last executing test programs:

1m52.344715079s ago: executing program 1 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

1m38.61478339s ago: executing program 1 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

1m25.480920056s ago: executing program 1 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

1m11.094131575s ago: executing program 1 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

58.451548328s ago: executing program 1 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

53.419381626s ago: executing program 1 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

53.08704347s ago: executing program 32 (id=2439):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(0xffffffffffffffff, r1, 0x8f5, 0x100000000000000)
write$cgroup_type(r1, &(0x7f0000000180), 0x9)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
socket(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='rpc_xdr_overflow\x00', r0, 0x0, 0xd}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000008"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
pipe(&(0x7f0000000140))
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5882, 0x801, 0x0, 0x8, 'syz1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
unshare(0x20000400)
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4000005)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$inet(r13, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

20.082272704s ago: executing program 2 (id=3729):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x2, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800b3b64412e2a995346791504c4f07234500e82f0000000000019078ac1e0001ac5414aa0b00907401010000452905"], 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000109c010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0x3}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {0x0}], 0x2}, 0xa1}], 0x2, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0100001000130429bd700000000000ac1414bb00000000000000000000000020010000000000000000000000000000000000004e2400000200002021000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e000000100000000000000000000000000000000320000550000000000000000ad1329eca3eb8efc0100000000000000000000000000000000fcffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000060000040000000000000000f9ffffff0000080000000000000000000200018168000000000000004c001200706372797074287063727970742865636861696e69762867636d5f6261736528637472286165726e69292c67686173682d675c6e65726963292929290004000080000000"], 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x20000080)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x10000})
ioctl(r5, 0x8b22, &(0x7f0000000040))
sendmsg$NL80211_CMD_GET_MPATH(r3, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4], 0x5c}, 0x1, 0x0, 0x0, 0x20020800}, 0x4800)

19.06979979s ago: executing program 2 (id=3734):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x99}, [@ldst={0x4}]}, 0x0, 0xa}, 0x94)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000600)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x83, 0x2, 0xfd, 0x1, 0x8000, 0xb610}, &(0x7f0000000640)=0x20)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000100)}, 0x20)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r4, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

18.267759428s ago: executing program 2 (id=3736):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x50}}, 0x20044084)
r1 = socket$rds(0x15, 0x5, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000004c0000004c00000002000000000000000000000300000000020000000200000000000000000000000000000105000000080000020000000002000005000000000000000001000000000000000000000001"], 0x0, 0x66}, 0x20)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
close(r1)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r4}]}, 0x1c}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0)
close(r0)

18.072311326s ago: executing program 2 (id=3739):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x60}}, 0x4)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x4, @mcast2, @loopback={0x0, 0xffff888101827518}, 0x0, 0x7800}})
getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000380))
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000140)=0x10001, 0xfffffd0a)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = gettid()
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8, &(0x7f0000000000)=0xb2, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000001800010000000000fddbdf251d01050008000a00", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRESOCT], 0x24}}, 0x0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PID={0x8, 0x1c, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xd0}}, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x70bd26, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
socket$igmp6(0xa, 0x3, 0x2)

12.336124568s ago: executing program 2 (id=3783):
socket(0xa, 0x3, 0x3a)
socket(0x2a, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x3, 0xb, &(0x7f0000000f00)=ANY=[@ANYBLOB="18020000010000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000040)='GPL\x00'}, 0x94)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000140000000014", @ANYRES8=0x0, @ANYRES32=r1], 0x30}}, 0x0)

12.184360868s ago: executing program 2 (id=3785):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a00)={&(0x7f0000000880)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000009000000080000000000000700000000000000000000000903000000080000000000000f010000000000610000006100002395909d332b406963980f80f70cbb4157489fef05b0cb72801c55756374465617b14af40e6dd8a4a05dcea532c323d7f31e70c8eb113e6831f46e43329f3e30ef49b65c06c0fc696fbacce75d9abf5464f7c06d721d5bdda8795f396e2aab452dad450e00d67fd57a8f68ff3c1bc1d013dbda08dd98786ea5aad71278371c95af026e5cfb82297206c2def8139284aea45b57e21d559f3fa4985d00abc7a4af9d6392e5c92bac89e89dea600e3976a8bb737d9c5588e52df934d075"], 0x0, 0x45}, 0x28)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@flushsa={0x40, 0x1c, 0x100, 0x70bd26, 0x25dfdbfe, {0x32}, [@encap={0x1c, 0x4, {0xffffffffffffffff, 0x4e20, 0x4e22, @in=@initdev={0xac, 0x1e, 0x1, 0x0}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}, @tfcpad={0x8, 0x16, 0xffff0001}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000810}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="020000050000f5ff070000000100000080000000", @ANYRES32=0x1, @ANYBLOB="c90f00"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="03000000050000000100"/28], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000340)='%pi6   \x00'}, 0x20)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538", 0x58}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000280)=""/99, 0x63}], 0x2}, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a00000035dc0f7f00000000cc00000040000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200"/28], 0x50)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000200)=<r9=>0x0, &(0x7f0000000680)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x1a, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000003000000000000003d080000185b0000060000000000000000000000186a00000c00000000000000da08000018270000", @ANYRES32=r3, @ANYBLOB="0000000004000000c54680000400000018510000040000000000000000000000b7080000000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000d3a00347e5b76c2cda4a63d23791b70500000800000085000000a5000000bf17d5a73f69dbb4a99f9bd5d555860e57c24e5e7127abc0762c60cae382c8893a0ad3c180bc41b8f1e93fb2351e2593a7c9ba800a4a507c1eca09416efff6f459c88398afad9075880b77b62f8b06381589"], &(0x7f00000001c0)='GPL\x00', 0x7, 0xab, &(0x7f00000005c0)=""/171, 0x41100, 0x14, '\x00', r9, 0x0, r0, 0x8, &(0x7f00000006c0)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x2, 0x6, 0x81, 0xc}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000740)=[r3, r2, r2, r2], 0x0, 0x10, 0x5}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r10 = socket(0x8, 0x3, 0x0)
accept4$inet6(r10, 0x0, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010026bf700ce90957383ff9e25e2f637085183fec00fbdbdf254e0000000e0001006e657464657673696d0000000f0002006e657464657673696d300200080089000300008f0004004000"], 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x20008850)

6.803031548s ago: executing program 5 (id=3803):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000073000000850000005000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0xa, 0xb, 0x2, 0x2, 0x0, 0x70bd25, 0x25dfdbfc}, 0x10}}, 0x20008004)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4000000010000304000000000020000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB="08001f000c"], 0x40}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000004c0)={'syztnl2\x00', 0x0, 0x2f, 0xff, 0xff, 0x9, 0xc, @dev={0xfe, 0x80, '\x00', 0x3c}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x12, 0x40, 0x8, 0x9}})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000008c0))
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_procs(r6, &(0x7f0000000540)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000040)=ANY=[@ANYBLOB='-4'], 0xc)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000012000000140012800b00010062726964676500000400028008000a009a0ebf300e0632a67aa0c0dfabe1df484facf96505fb52770e4aeb518e4ecefc6ff32c29353102650997ae47c00130a95da1e2734f6e5c625a3278c7ed45a18ba98c0f9597b429444daa8a8033c4eb6282c816b41eeeb24a1ce7282b759829f32b4ec8cc84007c72433d91dac7406a27f22c040e70703e4f8cd2b5add4ac8820bf41d66b03880a645b1e58ddf43a4f7963b5643e3db838937905a9dacf23c246ffde672ddc85a5cc44349148f4d14d173581cd60", @ANYRES32=r5, @ANYBLOB], 0x3c}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB=' \x00'/20, @ANYRES32=r5], 0x20}, 0x1, 0x0, 0x0, 0x48014}, 0x4004)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000002e40)={'gretap0\x00', &(0x7f0000002dc0)={'erspan0\x00', 0x0, 0x7, 0x40, 0x4, 0x8, {{0xa, 0x4, 0x3, 0x1, 0x28, 0x65, 0x0, 0x1, 0x2f, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x42}, {[@noop, @cipso={0x86, 0x12, 0x1, [{0x7, 0xc, "a073045c100ce518a2b7"}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000002f00)={'syztnl1\x00', &(0x7f0000002e80)={'syztnl1\x00', 0x0, 0x6, 0x7, 0x8, 0xfffffffd, 0x1, @local, @loopback, 0x10, 0x7800, 0x3ff, 0x400}})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r10, @ANYRES32=r9], 0x1c}}, 0x0)
r11 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000300)={'bond0\x00', <r12=>0x0})
r13 = socket$netlink(0x10, 0x3, 0x1)
sendmsg$nl_route_sched(r13, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x12, r12, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xa], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}}]}}]}, 0x8c}}, 0x0)

5.06982208s ago: executing program 5 (id=3808):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x9, [@fwd={0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @typedef={0x8, 0x0, 0x0, 0xf, 0x1}]}, {0x0, [0x0, 0x61, 0x0, 0x0, 0x0, 0x61, 0x0]}}, 0x0, 0x45}, 0x28)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@flushsa={0x40, 0x1c, 0x100, 0x70bd26, 0x25dfdbfe, {0x32}, [@encap={0x1c, 0x4, {0xffffffffffffffff, 0x4e20, 0x4e22, @in=@initdev={0xac, 0x1e, 0x1, 0x0}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}, @tfcpad={0x8, 0x16, 0xffff0001}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000810}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xfc9, '\x00', 0x0, r1, 0x3, 0x5, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000340)='%pi6   \x00'}, 0x20)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538", 0x58}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000280)=""/99, 0x63}], 0x2}, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x50) (fail_nth: 2)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000200)=<r9=>0x0, &(0x7f0000000680)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x1a, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x83d}, [@map_idx={0x18, 0xb, 0x5, 0x0, 0x6}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x8da}, @map_val={0x18, 0x7, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, @jmp={0x5, 0x0, 0xc, 0x6, 0x4, 0x80, 0x4}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @alu={0x7, 0x1, 0xb, 0x7, 0x1, 0xfffffffffffffff8, 0x4}]}, &(0x7f00000001c0)='GPL\x00', 0x7, 0xab, &(0x7f00000005c0)=""/171, 0x41100, 0x14, '\x00', r9, 0x0, r0, 0x8, &(0x7f00000006c0)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000700)={0x2, 0x6, 0x81, 0xc}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000740)=[r3, r2, r2, r2], 0x0, 0x10, 0x5}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r10 = socket(0x8, 0x3, 0x0)
accept4$inet6(r10, 0x0, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x54, r11, 0x1, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0xd73}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x20008850)

2.624076955s ago: executing program 3 (id=3821):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000380)="e8b2", 0x2, 0x20000045, &(0x7f00000000c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5)
sendto$inet6(r0, &(0x7f0000001600)="d216ba16474f9b0281c2af28581f0afa1df578a282b5cfcb2238671b28487c4bf068cbbb97b7203da0440752a90f534954f0eadc3679ce0b686805ea3df60d7f2053", 0x42, 0x8000, &(0x7f0000001680)={0xa, 0x4e24, 0x5, @local, 0xfffffff7}, 0x1c)

2.525759289s ago: executing program 3 (id=3822):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea018512babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7acbf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000005d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd353646000000000000000000002b0000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c30180000000000000c03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3e16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e2e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54ae54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1386f5800"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.357319381s ago: executing program 0 (id=3823):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000040)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xe, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.357096024s ago: executing program 3 (id=3824):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r2, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x28, 0x0, 0x921, 0x0, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x7}]}]}, 0x28}}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYRES64], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'wlan0\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x2}})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000003, 0x12, r4, 0x0)

2.263436788s ago: executing program 0 (id=3825):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000840)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000002e000000180001801400020067656e65766530"], 0x2c}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000015000100000000ec001fb6330d70000008000100", @ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x0, [@bcast, @bcast, @null, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null]})

2.253345009s ago: executing program 3 (id=3826):
socket$kcm(0x10, 0x2, 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000140)={'mangle\x00', 0x0, [0x4, 0x2, 0xffff0000, 0x0, 0x5]}, &(0x7f00000001c0)=0x54)

2.105583337s ago: executing program 0 (id=3828):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r0 = socket(0x8, 0x3, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
connect$phonet_pipe(r0, 0x0, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

2.019877365s ago: executing program 5 (id=3829):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305839, 0x0)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)

1.116022059s ago: executing program 4 (id=3833):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, 0x0, 0x4040055)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

870.260651ms ago: executing program 4 (id=3834):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c)
sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)
close(r0)

624.478046ms ago: executing program 0 (id=3835):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000850000002300000095"], &(0x7f0000000040)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

623.145725ms ago: executing program 4 (id=3836):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
syz_emit_ethernet(0x6e, &(0x7f0000000740)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, '\x00', 0x38, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0xefff, {0x5, 0x6, "54d03a", 0x4, 0x88, 0x0, @dev={0xfe, 0x80, '\x00', 0x21}, @local, [@fragment={0x84, 0x0, 0xb, 0x0, 0x0, 0x1c, 0x67}]}}}}}}}, 0x0)

442.412238ms ago: executing program 3 (id=3837):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000000)=0x100000001, 0x4)

372.017691ms ago: executing program 4 (id=3838):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80000002, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x80000002, 0x4)
sendto$inet(r1, &(0x7f0000000040)='@', 0x1, 0x20044890, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10)
listen(r0, 0x14)

370.639836ms ago: executing program 5 (id=3839):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000280), 0x4)

309.012428ms ago: executing program 0 (id=3840):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={0x24, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

261.702786ms ago: executing program 3 (id=3841):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
socket(0x2b, 0x1, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="3b8d9099", 0x4, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0x7, @empty}, 0x1c)

254.248361ms ago: executing program 4 (id=3842):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}], 0x20}, 0x4008804)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000040)="9d", 0x1}], 0x1}, 0x20000000)

188.767854ms ago: executing program 5 (id=3843):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00'})
r1 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'ip6gre0\x00', 0x0, 0x2f, 0x1, 0x7, 0x6, 0x30, @empty, @empty, 0x40, 0x20, 0x0, 0xa7a}})
socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'team0\x00', <r3=>0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r3})

13.658105ms ago: executing program 0 (id=3844):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70a0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def", 0xe8}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe752", 0x53}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a4292e2fbaa868", 0xeb}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2", 0x17}], 0x5}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000840)="f2fe84e07da72d5be0eee26e6693cc950e7080ba2900a53b969dc13369b90492865a9fb8d25a00b9c2d8e52e23e3267d15c4aeea5918add6f28e302868e1d4500b073ac1a7c72c4e805ff1fce9c5e0273d0ea144b6999eb1661fed8ddba6250af47fde6e4225f438528b6660d8b67812726721f6b755bb37ca116f51e2f239675ff38126c1d681638c", 0x89}, {&(0x7f0000000900)="a1e27575d35fd4f38d622e3237bfc6a28a4c21284fa1f95f8e2343cff8831a5a663f3fac3d082e19b04d59a071c5599a98b7bc07bf2bf94767fe9bf0db2b8fa547766a8e024ef76e320cf8e352f293b0c19f465a9deed8", 0x57}, {&(0x7f00000009c0)="4d25acabb0d76231f77e554a8c8c1b3afdb47d428c57725ff9b4fc3ff9300e603fd9b082e7b1dc654d7db972a680ad49a0b606b08d00b692df47c9b3d57a2ca02114cff5", 0x44}], 0x3}}], 0x2, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

13.440722ms ago: executing program 4 (id=3845):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)={0x2c, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x18}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x404c0c0}, 0xc000)

0s ago: executing program 5 (id=3846):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000440)={0x48, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x2c, 0x2d, 0x0, 0x1, [{0x4}, {0x4}, {0xa, 0x0, @default_ibss_ssid}, {0x8, 0x0, @random="405f0242"}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)

kernel console output (not intermixed with test programs):

age_alloc, interval 1, probability 0, space 0, times 0
[  538.444753][T17675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.464656][T17709] CPU: 0 UID: 0 PID: 17709 Comm: syz.4.3123 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  538.464694][T17709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  538.464708][T17709] Call Trace:
[  538.464716][T17709]  <TASK>
[  538.464726][T17709]  dump_stack_lvl+0x189/0x250
[  538.464755][T17709]  ? __pfx____ratelimit+0x10/0x10
[  538.464783][T17709]  ? __pfx_dump_stack_lvl+0x10/0x10
[  538.464807][T17709]  ? __pfx__printk+0x10/0x10
[  538.464836][T17709]  ? fs_reclaim_acquire+0x7d/0x100
[  538.464874][T17709]  should_fail_ex+0x414/0x560
[  538.464908][T17709]  prepare_alloc_pages+0x213/0x610
[  538.464945][T17709]  __alloc_frozen_pages_noprof+0x123/0x370
[  538.464978][T17709]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  538.465028][T17709]  alloc_pages_bulk_noprof+0x560/0x710
[  538.465065][T17709]  ? alloc_pages_noprof+0xbe/0x190
[  538.465095][T17709]  kasan_populate_vmalloc+0xba/0x1a0
[  538.465122][T17709]  alloc_vmap_area+0xd51/0x1490
[  538.465166][T17709]  ? __pfx_alloc_vmap_area+0x10/0x10
[  538.465188][T17709]  ? __kasan_kmalloc+0x93/0xb0
[  538.465212][T17709]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  538.465235][T17709]  ? __sys_bpf+0x67e/0x860
[  538.465262][T17709]  ? __get_vm_area_node+0x13f/0x300
[  538.465285][T17709]  ? sock_hash_alloc+0x266/0x4e0
[  538.465315][T17709]  __get_vm_area_node+0x1f8/0x300
[  538.465348][T17709]  __vmalloc_node_range_noprof+0x301/0x12f0
[  538.465373][T17709]  ? sock_hash_alloc+0x266/0x4e0
[  538.465434][T17709]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  538.465460][T17709]  ? rcu_is_watching+0x15/0xb0
[  538.465483][T17709]  ? trace_kmalloc+0x1f/0xd0
[  538.465502][T17709]  ? __kmalloc_node_noprof+0x293/0x4e0
[  538.465523][T17709]  ? bpf_map_area_alloc+0x64/0x180
[  538.465547][T17709]  bpf_map_area_alloc+0x12d/0x180
[  538.465568][T17709]  ? sock_hash_alloc+0x266/0x4e0
[  538.465600][T17709]  sock_hash_alloc+0x266/0x4e0
[  538.465636][T17709]  map_create+0x900/0x1150
[  538.465671][T17709]  ? security_bpf+0x7e/0x300
[  538.465707][T17709]  __sys_bpf+0x67e/0x860
[  538.465739][T17709]  ? __pfx___sys_bpf+0x10/0x10
[  538.465784][T17709]  ? ksys_write+0x22a/0x250
[  538.465810][T17709]  ? __pfx_ksys_write+0x10/0x10
[  538.465842][T17709]  __x64_sys_bpf+0x7c/0x90
[  538.465870][T17709]  do_syscall_64+0xfa/0x3b0
[  538.465895][T17709]  ? lockdep_hardirqs_on+0x9c/0x150
[  538.465921][T17709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.465940][T17709]  ? clear_bhb_loop+0x60/0xb0
[  538.465966][T17709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.465984][T17709] RIP: 0033:0x7f243278e929
[  538.466003][T17709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.466020][T17709] RSP: 002b:00007f24336b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  538.466041][T17709] RAX: ffffffffffffffda RBX: 00007f24329b5fa0 RCX: 00007f243278e929
[  538.466056][T17709] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 0000000000000000
[  538.466068][T17709] RBP: 00007f24336b0090 R08: 0000000000000000 R09: 0000000000000000
[  538.466081][T17709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  538.466093][T17709] R13: 0000000000000001 R14: 00007f24329b5fa0 R15: 00007ffc4a2da798
[  538.466127][T17709]  </TASK>
[  538.947132][T17714] pim6reg1: entered promiscuous mode
[  538.953491][T17714] pim6reg1: entered allmulticast mode
[  538.956863][T17718] Dead loop on virtual device ipvlan0, fix it urgently!
[  539.088700][T17719] macsec0 speed is unknown, defaulting to 1000
[  539.160930][T17719] wg1 speed is unknown, defaulting to 1000
[  539.338903][ T5964] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.811811][T17718] syz.3.3127 (17718) used greatest stack depth: 9352 bytes left
[  539.838006][ T5964] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.923065][ T5964] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.988143][ T5964] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.137569][ T5964] bridge_slave_1: left allmulticast mode
[  540.143754][ T5964] bridge_slave_1: left promiscuous mode
[  540.149485][ T5964] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.159494][ T5964] bridge_slave_0: left allmulticast mode
[  540.167697][ T5964] bridge_slave_0: left promiscuous mode
[  540.173429][ T5964] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.492427][ T5964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  540.555335][ T5964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  540.582524][ T5964] bond0 (unregistering): Released all slaves
[  540.609317][T17739] netlink: 'syz.2.3132': attribute type 3 has an invalid length.
[  540.640342][T17743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3133'.
[  540.914987][T17756] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3138'.
[  540.932639][T17756] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3138'.
[  541.183558][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  541.201547][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  541.213646][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  541.223050][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  541.231518][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  541.247811][T17756] 0ªX¹¦D: entered promiscuous mode
[  541.267164][T17756] 0ªX¹¦D: left promiscuous mode
[  541.783256][T17764] macsec0 speed is unknown, defaulting to 1000
[  541.805949][T17764] wg1 speed is unknown, defaulting to 1000
[  541.876647][ T5964] hsr_slave_0: left promiscuous mode
[  541.883704][ T5964] hsr_slave_1: left promiscuous mode
[  541.889714][ T5964] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  541.897638][ T5964] batman_adv: batadv0: Removing interface: batadv_slave_0
[  541.906881][ T5964] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  541.915546][ T5964] batman_adv: batadv0: Removing interface: batadv_slave_1
[  541.940551][ T5964] veth1_macvtap: left promiscuous mode
[  541.946359][ T5964] veth0_macvtap: left promiscuous mode
[  541.952385][ T5964] veth1_vlan: left promiscuous mode
[  541.958642][ T5964] veth0_vlan: left promiscuous mode
[  542.759011][ T5964] team0 (unregistering): Port device team_slave_1 removed
[  542.803666][ T5964] team0 (unregistering): Port device team_slave_0 removed
[  543.274001][T17787] vti0: entered promiscuous mode
[  543.279109][T17787] vti0: entered allmulticast mode
[  543.283019][ T5859] Bluetooth: hci0: command tx timeout
[  543.330342][T17793] macsec0 speed is unknown, defaulting to 1000
[  543.408532][T17793] wg1 speed is unknown, defaulting to 1000
[  543.510616][T17804] netlink: 'syz.4.3151': attribute type 1 has an invalid length.
[  544.161314][T17764] chnl_net:caif_netlink_parms(): no params data found
[  544.622757][T17815] pim6reg1: entered promiscuous mode
[  544.632052][T17815] pim6reg1: entered allmulticast mode
[  545.007433][T17764] bridge0: port 1(bridge_slave_0) entered blocking state
[  545.028537][T17764] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.051273][T17764] bridge_slave_0: entered allmulticast mode
[  545.068460][T17764] bridge_slave_0: entered promiscuous mode
[  545.140666][T17764] bridge0: port 2(bridge_slave_1) entered blocking state
[  545.171993][T17764] bridge0: port 2(bridge_slave_1) entered disabled state
[  545.199713][T17764] bridge_slave_1: entered allmulticast mode
[  545.208676][T17853] FAULT_INJECTION: forcing a failure.
[  545.208676][T17853] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  545.211586][T17764] bridge_slave_1: entered promiscuous mode
[  545.248463][T17853] CPU: 1 UID: 0 PID: 17853 Comm: syz.0.3158 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  545.248495][T17853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  545.248508][T17853] Call Trace:
[  545.248518][T17853]  <TASK>
[  545.248527][T17853]  dump_stack_lvl+0x189/0x250
[  545.248557][T17853]  ? __pfx____ratelimit+0x10/0x10
[  545.248585][T17853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.248609][T17853]  ? __pfx__printk+0x10/0x10
[  545.248639][T17853]  ? fs_reclaim_acquire+0x7d/0x100
[  545.248676][T17853]  should_fail_ex+0x414/0x560
[  545.248709][T17853]  prepare_alloc_pages+0x213/0x610
[  545.248747][T17853]  __alloc_frozen_pages_noprof+0x123/0x370
[  545.248780][T17853]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  545.248831][T17853]  alloc_pages_bulk_noprof+0x560/0x710
[  545.248868][T17853]  ? alloc_pages_noprof+0xbe/0x190
[  545.248898][T17853]  kasan_populate_vmalloc+0xba/0x1a0
[  545.248926][T17853]  alloc_vmap_area+0xd51/0x1490
[  545.248969][T17853]  ? __pfx_alloc_vmap_area+0x10/0x10
[  545.248992][T17853]  ? __kasan_kmalloc+0x93/0xb0
[  545.249015][T17853]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  545.249039][T17853]  ? __sys_bpf+0x67e/0x860
[  545.249065][T17853]  ? __get_vm_area_node+0x13f/0x300
[  545.249088][T17853]  ? sock_hash_alloc+0x266/0x4e0
[  545.249118][T17853]  __get_vm_area_node+0x1f8/0x300
[  545.249150][T17853]  __vmalloc_node_range_noprof+0x301/0x12f0
[  545.249176][T17853]  ? sock_hash_alloc+0x266/0x4e0
[  545.249240][T17853]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  545.249266][T17853]  ? rcu_is_watching+0x15/0xb0
[  545.249289][T17853]  ? trace_kmalloc+0x1f/0xd0
[  545.249308][T17853]  ? __kmalloc_node_noprof+0x293/0x4e0
[  545.249330][T17853]  ? bpf_map_area_alloc+0x64/0x180
[  545.249354][T17853]  bpf_map_area_alloc+0x12d/0x180
[  545.249374][T17853]  ? sock_hash_alloc+0x266/0x4e0
[  545.249407][T17853]  sock_hash_alloc+0x266/0x4e0
[  545.249443][T17853]  map_create+0x900/0x1150
[  545.249485][T17853]  ? security_bpf+0x7e/0x300
[  545.249515][T17853]  __sys_bpf+0x67e/0x860
[  545.249547][T17853]  ? __pfx___sys_bpf+0x10/0x10
[  545.249593][T17853]  ? ksys_write+0x22a/0x250
[  545.249618][T17853]  ? __pfx_ksys_write+0x10/0x10
[  545.249650][T17853]  __x64_sys_bpf+0x7c/0x90
[  545.249678][T17853]  do_syscall_64+0xfa/0x3b0
[  545.249702][T17853]  ? lockdep_hardirqs_on+0x9c/0x150
[  545.249726][T17853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.249746][T17853]  ? clear_bhb_loop+0x60/0xb0
[  545.249771][T17853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.249790][T17853] RIP: 0033:0x7f9551f8e929
[  545.249809][T17853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.249826][T17853] RSP: 002b:00007f9552e4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  545.249848][T17853] RAX: ffffffffffffffda RBX: 00007f95521b5fa0 RCX: 00007f9551f8e929
[  545.249863][T17853] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 0000000000000000
[  545.249876][T17853] RBP: 00007f9552e4d090 R08: 0000000000000000 R09: 0000000000000000
[  545.249889][T17853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  545.249902][T17853] R13: 0000000000000001 R14: 00007f95521b5fa0 R15: 00007fff1725b7d8
[  545.249937][T17853]  </TASK>
[  545.731280][ T5859] Bluetooth: hci0: command tx timeout
[  545.820857][T17764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  545.836011][T17861] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3160'.
[  545.886094][T17764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  545.985926][T17864] FAULT_INJECTION: forcing a failure.
[  545.985926][T17864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  545.988810][T17764] team0: Port device team_slave_0 added
[  546.012290][T17864] CPU: 1 UID: 0 PID: 17864 Comm: syz.2.3161 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  546.012321][T17864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  546.012333][T17864] Call Trace:
[  546.012342][T17864]  <TASK>
[  546.012351][T17864]  dump_stack_lvl+0x189/0x250
[  546.012382][T17864]  ? __pfx____ratelimit+0x10/0x10
[  546.012418][T17864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.012442][T17864]  ? __pfx__printk+0x10/0x10
[  546.012469][T17864]  ? __might_fault+0xb0/0x130
[  546.012506][T17864]  should_fail_ex+0x414/0x560
[  546.012540][T17864]  _copy_from_user+0x2d/0xb0
[  546.012562][T17864]  generic_map_update_batch+0x51b/0x7f0
[  546.012601][T17864]  ? __pfx_generic_map_update_batch+0x10/0x10
[  546.012626][T17864]  ? __fget_files+0x2a/0x420
[  546.012659][T17864]  ? __pfx_generic_map_update_batch+0x10/0x10
[  546.012683][T17864]  bpf_map_do_batch+0x369/0x5f0
[  546.012710][T17864]  __sys_bpf+0x384/0x860
[  546.012742][T17864]  ? __pfx___sys_bpf+0x10/0x10
[  546.012788][T17864]  ? ksys_write+0x22a/0x250
[  546.012813][T17864]  ? __pfx_ksys_write+0x10/0x10
[  546.012831][T17864]  ? rcu_is_watching+0x15/0xb0
[  546.012864][T17864]  __x64_sys_bpf+0x7c/0x90
[  546.012892][T17864]  do_syscall_64+0xfa/0x3b0
[  546.012918][T17864]  ? lockdep_hardirqs_on+0x9c/0x150
[  546.012943][T17864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.012962][T17864]  ? clear_bhb_loop+0x60/0xb0
[  546.012986][T17864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.013005][T17864] RIP: 0033:0x7f9de558e929
[  546.013023][T17864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.013040][T17864] RSP: 002b:00007f9de64c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  546.013062][T17864] RAX: ffffffffffffffda RBX: 00007f9de57b5fa0 RCX: 00007f9de558e929
[  546.013077][T17864] RDX: 0000000000000038 RSI: 0000200000000480 RDI: 000000000000001a
[  546.013090][T17864] RBP: 00007f9de64c7090 R08: 0000000000000000 R09: 0000000000000000
[  546.013103][T17864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  546.013115][T17864] R13: 0000000000000000 R14: 00007f9de57b5fa0 R15: 00007ffdf67d66c8
[  546.013149][T17864]  </TASK>
[  546.314103][T17764] team0: Port device team_slave_1 added
[  546.415601][T17858] macsec0 speed is unknown, defaulting to 1000
[  546.433809][T17764] batman_adv: batadv0: Adding interface: batadv_slave_0
[  546.440809][T17764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  546.467444][T17764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  546.479048][T17858] wg1 speed is unknown, defaulting to 1000
[  546.482430][T17764] batman_adv: batadv0: Adding interface: batadv_slave_1
[  546.492349][T17764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  546.530326][T17764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  546.657753][T17880] openvswitch: netlink: IP tunnel dst address not specified
[  546.819281][T17764] hsr_slave_0: entered promiscuous mode
[  546.840653][T17764] hsr_slave_1: entered promiscuous mode
[  546.847369][T17764] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  546.857640][T17764] Cannot create hsr debugfs directory
[  547.213172][T17894] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3171'.
[  547.279802][T17888] macsec0 speed is unknown, defaulting to 1000
[  547.331188][T17901] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3173'.
[  547.377910][T17902] netlink: 'syz.3.3172': attribute type 11 has an invalid length.
[  547.396522][T17888] wg1 speed is unknown, defaulting to 1000
[  547.513209][T17905] macsec1: entered promiscuous mode
[  547.518855][T17905] bridge0: port 1(macsec1) entered blocking state
[  547.551982][T17905] bridge0: port 1(macsec1) entered disabled state
[  547.558729][T17905] macsec1: entered allmulticast mode
[  547.580020][T17905] macsec1: left allmulticast mode
[  547.588536][T17912] FAULT_INJECTION: forcing a failure.
[  547.588536][T17912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.606249][T17912] CPU: 0 UID: 0 PID: 17912 Comm: syz.3.3177 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  547.606281][T17912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  547.606293][T17912] Call Trace:
[  547.606301][T17912]  <TASK>
[  547.606310][T17912]  dump_stack_lvl+0x189/0x250
[  547.606340][T17912]  ? __pfx____ratelimit+0x10/0x10
[  547.606367][T17912]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.606389][T17912]  ? __pfx__printk+0x10/0x10
[  547.606415][T17912]  ? __might_fault+0xb0/0x130
[  547.606451][T17912]  should_fail_ex+0x414/0x560
[  547.606486][T17912]  _copy_from_user+0x2d/0xb0
[  547.606509][T17912]  ___sys_sendmsg+0x158/0x2a0
[  547.606532][T17912]  ? __pfx____sys_sendmsg+0x10/0x10
[  547.606593][T17912]  ? __fget_files+0x2a/0x420
[  547.606618][T17912]  ? __fget_files+0x3a0/0x420
[  547.606656][T17912]  __x64_sys_sendmsg+0x19b/0x260
[  547.606687][T17912]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  547.606718][T17912]  ? __pfx_ksys_write+0x10/0x10
[  547.606737][T17912]  ? rcu_is_watching+0x15/0xb0
[  547.606767][T17912]  ? do_syscall_64+0xbe/0x3b0
[  547.606799][T17912]  do_syscall_64+0xfa/0x3b0
[  547.606823][T17912]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.606847][T17912]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.606866][T17912]  ? clear_bhb_loop+0x60/0xb0
[  547.606890][T17912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.606909][T17912] RIP: 0033:0x7fa37d78e929
[  547.606928][T17912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.606945][T17912] RSP: 002b:00007fa37e52a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  547.606966][T17912] RAX: ffffffffffffffda RBX: 00007fa37d9b5fa0 RCX: 00007fa37d78e929
[  547.606980][T17912] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  547.606992][T17912] RBP: 00007fa37e52a090 R08: 0000000000000000 R09: 0000000000000000
[  547.607004][T17912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  547.607015][T17912] R13: 0000000000000000 R14: 00007fa37d9b5fa0 R15: 00007ffede76d188
[  547.607047][T17912]  </TASK>
[  547.832103][ T5859] Bluetooth: hci0: command tx timeout
[  548.115048][T17923] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3179'.
[  548.178554][T17926] netlink: 'syz.2.3182': attribute type 13 has an invalid length.
[  548.187618][T17926] netlink: 'syz.2.3182': attribute type 17 has an invalid length.
[  548.190180][T17927] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3183'.
[  548.199528][T17926] 0ªX¹¦D: left allmulticast mode
[  548.210956][T17926] 0ªX¹¦D: refused to change device tx_queue_len
[  548.219569][T17926] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  548.569291][T17764] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  548.621213][T17764] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  548.693854][T17764] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  548.723326][T17764] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  548.756421][T17935] macsec0 speed is unknown, defaulting to 1000
[  548.782880][T17935] wg1 speed is unknown, defaulting to 1000
[  549.004781][T17764] 8021q: adding VLAN 0 to HW filter on device bond0
[  549.026782][T17930] mpoa:mpoad_close: (<unknown>) going down
[  549.030153][T17764] 8021q: adding VLAN 0 to HW filter on device team0
[  549.053571][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state
[  549.060770][ T5964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  549.159614][ T5964] bridge0: port 2(bridge_slave_1) entered blocking state
[  549.166870][ T5964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  549.650788][T17764] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  549.812153][T17986] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3202'.
[  549.836662][T17986] .30ªX¹¦ç: renamed from 
31ªX¹¦D (while UP)
[  549.843558][ T5859] Bluetooth: hci0: command tx timeout
[  549.884184][T17986] A link change request failed with some changes committed already. Interface .30ªX¹¦ç may have been left with an inconsistent configuration, please check.
[  550.264697][T18002] macsec0 speed is unknown, defaulting to 1000
[  550.300163][T18002] wg1 speed is unknown, defaulting to 1000
[  550.394634][T18007] netlink: 'syz.0.3207': attribute type 13 has an invalid length.
[  550.435232][T18007] netlink: 'syz.0.3207': attribute type 17 has an invalid length.
[  550.472221][T18007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3207'.
[  550.499026][T17764] 8021q: adding VLAN 0 to HW filter on device batadv0
[  550.730043][T18009] netlink: 'syz.0.3208': attribute type 11 has an invalid length.
[  550.780304][T18011] pim6reg1: entered promiscuous mode
[  550.785826][T18011] pim6reg1: entered allmulticast mode
[  550.909650][T17764] veth0_vlan: entered promiscuous mode
[  550.948645][T17764] veth1_vlan: entered promiscuous mode
[  551.085311][T17764] veth0_macvtap: entered promiscuous mode
[  551.208138][T17764] veth1_macvtap: entered promiscuous mode
[  551.286503][T17764] batman_adv: batadv0: Interface activated: batadv_slave_0
[  551.340991][T18034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.370241][T17764] batman_adv: batadv0: Interface activated: batadv_slave_1
[  551.396116][T18037] netlink: 'syz.2.3215': attribute type 1 has an invalid length.
[  551.418979][ T6133] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  551.450208][T18027] macsec0 speed is unknown, defaulting to 1000
[  551.490201][T18033] macsec0 speed is unknown, defaulting to 1000
[  551.503424][T18034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.558448][T18042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3218'.
[  551.579680][ T6133] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  551.592782][T18034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.594426][ T6133] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  551.623622][T18039] bond3: entered promiscuous mode
[  551.628717][T18039] bond3: entered allmulticast mode
[  551.652864][T18039] 8021q: adding VLAN 0 to HW filter on device bond3
[  551.660007][T18027] wg1 speed is unknown, defaulting to 1000
[  551.759056][ T6133] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  551.769166][T18033] wg1 speed is unknown, defaulting to 1000
[  552.142093][  T714] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  552.149961][  T714] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  552.205201][T18053] netlink: 196 bytes leftover after parsing attributes in process `syz.2.3221'.
[  552.240160][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  552.252933][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  552.534118][T18062] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3225'.
[  552.547237][T18064] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3226'.
[  552.573041][T18061] macsec0 speed is unknown, defaulting to 1000
[  552.599551][T18061] wg1 speed is unknown, defaulting to 1000
[  553.158841][ T6141] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.319267][ T6141] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.440317][ T6141] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.607855][ T6141] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.726964][ T6141] bridge_slave_1: left allmulticast mode
[  553.732909][ T6141] bridge_slave_1: left promiscuous mode
[  553.738688][ T6141] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.749104][ T6141] bridge_slave_0: left allmulticast mode
[  553.756594][ T6141] bridge_slave_0: left promiscuous mode
[  553.763030][ T6141] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.056305][ T6141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  554.068154][ T6141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  554.078222][ T6141] bond0 (unregistering): Released all slaves
[  554.390408][ T6141] hsr_slave_0: left promiscuous mode
[  554.461404][ T6141] hsr_slave_1: left promiscuous mode
[  554.478026][ T6141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  554.503145][ T6141] batman_adv: batadv0: Removing interface: batadv_slave_0
[  554.511475][ T6141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  554.523693][ T6141] batman_adv: batadv0: Removing interface: batadv_slave_1
[  554.559420][ T6141] veth1_macvtap: left promiscuous mode
[  554.590008][ T6141] veth0_macvtap: left promiscuous mode
[  554.598842][ T6141] veth1_vlan: left promiscuous mode
[  554.607710][ T6141] veth0_vlan: left promiscuous mode
[  554.993870][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  555.003874][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  555.015580][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  555.026053][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  555.041046][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  555.338801][ T6141] team0 (unregistering): Port device team_slave_1 removed
[  555.388621][ T6141] team0 (unregistering): Port device team_slave_0 removed
[  555.849183][T18094] macsec0 speed is unknown, defaulting to 1000
[  555.943937][T18095] macsec0 speed is unknown, defaulting to 1000
[  555.943937][T18094] wg1 speed is unknown, defaulting to 1000
[  556.033856][T18095] wg1 speed is unknown, defaulting to 1000
[  556.216090][T18110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.336956][T18110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.412370][T18110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.581292][T18101] macsec0 speed is unknown, defaulting to 1000
[  556.643513][T18101] wg1 speed is unknown, defaulting to 1000
[  557.123240][ T5856] Bluetooth: hci0: command tx timeout
[  557.389820][T18139] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3239'.
[  557.766438][T18141] .30ªX¹¦ç: left allmulticast mode
[  557.781497][T18141] syz_tun: left allmulticast mode
[  557.812221][T18141] bridge0: port 3(syz_tun) entered disabled state
[  557.886439][T18141] team0: Port device bond0 removed
[  557.902966][T18141] bridge_slave_0: left allmulticast mode
[  557.908824][T18141] bridge_slave_0: left promiscuous mode
[  557.922518][T18141] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.938748][T18141] bridge_slave_1: left allmulticast mode
[  557.945705][T18141] bridge_slave_1: left promiscuous mode
[  557.951970][T18141] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.971363][T18141] bond0: (slave 
c
@ÿ): Releasing backup interface
[  558.045800][T18141] bond0: (slave bond_slave_1): Releasing backup interface
[  558.081284][T18141] team0: Port device C removed
[  558.096577][T18141] team0: Port device team_slave_1 removed
[  558.113767][T18141] batman_adv: batadv0: Removing interface: batadv_slave_0
[  558.130499][T18141] batman_adv: batadv0: Removing interface: batadv_slave_1
[  558.153836][T18141] team0: Port device geneve0 removed
[  558.169615][T18141] bond0: (slave bond1): Releasing backup interface
[  558.217656][T18095] chnl_net:caif_netlink_parms(): no params data found
[  558.467610][T18102] macsec0 speed is unknown, defaulting to 1000
[  558.542924][T18102] wg1 speed is unknown, defaulting to 1000
[  558.594093][T18167] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3245'.
[  558.610177][T18095] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.618563][T18156] macsec0 speed is unknown, defaulting to 1000
[  558.647011][T18095] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.657133][T18095] bridge_slave_0: entered allmulticast mode
[  558.669114][T18095] bridge_slave_0: entered promiscuous mode
[  558.689282][T18156] wg1 speed is unknown, defaulting to 1000
[  558.689748][T18095] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.711911][T18095] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.719130][T18095] bridge_slave_1: entered allmulticast mode
[  558.738118][T18095] bridge_slave_1: entered promiscuous mode
[  558.917018][T18095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  558.995059][T18095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  559.157453][T18095] team0: Port device team_slave_0 added
[  559.202007][ T5856] Bluetooth: hci0: command tx timeout
[  559.258901][T18095] team0: Port device team_slave_1 added
[  559.375429][T18095] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.385395][T18095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.414439][T18095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  559.428393][T18095] batman_adv: batadv0: Adding interface: batadv_slave_1
[  559.435629][T18095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.464192][T18095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  559.475490][T18187] macsec0 speed is unknown, defaulting to 1000
[  559.517068][T18187] wg1 speed is unknown, defaulting to 1000
[  559.524310][T18095] hsr_slave_0: entered promiscuous mode
[  559.531215][T18095] hsr_slave_1: entered promiscuous mode
[  559.543635][T18095] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  559.551351][T18095] Cannot create hsr debugfs directory
[  559.918013][T18192] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3251'.
[  560.059130][T18198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3253'.
[  560.446074][T18213] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3260'.
[  560.539619][ T5964] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  560.569326][ T5964] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  560.586901][T18218] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3263'.
[  560.639307][ T5964] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  560.655234][T18218] Â: renamed from pim6reg1
[  560.669281][T18218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3263'.
[  560.708325][ T5964] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.797955][T18222] macsec0 speed is unknown, defaulting to 1000
[  560.820305][T18222] wg1 speed is unknown, defaulting to 1000
[  561.234585][T18095] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  561.292068][ T5856] Bluetooth: hci0: command tx timeout
[  561.367548][T18245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  561.389053][T18095] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  561.412170][T18095] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  561.454734][T18241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  561.460944][T18095] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  561.526610][T18238] macsec0 speed is unknown, defaulting to 1000
[  561.542983][T18241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  561.593469][T18238] wg1 speed is unknown, defaulting to 1000
[  561.680347][T18256] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3273'.
[  561.849397][T18261] FAULT_INJECTION: forcing a failure.
[  561.849397][T18261] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  561.870754][T18261] CPU: 1 UID: 0 PID: 18261 Comm: syz.4.3276 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  561.870784][T18261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  561.870797][T18261] Call Trace:
[  561.870806][T18261]  <TASK>
[  561.870816][T18261]  dump_stack_lvl+0x189/0x250
[  561.870844][T18261]  ? __pfx____ratelimit+0x10/0x10
[  561.870871][T18261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  561.870895][T18261]  ? __pfx__printk+0x10/0x10
[  561.870924][T18261]  ? fs_reclaim_acquire+0x7d/0x100
[  561.870961][T18261]  should_fail_ex+0x414/0x560
[  561.870995][T18261]  prepare_alloc_pages+0x213/0x610
[  561.871032][T18261]  __alloc_frozen_pages_noprof+0x123/0x370
[  561.871065][T18261]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  561.871116][T18261]  alloc_pages_bulk_noprof+0x560/0x710
[  561.871153][T18261]  ? alloc_pages_noprof+0xbe/0x190
[  561.871183][T18261]  kasan_populate_vmalloc+0xba/0x1a0
[  561.871211][T18261]  alloc_vmap_area+0xd51/0x1490
[  561.871255][T18261]  ? __pfx_alloc_vmap_area+0x10/0x10
[  561.871278][T18261]  ? __kasan_kmalloc+0x93/0xb0
[  561.871302][T18261]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  561.871325][T18261]  ? __sys_bpf+0x67e/0x860
[  561.871351][T18261]  ? __get_vm_area_node+0x13f/0x300
[  561.871374][T18261]  ? sock_hash_alloc+0x266/0x4e0
[  561.871404][T18261]  __get_vm_area_node+0x1f8/0x300
[  561.871444][T18261]  __vmalloc_node_range_noprof+0x301/0x12f0
[  561.871471][T18261]  ? sock_hash_alloc+0x266/0x4e0
[  561.871531][T18261]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  561.871557][T18261]  ? rcu_is_watching+0x15/0xb0
[  561.871581][T18261]  ? trace_kmalloc+0x1f/0xd0
[  561.871604][T18261]  ? __kmalloc_node_noprof+0x293/0x4e0
[  561.871625][T18261]  ? bpf_map_area_alloc+0x64/0x180
[  561.871648][T18261]  bpf_map_area_alloc+0x12d/0x180
[  561.871667][T18261]  ? sock_hash_alloc+0x266/0x4e0
[  561.871697][T18261]  sock_hash_alloc+0x266/0x4e0
[  561.871731][T18261]  map_create+0x900/0x1150
[  561.871765][T18261]  ? security_bpf+0x7e/0x300
[  561.871793][T18261]  __sys_bpf+0x67e/0x860
[  561.871824][T18261]  ? __pfx___sys_bpf+0x10/0x10
[  561.871868][T18261]  ? ksys_write+0x22a/0x250
[  561.871893][T18261]  ? __pfx_ksys_write+0x10/0x10
[  561.871925][T18261]  __x64_sys_bpf+0x7c/0x90
[  561.871951][T18261]  do_syscall_64+0xfa/0x3b0
[  561.871975][T18261]  ? lockdep_hardirqs_on+0x9c/0x150
[  561.872000][T18261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.872019][T18261]  ? clear_bhb_loop+0x60/0xb0
[  561.872043][T18261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.872061][T18261] RIP: 0033:0x7f243278e929
[  561.872080][T18261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.872098][T18261] RSP: 002b:00007f24336b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  561.872119][T18261] RAX: ffffffffffffffda RBX: 00007f24329b5fa0 RCX: 00007f243278e929
[  561.872134][T18261] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 0000000000000000
[  561.872147][T18261] RBP: 00007f24336b0090 R08: 0000000000000000 R09: 0000000000000000
[  561.872160][T18261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  561.872172][T18261] R13: 0000000000000001 R14: 00007f24329b5fa0 R15: 00007ffc4a2da798
[  561.872205][T18261]  </TASK>
[  561.886462][T18095] 8021q: adding VLAN 0 to HW filter on device bond0
[  562.220075][T18095] 8021q: adding VLAN 0 to HW filter on device team0
[  562.274387][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.281556][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  562.310576][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.317823][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  562.676423][T18269] macsec0 speed is unknown, defaulting to 1000
[  562.684844][T18269] wg1 speed is unknown, defaulting to 1000
[  562.820458][T18095] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  562.834648][T18095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  562.866389][T18282] pim6reg1: entered promiscuous mode
[  562.872190][T18282] pim6reg1: entered allmulticast mode
[  562.947307][T18288] netlink: 'syz.0.3282': attribute type 11 has an invalid length.
[  563.357734][T18305] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3284'.
[  563.368657][ T5856] Bluetooth: hci0: command tx timeout
[  563.411133][T18095] 8021q: adding VLAN 0 to HW filter on device batadv0
[  563.459771][T18095] veth0_vlan: entered promiscuous mode
[  563.475928][T18095] veth1_vlan: entered promiscuous mode
[  563.550539][T18313] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  563.637263][T18095] veth0_macvtap: entered promiscuous mode
[  563.774760][T18317] 8021q: adding VLAN 0 to HW filter on device bond2
[  563.789887][T18317] team0: Port device bond2 added
[  563.808601][T18095] veth1_macvtap: entered promiscuous mode
[  563.863349][T18095] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.913967][T18095] batman_adv: batadv0: Interface activated: batadv_slave_1
[  563.958966][ T6133] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  563.968911][ T6133] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  564.025746][ T6133] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  564.154165][ T6133] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  564.541544][T18338] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3294'.
[  564.543522][T18331] macsec0 speed is unknown, defaulting to 1000
[  564.576994][ T5964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.615326][ T5964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.680152][T18331] wg1 speed is unknown, defaulting to 1000
[  565.055115][ T5964] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  565.101841][ T5964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  566.139008][ T5964] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.193608][T18341] macsec0 speed is unknown, defaulting to 1000
[  566.193663][T18378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3302'.
[  566.252733][T18341] wg1 speed is unknown, defaulting to 1000
[  566.281178][T18381] pim6reg1: entered promiscuous mode
[  566.302749][T18381] pim6reg1: entered allmulticast mode
[  566.499078][ T5964] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.595014][ T5964] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.680180][ T5964] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.806227][ T5964] bridge_slave_1: left allmulticast mode
[  566.812794][ T5964] bridge_slave_1: left promiscuous mode
[  566.818535][ T5964] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.827683][ T5964] bridge_slave_0: left allmulticast mode
[  566.833742][ T5964] bridge_slave_0: left promiscuous mode
[  566.839513][ T5964] bridge0: port 1(bridge_slave_0) entered disabled state
[  567.149100][ T5964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  567.160587][ T5964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  567.172349][ T5964] bond0 (unregistering): Released all slaves
[  567.380306][ T5964] hsr_slave_0: left promiscuous mode
[  567.386277][ T5964] hsr_slave_1: left promiscuous mode
[  567.392396][ T5964] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  567.399789][ T5964] batman_adv: batadv0: Removing interface: batadv_slave_0
[  567.409262][ T5964] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  567.416707][ T5964] batman_adv: batadv0: Removing interface: batadv_slave_1
[  567.436491][ T5964] veth1_macvtap: left promiscuous mode
[  567.445662][ T5964] veth0_macvtap: left promiscuous mode
[  567.451259][ T5964] veth1_vlan: left promiscuous mode
[  567.456915][ T5964] veth0_vlan: left promiscuous mode
[  567.677400][T18393] FAULT_INJECTION: forcing a failure.
[  567.677400][T18393] name failslab, interval 1, probability 0, space 0, times 0
[  567.726980][T18393] CPU: 0 UID: 0 PID: 18393 Comm: syz.2.3306 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  567.727017][T18393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  567.727029][T18393] Call Trace:
[  567.727038][T18393]  <TASK>
[  567.727047][T18393]  dump_stack_lvl+0x189/0x250
[  567.727077][T18393]  ? __pfx____ratelimit+0x10/0x10
[  567.727104][T18393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.727128][T18393]  ? __pfx__printk+0x10/0x10
[  567.727159][T18393]  ? __pfx___might_resched+0x10/0x10
[  567.727186][T18393]  should_fail_ex+0x414/0x560
[  567.727217][T18393]  should_failslab+0xa8/0x100
[  567.727240][T18393]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  567.727261][T18393]  ? __alloc_skb+0x112/0x2d0
[  567.727288][T18393]  __alloc_skb+0x112/0x2d0
[  567.727316][T18393]  netlink_sendmsg+0x5c6/0xb30
[  567.727351][T18393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  567.727380][T18393]  ? aa_sock_msg_perm+0x94/0x160
[  567.727409][T18393]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  567.727435][T18393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  567.727461][T18393]  __sock_sendmsg+0x21c/0x270
[  567.727486][T18393]  ____sys_sendmsg+0x505/0x830
[  567.727521][T18393]  ? __pfx_____sys_sendmsg+0x10/0x10
[  567.727560][T18393]  ? import_iovec+0x74/0xa0
[  567.727586][T18393]  ___sys_sendmsg+0x21f/0x2a0
[  567.727606][T18393]  ? __pfx____sys_sendmsg+0x10/0x10
[  567.727666][T18393]  ? __fget_files+0x2a/0x420
[  567.727689][T18393]  ? __fget_files+0x3a0/0x420
[  567.727736][T18393]  __x64_sys_sendmsg+0x19b/0x260
[  567.727757][T18393]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  567.727786][T18393]  ? __pfx_ksys_write+0x10/0x10
[  567.727804][T18393]  ? rcu_is_watching+0x15/0xb0
[  567.727833][T18393]  ? do_syscall_64+0xbe/0x3b0
[  567.727861][T18393]  do_syscall_64+0xfa/0x3b0
[  567.727880][T18393]  ? lockdep_hardirqs_on+0x9c/0x150
[  567.727900][T18393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.727916][T18393]  ? clear_bhb_loop+0x60/0xb0
[  567.727937][T18393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.727952][T18393] RIP: 0033:0x7f9de558e929
[  567.727969][T18393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.727984][T18393] RSP: 002b:00007f9de64c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  567.728004][T18393] RAX: ffffffffffffffda RBX: 00007f9de57b5fa0 RCX: 00007f9de558e929
[  567.728017][T18393] RDX: 0000000004044004 RSI: 0000200000000280 RDI: 0000000000000004
[  567.728028][T18393] RBP: 00007f9de64c7090 R08: 0000000000000000 R09: 0000000000000000
[  567.728039][T18393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.728050][T18393] R13: 0000000000000000 R14: 00007f9de57b5fa0 R15: 00007ffdf67d66c8
[  567.728079][T18393]  </TASK>
[  568.187154][T18401] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3309'.
[  568.308704][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  568.328115][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  568.342012][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  568.351535][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  568.365515][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  568.546303][ T5964] team0 (unregistering): Port device team_slave_1 removed
[  568.597591][ T5964] team0 (unregistering): Port device team_slave_0 removed
[  569.076987][T18396] macsec0 speed is unknown, defaulting to 1000
[  569.140257][T18405] macsec0 speed is unknown, defaulting to 1000
[  569.146588][T18396] wg1 speed is unknown, defaulting to 1000
[  569.163419][T18405] wg1 speed is unknown, defaulting to 1000
[  570.055091][T18405] chnl_net:caif_netlink_parms(): no params data found
[  570.065132][T18436] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3319'.
[  570.207003][T18437] pim6reg1: entered promiscuous mode
[  570.215771][T18437] pim6reg1: entered allmulticast mode
[  570.405006][ T5856] Bluetooth: hci0: command tx timeout
[  570.493378][T18405] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.501352][T18405] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.513732][T18405] bridge_slave_0: entered allmulticast mode
[  570.534134][T18405] bridge_slave_0: entered promiscuous mode
[  570.543576][T18405] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.550913][T18405] bridge0: port 2(bridge_slave_1) entered disabled state
[  570.565431][T18405] bridge_slave_1: entered allmulticast mode
[  570.574638][T18405] bridge_slave_1: entered promiscuous mode
[  570.584023][T18447] netlink: 'syz.0.3321': attribute type 10 has an invalid length.
[  570.746767][T18405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.804348][T18405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  571.228438][T18471] xt_CT: You must specify a L4 protocol and not use inversions on it
[  571.424825][T18405] team0: Port device team_slave_0 added
[  571.431952][T18480] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3329'.
[  571.454456][T18405] team0: Port device team_slave_1 added
[  571.796220][T18405] batman_adv: batadv0: Adding interface: batadv_slave_0
[  571.826320][T18405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  571.933022][T18405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  571.965974][T18405] batman_adv: batadv0: Adding interface: batadv_slave_1
[  571.991730][T18405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  572.099634][T18405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  572.223985][T18493] netlink: 'syz.0.3330': attribute type 13 has an invalid length.
[  572.236870][T18493] netlink: 'syz.0.3330': attribute type 17 has an invalid length.
[  572.376937][T18493] 0ªX¹¦D: left allmulticast mode
[  572.433054][T18493] 0ªX¹¦D: refused to change device tx_queue_len
[  572.442666][T18493] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  572.481844][ T5856] Bluetooth: hci0: command tx timeout
[  572.700908][T18405] hsr_slave_0: entered promiscuous mode
[  572.732938][T18405] hsr_slave_1: entered promiscuous mode
[  572.739267][T18405] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  572.769437][T18405] Cannot create hsr debugfs directory
[  573.110195][T18452] macsec0 speed is unknown, defaulting to 1000
[  573.408662][T18452] wg1 speed is unknown, defaulting to 1000
[  573.614861][T18473] macsec0 speed is unknown, defaulting to 1000
[  573.749949][T18473] wg1 speed is unknown, defaulting to 1000
[  573.903665][T18507] macsec0 speed is unknown, defaulting to 1000
[  574.113787][T18507] wg1 speed is unknown, defaulting to 1000
[  574.549045][T18514] pim6reg1: entered promiscuous mode
[  574.558726][T18514] pim6reg1: entered allmulticast mode
[  574.562274][ T5856] Bluetooth: hci0: command tx timeout
[  574.665748][T18405] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  574.693861][T18515] macsec0 speed is unknown, defaulting to 1000
[  574.700982][T18405] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  574.727533][T18515] wg1 speed is unknown, defaulting to 1000
[  574.742433][T18405] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  574.834771][T18405] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  574.887444][T18520] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3337'.
[  575.074597][T18524] netlink: 'syz.0.3339': attribute type 1 has an invalid length.
[  575.082568][T18524] netlink: 228 bytes leftover after parsing attributes in process `syz.0.3339'.
[  575.302198][T18542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3340'.
[  575.342527][T18543] netlink: 'syz.2.3341': attribute type 1 has an invalid length.
[  575.370765][T18543] netlink: 236 bytes leftover after parsing attributes in process `syz.2.3341'.
[  575.430286][T18543] NCSI netlink: No device for ifindex 813332851
[  575.476489][T18548] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3343'.
[  575.518724][T18548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3343'.
[  575.527639][T18405] 8021q: adding VLAN 0 to HW filter on device bond0
[  575.610615][T18405] 8021q: adding VLAN 0 to HW filter on device team0
[  575.720437][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.727717][ T5964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  575.777430][ T5964] bridge0: port 2(bridge_slave_1) entered blocking state
[  575.784711][ T5964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.121215][T18558] macsec0 speed is unknown, defaulting to 1000
[  576.155738][T18558] wg1 speed is unknown, defaulting to 1000
[  576.164002][T18577] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3352'.
[  576.408103][T18585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  576.417898][T18574] macsec0 speed is unknown, defaulting to 1000
[  576.419961][T18574] wg1 speed is unknown, defaulting to 1000
[  576.500842][T18589] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3354'.
[  576.555613][T18591] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3354'.
[  576.604930][T18585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  576.642229][ T5856] Bluetooth: hci0: command tx timeout
[  576.705779][T18589] 0ªX¹¦D: entered promiscuous mode
[  576.715844][T18585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  576.716797][T18589] 0ªX¹¦D: left allmulticast mode
[  576.738409][T18591] 1ªX¹¦D: renamed from 
30ªX¹¦D
[  576.746607][T18591] 1ªX¹¦D: left promiscuous mode
[  576.751490][T18591] 1ªX¹¦D: entered allmulticast mode
[  576.763231][T18591] A link change request failed with some changes committed already. Interface 
31ªX¹¦D may have been left with an inconsistent configuration, please check.
[  577.283358][T18606] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3358'.
[  577.459824][T18405] 8021q: adding VLAN 0 to HW filter on device batadv0
[  577.958734][T18405] veth0_vlan: entered promiscuous mode
[  578.048933][T18405] veth1_vlan: entered promiscuous mode
[  578.290312][T18405] veth0_macvtap: entered promiscuous mode
[  578.328785][T18405] veth1_macvtap: entered promiscuous mode
[  578.468984][T18405] batman_adv: batadv0: Interface activated: batadv_slave_0
[  578.558817][T18405] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.649653][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  578.691271][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  578.734071][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  578.785892][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  578.792603][T18653] SET target dimension over the limit!
[  578.877899][T18656] macsec0 speed is unknown, defaulting to 1000
[  578.888774][T18656] wg1 speed is unknown, defaulting to 1000
[  579.042451][T18661] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3373'.
[  579.444269][ T5964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  579.461741][ T5964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  579.653696][  T714] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  579.696409][  T714] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  580.453214][T18621] macsec0 speed is unknown, defaulting to 1000
[  580.467582][T18621] wg1 speed is unknown, defaulting to 1000
[  580.843932][T18705] macsec0 speed is unknown, defaulting to 1000
[  580.852802][T18705] wg1 speed is unknown, defaulting to 1000
[  580.994122][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.244413][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.329231][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.394227][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.506724][   T36] bridge_slave_1: left allmulticast mode
[  581.513135][   T36] bridge_slave_1: left promiscuous mode
[  581.518982][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.534621][   T36] bridge_slave_0: left allmulticast mode
[  581.540308][   T36] bridge_slave_0: left promiscuous mode
[  581.546153][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.896752][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  581.907767][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  581.918204][   T36] bond0 (unregistering): Released all slaves
[  582.131068][   T36] hsr_slave_0: left promiscuous mode
[  582.136955][   T36] hsr_slave_1: left promiscuous mode
[  582.143258][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  582.150652][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  582.158393][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  582.165961][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.283801][   T36] veth1_macvtap: left promiscuous mode
[  582.304221][   T36] veth0_macvtap: left promiscuous mode
[  582.322441][   T36] veth1_vlan: left promiscuous mode
[  582.327851][   T36] veth0_vlan: left promiscuous mode
[  582.357646][T18716] netlink: 'syz.0.3383': attribute type 8 has an invalid length.
[  582.827807][T18733] SET target dimension over the limit!
[  582.955831][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  582.972551][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  582.983548][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  583.012993][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  583.027304][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  583.317229][   T36] team0 (unregistering): Port device team_slave_1 removed
[  583.358974][   T36] team0 (unregistering): Port device team_slave_0 removed
[  583.875380][T18726] macsec0 speed is unknown, defaulting to 1000
[  583.908412][T18726] wg1 speed is unknown, defaulting to 1000
[  583.938501][T18737] macsec0 speed is unknown, defaulting to 1000
[  583.989925][T18737] wg1 speed is unknown, defaulting to 1000
[  584.612571][T18776] __nla_validate_parse: 1 callbacks suppressed
[  584.612591][T18776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3397'.
[  585.126805][ T5859] Bluetooth: hci0: command tx timeout
[  585.220010][T18737] chnl_net:caif_netlink_parms(): no params data found
[  585.249196][T18796] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3401'.
[  585.709170][T18820] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3406'.
[  585.840053][T18737] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.859661][T18737] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.880714][T18737] bridge_slave_0: entered allmulticast mode
[  585.897101][T18737] bridge_slave_0: entered promiscuous mode
[  585.946290][T18737] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.960594][T18737] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.975519][T18737] bridge_slave_1: entered allmulticast mode
[  585.990080][T18737] bridge_slave_1: entered promiscuous mode
[  586.161047][T18737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  586.171567][T18834] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3409'.
[  586.196263][T18737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  586.233970][T18834] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.507332][T18737] team0: Port device team_slave_0 added
[  586.525632][T18737] team0: Port device team_slave_1 added
[  586.713151][T18834] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.802306][T18851] macsec0: entered allmulticast mode
[  586.847307][T18834] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.867434][T18854] veth1_macvtap: entered allmulticast mode
[  586.873447][T18854] macsec0: left allmulticast mode
[  586.878705][T18854] veth1_macvtap: left allmulticast mode
[  586.889748][T18737] batman_adv: batadv0: Adding interface: batadv_slave_0
[  586.901337][T18737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.010824][T18737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  587.061531][T18737] batman_adv: batadv0: Adding interface: batadv_slave_1
[  587.104334][T18737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.182866][T18737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  587.205252][ T5859] Bluetooth: hci0: command tx timeout
[  587.263020][T18834] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.317493][T18866] FAULT_INJECTION: forcing a failure.
[  587.317493][T18866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  587.338168][T18866] CPU: 1 UID: 0 PID: 18866 Comm: syz.0.3415 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  587.338195][T18866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  587.338206][T18866] Call Trace:
[  587.338213][T18866]  <TASK>
[  587.338221][T18866]  dump_stack_lvl+0x189/0x250
[  587.338245][T18866]  ? __pfx____ratelimit+0x10/0x10
[  587.338266][T18866]  ? __pfx_dump_stack_lvl+0x10/0x10
[  587.338284][T18866]  ? __pfx__printk+0x10/0x10
[  587.338305][T18866]  ? __might_fault+0xb0/0x130
[  587.338332][T18866]  should_fail_ex+0x414/0x560
[  587.338358][T18866]  _copy_from_user+0x2d/0xb0
[  587.338377][T18866]  generic_map_update_batch+0x572/0x7f0
[  587.338408][T18866]  ? __pfx_generic_map_update_batch+0x10/0x10
[  587.338427][T18866]  ? __fget_files+0x2a/0x420
[  587.338455][T18866]  ? __pfx_generic_map_update_batch+0x10/0x10
[  587.338474][T18866]  bpf_map_do_batch+0x369/0x5f0
[  587.338494][T18866]  __sys_bpf+0x384/0x860
[  587.338527][T18866]  ? __pfx___sys_bpf+0x10/0x10
[  587.338560][T18866]  ? ksys_write+0x22a/0x250
[  587.338581][T18866]  ? __pfx_ksys_write+0x10/0x10
[  587.338603][T18866]  ? rcu_is_watching+0x15/0xb0
[  587.338628][T18866]  __x64_sys_bpf+0x7c/0x90
[  587.338649][T18866]  do_syscall_64+0xfa/0x3b0
[  587.338667][T18866]  ? lockdep_hardirqs_on+0x9c/0x150
[  587.338804][T18866]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.338823][T18866]  ? clear_bhb_loop+0x60/0xb0
[  587.338847][T18866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.338865][T18866] RIP: 0033:0x7f9551f8e929
[  587.338885][T18866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.338901][T18866] RSP: 002b:00007f9552e4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  587.338922][T18866] RAX: ffffffffffffffda RBX: 00007f95521b5fa0 RCX: 00007f9551f8e929
[  587.338937][T18866] RDX: 0000000000000038 RSI: 0000200000000480 RDI: 000000000000001a
[  587.338950][T18866] RBP: 00007f9552e4d090 R08: 0000000000000000 R09: 0000000000000000
[  587.338963][T18866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  587.338976][T18866] R13: 0000000000000000 R14: 00007f95521b5fa0 R15: 00007fff1725b7d8
[  587.339005][T18866]  </TASK>
[  587.705218][T18861] macsec0 speed is unknown, defaulting to 1000
[  587.719045][T18861] wg1 speed is unknown, defaulting to 1000
[  587.825587][T18737] hsr_slave_0: entered promiscuous mode
[  587.851409][T18737] hsr_slave_1: entered promiscuous mode
[  587.894760][T18737] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  587.926917][T18737] Cannot create hsr debugfs directory
[  588.043154][   T36] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  588.216766][ T1102] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  588.327863][ T1102] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  588.343282][T18889] netlink: 'syz.4.3423': attribute type 11 has an invalid length.
[  588.396958][ T1102] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  588.453771][T18899] FAULT_INJECTION: forcing a failure.
[  588.453771][T18899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.479832][T18899] CPU: 1 UID: 0 PID: 18899 Comm: syz.2.3425 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  588.479861][T18899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  588.479872][T18899] Call Trace:
[  588.479880][T18899]  <TASK>
[  588.479889][T18899]  dump_stack_lvl+0x189/0x250
[  588.479915][T18899]  ? __pfx____ratelimit+0x10/0x10
[  588.479939][T18899]  ? __pfx_dump_stack_lvl+0x10/0x10
[  588.479960][T18899]  ? __pfx__printk+0x10/0x10
[  588.479999][T18899]  should_fail_ex+0x414/0x560
[  588.480029][T18899]  _copy_to_user+0x31/0xb0
[  588.480052][T18899]  sk_getsockopt+0x19dd/0x2530
[  588.480085][T18899]  ? __pfx_sk_getsockopt+0x10/0x10
[  588.480107][T18899]  ? do_syscall_64+0x40/0x3b0
[  588.480143][T18899]  ? __lock_acquire+0xab9/0xd20
[  588.480175][T18899]  ? __might_fault+0xb0/0x130
[  588.480220][T18899]  do_sock_getsockopt+0x275/0x650
[  588.480244][T18899]  ? do_syscall_64+0x40/0x3b0
[  588.480271][T18899]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  588.480295][T18899]  ? do_syscall_64+0x40/0x3b0
[  588.480316][T18899]  ? __fget_files+0x3a0/0x420
[  588.480345][T18899]  ? __fget_files+0x2a/0x420
[  588.480376][T18899]  __x64_sys_getsockopt+0x1a5/0x250
[  588.480400][T18899]  ? do_syscall_64+0x40/0x3b0
[  588.480435][T18899]  ? do_syscall_64+0x40/0x3b0
[  588.480461][T18899]  do_syscall_64+0xfa/0x3b0
[  588.480482][T18899]  ? lockdep_hardirqs_on+0x9c/0x150
[  588.480505][T18899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.480522][T18899]  ? clear_bhb_loop+0x60/0xb0
[  588.480545][T18899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.480562][T18899] RIP: 0033:0x7f9de558e929
[  588.480580][T18899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  588.480597][T18899] RSP: 002b:00007f9de64c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  588.480618][T18899] RAX: ffffffffffffffda RBX: 00007f9de57b5fa0 RCX: 00007f9de558e929
[  588.480632][T18899] RDX: 000000000000002d RSI: 0000000000000001 RDI: 0000000000000003
[  588.480644][T18899] RBP: 00007f9de64c7090 R08: 0000200000000680 R09: 0000000000000000
[  588.480656][T18899] R10: 00002000000005c0 R11: 0000000000000246 R12: 0000000000000001
[  588.480667][T18899] R13: 0000000000000000 R14: 00007f9de57b5fa0 R15: 00007ffdf67d66c8
[  588.480698][T18899]  </TASK>
[  588.939543][T18907] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3426'.
[  589.284850][ T5859] Bluetooth: hci0: command tx timeout
[  589.616559][T18737] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  589.696772][T18737] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  589.832582][T18737] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  589.860003][T18737] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  590.070074][T18947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.112340][T18936] macsec0 speed is unknown, defaulting to 1000
[  590.226589][T18943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.239737][T18936] wg1 speed is unknown, defaulting to 1000
[  590.414121][T18961] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3444'.
[  590.561459][T18737] 8021q: adding VLAN 0 to HW filter on device bond0
[  590.675644][T18737] 8021q: adding VLAN 0 to HW filter on device team0
[  590.709932][ T6133] bridge0: port 1(bridge_slave_0) entered blocking state
[  590.717189][ T6133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  590.754828][ T6133] bridge0: port 2(bridge_slave_1) entered blocking state
[  590.762104][ T6133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  591.094146][T18980] netlink: 'syz.3.3451': attribute type 1 has an invalid length.
[  591.117786][T18980] netlink: 'syz.3.3451': attribute type 1 has an invalid length.
[  591.217985][T18987] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3452'.
[  591.251851][T18987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3452'.
[  591.361848][ T5859] Bluetooth: hci0: command tx timeout
[  591.378295][T18737] 8021q: adding VLAN 0 to HW filter on device batadv0
[  591.479736][T18997] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3455'.
[  591.510046][T18737] veth0_vlan: entered promiscuous mode
[  591.569992][T19001] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3456'.
[  591.733655][T18737] veth1_vlan: entered promiscuous mode
[  591.866515][T18737] veth0_macvtap: entered promiscuous mode
[  591.896923][T18737] veth1_macvtap: entered promiscuous mode
[  591.985618][T18737] batman_adv: batadv0: Interface activated: batadv_slave_0
[  592.040915][T18737] batman_adv: batadv0: Interface activated: batadv_slave_1
[  592.064015][T19019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3463'.
[  592.090863][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  592.122816][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  592.151309][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  592.174073][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  592.345481][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.376374][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  592.447694][T19029] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3468'.
[  592.449468][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.477940][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  592.546095][T19033] batman_adv: batadv0: Interface deactivated: macsec2
[  592.560894][T19033] batman_adv: batadv0: Removing interface: macsec2
[  592.601301][T15641] wg1 speed is unknown, defaulting to 1000
[  592.693271][T19039] netlink: 'syz.2.3473': attribute type 13 has an invalid length.
[  592.709921][T19039] netlink: 'syz.2.3473': attribute type 17 has an invalid length.
[  592.744988][T19039] 0ªX¹¦D: refused to change device tx_queue_len
[  592.751557][T19039] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  592.823302][T19042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3474'.
[  593.149450][ T6133] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.224199][T19060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3482'.
[  593.478653][ T6133] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.715601][ T6133] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.999738][ T6133] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.136652][ T6133] bridge_slave_1: left allmulticast mode
[  594.142570][ T6133] bridge_slave_1: left promiscuous mode
[  594.148275][ T6133] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.157625][ T6133] bridge_slave_0: left allmulticast mode
[  594.164019][ T6133] bridge_slave_0: left promiscuous mode
[  594.169721][ T6133] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.480882][ T6133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  594.494812][ T6133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  594.505119][ T6133] bond0 (unregistering): Released all slaves
[  594.701567][ T6133] hsr_slave_0: left promiscuous mode
[  594.707973][ T6133] hsr_slave_1: left promiscuous mode
[  594.714766][ T6133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  594.724496][ T6133] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.735065][ T6133] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  594.742678][ T6133] batman_adv: batadv0: Removing interface: batadv_slave_1
[  594.764519][ T6133] veth1_macvtap: left promiscuous mode
[  594.770037][ T6133] veth0_macvtap: left promiscuous mode
[  594.775745][ T6133] veth1_vlan: left promiscuous mode
[  594.781007][ T6133] veth0_vlan: left promiscuous mode
[  595.707788][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  595.730422][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  595.739849][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  595.749541][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  595.775022][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  596.060024][ T6133] team0 (unregistering): Port device team_slave_1 removed
[  596.136100][ T6133] team0 (unregistering): Port device team_slave_0 removed
[  596.225225][T19103] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3494'.
[  596.719301][T19090] macsec0 speed is unknown, defaulting to 1000
[  596.724382][T19105] veth0_to_bridge: entered promiscuous mode
[  596.749657][T19090] wg1 speed is unknown, defaulting to 1000
[  596.754886][T19104] veth0_to_bridge: left promiscuous mode
[  597.306328][T19123] macsec0 speed is unknown, defaulting to 1000
[  597.344693][T19135] ip6gre1: entered allmulticast mode
[  597.371296][T19135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3504'.
[  597.380678][T19123] wg1 speed is unknown, defaulting to 1000
[  597.384049][T19135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3504'.
[  597.681386][T19144] netlink: 'syz.4.3507': attribute type 13 has an invalid length.
[  597.708556][T19144] netlink: 'syz.4.3507': attribute type 17 has an invalid length.
[  597.804939][T19145] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3506'.
[  597.841381][T19144] .30ªX¹¦ç: refused to change device tx_queue_len
[  597.860015][T19144] A link change request failed with some changes committed already. Interface .30ªX¹¦ç may have been left with an inconsistent configuration, please check.
[  598.217246][T19156] FAULT_INJECTION: forcing a failure.
[  598.217246][T19156] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.275129][T19156] CPU: 1 UID: 0 PID: 19156 Comm: syz.3.3512 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  598.275161][T19156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  598.275173][T19156] Call Trace:
[  598.275181][T19156]  <TASK>
[  598.275191][T19156]  dump_stack_lvl+0x189/0x250
[  598.275223][T19156]  ? __pfx____ratelimit+0x10/0x10
[  598.275251][T19156]  ? __pfx_dump_stack_lvl+0x10/0x10
[  598.275275][T19156]  ? __pfx__printk+0x10/0x10
[  598.275300][T19156]  ? __might_fault+0xb0/0x130
[  598.275335][T19156]  should_fail_ex+0x414/0x560
[  598.275367][T19156]  _copy_from_user+0x2d/0xb0
[  598.275391][T19156]  __sys_bpf+0x1ed/0x860
[  598.275424][T19156]  ? __pfx___sys_bpf+0x10/0x10
[  598.275477][T19156]  ? ksys_write+0x22a/0x250
[  598.275508][T19156]  ? __pfx_ksys_write+0x10/0x10
[  598.275526][T19156]  ? rcu_is_watching+0x15/0xb0
[  598.275559][T19156]  __x64_sys_bpf+0x7c/0x90
[  598.275587][T19156]  do_syscall_64+0xfa/0x3b0
[  598.275611][T19156]  ? lockdep_hardirqs_on+0x9c/0x150
[  598.275636][T19156]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.275656][T19156]  ? clear_bhb_loop+0x60/0xb0
[  598.275680][T19156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.275698][T19156] RIP: 0033:0x7fa37d78e929
[  598.275716][T19156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.275732][T19156] RSP: 002b:00007fa37e52a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  598.275753][T19156] RAX: ffffffffffffffda RBX: 00007fa37d9b5fa0 RCX: 00007fa37d78e929
[  598.275768][T19156] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a
[  598.275781][T19156] RBP: 00007fa37e52a090 R08: 0000000000000000 R09: 0000000000000000
[  598.275794][T19156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.275805][T19156] R13: 0000000000000000 R14: 00007fa37d9b5fa0 R15: 00007ffede76d188
[  598.275840][T19156]  </TASK>
[  599.176052][T19184] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3518'.
[  599.229395][T19184] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3518'.
[  599.276269][T19187] SET target dimension over the limit!
[  599.391249][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  599.401235][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  599.412745][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  599.436855][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  599.449069][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  599.495634][T19186] macsec0 speed is unknown, defaulting to 1000
[  599.576984][T19186] wg1 speed is unknown, defaulting to 1000
[  599.584467][T19193] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3520'.
[  599.756960][T19189] macsec0 speed is unknown, defaulting to 1000
[  599.815992][T19189] wg1 speed is unknown, defaulting to 1000
[  600.665393][T19219] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3526'.
[  600.804514][T19189] chnl_net:caif_netlink_parms(): no params data found
[  601.084699][T19234] FAULT_INJECTION: forcing a failure.
[  601.084699][T19234] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  601.113276][T19234] CPU: 1 UID: 0 PID: 19234 Comm: syz.0.3529 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  601.113309][T19234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  601.113322][T19234] Call Trace:
[  601.113330][T19234]  <TASK>
[  601.113340][T19234]  dump_stack_lvl+0x189/0x250
[  601.113372][T19234]  ? __pfx____ratelimit+0x10/0x10
[  601.113400][T19234]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.113424][T19234]  ? __pfx__printk+0x10/0x10
[  601.113461][T19234]  ? __might_fault+0xb0/0x130
[  601.113498][T19234]  should_fail_ex+0x414/0x560
[  601.113533][T19234]  _copy_from_user+0x2d/0xb0
[  601.113557][T19234]  __sys_bpf+0x1ed/0x860
[  601.113590][T19234]  ? __pfx___sys_bpf+0x10/0x10
[  601.113636][T19234]  ? ksys_write+0x22a/0x250
[  601.113662][T19234]  ? __pfx_ksys_write+0x10/0x10
[  601.113682][T19234]  ? rcu_is_watching+0x15/0xb0
[  601.113712][T19234]  __x64_sys_bpf+0x7c/0x90
[  601.113741][T19234]  do_syscall_64+0xfa/0x3b0
[  601.113766][T19234]  ? lockdep_hardirqs_on+0x9c/0x150
[  601.113791][T19234]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.113810][T19234]  ? clear_bhb_loop+0x60/0xb0
[  601.113836][T19234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.113854][T19234] RIP: 0033:0x7f9551f8e929
[  601.113873][T19234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.113891][T19234] RSP: 002b:00007f9552e4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  601.113914][T19234] RAX: ffffffffffffffda RBX: 00007f95521b5fa0 RCX: 00007f9551f8e929
[  601.113929][T19234] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  601.113942][T19234] RBP: 00007f9552e4d090 R08: 0000000000000000 R09: 0000000000000000
[  601.113955][T19234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.113967][T19234] R13: 0000000000000000 R14: 00007f95521b5fa0 R15: 00007fff1725b7d8
[  601.114001][T19234]  </TASK>
[  601.353441][T19231] macsec0 speed is unknown, defaulting to 1000
[  601.457379][T19245] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3530'.
[  601.495473][T19231] wg1 speed is unknown, defaulting to 1000
[  601.528238][ T5862] Bluetooth: hci0: command tx timeout
[  601.739612][T19189] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.766779][T19189] bridge0: port 1(bridge_slave_0) entered disabled state
[  601.787666][T19189] bridge_slave_0: entered allmulticast mode
[  601.794437][ T6141] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xea
[  601.826985][T19189] bridge_slave_0: entered promiscuous mode
[  601.901558][T19179] macsec0 speed is unknown, defaulting to 1000
[  601.908826][T19189] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.930220][T19189] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.937566][T19189] bridge_slave_1: entered allmulticast mode
[  601.958370][T19189] bridge_slave_1: entered promiscuous mode
[  602.035949][T19179] wg1 speed is unknown, defaulting to 1000
[  602.181370][T19189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  602.204036][T19263] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3537'.
[  602.224466][T19189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  602.283755][T19265] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3537'.
[  602.370151][T19189] team0: Port device team_slave_0 added
[  602.402604][T19189] team0: Port device team_slave_1 added
[  602.569680][T19189] batman_adv: batadv0: Adding interface: batadv_slave_0
[  602.582312][T19189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.608833][T19274] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3540'.
[  602.620919][T19189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  602.672257][T19189] batman_adv: batadv0: Adding interface: batadv_slave_1
[  602.681478][T19189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.708533][T19189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  602.731552][T19273] macsec0 speed is unknown, defaulting to 1000
[  602.746202][T19276] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3540'.
[  602.775102][T19273] wg1 speed is unknown, defaulting to 1000
[  602.861410][T19189] hsr_slave_0: entered promiscuous mode
[  602.876996][T19189] hsr_slave_1: entered promiscuous mode
[  602.897272][T19189] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  602.908054][T19189] Cannot create hsr debugfs directory
[  602.921675][T19280] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3542'.
[  603.130807][T19286] SET target dimension over the limit!
[  603.313763][T19284] macsec0 speed is unknown, defaulting to 1000
[  603.341226][T19284] wg1 speed is unknown, defaulting to 1000
[  603.458933][T19296] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3548'.
[  603.556619][T19296] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3548'.
[  603.606741][ T5862] Bluetooth: hci0: command tx timeout
[  604.048723][T19317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3553'.
[  604.343547][T19327] bridge0: entered promiscuous mode
[  604.348995][T19327] macsec1: entered promiscuous mode
[  604.376266][T19327] bridge0: port 1(macsec1) entered blocking state
[  604.398271][T19327] bridge0: port 1(macsec1) entered disabled state
[  604.417061][T19327] macsec1: entered allmulticast mode
[  604.424369][T19327] bridge0: entered allmulticast mode
[  604.436879][T19327] macsec1: left allmulticast mode
[  604.451050][T19327] bridge0: left allmulticast mode
[  604.469184][T19327] bridge0: left promiscuous mode
[  604.560785][T19189] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  604.596279][T19189] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  604.647362][T19189] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  604.793649][T19189] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  605.316561][T19370] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3568'.
[  605.428472][T19189] 8021q: adding VLAN 0 to HW filter on device bond0
[  605.619514][T19189] 8021q: adding VLAN 0 to HW filter on device team0
[  605.672909][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state
[  605.680111][ T5964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  605.703595][ T5862] Bluetooth: hci0: command tx timeout
[  605.733810][ T5964] bridge0: port 2(bridge_slave_1) entered blocking state
[  605.741011][ T5964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  606.727573][T19189] 8021q: adding VLAN 0 to HW filter on device batadv0
[  606.862236][T19418] __nla_validate_parse: 1 callbacks suppressed
[  606.862257][T19418] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3579'.
[  606.879761][T19422] netlink: 196 bytes leftover after parsing attributes in process `syz.0.3580'.
[  606.901266][T19337] macsec0 speed is unknown, defaulting to 1000
[  606.952905][T19337] wg1 speed is unknown, defaulting to 1000
[  607.260177][T19437] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3585'.
[  607.669932][T19450] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3587'.
[  607.763155][ T5862] Bluetooth: hci0: command tx timeout
[  607.926518][T19189] veth0_vlan: entered promiscuous mode
[  607.960919][T19189] veth1_vlan: entered promiscuous mode
[  608.066722][T19189] veth0_macvtap: entered promiscuous mode
[  608.088442][T19189] veth1_macvtap: entered promiscuous mode
[  608.142317][T19189] batman_adv: batadv0: Interface activated: batadv_slave_0
[  608.193371][T19189] batman_adv: batadv0: Interface activated: batadv_slave_1
[  608.236105][ T6141] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  608.251371][ T6141] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  608.272361][ T6141] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  608.326225][ T6141] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  608.437978][ T5964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.459318][ T5964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  608.525199][ T6141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.539772][ T6141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  608.998569][T19486] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3602'.
[  609.113290][T19490] netlink: 'syz.2.3604': attribute type 10 has an invalid length.
[  609.138782][T19490] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3604'.
[  609.165626][T19490] !
: entered allmulticast mode
[  609.181285][T19490] bridge0: port 1(
0!
) entered blocking state
[  609.200615][T19490] bridge0: port 1(
0!
) entered disabled state
[  609.392626][T19495] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3605'.
[  610.360126][T19514] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3614'.
[  610.407381][T19514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3614'.
[  610.434584][T19514] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  610.589094][T19518] netlink: 'syz.2.3615': attribute type 11 has an invalid length.
[  610.610507][T19523] netlink: 'syz.5.3616': attribute type 11 has an invalid length.
[  611.077967][T19541] netlink: 252 bytes leftover after parsing attributes in process `syz.5.3620'.
[  611.229793][ T5964] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xea
[  611.444975][ T5862] Bluetooth: hci0: command tx timeout
[  612.478688][T19575] FAULT_INJECTION: forcing a failure.
[  612.478688][T19575] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  612.499409][T19575] CPU: 0 UID: 0 PID: 19575 Comm: syz.2.3628 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  612.499466][T19575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  612.499479][T19575] Call Trace:
[  612.499488][T19575]  <TASK>
[  612.499497][T19575]  dump_stack_lvl+0x189/0x250
[  612.499528][T19575]  ? __pfx____ratelimit+0x10/0x10
[  612.499556][T19575]  ? __pfx_dump_stack_lvl+0x10/0x10
[  612.499580][T19575]  ? __pfx__printk+0x10/0x10
[  612.499610][T19575]  ? fs_reclaim_acquire+0x7d/0x100
[  612.499650][T19575]  should_fail_ex+0x414/0x560
[  612.499684][T19575]  prepare_alloc_pages+0x213/0x610
[  612.499721][T19575]  __alloc_frozen_pages_noprof+0x123/0x370
[  612.499756][T19575]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  612.499798][T19575]  ? policy_nodemask+0x27c/0x720
[  612.499829][T19575]  alloc_pages_mpol+0x232/0x4a0
[  612.499861][T19575]  vma_alloc_folio_noprof+0xe4/0x200
[  612.499891][T19575]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  612.499932][T19575]  folio_prealloc+0x30/0x180
[  612.499960][T19575]  do_wp_page+0x1231/0x5800
[  612.500010][T19575]  ? __pfx_do_wp_page+0x10/0x10
[  612.500028][T19575]  ? do_raw_spin_lock+0x121/0x290
[  612.500059][T19575]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  612.500099][T19575]  __handle_mm_fault+0x1144/0x5620
[  612.500146][T19575]  ? __pfx___handle_mm_fault+0x10/0x10
[  612.500187][T19575]  ? follow_page_pte+0xe7e/0x14b0
[  612.500221][T19575]  handle_mm_fault+0x40a/0x8e0
[  612.500257][T19575]  __get_user_pages+0x1af4/0x30b0
[  612.500323][T19575]  ? __pfx___get_user_pages+0x10/0x10
[  612.500343][T19575]  ? __gup_longterm_locked+0xbf7/0x15b0
[  612.500364][T19575]  ? down_read_killable+0x1d1/0x350
[  612.500399][T19575]  __gup_longterm_locked+0xd66/0x15b0
[  612.500436][T19575]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  612.500479][T19575]  ? gup_fast_fallback+0x1afc/0x2260
[  612.500505][T19575]  gup_fast_fallback+0x1cd4/0x2260
[  612.500526][T19575]  ? __kernel_text_address+0xd/0x40
[  612.500588][T19575]  ? __pfx_gup_fast_fallback+0x10/0x10
[  612.500608][T19575]  ? kasan_save_track+0x4f/0x80
[  612.500627][T19575]  ? kasan_save_track+0x3e/0x80
[  612.500644][T19575]  ? __kasan_kmalloc+0x93/0xb0
[  612.500666][T19575]  ? sock_kmalloc+0xd6/0x160
[  612.500683][T19575]  ? af_alg_get_rsgl+0x236/0x810
[  612.500706][T19575]  ? skcipher_recvmsg+0x3c0/0x11c0
[  612.500733][T19575]  ? ____sys_recvmsg+0x1c9/0x460
[  612.500750][T19575]  ? ___sys_recvmsg+0x1b5/0x510
[  612.500766][T19575]  ? __x64_sys_recvmsg+0x198/0x260
[  612.500791][T19575]  ? pin_user_pages_fast+0x4d/0xb0
[  612.500816][T19575]  iov_iter_extract_pages+0x35a/0x5e0
[  612.500851][T19575]  extract_iter_to_sg+0xe46/0x24e0
[  612.500901][T19575]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  612.500939][T19575]  ? rcu_is_watching+0x15/0xb0
[  612.500964][T19575]  ? trace_kmalloc+0x1f/0xd0
[  612.500984][T19575]  ? __kmalloc_noprof+0x29b/0x4f0
[  612.501014][T19575]  ? __asan_memset+0x22/0x50
[  612.501037][T19575]  af_alg_get_rsgl+0x436/0x810
[  612.501088][T19575]  skcipher_recvmsg+0x3c0/0x11c0
[  612.501123][T19575]  ? aa_sk_perm+0x81e/0x950
[  612.501162][T19575]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  612.501194][T19575]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  612.501221][T19575]  ? security_socket_recvmsg+0x7e/0x2e0
[  612.501244][T19575]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  612.501273][T19575]  sock_recvmsg+0x22c/0x270
[  612.501303][T19575]  ____sys_recvmsg+0x1c9/0x460
[  612.501335][T19575]  ? __pfx_____sys_recvmsg+0x10/0x10
[  612.501377][T19575]  ? import_iovec+0x74/0xa0
[  612.501404][T19575]  ___sys_recvmsg+0x1b5/0x510
[  612.501432][T19575]  ? __pfx____sys_recvmsg+0x10/0x10
[  612.501493][T19575]  ? __fget_files+0x3a0/0x420
[  612.501534][T19575]  __x64_sys_recvmsg+0x198/0x260
[  612.501558][T19575]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  612.501595][T19575]  ? __pfx_ksys_write+0x10/0x10
[  612.501615][T19575]  ? rcu_is_watching+0x15/0xb0
[  612.501643][T19575]  ? do_syscall_64+0xbe/0x3b0
[  612.501674][T19575]  do_syscall_64+0xfa/0x3b0
[  612.501698][T19575]  ? lockdep_hardirqs_on+0x9c/0x150
[  612.501720][T19575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  612.501739][T19575]  ? clear_bhb_loop+0x60/0xb0
[  612.501763][T19575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  612.501781][T19575] RIP: 0033:0x7f9de558e929
[  612.501799][T19575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  612.501815][T19575] RSP: 002b:00007f9de64c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  612.501836][T19575] RAX: ffffffffffffffda RBX: 00007f9de57b5fa0 RCX: 00007f9de558e929
[  612.501850][T19575] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  612.501862][T19575] RBP: 00007f9de64c7090 R08: 0000000000000000 R09: 0000000000000000
[  612.501874][T19575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  612.501886][T19575] R13: 0000000000000000 R14: 00007f9de57b5fa0 R15: 00007ffdf67d66c8
[  612.501919][T19575]  </TASK>
[  613.002622][T19578] netlink: 'syz.4.3629': attribute type 11 has an invalid length.
[  613.402437][T19592] macsec0 speed is unknown, defaulting to 1000
[  613.410668][T19592] wg1 speed is unknown, defaulting to 1000
[  613.443934][T19600] xt_hashlimit: size too large, truncated to 1048576
[  613.524493][T19605] FAULT_INJECTION: forcing a failure.
[  613.524493][T19605] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  613.551722][T19605] CPU: 0 UID: 0 PID: 19605 Comm: syz.4.3636 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  613.551754][T19605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  613.551766][T19605] Call Trace:
[  613.551775][T19605]  <TASK>
[  613.551784][T19605]  dump_stack_lvl+0x189/0x250
[  613.551815][T19605]  ? __pfx____ratelimit+0x10/0x10
[  613.551842][T19605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.551866][T19605]  ? __pfx__printk+0x10/0x10
[  613.551896][T19605]  ? fs_reclaim_acquire+0x7d/0x100
[  613.551933][T19605]  should_fail_ex+0x414/0x560
[  613.551968][T19605]  prepare_alloc_pages+0x213/0x610
[  613.552005][T19605]  __alloc_frozen_pages_noprof+0x123/0x370
[  613.552038][T19605]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  613.552089][T19605]  alloc_pages_bulk_noprof+0x560/0x710
[  613.552125][T19605]  ? alloc_pages_noprof+0xbe/0x190
[  613.552156][T19605]  kasan_populate_vmalloc+0xba/0x1a0
[  613.552185][T19605]  alloc_vmap_area+0xd51/0x1490
[  613.552228][T19605]  ? __pfx_alloc_vmap_area+0x10/0x10
[  613.552252][T19605]  ? __kasan_kmalloc+0x93/0xb0
[  613.552276][T19605]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  613.552299][T19605]  ? __sys_bpf+0x67e/0x860
[  613.552325][T19605]  ? __get_vm_area_node+0x13f/0x300
[  613.552349][T19605]  ? sock_hash_alloc+0x266/0x4e0
[  613.552379][T19605]  __get_vm_area_node+0x1f8/0x300
[  613.552411][T19605]  __vmalloc_node_range_noprof+0x301/0x12f0
[  613.552437][T19605]  ? sock_hash_alloc+0x266/0x4e0
[  613.552509][T19605]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  613.552535][T19605]  ? rcu_is_watching+0x15/0xb0
[  613.552560][T19605]  ? trace_kmalloc+0x1f/0xd0
[  613.552579][T19605]  ? __kmalloc_node_noprof+0x293/0x4e0
[  613.552601][T19605]  ? bpf_map_area_alloc+0x64/0x180
[  613.552625][T19605]  bpf_map_area_alloc+0x12d/0x180
[  613.552646][T19605]  ? sock_hash_alloc+0x266/0x4e0
[  613.552677][T19605]  sock_hash_alloc+0x266/0x4e0
[  613.552712][T19605]  map_create+0x900/0x1150
[  613.552753][T19605]  ? security_bpf+0x7e/0x300
[  613.552783][T19605]  __sys_bpf+0x67e/0x860
[  613.552815][T19605]  ? __pfx___sys_bpf+0x10/0x10
[  613.552860][T19605]  ? ksys_write+0x22a/0x250
[  613.552886][T19605]  ? __pfx_ksys_write+0x10/0x10
[  613.552918][T19605]  __x64_sys_bpf+0x7c/0x90
[  613.552946][T19605]  do_syscall_64+0xfa/0x3b0
[  613.552972][T19605]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.552998][T19605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.553017][T19605]  ? clear_bhb_loop+0x60/0xb0
[  613.553042][T19605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.553061][T19605] RIP: 0033:0x7f243278e929
[  613.553080][T19605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.553099][T19605] RSP: 002b:00007f24336b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  613.553122][T19605] RAX: ffffffffffffffda RBX: 00007f24329b5fa0 RCX: 00007f243278e929
[  613.553137][T19605] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 0000000000000000
[  613.553150][T19605] RBP: 00007f24336b0090 R08: 0000000000000000 R09: 0000000000000000
[  613.553162][T19605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  613.553180][T19605] R13: 0000000000000001 R14: 00007f24329b5fa0 R15: 00007ffc4a2da798
[  613.553214][T19605]  </TASK>
[  614.093553][T19609] netlink: 'syz.5.3638': attribute type 1 has an invalid length.
[  614.101380][T19609] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  615.071850][T19626] netlink: 'syz.3.3642': attribute type 11 has an invalid length.
[  615.640421][T19649] ip6gre1: entered allmulticast mode
[  615.717154][T19649] __nla_validate_parse: 1 callbacks suppressed
[  615.717174][T19649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3650'.
[  615.745350][T19647] macsec0 speed is unknown, defaulting to 1000
[  615.765653][T19649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3650'.
[  615.783019][T19647] wg1 speed is unknown, defaulting to 1000
[  615.799658][T19651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  615.895166][T19651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  616.045620][T19651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  616.221197][T19659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3653'.
[  617.082453][T19679] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3660'.
[  617.154224][T19677] macsec0 speed is unknown, defaulting to 1000
[  617.193166][T19677] wg1 speed is unknown, defaulting to 1000
[  617.763579][T19690] macsec0 speed is unknown, defaulting to 1000
[  617.786915][T19690] wg1 speed is unknown, defaulting to 1000
[  618.400324][T19700] macsec1: entered promiscuous mode
[  618.442617][T19700] bridge0: port 3(macsec1) entered blocking state
[  618.457297][T19700] bridge0: port 3(macsec1) entered disabled state
[  618.476102][T19700] macsec1: entered allmulticast mode
[  618.493106][T19700] macsec1: left allmulticast mode
[  618.558748][T19713] netlink: 'syz.4.3665': attribute type 11 has an invalid length.
[  618.843590][T19720] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3670'.
[  619.227630][T19730] ip6gre2: entered allmulticast mode
[  619.261495][T19732] netlink: 'syz.4.3676': attribute type 2 has an invalid length.
[  619.296188][T19730] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3675'.
[  619.307696][T19732] þ: entered promiscuous mode
[  619.362518][T19730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3675'.
[  619.996061][T19751] netlink: 'syz.5.3681': attribute type 11 has an invalid length.
[  620.344635][T19765] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  620.482557][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  620.494265][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  620.614097][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  620.628470][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  620.651995][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  620.920068][T19736] macsec0 speed is unknown, defaulting to 1000
[  621.052805][T19767] macsec0 speed is unknown, defaulting to 1000
[  621.082326][T19736] wg1 speed is unknown, defaulting to 1000
[  621.097527][T19767] wg1 speed is unknown, defaulting to 1000
[  621.742128][T19796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.825695][T19796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.887445][T19790] macsec0 speed is unknown, defaulting to 1000
[  621.942794][T19796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  622.011247][T19790] wg1 speed is unknown, defaulting to 1000
[  622.219876][T19767] chnl_net:caif_netlink_parms(): no params data found
[  622.579322][T19767] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.619966][T19767] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.638204][T19767] bridge_slave_0: entered allmulticast mode
[  622.657699][T19767] bridge_slave_0: entered promiscuous mode
[  622.681154][T19767] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.703039][T19767] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.710327][T19767] bridge_slave_1: entered allmulticast mode
[  622.728800][T19767] bridge_slave_1: entered promiscuous mode
[  622.801725][ T5856] Bluetooth: hci4: command tx timeout
[  622.829051][T19767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  622.876184][T19767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  623.156132][T19767] team0: Port device team_slave_0 added
[  623.187290][T19767] team0: Port device team_slave_1 added
[  623.306760][T19767] batman_adv: batadv0: Adding interface: batadv_slave_0
[  623.318106][T19767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  623.350666][T19767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  623.378522][T19767] batman_adv: batadv0: Adding interface: batadv_slave_1
[  623.387828][T19767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  623.421361][T19767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  623.515368][T19767] hsr_slave_0: entered promiscuous mode
[  623.533276][T19767] hsr_slave_1: entered promiscuous mode
[  623.539813][T19767] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  623.553322][T19767] Cannot create hsr debugfs directory
[  623.868564][T19767] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.950444][T19767] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.014887][T19767] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.091153][T19814] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3693'.
[  624.114360][T19812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  624.123732][T19767] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.329553][T19819] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3694'.
[  624.370187][T19767] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  624.386953][T19767] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  624.422937][T19767] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  624.436163][T19767] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  624.610462][T19767] 8021q: adding VLAN 0 to HW filter on device bond0
[  624.664082][T19767] 8021q: adding VLAN 0 to HW filter on device team0
[  624.692595][  T714] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.699815][  T714] bridge0: port 1(bridge_slave_0) entered forwarding state
[  624.747487][ T6141] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.754750][ T6141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  624.882056][ T5856] Bluetooth: hci4: command tx timeout
[  625.498552][T19767] 8021q: adding VLAN 0 to HW filter on device batadv0
[  625.589784][T19767] veth0_vlan: entered promiscuous mode
[  625.615770][T19767] veth1_vlan: entered promiscuous mode
[  625.658381][T19767] veth0_macvtap: entered promiscuous mode
[  625.677434][T19767] veth1_macvtap: entered promiscuous mode
[  625.731502][T19767] batman_adv: batadv0: Interface activated: batadv_slave_0
[  625.755861][T19767] batman_adv: batadv0: Interface activated: batadv_slave_1
[  625.777958][ T6138] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  625.803202][ T6138] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  625.859295][ T6138] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  625.894264][ T6138] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  625.929267][T19834] macsec0 speed is unknown, defaulting to 1000
[  626.074532][T19834] wg1 speed is unknown, defaulting to 1000
[  626.080723][ T6138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.117904][ T6138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.218039][  T714] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.232196][  T714] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.962209][ T5856] Bluetooth: hci4: command tx timeout
[  627.972522][T19883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3706'.
[  628.458105][ T6141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.803405][ T6141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.951010][ T6141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.976820][ T5862] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  628.992609][ T5862] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  629.001098][ T5862] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  629.009640][ T5862] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  629.025442][ T5862] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  629.042263][ T5862] Bluetooth: hci4: command tx timeout
[  629.191106][ T6141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.328297][T19900] macsec0 speed is unknown, defaulting to 1000
[  629.396616][T19900] wg1 speed is unknown, defaulting to 1000
[  629.481999][T19916] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3718'.
[  629.522119][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  630.274048][T19934] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3725'.
[  630.300250][T19934] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3725'.
[  630.742390][ T6141] bond0 (unregistering): Released all slaves
[  630.774849][ T6141] bond1 (unregistering): Released all slaves
[  630.949418][ T6141] team0: Port device bond2 removed
[  630.957716][ T6141] bond2 (unregistering): Released all slaves
[  630.987465][T19921] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3718'.
[  631.025731][T19934] dummy0: entered promiscuous mode
[  631.046852][T19934] team0: entered promiscuous mode
[  631.052611][T19934] team_slave_0: entered promiscuous mode
[  631.058674][T19934] team_slave_1: entered promiscuous mode
[  631.128880][ T5862] Bluetooth: hci3: command tx timeout
[  631.196224][ T6141] tipc: Left network mode
[  631.280503][ T6141] IPVS: stopping backup sync thread 8696 ...
[  631.361891][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  631.592931][T19900] chnl_net:caif_netlink_parms(): no params data found
[  631.686144][T19958] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3729'.
[  631.949594][T19947] macsec0 speed is unknown, defaulting to 1000
[  631.958582][T19947] wg1 speed is unknown, defaulting to 1000
[  632.062597][T19948] macsec0 speed is unknown, defaulting to 1000
[  632.109117][T19959] macsec0 speed is unknown, defaulting to 1000
[  632.157093][T19900] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.166352][T19900] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.224447][T19900] bridge_slave_0: entered allmulticast mode
[  632.233203][T19900] bridge_slave_0: entered promiscuous mode
[  632.241140][T19948] wg1 speed is unknown, defaulting to 1000
[  632.271116][T19959] wg1 speed is unknown, defaulting to 1000
[  632.277380][T19900] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.296320][T19900] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.313152][T19900] bridge_slave_1: entered allmulticast mode
[  632.331491][T19900] bridge_slave_1: entered promiscuous mode
[  632.369023][ T6141] hsr_slave_0: left promiscuous mode
[  632.387055][ T6141] hsr_slave_1: left promiscuous mode
[  632.452030][ T6141] pimreg (unregistering): left allmulticast mode
[  632.559007][T19977] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3735'.
[  633.199727][T19979] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3735'.
[  633.221717][ T5862] Bluetooth: hci3: command tx timeout
[  633.420424][T19900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  633.517354][T19900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  633.696838][T19900] team0: Port device team_slave_0 added
[  633.717166][T19900] team0: Port device team_slave_1 added
[  633.832978][T19900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  633.860323][T19900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.915189][T19900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  633.937873][T19900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  633.945504][T19900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.983732][T19900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  634.067890][ T6141] IPVS: stop unused estimator thread 0...
[  634.076613][T19995] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  634.102310][T19994] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3741'.
[  634.175169][T19995] siw: device registration error -23
[  634.257243][T19997] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3742'.
[  634.297093][T19900] hsr_slave_0: entered promiscuous mode
[  634.317662][T19900] hsr_slave_1: entered promiscuous mode
[  634.336785][T19900] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  634.361640][T19900] Cannot create hsr debugfs directory
[  634.576663][T20007] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3746'.
[  634.652441][T20009] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3747'.
[  634.727836][T20013] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3746'.
[  635.161971][T20023] netlink: 'syz.5.3750': attribute type 1 has an invalid length.
[  635.185228][T20023] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3750'.
[  635.281966][ T5862] Bluetooth: hci3: command tx timeout
[  635.763255][T20043] netlink: 'syz.4.3757': attribute type 1 has an invalid length.
[  635.793981][T20043] netlink: 'syz.4.3757': attribute type 1 has an invalid length.
[  635.949689][T19900] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  636.002742][T19900] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  636.050113][T19900] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  636.189643][T19900] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  636.221434][T20051] macsec0 speed is unknown, defaulting to 1000
[  636.262415][T20051] wg1 speed is unknown, defaulting to 1000
[  636.404462][T20065] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3761'.
[  636.946475][T20079] FAULT_INJECTION: forcing a failure.
[  636.946475][T20079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  637.020349][T19900] 8021q: adding VLAN 0 to HW filter on device bond0
[  637.032273][T20079] CPU: 0 UID: 0 PID: 20079 Comm: syz.3.3764 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  637.032302][T20079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  637.032314][T20079] Call Trace:
[  637.032322][T20079]  <TASK>
[  637.032331][T20079]  dump_stack_lvl+0x189/0x250
[  637.032363][T20079]  ? __pfx____ratelimit+0x10/0x10
[  637.032390][T20079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  637.032414][T20079]  ? __pfx__printk+0x10/0x10
[  637.032456][T20079]  should_fail_ex+0x414/0x560
[  637.032490][T20079]  _copy_to_user+0x31/0xb0
[  637.032516][T20079]  simple_read_from_buffer+0xe1/0x170
[  637.032546][T20079]  proc_fail_nth_read+0x1df/0x250
[  637.032579][T20079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  637.032610][T20079]  ? rw_verify_area+0x258/0x650
[  637.032631][T20079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  637.032661][T20079]  vfs_read+0x200/0x980
[  637.032690][T20079]  ? __pfx___mutex_lock+0x10/0x10
[  637.032719][T20079]  ? __pfx_vfs_read+0x10/0x10
[  637.032750][T20079]  ? __fget_files+0x2a/0x420
[  637.032782][T20079]  ? __fget_files+0x3a0/0x420
[  637.032814][T20079]  ? __fget_files+0x2a/0x420
[  637.032850][T20079]  ksys_read+0x145/0x250
[  637.032876][T20079]  ? __pfx_ksys_read+0x10/0x10
[  637.032894][T20079]  ? rcu_is_watching+0x15/0xb0
[  637.032924][T20079]  ? do_syscall_64+0xbe/0x3b0
[  637.032956][T20079]  do_syscall_64+0xfa/0x3b0
[  637.032980][T20079]  ? lockdep_hardirqs_on+0x9c/0x150
[  637.033005][T20079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.033024][T20079]  ? clear_bhb_loop+0x60/0xb0
[  637.033049][T20079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.033068][T20079] RIP: 0033:0x7f240058d33c
[  637.033087][T20079] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  637.033104][T20079] RSP: 002b:00007f24013f3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  637.033127][T20079] RAX: ffffffffffffffda RBX: 00007f24007b5fa0 RCX: 00007f240058d33c
[  637.033142][T20079] RDX: 000000000000000f RSI: 00007f24013f30a0 RDI: 0000000000000006
[  637.033154][T20079] RBP: 00007f24013f3090 R08: 0000000000000000 R09: 0000000000000000
[  637.033167][T20079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  637.033179][T20079] R13: 0000000000000000 R14: 00007f24007b5fa0 R15: 00007ffdcd24e448
[  637.033213][T20079]  </TASK>
[  637.312449][T19900] 8021q: adding VLAN 0 to HW filter on device team0
[  637.345298][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.352467][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  637.369753][ T5862] Bluetooth: hci3: command tx timeout
[  637.399402][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.406633][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  637.446514][T19900] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  637.457074][T19900] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  637.697442][T20085] veth0_to_bridge: entered promiscuous mode
[  637.749730][T20083] veth0_to_bridge: left promiscuous mode
[  637.780864][T20087] dvmrp0: entered allmulticast mode
[  637.980078][T20092] netlink: 196 bytes leftover after parsing attributes in process `syz.5.3769'.
[  638.162203][T20099] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3772'.
[  638.197314][T20102] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3773'.
[  638.211041][T20099] gretap0: entered promiscuous mode
[  638.221817][T20101] netlink: 92 bytes leftover after parsing attributes in process `syz.5.3773'.
[  638.236207][T20104] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3772'.
[  638.265786][T20104] 0ªX¹¦D: renamed from gretap0
[  638.280273][T20104] 0ªX¹¦D: left promiscuous mode
[  638.312948][T20104] 0ªX¹¦D: entered allmulticast mode
[  638.345302][T20104] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  638.396775][T19900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  638.664317][T19900] veth0_vlan: entered promiscuous mode
[  638.716797][T19900] veth1_vlan: entered promiscuous mode
[  638.844300][T19900] veth0_macvtap: entered promiscuous mode
[  638.884548][T19900] veth1_macvtap: entered promiscuous mode
[  638.946237][T19900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  638.967656][T19900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  639.033562][ T6138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  639.058472][ T6138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  639.087928][ T6138] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  639.106327][ T6138] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  639.121845][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.245661][T20128] macsec0 speed is unknown, defaulting to 1000
[  639.276717][T20128] wg1 speed is unknown, defaulting to 1000
[  639.328728][ T6141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  639.357671][ T6141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  639.477284][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  639.497115][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  639.651238][T20140] macsec0 speed is unknown, defaulting to 1000
[  639.663655][T20140] wg1 speed is unknown, defaulting to 1000
[  639.909500][T20156] netlink: 'syz.0.3698': attribute type 11 has an invalid length.
[  640.125710][T20162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  640.302288][T20161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  640.454292][T20161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  640.462106][T20168] __nla_validate_parse: 3 callbacks suppressed
[  640.462123][T20168] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3789'.
[  640.592924][T20155] macsec0 speed is unknown, defaulting to 1000
[  640.616287][T20155] wg1 speed is unknown, defaulting to 1000
[  641.467997][T20178] macsec0 speed is unknown, defaulting to 1000
[  641.485328][T20178] wg1 speed is unknown, defaulting to 1000
[  641.700494][T20176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  641.956044][T20195] macsec0 speed is unknown, defaulting to 1000
[  642.001993][T20195] wg1 speed is unknown, defaulting to 1000
[  642.031692][T20138] macsec0 speed is unknown, defaulting to 1000
[  642.118991][T20138] wg1 speed is unknown, defaulting to 1000
[  642.656635][T20202] macsec0 speed is unknown, defaulting to 1000
[  642.720727][T20208] 0ªX¹¦D: left allmulticast mode
[  642.767079][T20211] rdma_op ffff8880549219f0 conn xmit_rdma 0000000000000000
[  642.842788][T20208] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.851619][T20208] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.085024][T20208] bridge_slave_0: left allmulticast mode
[  643.099042][T20208] bridge_slave_0: left promiscuous mode
[  643.113819][T20208] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.157061][T20208] bridge_slave_1: left allmulticast mode
[  643.173035][T20208] bridge_slave_1: left promiscuous mode
[  643.186226][T20208] bridge0: port 2(bridge_slave_1) entered disabled state
[  643.209047][T20208] bond0: (slave bond_slave_0): Releasing backup interface
[  643.228324][T20208] bond0: (slave bond_slave_1): Releasing backup interface
[  643.248654][T20208] team0: Port device team_slave_0 removed
[  643.268621][T20208] team0: Port device team_slave_1 removed
[  643.280855][T20208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  643.295070][T20208] batman_adv: batadv0: Removing interface: batadv_slave_0
[  643.306975][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  643.322788][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  643.324253][T20208] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  643.331115][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  643.347224][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  643.347865][T20208] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.356621][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  643.492861][T20202] wg1 speed is unknown, defaulting to 1000
[  643.574890][ T6138] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  643.597635][ T6138] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  643.737068][ T6138] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  643.766388][ T6138] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  643.854210][ T6131] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.010750][T20212] macsec0 speed is unknown, defaulting to 1000
[  644.026088][ T6131] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.061194][T20212] wg1 speed is unknown, defaulting to 1000
[  644.109331][T20230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  644.130350][T20230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  644.227293][T20230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  644.230316][T20227] macsec0 speed is unknown, defaulting to 1000
[  644.247692][ T6131] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.340311][T20227] wg1 speed is unknown, defaulting to 1000
[  644.364120][ T6131] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.851541][T20236] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3803'.
[  644.987333][ T6131] bridge0: port 1(
0!
) entered disabled state
[  645.356820][T20259] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3804'.
[  645.368596][T20259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3804'.
[  645.442833][ T5862] Bluetooth: hci1: command tx timeout
[  645.900672][ T6131] bond1 (unregistering): Released all slaves
[  646.010807][ T6131] bond2 (unregistering): Released all slaves
[  646.120987][ T6131] bond0 (unregistering): Released all slaves
[  646.230973][ T6131] bond3 (unregistering): Released all slaves
[  646.342569][T20212] chnl_net:caif_netlink_parms(): no params data found
[  646.560024][ T6131] tipc: Left network mode
[  646.566083][T20244] macsec0 speed is unknown, defaulting to 1000
[  646.579680][T20265] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3807'.
[  646.712741][T20244] wg1 speed is unknown, defaulting to 1000
[  646.800631][T20274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3810'.
[  646.897757][T20276] netlink: 'syz.0.3810': attribute type 21 has an invalid length.
[  646.961051][T20276] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3810'.
[  647.010641][T20212] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.018088][T20212] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.025401][T20212] bridge_slave_0: entered allmulticast mode
[  647.033400][T20212] bridge_slave_0: entered promiscuous mode
[  647.043409][T20212] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.050556][T20212] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.065993][T20212] bridge_slave_1: entered allmulticast mode
[  647.073445][T20212] bridge_slave_1: entered promiscuous mode
[  647.089812][T20272] macsec0 speed is unknown, defaulting to 1000
[  647.124585][T20272] wg1 speed is unknown, defaulting to 1000
[  647.206683][T20212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  647.240601][T20212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  647.279469][ T6131] hsr_slave_0: left promiscuous mode
[  647.289276][ T6131] 0·: left promiscuous mode
[  647.521793][ T5862] Bluetooth: hci1: command tx timeout
[  648.441366][T20291] syzkaller1: entered promiscuous mode
[  648.448908][T20291] syzkaller1: entered allmulticast mode
[  648.556001][T20212] team0: Port device team_slave_0 added
[  648.596646][T20212] team0: Port device team_slave_1 added
[  648.735085][T20212] batman_adv: batadv0: Adding interface: batadv_slave_0
[  648.758025][T20212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  648.767030][T20300] netlink: 'syz.4.3819': attribute type 1 has an invalid length.
[  648.832994][T20212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  649.070662][T20300] 8021q: adding VLAN 0 to HW filter on device bond2
[  649.079291][T20212] batman_adv: batadv0: Adding interface: batadv_slave_1
[  649.087964][T20212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.114165][T20212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  649.144269][T20304] vlan2: entered allmulticast mode
[  649.149546][T20304] geneve1: entered allmulticast mode
[  649.158005][T20304] bond2: (slave vlan2): Opening slave failed
[  649.357923][T20212] hsr_slave_0: entered promiscuous mode
[  649.378534][T20212] hsr_slave_1: entered promiscuous mode
[  649.420075][ T6131] IPVS: stop unused estimator thread 0...
[  649.601858][ T5862] Bluetooth: hci1: command tx timeout
[  649.739860][T20317] macsec0 speed is unknown, defaulting to 1000
[  649.786638][T20326] macsec0 speed is unknown, defaulting to 1000
[  649.793626][T20317] wg1 speed is unknown, defaulting to 1000
[  649.863926][T20326] wg1 speed is unknown, defaulting to 1000
[  650.046895][T20325] macsec0 speed is unknown, defaulting to 1000
[  650.168722][T20325] wg1 speed is unknown, defaulting to 1000
[  651.008426][T20212] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  651.027793][T20212] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  651.069892][T20212] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  651.144745][T20212] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  651.478647][T20365] macsec0 speed is unknown, defaulting to 1000
[  651.487309][T20365] wg1 speed is unknown, defaulting to 1000
[  651.599283][T20212] 8021q: adding VLAN 0 to HW filter on device bond0
[  651.612271][T20374] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  651.630987][T20212] 8021q: adding VLAN 0 to HW filter on device team0
[  651.666542][ T6138] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.673781][ T6138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  651.682205][ T5862] Bluetooth: hci1: command tx timeout
[  651.694069][T20375] ==================================================================
[  651.702181][T20375] BUG: KASAN: slab-use-after-free in tcp_prune_ofo_queue+0x37e/0x6e0
[  651.710274][T20375] Read of size 4 at addr ffff888075f94e50 by task syz.0.3844/20375
[  651.718168][T20375] 
[  651.720501][T20375] CPU: 1 UID: 0 PID: 20375 Comm: syz.0.3844 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  651.720522][T20375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  651.720532][T20375] Call Trace:
[  651.720539][T20375]  <TASK>
[  651.720553][T20375]  dump_stack_lvl+0x189/0x250
[  651.720575][T20375]  ? rcu_is_watching+0x15/0xb0
[  651.720593][T20375]  ? __kasan_check_byte+0x12/0x40
[  651.720612][T20375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  651.720628][T20375]  ? rcu_is_watching+0x15/0xb0
[  651.720646][T20375]  ? lock_release+0x4b/0x3e0
[  651.720661][T20375]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  651.720679][T20375]  ? __virt_addr_valid+0x1c8/0x5c0
[  651.720698][T20375]  ? __virt_addr_valid+0x4a5/0x5c0
[  651.720718][T20375]  print_report+0xd2/0x2b0
[  651.720733][T20375]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  651.720750][T20375]  kasan_report+0x118/0x150
[  651.720769][T20375]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  651.720789][T20375]  tcp_prune_ofo_queue+0x37e/0x6e0
[  651.720814][T20375]  tcp_try_rmem_schedule+0xb6b/0x1830
[  651.720836][T20375]  tcp_data_queue+0x4e3/0x6380
[  651.720860][T20375]  ? __pfx_tcp_data_queue+0x10/0x10
[  651.720876][T20375]  ? __pfx_tcp_urg+0x10/0x10
[  651.720891][T20375]  ? read_tsc+0x9/0x20
[  651.720907][T20375]  tcp_rcv_established+0xf9e/0x1eb0
[  651.720925][T20375]  ? rt_is_expired+0x1c/0x2d0
[  651.720949][T20375]  ? __pfx_tcp_rcv_established+0x10/0x10
[  651.720964][T20375]  ? rt_is_expired+0x1c/0x2d0
[  651.720984][T20375]  ? rt_is_expired+0x1c/0x2d0
[  651.721004][T20375]  ? rt_is_expired+0x250/0x2d0
[  651.721024][T20375]  ? __pfx_ipv4_dst_check+0x10/0x10
[  651.721045][T20375]  ? __pfx_ipv4_dst_check+0x10/0x10
[  651.721066][T20375]  tcp_v4_do_rcv+0xa23/0xce0
[  651.721088][T20375]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[  651.721106][T20375]  __release_sock+0x21c/0x350
[  651.721125][T20375]  release_sock+0x5f/0x1f0
[  651.721144][T20375]  tcp_sendmsg+0x39/0x50
[  651.721161][T20375]  __sock_sendmsg+0x19c/0x270
[  651.721179][T20375]  __sys_sendto+0x3bd/0x520
[  651.721200][T20375]  ? __pfx___sys_sendto+0x10/0x10
[  651.721219][T20375]  ? do_futex+0x395/0x420
[  651.721249][T20375]  ? rcu_is_watching+0x15/0xb0
[  651.721267][T20375]  __x64_sys_sendto+0xde/0x100
[  651.721288][T20375]  do_syscall_64+0xfa/0x3b0
[  651.721308][T20375]  ? lockdep_hardirqs_on+0x9c/0x150
[  651.721327][T20375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.721342][T20375]  ? clear_bhb_loop+0x60/0xb0
[  651.721358][T20375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.721373][T20375] RIP: 0033:0x7f5c76d8e929
[  651.721388][T20375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  651.721402][T20375] RSP: 002b:00007f5c77cbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  651.721420][T20375] RAX: ffffffffffffffda RBX: 00007f5c76fb5fa0 RCX: 00007f5c76d8e929
[  651.721431][T20375] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  651.721441][T20375] RBP: 00007f5c76e10b39 R08: 0000000000000000 R09: 0000000000000000
[  651.721451][T20375] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000
[  651.721461][T20375] R13: 0000000000000000 R14: 00007f5c76fb5fa0 R15: 00007ffdf1b11a98
[  651.721478][T20375]  </TASK>
[  651.721484][T20375] 
[  652.037256][T20375] Allocated by task 20375:
[  652.041671][T20375]  kasan_save_track+0x3e/0x80
[  652.046355][T20375]  __kasan_slab_alloc+0x6c/0x80
[  652.051212][T20375]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  652.057106][T20375]  __alloc_skb+0x112/0x2d0
[  652.061529][T20375]  tcp_stream_alloc_skb+0x3d/0x340
[  652.066642][T20375]  tcp_write_xmit+0xeec/0x67f0
[  652.071414][T20375]  __tcp_push_pending_frames+0x97/0x360
[  652.076964][T20375]  tcp_rcv_established+0x1012/0x1eb0
[  652.082247][T20375]  tcp_v4_do_rcv+0xa23/0xce0
[  652.086840][T20375]  __release_sock+0x21c/0x350
[  652.091515][T20375]  release_sock+0x5f/0x1f0
[  652.095937][T20375]  tcp_sendmsg+0x39/0x50
[  652.100182][T20375]  __sock_sendmsg+0x19c/0x270
[  652.104857][T20375]  __sys_sendto+0x3bd/0x520
[  652.109361][T20375]  __x64_sys_sendto+0xde/0x100
[  652.114129][T20375]  do_syscall_64+0xfa/0x3b0
[  652.118639][T20375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.124531][T20375] 
[  652.126858][T20375] Freed by task 20375:
[  652.130921][T20375]  kasan_save_track+0x3e/0x80
[  652.135596][T20375]  kasan_save_free_info+0x46/0x50
[  652.140622][T20375]  __kasan_slab_free+0x62/0x70
[  652.145408][T20375]  kmem_cache_free+0x18f/0x400
[  652.150172][T20375]  tcp_prune_ofo_queue+0x198/0x6e0
[  652.155282][T20375]  tcp_try_rmem_schedule+0xb6b/0x1830
[  652.160653][T20375]  tcp_data_queue+0x4e3/0x6380
[  652.165416][T20375]  tcp_rcv_established+0xf9e/0x1eb0
[  652.170615][T20375]  tcp_v4_do_rcv+0xa23/0xce0
[  652.175207][T20375]  __release_sock+0x21c/0x350
[  652.179888][T20375]  release_sock+0x5f/0x1f0
[  652.184333][T20375]  tcp_sendmsg+0x39/0x50
[  652.188589][T20375]  __sock_sendmsg+0x19c/0x270
[  652.193273][T20375]  __sys_sendto+0x3bd/0x520
[  652.197780][T20375]  __x64_sys_sendto+0xde/0x100
[  652.202547][T20375]  do_syscall_64+0xfa/0x3b0
[  652.207575][T20375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.213463][T20375] 
[  652.215792][T20375] The buggy address belongs to the object at ffff888075f94c80
[  652.215792][T20375]  which belongs to the cache skbuff_fclone_cache of size 488
[  652.230535][T20375] The buggy address is located 464 bytes inside of
[  652.230535][T20375]  freed 488-byte region [ffff888075f94c80, ffff888075f94e68)
[  652.244328][T20375] 
[  652.246651][T20375] The buggy address belongs to the physical page:
[  652.253061][T20375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75f94
[  652.261821][T20375] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  652.270329][T20375] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  652.278304][T20375] page_type: f5(slab)
[  652.282289][T20375] raw: 00fff00000000040 ffff88801e6f9b40 0000000000000000 dead000000000001
[  652.290872][T20375] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  652.299466][T20375] head: 00fff00000000040 ffff88801e6f9b40 0000000000000000 dead000000000001
[  652.308139][T20375] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  652.316808][T20375] head: 00fff00000000001 ffffea0001d7e501 00000000ffffffff 00000000ffffffff
[  652.325475][T20375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  652.334145][T20375] page dumped because: kasan: bad access detected
[  652.340552][T20375] page_owner tracks the page as allocated
[  652.346262][T20375] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5833, tgid 5833 (syz-executor), ts 385661524387, free_ts 385640217155
[  652.367795][T20375]  post_alloc_hook+0x240/0x2a0
[  652.372570][T20375]  get_page_from_freelist+0x21e4/0x22c0
[  652.378125][T20375]  __alloc_frozen_pages_noprof+0x181/0x370
[  652.383936][T20375]  alloc_pages_mpol+0x232/0x4a0
[  652.388786][T20375]  allocate_slab+0x8a/0x3b0
[  652.393292][T20375]  ___slab_alloc+0xbfc/0x1480
[  652.397989][T20375]  kmem_cache_alloc_node_noprof+0x280/0x3c0
[  652.403884][T20375]  __alloc_skb+0x112/0x2d0
[  652.408305][T20375]  tcp_stream_alloc_skb+0x3d/0x340
[  652.413418][T20375]  tcp_sendmsg_locked+0xefc/0x56d0
[  652.418529][T20375]  tcp_sendmsg+0x2f/0x50
[  652.422770][T20375]  __sock_sendmsg+0x19c/0x270
[  652.427536][T20375]  sock_write_iter+0x258/0x330
[  652.432297][T20375]  vfs_write+0x54b/0xa90
[  652.436542][T20375]  ksys_write+0x145/0x250
[  652.440867][T20375]  do_syscall_64+0xfa/0x3b0
[  652.445372][T20375] page last free pid 13845 tgid 13844 stack trace:
[  652.451863][T20375]  __free_frozen_pages+0xc71/0xe70
[  652.456975][T20375]  pagetable_dtor_free+0x2d2/0x3b0
[  652.462088][T20375]  __mmdrop+0xb5/0x460
[  652.466155][T20375]  exit_mm+0x1da/0x2c0
[  652.470231][T20375]  do_exit+0x648/0x22e0
[  652.474414][T20375]  do_group_exit+0x21c/0x2d0
[  652.479009][T20375]  get_signal+0x1286/0x1340
[  652.483516][T20375]  arch_do_signal_or_restart+0x9a/0x750
[  652.489071][T20375]  exit_to_user_mode_loop+0x75/0x110
[  652.494355][T20375]  do_syscall_64+0x2bd/0x3b0
[  652.498949][T20375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.504841][T20375] 
[  652.507159][T20375] Memory state around the buggy address:
[  652.512785][T20375]  ffff888075f94d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  652.520841][T20375]  ffff888075f94d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  652.528898][T20375] >ffff888075f94e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  652.536955][T20375]                                                  ^
[  652.543622][T20375]  ffff888075f94e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  652.551678][T20375]  ffff888075f94f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  652.559734][T20375] ==================================================================
[  652.602132][T20375] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  652.609481][T20375] CPU: 0 UID: 0 PID: 20375 Comm: syz.0.3844 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) 
[  652.621564][T20375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  652.631631][T20375] Call Trace:
[  652.634909][T20375]  <TASK>
[  652.637840][T20375]  dump_stack_lvl+0x99/0x250
[  652.642444][T20375]  ? __asan_memcpy+0x40/0x70
[  652.647034][T20375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  652.652231][T20375]  ? __pfx__printk+0x10/0x10
[  652.656830][T20375]  panic+0x2db/0x790
[  652.660726][T20375]  ? __pfx_preempt_schedule+0x10/0x10
[  652.666115][T20375]  ? __pfx_panic+0x10/0x10
[  652.670550][T20375]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  652.676558][T20375]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  652.683071][T20375]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  652.688357][T20375]  check_panic_on_warn+0x89/0xb0
[  652.693337][T20375]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  652.698624][T20375]  end_report+0x78/0x160
[  652.702869][T20375]  kasan_report+0x129/0x150
[  652.707374][T20375]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  652.712666][T20375]  tcp_prune_ofo_queue+0x37e/0x6e0
[  652.717787][T20375]  tcp_try_rmem_schedule+0xb6b/0x1830
[  652.723169][T20375]  tcp_data_queue+0x4e3/0x6380
[  652.727950][T20375]  ? __pfx_tcp_data_queue+0x10/0x10
[  652.733153][T20375]  ? __pfx_tcp_urg+0x10/0x10
[  652.737853][T20375]  ? read_tsc+0x9/0x20
[  652.741921][T20375]  tcp_rcv_established+0xf9e/0x1eb0
[  652.747125][T20375]  ? rt_is_expired+0x1c/0x2d0
[  652.751808][T20375]  ? __pfx_tcp_rcv_established+0x10/0x10
[  652.757436][T20375]  ? rt_is_expired+0x1c/0x2d0
[  652.762118][T20375]  ? rt_is_expired+0x1c/0x2d0
[  652.766814][T20375]  ? rt_is_expired+0x250/0x2d0
[  652.771587][T20375]  ? __pfx_ipv4_dst_check+0x10/0x10
[  652.776799][T20375]  ? __pfx_ipv4_dst_check+0x10/0x10
[  652.782007][T20375]  tcp_v4_do_rcv+0xa23/0xce0
[  652.786604][T20375]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[  652.791715][T20375]  __release_sock+0x21c/0x350
[  652.796410][T20375]  release_sock+0x5f/0x1f0
[  652.800829][T20375]  tcp_sendmsg+0x39/0x50
[  652.805077][T20375]  __sock_sendmsg+0x19c/0x270
[  652.809760][T20375]  __sys_sendto+0x3bd/0x520
[  652.814269][T20375]  ? __pfx___sys_sendto+0x10/0x10
[  652.819299][T20375]  ? do_futex+0x395/0x420
[  652.823642][T20375]  ? rcu_is_watching+0x15/0xb0
[  652.828412][T20375]  __x64_sys_sendto+0xde/0x100
[  652.833192][T20375]  do_syscall_64+0xfa/0x3b0
[  652.837698][T20375]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.842899][T20375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.848966][T20375]  ? clear_bhb_loop+0x60/0xb0
[  652.853647][T20375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.859542][T20375] RIP: 0033:0x7f5c76d8e929
[  652.863963][T20375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.883583][T20375] RSP: 002b:00007f5c77cbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  652.892020][T20375] RAX: ffffffffffffffda RBX: 00007f5c76fb5fa0 RCX: 00007f5c76d8e929
[  652.900004][T20375] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  652.907983][T20375] RBP: 00007f5c76e10b39 R08: 0000000000000000 R09: 0000000000000000
[  652.915957][T20375] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000
[  652.923931][T20375] R13: 0000000000000000 R14: 00007f5c76fb5fa0 R15: 00007ffdf1b11a98
[  652.931913][T20375]  </TASK>
[  652.935070][T20375] Kernel Offset: disabled
[  652.939382][T20375] Rebooting in 86400 seconds..