last executing test programs:

3.053005501s ago: executing program 0 (id=2189):
socket(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, 0x0, &(0x7f00000004c0))
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
mmap(&(0x7f0000d85000/0x3000)=nil, 0x3000, 0x6000006, 0x1810, 0xffffffffffffffff, 0xc0d7c000)
unshare(0x62040200)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f00000001c0)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000100))
r4 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, @mcast2, @mcast2={0xff, 0x3}, 0x0, 0x0, 0xfffffffe, 0xffffffff}})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10)

2.791643683s ago: executing program 0 (id=2194):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x10, 0x3, "ef93cfa9d40e9a3e2c2ab679"}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_NAME={0xd, 0x1, 'connmark\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x4048010)
close(0x3)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
bind$inet6(r4, 0x0, 0x0)
r5 = accept(r4, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r5)
sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r6, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_AUTHENTICATED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x1}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="5e60f4c591cba3e6802b9d8ad1842ad6a83bf5c0af99004460bee0245b412890e3059506854f6682dc0213e3746ec162555d8c74a1fcfdffadcd6e57379a0b3787063dbcda4d8eea3c702f980edc21d68f37003157aebc731871b233ad241f68ada588911f67017a7c8bc205131d47fe3cd80482b3281479823a43c0bed947e353fdb8f47144ce8508f6e38f26479e58c98f4347d4db8d3057d8f018a4c1d48ed5804b7a3388950011a81fde90e480c5236c6cc09ab8d468a130de1d58334f7a9f5a6f8953203467c28105f2319d9cd76cffeea5eac40c3438c36d41c4f8d51a9e9012", 0xe3}, {&(0x7f0000000140)="1bd31053416ef9decbc79c8658904c0dcc8bf843b841178a282b38c284651cc2aae7ff0e214abea990b8a8e2160c82798022d8a4095c53", 0x37}, {&(0x7f0000000180)="c08c000f4fa5f263039e29abf55a3f184b583b1abb", 0x15}], 0x3, &(0x7f0000000200)="390bd96a1e430e8b19696164c39a8717c044429f78f455a4a1204c8dd7b10488529eb336bde0e30a4e185b588148de181b13b7cd9d9371", 0x37, 0x40040c4}, 0x40)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050427bd370f0000df250100010008000100", @ANYRES32=r3, @ANYBLOB="3800028034000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b00000040000400"], 0x54}, 0x1, 0x0, 0x0, 0x4000401}, 0x4044040)

2.448581318s ago: executing program 0 (id=2198):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000013000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a80100002800c000180030000000000000020000a80050008"], 0x68}}, 0x0)

2.285125375s ago: executing program 2 (id=2200):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x2a979d)
ioctl$SIOCSIFHWADDR(r0, 0x401c5820, &(0x7f0000000080)={'macvlan1\x00', @broadcast})

2.284481917s ago: executing program 4 (id=2201):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000017c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x168, 0x9, 0x270, 0xa, 0x388, 0x250, 0x250, 0x388, 0x250, 0x3, 0x0, {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [0xffffff00, 0xffffffff, 0xff], [0xff000000, 0xff, 0xff000000, 0xff], 'rose0\x00', 'vlan0\x00', {0xff}, {0xff}, 0x3c, 0x0, 0x0, 0x40}, 0x6000000, 0x208, 0x270, 0x0, {0x0, 0x28e}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x39, 0x0, [@ipv4={'\x00', '\xff\xff', @broadcast}, @private2, @private0, @loopback, @mcast2, @remote, @private0, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xf8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r2, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x4e23, @empty}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1", 0x184}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432", 0x30}], 0x2, &(0x7f00000010c0)}, 0x48890)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockname$netrom(r5, 0x0, &(0x7f0000001280))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a32000000006c000000060a010400000000000000000100000208000b400000000050000480340001800b000100657874686472000024000280080001400000000c08000340000000000800044000000022050002000700000018000180"], 0xe0}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r6, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0700000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000030000000000008be20000000000000080000000000000000000"], 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r2}, 0x8)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x3, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r7, 0x0, 0x36, 0x0, &(0x7f0000002700)="035a95e24550e0748674a95588a8144686ddb5465cfcc1f50f4ba186629ce21d3227eda80395b46a6ce11962e7398f70c4e2265b5e40", 0x0, 0x800009, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.222265491s ago: executing program 0 (id=2202):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x20008844)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000280)=0x18000, 0x4)
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000240)=@dstopts={0x87}, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@struct={0x3, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x0, 0x0, 0x9f53a5adbb74a6e4]}}, 0x0, 0x29, 0x0, 0x4, 0x0, 0x0, @void, @value}, 0x28)
getsockopt$inet6_opts(r0, 0x29, 0x36, 0xfffffffffffffffe, &(0x7f0000000840)=0x7)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket(0x15, 0x5, 0x0)
connect$netrom(r4, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x20, 0x16, 0xa01, 0x0, 0x0, {0x2}, [@typed={0x4}, @typed={0x8, 0xb4, 0x0, 0x0, @uid}]}, 0x20}}, 0x0)
accept4$rose(r5, &(0x7f00000001c0)=@short={0xb, @remote, @rose}, &(0x7f00000002c0)=0x1c, 0x80800)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x9}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x3c}}, 0x20000080)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000810000006a0a00ff000000002e40000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="1000000000000025050000000000000000000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0x8, &(0x7f0000000080)=""/177, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x49)

2.069448103s ago: executing program 3 (id=2203):
socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmmsg(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="100000000000ca0010010000020000008af7ef6e2778b430b9ddee853be54d5434c5d1ec2c9616db13305dde896de5751b016097e67d36e138bc175d4153636198a725bbaaf9b6cd8d4d55c70a1abcecbcdfffa99c094267cd9c5b3c125db63f0cb70df3c2e8474e070070ae3ffe95c679b5cfa7e660f1aa204c52b229ef55ef7b82f15856db65820551afd74edcaec56f1f445e806bbc4a0edde86561cb23639d0222b32df6338569e5f9ac9d8a3e2101c4254cfa26ee41607ab37fea3321e33efa6941fc11523388e0666bb41a16321f3f71db97d854abad4498a9b047a1bfc813302432b1383a84f9523c71beb1e6d45e83ace3051c292efd99f87b9591d7b0e832667615778ae61c77"], 0x10}}], 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, @void, @value}, 0x94)
r0 = socket$key(0xf, 0x3, 0x2)
close(r0)

1.980956283s ago: executing program 4 (id=2205):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x300000d, 0x6052, r0, 0x1000)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@newqdisc={0x48, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x18, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x22, 0xa24a, 0x0, 0x1, 0x15, 0x19, 0x8}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x3}, {0x0, [0x0]}}, 0x0, 0x1b, 0x0, 0x8, 0x3, 0x0, @void, @value}, 0x28)

1.980242007s ago: executing program 0 (id=2206):
r0 = socket$can_j1939(0x1d, 0x2, 0x7) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0x1, {0x0, 0x0, 0x1}}, 0x18) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r4=>0x0})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r5, &(0x7f0000000200)={0x1d, r4, 0xffffffffffffffff, {0x1, 0x0, 0x4}, 0xfd}, 0x18) (async)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r9=>0x0}) (async, rerun: 64)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800"/24], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r10}, 0x10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000037ff050327bd000000"], 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="240000cece7b00", @ANYRES16=r8, @ANYBLOB="01002cbd7000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="080005000b000000"], 0x24}}, 0x0) (async)
r12 = syz_init_net_socket$ax25(0x3, 0x3, 0x6)
getsockopt$ax25_int(r12, 0x101, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4)
syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f0000000340)=@random='\r', 0x1, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000002060102003000000000000000000002050005000200000005000400000000000c001050a7d8906db017107e41b584629e0780088c0a963aac4f0e36000300686173683a69702c706f72742c697000050001001c"], 0x58}}, 0x8000)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) (async, rerun: 32)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000300), 0xffffffffffffffff) (rerun: 32)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r13, 0x6, 0x23, &(0x7f0000000040)=""/32, &(0x7f0000000080)=0x20) (async)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000060000000000d6e9000000020000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={0xffffffffffffffff, &(0x7f0000000e00), 0x0}, 0x20)

1.893623829s ago: executing program 2 (id=2207):
syz_emit_ethernet(0x46, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x10, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}}}}}}}}, 0x0) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1e, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) (async)
r1 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x64010101}}}, 0x84) (async, rerun: 64)
syz_emit_ethernet(0x7a, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb8100000086dd60265cea00403c0020010000000000000000000000000000ff0200000000000000000000000000010004000000000000c910fedd"], 0x0) (async, rerun: 64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000100)="06ff03076844268cb89e14f008004ee0ffff00febabec41177fb86dd1402e000030c62079f4b4d2f87e5feca6aab055013f2325f1a3901050b038da1880b25181aa59d943be30043d50ea5a6b868", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

1.75204981s ago: executing program 0 (id=2208):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000a00))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a30000000007c000000060a010400000000000000000100000008000b400000000054000480400001800e000100696d6d6564696174650000002c0002800800014002000000040002801c0002801800028008000180fffffffc0900020073797a3000000000100001800a0001006c696d69740000000900010073797a30"], 0xf0}}, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x609, 0x4, 0x0, &(0x7f0000000140)="dd800000", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000055748adc6c1851f70f8148fe14f08bddf5c17203fcd593aef20bf9810edd1cbe96cb94cf844dd25d500c771228dd288eb429891671be6d05d1441cba2506f7b35eb7433969ad2123a9fd4865ad02445641703d93f1d617aad6fa22b4e55294fd430bbcf9d0ba92ce5bb9c24d9cbc0637b98cfab4263bca0000000000000000aba0cb6b87b21debcb1f07bb7502c70281bbc53c9e2d5d5d9530505a09cb3e4f740fa736006b544b92dca8354e805f15c8d55fda5b32bb018e15c728d6fa3cf06c3aa5d55eebfb1314fb3b350cb0594e567ba4e9fa13cd9f68a03e12f250b002895b833bf4d109679693aca510bb923eb545783d884553799dc69ee537762d717a457a9764029437391b2c0bae142e89ad1c39b0af89944f6e8e525505756b3cc7aea5d91e948fbebf3b1d375cff137dd61b8aa1989083085c0ac9767c484871ff9e9caccd0d9c3b67a84bc117b5af56bd3355f14b6a8eaca10f7d35731540b830d6b2"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000380), &(0x7f00000004c0)='%pS    \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
epoll_create1(0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r6, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x0, 0x0)
sendmmsg(r6, &(0x7f00000092c0), 0x4ff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000680)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x200020000a84, 0xffffffffffffffff, 0x70000002, 0x200002b0, 0x200000200002e0, 0x3], 0x2, 0x0, &(0x7f0000000e40)=ANY=[@ANYRESHEX=r1, @ANYRES64=r4, @ANYBLOB="7e064b47af15a5cbdd4462a408023b2999022bd525f59335a95c7ad08c5d86a42a6a5b8ef6a1275e57ea8381eed4735d284cbb612346a93e46403f494b54f95acd3b91448758f5554c468550bef0e9bd5bff79da70da0ff08f5bc20d9d45844a983fddd7bceb55c4464409a3c10fee019d793acf336138da3ffbfac21dc25e4cfebe5bf3c1609af19aa99ebc2d1115"]}, 0x121)
close(r0)
socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000100)=""/113, 0x71}], 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000000000000039d1c723d667ee8b42bce1f54f75594182"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.67256059s ago: executing program 4 (id=2210):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3, 0x1c)
setsockopt$packet_int(r2, 0x107, 0xc, &(0x7f0000001400)=0x3d70, 0x4)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r4=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400004, r4})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050000000000000000000000000000000002ed74108da6d73c4b7a20d8417d2ded4419288f"], 0x30}, 0x1, 0x11}, 0x0)

1.624414663s ago: executing program 2 (id=2211):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400030000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0)
shutdown(r0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x77)
r5 = accept$alg(r4, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x0)
recvmsg$kcm(r6, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000740)={'sit0\x00', &(0x7f00000006c0)={'tunl0\x00', <r8=>0x0, 0x8000, 0x8, 0x2, 0xfffffff5, {{0xd, 0x4, 0x1, 0x4, 0x34, 0x67, 0x0, 0x8, 0x29, 0x0, @multicast2, @rand_addr=0x64010102, {[@timestamp={0x44, 0x14, 0x8e, 0x0, 0x8, [0xfffffffd, 0x4, 0x9, 0x3]}, @generic={0x7, 0xb, "226cf01010dc05e4af"}]}}}}})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000780)={0x0, <r9=>0x0}, &(0x7f00000007c0)=0xc)
sendmsg$nl_xfrm(r6, &(0x7f0000000980)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000900)={&(0x7f0000000800)=@updpolicy={0xe4, 0x19, 0x8, 0x70bd27, 0x25dfdbfe, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@dev={0xac, 0x14, 0x14, 0x43}, 0x4e22, 0x0, 0x4e22, 0x0, 0x2, 0x20, 0x20, 0x29, r8, r9}, {0xa, 0xba4, 0x32f, 0xfffffffffffff17b, 0x2, 0x4, 0xd, 0x8}, {0x3, 0x5, 0x10001, 0x71}, 0x200, 0x6e6bb1, 0x0, 0x0, 0x1, 0x3}, [@user_kmaddress={0x2c, 0x13, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x2}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x81}, 0x4000)
sendmsg$OSF_MSG_ADD(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x268, 0x0, 0x5, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [{{0x254, 0x1, {{0x0, 0x65}, 0x7, 0x1, 0x4, 0x0, 0x1c, 'syz0\x00', "523ca936f8f61adc3d7b1d6e25ad96acfe31ce82f2f500eb00d82e396194db04", "0b6bf1b163e3da54e1b5e6a5ef65b661209cd090c61155070ae569ac4a65ef21", [{0x8, 0xa000, {0x1, 0x10}}, {0x800, 0x7, {0x1, 0xb}}, {0x9, 0xd240, {0x3, 0x56c}}, {0x8, 0x401, {0x0, 0x2e}}, {0x0, 0x42, {0x0, 0x401}}, {0xffa8, 0x1, {0x3}}, {0xfff8, 0x7, {0x0, 0x2}}, {0x4, 0x5}, {0x0, 0xfff7, {0x1, 0xa}}, {0xc, 0x791, {0x1, 0x7}}, {0x1000, 0x9, {0x1, 0xd3d}}, {0x16, 0x9, {0x0, 0x99}}, {0xe45a, 0x4fd, {0x2, 0x5}}, {0x6, 0x8, {0x0, 0x4}}, {0x2, 0xc, {0x1, 0x9}}, {0x7, 0xfffe, {0x2, 0x7f}}, {0x3, 0x1000, {0x2, 0x3}}, {0x0, 0xfff, {0x1, 0x7f}}, {0x9, 0x7, {0x3, 0x3ff}}, {0x1, 0x10, {0x1, 0x7fff}}, {0xe, 0x7, {0x3, 0xfffffffc}}, {0x9, 0x2, {0x2, 0x3}}, {0x9, 0x6, {0x2, 0x6}}, {0xefe7, 0x6, {0x3, 0x5}}, {0x9, 0x6, {0x3, 0x2}}, {0x6, 0x6ba5, {0x2, 0x8}}, {0xdc, 0xcf83, {0x1, 0xc}}, {0x2, 0xff7b, {0x2, 0x9953}}, {0x8000, 0xc, {0x1, 0xfd}}, {0x7, 0x2, {0x2, 0x7}}, {0x8000, 0x5, {0x1, 0x7}}, {0x1, 0x4, {0x2, 0x2}}, {0x1000, 0x40, {0x0, 0x5}}, {0x2, 0x5, {0x2, 0x6}}, {0x9, 0x1, {0x3, 0x4}}, {0x4, 0x58, {0x3, 0x7}}, {0x6, 0xe, {0x3, 0x10001}}, {0x8, 0xfff7, {0x2, 0x7fffffff}}, {0x3, 0xff, {0x2, 0x7}}, {0x400, 0x8, {0x0, 0x8}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x854}, 0x4004000)
write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000000180001080006040008ffff273c07daeef79e0dd98abe0aaa1c640101826756b1262a9b4da83e8853c3cd859cbe18180401055e9e2665a1634d9b95cde2f786225c265d08471a793f7775508e43026262ac99923e8c99abb61ff38bd223a08928d0860764177e432830702a502953ebdb8274c2c1dc4035cb4b454bf4a818748b42ed842df27da2c3d47c8f553c3b07b3333a51ee3b1122c7fb0fdd523bfd3a"], 0x20)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', <r11=>0x0})
sendmmsg(r10, &(0x7f00000004c0)=[{{&(0x7f0000000340)=@can={0x1d, r11}, 0x80, &(0x7f0000000480)=[{&(0x7f00000003c0)="86192a9beffb28dc8b7ebd6f47659a9bae981d980a71db73c9c93b82dd388c625846ddba5dd3ab53c2bb8a8ad7b277010ccda3e2c99da7244f14e45eda8bc231a777265045a86d2710df36f7f2dd379013f21e75e0995e2c5224736c75cba54d36151ac493f8935feeac0d390702331b01ec6427109cf0cfb5abcdcbd43507db4ee9515ac654c44eb69598787e55194c1c55b153603c0d81809491fc86282a454d477463", 0xa4}], 0x1, &(0x7f00000005c0)=[{0x98, 0x0, 0xde, "e86ede7ffdcde15e7c46766b8a29c0bdccc33ee5bca253bb7c7473e5be92f95bc50a648fb7de33dfd89ffc31a4a50191f36a06fd9add4ba026d7cc82a4dffcfa1d106626caaf77c17ae5481c2c850382b83eb1a79c00b36d2d4ea50c37079bb7b4969d9fb95be1b87df30a2ab05100cd3429dce7fdc2665455c76ad8d4eeb0cc1ca312"}], 0x98}}], 0x1, 0x404c800)
r12 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@volatile={0x0, 0x0, 0x0, 0x9, 0x2}, @fwd={0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, &(0x7f0000000540)=""/246, 0x36, 0xf6, 0x1, 0x0, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2c, '\x00', 0x0, r12, 0x2, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$inet_mptcp(0x2, 0x1, 0x106)
r13 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'lo\x00', <r14=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c00)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x2, 0x0, {0x0, 0x0, 0x0, r14, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r15=>0x0, 0x10, &(0x7f0000000580)=[@in={0x2, 0x4e24, @loopback}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r15, @in6={{0xa, 0x4e22, 0x400, @empty, 0x4}}, 0xf, 0x4926, 0x10, 0x7, 0x80, 0x5, 0x8}, &(0x7f0000000040)=0x9c)
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000200)={'wg2\x00', @multicast})

1.619317952s ago: executing program 3 (id=2212):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x5, 0x4, &(0x7f0000000000)=@framed={{}, [@jmp={0x3, 0x0, 0xc, 0x0, 0xa}], {0x95, 0x0, 0x0, 0x1a03d3}}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfa, &(0x7f0000000140)=""/250, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000080)={0xd, {{0x2, 0x4e24, @loopback}}}, 0x88) (async)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000080)={0xd, {{0x2, 0x4e24, @loopback}}}, 0x88)

1.472686946s ago: executing program 2 (id=2213):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000040)={0x2, 0x4, 0x7fffffff}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
ppoll(&(0x7f0000000880)=[{r2, 0x9}], 0x1, 0x0, 0x0, 0x0)
close(r2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000003c0), &(0x7f00000001c0)=0xc)
r4 = socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r5=>0x0})
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r8}, 0x10)
bind$xdp(r4, &(0x7f0000000240)={0x2c, 0x1, r5, 0x2a, r6}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x42031, 0xffffffffffffffff, 0x80000000)
socket$inet_sctp(0x2, 0x5, 0x84)
pipe(&(0x7f0000000080)={<r9=>0xffffffffffffffff})
readv(r9, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000600))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20, @void, @value}, 0x94)

1.460218544s ago: executing program 4 (id=2214):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000a00)=@gettaction={0x1e0, 0x32, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x9, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xffffb294}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x0, 0x4, 0x8}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1c}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fffffff}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x8}, @action_gd=@TCA_ACT_TAB={0x64, 0x1, [{0x14, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffffffff}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}]}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x24040000}, 0x20004000)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000000}, 0x10000}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="200c000010000104000000000000000000480000", @ANYRES32=r3, @ANYBLOB="ae1e020000000000"], 0x20}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x5411, &(0x7f00000007c0))
sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="100100000b060108000000000000000002000001840008800c00078008001c40000000080c000780050015000f0000000c000780080009400000001a18000780000000000c00078008000a40000000040c0007800800084000000084100007800900130073797a32000000000c00078008d1e0c6fa9177e3000840000001ac100007800c00168008000140ac1e000120000880100007800a001100192702c5669d00000c007b7a00000a40000100000900020073797a30000000004c0007800c0014802069b634080001407f0000010c00018008000140ac1414420a001100aaaaaaaaaaaa000008000840000000000000000000007a3000000000050003000700000005"], 0x110}, 0x1, 0x0, 0x0, 0x4008000}, 0x44)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000911071000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
sendmsg$NFT_MSG_GETSETELEM(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2c0000000d0a010e0000000000000000010000000900010073"], 0x2c}}, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.368978889s ago: executing program 3 (id=2215):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x48)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a001700000000040037000900030001632564b758b9a64411f6bb744dc48f57", 0x39}], 0x1)

1.031887933s ago: executing program 1 (id=2217):
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
syz_emit_ethernet(0xbe, &(0x7f0000000340)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x3, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev, {[@cipso={0x86, 0x77, 0x0, [{0x6, 0xc, "e256b28c59881681fb52"}, {0x0, 0xe, "0288907c2ff00a00000042eb"}, {0x1, 0xe, "7434954373561de584b703c8"}, {0x1, 0xf, "c7f250a13c06d30bd224f86aef"}, {0x0, 0x7, "cfa11cab1a"}, {0x2, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "7064a5e976296786"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0x7, "c8f46976e7"}]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)

837.191184ms ago: executing program 1 (id=2218):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c0100001000130700000000fffffffeac1e0001000000000000000000000000e000000100000000000000000000000000000000000000000a0000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d432000000ac14140000000000000000000000000000000000000000fffffffffffffffe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000100000000000000000000000000000000000010000000000000002000400000000000000000048000200656362286369706865725f6e756c6c290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001800cd0000000c001c"], 0x14c}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)

791.572617ms ago: executing program 1 (id=2219):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="11070000000000000400000012000000000000007020bc062826c0bed294c323b380ef4aa30821aeef8d96192b3218241861b69c00843ef42994c1b3d2a207466a3342c6566827d9b6005e3775f85b0ae5e9cd36fc12c92ace81022d90797821b548efe174b8e102f5e79cf3b2934ea6b03c49ac62a0dd7feabf776b45c037379ba238c1b93b175c81da530d9d64bf4211c5c00226cc3f63a8e7fab761e69a5b7bc4b10f3f66e1a809", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, &(0x7f0000000400), 0x0}, 0x20)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000c80)=@assoc_value={<r3=>0x0}, &(0x7f0000000080)=0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000540500000e0002006e657464657673696d0000000f0002"], 0x34}}, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000400)={<r6=>r3, @in={{0x2, 0x4e24, @broadcast}}, [0x6, 0x1, 0x8, 0x353f, 0x3, 0x8, 0x3, 0x5d2, 0xc, 0x0, 0x8, 0x18, 0xdac, 0x8001, 0x10]}, &(0x7f0000000140)=0x100)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f0000000000)={r6, 0x6}, 0x8)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)=@newtaction={0x14, 0x76, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}}, 0x0)

589.871108ms ago: executing program 3 (id=2220):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001900)=@can_newroute={0x14c, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_AND={0x15, 0x1, {{{0x3, 0x1, 0x1, 0x1}, 0x1, 0x0, 0x0, 0x0, "13b9f24da9acd2a1"}, 0x2}}, @CGW_CS_CRC8={0x11e, 0x6, {0xfc, 0x0, 0x0, 0x0, 0x0, "a667b51ee4532125e21a243c1685306f7c5d387de5cd8b8838cba7eb7069509fa783cabdcdfa6d242cca3df25f5dac4687ac8eac82c3ef67821f1fff7369acda843cafddb6410d0f75ce652118322448c2698fad839e889667f63cd45f2a55f7f29bffb2397f66f32db8a42dc52506a5f91fced1eceff1ffc7f0a92c2c7807d3cbfc8e1f2c9462588ced6cf3c6892e6c0f15edf9d6a0a3ca539dad9e6bde1ae53876d0e5ce3642a42efa1e918b8dc406679f10aa42b0cb14136f2be49dbc989672fc9c6e506ac3481ab4f6cf3653497ad26c3d4fce93fdd8ab015b1e8ad181f85e70bd17f680fff137e484a5ff1285ca414a5d5474e851022478168c52281600", 0x0, "d45c637c63381ef54f7b939bb9aba5df6218e9ac"}}]}, 0x14c}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x1e4, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @fwd={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0xe}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_DESC={0x190, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x20, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_CONCAT={0xb8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8}, @NFTA_SET_DESC_CONCAT={0xa8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_CONCAT={0x4}]}]}], {0x14, 0x10}}, 0x22c}}, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0414"], 0x528}}, 0xc000)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="fc1100001200010200"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000f504010007c01c"], 0x11fc}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r7=>0x0})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000001a0001ffffffffffffffff000a000000000000000000000008001f004015"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
getsockopt$EBT_SO_GET_INFO(r8, 0x0, 0x80, &(0x7f0000000100)={'broute\x00', 0x0, 0x0, 0x0, [0xe19, 0x1, 0x3, 0x1, 0x8000000000000001, 0x4]}, &(0x7f0000000180)=0x78)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000010000e400000000010000008500000041000000850000006f0000009500000000020000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000600)={0x0, 0xffffffffffffffa8, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848390000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x0, 0x3100, 0x0, &(0x7f0000000140), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYRES16=r4, @ANYBLOB="01002cbd7000fcdbdf250c00000008000300", @ANYRES32=r7, @ANYBLOB="04086e8043a7d473fd2fc160c043080000009475a88cad24275552df162aae64a6c176c113a031f3bd3c9981082094493bfe1f4d0d91c9233aaa4c3798addbefa1e4ad87e4dacb5c13ebbcd133bf5a85cebe4657ec3bd786bc0aa607a9ae94349367b5c97c97f6a18c8519c60d0ea12bb65e88d61aef4406018b2c7810e79336e7deb31fdfd5080e9dc4e8c2fee57d9ccf12e6c2e801c25d10319b84ffa96fa4238f52f7e5e7a15fb5ef63810b5da43f969990fb1f2084dc5f696b70260299535310015695bfe87b2f09c68344a8c15248d25e547a1ef48561f0d4e2b5962265f48d01785c0716af66795123b7f332aa4f4ed6d5ea"], 0x20}, 0x1, 0x0, 0x0, 0x8084}, 0x4014)

525.160521ms ago: executing program 1 (id=2221):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x3, [@func_proto={0x2, 0x1, 0x0, 0xf, 0x2, [{0x5, 0x1}]}]}, {0x0, [0x0]}}, 0x0, 0x18, 0x0, 0x8, 0x2, 0x0, @void, @value}, 0x28)

523.706409ms ago: executing program 4 (id=2222):
socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmmsg(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="100000000000ca0010010000020000008af7ef6e2778b430b9ddee853be54d5434c5d1ec2c9616db13305dde896de5751b016097e67d36e138bc175d4153636198a725bbaaf9b6cd8d4d55c70a1abcecbcdfffa99c094267cd9c5b3c125db63f0cb70df3c2e8474e070070ae3ffe95c679b5cfa7e660f1aa204c52b229ef55ef7b82f15856db65820551afd74edcaec56f1f445e806bbc4a0edde86561cb23639d0222b32df6338569e5f9ac9d8a3e2101c4254cfa26ee41607ab37fea3321e33efa6941fc11523388e0666bb41a16321f3f71db97d854abad4498a9b047a1bfc813302432b1383a84f9523c71beb1e6d45e83ace3051c292efd99f87b9591d7b0e832667615778ae61c77"], 0x10}}], 0x1, 0x1)
r0 = socket$key(0xf, 0x3, 0x2)
close(r0)

442.464815ms ago: executing program 2 (id=2223):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) (async)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2a, r3}) (async)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2a, r3})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8], 0x3c}}, 0x0)

370.028302ms ago: executing program 1 (id=2224):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3, 0x1c)
setsockopt$packet_int(r2, 0x107, 0xc, &(0x7f0000001400)=0x3d70, 0x4)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r4=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400004, r4})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050000000000000000000000000000000002ed74108da6d73c4b7a20d8417d2ded4419288f"], 0x30}, 0x1, 0x11}, 0x0)

341.455279ms ago: executing program 3 (id=2225):
r0 = socket$inet(0x2, 0x80001, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@ipv4_newroute={0x4c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x5}, @RTA_ENCAP={0x28, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x24, 0x1, {{0x2}, [@loopback]}}}]}, 0x4c}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x3c, r6, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{}, {0x2}, @device_b}, 0x26, @void}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0xd0, 0x11, 0x148, 0x0, 0x0, 0x1f0, 0x2a8, 0x2a8, 0x1f0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x5, 0x3, 0x4, 0x7]}, {0xffffffffffffffff}}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@ttl={{0x28}}, @common=@unspec=@cpu={{0x28}, {0x8397}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b], 0x0, 0x0, 0x7f}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)

208.451911ms ago: executing program 2 (id=2226):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0193a2e89a00000000001fffffff04000180080002"], 0x20}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff000000007110ba000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = socket$pppoe(0x18, 0x1, 0x0)
r3 = socket(0x15, 0x4, 0x10000000000002)
sendmmsg(r3, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000000000000901000006000000100000000000000010010000020000103084e0fbaac6bfdd23336da111d0dfe4dd0ab4650199d0a73d9ff5af6aebdff03fd514ed5bad9b1af788811286650493350930d6ec83452ca6c93dd55863bc67fcf31bf9126685ee5036b6da6b86677a9ca4cc7dfd388171589cbace78eb53b439e5b8860a2b7959d49ca35cabe1a421c7a8869b267c68b47141d272d006a8e5d3d2a2d6be5519bce2f911b321d65e1bf5a78ab92e22d9e03ae05217fa01366bf84f5575cc9cc459f25f953b1616f27feb6fcc11ba6f3ccbb890ac6b47de438f49c00f457f119aa65d0cbd35b5f0"], 0x20}}], 0x1, 0x0)
connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x2, @multicast, 'ip6gretap0\x00'}}, 0x1e)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e)
r5 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="18020000000000000000000000008000850000006100000085000000d000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x0, 0x3f, 0x0, &(0x7f00000004c0)="243c42e8680d85ffff03762f080071127b58425e", 0x0, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0)
connect$pppoe(r4, &(0x7f00000000c0)={0x18, 0x0, {0x0, @random='\x00\t\x00\fB\x00'}}, 0x1e)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r9, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r7}, 0x20)
sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000740)="03", 0x1}], 0x1}}], 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r10, 0x5, 0xd50, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmmsg$inet6(r7, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0)
ioctl$PPPOEIOCSFWD(r2, 0x80047453, &(0x7f0000000040)={0x18, 0x0, {0x2, @multicast, 'veth1_to_team\x00'}})

188.422827ms ago: executing program 4 (id=2227):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400001d000000850000001500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0xc040}, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="5400000000020104000000000000000002000000040001800400038038000280062eb86d290400002c000180140000000014000400fe8000000000000000000000000000bb00"/84], 0x54}, 0x1, 0x0, 0x0, 0x5}, 0x0) (async)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x9, &(0x7f0000000040)=0x440, 0x4) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000008580100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000"], 0x1ec}}, 0x0) (async)
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f00000005c0)=0x8, 0x4) (async)
r7 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0}) (async)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0) (async)
connect$inet(r4, &(0x7f00000000c0)={0x2, 0x4e23, @remote}, 0x10) (async)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x9, &(0x7f0000000100)=0x4010, 0x4) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000002c0), &(0x7f0000000500)=0x4) (async)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) (async)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@gettaction={0x3c, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x48084)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, &(0x7f0000000440)=""/130, &(0x7f0000000040)=0x82)

10.200594ms ago: executing program 3 (id=2228):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000300850000008200000085000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

0s ago: executing program 1 (id=2229):
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
syz_emit_ethernet(0xbe, &(0x7f0000000340)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x3, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev, {[@cipso={0x86, 0x77, 0x0, [{0x6, 0xc, "e256b28c59881681fb52"}, {0x0, 0xe, "0288907c2ff00a00000042eb"}, {0x1, 0xe, "7434954373561de584b703c8"}, {0x1, 0xf, "c7f250a13c06d30bd224f86aef"}, {0x0, 0x7, "cfa11cab1a"}, {0x2, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "7064a5e976296786"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0x7, "c8f46976e7"}]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

o 1000
[  163.727608][ T8831] macvtap2: entered promiscuous mode
[  163.733424][ T8831] macvtap2: entered allmulticast mode
[  163.795434][ T8836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.826'.
[  163.844154][ T8838] netlink: 312 bytes leftover after parsing attributes in process `syz.0.827'.
[  164.160748][ T8851] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  164.185590][ T8851] netlink: 'syz.0.832': attribute type 8 has an invalid length.
[  164.259945][ T8851] FAULT_INJECTION: forcing a failure.
[  164.259945][ T8851] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.368354][ T8851] CPU: 1 UID: 0 PID: 8851 Comm: syz.0.832 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  164.368388][ T8851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  164.368401][ T8851] Call Trace:
[  164.368409][ T8851]  <TASK>
[  164.368418][ T8851]  dump_stack_lvl+0x241/0x360
[  164.368451][ T8851]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.368475][ T8851]  ? __pfx__printk+0x10/0x10
[  164.368499][ T8851]  ? __pfx_lock_release+0x10/0x10
[  164.368540][ T8851]  should_fail_ex+0x40a/0x550
[  164.368576][ T8851]  _copy_from_user+0x2d/0xb0
[  164.368606][ T8851]  copy_msghdr_from_user+0xae/0x680
[  164.368643][ T8851]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  164.368672][ T8851]  ? __fget_files+0x2a/0x410
[  164.368706][ T8851]  ? __fget_files+0x2a/0x410
[  164.368746][ T8851]  __sys_sendmsg+0x209/0x350
[  164.368786][ T8851]  ? __pfx___sys_sendmsg+0x10/0x10
[  164.368824][ T8851]  ? do_sys_openat2+0x17a/0x1d0
[  164.368881][ T8851]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  164.368915][ T8851]  ? do_syscall_64+0x100/0x230
[  164.368946][ T8851]  ? do_syscall_64+0xb6/0x230
[  164.368975][ T8851]  do_syscall_64+0xf3/0x230
[  164.369002][ T8851]  ? clear_bhb_loop+0x35/0x90
[  164.369036][ T8851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.369064][ T8851] RIP: 0033:0x7f9e9458d169
[  164.369082][ T8851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.369099][ T8851] RSP: 002b:00007f9e95381038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  164.369121][ T8851] RAX: ffffffffffffffda RBX: 00007f9e947a5fa0 RCX: 00007f9e9458d169
[  164.369136][ T8851] RDX: 0000000000000000 RSI: 0000400000000340 RDI: 0000000000000009
[  164.369149][ T8851] RBP: 00007f9e95381090 R08: 0000000000000000 R09: 0000000000000000
[  164.369162][ T8851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.369175][ T8851] R13: 0000000000000000 R14: 00007f9e947a5fa0 R15: 00007ffe1be821c8
[  164.369205][ T8851]  </TASK>
[  164.663037][ T8860] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  164.678695][ T8860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.835'.
[  164.735158][ T8864] netlink: 'syz.1.836': attribute type 12 has an invalid length.
[  164.793870][ T8868] bond0: option arp_interval: invalid value (18446744072034198015)
[  164.802142][ T8868] bond0: option arp_interval: allowed values 0 - 2147483647
[  164.811371][ T8864] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  164.878104][ T8864] netlink: zone id is out of range
[  164.923239][ T8873] netlink: 36 bytes leftover after parsing attributes in process `syz.2.834'.
[  164.942790][ T8876] netlink: 7100 bytes leftover after parsing attributes in process `syz.1.836'.
[  164.973710][ T8877] netlink: 12 bytes leftover after parsing attributes in process `syz.3.839'.
[  165.003428][ T8864] netlink: set zone limit has 4 unknown bytes
[  165.507917][ T8889] syzkaller1: entered promiscuous mode
[  165.513609][ T8889] syzkaller1: entered allmulticast mode
[  165.779568][ T8906] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  165.825334][ T8910] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  165.908531][ T8915] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  165.932128][ T8915] netlink: 'syz.3.849': attribute type 8 has an invalid length.
[  166.042813][ T8917] FAULT_INJECTION: forcing a failure.
[  166.042813][ T8917] name failslab, interval 1, probability 0, space 0, times 0
[  166.120026][ T8917] CPU: 0 UID: 0 PID: 8917 Comm: syz.3.849 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  166.120056][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  166.120066][ T8917] Call Trace:
[  166.120073][ T8917]  <TASK>
[  166.120080][ T8917]  dump_stack_lvl+0x241/0x360
[  166.120105][ T8917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.120124][ T8917]  ? __pfx__printk+0x10/0x10
[  166.120142][ T8917]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  166.120168][ T8917]  ? __pfx___might_resched+0x10/0x10
[  166.120194][ T8917]  should_fail_ex+0x40a/0x550
[  166.120223][ T8917]  should_failslab+0xac/0x100
[  166.120247][ T8917]  kmem_cache_alloc_node_noprof+0x77/0x380
[  166.120272][ T8917]  ? __alloc_skb+0x1c3/0x440
[  166.120292][ T8917]  __alloc_skb+0x1c3/0x440
[  166.120313][ T8917]  ? __pfx___alloc_skb+0x10/0x10
[  166.120333][ T8917]  ? netlink_autobind+0xd6/0x2f0
[  166.120347][ T8917]  ? netlink_autobind+0x2b0/0x2f0
[  166.120366][ T8917]  netlink_sendmsg+0x634/0xcb0
[  166.120401][ T8917]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.120430][ T8917]  ? aa_sock_msg_perm+0x91/0x160
[  166.120460][ T8917]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.120484][ T8917]  __sock_sendmsg+0x221/0x270
[  166.120511][ T8917]  ____sys_sendmsg+0x53a/0x860
[  166.120537][ T8917]  ? __pfx_____sys_sendmsg+0x10/0x10
[  166.120555][ T8917]  ? __fget_files+0x2a/0x410
[  166.120582][ T8917]  ? __fget_files+0x2a/0x410
[  166.120613][ T8917]  __sys_sendmsg+0x269/0x350
[  166.120637][ T8917]  ? __pfx___sys_sendmsg+0x10/0x10
[  166.120666][ T8917]  ? do_sys_openat2+0x17a/0x1d0
[  166.120718][ T8917]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  166.120745][ T8917]  ? do_syscall_64+0x100/0x230
[  166.120770][ T8917]  ? do_syscall_64+0xb6/0x230
[  166.120793][ T8917]  do_syscall_64+0xf3/0x230
[  166.120815][ T8917]  ? clear_bhb_loop+0x35/0x90
[  166.120841][ T8917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.120866][ T8917] RIP: 0033:0x7f676d98d169
[  166.120881][ T8917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.120900][ T8917] RSP: 002b:00007f676e7b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.120919][ T8917] RAX: ffffffffffffffda RBX: 00007f676dba6080 RCX: 00007f676d98d169
[  166.120932][ T8917] RDX: 0000000000000000 RSI: 0000400000000340 RDI: 0000000000000009
[  166.120942][ T8917] RBP: 00007f676e7b7090 R08: 0000000000000000 R09: 0000000000000000
[  166.120953][ T8917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.120962][ T8917] R13: 0000000000000000 R14: 00007f676dba6080 R15: 00007ffe48413b18
[  166.120986][ T8917]  </TASK>
[  166.130941][ T8920] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  166.485556][ T8920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.850'.
[  167.059416][ T8957] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  167.291911][ T8968] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  167.326264][ T8968] netlink: 'syz.4.863': attribute type 8 has an invalid length.
[  167.582751][ T8983] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  167.694536][ T8993] macvtap3: entered promiscuous mode
[  167.726723][ T8993] macvtap3: entered allmulticast mode
[  167.926195][ T9009] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  167.943617][ T9009] macvtap1: entered promiscuous mode
[  167.958957][ T9009] macvtap1: entered allmulticast mode
[  167.974017][ T9009] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  168.058867][ T9016] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  168.647861][ T9031] trusted_key: syz.2.876 sent an empty control message without MSG_MORE.
[  169.225848][ T9055] __nla_validate_parse: 11 callbacks suppressed
[  169.225872][ T9055] netlink: 4 bytes leftover after parsing attributes in process `syz.4.880'.
[  169.452627][ T9062] netlink: 12 bytes leftover after parsing attributes in process `syz.3.882'.
[  169.606747][ T9072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'.
[  169.719920][ T9071] lo speed is unknown, defaulting to 1000
[  170.086460][ T9092] FAULT_INJECTION: forcing a failure.
[  170.086460][ T9092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.102145][ T9095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.891'.
[  170.134793][ T9092] CPU: 1 UID: 0 PID: 9092 Comm: syz.3.889 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  170.134825][ T9092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  170.134838][ T9092] Call Trace:
[  170.134845][ T9092]  <TASK>
[  170.134854][ T9092]  dump_stack_lvl+0x241/0x360
[  170.134886][ T9092]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.134910][ T9092]  ? __pfx__printk+0x10/0x10
[  170.134934][ T9092]  ? __pfx_lock_release+0x10/0x10
[  170.134978][ T9092]  should_fail_ex+0x40a/0x550
[  170.135015][ T9092]  _copy_from_user+0x2d/0xb0
[  170.135045][ T9092]  copy_msghdr_from_user+0xae/0x680
[  170.135082][ T9092]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  170.135111][ T9092]  ? __fget_files+0x2a/0x410
[  170.135147][ T9092]  ? __fget_files+0x2a/0x410
[  170.135187][ T9092]  __sys_sendmsg+0x209/0x350
[  170.135217][ T9092]  ? __pfx___sys_sendmsg+0x10/0x10
[  170.135256][ T9092]  ? do_sys_openat2+0x17a/0x1d0
[  170.135314][ T9092]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  170.135347][ T9092]  ? do_syscall_64+0x100/0x230
[  170.135378][ T9092]  ? do_syscall_64+0xb6/0x230
[  170.135408][ T9092]  do_syscall_64+0xf3/0x230
[  170.135435][ T9092]  ? clear_bhb_loop+0x35/0x90
[  170.135469][ T9092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.135498][ T9092] RIP: 0033:0x7f676d98d169
[  170.135517][ T9092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.135535][ T9092] RSP: 002b:00007f676e7d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.135558][ T9092] RAX: ffffffffffffffda RBX: 00007f676dba5fa0 RCX: 00007f676d98d169
[  170.135573][ T9092] RDX: 0000000000000080 RSI: 0000400000000240 RDI: 0000000000000003
[  170.135586][ T9092] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  170.135599][ T9092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.135611][ T9092] R13: 0000000000000000 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  170.135641][ T9092]  </TASK>
[  170.503406][ T9100] netlink: 'syz.1.892': attribute type 9 has an invalid length.
[  170.690390][ T9113] net_ratelimit: 1 callbacks suppressed
[  170.690414][ T9113] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  170.772591][ T9113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.894'.
[  170.814353][ T9119] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  171.369871][ T9147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.903'.
[  171.391224][ T9149] FAULT_INJECTION: forcing a failure.
[  171.391224][ T9149] name failslab, interval 1, probability 0, space 0, times 0
[  171.409950][ T9151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'.
[  171.428185][ T9149] CPU: 1 UID: 0 PID: 9149 Comm: syz.3.904 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  171.428217][ T9149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  171.428230][ T9149] Call Trace:
[  171.428237][ T9149]  <TASK>
[  171.428246][ T9149]  dump_stack_lvl+0x241/0x360
[  171.428278][ T9149]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.428302][ T9149]  ? __pfx__printk+0x10/0x10
[  171.428326][ T9149]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  171.428358][ T9149]  ? __pfx___might_resched+0x10/0x10
[  171.428392][ T9149]  should_fail_ex+0x40a/0x550
[  171.428429][ T9149]  should_failslab+0xac/0x100
[  171.428460][ T9149]  kmem_cache_alloc_node_noprof+0x77/0x380
[  171.428498][ T9149]  ? __alloc_skb+0x1c3/0x440
[  171.428525][ T9149]  __alloc_skb+0x1c3/0x440
[  171.428553][ T9149]  ? __pfx___alloc_skb+0x10/0x10
[  171.428578][ T9149]  ? netlink_autobind+0xd6/0x2f0
[  171.428597][ T9149]  ? netlink_autobind+0x2b0/0x2f0
[  171.428621][ T9149]  netlink_sendmsg+0x634/0xcb0
[  171.428665][ T9149]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.428702][ T9149]  ? aa_sock_msg_perm+0x91/0x160
[  171.428740][ T9149]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.428771][ T9149]  __sock_sendmsg+0x221/0x270
[  171.428805][ T9149]  ____sys_sendmsg+0x53a/0x860
[  171.428839][ T9149]  ? __pfx_____sys_sendmsg+0x10/0x10
[  171.428862][ T9149]  ? __fget_files+0x2a/0x410
[  171.428895][ T9149]  ? __fget_files+0x2a/0x410
[  171.428935][ T9149]  __sys_sendmsg+0x269/0x350
[  171.428964][ T9149]  ? __pfx___sys_sendmsg+0x10/0x10
[  171.429001][ T9149]  ? do_sys_openat2+0x17a/0x1d0
[  171.429058][ T9149]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  171.429093][ T9149]  ? do_syscall_64+0x100/0x230
[  171.429124][ T9149]  ? do_syscall_64+0xb6/0x230
[  171.429154][ T9149]  do_syscall_64+0xf3/0x230
[  171.429180][ T9149]  ? clear_bhb_loop+0x35/0x90
[  171.429219][ T9149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.429247][ T9149] RIP: 0033:0x7f676d98d169
[  171.429265][ T9149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.429282][ T9149] RSP: 002b:00007f676e7d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.429305][ T9149] RAX: ffffffffffffffda RBX: 00007f676dba5fa0 RCX: 00007f676d98d169
[  171.429320][ T9149] RDX: 0000000000000080 RSI: 0000400000000240 RDI: 0000000000000003
[  171.429333][ T9149] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  171.429346][ T9149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.429358][ T9149] R13: 0000000000000000 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  171.429388][ T9149]  </TASK>
[  171.708776][ T9157] netlink: 12 bytes leftover after parsing attributes in process `syz.4.906'.
[  171.987235][ T9169] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  172.089723][ T9169] netlink: 4 bytes leftover after parsing attributes in process `syz.0.908'.
[  172.207265][ T9178] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  172.246097][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.4.909'.
[  172.333881][ T9176] macvtap2: entered promiscuous mode
[  172.399181][ T9176] macvtap2: entered allmulticast mode
[  173.053554][ T9214] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  173.531439][ T9234] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  173.542280][ T9234] netlink: 'syz.4.933': attribute type 8 has an invalid length.
[  173.548379][ T9231] 8021q: adding VLAN 0 to HW filter on device bond3
[  173.564821][ T9231] team0: Port device bond3 added
[  173.613315][ T9242] xt_nfacct: accounting object `syz1' does not exists
[  173.893468][ T9257] sctp: [Deprecated]: syz.4.940 (pid 9257) Use of struct sctp_assoc_value in delayed_ack socket option.
[  173.893468][ T9257] Use struct sctp_sack_info instead
[  174.341764][ T9278] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  174.353078][ T9275] __nla_validate_parse: 6 callbacks suppressed
[  174.353098][ T9275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.944'.
[  174.376007][ T9278] netlink: 'syz.4.946': attribute type 8 has an invalid length.
[  174.627748][ T9288] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  174.661673][ T9288] netlink: 'syz.3.950': attribute type 8 has an invalid length.
[  174.663764][ T9287] lo speed is unknown, defaulting to 1000
[  174.756844][ T9290] lo speed is unknown, defaulting to 1000
[  175.016079][ T9303] netlink: 'syz.1.953': attribute type 12 has an invalid length.
[  175.039940][ T9305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.954'.
[  175.192839][ T9311] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  175.439975][ T9303] netlink: zone id is out of range
[  175.570941][ T9311] netlink: 'syz.1.953': attribute type 2 has an invalid length.
[  175.586381][ T9321] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  175.644745][ T9321] netlink: 'syz.2.959': attribute type 8 has an invalid length.
[  175.654064][ T9323] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  175.702798][ T9323] netlink: 'syz.3.960': attribute type 8 has an invalid length.
[  175.826599][ T9311] Tq€!7: entered promiscuous mode
[  175.856630][ T9303] netlink: set zone limit has 4 unknown bytes
[  175.866428][ T9331] xt_hashlimit: size too large, truncated to 1048576
[  176.138822][ T9341] FAULT_INJECTION: forcing a failure.
[  176.138822][ T9341] name failslab, interval 1, probability 0, space 0, times 0
[  176.193789][ T9341] CPU: 1 UID: 0 PID: 9341 Comm: syz.0.965 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  176.193820][ T9341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  176.193833][ T9341] Call Trace:
[  176.193839][ T9341]  <TASK>
[  176.193848][ T9341]  dump_stack_lvl+0x241/0x360
[  176.193879][ T9341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  176.193902][ T9341]  ? __pfx__printk+0x10/0x10
[  176.193924][ T9341]  ? __kmalloc_noprof+0xb5/0x4c0
[  176.193955][ T9341]  ? __pfx___might_resched+0x10/0x10
[  176.193981][ T9341]  ? aa_get_newest_label+0xff/0x6f0
[  176.194019][ T9341]  should_fail_ex+0x40a/0x550
[  176.194057][ T9341]  should_failslab+0xac/0x100
[  176.194087][ T9341]  __kmalloc_noprof+0xdd/0x4c0
[  176.194116][ T9341]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  176.194142][ T9341]  ? apparmor_capable+0x13b/0x1b0
[  176.194170][ T9341]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  176.194204][ T9341]  genl_rcv_msg+0x80b/0xec0
[  176.194249][ T9341]  ? __pfx_genl_rcv_msg+0x10/0x10
[  176.194301][ T9341]  ? __pfx_lock_acquire+0x10/0x10
[  176.194330][ T9341]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  176.194379][ T9341]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  176.194398][ T9341]  ? __pfx_nl80211_post_doit+0x10/0x10
[  176.194437][ T9341]  ? __pfx___might_resched+0x10/0x10
[  176.194474][ T9341]  netlink_rcv_skb+0x206/0x480
[  176.194506][ T9341]  ? __pfx_genl_rcv_msg+0x10/0x10
[  176.194531][ T9341]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  176.194590][ T9341]  genl_rcv+0x28/0x40
[  176.194611][ T9341]  netlink_unicast+0x7f6/0x990
[  176.194646][ T9341]  ? __pfx_netlink_unicast+0x10/0x10
[  176.194671][ T9341]  ? __virt_addr_valid+0x45f/0x530
[  176.194692][ T9341]  ? __phys_addr_symbol+0x2f/0x70
[  176.194712][ T9341]  ? __check_object_size+0x47a/0x730
[  176.194747][ T9341]  netlink_sendmsg+0x8de/0xcb0
[  176.194791][ T9341]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.194827][ T9341]  ? aa_sock_msg_perm+0x91/0x160
[  176.194864][ T9341]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.194895][ T9341]  __sock_sendmsg+0x221/0x270
[  176.194929][ T9341]  ____sys_sendmsg+0x53a/0x860
[  176.194980][ T9341]  ? __pfx_____sys_sendmsg+0x10/0x10
[  176.195001][ T9341]  ? __fget_files+0x2a/0x410
[  176.195051][ T9341]  ? __fget_files+0x2a/0x410
[  176.195089][ T9341]  __sys_sendmsg+0x269/0x350
[  176.195119][ T9341]  ? __pfx___sys_sendmsg+0x10/0x10
[  176.195158][ T9341]  ? do_sys_openat2+0x17a/0x1d0
[  176.195216][ T9341]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  176.195250][ T9341]  ? do_syscall_64+0x100/0x230
[  176.195281][ T9341]  ? do_syscall_64+0xb6/0x230
[  176.195312][ T9341]  do_syscall_64+0xf3/0x230
[  176.195338][ T9341]  ? clear_bhb_loop+0x35/0x90
[  176.195372][ T9341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.195401][ T9341] RIP: 0033:0x7f9e9458d169
[  176.195427][ T9341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.195445][ T9341] RSP: 002b:00007f9e95381038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  176.195468][ T9341] RAX: ffffffffffffffda RBX: 00007f9e947a5fa0 RCX: 00007f9e9458d169
[  176.195483][ T9341] RDX: 0000000000000080 RSI: 0000400000000240 RDI: 0000000000000003
[  176.195497][ T9341] RBP: 00007f9e95381090 R08: 0000000000000000 R09: 0000000000000000
[  176.195510][ T9341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.195523][ T9341] R13: 0000000000000000 R14: 00007f9e947a5fa0 R15: 00007ffe1be821c8
[  176.195555][ T9341]  </TASK>
[  176.533551][ T9337] 8021q: adding VLAN 0 to HW filter on device bond4
[  176.542618][ T9337] team0: Port device bond4 added
[  176.788746][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  176.869547][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.968'.
[  176.941748][ T9352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.968'.
[  176.975131][ T9351] netlink: 32 bytes leftover after parsing attributes in process `syz.2.968'.
[  177.029097][ T9352] netlink: 32 bytes leftover after parsing attributes in process `syz.2.968'.
[  177.386231][ T9378] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  177.410774][ T9367] netlink: 40 bytes leftover after parsing attributes in process `syz.3.970'.
[  177.425173][ T9367] netlink: 48 bytes leftover after parsing attributes in process `syz.3.970'.
[  177.433678][ T9378] netlink: 'syz.4.974': attribute type 8 has an invalid length.
[  178.037799][ T9400] lo speed is unknown, defaulting to 1000
[  178.891799][ T9429] netlink: 40 bytes leftover after parsing attributes in process `syz.4.988'.
[  178.901221][ T9429] netlink: 48 bytes leftover after parsing attributes in process `syz.4.988'.
[  179.689659][ T9472] netlink: 'syz.2.998': attribute type 3 has an invalid length.
[  179.858120][ T9478] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  179.909824][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1000'.
[  180.057264][ T9482] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1001'.
[  180.094233][ T9482] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1001'.
[  180.207811][ T9495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1004'.
[  180.263736][ T9497] netlink: 'syz.0.1006': attribute type 21 has an invalid length.
[  180.309969][ T9501] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1004'.
[  180.641131][ T9519] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  180.700636][ T9519] netlink: 'syz.3.1010': attribute type 8 has an invalid length.
[  181.438624][ T9546] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1017'.
[  181.461866][ T9546] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1017'.
[  181.552250][ T9555] netlink: 'syz.2.1019': attribute type 39 has an invalid length.
[  181.745412][ T9561] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  182.451943][ T9585] lo speed is unknown, defaulting to 1000
[  182.482044][ T9590] x_tables: duplicate underflow at hook 3
[  182.604590][ T9587] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1031'.
[  182.624171][ T9587] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1031'.
[  182.871878][ T9601] syzkaller1: entered promiscuous mode
[  182.890564][ T9601] syzkaller1: entered allmulticast mode
[  183.692578][ T9630] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  183.716344][ T5871] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  183.786690][ T9629] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1046'.
[  184.126940][ T9661] tc_dump_action: action bad kind
[  184.827068][   T26] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  185.094226][ T9706] __nla_validate_parse: 8 callbacks suppressed
[  185.094247][ T9706] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1065'.
[  185.108201][ T9709] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1066'.
[  185.118430][ T9706] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1065'.
[  185.133902][ T9706] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1065'.
[  185.186080][ T9709] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.265671][ T9709] bridge_slave_1 (unregistering): left allmulticast mode
[  185.272782][ T9709] bridge_slave_1 (unregistering): left promiscuous mode
[  185.283768][ T9709] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.750734][ T9725] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  185.824781][ T9698] delete_channel: no stack
[  186.148758][ T9729] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1072'.
[  186.186263][ T9729] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1072'.
[  186.583149][ T9757] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  186.618525][ T9757] netlink: 'syz.2.1080': attribute type 8 has an invalid length.
[  186.664516][ T9760] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1084'.
[  186.692604][ T9760] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1084'.
[  186.965641][ T9778] netpci0: tun_chr_ioctl cmd 1074025672
[  186.993079][ T9778] netpci0: ignored: set checksum disabled
[  187.123002][ T9782] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1090'.
[  187.165408][ T9782] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1090'.
[  187.458664][ T9810] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  187.495795][ T9810] netlink: 'syz.4.1096': attribute type 8 has an invalid length.
[  188.120660][ T9846] FAULT_INJECTION: forcing a failure.
[  188.120660][ T9846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  188.208114][ T9846] CPU: 1 UID: 0 PID: 9846 Comm: syz.2.1104 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  188.208148][ T9846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  188.208162][ T9846] Call Trace:
[  188.208169][ T9846]  <TASK>
[  188.208178][ T9846]  dump_stack_lvl+0x241/0x360
[  188.208225][ T9846]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.208250][ T9846]  ? __pfx__printk+0x10/0x10
[  188.208274][ T9846]  ? __pfx_lock_release+0x10/0x10
[  188.208315][ T9846]  should_fail_ex+0x40a/0x550
[  188.208353][ T9846]  _copy_from_user+0x2d/0xb0
[  188.208384][ T9846]  __sys_bpf+0x1be/0x820
[  188.208416][ T9846]  ? __pfx___sys_bpf+0x10/0x10
[  188.208460][ T9846]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  188.208496][ T9846]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  188.208530][ T9846]  ? do_syscall_64+0x100/0x230
[  188.208563][ T9846]  __x64_sys_bpf+0x7c/0x90
[  188.208592][ T9846]  do_syscall_64+0xf3/0x230
[  188.208619][ T9846]  ? clear_bhb_loop+0x35/0x90
[  188.208653][ T9846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.208690][ T9846] RIP: 0033:0x7f907818d169
[  188.208713][ T9846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.208731][ T9846] RSP: 002b:00007f907904e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  188.208761][ T9846] RAX: ffffffffffffffda RBX: 00007f90783a5fa0 RCX: 00007f907818d169
[  188.208777][ T9846] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  188.208791][ T9846] RBP: 00007f907904e090 R08: 0000000000000000 R09: 0000000000000000
[  188.208803][ T9846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.208815][ T9846] R13: 0000000000000000 R14: 00007f90783a5fa0 R15: 00007ffeee9994f8
[  188.208846][ T9846]  </TASK>
[  188.418304][ T9847] IPv6: NLM_F_REPLACE set, but no existing node found!
[  188.941937][ T9863] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.013127][ T9863] netlink: 'syz.0.1108': attribute type 10 has an invalid length.
[  189.084413][ T9871] dccp_invalid_packet: P.Data Offset(4) too small
[  189.115332][ T9872] dccp_invalid_packet: P.Data Offset(4) too small
[  189.133504][ T9874] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  189.176326][ T9874] netlink: 'syz.3.1112': attribute type 1 has an invalid length.
[  189.184648][ T9874] netlink: 'syz.3.1112': attribute type 8 has an invalid length.
[  189.385623][ T9884] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  190.394099][ T9939] FAULT_INJECTION: forcing a failure.
[  190.394099][ T9939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.440237][ T9939] CPU: 1 UID: 0 PID: 9939 Comm: syz.1.1129 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  190.440269][ T9939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  190.440282][ T9939] Call Trace:
[  190.440290][ T9939]  <TASK>
[  190.440299][ T9939]  dump_stack_lvl+0x241/0x360
[  190.440331][ T9939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.440355][ T9939]  ? __pfx__printk+0x10/0x10
[  190.440378][ T9939]  ? __pfx_lock_release+0x10/0x10
[  190.440419][ T9939]  should_fail_ex+0x40a/0x550
[  190.440456][ T9939]  _copy_from_user+0x2d/0xb0
[  190.440485][ T9939]  vmemdup_user+0x149/0x1c0
[  190.440507][ T9939]  map_get_next_key+0x1c4/0x5e0
[  190.440537][ T9939]  ? __might_fault+0xc6/0x120
[  190.440634][ T9939]  __sys_bpf+0x732/0x820
[  190.440674][ T9939]  ? __pfx___sys_bpf+0x10/0x10
[  190.440719][ T9939]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  190.440754][ T9939]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  190.440788][ T9939]  ? do_syscall_64+0x100/0x230
[  190.440821][ T9939]  __x64_sys_bpf+0x7c/0x90
[  190.440850][ T9939]  do_syscall_64+0xf3/0x230
[  190.440878][ T9939]  ? clear_bhb_loop+0x35/0x90
[  190.440923][ T9939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.440957][ T9939] RIP: 0033:0x7fdd5f58d169
[  190.440976][ T9939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.440995][ T9939] RSP: 002b:00007fdd6037e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  190.441017][ T9939] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58d169
[  190.441033][ T9939] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  190.441047][ T9939] RBP: 00007fdd6037e090 R08: 0000000000000000 R09: 0000000000000000
[  190.441059][ T9939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.441072][ T9939] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  190.441103][ T9939]  </TASK>
[  190.866186][ T9953] netlink: 'syz.1.1133': attribute type 1 has an invalid length.
[  190.894148][ T9946] lo speed is unknown, defaulting to 1000
[  190.994169][ T9953] 8021q: adding VLAN 0 to HW filter on device bond8
[  191.420994][ T9987] __nla_validate_parse: 12 callbacks suppressed
[  191.421017][ T9987] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1139'.
[  191.662441][ T5886] lo speed is unknown, defaulting to 1000
[  191.910365][T10004] lo speed is unknown, defaulting to 1000
[  191.920457][T10010] smc: net device bond0 applied user defined pnetid SYZ2
[  191.933741][ T9989] IPv6: NLM_F_REPLACE set, but no existing node found!
[  191.941497][T10008] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  192.723513][T10003] x_tables: duplicate entry at hook 2
[  192.866502][T10034] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  192.935255][T10034] netlink: 'syz.2.1150': attribute type 10 has an invalid length.
[  192.965302][T10034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1150'.
[  192.997621][T10036] tun0: tun_chr_ioctl cmd 1074025675
[  193.009226][T10036] tun0: persist enabled
[  193.043639][T10036] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  193.043810][T10038] vlan1: entered promiscuous mode
[  193.087109][T10038] bridge0: entered promiscuous mode
[  193.141644][T10038] bridge0: left promiscuous mode
[  193.982340][T10074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1162'.
[  194.150707][T10080] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  194.217321][T10080] netlink: 'syz.3.1163': attribute type 10 has an invalid length.
[  194.269688][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1163'.
[  194.357332][T10089] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  194.561003][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.991462][T10103] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  195.042938][T10105] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  195.381485][T10111] netlink: 'syz.1.1173': attribute type 1 has an invalid length.
[  195.425449][T10111] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1173'.
[  196.273702][T10143] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1185'.
[  196.378502][T10143] bridge_slave_1 (unregistering): left allmulticast mode
[  196.395243][T10143] bridge_slave_1 (unregistering): left promiscuous mode
[  196.405451][T10143] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.437965][T10154] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  196.486848][T10154] syzkaller1: entered promiscuous mode
[  196.492588][T10154] syzkaller1: entered allmulticast mode
[  196.676291][T10167] netlink: 'syz.4.1193': attribute type 1 has an invalid length.
[  196.912835][T10174] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  196.919914][T10176] lo speed is unknown, defaulting to 1000
[  196.951821][T10174] netlink: 'syz.1.1196': attribute type 10 has an invalid length.
[  197.735536][T10211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  197.744512][T10211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1207'.
[  197.791996][T10215] xt_bpf: check failed: parse error
[  197.826259][T10211] netlink: 'syz.2.1207': attribute type 1 has an invalid length.
[  197.849742][T10211] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1207'.
[  197.922959][ T5844] block nbd0: Receive control failed (result -107)
[  197.962472][T10223] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  198.001208][T10223] netlink: 'syz.1.1211': attribute type 10 has an invalid length.
[  198.371422][T10237] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1216'.
[  198.403218][T10241] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1217'.
[  198.435086][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1217'.
[  198.436648][T10237] sch_tbf: burst 511 is lower than device veth7 mtu (1514) !
[  198.716202][T10249] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1221'.
[  198.771653][T10256] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1223'.
[  198.791532][T10253] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1224'.
[  198.815140][T10247] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1220'.
[  199.075645][T10272] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.130959][T10272] netlink: 'syz.1.1227': attribute type 10 has an invalid length.
[  199.551520][T10302] unsupported nlmsg_type 40
[  199.694033][T10311] bond_slave_0: entered promiscuous mode
[  199.700119][T10311] bond_slave_1: entered promiscuous mode
[  199.873092][T10324] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.917984][T10324] netlink: 'syz.1.1245': attribute type 10 has an invalid length.
[  200.277513][T10341] tap0: tun_chr_ioctl cmd 2148553947
[  200.284792][T10341] tap0: tun_chr_ioctl cmd 1074025673
[  200.293251][T10342] tap0: tun_chr_ioctl cmd 2148553947
[  200.384347][T10346] netlink: 'syz.3.1253': attribute type 12 has an invalid length.
[  200.506449][T10356] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  200.545499][T10356] netlink: 'syz.3.1253': attribute type 2 has an invalid length.
[  200.599195][T10356] Tq€!7: entered promiscuous mode
[  200.727738][T10355] veth0_to_bridge: entered promiscuous mode
[  200.744026][T10354] veth0_to_bridge: left promiscuous mode
[  200.811215][T10365] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  200.877683][T10365] netlink: 'syz.2.1259': attribute type 10 has an invalid length.
[  201.351967][T10393] netlink: 'syz.0.1265': attribute type 10 has an invalid length.
[  201.772091][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  201.779528][ T5840] Bluetooth: hci1: command 0x0406 tx timeout
[  201.785690][   T55] Bluetooth: hci2: command 0x0406 tx timeout
[  201.897680][T10414] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  201.908657][T10413] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  201.939274][T10413] netlink: 'syz.2.1272': attribute type 10 has an invalid length.
[  201.970879][T10419] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  203.095978][T10458] __nla_validate_parse: 8 callbacks suppressed
[  203.096001][T10458] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1283'.
[  203.385647][T10466] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  203.444602][T10479] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  203.490185][T10466] netlink: 'syz.0.1285': attribute type 10 has an invalid length.
[  203.981492][T10499] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1290'.
[  204.108503][T10507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1294'.
[  204.125674][T10507] netlink: 'syz.0.1294': attribute type 3 has an invalid length.
[  204.139663][T10508] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1293'.
[  204.212579][T10508] bridge_slave_0: left allmulticast mode
[  204.306442][T10508] bridge_slave_0: left promiscuous mode
[  204.312356][T10508] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.467407][T10508] bridge_slave_1: left allmulticast mode
[  204.483287][T10508] bridge_slave_1: left promiscuous mode
[  204.510787][T10508] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.568943][T10508] bond0: (slave bond_slave_0): Releasing backup interface
[  204.595288][T10508] bond0: (slave bond_slave_1): Releasing backup interface
[  204.600808][T10524] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1296'.
[  204.656065][T10508] team0: Port device team_slave_0 removed
[  204.677031][T10508] team0: Port device team_slave_1 removed
[  204.696109][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.735581][T10508] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.819398][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.835260][T10508] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.968160][T10517] vlan0: entered allmulticast mode
[  204.973356][T10517] bond0: entered allmulticast mode
[  205.011980][T10527] netlink: 'syz.4.1297': attribute type 2 has an invalid length.
[  205.016141][T10517] bridge0: port 1(vlan0) entered blocking state
[  205.035279][T10517] bridge0: port 1(vlan0) entered disabled state
[  205.047069][T10527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1297'.
[  205.128220][T10528] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1297'.
[  205.279114][T10533] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.394245][T10534] can: request_module (can-proto-0) failed.
[  205.430479][T10543] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1298'.
[  205.467356][T10543] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode
[  205.519879][T10543] macvtap1: entered promiscuous mode
[  205.554053][T10543] macvtap1: entered allmulticast mode
[  205.568181][T10543] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  205.655937][T10553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1304'.
[  205.842084][T10561] lo speed is unknown, defaulting to 1000
[  206.178245][T10571] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1307'.
[  206.378082][T10576] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  206.418809][T10576] netlink: 'syz.0.1308': attribute type 10 has an invalid length.
[  206.848700][T10596] netlink: 'syz.4.1313': attribute type 1 has an invalid length.
[  206.928934][T10596] bond8: (slave gretap1): making interface the new active one
[  206.963784][T10596] bond8: (slave gretap1): Enslaving as an active interface with an up link
[  207.364122][T10617] syz_tun: entered allmulticast mode
[  207.510072][T10614] syz_tun: left allmulticast mode
[  207.746329][T10629] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  208.069992][T10643] x_tables: duplicate entry at hook 2
[  208.090407][T10643] netlink: 'syz.4.1325': attribute type 1 has an invalid length.
[  208.119778][T10643] netlink: 'syz.4.1325': attribute type 11 has an invalid length.
[  208.160633][T10643] __nla_validate_parse: 2 callbacks suppressed
[  208.160653][T10643] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1325'.
[  208.346851][T10663] netlink: 'syz.2.1329': attribute type 5 has an invalid length.
[  208.461049][T10666] FAULT_INJECTION: forcing a failure.
[  208.461049][T10666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.494158][T10666] CPU: 1 UID: 0 PID: 10666 Comm: syz.3.1330 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  208.494192][T10666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  208.494206][T10666] Call Trace:
[  208.494213][T10666]  <TASK>
[  208.494222][T10666]  dump_stack_lvl+0x241/0x360
[  208.494253][T10666]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.494277][T10666]  ? __pfx__printk+0x10/0x10
[  208.494300][T10666]  ? __pfx_lock_release+0x10/0x10
[  208.494349][T10666]  should_fail_ex+0x40a/0x550
[  208.494387][T10666]  _copy_from_user+0x2d/0xb0
[  208.494417][T10666]  copy_msghdr_from_user+0xae/0x680
[  208.494454][T10666]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  208.494483][T10666]  ? __fget_files+0x2a/0x410
[  208.494518][T10666]  ? __fget_files+0x2a/0x410
[  208.494558][T10666]  __sys_sendmsg+0x209/0x350
[  208.494587][T10666]  ? __pfx___sys_sendmsg+0x10/0x10
[  208.494625][T10666]  ? do_sys_openat2+0x17a/0x1d0
[  208.494683][T10666]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  208.494720][T10666]  ? do_syscall_64+0x100/0x230
[  208.494751][T10666]  ? do_syscall_64+0xb6/0x230
[  208.494781][T10666]  do_syscall_64+0xf3/0x230
[  208.494808][T10666]  ? clear_bhb_loop+0x35/0x90
[  208.494841][T10666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.494869][T10666] RIP: 0033:0x7f676d98d169
[  208.494889][T10666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.494906][T10666] RSP: 002b:00007f676e7d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  208.494929][T10666] RAX: ffffffffffffffda RBX: 00007f676dba5fa0 RCX: 00007f676d98d169
[  208.494944][T10666] RDX: 0000000000000000 RSI: 0000400000000200 RDI: 0000000000000003
[  208.494957][T10666] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  208.494969][T10666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  208.494981][T10666] R13: 0000000000000000 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  208.495010][T10666]  </TASK>
[  208.724164][T10670] team0: entered allmulticast mode
[  208.729579][T10670] team_slave_0: entered allmulticast mode
[  208.735462][T10670] team_slave_1: entered allmulticast mode
[  208.744177][T10670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1331'.
[  208.753229][T10670] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1331'.
[  208.769148][T10670] ipip0: entered promiscuous mode
[  209.463787][T10711] dummy0: entered promiscuous mode
[  209.483571][T10711] dummy0: entered allmulticast mode
[  209.573722][    C0] Unknown status report in ack skb
[  209.862771][T10731] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1347'.
[  209.919810][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  209.943559][T10731] netlink: 356 bytes leftover after parsing attributes in process `syz.4.1347'.
[  209.989329][T10731] netlink: 356 bytes leftover after parsing attributes in process `syz.4.1347'.
[  210.552909][T10763] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  210.584489][T10766] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1356'.
[  210.596567][T10763] netlink: 'syz.4.1357': attribute type 8 has an invalid length.
[  210.891581][T10780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1359'.
[  211.229228][T10794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1364'.
[  211.610512][T10814] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  211.676943][T10814] netlink: 'syz.0.1371': attribute type 10 has an invalid length.
[  211.705719][T10818] x_tables: ip_tables: udp match: only valid for protocol 17
[  211.735884][T10813] netlink: 184 bytes leftover after parsing attributes in process `syz.1.1370'.
[  211.774229][T10820] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  211.879238][T10820] netlink: 'syz.4.1373': attribute type 10 has an invalid length.
[  211.950513][T10829] lo speed is unknown, defaulting to 1000
[  211.952838][T10818] netlink: 'syz.3.1372': attribute type 2 has an invalid length.
[  212.021345][T10837] xt_TCPMSS: Only works on TCP SYN packets
[  212.083310][T10818] : entered promiscuous mode
[  212.948681][T10836] lo speed is unknown, defaulting to 1000
[  212.994389][T10884] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  213.013309][T10829] atomic_op ffff888027515998 conn xmit_atomic 0000000000000000
[  213.103231][T10884] netlink: 'syz.1.1388': attribute type 8 has an invalid length.
[  213.490628][T10900] netlink: 'syz.1.1392': attribute type 1 has an invalid length.
[  213.675597][T10911] __nla_validate_parse: 1 callbacks suppressed
[  213.675621][T10911] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1393'.
[  213.843340][T10911] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1393'.
[  213.873077][T10921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1394'.
[  214.089117][T10888] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1389'.
[  214.108374][T10935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1398'.
[  214.125331][T10888] netlink: 'syz.3.1389': attribute type 1 has an invalid length.
[  214.178796][T10888] netlink: 'syz.3.1389': attribute type 2 has an invalid length.
[  214.218176][T10888] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1389'.
[  214.260438][T10931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1389'.
[  214.561042][T10951] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1403'.
[  214.776608][T10960] FAULT_INJECTION: forcing a failure.
[  214.776608][T10960] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.805167][T10960] CPU: 0 UID: 0 PID: 10960 Comm: syz.0.1406 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  214.805198][T10960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  214.805210][T10960] Call Trace:
[  214.805217][T10960]  <TASK>
[  214.805226][T10960]  dump_stack_lvl+0x241/0x360
[  214.805257][T10960]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.805280][T10960]  ? __pfx__printk+0x10/0x10
[  214.805303][T10960]  ? __pfx_lock_release+0x10/0x10
[  214.805342][T10960]  should_fail_ex+0x40a/0x550
[  214.805379][T10960]  _copy_from_user+0x2d/0xb0
[  214.805408][T10960]  __sys_bpf+0x1be/0x820
[  214.805439][T10960]  ? __pfx___sys_bpf+0x10/0x10
[  214.805479][T10960]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  214.805518][T10960]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  214.805552][T10960]  ? do_syscall_64+0x100/0x230
[  214.805584][T10960]  __x64_sys_bpf+0x7c/0x90
[  214.805611][T10960]  do_syscall_64+0xf3/0x230
[  214.805638][T10960]  ? clear_bhb_loop+0x35/0x90
[  214.805669][T10960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.805698][T10960] RIP: 0033:0x7f9e9458d169
[  214.805716][T10960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.805733][T10960] RSP: 002b:00007f9e95381038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  214.805755][T10960] RAX: ffffffffffffffda RBX: 00007f9e947a5fa0 RCX: 00007f9e9458d169
[  214.805770][T10960] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  214.805783][T10960] RBP: 00007f9e95381090 R08: 0000000000000000 R09: 0000000000000000
[  214.805796][T10960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.805809][T10960] R13: 0000000000000000 R14: 00007f9e947a5fa0 R15: 00007ffe1be821c8
[  214.805838][T10960]  </TASK>
[  215.069507][T10968] netlink: 'syz.3.1409': attribute type 10 has an invalid length.
[  215.122980][T10968] dummy0: entered promiscuous mode
[  215.183867][T10968] 
: (slave dummy0): Enslaving as an active interface with an up link
[  215.760641][T11005] lo speed is unknown, defaulting to 1000
[  215.790669][T11009] FAULT_INJECTION: forcing a failure.
[  215.790669][T11009] name failslab, interval 1, probability 0, space 0, times 0
[  215.809858][T10991] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1414'.
[  215.833679][T11009] CPU: 0 UID: 0 PID: 11009 Comm: syz.1.1421 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  215.833709][T11009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  215.833722][T11009] Call Trace:
[  215.833729][T11009]  <TASK>
[  215.833738][T11009]  dump_stack_lvl+0x241/0x360
[  215.833768][T11009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.833791][T11009]  ? __pfx__printk+0x10/0x10
[  215.833813][T11009]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  215.833844][T11009]  ? __pfx___might_resched+0x10/0x10
[  215.833876][T11009]  should_fail_ex+0x40a/0x550
[  215.833919][T11009]  should_failslab+0xac/0x100
[  215.833950][T11009]  __kmalloc_node_noprof+0xe1/0x4d0
[  215.833980][T11009]  ? vmemdup_user+0x42/0x1c0
[  215.834005][T11009]  vmemdup_user+0x42/0x1c0
[  215.834025][T11009]  map_get_next_key+0x1c4/0x5e0
[  215.834054][T11009]  ? __might_fault+0xc6/0x120
[  215.834081][T11009]  __sys_bpf+0x732/0x820
[  215.834112][T11009]  ? __pfx___sys_bpf+0x10/0x10
[  215.834153][T11009]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  215.834190][T11009]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  215.834223][T11009]  ? do_syscall_64+0x100/0x230
[  215.834255][T11009]  __x64_sys_bpf+0x7c/0x90
[  215.834283][T11009]  do_syscall_64+0xf3/0x230
[  215.834310][T11009]  ? clear_bhb_loop+0x35/0x90
[  215.834342][T11009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.834370][T11009] RIP: 0033:0x7fdd5f58d169
[  215.834388][T11009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.834407][T11009] RSP: 002b:00007fdd6037e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  215.834430][T11009] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58d169
[  215.834445][T11009] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  215.834458][T11009] RBP: 00007fdd6037e090 R08: 0000000000000000 R09: 0000000000000000
[  215.834471][T11009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.834483][T11009] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  215.834513][T11009]  </TASK>
[  215.857640][T10991] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1414'.
[  216.419647][T11005] x_tables: duplicate entry at hook 2
[  216.454048][T11032] netlink: 'syz.0.1430': attribute type 10 has an invalid length.
[  216.537652][T11032] veth0_macvtap: left promiscuous mode
[  216.618842][T11032] veth0_macvtap: entered promiscuous mode
[  216.646585][T11040] Cannot find set identified by id 0 to match
[  216.686923][T11032] team0: Device macvtap0 failed to register rx_handler
[  216.858944][T11032] veth0_macvtap: left promiscuous mode
[  217.162678][T11063] FAULT_INJECTION: forcing a failure.
[  217.162678][T11063] name failslab, interval 1, probability 0, space 0, times 0
[  217.212223][T11063] CPU: 1 UID: 0 PID: 11063 Comm: syz.0.1437 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  217.212259][T11063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  217.212272][T11063] Call Trace:
[  217.212280][T11063]  <TASK>
[  217.212289][T11063]  dump_stack_lvl+0x241/0x360
[  217.212321][T11063]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.212344][T11063]  ? __pfx__printk+0x10/0x10
[  217.212366][T11063]  ? fs_reclaim_acquire+0x93/0x130
[  217.212389][T11063]  ? __pfx___might_resched+0x10/0x10
[  217.212420][T11063]  should_fail_ex+0x40a/0x550
[  217.212456][T11063]  should_failslab+0xac/0x100
[  217.212485][T11063]  __kmalloc_noprof+0xdd/0x4c0
[  217.212512][T11063]  ? kstrtouint_from_user+0x128/0x190
[  217.212533][T11063]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  217.212560][T11063]  tomoyo_realpath_from_path+0xcf/0x5e0
[  217.212593][T11063]  tomoyo_path_number_perm+0x239/0x770
[  217.212623][T11063]  ? __lock_acquire+0x1397/0x2100
[  217.212657][T11063]  ? tomoyo_path_number_perm+0x209/0x770
[  217.212690][T11063]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  217.212760][T11063]  ? __fget_files+0x2a/0x410
[  217.212793][T11063]  ? __fget_files+0x2a/0x410
[  217.212837][T11063]  security_file_ioctl+0xc6/0x2a0
[  217.212867][T11063]  __se_sys_ioctl+0x46/0x170
[  217.212893][T11063]  do_syscall_64+0xf3/0x230
[  217.212921][T11063]  ? clear_bhb_loop+0x35/0x90
[  217.212955][T11063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.212983][T11063] RIP: 0033:0x7f9e9458d169
[  217.213002][T11063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.213020][T11063] RSP: 002b:00007f9e95381038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  217.213042][T11063] RAX: ffffffffffffffda RBX: 00007f9e947a5fa0 RCX: 00007f9e9458d169
[  217.213057][T11063] RDX: 0000400000000040 RSI: 000000004008b100 RDI: 0000000000000003
[  217.213071][T11063] RBP: 00007f9e95381090 R08: 0000000000000000 R09: 0000000000000000
[  217.213083][T11063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.213096][T11063] R13: 0000000000000000 R14: 00007f9e947a5fa0 R15: 00007ffe1be821c8
[  217.213127][T11063]  </TASK>
[  217.432449][T11063] ERROR: Out of memory at tomoyo_realpath_from_path.
[  217.627440][T11075] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  217.724328][T11080] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  217.763252][T11080] netlink: 'syz.2.1444': attribute type 10 has an invalid length.
[  217.964849][ T5887] IPVS: starting estimator thread 0...
[  218.055282][T11095] IPVS: using max 21 ests per chain, 50400 per kthread
[  218.167216][T11105] netlink: 'syz.4.1450': attribute type 10 has an invalid length.
[  218.189604][T11105] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.200499][T11108] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  218.216686][T11108] netlink: 'syz.1.1451': attribute type 8 has an invalid length.
[  218.255423][T11105] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.262628][T11105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.282992][T11105] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  218.301084][T11109] bridge_slave_0: left allmulticast mode
[  218.309484][T11109] bridge_slave_0: left promiscuous mode
[  218.315935][T11109] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.354735][T11109] bond0: (slave bridge0): Releasing backup interface
[  218.442114][T11107] 8021q: VLANs not supported on ip6gre0
[  218.619315][T11131] netlink: 'syz.2.1459': attribute type 1 has an invalid length.
[  218.627366][T11131] netlink: 'syz.2.1459': attribute type 1 has an invalid length.
[  218.637056][T11131] netlink: 'syz.2.1459': attribute type 2 has an invalid length.
[  218.711628][T11136] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  218.761592][T11136] netlink: 'syz.1.1458': attribute type 10 has an invalid length.
[  218.811991][T11136] __nla_validate_parse: 13 callbacks suppressed
[  218.812015][T11136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1458'.
[  218.943125][T11146] lo speed is unknown, defaulting to 1000
[  219.346880][T11161] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1467'.
[  219.415173][T11161] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1467'.
[  219.482882][T11174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1472'.
[  219.794294][T11194] FAULT_INJECTION: forcing a failure.
[  219.794294][T11194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.810111][T11183] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !åÀØ¢
…D£øUDŒw˜}�zR3âëp(@Oš>Æ
[  219.835104][T11194] CPU: 0 UID: 0 PID: 11194 Comm: syz.3.1477 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  219.835135][T11194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  219.835149][T11194] Call Trace:
[  219.835156][T11194]  <TASK>
[  219.835165][T11194]  dump_stack_lvl+0x241/0x360
[  219.835196][T11194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.835220][T11194]  ? __pfx__printk+0x10/0x10
[  219.835246][T11194]  ? snprintf+0xda/0x120
[  219.835269][T11194]  should_fail_ex+0x40a/0x550
[  219.835305][T11194]  _copy_to_user+0x31/0xb0
[  219.835336][T11194]  simple_read_from_buffer+0xca/0x150
[  219.835367][T11194]  proc_fail_nth_read+0x1e9/0x250
[  219.835396][T11194]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  219.835430][T11194]  ? rw_verify_area+0x243/0x630
[  219.835451][T11194]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  219.835478][T11194]  vfs_read+0x1f8/0xb40
[  219.835500][T11194]  ? fdget_pos+0x254/0x320
[  219.835529][T11194]  ? __pfx___mutex_lock+0x10/0x10
[  219.835554][T11194]  ? __pfx_vfs_read+0x10/0x10
[  219.835572][T11194]  ? do_sys_openat2+0x17a/0x1d0
[  219.835607][T11194]  ? __fget_files+0x2a/0x410
[  219.835649][T11194]  ? __fget_files+0x395/0x410
[  219.835678][T11194]  ? __fget_files+0x2a/0x410
[  219.835719][T11194]  ksys_read+0x18f/0x2b0
[  219.835743][T11194]  ? __pfx_ksys_read+0x10/0x10
[  219.835766][T11194]  ? do_syscall_64+0x100/0x230
[  219.835798][T11194]  ? do_syscall_64+0xb6/0x230
[  219.835829][T11194]  do_syscall_64+0xf3/0x230
[  219.835856][T11194]  ? clear_bhb_loop+0x35/0x90
[  219.835890][T11194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.835919][T11194] RIP: 0033:0x7f676d98bb7c
[  219.835938][T11194] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  219.835957][T11194] RSP: 002b:00007f676e7d8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  219.835978][T11194] RAX: ffffffffffffffda RBX: 00007f676dba5fa0 RCX: 00007f676d98bb7c
[  219.835993][T11194] RDX: 000000000000000f RSI: 00007f676e7d80a0 RDI: 0000000000000003
[  219.836006][T11194] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  219.836017][T11194] R10: 0000000000000032 R11: 0000000000000246 R12: 0000000000000001
[  219.836031][T11194] R13: 0000000000000001 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  219.836062][T11194]  </TASK>
[  220.391303][T11205] netlink: 304 bytes leftover after parsing attributes in process `syz.4.1481'.
[  220.761436][T11226] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1485'.
[  220.772027][T11226] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1485'.
[  221.090303][T11245] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1488'.
[  221.463002][T11267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1493'.
[  221.880306][ T5844] Bluetooth: hci4: link tx timeout
[  221.886698][ T5844] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  222.927153][T11336] x_tables: duplicate underflow at hook 2
[  223.552292][T11358] hsr0: entered promiscuous mode
[  223.572399][T11358] hsr0: entered allmulticast mode
[  223.579350][T11358] hsr_slave_0: entered allmulticast mode
[  223.608873][T11358] hsr_slave_1: entered allmulticast mode
[  223.744902][T11364] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1515'.
[  223.916443][ T5149] Bluetooth: hci4: command 0x0405 tx timeout
[  223.931349][T11382] 8021q: adding VLAN 0 to HW filter on device bond6
[  223.953832][T11381] __nla_validate_parse: 1 callbacks suppressed
[  223.953854][T11381] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1519'.
[  224.010732][T11386] xt_NFQUEUE: number of total queues is 0
[  224.020568][T11381] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1519'.
[  224.059794][T11381] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1519'.
[  224.224862][T11394] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  224.281231][T11394] netlink: 'syz.2.1522': attribute type 10 has an invalid length.
[  224.319596][T11394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1522'.
[  224.449136][T11408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1525'.
[  225.115882][T11441] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1532'.
[  225.167635][T11445] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1531'.
[  225.188180][T11445] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1531'.
[  225.648190][T11460] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  225.692087][T11460] netlink: 'syz.3.1538': attribute type 10 has an invalid length.
[  225.767463][T11465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1538'.
[  225.882302][T11469] lo speed is unknown, defaulting to 1000
[  226.437163][T11510] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1548'.
[  226.814923][T11528] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[  227.273034][T11556] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  227.481829][T11565] netlink: 'syz.4.1569': attribute type 8 has an invalid length.
[  227.651755][T11575] xt_HMARK: spi-set and port-set can't be combined
[  227.659841][T11569] lo speed is unknown, defaulting to 1000
[  227.666252][T11573] xt_HMARK: spi-set and port-set can't be combined
[  227.692198][T11556] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  228.321005][T11607] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  228.335249][T11607] netlink: 'syz.4.1577': attribute type 10 has an invalid length.
[  228.442242][T11613] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  228.549649][T11613] batman_adv: batadv0: Removing interface: batadv_slave_1
[  228.708196][T11624] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  228.770682][T11624] netlink: 'syz.1.1584': attribute type 8 has an invalid length.
[  228.862459][T11628] lo speed is unknown, defaulting to 1000
[  228.863594][T11631] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  229.176435][T11649] FAULT_INJECTION: forcing a failure.
[  229.176435][T11649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.203316][T11649] CPU: 0 UID: 0 PID: 11649 Comm: syz.3.1591 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  229.203347][T11649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  229.203370][T11649] Call Trace:
[  229.203377][T11649]  <TASK>
[  229.203386][T11649]  dump_stack_lvl+0x241/0x360
[  229.203417][T11649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.203442][T11649]  ? __pfx__printk+0x10/0x10
[  229.203465][T11649]  ? __pfx_lock_release+0x10/0x10
[  229.203505][T11649]  should_fail_ex+0x40a/0x550
[  229.203542][T11649]  _copy_from_user+0x2d/0xb0
[  229.203572][T11649]  __sys_bpf+0x1be/0x820
[  229.203605][T11649]  ? __pfx___sys_bpf+0x10/0x10
[  229.203645][T11649]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  229.203680][T11649]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  229.203713][T11649]  ? do_syscall_64+0x100/0x230
[  229.203744][T11649]  __x64_sys_bpf+0x7c/0x90
[  229.203771][T11649]  do_syscall_64+0xf3/0x230
[  229.203796][T11649]  ? clear_bhb_loop+0x35/0x90
[  229.203829][T11649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.203856][T11649] RIP: 0033:0x7f676d98d169
[  229.203874][T11649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.203891][T11649] RSP: 002b:00007f676e7d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  229.203913][T11649] RAX: ffffffffffffffda RBX: 00007f676dba5fa0 RCX: 00007f676d98d169
[  229.203928][T11649] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  229.203940][T11649] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  229.203952][T11649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  229.203982][T11649] R13: 0000000000000000 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  229.204014][T11649]  </TASK>
[  229.808982][   T30] audit: type=1800 audit(1742215925.047:2): pid=11675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1600" name="memory.events" dev="tmpfs" ino=1611 res=0 errno=0
[  229.869013][T11677] sock: sock_timestamping_bind_phc: sock not bind to device
[  229.874374][T11679] netlink: 'syz.4.1602': attribute type 4 has an invalid length.
[  229.884725][T11679] __nla_validate_parse: 10 callbacks suppressed
[  229.884741][T11679] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1602'.
[  229.933226][T11677] netlink: 'syz.1.1601': attribute type 1 has an invalid length.
[  230.721884][T11728] ip6tnl1: entered promiscuous mode
[  230.727542][T11728] ip6tnl1: entered allmulticast mode
[  230.739124][T11728] team0: Device ip6tnl1 is of different type
[  230.797779][T11729] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1616'.
[  230.943131][T11734] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1618'.
[  231.111626][T11737] lo speed is unknown, defaulting to 1000
[  231.356823][T11745] tap0: tun_chr_ioctl cmd 1074025677
[  231.392573][T11754] sctp: [Deprecated]: syz.1.1624 (pid 11754) Use of int in max_burst socket option deprecated.
[  231.392573][T11754] Use struct sctp_assoc_value instead
[  231.406810][T11745] tap0: linktype set to 805
[  231.726423][T11765] lo speed is unknown, defaulting to 1000
[  231.952226][T11778] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1631'.
[  231.992571][T11778] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1631'.
[  232.060299][T11778] team0: entered promiscuous mode
[  232.115122][T11778] team_slave_0: entered promiscuous mode
[  232.143765][T11778] team_slave_1: entered promiscuous mode
[  232.151347][T11778] bond0: entered promiscuous mode
[  232.158256][T11778] bond4: entered promiscuous mode
[  232.165538][T11778] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  232.174352][T11778] team0: left promiscuous mode
[  232.180666][T11778] team_slave_0: left promiscuous mode
[  232.186683][T11778] team_slave_1: left promiscuous mode
[  232.192758][T11778] bond0: left promiscuous mode
[  232.197964][T11778] bond4: left promiscuous mode
[  232.350157][T11789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1632'.
[  232.672733][T11793] lo speed is unknown, defaulting to 1000
[  232.716606][T11801] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  233.094308][T11808] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1638'.
[  233.412415][T11816] lo speed is unknown, defaulting to 1000
[  233.590461][T11824] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  233.630594][T11824] netlink: 'syz.4.1644': attribute type 10 has an invalid length.
[  233.717530][T11826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1644'.
[  234.479476][T11863] netlink: 'syz.2.1654': attribute type 3 has an invalid length.
[  234.488039][T11863] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1654'.
[  234.513488][T11863] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1654'.
[  234.544697][T11863] 0·: renamed from hsr_slave_1 (while UP)
[  234.614097][T11863] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  234.669648][T11863] netlink: 'syz.2.1654': attribute type 1 has an invalid length.
[  234.881765][T11883] xt_hashlimit: invalid rate
[  234.902853][T11885] netlink: 'syz.2.1658': attribute type 10 has an invalid length.
[  235.074086][T11894] __nla_validate_parse: 2 callbacks suppressed
[  235.074108][T11894] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1657'.
[  235.092066][T11894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1657'.
[  235.214437][T11885] 8021q: adding VLAN 0 to HW filter on device team0
[  235.228730][T11885] team0: entered allmulticast mode
[  235.238525][T11885] bond0: (slave team0): Enslaving as an active interface with an up link
[  237.324753][T11914] netlink: 'syz.2.1667': attribute type 1 has an invalid length.
[  237.353619][T11915] netlink: 'syz.2.1667': attribute type 2 has an invalid length.
[  237.365054][T11915] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1667'.
[  237.776739][T11946] IPv6: Can't replace route, no match found
[  237.794270][T11949] netlink: 1268 bytes leftover after parsing attributes in process `syz.0.1677'.
[  237.835093][T11949] openvswitch: netlink: Flow key attribute not present in set flow.
[  238.474481][T11976] 8021q: adding VLAN 0 to HW filter on device bond6
[  238.534093][T11976] bond0: (slave bond6): Enslaving as an active interface with a down link
[  238.821399][T11989] sctp: [Deprecated]: syz.1.1685 (pid 11989) Use of struct sctp_assoc_value in delayed_ack socket option.
[  238.821399][T11989] Use struct sctp_sack_info instead
[  238.870396][T11994] sctp: [Deprecated]: syz.1.1685 (pid 11994) Use of struct sctp_assoc_value in delayed_ack socket option.
[  238.870396][T11994] Use struct sctp_sack_info instead
[  238.909263][T11996] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  239.254274][T12005] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  239.350925][T12005] netlink: 'syz.1.1687': attribute type 10 has an invalid length.
[  239.360667][T12005] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1687'.
[  239.772551][T12028] syz.4.1694 (12028) used greatest stack depth: 18104 bytes left
[  239.984831][T12048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1697'.
[  240.022833][T12048] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  240.031935][T12048] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  240.041242][T12048] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  240.050305][T12048] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  240.071225][T12048] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  240.080469][T12048] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  240.089520][T12048] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  240.098528][T12048] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  240.208873][T12060] netlink: 'syz.3.1700': attribute type 3 has an invalid length.
[  240.225833][T12060] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1700'.
[  240.236645][T12053] wireguard0: entered promiscuous mode
[  240.245398][T12053] wireguard0: entered allmulticast mode
[  240.268552][T12062] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1700'.
[  240.313666][T12062] 0·: renamed from hsr_slave_1 (while UP)
[  240.367049][T12062] 0·: entered allmulticast mode
[  240.380029][T12062] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  240.428698][T12066] netlink: 'syz.1.1701': attribute type 30 has an invalid length.
[  240.487315][T12066] : entered promiscuous mode
[  240.815460][T12077] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  240.845096][ T5916] IPVS: starting estimator thread 0...
[  240.869845][T12077] netlink: 'syz.1.1704': attribute type 10 has an invalid length.
[  240.936797][T12084] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1704'.
[  240.946470][T12078] IPVS: using max 18 ests per chain, 43200 per kthread
[  241.012489][T12086] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1706'.
[  241.033815][T12086] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  241.097151][T12083] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1707'.
[  241.129357][T12083] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1707'.
[  241.141242][T12080] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.161228][T12087] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.176940][T12087] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.217901][T12087] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.264675][T12087] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.318187][T12087] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.343442][T12087] netlink: 'syz.3.1705': attribute type 29 has an invalid length.
[  241.803023][T12124] syzkaller1: entered promiscuous mode
[  241.859591][T12124] syzkaller1: entered allmulticast mode
[  242.155390][ T1106] wlan1: Trigger new scan to find an IBSS to join
[  242.195651][T12142] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1720'.
[  242.252006][T12135] 8021q: adding VLAN 0 to HW filter on device bond7
[  242.263928][T12135] bond7: entered allmulticast mode
[  242.273211][T12135] team0: Port device bond7 added
[  242.708446][T12159] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1723'.
[  242.726134][T12159] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1723'.
[  242.747174][T12167] FAULT_INJECTION: forcing a failure.
[  242.747174][T12167] name failslab, interval 1, probability 0, space 0, times 0
[  242.828264][T12167] CPU: 0 UID: 0 PID: 12167 Comm: syz.1.1725 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  242.828294][T12167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  242.828307][T12167] Call Trace:
[  242.828315][T12167]  <TASK>
[  242.828323][T12167]  dump_stack_lvl+0x241/0x360
[  242.828356][T12167]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.828380][T12167]  ? __pfx__printk+0x10/0x10
[  242.828404][T12167]  ? fs_reclaim_acquire+0x93/0x130
[  242.828428][T12167]  ? __pfx___might_resched+0x10/0x10
[  242.828454][T12167]  ? dynamic_dname+0x144/0x1b0
[  242.828480][T12167]  should_fail_ex+0x40a/0x550
[  242.828516][T12167]  should_failslab+0xac/0x100
[  242.828546][T12167]  __kmalloc_noprof+0xdd/0x4c0
[  242.828574][T12167]  ? tomoyo_encode+0x26f/0x540
[  242.828612][T12167]  tomoyo_encode+0x26f/0x540
[  242.828635][T12167]  ? __pfx_sockfs_dname+0x10/0x10
[  242.828669][T12167]  tomoyo_realpath_from_path+0x59e/0x5e0
[  242.828704][T12167]  tomoyo_path_number_perm+0x239/0x770
[  242.828734][T12167]  ? __lock_acquire+0x1397/0x2100
[  242.828769][T12167]  ? tomoyo_path_number_perm+0x209/0x770
[  242.828801][T12167]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  242.828874][T12167]  ? __fget_files+0x2a/0x410
[  242.828908][T12167]  ? __fget_files+0x2a/0x410
[  242.828945][T12167]  security_file_ioctl+0xc6/0x2a0
[  242.828975][T12167]  __se_sys_ioctl+0x46/0x170
[  242.829001][T12167]  do_syscall_64+0xf3/0x230
[  242.829029][T12167]  ? clear_bhb_loop+0x35/0x90
[  242.829062][T12167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.829090][T12167] RIP: 0033:0x7fdd5f58d169
[  242.829108][T12167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.829126][T12167] RSP: 002b:00007fdd6037e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  242.829148][T12167] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58d169
[  242.829164][T12167] RDX: 0000000000000000 RSI: 0000000080047453 RDI: 0000000000000003
[  242.829176][T12167] RBP: 00007fdd6037e090 R08: 0000000000000000 R09: 0000000000000000
[  242.829189][T12167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.829202][T12167] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  242.829233][T12167]  </TASK>
[  242.829252][T12167] ERROR: Out of memory at tomoyo_realpath_from_path.
[  243.283065][T12165] lo speed is unknown, defaulting to 1000
[  243.331677][T12180] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1728'.
[  243.412621][T12187] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  243.465471][T12187] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  243.482562][T12187] gretap1: entered promiscuous mode
[  243.500308][T12187] gretap1: entered allmulticast mode
[  243.649441][T12201] 8021q: adding VLAN 0 to HW filter on device bond7
[  243.698985][T12201] team0: Port device bond7 added
[  243.922511][T12220] FAULT_INJECTION: forcing a failure.
[  243.922511][T12220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  243.996849][T12220] CPU: 0 UID: 0 PID: 12220 Comm: syz.3.1739 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  243.996881][T12220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  243.996893][T12220] Call Trace:
[  243.996901][T12220]  <TASK>
[  243.996910][T12220]  dump_stack_lvl+0x241/0x360
[  243.996942][T12220]  ? __pfx_dump_stack_lvl+0x10/0x10
[  243.996966][T12220]  ? __pfx__printk+0x10/0x10
[  243.996990][T12220]  ? __pfx_lock_release+0x10/0x10
[  243.997023][T12220]  ? __lock_acquire+0x1397/0x2100
[  243.997062][T12220]  should_fail_ex+0x40a/0x550
[  243.997100][T12220]  _copy_from_user+0x2d/0xb0
[  243.997130][T12220]  kstrtouint_from_user+0xc6/0x190
[  243.997157][T12220]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  243.997186][T12220]  ? __pfx_lock_acquire+0x10/0x10
[  243.997229][T12220]  proc_fail_nth_write+0xaa/0x2d0
[  243.997260][T12220]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  243.997297][T12220]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  243.997334][T12220]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  243.997366][T12220]  vfs_write+0x29f/0xd10
[  243.997391][T12220]  ? fdget_pos+0x254/0x320
[  243.997421][T12220]  ? __mutex_unlock_slowpath+0x227/0x800
[  243.997453][T12220]  ? __pfx_vfs_write+0x10/0x10
[  243.997479][T12220]  ? __fget_files+0x2a/0x410
[  243.997512][T12220]  ? __fget_files+0x395/0x410
[  243.997541][T12220]  ? __fget_files+0x2a/0x410
[  243.997582][T12220]  ksys_write+0x18f/0x2b0
[  243.997609][T12220]  ? __pfx_ksys_write+0x10/0x10
[  243.997633][T12220]  ? do_syscall_64+0x100/0x230
[  243.997665][T12220]  ? do_syscall_64+0xb6/0x230
[  243.997695][T12220]  do_syscall_64+0xf3/0x230
[  243.997723][T12220]  ? clear_bhb_loop+0x35/0x90
[  243.997756][T12220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.997784][T12220] RIP: 0033:0x7f676d98bc1f
[  243.997802][T12220] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  243.997820][T12220] RSP: 002b:00007f676e7d8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  243.997842][T12220] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f676d98bc1f
[  243.997857][T12220] RDX: 0000000000000001 RSI: 00007f676e7d80a0 RDI: 0000000000000004
[  243.997870][T12220] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  243.997883][T12220] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  243.997895][T12220] R13: 0000000000000000 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  243.997926][T12220]  </TASK>
[  244.681074][T12238] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  244.870703][T12225] lo speed is unknown, defaulting to 1000
[  244.943879][T12235] lo speed is unknown, defaulting to 1000
[  245.126672][T12244] lo speed is unknown, defaulting to 1000
[  245.208741][ T2908] wlan1: Trigger new scan to find an IBSS to join
[  245.590589][T12266] 8021q: adding VLAN 0 to HW filter on device bond5
[  245.619425][T12266] team0: Port device bond5 added
[  245.996757][T12282] xt_ipcomp: unknown flags F7
[  246.004252][T12282] x_tables: ip6_tables: rpfilter.0 match: invalid size 8 (kernel) != (user) 48
[  246.027440][T12282] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  246.405162][T12295] __nla_validate_parse: 6 callbacks suppressed
[  246.405184][T12295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1760'.
[  246.457500][T12295] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1760'.
[  246.502009][T12295] bridge8: the hash_elasticity option has been deprecated and is always 16
[  246.736233][T12308] 8021q: adding VLAN 0 to HW filter on device bond6
[  246.751076][T12308] team0: Port device bond6 added
[  246.790319][T12312] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  247.078942][T12326] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1770'.
[  247.090369][T12326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1770'.
[  247.557888][T12340] 
: (slave dummy0): Releasing backup interface
[  247.589580][T12340] dummy0: left promiscuous mode
[  247.619003][T12347] validate_nla: 31 callbacks suppressed
[  247.619025][T12347] netlink: 'syz.1.1779': attribute type 39 has an invalid length.
[  247.669075][T12340] bridge_slave_0: left allmulticast mode
[  247.687664][T12354] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1782'.
[  247.697907][T12340] bridge_slave_0: left promiscuous mode
[  247.703712][T12340] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.750244][T12340] bridge_slave_1: left allmulticast mode
[  247.780970][T12340] bridge_slave_1: left promiscuous mode
[  247.792769][T12340] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.821633][T12340] 
: (slave bond_slave_0): Releasing backup interface
[  247.834235][T12340] bond_slave_0: left promiscuous mode
[  247.841604][T12356] sctp: [Deprecated]: syz.1.1779 (pid 12356) Use of struct sctp_assoc_value in delayed_ack socket option.
[  247.841604][T12356] Use struct sctp_sack_info instead
[  247.871103][T12340] 
: (slave bond_slave_1): Releasing backup interface
[  247.881007][T12340] bond_slave_1: left promiscuous mode
[  247.927762][T12340] team0: Port device team_slave_0 removed
[  247.957657][T12340] team0: Port device team_slave_1 removed
[  247.964008][T12340] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  247.972453][T12340] batman_adv: batadv0: Removing interface: batadv_slave_0
[  247.982419][T12340] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  247.991569][T12340] batman_adv: batadv0: Removing interface: batadv_slave_1
[  248.018661][T12340] team0: Port device bond0 removed
[  248.043892][T12340] team0: Port device bond4 removed
[  248.054080][T12340] bond0: (slave bond6): Releasing active interface
[  248.084451][T12340] team0: Port device bond7 removed
[  248.156411][   T12] wlan1: Trigger new scan to find an IBSS to join
[  248.174524][T12354] vlan0: entered allmulticast mode
[  248.182765][T12354] bridge0: port 1(vlan0) entered blocking state
[  248.191155][T12354] bridge0: port 1(vlan0) entered disabled state
[  248.218676][T12348] lo speed is unknown, defaulting to 1000
[  248.522276][T12374] sctp: [Deprecated]: syz.1.1786 (pid 12374) Use of int in max_burst socket option deprecated.
[  248.522276][T12374] Use struct sctp_assoc_value instead
[  248.969790][T12391] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1794'.
[  248.997031][T12391] 0·: renamed from hsr_slave_1 (while UP)
[  249.011267][T12391] 0·: entered allmulticast mode
[  249.017279][T12391] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  249.079006][T12399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1796'.
[  249.178581][T12400] lo speed is unknown, defaulting to 1000
[  249.196721][   T12] wlan1: Creating new IBSS network, BSSID 26:0c:1e:9c:ea:be
[  249.327825][T12405] lo speed is unknown, defaulting to 1000
[  250.781989][T12455] sctp: [Deprecated]: syz.3.1812 (pid 12455) Use of struct sctp_assoc_value in delayed_ack socket option.
[  250.781989][T12455] Use struct sctp_sack_info instead
[  251.097786][T12459] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1813'.
[  251.126916][T12459] 0·: renamed from hsr_slave_1 (while UP)
[  251.138219][T12459] 0·: entered allmulticast mode
[  251.143599][T12459] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  251.261666][T12461] lo speed is unknown, defaulting to 1000
[  251.288671][T12463] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1815'.
[  251.336230][T12463] netlink: 'syz.3.1815': attribute type 8 has an invalid length.
[  251.636353][T12478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1819'.
[  251.879952][T12492] netlink: 'syz.2.1823': attribute type 12 has an invalid length.
[  252.010942][T12497] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  252.357836][T12492] netlink: zone id is out of range
[  252.408650][T12497] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1823'.
[  252.446708][T12497] netlink: 'syz.2.1823': attribute type 2 has an invalid length.
[  252.480403][T12497] Tq€!7: entered promiscuous mode
[  252.579392][T12492] netlink: set zone limit has 4 unknown bytes
[  252.588355][T12519] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1831'.
[  252.616925][T12497] bond8: entered promiscuous mode
[  252.622245][T12497] bond8: entered allmulticast mode
[  252.632768][T12497] 8021q: adding VLAN 0 to HW filter on device bond8
[  253.047165][T12538] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  253.071048][T12538] netlink: 'syz.3.1838': attribute type 1 has an invalid length.
[  253.100610][T12538] netlink: 'syz.3.1838': attribute type 4 has an invalid length.
[  253.119624][T12538] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.1838'.
[  253.155782][T12541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1838'.
[  253.497021][T12557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1845'.
[  253.533685][T12557] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1845'.
[  253.563836][T12559] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1847'.
[  253.593938][T12559] 1·: renamed from 
c0· (while UP)
[  253.624678][T12559] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  253.819853][T12570] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1852'.
[  253.914880][T12573] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1853'.
[  254.742830][T12588] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  254.786777][T12588] netlink: 'syz.4.1857': attribute type 8 has an invalid length.
[  254.794656][T12590] lo speed is unknown, defaulting to 1000
[  255.075452][T12599] 1·: renamed from 
c0· (while UP)
[  255.094350][T12599] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  255.455936][T12604] lo speed is unknown, defaulting to 1000
[  256.006007][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  256.679276][T12623] __nla_validate_parse: 2 callbacks suppressed
[  256.679299][T12623] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1865'.
[  256.736067][T12623] 0·: renamed from 
c1· (while UP)
[  256.767244][T12623] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  257.128917][T12632] netlink: zone id is out of range
[  257.145314][T12632] netlink: zone id is out of range
[  257.161685][T12632] netlink: zone id is out of range
[  257.190156][T12632] netlink: zone id is out of range
[  257.217778][T12632] netlink: zone id is out of range
[  257.263463][T12632] netlink: zone id is out of range
[  257.301923][T12632] netlink: zone id is out of range
[  257.332090][T12632] netlink: zone id is out of range
[  257.360161][T12633] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1868'.
[  257.376506][T12638] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1868'.
[  257.379819][T12632] netlink: zone id is out of range
[  257.728626][T12642] FAULT_INJECTION: forcing a failure.
[  257.728626][T12642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.747286][T12642] CPU: 1 UID: 0 PID: 12642 Comm: syz.1.1874 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  257.747317][T12642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  257.747331][T12642] Call Trace:
[  257.747338][T12642]  <TASK>
[  257.747347][T12642]  dump_stack_lvl+0x241/0x360
[  257.747379][T12642]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.747403][T12642]  ? __pfx__printk+0x10/0x10
[  257.747426][T12642]  ? __pfx_lock_release+0x10/0x10
[  257.747468][T12642]  should_fail_ex+0x40a/0x550
[  257.747505][T12642]  _copy_from_user+0x2d/0xb0
[  257.747535][T12642]  vmemdup_user+0x149/0x1c0
[  257.747557][T12642]  map_get_next_key+0x1c4/0x5e0
[  257.747587][T12642]  ? __might_fault+0xc6/0x120
[  257.747614][T12642]  __sys_bpf+0x732/0x820
[  257.747645][T12642]  ? __pfx___sys_bpf+0x10/0x10
[  257.747688][T12642]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  257.747723][T12642]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  257.747757][T12642]  ? do_syscall_64+0x100/0x230
[  257.747789][T12642]  __x64_sys_bpf+0x7c/0x90
[  257.747817][T12642]  do_syscall_64+0xf3/0x230
[  257.747849][T12642]  ? clear_bhb_loop+0x35/0x90
[  257.747883][T12642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.747911][T12642] RIP: 0033:0x7fdd5f58d169
[  257.747929][T12642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.747948][T12642] RSP: 002b:00007fdd6037e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  257.747971][T12642] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58d169
[  257.747986][T12642] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  257.748000][T12642] RBP: 00007fdd6037e090 R08: 0000000000000000 R09: 0000000000000000
[  257.748013][T12642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.748025][T12642] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  257.748056][T12642]  </TASK>
[  258.150833][T12657] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1875'.
[  258.169357][T12658] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  258.180114][T12658] netlink: 'syz.1.1876': attribute type 8 has an invalid length.
[  258.271769][T12655] lo speed is unknown, defaulting to 1000
[  258.603008][T12666] lo speed is unknown, defaulting to 1000
[  258.971470][T12685] FAULT_INJECTION: forcing a failure.
[  258.971470][T12685] name failslab, interval 1, probability 0, space 0, times 0
[  259.005486][T12685] CPU: 1 UID: 0 PID: 12685 Comm: syz.3.1886 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  259.005519][T12685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  259.005533][T12685] Call Trace:
[  259.005540][T12685]  <TASK>
[  259.005549][T12685]  dump_stack_lvl+0x241/0x360
[  259.005580][T12685]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.005604][T12685]  ? __pfx__printk+0x10/0x10
[  259.005627][T12685]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  259.005659][T12685]  ? __pfx___might_resched+0x10/0x10
[  259.005700][T12685]  should_fail_ex+0x40a/0x550
[  259.005737][T12685]  should_failslab+0xac/0x100
[  259.005767][T12685]  __kmalloc_node_noprof+0xe1/0x4d0
[  259.005796][T12685]  ? __kvmalloc_node_noprof+0x72/0x190
[  259.005834][T12685]  __kvmalloc_node_noprof+0x72/0x190
[  259.005869][T12685]  map_get_next_key+0x230/0x5e0
[  259.005898][T12685]  ? __might_fault+0xc6/0x120
[  259.005924][T12685]  __sys_bpf+0x732/0x820
[  259.005956][T12685]  ? __pfx___sys_bpf+0x10/0x10
[  259.005998][T12685]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  259.006034][T12685]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  259.006068][T12685]  ? do_syscall_64+0x100/0x230
[  259.006101][T12685]  __x64_sys_bpf+0x7c/0x90
[  259.006129][T12685]  do_syscall_64+0xf3/0x230
[  259.006156][T12685]  ? clear_bhb_loop+0x35/0x90
[  259.006189][T12685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.006217][T12685] RIP: 0033:0x7f676d98d169
[  259.006235][T12685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.006254][T12685] RSP: 002b:00007f676e7d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  259.006276][T12685] RAX: ffffffffffffffda RBX: 00007f676dba5fa0 RCX: 00007f676d98d169
[  259.006292][T12685] RDX: 0000000000000020 RSI: 0000400000000100 RDI: 0000000000000004
[  259.006305][T12685] RBP: 00007f676e7d8090 R08: 0000000000000000 R09: 0000000000000000
[  259.006319][T12685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.006331][T12685] R13: 0000000000000000 R14: 00007f676dba5fa0 R15: 00007ffe48413b18
[  259.006361][T12685]  </TASK>
[  259.028407][T12673] lo speed is unknown, defaulting to 1000
[  259.559227][T12699] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  259.571704][T12699] netlink: 'syz.4.1890': attribute type 8 has an invalid length.
[  259.941468][T12713] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1894'.
[  259.971261][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1895'.
[  259.980829][T12705] lo speed is unknown, defaulting to 1000
[  259.990984][T12716] FAULT_INJECTION: forcing a failure.
[  259.990984][T12716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.010238][T12716] CPU: 1 UID: 0 PID: 12716 Comm: syz.1.1897 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  260.010268][T12716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  260.010281][T12716] Call Trace:
[  260.010289][T12716]  <TASK>
[  260.010297][T12716]  dump_stack_lvl+0x241/0x360
[  260.010329][T12716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.010352][T12716]  ? __pfx__printk+0x10/0x10
[  260.010379][T12716]  ? snprintf+0xda/0x120
[  260.010403][T12716]  should_fail_ex+0x40a/0x550
[  260.010438][T12716]  _copy_to_user+0x31/0xb0
[  260.010468][T12716]  simple_read_from_buffer+0xca/0x150
[  260.010501][T12716]  proc_fail_nth_read+0x1e9/0x250
[  260.010535][T12716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  260.010569][T12716]  ? rw_verify_area+0x243/0x630
[  260.010591][T12716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  260.010623][T12716]  vfs_read+0x1f8/0xb40
[  260.010655][T12716]  ? fdget_pos+0x254/0x320
[  260.010687][T12716]  ? __pfx___mutex_lock+0x10/0x10
[  260.010714][T12716]  ? __pfx_vfs_read+0x10/0x10
[  260.010733][T12716]  ? do_sys_openat2+0x17a/0x1d0
[  260.010768][T12716]  ? __fget_files+0x2a/0x410
[  260.010801][T12716]  ? __fget_files+0x395/0x410
[  260.010830][T12716]  ? __fget_files+0x2a/0x410
[  260.010869][T12716]  ksys_read+0x18f/0x2b0
[  260.010892][T12716]  ? __pfx_ksys_read+0x10/0x10
[  260.010914][T12716]  ? do_syscall_64+0x100/0x230
[  260.010941][T12716]  ? do_syscall_64+0xb6/0x230
[  260.010970][T12716]  do_syscall_64+0xf3/0x230
[  260.010995][T12716]  ? clear_bhb_loop+0x35/0x90
[  260.011027][T12716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.011054][T12716] RIP: 0033:0x7fdd5f58bb7c
[  260.011073][T12716] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  260.011091][T12716] RSP: 002b:00007fdd6037e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  260.011114][T12716] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58bb7c
[  260.011129][T12716] RDX: 000000000000000f RSI: 00007fdd6037e0a0 RDI: 0000000000000004
[  260.011142][T12716] RBP: 00007fdd6037e090 R08: 0000000000000000 R09: 0000000000000000
[  260.011154][T12716] R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000001
[  260.011166][T12716] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  260.011198][T12716]  </TASK>
[  260.774867][T12737] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  260.786257][T12737] netlink: 'syz.4.1903': attribute type 8 has an invalid length.
[  260.841568][T12739] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1904'.
[  261.540651][T12763] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1912'.
[  261.662895][T12768] 8021q: adding VLAN 0 to HW filter on device bond9
[  261.681489][T12768] team0: Port device bond9 added
[  261.759279][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1914'.
[  262.145282][T12786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1917'.
[  262.194901][T12786] ipvlan0: entered promiscuous mode
[  262.217810][T12786] bridge0: port 2(ipvlan0) entered blocking state
[  262.241617][T12786] bridge0: port 2(ipvlan0) entered disabled state
[  262.265427][T12786] ipvlan0: entered allmulticast mode
[  262.280307][T12786] bridge0: entered allmulticast mode
[  262.294729][T12786] ipvlan0: left allmulticast mode
[  262.303120][T12786] bridge0: left allmulticast mode
[  263.026166][T12806] netlink: 'syz.0.1924': attribute type 10 has an invalid length.
[  263.036716][T12806] 8021q: adding VLAN 0 to HW filter on device team0
[  263.134285][T12811] lo speed is unknown, defaulting to 1000
[  263.203503][T12813] net_ratelimit: 8 callbacks suppressed
[  263.203524][T12813] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  263.227222][T12813] netlink: 'syz.3.1927': attribute type 10 has an invalid length.
[  263.601519][T12832] netlink: 'syz.1.1932': attribute type 1 has an invalid length.
[  263.619955][T12832] netlink: 'syz.1.1932': attribute type 3 has an invalid length.
[  264.088823][T12854] netlink: 'syz.2.1937': attribute type 1 has an invalid length.
[  264.243628][T12861] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  264.318297][T12861] netlink: 'syz.1.1940': attribute type 10 has an invalid length.
[  264.367334][T12861] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1940'.
[  264.506627][T12866] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1942'.
[  264.887746][T12882] lo speed is unknown, defaulting to 1000
[  265.036295][   T30] audit: type=1800 audit(1742215960.277:3): pid=12867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1941" name="memory.events" dev="tmpfs" ino=2027 res=0 errno=0
[  265.067365][T12891] RDS: rds_bind could not find a transport for ::4000:0:40:0, load rds_tcp or rds_rdma?
[  265.115427][T12891] netlink: 'syz.0.1950': attribute type 8 has an invalid length.
[  265.371102][T12898] netlink: 'syz.0.1952': attribute type 1 has an invalid length.
[  265.444686][T12904] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1952'.
[  265.531608][T12908] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1952'.
[  265.595870][T12898] 8021q: adding VLAN 0 to HW filter on device bond7
[  265.610656][T12902] lo speed is unknown, defaulting to 1000
[  265.819195][T12902] pimreg0: tun_chr_ioctl cmd 1074025677
[  265.825244][T12902] pimreg0: linktype set to 65534
[  266.023158][T12921] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1957'.
[  266.163444][T12921] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1957'.
[  266.175764][T12921] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1957'.
[  266.203495][T12931] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1959'.
[  266.364480][T12928] can: request_module (can-proto-5) failed.
[  266.389775][T12901] dccp_close: ABORT with 32 bytes unread
[  266.614506][T12942] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  266.672368][T12942] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  266.696120][T12946] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  266.706347][T12942] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  266.834317][T12943] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  266.949742][T12956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1965'.
[  267.117595][T12956] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1965'.
[  267.178408][T12967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1967'.
[  267.358365][T12976] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  267.399282][T12979] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1971'.
[  267.422365][T12979] 1·: renamed from 
c0· (while UP)
[  267.494087][T12979] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  267.547058][T12974] lo speed is unknown, defaulting to 1000
[  267.911210][T12998] x_tables: duplicate underflow at hook 1
[  267.926783][T13000] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1979'.
[  267.960070][T12993] netlink: 'syz.3.1979': attribute type 1 has an invalid length.
[  267.988403][T13001] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1977'.
[  268.010687][T13001] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1977'.
[  268.110356][T13008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1980'.
[  268.118132][T13010] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1982'.
[  268.120908][T13008] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  268.166204][T13008] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  268.186411][T13011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1980'.
[  268.201804][T13011] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  268.209746][T13011] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  268.293749][T13016] netlink: 'syz.4.1984': attribute type 10 has an invalid length.
[  268.319289][T13016] batman_adv: batadv0: Adding interface: virt_wifi0
[  268.333912][T13016] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.373582][T13016] batman_adv: batadv0: Interface activated: virt_wifi0
[  268.531395][T13026] lo speed is unknown, defaulting to 1000
[  268.606522][T13023] lo speed is unknown, defaulting to 1000
[  268.852701][T13042] openvswitch: netlink: IPv4 tunnel dst address is zero
[  269.274321][T13031] netlink: 'syz.3.1988': attribute type 4 has an invalid length.
[  269.308128][T13059] lo speed is unknown, defaulting to 1000
[  269.678338][T13069] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  269.693995][T13069] netlink: 'syz.3.2000': attribute type 10 has an invalid length.
[  269.934189][T13079] 8021q: adding VLAN 0 to HW filter on device bond9
[  269.943638][T13079] bond9: entered allmulticast mode
[  269.950393][T13079] team0: Port device bond9 added
[  270.040626][T13085] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  270.399393][T13101] x_tables: duplicate underflow at hook 1
[  270.881966][   T30] audit: type=1107 audit(1742215966.117:4): pid=13113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Àïï'
[  271.403183][T13138] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  271.471029][T13142] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  271.768117][T13154] netlink: 'syz.3.2025': attribute type 1 has an invalid length.
[  272.037538][T13167] netlink: 'syz.3.2032': attribute type 21 has an invalid length.
[  272.056340][T13167] __nla_validate_parse: 13 callbacks suppressed
[  272.056361][T13167] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2032'.
[  272.100191][T13170] netlink: 'syz.2.2029': attribute type 2 has an invalid length.
[  272.103675][T13167] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2032'.
[  272.108136][T13170] netlink: 'syz.2.2029': attribute type 9 has an invalid length.
[  272.108159][T13170] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2029'.
[  272.550476][T13186] 8021q: adding VLAN 0 to HW filter on device bond8
[  272.602454][T13186] team0: Port device bond8 added
[  273.177300][T13210] netlink: 'syz.3.2046': attribute type 1 has an invalid length.
[  273.494573][T13218] bond0: left allmulticast mode
[  273.501750][T13218] team0: left allmulticast mode
[  273.528732][T13218] bond7: left allmulticast mode
[  273.546434][T13218] bond9: left allmulticast mode
[  273.573535][T13218] dummy0: left promiscuous mode
[  273.592641][T13218] dummy0: left allmulticast mode
[  273.755491][T13218] hsr0: left promiscuous mode
[  273.760411][T13218] hsr0: left allmulticast mode
[  273.765386][T13218] hsr_slave_0: left allmulticast mode
[  273.770954][T13218] 1·: left allmulticast mode
[  273.868735][T13218] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  273.878291][T13218] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  273.898586][T13218] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  273.918208][T13239] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2053'.
[  273.927424][T13218] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  274.124406][T13218] macvtap1: left promiscuous mode
[  274.130533][T13218] macvtap1: left allmulticast mode
[  274.145730][T13218] macvtap2: left promiscuous mode
[  274.151310][T13218] macvtap2: left allmulticast mode
[  274.164139][T13218] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  274.173478][T13218] macvtap3: left promiscuous mode
[  274.179550][T13218] macvtap3: left allmulticast mode
[  274.221218][T13218] gretap1: left promiscuous mode
[  274.227494][T13218] gretap1: left allmulticast mode
[  274.243865][T13218] bond8: left promiscuous mode
[  274.249176][T13218] bond8: left allmulticast mode
[  274.263835][ T5886] lo speed is unknown, defaulting to 1000
[  274.309795][T13239] bridge0: left promiscuous mode
[  274.319049][T13239] macvlan0: left promiscuous mode
[  274.337226][T13239] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2053'.
[  274.361274][T13243] team0: Device gtp0 is of different type
[  274.399891][T13257] ax25_connect(): syz.0.2057 uses autobind, please contact jreuter@yaina.de
[  274.427260][T13258] ax25_connect(): syz.0.2057 uses autobind, please contact jreuter@yaina.de
[  274.448850][T13256] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2057'.
[  274.530755][T13263] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  274.781173][T13270] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2062'.
[  274.797620][T13270] netlink: 'syz.0.2062': attribute type 1 has an invalid length.
[  274.826107][T13270] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2062'.
[  274.843150][T13279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2066'.
[  274.881596][T13270] netlink: 'syz.0.2062': attribute type 1 has an invalid length.
[  274.894484][T13283] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  274.958353][T13284] netlink: 'syz.3.2065': attribute type 1 has an invalid length.
[  275.045255][T13287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2067'.
[  275.105362][T13288] can: request_module (can-proto-0) failed.
[  275.174108][T13284] 8021q: adding VLAN 0 to HW filter on device batadv1
[  275.258051][T13284] bond10: (slave batadv1): Enslaving as a backup interface with an up link
[  275.299812][T13296] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  275.496182][T13303] netlink: 'syz.2.2071': attribute type 13 has an invalid length.
[  275.931277][T13303] macvtap0: entered promiscuous mode
[  275.953350][T13303] macvtap0: refused to change device tx_queue_len
[  275.987183][T13304] xfrm1: entered allmulticast mode
[  276.052388][T13321] lo speed is unknown, defaulting to 1000
[  276.578391][T13349] 8021q: adding VLAN 0 to HW filter on device bond9
[  276.612098][T13349] team0: Port device bond9 added
[  276.884337][T13363] ipvlan0: entered promiscuous mode
[  276.910370][T13363] bridge0: port 2(ipvlan0) entered blocking state
[  276.922025][T13363] bridge0: port 2(ipvlan0) entered disabled state
[  276.930529][T13363] ipvlan0: entered allmulticast mode
[  276.941088][T13363] bridge0: entered allmulticast mode
[  276.953821][T13363] ipvlan0: left allmulticast mode
[  276.972510][T13363] bridge0: left allmulticast mode
[  277.209879][T13372] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  277.235455][T13372] netlink: 'syz.0.2090': attribute type 10 has an invalid length.
[  277.244007][T13372] __nla_validate_parse: 6 callbacks suppressed
[  277.244026][T13372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2090'.
[  277.647100][T13390] FAULT_INJECTION: forcing a failure.
[  277.647100][T13390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.679716][T13390] CPU: 0 UID: 0 PID: 13390 Comm: syz.2.2095 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  277.679751][T13390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  277.679764][T13390] Call Trace:
[  277.679772][T13390]  <TASK>
[  277.679781][T13390]  dump_stack_lvl+0x241/0x360
[  277.679812][T13390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.679836][T13390]  ? __pfx__printk+0x10/0x10
[  277.679864][T13390]  ? btf_check_sec_info+0x379/0x4f0
[  277.679891][T13390]  should_fail_ex+0x40a/0x550
[  277.679928][T13390]  _copy_to_user+0x31/0xb0
[  277.679959][T13390]  btf_new_fd+0x42e/0xca0
[  277.679981][T13390]  ? apparmor_capable+0x13b/0x1b0
[  277.680015][T13390]  ? __pfx_btf_new_fd+0x10/0x10
[  277.680040][T13390]  ? bpf_btf_load+0xcf/0x1a0
[  277.680073][T13390]  __sys_bpf+0x6f2/0x820
[  277.680109][T13390]  ? __pfx___sys_bpf+0x10/0x10
[  277.680152][T13390]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  277.680188][T13390]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  277.680222][T13390]  ? do_syscall_64+0x100/0x230
[  277.680254][T13390]  __x64_sys_bpf+0x7c/0x90
[  277.680281][T13390]  do_syscall_64+0xf3/0x230
[  277.680307][T13390]  ? clear_bhb_loop+0x35/0x90
[  277.680339][T13390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.680367][T13390] RIP: 0033:0x7f907818d169
[  277.680385][T13390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.680402][T13390] RSP: 002b:00007f907904e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  277.680425][T13390] RAX: ffffffffffffffda RBX: 00007f90783a5fa0 RCX: 00007f907818d169
[  277.680440][T13390] RDX: 0000000000000028 RSI: 0000400000000500 RDI: 0000000000000012
[  277.680454][T13390] RBP: 00007f907904e090 R08: 0000000000000000 R09: 0000000000000000
[  277.680467][T13390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.680479][T13390] R13: 0000000000000001 R14: 00007f90783a5fa0 R15: 00007ffeee9994f8
[  277.680510][T13390]  </TASK>
[  278.213290][T13397] netlink: 'syz.1.2098': attribute type 11 has an invalid length.
[  278.221380][T13397] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2098'.
[  278.273516][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2098'.
[  278.383121][T13401] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2100'.
[  278.557914][T13401] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2100'.
[  278.567887][T13401] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2100'.
[  278.578814][T13406] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  278.784006][T13416] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2107'.
[  278.804208][T13416] 0·: renamed from hsr_slave_1 (while UP)
[  278.830960][T13416] 0·: entered allmulticast mode
[  278.839909][T13416] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  278.865351][T13420] openvswitch: netlink: VXLAN extension 26 out of range max 1
[  279.026668][T13427] FAULT_INJECTION: forcing a failure.
[  279.026668][T13427] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.053606][T13427] CPU: 1 UID: 0 PID: 13427 Comm: syz.1.2110 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  279.053636][T13427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  279.053650][T13427] Call Trace:
[  279.053657][T13427]  <TASK>
[  279.053666][T13427]  dump_stack_lvl+0x241/0x360
[  279.053698][T13427]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.053722][T13427]  ? __pfx__printk+0x10/0x10
[  279.053745][T13427]  ? __pfx_lock_release+0x10/0x10
[  279.053787][T13427]  should_fail_ex+0x40a/0x550
[  279.053825][T13427]  _copy_from_user+0x2d/0xb0
[  279.053855][T13427]  do_sock_getsockopt+0x1d1/0x740
[  279.053886][T13427]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  279.053908][T13427]  ? __fget_files+0x2a/0x410
[  279.053942][T13427]  ? __fget_files+0x395/0x410
[  279.053971][T13427]  ? __fget_files+0x2a/0x410
[  279.054010][T13427]  __x64_sys_getsockopt+0x2a1/0x370
[  279.054048][T13427]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  279.054075][T13427]  ? do_syscall_64+0x100/0x230
[  279.054106][T13427]  ? do_syscall_64+0xb6/0x230
[  279.054136][T13427]  do_syscall_64+0xf3/0x230
[  279.054162][T13427]  ? clear_bhb_loop+0x35/0x90
[  279.054195][T13427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.054222][T13427] RIP: 0033:0x7fdd5f58d169
[  279.054241][T13427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.054259][T13427] RSP: 002b:00007fdd6037e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  279.054281][T13427] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58d169
[  279.054296][T13427] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003
[  279.054309][T13427] RBP: 00007fdd6037e090 R08: 0000400000000040 R09: 0000000000000000
[  279.054323][T13427] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  279.054336][T13427] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  279.054367][T13427]  </TASK>
[  279.058151][T13418] lo speed is unknown, defaulting to 1000
[  279.152453][T13435] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  279.312130][T13424] lo speed is unknown, defaulting to 1000
[  279.320792][T13435] netlink: 'syz.1.2113': attribute type 10 has an invalid length.
[  279.397974][T13441] lo speed is unknown, defaulting to 1000
[  279.533532][T13448] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2115'.
[  279.700690][T13448] 1·: renamed from 
c0· (while UP)
[  279.732441][T13448] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  279.902427][T13459] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  280.681201][T13481] netlink: 'syz.2.2129': attribute type 10 has an invalid length.
[  280.706147][T13481] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  280.746413][T13481] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  280.772098][T13481] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  280.828868][T13483] lo speed is unknown, defaulting to 1000
[  281.252238][T13499] netlink: 'syz.4.2136': attribute type 2 has an invalid length.
[  281.287963][T13499] fþ: entered promiscuous mode
[  281.320125][T13498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2134'.
[  281.650191][T13511] lo speed is unknown, defaulting to 1000
[  281.779024][T13517] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2143'.
[  281.807196][T13519] FAULT_INJECTION: forcing a failure.
[  281.807196][T13519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.833656][T13517] 0·: renamed from 
c1·
[  281.841613][T13519] CPU: 0 UID: 0 PID: 13519 Comm: syz.1.2144 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  281.841640][T13519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  281.841652][T13519] Call Trace:
[  281.841659][T13519]  <TASK>
[  281.841667][T13519]  dump_stack_lvl+0x241/0x360
[  281.841695][T13519]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.841715][T13519]  ? __pfx__printk+0x10/0x10
[  281.841739][T13519]  ? snprintf+0xda/0x120
[  281.841759][T13519]  should_fail_ex+0x40a/0x550
[  281.841791][T13519]  _copy_to_user+0x31/0xb0
[  281.841817][T13519]  simple_read_from_buffer+0xca/0x150
[  281.841845][T13519]  proc_fail_nth_read+0x1e9/0x250
[  281.841873][T13519]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.841901][T13519]  ? rw_verify_area+0x243/0x630
[  281.841920][T13519]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.841947][T13519]  vfs_read+0x1f8/0xb40
[  281.841966][T13519]  ? fdget_pos+0x254/0x320
[  281.841994][T13519]  ? __pfx___mutex_lock+0x10/0x10
[  281.842017][T13519]  ? __pfx_vfs_read+0x10/0x10
[  281.842039][T13519]  ? __fget_files+0x2a/0x410
[  281.842066][T13519]  ? __fget_files+0x395/0x410
[  281.842091][T13519]  ? __fget_files+0x2a/0x410
[  281.842124][T13519]  ksys_read+0x18f/0x2b0
[  281.842146][T13519]  ? __pfx_ksys_read+0x10/0x10
[  281.842169][T13519]  ? do_syscall_64+0x100/0x230
[  281.842200][T13519]  ? do_syscall_64+0xb6/0x230
[  281.842229][T13519]  do_syscall_64+0xf3/0x230
[  281.842256][T13519]  ? clear_bhb_loop+0x35/0x90
[  281.842288][T13519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.842316][T13519] RIP: 0033:0x7fdd5f58bb7c
[  281.842334][T13519] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  281.842351][T13519] RSP: 002b:00007fdd6037e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  281.842373][T13519] RAX: ffffffffffffffda RBX: 00007fdd5f7a5fa0 RCX: 00007fdd5f58bb7c
[  281.842388][T13519] RDX: 000000000000000f RSI: 00007fdd6037e0a0 RDI: 0000000000000004
[  281.842414][T13519] RBP: 00007fdd6037e090 R08: 0000000000000000 R09: 0000000000000000
[  281.842425][T13519] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  281.842436][T13519] R13: 0000000000000000 R14: 00007fdd5f7a5fa0 R15: 00007ffe1c38ecf8
[  281.842462][T13519]  </TASK>
[  282.111893][T13517] 0·: entered allmulticast mode
[  282.125511][T13517] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  282.428489][T13533] xt_CT: You must specify a L4 protocol and not use inversions on it
[  282.464555][T13528] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  282.556221][T13536] pimreg3: entered allmulticast mode
[  282.637423][T13528] lo speed is unknown, defaulting to 1000
[  283.077188][T13551] 8021q: adding VLAN 0 to HW filter on device bond10
[  283.087065][T13551] team0: Port device bond10 added
[  283.292573][T13527] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  283.293582][T13559] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2158'.
[  283.310764][T13559] netlink: 'syz.2.2158': attribute type 1 has an invalid length.
[  283.345397][T13559] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2158'.
[  283.895458][T13566] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2163'.
[  283.943249][T13566] 0·: renamed from 
c1· (while UP)
[  284.021268][T13566] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  284.039846][T13580] sctp: [Deprecated]: syz.1.2160 (pid 13580) Use of struct sctp_assoc_value in delayed_ack socket option.
[  284.039846][T13580] Use struct sctp_sack_info instead
[  284.906078][T13608] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  284.927736][T13610] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2175'.
[  284.961375][T13610] 1·: renamed from 
c0· (while UP)
[  284.983923][T13610] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  285.159753][T13620] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2177'.
[  285.208474][T13620] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2177'.
[  285.276234][T13620] netlink: 'syz.0.2177': attribute type 1 has an invalid length.
[  285.718349][T13651] lo speed is unknown, defaulting to 1000
[  285.904108][T13658] sctp: [Deprecated]: syz.2.2191 (pid 13658) Use of struct sctp_assoc_value in delayed_ack socket option.
[  285.904108][T13658] Use struct sctp_sack_info instead
[  286.253991][T13681] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2197'.
[  286.280175][T13681] team0: No ports can be present during mode change
[  286.501897][T13693] xt_CT: You must specify a L4 protocol and not use inversions on it
[  286.714899][T13699] lo speed is unknown, defaulting to 1000
[  287.073111][T13721] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  287.085283][T13725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2209'.
[  287.133468][T13719] lo speed is unknown, defaulting to 1000
[  287.174847][T13725] ipvlan0: entered promiscuous mode
[  287.347358][T13730] bond0: (slave team0): Releasing backup interface
[  287.361382][T13734] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2215'.
[  287.376813][   T10] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  287.394397][T13735] netlink: 'syz.4.2214': attribute type 10 has an invalid length.
[  287.419638][T13730] bond0: (slave bond_slave_0): Releasing backup interface
[  287.468554][T13730] bond0: (slave bond_slave_1): Releasing backup interface
[  287.519677][T13730] team_slave_0: left allmulticast mode
[  287.611286][T13730] team0: Port device team_slave_0 removed
[  287.630025][T13730] team_slave_1: left allmulticast mode
[  287.674809][T13746] netlink: 120 bytes leftover after parsing attributes in process `syz.4.2214'.
[  287.689296][T13730] team0: Port device team_slave_1 removed
[  287.714723][T13730] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.737180][T13730] batman_adv: batadv0: Removing interface: batadv_slave_0
[  287.767152][T13730] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  287.776181][T13730] batman_adv: batadv0: Removing interface: virt_wifi0
[  287.828441][T13730] bond6: (slave ip6gre1): Releasing backup interface
[  287.843343][T13730] ip6gre1: left promiscuous mode
[  287.889471][   T10] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  287.910224][T13730] bond8: (slave gretap1): Releasing active interface
[  287.964258][T13734] 1·: renamed from 
c0· (while UP)
[  287.971230][T13734] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  288.256106][T13764] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  288.290832][T13764] netlink: 'syz.3.2220': attribute type 10 has an invalid length.
[  288.726934][T13782] 
[  288.729325][T13782] ======================================================
[  288.736374][T13782] WARNING: possible circular locking dependency detected
[  288.743411][T13782] 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 Not tainted
[  288.750526][T13782] ------------------------------------------------------
[  288.757577][T13782] syz.2.2226/13782 is trying to acquire lock:
[  288.763643][T13782] ffff888063708d28 (&dev_instance_lock_key#12){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50
[  288.774028][T13782] 
[  288.774028][T13782] but task is already holding lock:
[  288.781406][T13782] ffff88807ec78d28 (&dev_instance_lock_key#2){+.+.}-{4:4}, at: do_setlink+0xa94/0x40f0
[  288.791093][T13782] 
[  288.791093][T13782] which lock already depends on the new lock.
[  288.791093][T13782] 
[  288.801504][T13782] 
[  288.801504][T13782] the existing dependency chain (in reverse order) is:
[  288.810607][T13782] 
[  288.810607][T13782] -> #2 (&dev_instance_lock_key#2){+.+.}-{4:4}:
[  288.819062][T13782]        lock_acquire+0x1ed/0x550
[  288.824103][T13782]        __mutex_lock+0x19c/0x1010
[  288.829237][T13782]        __dev_open+0x5cb/0x8a0
[  288.834101][T13782]        netif_open+0xae/0x1b0
[  288.838877][T13782]        dev_open+0x13e/0x260
[  288.843557][T13782]        team_add_slave+0xabe/0x28a0
[  288.848856][T13782]        do_set_master+0x579/0x730
[  288.853971][T13782]        rtnl_newlink_create+0x6e6/0xbd0
[  288.859607][T13782]        rtnl_newlink+0x167a/0x1d90
[  288.864818][T13782]        rtnetlink_rcv_msg+0x791/0xcf0
[  288.870290][T13782]        netlink_rcv_skb+0x206/0x480
[  288.875587][T13782]        netlink_unicast+0x7f6/0x990
[  288.880882][T13782]        netlink_sendmsg+0x8de/0xcb0
[  288.886190][T13782]        __sock_sendmsg+0x221/0x270
[  288.891410][T13782]        ____sys_sendmsg+0x53a/0x860
[  288.896699][T13782]        __sys_sendmsg+0x269/0x350
[  288.901826][T13782]        do_syscall_64+0xf3/0x230
[  288.906859][T13782]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.913289][T13782] 
[  288.913289][T13782] -> #1 (team->team_lock_key){+.+.}-{4:4}:
[  288.921298][T13782]        lock_acquire+0x1ed/0x550
[  288.926338][T13782]        __mutex_lock+0x19c/0x1010
[  288.931454][T13782]        team_set_mac_address+0x122/0x280
[  288.937182][T13782]        netif_set_mac_address+0x327/0x510
[  288.942996][T13782]        do_setlink+0xaa6/0x40f0
[  288.948043][T13782]        rtnl_newlink+0x15a6/0x1d90
[  288.953256][T13782]        rtnetlink_rcv_msg+0x791/0xcf0
[  288.958728][T13782]        netlink_rcv_skb+0x206/0x480
[  288.964024][T13782]        netlink_unicast+0x7f6/0x990
[  288.969367][T13782]        netlink_sendmsg+0x8de/0xcb0
[  288.974666][T13782]        __sock_sendmsg+0x221/0x270
[  288.979876][T13782]        __sys_sendto+0x363/0x4c0
[  288.984910][T13782]        __x64_sys_sendto+0xde/0x100
[  288.990214][T13782]        do_syscall_64+0xf3/0x230
[  288.995258][T13782]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.001688][T13782] 
[  289.001688][T13782] -> #0 (&dev_instance_lock_key#12){+.+.}-{4:4}:
[  289.010224][T13782]        validate_chain+0x18ef/0x5920
[  289.015608][T13782]        __lock_acquire+0x1397/0x2100
[  289.021002][T13782]        lock_acquire+0x1ed/0x550
[  289.026044][T13782]        __mutex_lock+0x19c/0x1010
[  289.031163][T13782]        dev_set_mac_address+0x2a/0x50
[  289.036625][T13782]        bond_set_mac_address+0x28e/0x830
[  289.042352][T13782]        netif_set_mac_address+0x327/0x510
[  289.048163][T13782]        do_setlink+0xaa6/0x40f0
[  289.053103][T13782]        rtnl_newlink+0x15a6/0x1d90
[  289.058311][T13782]        rtnetlink_rcv_msg+0x791/0xcf0
[  289.063786][T13782]        netlink_rcv_skb+0x206/0x480
[  289.069082][T13782]        netlink_unicast+0x7f6/0x990
[  289.074373][T13782]        netlink_sendmsg+0x8de/0xcb0
[  289.079669][T13782]        __sock_sendmsg+0x221/0x270
[  289.084879][T13782]        ____sys_sendmsg+0x53a/0x860
[  289.090170][T13782]        __sys_sendmsg+0x269/0x350
[  289.095293][T13782]        do_syscall_64+0xf3/0x230
[  289.100332][T13782]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.106761][T13782] 
[  289.106761][T13782] other info that might help us debug this:
[  289.106761][T13782] 
[  289.116995][T13782] Chain exists of:
[  289.116995][T13782]   &dev_instance_lock_key#12 --> team->team_lock_key --> &dev_instance_lock_key#2
[  289.116995][T13782] 
[  289.132072][T13782]  Possible unsafe locking scenario:
[  289.132072][T13782] 
[  289.139522][T13782]        CPU0                    CPU1
[  289.144887][T13782]        ----                    ----
[  289.150258][T13782]   lock(&dev_instance_lock_key#2);
[  289.155475][T13782]                                lock(team->team_lock_key);
[  289.162766][T13782]                                lock(&dev_instance_lock_key#2);
[  289.170503][T13782]   lock(&dev_instance_lock_key#12);
[  289.175804][T13782] 
[  289.175804][T13782]  *** DEADLOCK ***
[  289.175804][T13782] 
[  289.183946][T13782] 2 locks held by syz.2.2226/13782:
[  289.189141][T13782]  #0: ffffffff8fed6cc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90
[  289.198231][T13782]  #1: ffff88807ec78d28 (&dev_instance_lock_key#2){+.+.}-{4:4}, at: do_setlink+0xa94/0x40f0
[  289.208354][T13782] 
[  289.208354][T13782] stack backtrace:
[  289.214242][T13782] CPU: 0 UID: 0 PID: 13782 Comm: syz.2.2226 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[  289.214263][T13782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  289.214274][T13782] Call Trace:
[  289.214281][T13782]  <TASK>
[  289.214289][T13782]  dump_stack_lvl+0x241/0x360
[  289.214312][T13782]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.214330][T13782]  ? __pfx__printk+0x10/0x10
[  289.214351][T13782]  print_circular_bug+0x13a/0x1b0
[  289.214373][T13782]  check_noncircular+0x36a/0x4a0
[  289.214392][T13782]  ? 0xffffffffa0002018
[  289.214407][T13782]  ? __pfx_check_noncircular+0x10/0x10
[  289.214427][T13782]  ? lockdep_lock+0x123/0x2b0
[  289.214452][T13782]  ? __lock_acquire+0x1397/0x2100
[  289.214481][T13782]  validate_chain+0x18ef/0x5920
[  289.214507][T13782]  ? validate_chain+0x11e/0x5920
[  289.214526][T13782]  ? __pfx_validate_chain+0x10/0x10
[  289.214550][T13782]  ? validate_chain+0x11e/0x5920
[  289.214568][T13782]  ? is_bpf_text_address+0x26/0x2a0
[  289.214587][T13782]  ? __pfx_validate_chain+0x10/0x10
[  289.214607][T13782]  ? __pfx_validate_chain+0x10/0x10
[  289.214626][T13782]  ? mark_lock+0x9a/0x360
[  289.214641][T13782]  ? __pfx_validate_chain+0x10/0x10
[  289.214660][T13782]  __lock_acquire+0x1397/0x2100
[  289.214693][T13782]  lock_acquire+0x1ed/0x550
[  289.214717][T13782]  ? dev_set_mac_address+0x2a/0x50
[  289.214739][T13782]  ? __pfx_lock_acquire+0x10/0x10
[  289.214767][T13782]  ? __pfx___might_resched+0x10/0x10
[  289.214791][T13782]  ? __lock_acquire+0x1397/0x2100
[  289.214820][T13782]  __mutex_lock+0x19c/0x1010
[  289.214842][T13782]  ? dev_set_mac_address+0x2a/0x50
[  289.214864][T13782]  ? dev_set_mac_address+0x2a/0x50
[  289.214881][T13782]  ? __pfx___mutex_lock+0x10/0x10
[  289.214903][T13782]  ? ib_device_get_by_netdev+0x85/0x5e0
[  289.214938][T13782]  ? net_generic+0x1f/0x240
[  289.214962][T13782]  ? net_generic+0x1f0/0x240
[  289.214983][T13782]  dev_set_mac_address+0x2a/0x50
[  289.215002][T13782]  bond_set_mac_address+0x28e/0x830
[  289.215036][T13782]  ? __pfx_bond_set_mac_address+0x10/0x10
[  289.215058][T13782]  ? hsr_netdev_notify+0x295/0xb50
[  289.215085][T13782]  ? notifier_call_chain+0x15a/0x3f0
[  289.215110][T13782]  ? notifier_call_chain+0x3cc/0x3f0
[  289.215137][T13782]  netif_set_mac_address+0x327/0x510
[  289.215159][T13782]  ? __pfx_netif_set_mac_address+0x10/0x10
[  289.215180][T13782]  ? rcu_is_watching+0x15/0xb0
[  289.215198][T13782]  ? trace_kmalloc+0x1f/0xd0
[  289.215222][T13782]  ? do_setlink+0x7a7/0x40f0
[  289.215240][T13782]  do_setlink+0xaa6/0x40f0
[  289.215264][T13782]  ? mark_lock+0x9a/0x360
[  289.215281][T13782]  ? __pfx_do_setlink+0x10/0x10
[  289.215297][T13782]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  289.215324][T13782]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  289.215352][T13782]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  289.215371][T13782]  ? lockdep_hardirqs_on+0x99/0x150
[  289.215392][T13782]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  289.215410][T13782]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  289.215431][T13782]  ? rcu_is_watching+0x15/0xb0
[  289.215451][T13782]  ? __mutex_lock+0xba3/0x1010
[  289.215472][T13782]  ? __mutex_lock+0x602/0x1010
[  289.215496][T13782]  ? rtnl_newlink+0xc4c/0x1d90
[  289.215522][T13782]  ? __pfx___mutex_lock+0x10/0x10
[  289.215548][T13782]  ? ns_capable+0x8a/0xf0
[  289.215568][T13782]  ? rtnl_link_get_net_capable+0x168/0x340
[  289.215588][T13782]  rtnl_newlink+0x15a6/0x1d90
[  289.215620][T13782]  ? __pfx_rtnl_newlink+0x10/0x10
[  289.215646][T13782]  ? __pfx_validate_chain+0x10/0x10
[  289.215672][T13782]  ? validate_chain+0x11e/0x5920
[  289.215689][T13782]  ? __pfx_lock_acquire+0x10/0x10
[  289.215716][T13782]  ? __pfx_lock_release+0x10/0x10
[  289.215743][T13782]  ? __pfx_validate_chain+0x10/0x10
[  289.215762][T13782]  ? mark_lock+0x9a/0x360
[  289.215781][T13782]  ? __lock_acquire+0x1397/0x2100
[  289.215819][T13782]  ? __pfx_lock_release+0x10/0x10
[  289.215850][T13782]  ? __pfx_rtnl_newlink+0x10/0x10
[  289.215876][T13782]  rtnetlink_rcv_msg+0x791/0xcf0
[  289.215902][T13782]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  289.215928][T13782]  ? __lock_acquire+0x1397/0x2100
[  289.215954][T13782]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  289.215986][T13782]  netlink_rcv_skb+0x206/0x480
[  289.216017][T13782]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  289.216044][T13782]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  289.216078][T13782]  ? netlink_deliver_tap+0x2e/0x1b0
[  289.216104][T13782]  netlink_unicast+0x7f6/0x990
[  289.216130][T13782]  ? __pfx_netlink_unicast+0x10/0x10
[  289.216151][T13782]  ? __virt_addr_valid+0x45f/0x530
[  289.216168][T13782]  ? __phys_addr_symbol+0x2f/0x70
[  289.216183][T13782]  ? __check_object_size+0x47a/0x730
[  289.216208][T13782]  netlink_sendmsg+0x8de/0xcb0
[  289.216239][T13782]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.216267][T13782]  ? aa_sock_msg_perm+0x91/0x160
[  289.216296][T13782]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.216321][T13782]  __sock_sendmsg+0x221/0x270
[  289.216347][T13782]  ____sys_sendmsg+0x53a/0x860
[  289.216370][T13782]  ? __pfx_____sys_sendmsg+0x10/0x10
[  289.216390][T13782]  ? __fget_files+0x2a/0x410
[  289.216416][T13782]  ? __fget_files+0x2a/0x410
[  289.216444][T13782]  __sys_sendmsg+0x269/0x350
[  289.216466][T13782]  ? __pfx___sys_sendmsg+0x10/0x10
[  289.216503][T13782]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  289.216529][T13782]  ? do_syscall_64+0x100/0x230
[  289.216553][T13782]  ? do_syscall_64+0xb6/0x230
[  289.216575][T13782]  do_syscall_64+0xf3/0x230
[  289.216597][T13782]  ? clear_bhb_loop+0x35/0x90
[  289.216623][T13782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.216646][T13782] RIP: 0033:0x7f907818d169
[  289.216661][T13782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.216676][T13782] RSP: 002b:00007f907904e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  289.216694][T13782] RAX: ffffffffffffffda RBX: 00007f90783a5fa0 RCX: 00007f907818d169
[  289.216707][T13782] RDX: 0000000000040880 RSI: 0000400000000000 RDI: 0000000000000006
[  289.216719][T13782] RBP: 00007f907820e2a0 R08: 0000000000000000 R09: 0000000000000000
[  289.216730][T13782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  289.216740][T13782] R13: 0000000000000000 R14: 00007f90783a5fa0 R15: 00007ffeee9994f8
[  289.216759][T13782]  </TASK>
[  289.846252][T13782] bond0: entered promiscuous mode
[  289.873350][T13782] team0: entered promiscuous mode
[  289.879769][T13782] bond7: entered promiscuous mode
[  289.886937][T13782] bond9: entered promiscuous mode
[  289.892169][T13782] bond10: entered promiscuous mode