  576.118998][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  576.124222][   T31]  ? __pfx_kthread+0x10/0x10
[  576.128816][   T31]  ret_from_fork+0x4bc/0x870
[  576.133457][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  576.138584][   T31]  ? __switch_to_asm+0x39/0x70
[  576.144878][   T31]  ? __switch_to_asm+0x33/0x70
[  576.149677][   T31]  ? __pfx_kthread+0x10/0x10
[  576.154464][   T31]  ret_from_fork_asm+0x1a/0x30
[  576.159257][   T31]  </TASK>
[  576.162365][   T31] INFO: task kworker/1:11:5982 blocked for more than 143 seconds.
[  576.170201][   T31]       Not tainted syzkaller #0
[  576.175233][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  576.184033][   T31] task:kworker/1:11    state:D stack:24744 pid:5982  tgid:5982  ppid:2      task_flags:0x4208060 flags:0x00080000
[  576.196172][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  576.203202][   T31] Call Trace:
[  576.206498][   T31]  <TASK>
[  576.209445][   T31]  __schedule+0x1798/0x4cc0
[  576.214134][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  576.219545][   T31]  ? __pfx___schedule+0x10/0x10
[  576.224548][   T31]  ? schedule+0x91/0x360
[  576.228912][   T31]  schedule+0x165/0x360
[  576.233250][   T31]  schedule_preempt_disabled+0x13/0x30
[  576.238741][   T31]  __mutex_lock+0x7e6/0x1350
[  576.243368][   T31]  ? __mutex_lock+0x5bb/0x1350
[  576.248128][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  576.254402][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  576.259440][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  576.265190][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  576.270911][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  576.276998][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  576.282835][   T31]  process_scheduled_works+0xae1/0x17b0
[  576.288400][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  576.294434][   T31]  worker_thread+0x8a0/0xda0
[  576.299042][   T31]  kthread+0x711/0x8a0
[  576.303147][   T31]  ? __pfx_worker_thread+0x10/0x10
[  576.308249][   T31]  ? __pfx_kthread+0x10/0x10
[  576.313010][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  576.318314][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  576.323541][   T31]  ? __pfx_kthread+0x10/0x10
[  576.328126][   T31]  ret_from_fork+0x4bc/0x870
[  576.332728][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  576.337836][   T31]  ? __switch_to_asm+0x39/0x70
[  576.342609][   T31]  ? __switch_to_asm+0x33/0x70
[  576.347360][   T31]  ? __pfx_kthread+0x10/0x10
[  576.351989][   T31]  ret_from_fork_asm+0x1a/0x30
[  576.356789][   T31]  </TASK>
[  576.359841][   T31] INFO: task syz.3.2598:16499 blocked for more than 143 seconds.
[  576.367933][   T31]       Not tainted syzkaller #0
[  576.372901][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  576.381758][   T31] task:syz.3.2598      state:D stack:25608 pid:16499 tgid:16499 ppid:5839   task_flags:0x400040 flags:0x00080002
[  576.393760][   T31] Call Trace:
[  576.397061][   T31]  <TASK>
[  576.400012][   T31]  __schedule+0x1798/0x4cc0
[  576.404585][   T31]  ? validate_chain+0x897/0x2140
[  576.409521][   T31]  ? __lock_acquire+0xab9/0xd20
[  576.414481][   T31]  ? __pfx___schedule+0x10/0x10
[  576.419558][   T31]  ? schedule+0x91/0x360
[  576.423865][   T31]  schedule+0x165/0x360
[  576.428094][   T31]  schedule_timeout+0x9a/0x270
[  576.432987][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  576.438396][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  576.443654][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  576.448862][   T31]  ? wait_for_completion+0x267/0x5d0
[  576.454173][   T31]  wait_for_completion+0x2bf/0x5d0
[  576.459295][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  576.464972][   T31]  ? __flush_work+0xd2/0xbc0
[  576.469560][   T31]  ? __flush_work+0xd2/0xbc0
[  576.474186][   T31]  __flush_work+0x9b9/0xbc0
[  576.478702][   T31]  ? __flush_work+0xd2/0xbc0
[  576.483319][   T31]  ? __pfx___flush_work+0x10/0x10
[  576.488336][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  576.493677][   T31]  ? __pfx___cancel_work+0x10/0x10
[  576.498801][   T31]  ? nfc_genl_device_removed+0x23c/0x330
[  576.504507][   T31]  __cancel_work_sync+0xbe/0x110
[  576.509468][   T31]  rfkill_unregister+0x92/0x220
[  576.514356][   T31]  nfc_unregister_device+0x96/0x2a0
[  576.519634][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  576.525388][   T31]  virtual_ncidev_close+0x56/0x90
[  576.530410][   T31]  __fput+0x44c/0xa70
[  576.534472][   T31]  task_work_run+0x1d4/0x260
[  576.539086][   T31]  ? __pfx_task_work_run+0x10/0x10
[  576.544252][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[  576.549737][   T31]  exit_to_user_mode_loop+0xe9/0x130
[  576.555151][   T31]  do_syscall_64+0x2bd/0xfa0
[  576.559753][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.565870][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  576.572054][   T31]  ? clear_bhb_loop+0x60/0xb0
[  576.576732][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.582962][   T31] RIP: 0033:0x7fbd1df8f6c9
[  576.587390][   T31] RSP: 002b:00007ffc2773eb98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  576.595834][   T31] RAX: 0000000000000000 RBX: 00007fbd1e1e7da0 RCX: 00007fbd1df8f6c9
[  576.603826][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  576.611824][   T31] RBP: 00007fbd1e1e7da0 R08: 000000000000009c R09: 000000082773ee8f
[  576.619876][   T31] R10: 00007fbd1e1e7cb0 R11: 0000000000000246 R12: 0000000000066da4
[  576.627888][   T31] R13: 00007fbd1e1e6090 R14: ffffffffffffffff R15: 00007ffc2773ecb0
[  576.635895][   T31]  </TASK>
[  576.638938][   T31] INFO: task syz.0.2642:16653 blocked for more than 144 seconds.
[  576.651428][   T31]       Not tainted syzkaller #0
[  576.656392][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  576.665122][   T31] task:syz.0.2642      state:D stack:28296 pid:16653 tgid:16652 ppid:5836   task_flags:0x400040 flags:0x00080002
[  576.677200][   T31] Call Trace:
[  576.680496][   T31]  <TASK>
[  576.683493][   T31]  __schedule+0x1798/0x4cc0
[  576.688033][   T31]  ? __lock_acquire+0xab9/0xd20
[  576.692943][   T31]  ? __lock_acquire+0xab9/0xd20
[  576.697804][   T31]  ? __pfx___schedule+0x10/0x10
[  576.702714][   T31]  ? schedule+0x91/0x360
[  576.706974][   T31]  schedule+0x165/0x360
[  576.711185][   T31]  schedule_preempt_disabled+0x13/0x30
[  576.716666][   T31]  __mutex_lock+0x7e6/0x1350
[  576.721284][   T31]  ? __mutex_lock+0x5bb/0x1350
[  576.726044][   T31]  ? rfkill_fop_open+0x12d/0x820
[  576.730977][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  576.736026][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  576.741341][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  576.746709][   T31]  rfkill_fop_open+0x12d/0x820
[  576.751534][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[  576.756834][   T31]  misc_open+0x2d5/0x350
[  576.761124][   T31]  chrdev_open+0x4cc/0x5e0
[  576.765559][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  576.770493][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  576.776851][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  576.782008][   T31]  do_dentry_open+0x953/0x13f0
[  576.786800][   T31]  vfs_open+0x3b/0x340
[  576.790863][   T31]  ? path_openat+0x2ecd/0x3830
[  576.795658][   T31]  path_openat+0x2ee5/0x3830
[  576.800750][   T31]  ? __pfx_path_openat+0x10/0x10
[  576.805776][   T31]  do_filp_open+0x1fa/0x410
[  576.810274][   T31]  ? __lock_acquire+0xab9/0xd20
[  576.815139][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  576.820175][   T31]  ? _raw_spin_unlock+0x28/0x50
[  576.825042][   T31]  ? alloc_fd+0x64c/0x6c0
[  576.829377][   T31]  do_sys_openat2+0x121/0x1c0
[  576.834076][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  576.839269][   T31]  ? exc_page_fault+0x82/0x100
[  576.844053][   T31]  ? do_user_addr_fault+0xc85/0x1380
[  576.849419][   T31]  __x64_sys_openat+0x138/0x170
[  576.854304][   T31]  do_syscall_64+0xfa/0xfa0
[  576.858797][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  576.864034][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.870097][   T31]  ? clear_bhb_loop+0x60/0xb0
[  576.874806][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.880693][   T31] RIP: 0033:0x7fcf4fd8f6c9
[  576.885141][   T31] RSP: 002b:00007fcf50cac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  576.893579][   T31] RAX: ffffffffffffffda RBX: 00007fcf4ffe5fa0 RCX: 00007fcf4fd8f6c9
[  576.901602][   T31] RDX: 0000000000080040 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  576.909567][   T31] RBP: 00007fcf4fe11f91 R08: 0000000000000000 R09: 0000000000000000
[  576.917562][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  576.925643][   T31] R13: 00007fcf4ffe6038 R14: 00007fcf4ffe5fa0 R15: 00007ffceaec20b8
[  576.933651][   T31]  </TASK>
[  576.936679][   T31] INFO: task syz.1.2656:16704 blocked for more than 144 seconds.
[  576.944487][   T31]       Not tainted syzkaller #0
[  576.949410][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  576.958096][   T31] task:syz.1.2656      state:D stack:28296 pid:16704 tgid:16702 ppid:5823   task_flags:0x400040 flags:0x00080002
[  576.970026][   T31] Call Trace:
[  576.973326][   T31]  <TASK>
[  576.976257][   T31]  __schedule+0x1798/0x4cc0
[  576.980759][   T31]  ? security_file_open+0xb1/0x270
[  576.985911][   T31]  ? __lock_acquire+0xab9/0xd20
[  576.990757][   T31]  ? __lock_acquire+0xab9/0xd20
[  576.995626][   T31]  ? __pfx___schedule+0x10/0x10
[  577.000499][   T31]  ? schedule+0x91/0x360
[  577.004764][   T31]  schedule+0x165/0x360
[  577.008950][   T31]  schedule_preempt_disabled+0x13/0x30
[  577.014582][   T31]  __mutex_lock+0x7e6/0x1350
[  577.019198][   T31]  ? __mutex_lock+0x5bb/0x1350
[  577.024084][   T31]  ? misc_open+0x51/0x350
[  577.028426][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  577.033482][   T31]  misc_open+0x51/0x350
[  577.037636][   T31]  chrdev_open+0x4cc/0x5e0
[  577.042077][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  577.047021][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  577.053388][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  577.058335][   T31]  do_dentry_open+0x953/0x13f0
[  577.063399][   T31]  vfs_open+0x3b/0x340
[  577.067497][   T31]  ? path_openat+0x2ecd/0x3830
[  577.072302][   T31]  path_openat+0x2ee5/0x3830
[  577.076934][   T31]  ? __pfx_path_openat+0x10/0x10
[  577.081919][   T31]  do_filp_open+0x1fa/0x410
[  577.086425][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.091303][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  577.096365][   T31]  ? _raw_spin_unlock+0x28/0x50
[  577.101390][   T31]  ? alloc_fd+0x64c/0x6c0
[  577.105841][   T31]  do_sys_openat2+0x121/0x1c0
[  577.110597][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  577.115825][   T31]  ? exc_page_fault+0x82/0x100
[  577.120588][   T31]  ? do_user_addr_fault+0xc85/0x1380
[  577.125932][   T31]  __x64_sys_openat+0x138/0x170
[  577.130814][   T31]  do_syscall_64+0xfa/0xfa0
[  577.135367][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  577.140557][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.146644][   T31]  ? clear_bhb_loop+0x60/0xb0
[  577.151336][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.157221][   T31] RIP: 0033:0x7f511f18f6c9
[  577.161763][   T31] RSP: 002b:00007f5120056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  577.170343][   T31] RAX: ffffffffffffffda RBX: 00007f511f3e5fa0 RCX: 00007f511f18f6c9
[  577.178336][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  577.189705][   T31] RBP: 00007f511f211f91 R08: 0000000000000000 R09: 0000000000000000
[  577.197855][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  577.206382][   T31] R13: 00007f511f3e6038 R14: 00007f511f3e5fa0 R15: 00007fff47741018
[  577.214415][   T31]  </TASK>
[  577.217447][   T31] INFO: task syz.4.2670:16747 blocked for more than 144 seconds.
[  577.225226][   T31]       Not tainted syzkaller #0
[  577.230153][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  577.238853][   T31] task:syz.4.2670      state:D stack:27008 pid:16747 tgid:16746 ppid:5825   task_flags:0x400040 flags:0x00080002
[  577.250788][   T31] Call Trace:
[  577.254175][   T31]  <TASK>
[  577.257279][   T31]  __schedule+0x1798/0x4cc0
[  577.261827][   T31]  ? security_file_open+0xb1/0x270
[  577.266941][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.271857][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.276713][   T31]  ? __pfx___schedule+0x10/0x10
[  577.281623][   T31]  ? schedule+0x91/0x360
[  577.285896][   T31]  schedule+0x165/0x360
[  577.290056][   T31]  schedule_preempt_disabled+0x13/0x30
[  577.295544][   T31]  __mutex_lock+0x7e6/0x1350
[  577.300136][   T31]  ? __mutex_lock+0x5bb/0x1350
[  577.304925][   T31]  ? misc_open+0x51/0x350
[  577.309252][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  577.314305][   T31]  misc_open+0x51/0x350
[  577.318459][   T31]  chrdev_open+0x4cc/0x5e0
[  577.322909][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  577.327841][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  577.334185][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  577.339118][   T31]  do_dentry_open+0x953/0x13f0
[  577.343921][   T31]  vfs_open+0x3b/0x340
[  577.347982][   T31]  ? path_openat+0x2ecd/0x3830
[  577.352860][   T31]  path_openat+0x2ee5/0x3830
[  577.357468][   T31]  ? __pfx_path_openat+0x10/0x10
[  577.362441][   T31]  do_filp_open+0x1fa/0x410
[  577.367115][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.371980][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  577.377020][   T31]  ? _raw_spin_unlock+0x28/0x50
[  577.382089][   T31]  ? alloc_fd+0x64c/0x6c0
[  577.386479][   T31]  do_sys_openat2+0x121/0x1c0
[  577.391243][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  577.396600][   T31]  ? exc_page_fault+0x82/0x100
[  577.401541][   T31]  ? do_user_addr_fault+0xc85/0x1380
[  577.406846][   T31]  __x64_sys_openat+0x138/0x170
[  577.411741][   T31]  do_syscall_64+0xfa/0xfa0
[  577.416290][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  577.421517][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.427593][   T31]  ? clear_bhb_loop+0x60/0xb0
[  577.432307][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.438196][   T31] RIP: 0033:0x7fb3f658f6c9
[  577.442639][   T31] RSP: 002b:00007fb3f47f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  577.451136][   T31] RAX: ffffffffffffffda RBX: 00007fb3f67e5fa0 RCX: 00007fb3f658f6c9
[  577.459122][   T31] RDX: 0000000000040241 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  577.467135][   T31] RBP: 00007fb3f6611f91 R08: 0000000000000000 R09: 0000000000000000
[  577.475127][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  577.483142][   T31] R13: 00007fb3f67e6038 R14: 00007fb3f67e5fa0 R15: 00007ffed738c088
[  577.491193][   T31]  </TASK>
[  577.494348][   T31] INFO: task syz.2.2675:16762 blocked for more than 144 seconds.
[  577.502223][   T31]       Not tainted syzkaller #0
[  577.507155][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  577.515836][   T31] task:syz.2.2675      state:D stack:28296 pid:16762 tgid:16761 ppid:5832   task_flags:0x400040 flags:0x00080002
[  577.527827][   T31] Call Trace:
[  577.531169][   T31]  <TASK>
[  577.534124][   T31]  __schedule+0x1798/0x4cc0
[  577.538647][   T31]  ? security_file_open+0xb1/0x270
[  577.544008][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.548872][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.553762][   T31]  ? __pfx___schedule+0x10/0x10
[  577.558784][   T31]  ? schedule+0x91/0x360
[  577.563089][   T31]  schedule+0x165/0x360
[  577.567253][   T31]  schedule_preempt_disabled+0x13/0x30
[  577.572858][   T31]  __mutex_lock+0x7e6/0x1350
[  577.577453][   T31]  ? __mutex_lock+0x5bb/0x1350
[  577.582280][   T31]  ? misc_open+0x51/0x350
[  577.586630][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  577.591690][   T31]  misc_open+0x51/0x350
[  577.595850][   T31]  chrdev_open+0x4cc/0x5e0
[  577.600300][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  577.605275][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  577.611659][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  577.616594][   T31]  do_dentry_open+0x953/0x13f0
[  577.621408][   T31]  vfs_open+0x3b/0x340
[  577.625467][   T31]  ? path_openat+0x2ecd/0x3830
[  577.630309][   T31]  path_openat+0x2ee5/0x3830
[  577.634991][   T31]  ? __pfx_path_openat+0x10/0x10
[  577.639963][   T31]  do_filp_open+0x1fa/0x410
[  577.644564][   T31]  ? __lock_acquire+0xab9/0xd20
[  577.649411][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  577.654767][   T31]  ? _raw_spin_unlock+0x28/0x50
[  577.659629][   T31]  ? alloc_fd+0x64c/0x6c0
[  577.664019][   T31]  do_sys_openat2+0x121/0x1c0
[  577.668723][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  577.673942][   T31]  ? exc_page_fault+0x82/0x100
[  577.678709][   T31]  ? do_user_addr_fault+0xc85/0x1380
[  577.684032][   T31]  __x64_sys_openat+0x138/0x170
[  577.688897][   T31]  do_syscall_64+0xfa/0xfa0
[  577.693503][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  577.698702][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.704796][   T31]  ? clear_bhb_loop+0x60/0xb0
[  577.709468][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.715385][   T31] RIP: 0033:0x7f7bc658f6c9
[  577.719795][   T31] RSP: 002b:00007f7bc7462038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  577.728227][   T31] RAX: ffffffffffffffda RBX: 00007f7bc67e5fa0 RCX: 00007f7bc658f6c9
[  577.736493][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  577.744526][   T31] RBP: 00007f7bc6611f91 R08: 0000000000000000 R09: 0000000000000000
[  577.752522][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  577.760485][   T31] R13: 00007f7bc67e6038 R14: 00007f7bc67e5fa0 R15: 00007ffd95bf2568
[  577.768512][   T31]  </TASK>
[  577.771687][   T31] 
[  577.771687][   T31] Showing all locks held in the system:
[  577.779409][   T31] 1 lock held by khungtaskd/31:
[  577.784295][   T31]  #0: ffffffff8df3d660 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  577.794164][   T31] 2 locks held by kworker/u8:6/1160:
[  577.799435][   T31]  #0: ffff88801a069148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  577.811642][   T31]  #1: ffffc9000400fba0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  577.824375][   T31] 2 locks held by getty/5589:
[  577.829038][   T31]  #0: ffff8880339c10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  577.838903][   T31]  #1: ffffc9000331e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  577.849011][   T31] 4 locks held by kworker/1:10/5981:
[  577.854322][   T31]  #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  577.865394][   T31]  #1: ffffc9000472fba0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  577.877768][   T31]  #2: ffffffff8f5ac768 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[  577.887807][   T31]  #3: ffff888026880100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  577.897497][   T31] 3 locks held by kworker/1:11/5982:
[  577.902816][   T31]  #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  577.913853][   T31]  #1: ffffc9000473fba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  577.927361][   T31]  #2: ffffffff8f5ac768 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  577.938966][   T31] 1 lock held by syz.3.2598/16499:
[  577.944093][   T31]  #0: ffff888026880100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  577.953965][   T31] 2 locks held by syz.0.2642/16653:
[  577.959237][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  577.967687][   T31]  #1: ffffffff8f5ac768 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  577.977820][   T31] 1 lock held by syz.1.2656/16704:
[  577.983119][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  577.991679][   T31] 1 lock held by syz.4.2670/16747:
[  577.996772][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.005231][   T31] 1 lock held by syz.2.2675/16762:
[  578.010327][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.018854][   T31] 1 lock held by syz-executor/16765:
[  578.024191][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.032735][   T31] 1 lock held by syz-executor/16767:
[  578.038037][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.046490][   T31] 1 lock held by syz-executor/16769:
[  578.051936][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.060371][   T31] 1 lock held by syz-executor/16772:
[  578.065736][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.074247][   T31] 1 lock held by syz-executor/16773:
[  578.079537][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.087994][   T31] 1 lock held by syz-executor/16775:
[  578.093380][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.101835][   T31] 1 lock held by syz-executor/16778:
[  578.107105][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.115578][   T31] 1 lock held by syz-executor/16779:
[  578.121150][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.129617][   T31] 1 lock held by syz-executor/16782:
[  578.134922][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.143481][   T31] 1 lock held by syz-executor/16783:
[  578.148798][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.157377][   T31] 1 lock held by syz-executor/16785:
[  578.162692][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.171182][   T31] 1 lock held by syz-executor/16788:
[  578.176470][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.184944][   T31] 1 lock held by syz-executor/16789:
[  578.190308][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.198911][   T31] 1 lock held by syz-executor/16792:
[  578.204207][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.212695][   T31] 1 lock held by syz-executor/16793:
[  578.217967][   T31]  #0: ffffffff8e775428 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  578.229865][   T31] 
[  578.232303][   T31] =============================================
[  578.232303][   T31] 
[  578.240755][   T31] NMI backtrace for cpu 0
[  578.240768][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  578.240781][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  578.240789][   T31] Call Trace:
[  578.240795][   T31]  <TASK>
[  578.240802][   T31]  dump_stack_lvl+0x189/0x250
[  578.240823][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.240837][   T31]  ? __pfx__printk+0x10/0x10
[  578.240855][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  578.240871][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  578.240886][   T31]  ? __pfx__printk+0x10/0x10
[  578.240900][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  578.240918][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  578.240933][   T31]  watchdog+0xf60/0xfa0
[  578.240947][   T31]  ? watchdog+0x1e2/0xfa0
[  578.240961][   T31]  kthread+0x711/0x8a0
[  578.240977][   T31]  ? __pfx_watchdog+0x10/0x10
[  578.240988][   T31]  ? __pfx_kthread+0x10/0x10
[  578.241002][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  578.241027][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  578.241042][   T31]  ? __pfx_kthread+0x10/0x10
[  578.241067][   T31]  ret_from_fork+0x4bc/0x870
[  578.241089][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  578.241115][   T31]  ? __switch_to_asm+0x39/0x70
[  578.241130][   T31]  ? __switch_to_asm+0x33/0x70
[  578.241144][   T31]  ? __pfx_kthread+0x10/0x10
[  578.241170][   T31]  ret_from_fork_asm+0x1a/0x30
[  578.241203][   T31]  </TASK>
[  578.381223][   T31] Sending NMI from CPU 0 to CPUs 1:
[  578.386476][    C1] NMI backtrace for cpu 1
[  578.386494][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  578.386510][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  578.386519][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  578.386547][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 31 21 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  578.386560][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  578.386574][    C1] RAX: 63ebd20b8d9c2b00 RBX: ffffffff81967bf7 RCX: 63ebd20b8d9c2b00
[  578.386586][    C1] RDX: 0000000000000001 RSI: ffffffff8d70f997 RDI: ffffffff8bbf0760
[  578.386597][    C1] RBP: ffffc90000197f10 R08: ffff8880b8932fdb R09: 1ffff110171265fb
[  578.386608][    C1] R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f7cf770
[  578.386619][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d3b58
[  578.386630][    C1] FS:  0000000000000000(0000) GS:ffff888126238000(0000) knlGS:0000000000000000
[  578.386642][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  578.386653][    C1] CR2: 00007fef79d17d60 CR3: 000000000dd38000 CR4: 00000000003526f0
[  578.386669][    C1] Call Trace:
[  578.386676][    C1]  <TASK>
[  578.386682][    C1]  default_idle+0x13/0x20
[  578.386697][    C1]  default_idle_call+0x73/0xb0
[  578.386715][    C1]  do_idle+0x1e7/0x510
[  578.386736][    C1]  ? __pfx_do_idle+0x10/0x10
[  578.386758][    C1]  cpu_startup_entry+0x44/0x60
[  578.386774][    C1]  start_secondary+0x101/0x110
[  578.386795][    C1]  common_startup_64+0x13e/0x147
[  578.386821][    C1]  </TASK>