last executing test programs:

2m17.445927755s ago: executing program 0 (id=4980):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x4008800)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, 0x1402, 0x1, 0x70bd2a, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x4)
socket$kcm(0x10, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002d0021"], 0x1c}], 0x1}, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000b3381aa97a65798300000000000039000000a32bba56", @ANYRES32=r3, @ANYBLOB="1c005a8018000080140005007f00a50fc4030000ff0f030002000800"], 0x38}}, 0x10)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f00000004c0)={0x29c, r2, 0x4, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x68, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "6a3a5554218ba8ac"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "3ec95e9cab3afa8d"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="fea3484cafc85a906415aebedc9ade3dadb65a8c26766412"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1ff}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "28ede5886353ddf8"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="440c7962f7167718648f067ef35590a9"}]}, @NL80211_ATTR_REKEY_DATA={0xb0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e4dfeeb71df2d6b5"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="151ebcdf8635096c4251e650981ef27b38b135d87e57f8acd75e5ca0e47de479"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="12ede17dbaaa10d8710523915e1a9c56c9f596ea90714e3b"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="cd0470c53dae4996edb85b98ab7434fe"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "15fe40c0a037cc33"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="9af2753bac400e566b887a358e63ca3fd8fb0d9d81a6d935cf6cd6b77dce3548"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="d86490da1492aa0e4e4b401280ab727a"}]}, @NL80211_ATTR_REKEY_DATA={0x50, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "8a33000000003dab"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2ade00}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c9aa7a761be4c245"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="8018a26f10b5b27eefd0b64c2100077f7a555a931c1bc5f8"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}]}, @NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x7}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="40b1debb515011cb417b8f55e8f35815"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x10001}]}, @NL80211_ATTR_REKEY_DATA={0x7c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x800}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfff}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="f342150078cac9f09ee8c0c18c912f44389715fda8087ded"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="03803299d6ed3c0d1576e150c2f21d3e470ebd8dd2a806aca32f2b9d1d8238b5"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "ac644c12fc2ce6e7"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="be02efeebcad44c11c3da4a04a99cb08"}]}, @NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "19ed6b6f2429ae2d"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="56737e126934561c448f79dd29df4c979ebd7e64bb4c107cb71ecf924d5d2c7e"}]}, @NL80211_ATTR_REKEY_DATA={0x48, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "97758f19d8babe86"}, @NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "a47989d41aa21119"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x3c}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="05af990413b6cc5e18e517f0aa73307ba4396d3f725840dd"}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x8090}, 0x805)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
pipe(&(0x7f0000000480)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
vmsplice(r8, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r9=>0x0})
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r7, @ANYRESHEX=r8], &(0x7f0000000140)='GPL\x00', 0x0, 0xa1, &(0x7f0000000300)=""/161, 0x0, 0x20, '\x00', r9}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000002100)=@raw={'raw\x00', 0x3c1, 0x3, 0x5f0, 0x450, 0x8, 0x7f02ae, 0x450, 0x200, 0x520, 0x2e8, 0x2e8, 0x520, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x410, 0x450, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r10}}, @common=@rt={{0x138}, {0x6, [0x8, 0x9], 0x73e, 0x1, 0x2, [@private0, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @multicast1}, @local, @empty, @empty, @dev={0xfe, 0x80, '\x00', 0xc}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1d}, @ipv4={'\x00', '\xff\xff', @remote}, @ipv4={'\x00', '\xff\xff', @empty}, @empty], 0xd}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @private2, [], [0x0, 0x0, 0xff], 'veth0_to_team\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x0, 0x0, 0x58}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="5c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000002c0012800b00010067726574617000001c0002800800040009000000080001009d00669afee68ce762023d4fe1a2ac045f95"], 0x5c}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)

2m17.18505181s ago: executing program 0 (id=4984):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r1, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}, {{&(0x7f0000000500)={0xa, 0x4e22, 0x0, @remote, 0x40}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000006c0)="02", 0x1}], 0x1}}], 0x2, 0x24000045)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0xc)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r3, &(0x7f0000000480), 0x0, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0xa, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000003000000000000000000000085100000feffffff185a00000800000000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000095000000000000003eb3ea73d2baf85116411b992fc4589bbadb864f359774e31d3707059e0f39cea868f6890caab9d999434de37758f41aa249c41a8363fe3abbac5a38a6f6213f0de40cb2f07654a9926ec285ce8ea30fb9049510b3eb94fa1675fc0a81168c3f867434e250beb3ce76a7034a6256023412090314a41b15a7c60747a48d6728b3e981dbcdcf4e5a0e231ec01631182f3366804dd8dcdbcc4b31e5c3820cb7c9526d29138ae0b69a2255eb"], &(0x7f0000000680)='GPL\x00', 0x9, 0x11, &(0x7f00000007c0)=""/17, 0x40f00, 0x53, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a40)={0x5, 0x9, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000d80)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000dc0)=[{0x5, 0x5, 0x9, 0x1}, {0x3, 0x2, 0x7, 0x2}, {0x5, 0x4, 0x4, 0x7}, {0x3, 0x4, 0x0, 0x4}], 0x10, 0x5}, 0x94)
bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={r5, 0xffffffffffffffff, 0x24}, 0xc)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="0800d90700000000000000bd5656", 0xe)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
unshare(0x62040200)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="100000000802110000010802110000000802110000002000010000000110012882845090b6551824"], 0x28)

2m16.241979599s ago: executing program 2 (id=4992):
r0 = socket$nl_route(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
r1 = socket(0x28, 0x5, 0x0)
r2 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r2, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @broadcast}, 0x10)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r6, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
accept4$inet(r6, 0x0, 0x0, 0x80000)
shutdown(r6, 0x0)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r7, 0x104, 0x7, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0xfffe, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100a0}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x55}, @IFLA_GTP_FD0={0x8, 0x1, @udp6}]}}}]}, 0x40}}, 0x0)

2m16.04044164s ago: executing program 4 (id=4995):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=@delchain={0x24, 0x2e, 0x501, 0x0, 0xc00e, {0x0, 0x0, 0x0, r3, {}, {0xfff3, 0xb}, {0x0, 0xe}}}, 0x24}}, 0x0)

2m15.907090668s ago: executing program 4 (id=4999):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0xff)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
setsockopt$inet6_tcp_int(r1, 0x6, 0x18, &(0x7f00000002c0)=0x6d, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB], 0x8)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f0000000040)={0xa, 0xf5, 0x40000, @dev}, 0x1c, &(0x7f00000012c0)=[{&(0x7f0000000100)="daffc38b69363a52fe8000480000000021845a91f64fddcf51f405595faeea41974e5559ea91f7", 0x27}, {&(0x7f00000001c0)="01", 0x1}], 0x2}, 0xb00)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c9, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000040601020000000000000002000000090500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000180), r1)
sendmsg$GTP_CMD_ECHOREQ(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8010)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x22008005}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x841)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r2}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000100001042bbd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="00480100000000001c0012800b00010067656e65766500000c00028008000100010800001400030067656e65766531000000000000000000d7f6bdddc1e8f7f417bcde0e711b93e732f0b54d8954cf7f59de2610bc976e4542d598749e2f8764afd8254651dfa77e22520cf13a65496475641aa5e78abd544d"], 0x50}}, 0x2000000)

2m15.906699574s ago: executing program 1 (id=5000):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xb, 0x12, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x3}, @generic={0x2, 0x0, 0x4, 0x7, 0xff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='GPL\x00', 0xea0, 0x0, 0x0, 0x61680, 0x9, '\x00', 0x0, @fallback=0x2a, r0, 0x8, &(0x7f0000000300)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x5}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000380)=[0x1], &(0x7f00000003c0)=[{0x4, 0x5, 0x0, 0x4}], 0x10, 0x3}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x7, 0x5, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x4e}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r1, @fallback, r0, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)

2m15.795404826s ago: executing program 1 (id=5002):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001400b5950000000000bd5739730969d4f90000000a000000", @ANYRES32=0x0], 0x18}}, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'syzkaller0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x5, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf09000000000000c6090100000003e70600000006000000180100002020702500000000ae58cabe517e28856cad10f256d99100000000000037010000f8ffffffb702000018000000b70300000000000114000000060000005c93000000000000b503ff00000000008500000076000000b70000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x1c, &(0x7f0000002ac0)=[@in6={0xa, 0x4e24, 0xa, @local, 0x9}]}, &(0x7f0000000080)=0x10)
getpeername$packet(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x4010)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000400)={r3, @in6={{0xa, 0x4e24, 0x9, @loopback}}, 0x1, 0x5}, 0x90)
shutdown(r5, 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000240)={0x5, 0x2, 0x5, 0x1b}, 0x10)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffe}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x4028055}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20000}, 0x1c)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@newsa={0x18c, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local}, {@in=@loopback, 0x0, 0x32}, @in, {}, {}, {0x0, 0x1}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'xchacha20-arm\x00'}}}, @replay_esn_val={0x38, 0x17, {0x7, 0x70bd2b, 0x70bd28, 0x70bd27, 0x70bd29, 0x8001, [0x5, 0x2, 0x80000000, 0x464, 0x4, 0x3, 0x3]}}, @encap={0x1c, 0x4, {0x0, 0x0, 0x0, @in6=@private0}}]}, 0x18c}}, 0x80)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x403, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x647e4, 0x64da0}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x9}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x44}, 0x1, 0xba01}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x21, 0x2, 0x2)
connect$inet(r9, 0x0, 0x0)
setsockopt$RDS_GET_MR(r9, 0x114, 0x2, &(0x7f0000000240)={{&(0x7f0000000340)=""/151, 0x97}, &(0x7f0000000100), 0x4a}, 0x20)
ioctl(r8, 0x8b2a, &(0x7f0000000040))

2m15.794812389s ago: executing program 4 (id=5003):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000060400000000000000000000010500000008000000000000000000000300000000020000000200000004000000000000000000000b"], 0x0, 0x5a}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffff, '\x00', 0x0, r3, 0x4, 0x4}, 0x50)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x95}, 0x0)

2m15.673942821s ago: executing program 0 (id=5005):
r0 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={{0x14, 0x453, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWFLOWTABLE={0x1e8, 0x16, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_FLOWTABLE_HOOK={0x88, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xffff2655}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syzkaller1\x00'}, {0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'vcan0\x00'}, {0x14, 0x1, 'geneve1\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x180000}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK={0x140, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vlan1\x00'}, {0x14, 0x1, 'bridge_slave_0\x00'}, {0x14, 0x1, 'bond_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0xa4, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip6tnl0\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}, {0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'veth1_to_bond\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'veth1\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ipvlan1\x00'}, {0x14, 0x1, 'bridge0\x00'}, {0x14, 0x1, 'caif0\x00'}]}]}]}], {0x14, 0x3f2}}, 0x210}, 0x1, 0x0, 0x0, 0x64841}, 0x0)

2m15.562053817s ago: executing program 4 (id=5006):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
getpeername$l2tp(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f0000000040)=0x10) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) (async)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x7fff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6bed, 0x3, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) (async)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x50, r2, 0x1, 0x0, 0x25dfdbfb, {0x27}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x27, 0x51}}]}, 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)

2m15.411096532s ago: executing program 2 (id=5007):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, 0x0, 0x4)

2m15.370381194s ago: executing program 0 (id=5008):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000180)=0x200000, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x2c, 0x0, 0x1, 0x70bd2d, 0x0, {0x22}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001180)={0x38, r2, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018030000", @ANYRES32, @ANYBLOB="0000000000000d00b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
syz_emit_ethernet(0x46, &(0x7f0000000340)={@multicast, @broadcast, @val={@val={0x88a8, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @generic={0xd, 0x6, "4f022c", 0x8, 0x0, 0xff, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, {[@fragment={0x0, 0x0, 0x3, 0x1, 0x0, 0x7, 0x68}]}}}}}, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x20, &(0x7f0000000740)={&(0x7f00000004c0)=""/147, 0x93, <r4=>0x0, &(0x7f0000000580)=""/90, 0x5a}}, 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000007c0)={0x1, <r5=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x14, 0x1, &(0x7f00000001c0)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f0000000200)='GPL\x00', 0x6, 0xcc, &(0x7f0000000240)=""/204, 0x41100, 0x69, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x5, 0x6, 0xfbb3, 0x1}, 0x10, r4, 0xffffffffffffffff, 0x3, &(0x7f0000000800)=[r5], &(0x7f0000000840)=[{0x4, 0x3, 0xe, 0x9}, {0x4, 0x2, 0xc, 0xa}, {0x3, 0x5, 0x2, 0x4}], 0x10, 0x1ff}, 0x94)

2m15.119767345s ago: executing program 2 (id=5009):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r4, 0x0)
recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES8=r2, @ANYRES16=r1, @ANYRESDEC=r2], 0x6c}}, 0xc0c5)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r6, 0x107, 0x13, 0x0, &(0x7f0000000200))
sendmmsg$alg(r5, &(0x7f0000000140), 0x4924b68, 0x0)

2m14.841379026s ago: executing program 1 (id=5012):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x88}}, 0x0)
close(r0)

2m14.718278117s ago: executing program 1 (id=5013):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) (fail_nth: 5)

2m14.58046167s ago: executing program 2 (id=5014):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0x82}, @NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}}, 0x0)

2m14.499661197s ago: executing program 4 (id=5015):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000200000040000180060001000a00000008000500000000000c00070000000000000000000800090071000000070006007272000008000800"], 0x54}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
connect$ax25(r3, &(0x7f00000001c0)={{0x3, @default}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "3a6cbb0a0d000000"}}}}}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10)
syz_emit_ethernet(0x14d, &(0x7f0000000a40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb8100000086dd6d4f022c011311fffc0200"], 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r6, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r7, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(r6, 0x10f, 0x8a, &(0x7f00000000c0)=0x57fd, 0x4)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r8, 0x5, 0xe, 0x0, &(0x7f0000000000)="251200d800"/14, 0x0, 0x7ff, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)

2m14.113225768s ago: executing program 0 (id=5016):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000bf000000000000000000850000002000000085000000050000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000002380)=""/192}, 0x80)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r2, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2000c094)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x24, r5, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_BSS_CTS_PROT={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4015}, 0x4000)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000140)={'ip6gre0\x00', <r8=>0x0, 0x4, 0x10, 0xd, 0x81, 0x41, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8, 0x8, 0x0, 0x41}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50) (async)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b705000000000000850000009400000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x1}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x1}, 0x48)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000020000000000000000000000850000000f000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r12 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='ext4_writepages\x00', r11}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r12, 0x58, &(0x7f0000000380)}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x18, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff6c0, 0x0, 0x0, 0x0, 0xa73}, [@alu={0x4, 0x0, 0x3, 0x5, 0x3, 0xfffffffffffffff4, 0xfffffffffffffffc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @jmp={0x5, 0x1, 0x8, 0x8, 0x7, 0x4, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x27}, @map_fd={0x18, 0x9, 0x1, 0x0, 0x1}]}, &(0x7f0000000340)='GPL\x00', 0x256, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x0, 0xdf65, 0x6}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000400)=[{0x3, 0x3, 0xa, 0x5}, {0x3, 0x3, 0x8, 0x2}], 0x10, 0x3ff}, 0x94) (async)
r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x18, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff6c0, 0x0, 0x0, 0x0, 0xa73}, [@alu={0x4, 0x0, 0x3, 0x5, 0x3, 0xfffffffffffffff4, 0xfffffffffffffffc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @jmp={0x5, 0x1, 0x8, 0x8, 0x7, 0x4, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x27}, @map_fd={0x18, 0x9, 0x1, 0x0, 0x1}]}, &(0x7f0000000340)='GPL\x00', 0x256, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x0, 0xdf65, 0x6}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000400)=[{0x3, 0x3, 0xa, 0x5}, {0x3, 0x3, 0x8, 0x2}], 0x10, 0x3ff}, 0x94)
sendmsg$nl_route(r3, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f00000006c0)=@newlink={0x20c, 0x10, 0x300, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, 0x8488, 0x88}, [@IFLA_IFALIAS={0x14, 0x14, 'ip_vti0\x00'}, @IFLA_XDP={0x4c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0xe}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r10}, @IFLA_XDP_FD={0x8, 0x1, r0}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x5}, @IFLA_XDP_FD={0x8, 0x1, r13}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r0}, @IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}}, @IFLA_VF_PORTS={0x180, 0x18, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x81}]}, {0x64, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "fd56860ea9edccfa95db3756691a4bd2"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "cb4bff66e98c5ce2b6d0bf46b0af91c3"}, @IFLA_PORT_VF={0x8, 0x1, 0x90}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "97aaabb0f6ae342eec7ac5815cb5a62d"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "34672b947b1fd7be5a69927756bcf2f4"}]}, {0xc, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x6, 0x2, '/\x00'}]}, {0x50, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x3}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "6015dc0d422ba63c9b6a4d6d3c9f5fbc"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "35a543301999f9382cb8b64accddd7e9"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "bec92234b4d586d70bf9e7e21a83b7e5"}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "24d358d27c84fe1d222d3c2d4f8a2ee7"}]}, {0x3c, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "da35f3d4e43ecfa20f621e7dd882fba9"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "de5a30654e4c4dad70b7f8553cd74694"}, @IFLA_PORT_VF={0x8, 0x1, 0xb}]}, {0x5c, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "87af1eb8f4e9bbf2f617639a75ffed1a"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "2d9005c57b53444013b4624b3ea33def"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "341a191f7006bd467f616e26a96bfa79"}, @IFLA_PORT_VF={0x8, 0x1, 0xe}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "02f00522ed131ec8799c4d7207174684"}]}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x40}, 0x40010) (async)
sendmsg$nl_route(r3, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f00000006c0)=@newlink={0x20c, 0x10, 0x300, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, 0x8488, 0x88}, [@IFLA_IFALIAS={0x14, 0x14, 'ip_vti0\x00'}, @IFLA_XDP={0x4c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0xe}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r10}, @IFLA_XDP_FD={0x8, 0x1, r0}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x5}, @IFLA_XDP_FD={0x8, 0x1, r13}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r0}, @IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}}, @IFLA_VF_PORTS={0x180, 0x18, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x81}]}, {0x64, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "fd56860ea9edccfa95db3756691a4bd2"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "cb4bff66e98c5ce2b6d0bf46b0af91c3"}, @IFLA_PORT_VF={0x8, 0x1, 0x90}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "97aaabb0f6ae342eec7ac5815cb5a62d"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "34672b947b1fd7be5a69927756bcf2f4"}]}, {0xc, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x6, 0x2, '/\x00'}]}, {0x50, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x3}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "6015dc0d422ba63c9b6a4d6d3c9f5fbc"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "35a543301999f9382cb8b64accddd7e9"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "bec92234b4d586d70bf9e7e21a83b7e5"}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "24d358d27c84fe1d222d3c2d4f8a2ee7"}]}, {0x3c, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "da35f3d4e43ecfa20f621e7dd882fba9"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "de5a30654e4c4dad70b7f8553cd74694"}, @IFLA_PORT_VF={0x8, 0x1, 0xb}]}, {0x5c, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "87af1eb8f4e9bbf2f617639a75ffed1a"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "2d9005c57b53444013b4624b3ea33def"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "341a191f7006bd467f616e26a96bfa79"}, @IFLA_PORT_VF={0x8, 0x1, 0xe}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "02f00522ed131ec8799c4d7207174684"}]}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x40}, 0x40010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='afs_reload_dir\x00', r0, 0x0, 0x2}, 0x18)

2m14.092241027s ago: executing program 1 (id=5017):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000bdc5072e4c75223f007e6ca306000000000000009c91420b66f0980e90dc0a9900d145243692fe648adf4cbc1dc631c378820861eccfa60822e798d6526600eea6c33dd5b2a7762091bffe56a9440bf23deb4dc8947d2bafec88ae3708013fdc5b2a1dbc7d50fcb6d9a01d03491c35fee5ff00002e40db34dea1063eaf2e3d6959435775943a5a7090b1c08454a248811ed0850a0e16793732f7c9af95af00100000955133044fd041b55379c29cc8ca9e1e5223ceb6f2e4980e5be2d3f36ae968af01953b6e4b3aa3fe0c375b2e17019ccdf4b9b5caccc4722cf3e6cfa6567c5a8e01bf465f0a27e54911827c4fa432ca89bf5ac89effedbe12b66ce9643697ac0e12a966dcea592613f479d71eb2597dd9000000000000000000000000001d5bdafcd419016b45507fedc616a94a06268d9b21e956eabc"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

2m14.061278322s ago: executing program 2 (id=5018):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/22, 0x16}, 0x9}], 0x1, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000880)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x6a1, @dev={0xfe, 0x80, '\x00', 0x8}, 0x4}}, 0x0, 0x0, 0x34, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x40}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="ecd9b16a0b6e3c469795a99890f85e1edd144cad275dd7bcf71b", 0x1a}, {&(0x7f00000001c0)="b2d530240906f9a58c22a8c5c6f35ea2219c687f9f89df4754c2dc3c810dac4e70345c346858b23bedcda5169f28459e768ba84f90735928fc64e865a75e14a8ab57017f6f0552b15166ebfbc5ecfcbf2db70212a1d1e7bae803931f8d6c9e5edccdbc0fa3e4f42bd3308bf17060562d9cca990104cd7812e32b4a666af02f8eb17a514e2b733d90defd97ec4a9fdaad49bc5839c4f0478ce70b55a17245", 0x9e}], 0x2)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
recvmmsg(r1, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/22, 0x16}, 0x9}], 0x1, 0x2, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4) (async)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) (async)
syz_emit_ethernet(0x2e, &(0x7f0000000880)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) (async)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x6a1, @dev={0xfe, 0x80, '\x00', 0x8}, 0x4}}, 0x0, 0x0, 0x34, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) (async)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x40}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) (async)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="ecd9b16a0b6e3c469795a99890f85e1edd144cad275dd7bcf71b", 0x1a}, {&(0x7f00000001c0)="b2d530240906f9a58c22a8c5c6f35ea2219c687f9f89df4754c2dc3c810dac4e70345c346858b23bedcda5169f28459e768ba84f90735928fc64e865a75e14a8ab57017f6f0552b15166ebfbc5ecfcbf2db70212a1d1e7bae803931f8d6c9e5edccdbc0fa3e4f42bd3308bf17060562d9cca990104cd7812e32b4a666af02f8eb17a514e2b733d90defd97ec4a9fdaad49bc5839c4f0478ce70b55a17245", 0x9e}], 0x2) (async)

2m13.891891618s ago: executing program 4 (id=5019):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bea100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001fc0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3, 0x8, 0x7}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x11, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a603f00000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r2, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r2], 0x40c}}, 0x0)

2m13.529598145s ago: executing program 32 (id=5019):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bea100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001fc0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3, 0x8, 0x7}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x11, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a603f00000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r2, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r2], 0x40c}}, 0x0)

2m13.516313641s ago: executing program 0 (id=5021):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25010005000000000007410000004c00180000000762726f6164636173742d6c696e6b00"/98], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)

2m13.377413659s ago: executing program 33 (id=5021):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25010005000000000007410000004c00180000000762726f6164636173742d6c696e6b00"/98], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)

2m13.372328519s ago: executing program 1 (id=5022):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0xbf, 0x99, 0x15, 0x5, 0xff, 0x5, 0xfb, 0x8, 0xec, 0x2, 0x81, 0x84, 0x8, 0x5}, 0xe)
sendto$inet6(r0, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000b80)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x20, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fcdbdf254f00000008000300", @ANYRES32=r4, @ANYBLOB="10007a800c4d0263c370db626d000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4070}, 0x4000080)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r4, @ANYRES16, @ANYRES8=r5], 0x30}, 0x1, 0x0, 0x0, 0xc001}, 0x20040080)
socketpair(0x28, 0x2, 0x3, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

2m13.332870475s ago: executing program 34 (id=5022):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0xbf, 0x99, 0x15, 0x5, 0xff, 0x5, 0xfb, 0x8, 0xec, 0x2, 0x81, 0x84, 0x8, 0x5}, 0xe)
sendto$inet6(r0, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000b80)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x20, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fcdbdf254f00000008000300", @ANYRES32=r4, @ANYBLOB="10007a800c4d0263c370db626d000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4070}, 0x4000080)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r4, @ANYRES16, @ANYRES8=r5], 0x30}, 0x1, 0x0, 0x0, 0xc001}, 0x20040080)
socketpair(0x28, 0x2, 0x3, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

2m13.27524623s ago: executing program 2 (id=5023):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0)

2m13.224130278s ago: executing program 35 (id=5023):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0)

1m33.11135815s ago: executing program 5 (id=5129):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000e00)={0x0, 0xf00, &(0x7f0000000dc0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000)

1m17.312846136s ago: executing program 5 (id=5129):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000e00)={0x0, 0xf00, &(0x7f0000000dc0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000)

1m0.6330534s ago: executing program 5 (id=5129):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000e00)={0x0, 0xf00, &(0x7f0000000dc0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000)

58.221247245s ago: executing program 3 (id=5467):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r0, 0x0, 0x37, 0x0, &(0x7f0000000280)="61dfb0020866c667fc53b9265583e283d8ddef068c05608ffc450394321545000043aee3b6278051a7cb16648329887185", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet(0x2, 0xa, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200"], 0x10)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r4, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40)
syz_extract_tcp_res(&(0x7f00000002c0)={0x41424344, <r5=>0x41424344}, 0x5, 0x4)
syz_emit_ethernet(0x4a, &(0x7f00000005c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x3c00, 0x22eb, r5, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x4}}}}}}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0x6, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r6}, 0x38)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r6}, 0x20)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000b80)={0x114, 0x0, 0x1, 0x5, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_LABELS_MASK={0x24, 0x17, [0x0, 0xa7, 0xd9, 0x80000001, 0x0, 0x5, 0x44, 0xd39]}, @CTA_SEQ_ADJ_ORIG={0x3c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xa164}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x3000000}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa9d}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x630}]}, @CTA_TUPLE_REPLY={0x54, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1402}, @CTA_TUPLE_ORIG={0x14, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x85}]}, @CTA_SEQ_ADJ_ORIG={0x4}]}, 0x114}, 0x1, 0x0, 0x0, 0x40800}, 0x48019)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x418, 0x0, 0x940c, 0x3002, 0x210, 0x2c0, 0x348, 0x3d8, 0x3d8, 0x348, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@eui64={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@loopback, @empty, [0xffffff00, 0xffff00, 0xff, 0xffffff00], [0xff, 0xff000000, 0x0, 0xff000000], 'syzkaller1\x00', 'macvtap0\x00', {}, {}, 0x1, 0x9, 0x1, 0x8}, 0x0, 0xd0, 0x138, 0x0, {0x700}, [@common=@inet=@socket2={{0x28}, 0x2}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x478)
syz_emit_ethernet(0x66, &(0x7f00000000c0)={@remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8100, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a8bc", 0x28, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}, @local, {[], {{0x0, 0x4001, 0x41424344, r5, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x8}, @exp_fastopen={0xfe, 0x11, 0xf989, "6627ef7d44790c4cbcfbb4738c"}]}}}}}}}}, 0x0)

58.044767014s ago: executing program 3 (id=5469):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip_vti0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x1c00, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}]}}}]}, 0x50}}, 0x0)

57.807351083s ago: executing program 3 (id=5470):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) (fail_nth: 9)

44.374120791s ago: executing program 3 (id=5470):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) (fail_nth: 9)

42.856528s ago: executing program 5 (id=5129):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000e00)={0x0, 0xf00, &(0x7f0000000dc0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000)

26.522416698s ago: executing program 3 (id=5470):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) (fail_nth: 9)

22.574526933s ago: executing program 5 (id=5129):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000e00)={0x0, 0xf00, &(0x7f0000000dc0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000)

9.066765644s ago: executing program 3 (id=5470):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) (fail_nth: 9)

5.601751552s ago: executing program 5 (id=5129):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000e00)={0x0, 0xf00, &(0x7f0000000dc0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000)

3.735873423s ago: executing program 8 (id=5682):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa080019"], 0x58}, 0x1, 0x0, 0x34000}, 0x0)

3.591718117s ago: executing program 8 (id=5684):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000380)="b9ff0300600d698cff9e14f08edd", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0x50)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000a80)={&(0x7f0000000440)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x0, {0xa, 0x4e24, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xb}}, 0xffffffa6, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYRES8=r2], 0x10b8}, 0x200008c1)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r3, 0x73976972ba3f4b55, 0x0, 0x0, {0x8}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x28}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, 0x0, 0x24040840)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x500, 0x0, 0x54}, 0x9c)
close(0x3)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000001800dd8d000000000000000002000000ff0000", @ANYRES32=0x0, @ANYBLOB="08000100ac1414bb08000500e0"], 0x60}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'bond_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r7, 0x0, 0x8000)
sendmsg$nl_route_sched(r6, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@gettfilter={0x34, 0x2e, 0x400, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xd}, {0x10, 0x2}, {0x5, 0x3}}, [{0x8, 0xb, 0x17b9}, {0x8, 0xb, 0x8000}]}, 0x34}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r9, 0x89f2, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x4, 0x8, 0x7, 0x86a, 0x0, @private1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x700, 0xf, 0x2}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000280)={0x0, @remote, @local}, &(0x7f00000002c0)=0xc)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r9, 0x89f0, &(0x7f00000003c0)={'erspan0\x00', &(0x7f0000000300)={'gre0\x00', 0x0, 0x1, 0x80, 0x101, 0x82d, {{0x1b, 0x4, 0x3, 0x5, 0x6c, 0x68, 0x0, 0x62, 0x2f, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x8, 0x94, 0x0, 0xa, [0x7fffffff]}, @timestamp={0x44, 0x8, 0xf8, 0x0, 0x2, [0x8a77]}, @timestamp={0x44, 0x2c, 0x8b, 0x0, 0x0, [0x2, 0xfffffffc, 0xb19, 0x1, 0x9, 0x3, 0x40, 0x4, 0xe6e8, 0x8000]}, @rr={0x7, 0x17, 0x30, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}]}}}}})
getsockopt$inet_mreqn(r9, 0x0, 0x20, &(0x7f0000000400)={@rand_addr, @private}, &(0x7f00000004c0)=0xc)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'tunl0\x00', &(0x7f0000000500)={'sit0\x00', 0x0, 0x40, 0x7, 0x4, 0x8, {{0x1c, 0x4, 0x1, 0xc, 0x70, 0x64, 0x0, 0x0, 0x2f, 0x0, @remote, @loopback, {[@lsrr={0x83, 0xf, 0x5b, [@multicast1, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x4b, 0x3, [{0x1, 0x8, "c59288334ac1"}, {0x6, 0x8, "b416e15d0360"}, {0x7, 0x11, "c5a31ef2dd78cb53ce24c4411308b0"}, {0x2, 0x4, "1b6f"}, {0x2, 0x6, "95fcac93"}, {0x6, 0x3, "c1"}, {0x1, 0xe, "6dc851b4c697aef18459b2ab"}, {0x5, 0x9, "188a4a2b0f4b48"}]}]}}}}})

3.462815727s ago: executing program 7 (id=5685):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000"], 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f0000000040))
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r1, @ANYRES32=r0], 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)

2.815903793s ago: executing program 7 (id=5686):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000005c0)={0xffffffffffffffff, 0x7, 0x2, 0x1})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)=ANY=[], 0x20)

2.75184391s ago: executing program 8 (id=5687):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@float={0x10, 0x0, 0x0, 0x10, 0x10}]}, {0x0, [0x30]}}, &(0x7f0000000f40)=""/4089, 0x26, 0xff9, 0xc}, 0x28)

2.684675879s ago: executing program 7 (id=5689):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000200000040000180060001000a00000008000500000000000c000700000000000000000008000900710000000700060072720000"], 0x54}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r2, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r3}, 0x10)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @default}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "3a6cbb0a0d000000"}}}}}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10)
syz_emit_ethernet(0x14d, &(0x7f0000000a40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb8100000086dd6d4f022c011311fffc0200"], 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
recvmsg(r7, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(r7, 0x10f, 0x8a, &(0x7f00000000c0)=0x57fd, 0x4)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r9, 0x5, 0xe, 0x0, &(0x7f0000000000)="251200d800"/14, 0x0, 0x7ff, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)

2.34367247s ago: executing program 8 (id=5690):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x32d0c1, 0x0)
unshare(0x20000400)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0xfffffffe)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000680)="68c8e4", 0x3}], 0x1)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb, 0x11, r0, 0xb9e6e000)
recvfrom$unix(r2, &(0x7f00000001c0)=""/236, 0x26, 0x10120, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_DEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=ANY=[@ANYBLOB="240000003f8b399c1d0051b9ae351c39380709c33733b97b6ed4d296a44f5ec36a9b2e8029872a0637983e2d5f1ffe3340a5e3cd1650c7b71a22017f0aabf3b5ae92c9663c12b65af38cfb7a9fcb2d45f9", @ANYRES16=r4, @ANYBLOB="01002dbd7000ffdbdf2502000000050002000200000008000800e0000002"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000080)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x81}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2c}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r5, 0xfe, 0x0}, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_opts(r6, 0x0, 0xd, &(0x7f0000000540)="16c1dab7f43fe951a34d2c0e57719d4ee7b890f5dd03da9f44f79bd22c234f947c54bcbbd4ddcd17dca7fc3dbb4f5466941f90f201cdcbc9515738f123b8995c05fc3d378da4e08429267d0321d0ea6691acaf5a8317fc10446af35a71abe317cd1016d91abd121af9abe29287b1d946c297d5d1033daefee584d47f8f6d291c40bda791f8c1d695ca316a26bf1a718c6ea05a8d4e055ae7561973e7a89da084aa1dff9028a06a1289ef28", 0xab)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv6_newrule={0x1c, 0x1a, 0x1, 0x80, 0x0, {0x81, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x1c}}, 0x848)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r8, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20048010)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newtaction={0x78, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ctinfo={0x60, 0x20, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0x4}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x6}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x6}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x4}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
bind$bt_hci(r9, &(0x7f0000000080)={0x1f, 0x0, 0x4}, 0x3)
close(r9)

2.25122403s ago: executing program 8 (id=5692):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_newvlan={0x18, 0x76, 0x709, 0x0, 0x25dfdbfe, {0x7, 0x2}}, 0x18}, 0x1, 0x5502000000000000}, 0x0)

1.993015937s ago: executing program 8 (id=5693):
unshare(0x64000600)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
unshare(0x50700)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x10, &(0x7f00000001c0)=@framed={{0x18, 0x2}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)={0x44, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0xd}]}]}, 0x44}}, 0x0)
unshare(0x6a040000)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r6, 0x110, 0x2, 0x0, 0x3d)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000005c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r4, @ANYBLOB="21012cbd7000000000001400000008000300", @ANYRES32=r7, @ANYBLOB="0600360803000000050029000c", @ANYRESDEC=r3, @ANYRES32=0x0], 0x2c}}, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000cdd000/0x2000)=nil, 0x2000, 0x2000000, 0x20010, r0, 0xe2c52000)
socket$inet(0x2, 0x5, 0x800)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018"], 0x0, 0x18, 0x0, 0x8}, 0x28)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[], 0x18)
sendmmsg$inet6(r0, &(0x7f0000003a00), 0x0, 0x4c040)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
unshare(0x2c020400)
socket$inet(0xa, 0x801, 0x84)

1.132923556s ago: executing program 7 (id=5697):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x18}}, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syzkaller0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x5, 0x17, &(0x7f00000007c0)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf09000000000000c6090100000003e70600000006000000180100002020702500000000ae58cabe517e28856cad10f256d99100000000000037010000f8ffffffb702000018000000b70300000000000114000000060000005c93000000000000b503ff00000000008500000076000000b70000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x1c, &(0x7f0000002ac0)=[@in6={0xa, 0x4e24, 0xa, @local, 0x9}]}, &(0x7f0000000080)=0x10)
getpeername$packet(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r6, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x4010)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x1f, &(0x7f0000000400)={r4, @in6={{0xa, 0x4e24, 0x9, @loopback}}, 0x1, 0x5}, 0x90)
shutdown(r6, 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000240)={0x5, 0x2, 0x5, 0x1b}, 0x10)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffe}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x4028055}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20000}, 0x1c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@newsa={0x18c, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local}, {@in=@loopback, 0x0, 0x32}, @in, {}, {}, {0x0, 0x1}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'xchacha20-arm\x00'}}}, @replay_esn_val={0x38, 0x17, {0x7, 0x70bd2b, 0x70bd28, 0x70bd27, 0x70bd29, 0x8001, [0x5, 0x2, 0x80000000, 0x464, 0x4, 0x3, 0x3]}}, @encap={0x1c, 0x4, {0x0, 0x0, 0x0, @in6=@private0}}]}, 0x18c}}, 0x80)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x403, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x647e4, 0x64da0}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x9}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x44}, 0x1, 0xba01}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x21, 0x2, 0x2)
connect$inet(r10, 0x0, 0x0)
setsockopt$RDS_GET_MR(r10, 0x114, 0x2, &(0x7f0000000240)={{&(0x7f0000000340)=""/151, 0x97}, &(0x7f0000000100), 0x4a}, 0x20)
ioctl(r9, 0x8b2a, &(0x7f0000000040))

1.112670999s ago: executing program 6 (id=5698):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@func={0x2, 0x20, 0x0, 0xc, 0x1}]}, {0x0, [0x0, 0x2e, 0x1e]}}, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @void, @value=0x11}, 0x28)

991.975996ms ago: executing program 6 (id=5699):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_team\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x4, r1, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3}}}, 0x24}}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

690.112618ms ago: executing program 6 (id=5700):
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
splice(r1, 0x0, r0, 0x0, 0xffffffffffff8000, 0x0)
close(r1)
write$cgroup_subtree(r2, &(0x7f0000003100)=ANY=[], 0x10448) (fail_nth: 3)

540.895575ms ago: executing program 6 (id=5701):
sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x8, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_rs}}}}}, 0x0)

343.982252ms ago: executing program 6 (id=5702):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xb, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f00000002c0), &(0x7f0000000300)=@tcp6=r0, 0x1}, 0x20)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0x82}, @NFTA_BYTEORDER_OP={0x8}, @NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x0)

212.216009ms ago: executing program 6 (id=5703):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f001600060004e0a7000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b31d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de603000000e4edef3d93452a92954b43370e9703920723f9a94100"/216, 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0)

171.290645ms ago: executing program 7 (id=5704):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendto$inet6(r0, &(0x7f0000000280)='R', 0x1, 0x404c007, 0x0, 0x0) (fail_nth: 3)

0s ago: executing program 7 (id=5705):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c00000044000701fcffffff00000004017c000038000480312d", @ANYRESDEC, @ANYRESDEC], 0x4c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

kernel console output (not intermixed with test programs):

 (UME) 100*64kB (UME) 28*128kB (UME) 14*256kB (UM) 9*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3916788kB
[  946.464504][T25141] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5434'.
[  946.498133][T25131] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  946.539678][T25125] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  946.588189][T25125] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB
[  946.599545][T25125] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  946.619119][T25125] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  946.654079][T25125] 43575 total pagecache pages
[  946.659420][T25125] 0 pages in swap cache
[  946.675779][T25144] netlink: 'syz.3.5435': attribute type 13 has an invalid length.
[  946.683949][T25144] netlink: 'syz.3.5435': attribute type 17 has an invalid length.
[  946.695239][T25125] Free swap  = 124996kB
[  946.708117][T25125] Total swap = 124996kB
[  946.721538][T25144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  946.763518][T25125] 2097051 pages RAM
[  946.767365][T25125] 0 pages HighMem/MovableOnly
[  946.798742][T25125] 425433 pages reserved
[  946.803434][T25125] 0 pages cma reserved
[  946.946786][T25153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  946.957695][T25148] lo speed is unknown, defaulting to 1000
[  947.009208][T25156] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5438'.
[  947.090010][T25153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.202234][T25157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  947.289636][T25160] netlink: 'syz.6.5440': attribute type 10 has an invalid length.
[  947.292853][T24836] veth0_vlan: entered promiscuous mode
[  947.317319][T25160] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5440'.
[  947.350816][T25160] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5440'.
[  947.476752][T24836] veth1_vlan: entered promiscuous mode
[  947.543387][T24836] veth0_macvtap: entered promiscuous mode
[  947.560778][T24836] veth1_macvtap: entered promiscuous mode
[  947.608278][T24836] batman_adv: batadv0: Interface activated: batadv_slave_0
[  947.646074][T24836] batman_adv: batadv0: Interface activated: batadv_slave_1
[  947.661363][T25170] openvswitch: netlink: Duplicate or invalid key (type 0).
[  947.669201][T25170] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  947.683887][T20429] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  947.702633][T20429] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  947.736900][T20429] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  947.755531][T20429] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  947.931240][ T6132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  947.948736][ T6132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  947.984315][ T6132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  947.994571][ T6132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  948.297768][T25185] veth5: entered promiscuous mode
[  948.353364][T25187] 8021q: adding VLAN 0 to HW filter on device bond21
[  948.415979][T25191] veth81: entered promiscuous mode
[  948.432870][T25191] bond21: (slave veth81): Enslaving as an active interface with an up link
[  948.658757][ T5858] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  948.689504][T25162] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  948.721771][T25200] netlink: 'syz.3.5453': attribute type 10 has an invalid length.
[  948.733029][T25200] geneve0: entered promiscuous mode
[  948.747443][T25200] team0: Port device geneve0 added
[  948.761387][   T64] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 6081 - 0
[  948.780011][   T64] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 6081 - 0
[  948.799217][   T64] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 6081 - 0
[  948.985371][   T64] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 6081 - 0
[  949.182522][T20435] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.365401][T25208] team0: Port device geneve0 removed
[  949.516287][T20435] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.625050][T20435] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.827689][T20435] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  950.046764][T20435] bridge_slave_1: left allmulticast mode
[  950.064027][T25223] FAULT_INJECTION: forcing a failure.
[  950.064027][T25223] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  950.076077][T20435] bridge_slave_1: left promiscuous mode
[  950.088756][T20435] bridge0: port 2(bridge_slave_1) entered disabled state
[  950.103608][T25223] CPU: 0 UID: 0 PID: 25223 Comm: syz.7.5458 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  950.103639][T25223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  950.103652][T25223] Call Trace:
[  950.103660][T25223]  <TASK>
[  950.103669][T25223]  dump_stack_lvl+0x189/0x250
[  950.103698][T25223]  ? __pfx____ratelimit+0x10/0x10
[  950.103725][T25223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  950.103749][T25223]  ? __pfx__printk+0x10/0x10
[  950.103779][T25223]  ? fs_reclaim_acquire+0x7d/0x100
[  950.103816][T25223]  should_fail_ex+0x414/0x560
[  950.103851][T25223]  prepare_alloc_pages+0x213/0x610
[  950.103889][T25223]  __alloc_frozen_pages_noprof+0x123/0x370
[  950.103924][T25223]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  950.103963][T25223]  ? policy_nodemask+0x27c/0x720
[  950.103987][T25223]  ? __lock_acquire+0xab9/0xd20
[  950.104014][T25223]  alloc_pages_mpol+0x232/0x4a0
[  950.104047][T25223]  vma_alloc_folio_noprof+0xe4/0x200
[  950.104076][T25223]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  950.104125][T25223]  folio_prealloc+0x30/0x180
[  950.104152][T25223]  __handle_mm_fault+0x2c88/0x5620
[  950.104174][T25223]  ? __lock_acquire+0xab9/0xd20
[  950.104214][T25223]  ? __pfx___handle_mm_fault+0x10/0x10
[  950.104239][T25223]  ? lock_vma_under_rcu+0xf8/0x710
[  950.104277][T25223]  ? lock_vma_under_rcu+0xf8/0x710
[  950.104302][T25223]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  950.104335][T25223]  handle_mm_fault+0x40a/0x8e0
[  950.104368][T25223]  do_user_addr_fault+0xa81/0x1390
[  950.104397][T25223]  ? rcu_is_watching+0x15/0xb0
[  950.104421][T25223]  ? trace_page_fault_user+0x84/0x1e0
[  950.104444][T25223]  exc_page_fault+0x76/0xf0
[  950.104473][T25223]  asm_exc_page_fault+0x26/0x30
[  950.104494][T25223] RIP: 0033:0x7f6f64c5a33b
[  950.104512][T25223] Code: 00 00 00 48 8d 3d fd 2b 19 00 48 89 c1 31 c0 e8 fb 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 31 2c 19 00 48 89 34 24 48 8b 14 24 48 8b
[  950.104530][T25223] RSP: 002b:00007f6f65c70fb0 EFLAGS: 00010202
[  950.104548][T25223] RAX: 0000000000000000 RBX: 00007f6f64fb5fa0 RCX: 0000000000000000
[  950.104562][T25223] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000200
[  950.104575][T25223] RBP: 00007f6f65c72090 R08: 0000000000000000 R09: 0000000000000000
[  950.104588][T25223] R10: 0000200000000200 R11: 0000000000000000 R12: 0000000000000001
[  950.104605][T25223] R13: 0000000000000000 R14: 00007f6f64fb5fa0 R15: 00007ffe44cce8f8
[  950.104639][T25223]  </TASK>
[  950.104943][T25223] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  950.136730][T25217] xt_CT: No such helper "snmp"
[  950.367772][T20435] bridge_slave_0: left allmulticast mode
[  950.387332][T20435] bridge_slave_0: left promiscuous mode
[  950.393904][T20435] bridge0: port 1(bridge_slave_0) entered disabled state
[  950.494712][T25228] __nla_validate_parse: 10 callbacks suppressed
[  950.494734][T25228] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5461'.
[  950.579762][T13361] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  950.590088][T13361] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  950.598884][T13361] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  950.607486][T13361] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  950.616391][T13361] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  950.683739][T25232] xt_CT: No such helper "snmp"
[  951.087667][T20435] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  951.104980][T20435] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  951.126038][T20435] bond0 (unregistering): Released all slaves
[  951.145724][T25219] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5460'.
[  951.267100][T25229] lo speed is unknown, defaulting to 1000
[  951.384034][T25242] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  951.393346][ T1210] IPVS: starting estimator thread 0...
[  951.518503][T25245] IPVS: using max 39 ests per chain, 93600 per kthread
[  951.560420][T25248] veth7: entered promiscuous mode
[  951.696160][T25254] netlink: 64 bytes leftover after parsing attributes in process `syz.8.5468'.
[  951.862542][T25254] bridge_slave_0: left allmulticast mode
[  951.868944][T25254] bridge_slave_0: left promiscuous mode
[  951.891405][T25254] bridge0: port 1(bridge_slave_0) entered disabled state
[  951.922042][T25254] bridge_slave_1: left allmulticast mode
[  951.927726][T25254] bridge_slave_1: left promiscuous mode
[  951.954126][T25254] bridge0: port 2(bridge_slave_1) entered disabled state
[  951.997161][T25254] bond0: (slave bond_slave_0): Releasing backup interface
[  952.040864][T25254] bond0: (slave bond_slave_1): Releasing backup interface
[  952.083431][T25254] team0: Port device team_slave_0 removed
[  952.139817][T25254] team0: Port device team_slave_1 removed
[  952.146701][T25254] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  952.185171][T25254] batman_adv: batadv0: Removing interface: batadv_slave_0
[  952.221736][T25254] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  952.241058][T25254] batman_adv: batadv0: Removing interface: batadv_slave_1
[  952.280225][T25254] team0: Port device geneve0 removed
[  952.306867][T25254] bond1: (slave veth11): Releasing backup interface
[  952.473343][T25258] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5471'.
[  952.486226][T20435] hsr_slave_0: left promiscuous mode
[  952.493188][T20435] hsr_slave_1: left promiscuous mode
[  952.510227][T20435] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  952.517745][T20435] batman_adv: batadv0: Removing interface: batadv_slave_0
[  952.540964][T20435] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  952.558716][T20435] batman_adv: batadv0: Removing interface: batadv_slave_1
[  952.655637][T20435] veth1_macvtap: left promiscuous mode
[  952.661894][ T5858] Bluetooth: hci0: command tx timeout
[  952.678574][T20435] veth0_macvtap: left promiscuous mode
[  952.688974][T20435] veth1_vlan: left promiscuous mode
[  952.704808][T20435] veth0_vlan: left promiscuous mode
[  953.093345][T13361] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  953.103682][T13361] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  953.112271][T13361] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  953.123687][T13361] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  953.133472][T13361] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  953.671915][T20435] team0 (unregistering): Port device team_slave_1 removed
[  953.758132][T20435] team0 (unregistering): Port device team_slave_0 removed
[  954.329203][T25264] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5472'.
[  954.525072][T25259] lo speed is unknown, defaulting to 1000
[  954.594869][T25260] lo speed is unknown, defaulting to 1000
[  954.717405][T25274] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5476'.
[  954.738999][T13361] Bluetooth: hci0: command tx timeout
[  954.834176][T25278] netlink: 'syz.8.5477': attribute type 1 has an invalid length.
[  954.859038][T25278] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5477'.
[  954.911677][T25278] batadv0: entered promiscuous mode
[  954.927062][T25278] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  954.951228][T25278] batadv0: left promiscuous mode
[  955.006315][T25229] chnl_net:caif_netlink_parms(): no params data found
[  955.220260][T13361] Bluetooth: hci4: command tx timeout
[  955.510011][T25229] bridge0: port 1(bridge_slave_0) entered blocking state
[  955.517314][T25229] bridge0: port 1(bridge_slave_0) entered disabled state
[  955.526632][T25229] bridge_slave_0: entered allmulticast mode
[  955.534790][T25229] bridge_slave_0: entered promiscuous mode
[  955.561223][T25229] bridge0: port 2(bridge_slave_1) entered blocking state
[  955.571194][T25229] bridge0: port 2(bridge_slave_1) entered disabled state
[  955.579346][T25229] bridge_slave_1: entered allmulticast mode
[  955.588090][T25229] bridge_slave_1: entered promiscuous mode
[  955.642007][T25294] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5480'.
[  955.795114][T25229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  955.799502][T25299] netlink: 'syz.7.5482': attribute type 10 has an invalid length.
[  955.816431][T25229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  955.847401][T25299] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5482'.
[  955.885985][T25305] netlink: 104 bytes leftover after parsing attributes in process `syz.6.5484'.
[  955.900024][T25306] netlink: 36 bytes leftover after parsing attributes in process `syz.7.5482'.
[  955.928957][T25304] netlink: 'syz.8.5483': attribute type 13 has an invalid length.
[  955.955658][T25229] team0: Port device team_slave_0 added
[  955.957986][T25304] netlink: 'syz.8.5483': attribute type 17 has an invalid length.
[  955.975937][T25299] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5482'.
[  955.990881][T25229] team0: Port device team_slave_1 added
[  955.997028][T25299] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5482'.
[  956.016907][T25304] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  956.045409][T25260] chnl_net:caif_netlink_parms(): no params data found
[  956.145335][T25229] batman_adv: batadv0: Adding interface: batadv_slave_0
[  956.156179][T25229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  956.202023][T25308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  956.219213][T25229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  956.235793][T25229] batman_adv: batadv0: Adding interface: batadv_slave_1
[  956.244195][T25229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  956.266964][T25308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  956.273423][T25229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  956.356811][T25304] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  956.389477][T25307] lo speed is unknown, defaulting to 1000
[  956.504999][T25260] bridge0: port 1(bridge_slave_0) entered blocking state
[  956.513668][T25260] bridge0: port 1(bridge_slave_0) entered disabled state
[  956.521909][T25260] bridge_slave_0: entered allmulticast mode
[  956.530414][T25260] bridge_slave_0: entered promiscuous mode
[  956.652330][T25229] hsr_slave_0: entered promiscuous mode
[  956.684154][T25229] hsr_slave_1: entered promiscuous mode
[  956.711947][T25229] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  956.746676][T25229] Cannot create hsr debugfs directory
[  956.761852][T25260] bridge0: port 2(bridge_slave_1) entered blocking state
[  956.778671][T25260] bridge0: port 2(bridge_slave_1) entered disabled state
[  956.788687][T25260] bridge_slave_1: entered allmulticast mode
[  956.799582][T25260] bridge_slave_1: entered promiscuous mode
[  956.819701][T13361] Bluetooth: hci0: command tx timeout
[  956.974308][T25260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  957.053942][T25260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  957.169054][T25328] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5489'.
[  957.275936][T25260] team0: Port device team_slave_0 added
[  957.298844][T13361] Bluetooth: hci4: command tx timeout
[  957.354606][T25260] team0: Port device team_slave_1 added
[  957.363839][T25332] netlink: 'syz.6.5491': attribute type 10 has an invalid length.
[  957.372147][T25332] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5491'.
[  957.438174][T25336] netlink: 'syz.8.5492': attribute type 1 has an invalid length.
[  957.475837][T25332] team0: Port device geneve0 added
[  957.530888][T25341] warn_alloc: 1 callbacks suppressed
[  957.530910][T25341] syz.7.5494: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  957.577674][T25341] CPU: 1 UID: 0 PID: 25341 Comm: syz.7.5494 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  957.577708][T25341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  957.577721][T25341] Call Trace:
[  957.577730][T25341]  <TASK>
[  957.577740][T25341]  dump_stack_lvl+0x189/0x250
[  957.577774][T25341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  957.577800][T25341]  ? __pfx__printk+0x10/0x10
[  957.577829][T25341]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  957.577857][T25341]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  957.577888][T25341]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  957.577920][T25341]  warn_alloc+0x214/0x310
[  957.577947][T25341]  ? stack_depot_save_flags+0x40/0x900
[  957.577982][T25341]  ? __pfx_warn_alloc+0x10/0x10
[  957.578012][T25341]  ? kasan_save_track+0x4f/0x80
[  957.578035][T25341]  ? xskq_create+0x56/0x170
[  957.578059][T25341]  ? xsk_init_queue+0xb0/0x110
[  957.578080][T25341]  ? xsk_setsockopt+0x43f/0x710
[  957.578101][T25341]  ? do_sock_setsockopt+0x25a/0x3e0
[  957.578128][T25341]  ? __x64_sys_setsockopt+0x18b/0x220
[  957.578155][T25341]  ? do_syscall_64+0xfa/0x3b0
[  957.578180][T25341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.578210][T25341]  __vmalloc_node_range_noprof+0x125/0x12f0
[  957.578270][T25341]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  957.578303][T25341]  ? __kasan_kmalloc+0x93/0xb0
[  957.578334][T25341]  vmalloc_user_noprof+0xad/0xf0
[  957.578369][T25341]  ? xskq_create+0xbf/0x170
[  957.578394][T25341]  xskq_create+0xbf/0x170
[  957.578422][T25341]  xsk_init_queue+0xb0/0x110
[  957.578450][T25341]  xsk_setsockopt+0x43f/0x710
[  957.578477][T25341]  ? __pfx_xsk_setsockopt+0x10/0x10
[  957.578499][T25341]  ? __lock_acquire+0xab9/0xd20
[  957.578531][T25341]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  957.578549][T25341]  ? __pfx_xsk_setsockopt+0x10/0x10
[  957.578573][T25341]  do_sock_setsockopt+0x25a/0x3e0
[  957.578604][T25341]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  957.578637][T25341]  ? __fget_files+0x2a/0x420
[  957.578670][T25341]  __x64_sys_setsockopt+0x18b/0x220
[  957.578706][T25341]  do_syscall_64+0xfa/0x3b0
[  957.578732][T25341]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.578757][T25341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.578778][T25341]  ? clear_bhb_loop+0x60/0xb0
[  957.578803][T25341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.578823][T25341] RIP: 0033:0x7f6f64d8e929
[  957.578842][T25341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  957.578859][T25341] RSP: 002b:00007f6f65c72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  957.578880][T25341] RAX: ffffffffffffffda RBX: 00007f6f64fb5fa0 RCX: 00007f6f64d8e929
[  957.578897][T25341] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004
[  957.578911][T25341] RBP: 00007f6f64e10b39 R08: 0000000000000004 R09: 0000000000000000
[  957.578923][T25341] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  957.578936][T25341] R13: 0000000000000000 R14: 00007f6f64fb5fa0 R15: 00007ffe44cce8f8
[  957.578968][T25341]  </TASK>
[  957.610143][T25343] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5495'.
[  957.615713][T25341] Mem-Info:
[  957.637909][T25336] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  957.643939][T25341] active_anon:5015 inactive_anon:0 isolated_anon:0
[  957.643939][T25341]  active_file:2062 inactive_file:40193 isolated_file:0
[  957.643939][T25341]  unevictable:768 dirty:391 writeback:0
[  957.643939][T25341]  slab_reclaimable:13637 slab_unreclaimable:216440
[  957.643939][T25341]  mapped:29524 shmem:1411 pagetables:939
[  957.643939][T25341]  sec_pagetables:0 bounce:0
[  957.643939][T25341]  kernel_misc_reclaimable:0
[  957.643939][T25341]  free:1205044 free_pcp:14948 free_cma:0
[  957.738253][T25346] Bluetooth: MGMT ver 1.23
[  957.785956][T25341] Node 0 active_anon:20060kB inactive_anon:0kB active_file:8248kB inactive_file:160572kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118096kB dirty:1560kB writeback:0kB shmem:4108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:15936kB pagetables:3708kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  958.015784][T25260] batman_adv: batadv0: Adding interface: batadv_slave_0
[  958.025840][T25341] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  958.036823][T25260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  958.079746][T25341] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  958.089315][T25260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  958.129508][T25341] lowmem_reserve[]: 0 2498 2499 2499 2499
[  958.136177][T25341] Node 0 DMA32 free:891172kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19996kB inactive_anon:0kB active_file:8248kB inactive_file:158996kB unevictable:1536kB writepending:1568kB present:3129332kB managed:2558304kB mlocked:0kB bounce:0kB free_pcp:55008kB local_pcp:39028kB free_cma:0kB
[  958.169114][T25341] lowmem_reserve[]: 0 0 1 1 1
[  958.173890][T25341] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  958.205977][T25341] lowmem_reserve[]: 0 0 0 0 0
[  958.218452][T25341] Node 1 Normal free:3916312kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:1132kB local_pcp:0kB free_cma:0kB
[  958.250658][T25341] lowmem_reserve[]: 0 0 0 0 0
[  958.253190][T25343] 8021q: VLANs not supported on nlmon0
[  958.255556][T25341] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  958.279295][T25341] Node 0 DMA32: 
[  958.280163][T25260] batman_adv: batadv0: Adding interface: batadv_slave_1
[  958.283161][T25341] 136*4kB 
[  958.283849][T25260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  958.283963][T25260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  958.292114][T25341] (UE) 39*8kB (UME) 11*16kB (UE) 11*32kB (UME) 138*64kB (UME) 153*128kB (UME) 197*256kB (UM) 88*512kB (UME) 96*1024kB (UME) 22*2048kB (UME) 152*4096kB (UM) = 891240kB
[  958.357255][T25341] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  958.382385][T25341] Node 1 Normal: 2*4kB (ME) 6*8kB (UME) 48*16kB (UME) 213*32kB (UME) 101*64kB (UME) 30*128kB (UME) 14*256kB (UM) 9*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3916312kB
[  958.409132][T25341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  958.433762][T25341] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  958.451937][T25341] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  958.496291][T25341] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  958.498204][T25357] netlink: 56 bytes leftover after parsing attributes in process `syz.8.5500'.
[  958.519874][T25355] FAULT_INJECTION: forcing a failure.
[  958.519874][T25355] name failslab, interval 1, probability 0, space 0, times 0
[  958.528771][T25341] 43643 total pagecache pages
[  958.537199][T25341] 0 pages in swap cache
[  958.544946][T25357] ip6gretap0: entered promiscuous mode
[  958.551789][T25355] CPU: 1 UID: 0 PID: 25355 Comm: syz.6.5499 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  958.551819][T25355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  958.551833][T25355] Call Trace:
[  958.551841][T25355]  <TASK>
[  958.551850][T25355]  dump_stack_lvl+0x189/0x250
[  958.551881][T25355]  ? __pfx____ratelimit+0x10/0x10
[  958.551908][T25355]  ? __pfx_dump_stack_lvl+0x10/0x10
[  958.551931][T25355]  ? __pfx__printk+0x10/0x10
[  958.551966][T25355]  ? ref_tracker_alloc+0x318/0x460
[  958.551989][T25355]  should_fail_ex+0x414/0x560
[  958.552023][T25355]  should_failslab+0xa8/0x100
[  958.552052][T25355]  kmem_cache_alloc_noprof+0x73/0x3c0
[  958.552077][T25355]  ? skb_clone+0x212/0x3a0
[  958.552102][T25355]  skb_clone+0x212/0x3a0
[  958.552127][T25355]  __netlink_deliver_tap+0x404/0x850
[  958.552168][T25355]  ? netlink_deliver_tap+0x2e/0x1b0
[  958.552196][T25355]  netlink_deliver_tap+0x19c/0x1b0
[  958.552224][T25355]  netlink_unicast+0x72f/0x8d0
[  958.552271][T25355]  netlink_sendmsg+0x805/0xb30
[  958.552308][T25355]  ? __pfx_netlink_sendmsg+0x10/0x10
[  958.552339][T25355]  ? aa_sock_msg_perm+0x94/0x160
[  958.552370][T25355]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  958.552388][T25355]  ? __pfx_netlink_sendmsg+0x10/0x10
[  958.552416][T25355]  __sock_sendmsg+0x219/0x270
[  958.552442][T25355]  ____sys_sendmsg+0x505/0x830
[  958.552479][T25355]  ? __pfx_____sys_sendmsg+0x10/0x10
[  958.552519][T25355]  ? import_iovec+0x74/0xa0
[  958.552547][T25355]  ___sys_sendmsg+0x21f/0x2a0
[  958.552570][T25355]  ? __pfx____sys_sendmsg+0x10/0x10
[  958.552630][T25355]  ? __fget_files+0x2a/0x420
[  958.552656][T25355]  ? __fget_files+0x3a0/0x420
[  958.552694][T25355]  __x64_sys_sendmsg+0x19b/0x260
[  958.552717][T25355]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  958.552748][T25355]  ? __pfx_ksys_write+0x10/0x10
[  958.552769][T25355]  ? rcu_is_watching+0x15/0xb0
[  958.552799][T25355]  ? do_syscall_64+0xbe/0x3b0
[  958.552831][T25355]  do_syscall_64+0xfa/0x3b0
[  958.552855][T25355]  ? lockdep_hardirqs_on+0x9c/0x150
[  958.552881][T25355]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.552901][T25355]  ? clear_bhb_loop+0x60/0xb0
[  958.552927][T25355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.552946][T25355] RIP: 0033:0x7f91b8f8e929
[  958.552964][T25355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  958.552982][T25355] RSP: 002b:00007f91b9ec5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  958.553003][T25355] RAX: ffffffffffffffda RBX: 00007f91b91b5fa0 RCX: 00007f91b8f8e929
[  958.553019][T25355] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  958.553032][T25355] RBP: 00007f91b9ec5090 R08: 0000000000000000 R09: 0000000000000000
[  958.553045][T25355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  958.553057][T25355] R13: 0000000000000000 R14: 00007f91b91b5fa0 R15: 00007ffd37da9618
[  958.553091][T25355]  </TASK>
[  958.566162][T25260] hsr_slave_0: entered promiscuous mode
[  958.672475][T25341] Free swap  = 124996kB
[  958.689167][T25344] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  958.695588][T25341] Total swap = 124996kB
[  958.711704][T25260] hsr_slave_1: entered promiscuous mode
[  958.724348][T25341] 2097051 pages RAM
[  958.736608][T25260] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  958.744038][T25341] 0 pages HighMem/MovableOnly
[  958.748006][T25260] Cannot create hsr debugfs directory
[  958.765492][T25341] 425433 pages reserved
[  958.903524][T25341] 0 pages cma reserved
[  958.940697][T25358] ip_vti0: Master is either lo or non-ether device
[  959.378968][ T5858] Bluetooth: hci4: command tx timeout
[  959.546203][T25260] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  959.575771][T25260] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  959.702620][T25260] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  959.724801][T25260] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  959.856863][T25260] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  959.876362][T25260] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  960.012285][T25260] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  960.044550][T25260] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  960.312641][T25229] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  960.332956][T25229] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  960.366541][T25229] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  960.383918][T25381] IPVS: set_ctl: invalid protocol: 92 255.255.255.255:20000
[  960.397673][T25229] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  960.611722][T25260] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  960.649437][T25260] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  960.687210][T25260] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  960.738914][T13361] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  960.746603][T25397] netlink: 'syz.8.5511': attribute type 13 has an invalid length.
[  960.764072][T25397] netlink: 'syz.8.5511': attribute type 17 has an invalid length.
[  960.776826][T25260] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  960.856319][T25397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  960.902219][T25229] 8021q: adding VLAN 0 to HW filter on device bond0
[  960.903521][T25406] FAULT_INJECTION: forcing a failure.
[  960.903521][T25406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  960.942705][T25406] CPU: 1 UID: 0 PID: 25406 Comm: syz.6.5514 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  960.942736][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  960.942749][T25406] Call Trace:
[  960.942758][T25406]  <TASK>
[  960.942766][T25406]  dump_stack_lvl+0x189/0x250
[  960.942793][T25406]  ? __pfx____ratelimit+0x10/0x10
[  960.942819][T25406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  960.942842][T25406]  ? __pfx__printk+0x10/0x10
[  960.942869][T25406]  ? __might_fault+0xb0/0x130
[  960.942906][T25406]  should_fail_ex+0x414/0x560
[  960.942941][T25406]  _copy_from_user+0x2d/0xb0
[  960.942965][T25406]  kstrtouint_from_user+0xc4/0x170
[  960.942988][T25406]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  960.943033][T25406]  proc_fail_nth_write+0x88/0x240
[  960.943062][T25406]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  960.943097][T25406]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  960.943126][T25406]  vfs_write+0x27e/0xa90
[  960.943154][T25406]  ? __pfx_vfs_write+0x10/0x10
[  960.943175][T25406]  ? __fget_files+0x2a/0x420
[  960.943203][T25406]  ? __fget_files+0x3a0/0x420
[  960.943226][T25406]  ? __fget_files+0x2a/0x420
[  960.943262][T25406]  ksys_write+0x145/0x250
[  960.943290][T25406]  ? __pfx_ksys_write+0x10/0x10
[  960.943319][T25406]  ? do_syscall_64+0xbe/0x3b0
[  960.943350][T25406]  do_syscall_64+0xfa/0x3b0
[  960.943375][T25406]  ? lockdep_hardirqs_on+0x9c/0x150
[  960.943401][T25406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.943421][T25406]  ? clear_bhb_loop+0x60/0xb0
[  960.943446][T25406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.943465][T25406] RIP: 0033:0x7f91b8f8d3df
[  960.943484][T25406] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  960.943499][T25406] RSP: 002b:00007f91b9ea4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  960.943518][T25406] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f91b8f8d3df
[  960.943532][T25406] RDX: 0000000000000001 RSI: 00007f91b9ea40a0 RDI: 0000000000000004
[  960.943545][T25406] RBP: 00007f91b9ea4090 R08: 0000000000000000 R09: 0000000000000000
[  960.943558][T25406] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  960.943570][T25406] R13: 0000000000000001 R14: 00007f91b91b6080 R15: 00007ffd37da9618
[  960.943602][T25406]  </TASK>
[  961.237733][T25397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  961.277550][T25414] __nla_validate_parse: 6 callbacks suppressed
[  961.277709][T25414] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5515'.
[  961.294650][T25402] lo speed is unknown, defaulting to 1000
[  961.321498][T25397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  961.327707][T25260] 8021q: adding VLAN 0 to HW filter on device bond0
[  961.356418][T25260] 8021q: adding VLAN 0 to HW filter on device team0
[  961.370921][T25414] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5515'.
[  961.403462][ T6132] bridge0: port 1(bridge_slave_0) entered blocking state
[  961.410618][ T6132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  961.440803][T25397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  961.458162][T25229] 8021q: adding VLAN 0 to HW filter on device team0
[  961.469550][T13361] Bluetooth: hci4: command tx timeout
[  961.483575][ T6132] bridge0: port 2(bridge_slave_1) entered blocking state
[  961.490842][ T6132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  961.651177][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  961.658408][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  961.690859][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  961.698060][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  961.724729][T25422] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5516'.
[  961.751398][T25422] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5516'.
[  962.086641][T25436] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5520'.
[  962.484166][T25453] FAULT_INJECTION: forcing a failure.
[  962.484166][T25453] name failslab, interval 1, probability 0, space 0, times 0
[  962.502606][T25260] 8021q: adding VLAN 0 to HW filter on device batadv0
[  962.549695][T25453] CPU: 1 UID: 0 PID: 25453 Comm: syz.6.5524 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  962.549749][T25453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  962.549774][T25453] Call Trace:
[  962.549790][T25453]  <TASK>
[  962.549809][T25453]  dump_stack_lvl+0x189/0x250
[  962.549857][T25453]  ? __pfx____ratelimit+0x10/0x10
[  962.549885][T25453]  ? __pfx_dump_stack_lvl+0x10/0x10
[  962.549908][T25453]  ? __pfx__printk+0x10/0x10
[  962.549940][T25453]  ? __pfx___might_resched+0x10/0x10
[  962.549968][T25453]  should_fail_ex+0x414/0x560
[  962.550001][T25453]  should_failslab+0xa8/0x100
[  962.550030][T25453]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  962.550055][T25453]  ? __alloc_skb+0x112/0x2d0
[  962.550086][T25453]  __alloc_skb+0x112/0x2d0
[  962.550123][T25453]  netlink_sendmsg+0x5c6/0xb30
[  962.550161][T25453]  ? __pfx_netlink_sendmsg+0x10/0x10
[  962.550191][T25453]  ? aa_sock_msg_perm+0x94/0x160
[  962.550222][T25453]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  962.550240][T25453]  ? __pfx_netlink_sendmsg+0x10/0x10
[  962.550267][T25453]  __sock_sendmsg+0x219/0x270
[  962.550295][T25453]  ____sys_sendmsg+0x505/0x830
[  962.550331][T25453]  ? __pfx_____sys_sendmsg+0x10/0x10
[  962.550371][T25453]  ? import_iovec+0x74/0xa0
[  962.550399][T25453]  ___sys_sendmsg+0x21f/0x2a0
[  962.550421][T25453]  ? __pfx____sys_sendmsg+0x10/0x10
[  962.550479][T25453]  ? __fget_files+0x2a/0x420
[  962.550504][T25453]  ? __fget_files+0x3a0/0x420
[  962.550543][T25453]  __x64_sys_sendmsg+0x19b/0x260
[  962.550565][T25453]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  962.550594][T25453]  ? __pfx_ksys_write+0x10/0x10
[  962.550615][T25453]  ? rcu_is_watching+0x15/0xb0
[  962.550643][T25453]  ? do_syscall_64+0xbe/0x3b0
[  962.550673][T25453]  do_syscall_64+0xfa/0x3b0
[  962.550697][T25453]  ? lockdep_hardirqs_on+0x9c/0x150
[  962.550723][T25453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.550743][T25453]  ? clear_bhb_loop+0x60/0xb0
[  962.550767][T25453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.550787][T25453] RIP: 0033:0x7f91b8f8e929
[  962.550806][T25453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  962.550824][T25453] RSP: 002b:00007f91b9ec5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  962.550846][T25453] RAX: ffffffffffffffda RBX: 00007f91b91b5fa0 RCX: 00007f91b8f8e929
[  962.550860][T25453] RDX: 0000000000044080 RSI: 0000200000000100 RDI: 0000000000000003
[  962.550874][T25453] RBP: 00007f91b9ec5090 R08: 0000000000000000 R09: 0000000000000000
[  962.550887][T25453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.550900][T25453] R13: 0000000000000000 R14: 00007f91b91b5fa0 R15: 00007ffd37da9618
[  962.550932][T25453]  </TASK>
[  962.916339][T25455] veth0_to_team: entered promiscuous mode
[  962.924159][T25455] veth0_to_team: entered allmulticast mode
[  963.060965][T25464] netlink: 'syz.8.5530': attribute type 13 has an invalid length.
[  963.080460][T25464] netlink: 'syz.8.5530': attribute type 17 has an invalid length.
[  963.183936][T25229] 8021q: adding VLAN 0 to HW filter on device batadv0
[  963.246973][T25464] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  963.337058][T25464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  963.463717][T25464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  963.484189][T25467] lo speed is unknown, defaulting to 1000
[  963.561771][T25478] veth7: entered promiscuous mode
[  963.583788][T25260] veth0_vlan: entered promiscuous mode
[  963.617000][T25464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  963.666503][T25260] veth1_vlan: entered promiscuous mode
[  963.802631][T25260] veth0_macvtap: entered promiscuous mode
[  963.857525][T25260] veth1_macvtap: entered promiscuous mode
[  963.892774][T25229] veth0_vlan: entered promiscuous mode
[  963.913649][T25260] batman_adv: batadv0: Interface activated: batadv_slave_0
[  963.927398][T25260] batman_adv: batadv0: Interface activated: batadv_slave_1
[  963.947322][T25229] veth1_vlan: entered promiscuous mode
[  963.977261][ T6132] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  964.004010][ T6132] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  964.081102][ T6132] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  964.098183][T25486] netlink: 'syz.7.5534': attribute type 13 has an invalid length.
[  964.107013][T25486] netlink: 'syz.7.5534': attribute type 17 has an invalid length.
[  964.125686][ T6132] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  964.188559][T25486] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  964.244160][T25229] veth0_macvtap: entered promiscuous mode
[  964.263423][T25229] veth1_macvtap: entered promiscuous mode
[  964.277892][T25489] netlink: 'syz.6.5535': attribute type 10 has an invalid length.
[  964.306940][T25487] lo speed is unknown, defaulting to 1000
[  964.318547][T25489] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5535'.
[  964.332516][T20429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  964.362414][T20429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  964.426338][T20435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  964.440983][T20435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  964.591303][T25491] netlink: 'syz.6.5536': attribute type 10 has an invalid length.
[  964.599873][T25491] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5536'.
[  964.603768][T25493] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5537'.
[  964.671224][T25229] batman_adv: batadv0: Interface activated: batadv_slave_0
[  964.836595][T25229] batman_adv: batadv0: Interface activated: batadv_slave_1
[  964.871457][T25496] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5538'.
[  964.889542][T25496] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  964.955139][T25496] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  964.958274][T25485] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  965.146741][T20437] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  965.181344][T20437] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  965.220014][T20437] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  965.340818][T25502] team0: Port device geneve0 removed
[  965.475922][T20437] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  965.604692][T20429] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.746613][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  965.789328][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  965.844081][T20429] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.887505][T25507] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5542'.
[  966.102341][ T5962] IPVS: starting estimator thread 0...
[  966.114151][T20429] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  966.131019][T25518] netlink: 'syz.6.5543': attribute type 10 has an invalid length.
[  966.191477][T25519] IPVS: using max 28 ests per chain, 67200 per kthread
[  966.227767][T25518] team0: Port device geneve0 added
[  966.289880][T20427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  966.303000][T20427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  966.427068][T20429] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  966.451678][T25529] netlink: 'syz.6.5547': attribute type 10 has an invalid length.
[  966.480665][T25529] __nla_validate_parse: 4 callbacks suppressed
[  966.480686][T25529] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5547'.
[  966.549598][T25531] netlink: 'syz.8.5548': attribute type 10 has an invalid length.
[  966.663779][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  966.676242][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  966.685321][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  966.699171][T25534] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5549'.
[  966.700827][T25531] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  966.729306][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  966.747138][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  966.761974][T25534] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  966.957678][T25535] lo speed is unknown, defaulting to 1000
[  966.973886][T25542] netlink: 44 bytes leftover after parsing attributes in process `syz.8.5551'.
[  967.016128][T20429] bridge_slave_1: left allmulticast mode
[  967.032657][T20429] bridge_slave_1: left promiscuous mode
[  967.040463][T20429] bridge0: port 2(bridge_slave_1) entered disabled state
[  967.062095][T20429] bridge_slave_0: left allmulticast mode
[  967.078479][T20429] bridge_slave_0: left promiscuous mode
[  967.084293][T20429] bridge0: port 1(bridge_slave_0) entered disabled state
[  967.536844][T20429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  967.553380][T20429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  967.564764][T20429] bond0 (unregistering): Released all slaves
[  967.822619][T25551] Bluetooth: MGMT ver 1.23
[  968.092293][T25561] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5556'.
[  968.196273][T25535] chnl_net:caif_netlink_parms(): no params data found
[  968.269841][T25559] lo speed is unknown, defaulting to 1000
[  968.355576][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  968.365571][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  968.376679][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  968.389652][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  968.402270][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  968.427577][T20429] hsr_slave_0: left promiscuous mode
[  968.436701][T20429] hsr_slave_1: left promiscuous mode
[  968.444177][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  968.452331][T20429] batman_adv: batadv0: Removing interface: batadv_slave_0
[  968.464171][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  968.479048][T20429] batman_adv: batadv0: Removing interface: batadv_slave_1
[  968.556510][T20429] veth1_macvtap: left promiscuous mode
[  968.562430][T20429] veth0_macvtap: left promiscuous mode
[  968.568123][T20429] veth1_vlan: left promiscuous mode
[  968.573913][T20429] veth0_vlan: left promiscuous mode
[  968.700818][T25584] xt_CT: No such helper "snmp"
[  968.818729][T13361] Bluetooth: hci0: command tx timeout
[  969.184081][T20429] team0 (unregistering): Port device team_slave_1 removed
[  969.236875][T20429] team0 (unregistering): Port device team_slave_0 removed
[  969.805363][T25578] netlink: 136 bytes leftover after parsing attributes in process `syz.6.5561'.
[  969.826165][T25578] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  969.848794][T25579] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) !
[  970.009651][T25592] netlink: 'syz.6.5564': attribute type 13 has an invalid length.
[  970.075924][T25593] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5565'.
[  970.085567][T25592] netlink: 'syz.6.5564': attribute type 17 has an invalid length.
[  970.097050][T25570] lo speed is unknown, defaulting to 1000
[  970.097813][T25535] bridge0: port 1(bridge_slave_0) entered blocking state
[  970.132110][T25535] bridge0: port 1(bridge_slave_0) entered disabled state
[  970.140856][T25535] bridge_slave_0: entered allmulticast mode
[  970.149741][T25535] bridge_slave_0: entered promiscuous mode
[  970.183399][T25593] 8021q: adding VLAN 0 to HW filter on device bond2
[  970.227965][T25592] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  970.245090][T25535] bridge0: port 2(bridge_slave_1) entered blocking state
[  970.253674][T25535] bridge0: port 2(bridge_slave_1) entered disabled state
[  970.262018][T25535] bridge_slave_1: entered allmulticast mode
[  970.274159][T25535] bridge_slave_1: entered promiscuous mode
[  970.297709][T25596] veth9: entered promiscuous mode
[  970.310103][T25592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  970.315199][T25596] bond2: (slave veth9): Enslaving as an active interface with an up link
[  970.385504][T25594] lo speed is unknown, defaulting to 1000
[  970.399436][T25592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  970.487356][T25592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  970.499249][T13361] Bluetooth: hci4: command tx timeout
[  970.523086][T25535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  970.569889][T25535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  970.773491][T25535] team0: Port device team_slave_0 added
[  970.850634][T25535] team0: Port device team_slave_1 added
[  970.874053][T25606] lo speed is unknown, defaulting to 1000
[  970.899043][T13361] Bluetooth: hci0: command tx timeout
[  971.144983][T25535] batman_adv: batadv0: Adding interface: batadv_slave_0
[  971.156339][T25535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  971.184083][T25535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  971.231490][T25617] veth0: entered promiscuous mode
[  971.238802][T25535] batman_adv: batadv0: Adding interface: batadv_slave_1
[  971.246187][T25535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  971.273156][T25535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  971.296625][T25618] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5569'.
[  971.332011][T20429] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  971.584008][T20429] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  971.785808][T25609] lo speed is unknown, defaulting to 1000
[  971.962755][T25535] hsr_slave_0: entered promiscuous mode
[  971.969915][T25535] hsr_slave_1: entered promiscuous mode
[  971.976537][T25535] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  971.984428][T25535] Cannot create hsr debugfs directory
[  972.024705][T20429] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  972.056561][T25570] chnl_net:caif_netlink_parms(): no params data found
[  972.077566][T25622] lo speed is unknown, defaulting to 1000
[  972.185493][T20429] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  972.207626][T25624] lo speed is unknown, defaulting to 1000
[  972.343724][T25641] netlink: 'syz.8.5572': attribute type 10 has an invalid length.
[  972.351920][T25641] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5572'.
[  972.398671][T25637] netlink: 36 bytes leftover after parsing attributes in process `syz.8.5572'.
[  972.458954][T25641] team0: Port device geneve0 added
[  972.543737][T25570] bridge0: port 1(bridge_slave_0) entered blocking state
[  972.555448][T25570] bridge0: port 1(bridge_slave_0) entered disabled state
[  972.564421][T25570] bridge_slave_0: entered allmulticast mode
[  972.572600][T25570] bridge_slave_0: entered promiscuous mode
[  972.579153][T13361] Bluetooth: hci4: command tx timeout
[  972.636762][T25570] bridge0: port 2(bridge_slave_1) entered blocking state
[  972.652740][T25570] bridge0: port 2(bridge_slave_1) entered disabled state
[  972.662769][T25570] bridge_slave_1: entered allmulticast mode
[  972.670755][T25570] bridge_slave_1: entered promiscuous mode
[  972.732782][T25643] veth1: entered promiscuous mode
[  972.882522][T25570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  972.940506][T25570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  972.954856][T20429] bridge_slave_1: left allmulticast mode
[  972.961084][T20429] bridge_slave_1: left promiscuous mode
[  972.966801][T20429] bridge0: port 2(bridge_slave_1) entered disabled state
[  972.976127][T20429] bridge_slave_0: left allmulticast mode
[  972.982550][T13361] Bluetooth: hci0: command tx timeout
[  972.988150][T20429] bridge_slave_0: left promiscuous mode
[  972.994348][T20429] bridge0: port 1(bridge_slave_0) entered disabled state
[  973.462812][T20429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  973.472334][T25649] syz.8.5574: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  973.488788][T25649] CPU: 0 UID: 0 PID: 25649 Comm: syz.8.5574 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  973.488820][T25649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  973.488833][T25649] Call Trace:
[  973.488842][T25649]  <TASK>
[  973.488851][T25649]  dump_stack_lvl+0x189/0x250
[  973.488884][T25649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  973.488910][T25649]  ? __pfx__printk+0x10/0x10
[  973.488938][T25649]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  973.488966][T25649]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  973.488995][T25649]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  973.489027][T25649]  warn_alloc+0x214/0x310
[  973.489054][T25649]  ? stack_depot_save_flags+0x40/0x900
[  973.489090][T25649]  ? __pfx_warn_alloc+0x10/0x10
[  973.489120][T25649]  ? kasan_save_track+0x4f/0x80
[  973.489145][T25649]  ? xskq_create+0x56/0x170
[  973.489168][T25649]  ? xsk_init_queue+0xb0/0x110
[  973.489189][T25649]  ? xsk_setsockopt+0x43f/0x710
[  973.489210][T25649]  ? do_sock_setsockopt+0x25a/0x3e0
[  973.489237][T25649]  ? __x64_sys_setsockopt+0x18b/0x220
[  973.489264][T25649]  ? do_syscall_64+0xfa/0x3b0
[  973.489288][T25649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.489316][T25649]  __vmalloc_node_range_noprof+0x125/0x12f0
[  973.489373][T25649]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  973.489407][T25649]  ? __kasan_kmalloc+0x93/0xb0
[  973.489435][T25649]  vmalloc_user_noprof+0xad/0xf0
[  973.489461][T25649]  ? xskq_create+0xbf/0x170
[  973.489487][T25649]  xskq_create+0xbf/0x170
[  973.489516][T25649]  xsk_init_queue+0xb0/0x110
[  973.489541][T25649]  xsk_setsockopt+0x43f/0x710
[  973.489568][T25649]  ? __pfx_xsk_setsockopt+0x10/0x10
[  973.489590][T25649]  ? __lock_acquire+0xab9/0xd20
[  973.489621][T25649]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  973.489639][T25649]  ? __pfx_xsk_setsockopt+0x10/0x10
[  973.489664][T25649]  do_sock_setsockopt+0x25a/0x3e0
[  973.489698][T25649]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  973.489742][T25649]  ? __fget_files+0x2a/0x420
[  973.489778][T25649]  __x64_sys_setsockopt+0x18b/0x220
[  973.489812][T25649]  do_syscall_64+0xfa/0x3b0
[  973.489837][T25649]  ? lockdep_hardirqs_on+0x9c/0x150
[  973.489863][T25649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.489882][T25649]  ? clear_bhb_loop+0x60/0xb0
[  973.489905][T25649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.489923][T25649] RIP: 0033:0x7f8821b8e929
[  973.489941][T25649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  973.489958][T25649] RSP: 002b:00007f882298b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  973.489979][T25649] RAX: ffffffffffffffda RBX: 00007f8821db5fa0 RCX: 00007f8821b8e929
[  973.489992][T25649] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  973.490003][T25649] RBP: 00007f8821c10b39 R08: 0000000000000004 R09: 0000000000000000
[  973.490016][T25649] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  973.490028][T25649] R13: 0000000000000000 R14: 00007f8821db5fa0 R15: 00007ffe907db598
[  973.490060][T25649]  </TASK>
[  973.493468][T25649] Mem-Info:
[  973.799566][T25649] active_anon:5049 inactive_anon:0 isolated_anon:0
[  973.799566][T25649]  active_file:2062 inactive_file:40204 isolated_file:0
[  973.799566][T25649]  unevictable:768 dirty:378 writeback:0
[  973.799566][T25649]  slab_reclaimable:13844 slab_unreclaimable:220199
[  973.799566][T25649]  mapped:31657 shmem:1391 pagetables:970
[  973.799566][T25649]  sec_pagetables:0 bounce:0
[  973.799566][T25649]  kernel_misc_reclaimable:0
[  973.799566][T25649]  free:1202213 free_pcp:10201 free_cma:0
[  973.801417][T20429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  973.845318][T25649] Node 0 active_anon:20196kB inactive_anon:0kB active_file:8248kB inactive_file:160616kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126628kB dirty:1508kB writeback:0kB shmem:4028kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16376kB pagetables:3732kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  973.845384][T25649] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  973.845439][T25649] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  973.845499][T25649] lowmem_reserve[]: 0 2498 2499 2499 2499
[  973.845545][T25649] Node 0 DMA32 free:876132kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20148kB inactive_anon:0kB active_file:8248kB inactive_file:159040kB unevictable:1536kB writepending:1504kB present:3129332kB managed:2558304kB mlocked:0kB bounce:0kB free_pcp:41036kB local_pcp:15512kB free_cma:0kB
[  973.845609][T25649] lowmem_reserve[]: 0 0 1 1 1
[  973.845648][T25649] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  973.845706][T25649] lowmem_reserve[]: 0 0 0 0 0
[  973.845749][T25649] Node 1 Normal free:3917348kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  973.845809][T25649] lowmem_reserve[]: 0 0 0 0 0
[  973.845852][T25649] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  973.845995][T25649] Node 0 DMA32: 1093*4kB (UME) 972*8kB (UM) 419*16kB (ME) 208*32kB (ME) 145*64kB (UME) 59*128kB (M) 89*256kB (UM) 84*512kB (UME) 98*1024kB (UME) 22*2048kB (UME) 152*4096kB (UM) = 876132kB
[  974.092896][T25649] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  974.105507][T25649] Node 1 Normal: 167*4kB (UME) 43*8kB (UME) 51*16kB (UME) 213*32kB (UME) 101*64kB (UME) 31*128kB (UME) 14*256kB (UM) 9*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3917444kB
[  974.118217][T20429] bond0 (unregistering): Released all slaves
[  974.124759][T25649] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  974.149092][T25649] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB
[  974.159860][T25649] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  974.169641][T25649] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  974.179540][T25649] 43654 total pagecache pages
[  974.185206][T25649] 0 pages in swap cache
[  974.197020][T25649] Free swap  = 124996kB
[  974.201562][T25649] Total swap = 124996kB
[  974.206003][T25649] 2097051 pages RAM
[  974.210400][T25649] 0 pages HighMem/MovableOnly
[  974.215417][T25649] 425433 pages reserved
[  974.222094][T25649] 0 pages cma reserved
[  974.307349][T25650] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  974.400416][T25570] team0: Port device team_slave_0 added
[  974.516520][T25653] xt_CT: No such helper "snmp"
[  974.544851][T25570] team0: Port device team_slave_1 added
[  974.604248][T25659] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5577'.
[  974.632585][T25570] batman_adv: batadv0: Adding interface: batadv_slave_0
[  974.640682][T25570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  974.670963][ T5858] Bluetooth: hci4: command tx timeout
[  974.684389][T25570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  974.701502][T25570] batman_adv: batadv0: Adding interface: batadv_slave_1
[  974.708868][T25570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  974.735398][T25570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  974.808187][T25660] veth11: entered promiscuous mode
[  974.871519][T25662] FAULT_INJECTION: forcing a failure.
[  974.871519][T25662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  974.926708][T25662] CPU: 1 UID: 0 PID: 25662 Comm: syz.8.5578 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  974.926738][T25662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  974.926751][T25662] Call Trace:
[  974.926764][T25662]  <TASK>
[  974.926773][T25662]  dump_stack_lvl+0x189/0x250
[  974.926803][T25662]  ? __pfx____ratelimit+0x10/0x10
[  974.926830][T25662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  974.926853][T25662]  ? __pfx__printk+0x10/0x10
[  974.926894][T25662]  should_fail_ex+0x414/0x560
[  974.926929][T25662]  _copy_to_user+0x31/0xb0
[  974.926955][T25662]  simple_read_from_buffer+0xe1/0x170
[  974.926987][T25662]  proc_fail_nth_read+0x1df/0x250
[  974.927019][T25662]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  974.927051][T25662]  ? rw_verify_area+0x258/0x650
[  974.927073][T25662]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  974.927103][T25662]  vfs_read+0x200/0x980
[  974.927131][T25662]  ? __pfx___mutex_lock+0x10/0x10
[  974.927160][T25662]  ? __pfx_vfs_read+0x10/0x10
[  974.927185][T25662]  ? __fget_files+0x2a/0x420
[  974.927216][T25662]  ? __fget_files+0x3a0/0x420
[  974.927241][T25662]  ? __fget_files+0x2a/0x420
[  974.927277][T25662]  ksys_read+0x145/0x250
[  974.927302][T25662]  ? __pfx_ksys_read+0x10/0x10
[  974.927320][T25662]  ? rcu_is_watching+0x15/0xb0
[  974.927347][T25662]  ? do_syscall_64+0xbe/0x3b0
[  974.927376][T25662]  do_syscall_64+0xfa/0x3b0
[  974.927399][T25662]  ? lockdep_hardirqs_on+0x9c/0x150
[  974.927421][T25662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.927441][T25662]  ? clear_bhb_loop+0x60/0xb0
[  974.927465][T25662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.927484][T25662] RIP: 0033:0x7f8821b8d33c
[  974.927502][T25662] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  974.927520][T25662] RSP: 002b:00007f882298b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  974.927542][T25662] RAX: ffffffffffffffda RBX: 00007f8821db5fa0 RCX: 00007f8821b8d33c
[  974.927557][T25662] RDX: 000000000000000f RSI: 00007f882298b0a0 RDI: 0000000000000004
[  974.927570][T25662] RBP: 00007f882298b090 R08: 0000000000000000 R09: 0000000000000000
[  974.927584][T25662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  974.927602][T25662] R13: 0000000000000000 R14: 00007f8821db5fa0 R15: 00007ffe907db598
[  974.927636][T25662]  </TASK>
[  975.351405][T25570] hsr_slave_0: entered promiscuous mode
[  975.358297][T25570] hsr_slave_1: entered promiscuous mode
[  975.366729][T25570] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  975.374382][T25570] Cannot create hsr debugfs directory
[  975.409743][T25671] netlink: 'syz.6.5581': attribute type 10 has an invalid length.
[  975.439720][T25671] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5581'.
[  975.465547][T25677] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5581'.
[  975.480581][T20429] hsr_slave_0: left promiscuous mode
[  975.562877][T25681] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5581'.
[  975.573100][T25681] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5581'.
[  975.584137][T20429] hsr_slave_1: left promiscuous mode
[  975.594499][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  975.602537][T20429] batman_adv: batadv0: Removing interface: batadv_slave_0
[  975.643215][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  975.669845][T20429] batman_adv: batadv0: Removing interface: batadv_slave_1
[  975.739444][T20429] veth1_macvtap: left promiscuous mode
[  975.744986][T20429] veth0_macvtap: left promiscuous mode
[  975.752919][T20429] veth1_vlan: left promiscuous mode
[  975.758232][T20429] veth0_vlan: left promiscuous mode
[  976.345956][T13361] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  976.439136][T20429] team0 (unregistering): Port device team_slave_1 removed
[  976.492049][T20429] team0 (unregistering): Port device team_slave_0 removed
[  976.744258][T13361] Bluetooth: hci4: command tx timeout
[  977.186760][T25672] lo speed is unknown, defaulting to 1000
[  977.277311][T25683] netlink: 'syz.8.5583': attribute type 13 has an invalid length.
[  977.302069][T25683] netlink: 'syz.8.5583': attribute type 17 has an invalid length.
[  977.386177][T25687] netlink: 'syz.6.5585': attribute type 10 has an invalid length.
[  977.394895][T25687] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5585'.
[  977.411684][T25687] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5585'.
[  977.424525][T25683] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  977.503522][T25690] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5585'.
[  977.513276][T25690] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5585'.
[  977.678153][T25692] FAULT_INJECTION: forcing a failure.
[  977.678153][T25692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  977.697189][T25692] CPU: 0 UID: 0 PID: 25692 Comm: syz.6.5586 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  977.697219][T25692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  977.697232][T25692] Call Trace:
[  977.697241][T25692]  <TASK>
[  977.697249][T25692]  dump_stack_lvl+0x189/0x250
[  977.697275][T25692]  ? __pfx____ratelimit+0x10/0x10
[  977.697308][T25692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  977.697329][T25692]  ? __pfx__printk+0x10/0x10
[  977.697355][T25692]  ? __might_fault+0xb0/0x130
[  977.697390][T25692]  should_fail_ex+0x414/0x560
[  977.697424][T25692]  _copy_from_user+0x2d/0xb0
[  977.697447][T25692]  ___sys_sendmsg+0x158/0x2a0
[  977.697470][T25692]  ? __pfx____sys_sendmsg+0x10/0x10
[  977.697527][T25692]  ? __fget_files+0x2a/0x420
[  977.697551][T25692]  ? __fget_files+0x3a0/0x420
[  977.697589][T25692]  __x64_sys_sendmsg+0x19b/0x260
[  977.697612][T25692]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  977.697642][T25692]  ? __pfx_ksys_write+0x10/0x10
[  977.697662][T25692]  ? rcu_is_watching+0x15/0xb0
[  977.697691][T25692]  ? do_syscall_64+0xbe/0x3b0
[  977.697721][T25692]  do_syscall_64+0xfa/0x3b0
[  977.697746][T25692]  ? lockdep_hardirqs_on+0x9c/0x150
[  977.697770][T25692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.697790][T25692]  ? clear_bhb_loop+0x60/0xb0
[  977.697813][T25692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.697832][T25692] RIP: 0033:0x7f91b8f8e929
[  977.697851][T25692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  977.697868][T25692] RSP: 002b:00007f91b9ec5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  977.697890][T25692] RAX: ffffffffffffffda RBX: 00007f91b91b5fa0 RCX: 00007f91b8f8e929
[  977.697905][T25692] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004
[  977.697918][T25692] RBP: 00007f91b9ec5090 R08: 0000000000000000 R09: 0000000000000000
[  977.697930][T25692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  977.697942][T25692] R13: 0000000000000000 R14: 00007f91b91b5fa0 R15: 00007ffd37da9618
[  977.697975][T25692]  </TASK>
[  977.738977][T25688] lo speed is unknown, defaulting to 1000
[  977.780345][T25535] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  977.978792][T25696] xt_CT: No such helper "snmp"
[  977.999745][T25535] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  978.050850][T25682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  978.115801][T25535] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  978.156347][T25535] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  978.478995][T25710] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5590'.
[  978.552872][T25535] 8021q: adding VLAN 0 to HW filter on device bond0
[  978.596143][T25535] 8021q: adding VLAN 0 to HW filter on device team0
[  978.653119][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.684526][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  978.741307][T25715] netlink: 96 bytes leftover after parsing attributes in process `syz.8.5591'.
[  978.766912][T25711] veth11: entered promiscuous mode
[  978.817912][T20427] bridge0: port 1(bridge_slave_0) entered blocking state
[  978.825138][T20427] bridge0: port 1(bridge_slave_0) entered forwarding state
[  978.850128][T20427] bridge0: port 2(bridge_slave_1) entered blocking state
[  978.857353][T20427] bridge0: port 2(bridge_slave_1) entered forwarding state
[  979.004785][T25720] veth0: entered promiscuous mode
[  979.057330][T25720] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5591'.
[  979.190812][T25720] veth0 (unregistering): left promiscuous mode
[  979.642812][T25726] lo speed is unknown, defaulting to 1000
[  979.811544][T25570] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  980.017763][T25737] lo speed is unknown, defaulting to 1000
[  980.031469][T25570] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  980.081745][T25732] lo speed is unknown, defaulting to 1000
[  980.088262][T25570] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  980.121305][T25570] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  980.183555][T25740] lo speed is unknown, defaulting to 1000
[  980.850458][T25535] 8021q: adding VLAN 0 to HW filter on device batadv0
[  981.124431][T25535] veth0_vlan: entered promiscuous mode
[  981.169690][T25778] netlink: 'syz.7.5595': attribute type 10 has an invalid length.
[  981.186410][T25778] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5595'.
[  981.210629][T25778] netlink: 36 bytes leftover after parsing attributes in process `syz.7.5595'.
[  981.215973][T25535] veth1_vlan: entered promiscuous mode
[  981.262175][T25778] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5595'.
[  981.287108][T25570] 8021q: adding VLAN 0 to HW filter on device bond0
[  981.367465][T25535] veth0_macvtap: entered promiscuous mode
[  981.405026][T25570] 8021q: adding VLAN 0 to HW filter on device team0
[  981.441441][T25535] veth1_macvtap: entered promiscuous mode
[  981.467841][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state
[  981.475061][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  981.522056][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  981.529265][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  981.588304][T25535] batman_adv: batadv0: Interface activated: batadv_slave_0
[  981.640274][T25535] batman_adv: batadv0: Interface activated: batadv_slave_1
[  981.672903][T20427] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  981.735990][T20427] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  981.756828][T20427] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  981.768570][T20427] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  982.054849][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  982.087837][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  982.227079][T25803] lo speed is unknown, defaulting to 1000
[  982.233187][T25798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  982.260162][ T6132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  982.268017][ T6132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  982.287232][T25811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  982.446727][T25816] xt_CT: No such helper "snmp"
[  982.635474][T25823] __nla_validate_parse: 2 callbacks suppressed
[  982.635494][T25823] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5605'.
[  982.669092][T25823] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5605'.
[  982.683389][T25823] netlink: 'syz.6.5605': attribute type 4 has an invalid length.
[  982.761490][T25570] 8021q: adding VLAN 0 to HW filter on device batadv0
[  982.818830][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  983.268823][T20429] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.311918][T25835] netlink: 'syz.8.5608': attribute type 10 has an invalid length.
[  983.328235][T25835] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5608'.
[  983.363557][T25837] netlink: 36 bytes leftover after parsing attributes in process `syz.8.5608'.
[  983.404022][T25835] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5608'.
[  983.436642][T25835] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5608'.
[  983.483140][T20429] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.619166][T20429] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.708760][T25843] FAULT_INJECTION: forcing a failure.
[  983.708760][T25843] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  983.768620][T25843] CPU: 0 UID: 0 PID: 25843 Comm: syz.6.5609 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  983.768649][T25843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  983.768662][T25843] Call Trace:
[  983.768672][T25843]  <TASK>
[  983.768680][T25843]  dump_stack_lvl+0x189/0x250
[  983.768710][T25843]  ? __pfx____ratelimit+0x10/0x10
[  983.768737][T25843]  ? __pfx_dump_stack_lvl+0x10/0x10
[  983.768761][T25843]  ? __pfx__printk+0x10/0x10
[  983.768787][T25843]  ? __might_fault+0xb0/0x130
[  983.768824][T25843]  should_fail_ex+0x414/0x560
[  983.768859][T25843]  _copy_from_user+0x2d/0xb0
[  983.768885][T25843]  kstrtouint_from_user+0xc4/0x170
[  983.768909][T25843]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  983.768948][T25843]  proc_fail_nth_write+0x88/0x240
[  983.768978][T25843]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  983.769013][T25843]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  983.769050][T25843]  vfs_write+0x27e/0xa90
[  983.769085][T25843]  ? __pfx_vfs_write+0x10/0x10
[  983.769110][T25843]  ? __fget_files+0x2a/0x420
[  983.769141][T25843]  ? __fget_files+0x3a0/0x420
[  983.769166][T25843]  ? __fget_files+0x2a/0x420
[  983.769203][T25843]  ksys_write+0x145/0x250
[  983.769230][T25843]  ? __pfx_ksys_write+0x10/0x10
[  983.769251][T25843]  ? rcu_is_watching+0x15/0xb0
[  983.769280][T25843]  ? do_syscall_64+0xbe/0x3b0
[  983.769312][T25843]  do_syscall_64+0xfa/0x3b0
[  983.769337][T25843]  ? lockdep_hardirqs_on+0x9c/0x150
[  983.769363][T25843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.769383][T25843]  ? clear_bhb_loop+0x60/0xb0
[  983.769408][T25843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.769428][T25843] RIP: 0033:0x7f91b8f8d3df
[  983.769446][T25843] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  983.769462][T25843] RSP: 002b:00007f91b9ec5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  983.769482][T25843] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f91b8f8d3df
[  983.769495][T25843] RDX: 0000000000000001 RSI: 00007f91b9ec50a0 RDI: 0000000000000004
[  983.769511][T25843] RBP: 00007f91b9ec5090 R08: 0000000000000000 R09: 0000000000000000
[  983.769522][T25843] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  983.769534][T25843] R13: 0000000000000000 R14: 00007f91b91b5fa0 R15: 00007ffd37da9618
[  983.769567][T25843]  </TASK>
[  984.071962][T20429] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  984.110703][T25570] veth0_vlan: entered promiscuous mode
[  984.143017][T25570] veth1_vlan: entered promiscuous mode
[  984.188311][T25570] veth0_macvtap: entered promiscuous mode
[  984.223000][T25570] veth1_macvtap: entered promiscuous mode
[  984.259401][T25852] FAULT_INJECTION: forcing a failure.
[  984.259401][T25852] name fail_futex, interval 1, probability 0, space 0, times 1
[  984.274480][T25570] batman_adv: batadv0: Interface activated: batadv_slave_0
[  984.278607][T25852] CPU: 1 UID: 0 PID: 25852 Comm: syz.8.5613 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  984.278637][T25852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  984.278651][T25852] Call Trace:
[  984.278660][T25852]  <TASK>
[  984.278669][T25852]  dump_stack_lvl+0x189/0x250
[  984.278698][T25852]  ? __pfx____ratelimit+0x10/0x10
[  984.278726][T25852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  984.278750][T25852]  ? __pfx__printk+0x10/0x10
[  984.278778][T25852]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  984.278803][T25852]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.278830][T25852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  984.278861][T25852]  should_fail_ex+0x414/0x560
[  984.278895][T25852]  get_futex_key+0x1a8/0x1640
[  984.278931][T25852]  ? look_up_lock_class+0x74/0x170
[  984.278963][T25852]  ? __pfx_get_futex_key+0x10/0x10
[  984.278990][T25852]  ? __lock_acquire+0xab9/0xd20
[  984.279019][T25852]  futex_wake+0xf8/0x560
[  984.279045][T25852]  ? __pfx_futex_wake+0x10/0x10
[  984.279067][T25852]  ? __lock_acquire+0xab9/0xd20
[  984.279098][T25852]  do_futex+0x395/0x420
[  984.279130][T25852]  ? __pfx_do_futex+0x10/0x10
[  984.279160][T25852]  ? __might_fault+0xb0/0x130
[  984.279187][T25852]  mm_release+0x188/0x390
[  984.279210][T25852]  ? __pfx_mm_release+0x10/0x10
[  984.279232][T25852]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.279268][T25852]  exit_mm+0xa8/0x2c0
[  984.279297][T25852]  ? __pfx_exit_mm+0x10/0x10
[  984.279327][T25852]  ? rcu_is_watching+0x15/0xb0
[  984.279354][T25852]  do_exit+0x648/0x22e0
[  984.279388][T25852]  ? cgroup_freezing+0x20/0x360
[  984.279418][T25852]  ? __pfx_do_exit+0x10/0x10
[  984.279449][T25852]  ? cgroup_freezing+0x20/0x360
[  984.279474][T25852]  ? cgroup_freezing+0x20/0x360
[  984.279509][T25852]  do_group_exit+0x21c/0x2d0
[  984.279537][T25852]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.279564][T25852]  get_signal+0x1286/0x1340
[  984.279607][T25852]  arch_do_signal_or_restart+0x9a/0x750
[  984.279644][T25852]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  984.279671][T25852]  ? __se_sys_pselect6+0x291/0x300
[  984.279709][T25852]  ? exit_to_user_mode_loop+0x40/0x110
[  984.279734][T25852]  exit_to_user_mode_loop+0x75/0x110
[  984.279755][T25852]  do_syscall_64+0x2bd/0x3b0
[  984.279780][T25852]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.279804][T25852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  984.279823][T25852]  ? clear_bhb_loop+0x60/0xb0
[  984.279847][T25852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  984.279865][T25852] RIP: 0033:0x7f8821b8e929
[  984.279884][T25852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  984.279900][T25852] RSP: 002b:00007f882296a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  984.279926][T25852] RAX: fffffffffffffdfe RBX: 00007f8821db6080 RCX: 00007f8821b8e929
[  984.279940][T25852] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  984.279952][T25852] RBP: 00007f882296a090 R08: 0000000000000000 R09: 0000000000000000
[  984.279965][T25852] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  984.279978][T25852] R13: 0000000000000001 R14: 00007f8821db6080 R15: 00007ffe907db598
[  984.280008][T25852]  </TASK>
[  984.675456][T25860] netlink: 'syz.8.5614': attribute type 13 has an invalid length.
[  984.684594][T25860] netlink: 'syz.8.5614': attribute type 17 has an invalid length.
[  984.705522][T25860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  984.743309][T25570] batman_adv: batadv0: Interface activated: batadv_slave_1
[  984.837641][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  984.869488][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  984.883777][T25863] FAULT_INJECTION: forcing a failure.
[  984.883777][T25863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  984.902601][T25863] CPU: 0 UID: 0 PID: 25863 Comm: syz.7.5615 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  984.902631][T25863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  984.902643][T25863] Call Trace:
[  984.902652][T25863]  <TASK>
[  984.902662][T25863]  dump_stack_lvl+0x189/0x250
[  984.902691][T25863]  ? __pfx____ratelimit+0x10/0x10
[  984.902717][T25863]  ? __pfx_dump_stack_lvl+0x10/0x10
[  984.902741][T25863]  ? __pfx__printk+0x10/0x10
[  984.902769][T25863]  ? __might_fault+0xb0/0x130
[  984.902805][T25863]  should_fail_ex+0x414/0x560
[  984.902840][T25863]  _copy_from_user+0x2d/0xb0
[  984.902870][T25863]  ___sys_sendmsg+0x158/0x2a0
[  984.902893][T25863]  ? __pfx____sys_sendmsg+0x10/0x10
[  984.902948][T25863]  ? __fget_files+0x2a/0x420
[  984.902971][T25863]  ? __fget_files+0x3a0/0x420
[  984.903007][T25863]  __x64_sys_sendmsg+0x19b/0x260
[  984.903029][T25863]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  984.903059][T25863]  ? __pfx_ksys_write+0x10/0x10
[  984.903080][T25863]  ? rcu_is_watching+0x15/0xb0
[  984.903110][T25863]  ? do_syscall_64+0xbe/0x3b0
[  984.903141][T25863]  do_syscall_64+0xfa/0x3b0
[  984.903167][T25863]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.903193][T25863]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  984.903213][T25863]  ? clear_bhb_loop+0x60/0xb0
[  984.903239][T25863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  984.903259][T25863] RIP: 0033:0x7f6f64d8e929
[  984.903277][T25863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  984.903296][T25863] RSP: 002b:00007f6f65c72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  984.903318][T25863] RAX: ffffffffffffffda RBX: 00007f6f64fb5fa0 RCX: 00007f6f64d8e929
[  984.903334][T25863] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000004
[  984.903348][T25863] RBP: 00007f6f65c72090 R08: 0000000000000000 R09: 0000000000000000
[  984.903362][T25863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  984.903375][T25863] R13: 0000000000000000 R14: 00007f6f64fb5fa0 R15: 00007ffe44cce8f8
[  984.903413][T25863]  </TASK>
[  985.160523][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  985.177663][T25866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  985.188207][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  985.200088][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  985.232041][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  985.243370][T25866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  985.249085][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  985.262938][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  985.279632][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  985.311884][T25860] lo speed is unknown, defaulting to 1000
[  985.378211][T25861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  985.487168][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  985.517244][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  985.592807][T25875] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5620'.
[  985.645587][T25864] lo speed is unknown, defaulting to 1000
[  985.747654][T25881] veth9: entered promiscuous mode
[  985.755751][T20429] bridge_slave_1: left allmulticast mode
[  985.762403][T20429] bridge_slave_1: left promiscuous mode
[  985.765574][T25883] netlink: 'syz.7.5621': attribute type 13 has an invalid length.
[  985.769451][T20429] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.791156][T25883] netlink: 'syz.7.5621': attribute type 17 has an invalid length.
[  985.799759][T20429] bridge_slave_0: left allmulticast mode
[  985.805431][T20429] bridge_slave_0: left promiscuous mode
[  985.811901][T20429] bridge0: port 1(bridge_slave_0) entered disabled state
[  986.323691][T20429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  986.340272][T20429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  986.352025][T20429] bond0 (unregistering): Released all slaves
[  986.425235][T25883] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  986.560659][T25882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  986.580256][T20437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  986.597771][T20437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  986.641072][T25889] netlink: 'syz.6.5623': attribute type 10 has an invalid length.
[  986.650251][T25889] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5623'.
[  986.699087][T25890] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5623'.
[  986.708503][T25884] lo speed is unknown, defaulting to 1000
[  986.753858][T25889] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5623'.
[  986.947339][T25893] sctp: [Deprecated]: syz.6.5625 (pid 25893) Use of struct sctp_assoc_value in delayed_ack socket option.
[  986.947339][T25893] Use struct sctp_sack_info instead
[  986.996262][T20429] hsr_slave_0: left promiscuous mode
[  987.006358][T20429] hsr_slave_1: left promiscuous mode
[  987.016955][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  987.025701][T20429] batman_adv: batadv0: Removing interface: batadv_slave_0
[  987.037228][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  987.044979][T20429] batman_adv: batadv0: Removing interface: batadv_slave_1
[  987.116339][T20429] veth1_macvtap: left promiscuous mode
[  987.126392][T20429] veth0_macvtap: left promiscuous mode
[  987.135718][T20429] veth1_vlan: left promiscuous mode
[  987.142681][T20429] veth0_vlan: left promiscuous mode
[  987.379499][ T5858] Bluetooth: hci0: command tx timeout
[  987.846457][T20429] team0 (unregistering): Port device team_slave_1 removed
[  987.903962][T20429] team0 (unregistering): Port device team_slave_0 removed
[  988.577566][T13361] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  988.588393][T13361] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  988.599961][T13361] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  988.625106][T13361] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  988.633662][T13361] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  989.043651][T25899] lo speed is unknown, defaulting to 1000
[  989.083114][T25905] lo speed is unknown, defaulting to 1000
[  989.182368][T25906] lo speed is unknown, defaulting to 1000
[  989.191508][T25912] xt_CT: No such helper "snmp"
[  989.252705][T25864] chnl_net:caif_netlink_parms(): no params data found
[  989.330083][T25916] __nla_validate_parse: 1 callbacks suppressed
[  989.330106][T25916] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5628'.
[  989.381221][T25916] bridge0: entered promiscuous mode
[  989.458937][T13361] Bluetooth: hci0: command tx timeout
[  989.636640][T25864] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.657236][T25864] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.666180][T25864] bridge_slave_0: entered allmulticast mode
[  989.677983][T25864] bridge_slave_0: entered promiscuous mode
[  989.726876][T25864] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.745691][T25864] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.757927][T25864] bridge_slave_1: entered allmulticast mode
[  989.777261][T25864] bridge_slave_1: entered promiscuous mode
[  989.828862][T25925] tipc: Started in network mode
[  989.833771][T25925] tipc: Node identity 6a1fd26617f7, cluster identity 4711
[  989.842060][T25925] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  989.854270][T25929] syzkaller0: entered promiscuous mode
[  989.875870][T25929] syzkaller0: entered allmulticast mode
[  990.055726][T20429] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.100035][T25864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  990.116995][T25864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  990.157817][T25934] tipc: Resetting bearer <eth:syzkaller0>
[  990.203841][T20429] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.286954][T25925] lo speed is unknown, defaulting to 1000
[  990.324834][T25938] netlink: 'syz.7.5632': attribute type 10 has an invalid length.
[  990.333684][T25938] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5632'.
[  990.360055][T20429] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.376777][T25939] netlink: 36 bytes leftover after parsing attributes in process `syz.7.5632'.
[  990.407754][T25864] team0: Port device team_slave_0 added
[  990.464622][T25864] team0: Port device team_slave_1 added
[  990.610659][T20429] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.627481][T25946] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5634'.
[  990.739638][T13361] Bluetooth: hci4: command tx timeout
[  990.771729][T25864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  990.778910][T25864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  990.837625][T25864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  990.860129][T23698] tipc: Node number set to 2112410214
[  990.900881][T25943] veth11: entered promiscuous mode
[  990.921174][T25906] chnl_net:caif_netlink_parms(): no params data found
[  990.942123][T25864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  990.956848][T25864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  990.991468][T25864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  991.316151][T25864] hsr_slave_0: entered promiscuous mode
[  991.323541][T25864] hsr_slave_1: entered promiscuous mode
[  991.330557][T25864] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  991.338297][T25864] Cannot create hsr debugfs directory
[  991.448645][T25906] bridge0: port 1(bridge_slave_0) entered blocking state
[  991.472116][T25906] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.494117][T25906] bridge_slave_0: entered allmulticast mode
[  991.502496][T25906] bridge_slave_0: entered promiscuous mode
[  991.549094][T13361] Bluetooth: hci0: command tx timeout
[  991.603675][T25906] bridge0: port 2(bridge_slave_1) entered blocking state
[  991.628547][T25906] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.636837][T25906] bridge_slave_1: entered allmulticast mode
[  991.649330][T25906] bridge_slave_1: entered promiscuous mode
[  991.735676][T25959] netlink: 'syz.7.5636': attribute type 13 has an invalid length.
[  991.741434][T20429] bridge_slave_1: left allmulticast mode
[  991.748085][T25959] netlink: 'syz.7.5636': attribute type 17 has an invalid length.
[  991.759189][T20429] bridge_slave_1: left promiscuous mode
[  991.764989][T20429] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.778018][T20429] bridge_slave_0: left allmulticast mode
[  991.796915][T20429] bridge_slave_0: left promiscuous mode
[  991.803764][T20429] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.946427][T25965] netlink: 'syz.6.5637': attribute type 7 has an invalid length.
[  992.044821][T25967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  992.117104][T25967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  992.196800][T25968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  992.464846][T20429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  992.479457][T20429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  992.497673][T20429] bond0 (unregistering): Released all slaves
[  992.556642][T25925] tipc: Resetting bearer <eth:syzkaller0>
[  992.579361][T25925] tipc: Disabling bearer <eth:syzkaller0>
[  992.638210][T25959] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  992.702560][T25965] : entered promiscuous mode
[  992.730681][T25906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  992.786513][T25906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  992.815071][T25960] lo speed is unknown, defaulting to 1000
[  992.822239][T13361] Bluetooth: hci4: command tx timeout
[  992.869079][T25972] FAULT_INJECTION: forcing a failure.
[  992.869079][T25972] name failslab, interval 1, probability 0, space 0, times 0
[  992.890984][T25972] CPU: 1 UID: 0 PID: 25972 Comm: syz.6.5639 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  992.891012][T25972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  992.891023][T25972] Call Trace:
[  992.891031][T25972]  <TASK>
[  992.891039][T25972]  dump_stack_lvl+0x189/0x250
[  992.891064][T25972]  ? __pfx____ratelimit+0x10/0x10
[  992.891087][T25972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  992.891107][T25972]  ? __pfx__printk+0x10/0x10
[  992.891142][T25972]  ? __pfx___might_resched+0x10/0x10
[  992.891162][T25972]  ? fs_reclaim_acquire+0x7d/0x100
[  992.891191][T25972]  should_fail_ex+0x414/0x560
[  992.891221][T25972]  should_failslab+0xa8/0x100
[  992.891245][T25972]  __kmalloc_noprof+0xcb/0x4f0
[  992.891264][T25972]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  992.891289][T25972]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  992.891314][T25972]  genl_family_rcv_msg_doit+0xb8/0x300
[  992.891339][T25972]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  992.891360][T25972]  ? rcu_is_watching+0x15/0xb0
[  992.891383][T25972]  ? apparmor_capable+0x137/0x1b0
[  992.891404][T25972]  ? bpf_lsm_capable+0x9/0x20
[  992.891423][T25972]  ? security_capable+0x7e/0x2e0
[  992.891455][T25972]  genl_rcv_msg+0x60e/0x790
[  992.891479][T25972]  ? __pfx_genl_rcv_msg+0x10/0x10
[  992.891494][T25972]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  992.891514][T25972]  ? __pfx_nl802154_del_llsec_key+0x10/0x10
[  992.891536][T25972]  ? __pfx_nl802154_post_doit+0x10/0x10
[  992.891571][T25972]  netlink_rcv_skb+0x205/0x470
[  992.891594][T25972]  ? __pfx_genl_rcv_msg+0x10/0x10
[  992.891613][T25972]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  992.891653][T25972]  ? down_read+0x1ad/0x2e0
[  992.891680][T25972]  genl_rcv+0x28/0x40
[  992.891695][T25972]  netlink_unicast+0x758/0x8d0
[  992.891727][T25972]  netlink_sendmsg+0x805/0xb30
[  992.891759][T25972]  ? __pfx_netlink_sendmsg+0x10/0x10
[  992.891785][T25972]  ? aa_sock_msg_perm+0x94/0x160
[  992.891813][T25972]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  992.891828][T25972]  ? __pfx_netlink_sendmsg+0x10/0x10
[  992.891852][T25972]  __sock_sendmsg+0x219/0x270
[  992.891875][T25972]  ____sys_sendmsg+0x505/0x830
[  992.891908][T25972]  ? __pfx_____sys_sendmsg+0x10/0x10
[  992.891942][T25972]  ? import_iovec+0x74/0xa0
[  992.891967][T25972]  ___sys_sendmsg+0x21f/0x2a0
[  992.891985][T25972]  ? __pfx____sys_sendmsg+0x10/0x10
[  992.892041][T25972]  ? __fget_files+0x2a/0x420
[  992.892062][T25972]  ? __fget_files+0x3a0/0x420
[  992.892095][T25972]  __x64_sys_sendmsg+0x19b/0x260
[  992.892115][T25972]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  992.892149][T25972]  ? __pfx_ksys_write+0x10/0x10
[  992.892166][T25972]  ? rcu_is_watching+0x15/0xb0
[  992.892191][T25972]  ? do_syscall_64+0xbe/0x3b0
[  992.892219][T25972]  do_syscall_64+0xfa/0x3b0
[  992.892239][T25972]  ? lockdep_hardirqs_on+0x9c/0x150
[  992.892261][T25972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  992.892278][T25972]  ? clear_bhb_loop+0x60/0xb0
[  992.892299][T25972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  992.892316][T25972] RIP: 0033:0x7f91b8f8e929
[  992.892334][T25972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  992.892349][T25972] RSP: 002b:00007f91b9ec5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  992.892368][T25972] RAX: ffffffffffffffda RBX: 00007f91b91b5fa0 RCX: 00007f91b8f8e929
[  992.892380][T25972] RDX: 000000000000c080 RSI: 0000200000000880 RDI: 0000000000000004
[  992.892391][T25972] RBP: 00007f91b9ec5090 R08: 0000000000000000 R09: 0000000000000000
[  992.892402][T25972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  992.892412][T25972] R13: 0000000000000000 R14: 00007f91b91b5fa0 R15: 00007ffd37da9618
[  992.892442][T25972]  </TASK>
[  993.672657][T13361] Bluetooth: hci0: command tx timeout
[  993.727760][T25906] team0: Port device team_slave_0 added
[  993.750314][T25906] team0: Port device team_slave_1 added
[  993.884449][T25988] lo speed is unknown, defaulting to 1000
[  993.924089][T25991] lo speed is unknown, defaulting to 1000
[  994.130992][T25906] batman_adv: batadv0: Adding interface: batadv_slave_0
[  994.137974][T25906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  994.172506][T25906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  994.196852][T25974] lo speed is unknown, defaulting to 1000
[  994.200937][T25906] batman_adv: batadv0: Adding interface: batadv_slave_1
[  994.215003][T25906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  994.252134][T25906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  994.338195][T20429] hsr_slave_0: left promiscuous mode
[  994.352642][T20429] hsr_slave_1: left promiscuous mode
[  994.360596][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  994.368091][T20429] batman_adv: batadv0: Removing interface: batadv_slave_0
[  994.377119][T20429] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  994.385146][T20429] batman_adv: batadv0: Removing interface: batadv_slave_1
[  994.421887][T20429] veth1_macvtap: left promiscuous mode
[  994.427460][T20429] veth0_macvtap: left promiscuous mode
[  994.433134][T20429] veth1_vlan: left promiscuous mode
[  994.438639][T20429] veth0_vlan: left promiscuous mode
[  994.908705][T13361] Bluetooth: hci4: command tx timeout
[  995.015069][T20429] team0 (unregistering): Port device team_slave_1 removed
[  995.062323][T20429] team0 (unregistering): Port device team_slave_0 removed
[  995.673335][T25994] lo speed is unknown, defaulting to 1000
[  995.850742][T25906] hsr_slave_0: entered promiscuous mode
[  995.857506][T25906] hsr_slave_1: entered promiscuous mode
[  995.868299][T25906] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  995.876041][T25906] Cannot create hsr debugfs directory
[  996.323026][T25999] netlink: 'syz.7.5643': attribute type 10 has an invalid length.
[  996.357386][T25999] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5643'.
[  996.377360][T26000] netlink: 36 bytes leftover after parsing attributes in process `syz.7.5643'.
[  996.439349][T25999] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5643'.
[  996.454873][T25864] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  996.472188][T25999] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5643'.
[  996.547841][T25864] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  996.576670][T26003] netlink: 'syz.6.5644': attribute type 10 has an invalid length.
[  996.579660][T25864] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  996.585430][T26003] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5644'.
[  996.629501][T26006] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5644'.
[  996.640087][T25864] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  996.719453][T26004] xt_CT: No such helper "snmp"
[  996.780388][T26015] veth13: entered promiscuous mode
[  996.920191][   T30] audit: type=1800 audit(1752118704.507:8): pid=26021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.5648" name="memory.events" dev="tmpfs" ino=748 res=0 errno=0
[  996.951843][T26019] netlink: 'syz.6.5647': attribute type 13 has an invalid length.
[  996.960307][T26019] netlink: 'syz.6.5647': attribute type 17 has an invalid length.
[  996.981004][T13361] Bluetooth: hci4: command tx timeout
[  996.986775][T26019] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  997.141340][T26025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.167460][T25864] 8021q: adding VLAN 0 to HW filter on device bond0
[  997.217415][T26019] lo speed is unknown, defaulting to 1000
[  997.303976][T26030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.334248][T26031] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5652'.
[  997.341083][T25864] 8021q: adding VLAN 0 to HW filter on device team0
[  997.383218][T20429] bridge0: port 1(bridge_slave_0) entered blocking state
[  997.390447][T20429] bridge0: port 1(bridge_slave_0) entered forwarding state
[  997.439882][T26031] bond_slave_0: entered promiscuous mode
[  997.445622][T26031] bond_slave_1: entered promiscuous mode
[  997.453770][T26031] bond_slave_0: left promiscuous mode
[  997.459323][T26031] bond_slave_1: left promiscuous mode
[  997.471338][T26025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.496855][T26034] netlink: 48 bytes leftover after parsing attributes in process `syz.8.5653'.
[  997.506665][T25906] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  997.535740][T25906] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  997.624319][T25906] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  997.663039][T20429] bridge0: port 2(bridge_slave_1) entered blocking state
[  997.670269][T20429] bridge0: port 2(bridge_slave_1) entered forwarding state
[  997.689579][T26038] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5655'.
[  997.719370][T25906] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  997.834007][T25864] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  997.899864][T26051] veth13: entered promiscuous mode
[  997.995537][T26049] lo speed is unknown, defaulting to 1000
[  998.314713][T25906] 8021q: adding VLAN 0 to HW filter on device bond0
[  998.513877][T26070] veth13: entered promiscuous mode
[  998.549203][T26076] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5660'.
[  998.623853][T26056] lo speed is unknown, defaulting to 1000
[  998.674564][T26077] veth11: entered promiscuous mode
[  998.706704][T25864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  998.723842][T25906] 8021q: adding VLAN 0 to HW filter on device team0
[  998.907474][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.914728][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  998.961246][T20419] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.969495][T20419] bridge0: port 2(bridge_slave_1) entered forwarding state
[  999.207445][T25864] veth0_vlan: entered promiscuous mode
[  999.265657][T26086] veth11: entered promiscuous mode
[  999.301434][T25864] veth1_vlan: entered promiscuous mode
[  999.420590][T25864] veth0_macvtap: entered promiscuous mode
[  999.440386][T25864] veth1_macvtap: entered promiscuous mode
[  999.497753][T25864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  999.546883][T25864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  999.627508][T20419] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  999.654964][T20419] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  999.724923][T20419] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  999.755905][T20419] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  999.899863][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  999.922491][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  999.954473][T25906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1000.028977][T20419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1000.057350][T20419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1000.259728][T26063] Bluetooth: hci1: command 0x0406 tx timeout
[ 1000.266840][T26063] Bluetooth: hci2: command 0x0406 tx timeout
[ 1000.273430][T26063] Bluetooth: hci3: command 0x0406 tx timeout
[ 1000.441686][T26107] mac80211_hwsim hwsim33 wlan1: entered allmulticast mode
[ 1000.748131][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1000.830603][T26115] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1000.896112][T26116] wg1 speed is unknown, defaulting to 1000
[ 1000.981422][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1000.994402][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.017039][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.055200][T26116] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1001.114724][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1001.132687][T25906] veth0_vlan: entered promiscuous mode
[ 1001.140376][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.153699][T25906] veth1_vlan: entered promiscuous mode
[ 1001.161450][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.176740][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.190030][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.203014][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.205692][T25906] veth0_macvtap: entered promiscuous mode
[ 1001.241802][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1001.257657][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.265740][T25906] veth1_macvtap: entered promiscuous mode
[ 1001.277683][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.286673][T25906] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1001.306156][T25906] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1001.314716][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.326597][ T1162] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.340697][ T1162] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.356126][ T1162] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.372714][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.385125][ T1162] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.420146][T26123] __nla_validate_parse: 2 callbacks suppressed
[ 1001.420166][T26123] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5670'.
[ 1001.440181][T26116] wg1 speed is unknown, defaulting to 1000
[ 1001.752041][T20427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1001.788461][T20427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1001.836316][T26133] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.5672'.
[ 1001.869163][T26130] netlink: 'syz.7.5673': attribute type 13 has an invalid length.
[ 1001.877021][T26130] netlink: 'syz.7.5673': attribute type 17 has an invalid length.
[ 1001.937746][T20419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1001.965782][T20419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1002.073679][T26130] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1002.139164][   T13] bridge_slave_1: left allmulticast mode
[ 1002.148638][   T13] bridge_slave_1: left promiscuous mode
[ 1002.154443][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1002.215253][   T13] bridge_slave_0: left allmulticast mode
[ 1002.229224][   T13] bridge_slave_0: left promiscuous mode
[ 1002.245086][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1002.268126][T19574] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1002.272344][T26141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1002.289021][T19574] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1002.300568][T19574] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1002.320516][T19574] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1002.332410][T19574] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1002.461230][T26148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1002.541903][T26141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1002.786826][T26151] netlink: 'syz.6.5675': attribute type 10 has an invalid length.
[ 1002.796153][T26151] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5675'.
[ 1002.846779][T26152] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5675'.
[ 1002.895496][T26153] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5675'.
[ 1002.921887][T26153] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5675'.
[ 1003.168895][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1003.185276][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1003.197291][   T13] bond0 (unregistering): Released all slaves
[ 1003.261573][T26134] lo speed is unknown, defaulting to 1000
[ 1003.330875][T26134] wg1 speed is unknown, defaulting to 1000
[ 1003.446760][T26140] lo speed is unknown, defaulting to 1000
[ 1003.607227][T26142] lo speed is unknown, defaulting to 1000
[ 1003.611351][T26140] wg1 speed is unknown, defaulting to 1000
[ 1003.730736][T26142] wg1 speed is unknown, defaulting to 1000
[ 1004.024069][   T13] hsr_slave_0: left promiscuous mode
[ 1004.034056][   T13] hsr_slave_1: left promiscuous mode
[ 1004.049562][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1004.057306][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1004.066491][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1004.074127][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1004.124144][   T13] veth1_macvtap: left promiscuous mode
[ 1004.129974][   T13] veth0_macvtap: left promiscuous mode
[ 1004.135808][   T13] veth1_vlan: left promiscuous mode
[ 1004.141670][   T13] veth0_vlan: left promiscuous mode
[ 1004.427780][ T5858] Bluetooth: hci0: command tx timeout
[ 1004.848605][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1004.908142][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1005.399765][T19574] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1005.431143][T19574] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1005.447911][T19574] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1005.458940][T19574] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1005.467367][T19574] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1005.757441][T26165] lo speed is unknown, defaulting to 1000
[ 1005.774809][T26165] wg1 speed is unknown, defaulting to 1000
[ 1005.930017][T26173] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5681'.
[ 1006.220820][T26179] bridge2: port 1(ip6gretap1) entered blocking state
[ 1006.238269][T26179] bridge2: port 1(ip6gretap1) entered disabled state
[ 1006.270122][T26179] ip6gretap1: entered allmulticast mode
[ 1006.278027][T26179] ip6gretap1: entered promiscuous mode
[ 1006.503420][T19574] Bluetooth: hci0: command tx timeout
[ 1006.745824][T26183] veth13: entered promiscuous mode
[ 1006.816931][T26142] chnl_net:caif_netlink_parms(): no params data found
[ 1006.990981][T26196] FAULT_INJECTION: forcing a failure.
[ 1006.990981][T26196] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1007.004542][T26196] CPU: 0 UID: 0 PID: 26196 Comm: syz.6.5688 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[ 1007.004571][T26196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1007.004584][T26196] Call Trace:
[ 1007.004592][T26196]  <TASK>
[ 1007.004601][T26196]  dump_stack_lvl+0x189/0x250
[ 1007.004629][T26196]  ? __pfx____ratelimit+0x10/0x10
[ 1007.004654][T26196]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1007.004678][T26196]  ? __pfx__printk+0x10/0x10
[ 1007.004719][T26196]  should_fail_ex+0x414/0x560
[ 1007.004753][T26196]  _copy_to_user+0x31/0xb0
[ 1007.004779][T26196]  simple_read_from_buffer+0xe1/0x170
[ 1007.004808][T26196]  proc_fail_nth_read+0x1df/0x250
[ 1007.004841][T26196]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1007.004873][T26196]  ? rw_verify_area+0x258/0x650
[ 1007.004896][T26196]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1007.004925][T26196]  vfs_read+0x200/0x980
[ 1007.004952][T26196]  ? __pfx___mutex_lock+0x10/0x10
[ 1007.004980][T26196]  ? __pfx_vfs_read+0x10/0x10
[ 1007.005003][T26196]  ? __fget_files+0x2a/0x420
[ 1007.005033][T26196]  ? __fget_files+0x3a0/0x420
[ 1007.005058][T26196]  ? __fget_files+0x2a/0x420
[ 1007.005092][T26196]  ksys_read+0x145/0x250
[ 1007.005118][T26196]  ? __pfx_ksys_read+0x10/0x10
[ 1007.005137][T26196]  ? rcu_is_watching+0x15/0xb0
[ 1007.005166][T26196]  ? do_syscall_64+0xbe/0x3b0
[ 1007.005196][T26196]  do_syscall_64+0xfa/0x3b0
[ 1007.005221][T26196]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1007.005246][T26196]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.005266][T26196]  ? clear_bhb_loop+0x60/0xb0
[ 1007.005290][T26196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.005309][T26196] RIP: 0033:0x7f91b8f8d33c
[ 1007.005326][T26196] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1007.005343][T26196] RSP: 002b:00007f91b9ec5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1007.005365][T26196] RAX: ffffffffffffffda RBX: 00007f91b91b5fa0 RCX: 00007f91b8f8d33c
[ 1007.005387][T26196] RDX: 000000000000000f RSI: 00007f91b9ec50a0 RDI: 0000000000000004
[ 1007.005399][T26196] RBP: 00007f91b9ec5090 R08: 0000000000000000 R09: 0000000000000000
[ 1007.005412][T26196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1007.005424][T26196] R13: 0000000000000000 R14: 00007f91b91b5fa0 R15: 00007ffd37da9618
[ 1007.005457][T26196]  </TASK>
[ 1007.321651][T26200] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5689'.
[ 1007.439866][T26205] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5691'.
[ 1007.486148][T26142] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1007.494487][T26142] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1007.502723][T26142] bridge_slave_0: entered allmulticast mode
[ 1007.511436][T26142] bridge_slave_0: entered promiscuous mode
[ 1007.543875][T19574] Bluetooth: hci4: command tx timeout
[ 1007.607810][T26142] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1007.620153][T26142] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1007.627643][T26142] bridge_slave_1: entered allmulticast mode
[ 1007.638743][T26142] bridge_slave_1: entered promiscuous mode
[ 1007.783692][T26165] chnl_net:caif_netlink_parms(): no params data found
[ 1008.156442][   T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1008.186494][T26224] netlink: 'syz.6.5695': attribute type 1 has an invalid length.
[ 1008.204480][T26224] netlink: 208 bytes leftover after parsing attributes in process `syz.6.5695'.
[ 1008.235768][T26224] netlink: 'syz.6.5695': attribute type 1 has an invalid length.
[ 1008.248559][T26142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1008.271742][T26224] netlink: 'syz.6.5695': attribute type 2 has an invalid length.
[ 1008.284653][T26142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1008.363813][   T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1008.480544][T26214] lo speed is unknown, defaulting to 1000
[ 1008.582177][T19574] Bluetooth: hci0: command tx timeout
[ 1008.609237][   T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1008.627724][T26214] wg1 speed is unknown, defaulting to 1000
[ 1008.653689][T26142] team0: Port device team_slave_0 added
[ 1008.678756][T26215] lo speed is unknown, defaulting to 1000
[ 1008.687926][T26215] wg1 speed is unknown, defaulting to 1000
[ 1008.713524][T26237] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5699'.
[ 1008.748421][T26142] team0: Port device team_slave_1 added
[ 1008.813782][   T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1008.958039][T26241] veth15: entered promiscuous mode
[ 1008.990951][T26165] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1008.998226][T26165] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1009.007671][T26165] bridge_slave_0: entered allmulticast mode
[ 1009.016534][T26165] bridge_slave_0: entered promiscuous mode
[ 1009.045964][T26245] FAULT_INJECTION: forcing a failure.
[ 1009.045964][T26245] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1009.062600][T26245] CPU: 1 UID: 0 PID: 26245 Comm: syz.6.5700 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[ 1009.062624][T26245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1009.062634][T26245] Call Trace:
[ 1009.062641][T26245]  <TASK>
[ 1009.062648][T26245]  dump_stack_lvl+0x189/0x250
[ 1009.062673][T26245]  ? __pfx____ratelimit+0x10/0x10
[ 1009.062694][T26245]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.062712][T26245]  ? __pfx__printk+0x10/0x10
[ 1009.062734][T26245]  ? fs_reclaim_acquire+0x7d/0x100
[ 1009.062765][T26245]  should_fail_ex+0x414/0x560
[ 1009.062795][T26245]  prepare_alloc_pages+0x213/0x610
[ 1009.062829][T26245]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1009.062857][T26245]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1009.062884][T26245]  ? __pfx__copy_from_iter+0x10/0x10
[ 1009.062904][T26245]  ? policy_nodemask+0x27c/0x720
[ 1009.062927][T26245]  ? aa_file_perm+0x11f/0xed0
[ 1009.062947][T26245]  alloc_pages_mpol+0x232/0x4a0
[ 1009.062976][T26245]  alloc_pages_noprof+0xa9/0x190
[ 1009.063002][T26245]  anon_pipe_write+0xb85/0x1360
[ 1009.063055][T26245]  ? __pfx_anon_pipe_write+0x10/0x10
[ 1009.063079][T26245]  ? common_file_perm+0x199/0x200
[ 1009.063111][T26245]  ? bpf_lsm_file_permission+0x9/0x20
[ 1009.063131][T26245]  ? security_file_permission+0x75/0x290
[ 1009.063163][T26245]  vfs_write+0x54b/0xa90
[ 1009.063187][T26245]  ? __pfx_anon_pipe_write+0x10/0x10
[ 1009.063212][T26245]  ? __pfx_vfs_write+0x10/0x10
[ 1009.063241][T26245]  ? __fget_files+0x2a/0x420
[ 1009.063273][T26245]  ksys_write+0x145/0x250
[ 1009.063296][T26245]  ? __pfx_ksys_write+0x10/0x10
[ 1009.063324][T26245]  ? do_syscall_64+0xbe/0x3b0
[ 1009.063354][T26245]  do_syscall_64+0xfa/0x3b0
[ 1009.063378][T26245]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.063403][T26245]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.063422][T26245]  ? clear_bhb_loop+0x60/0xb0
[ 1009.063447][T26245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.063465][T26245] RIP: 0033:0x7f91b8f8e929
[ 1009.063495][T26245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1009.063513][T26245] RSP: 002b:00007f91b9ea4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1009.063539][T26245] RAX: ffffffffffffffda RBX: 00007f91b91b6080 RCX: 00007f91b8f8e929
[ 1009.063553][T26245] RDX: 0000000000010448 RSI: 0000200000003100 RDI: 0000000000000006
[ 1009.063564][T26245] RBP: 00007f91b9ea4090 R08: 0000000000000000 R09: 0000000000000000
[ 1009.063576][T26245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1009.063586][T26245] R13: 0000000000000000 R14: 00007f91b91b6080 R15: 00007ffd37da9618
[ 1009.063603][T26245]  </TASK>
[ 1009.067480][T26142] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1009.339840][T26142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1009.366812][T26142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1009.383029][T26165] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1009.390677][T26165] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1009.397967][T26165] bridge_slave_1: entered allmulticast mode
[ 1009.406086][T26165] bridge_slave_1: entered promiscuous mode
[ 1009.513834][T26142] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1009.515354][T26251] netlink: 'syz.6.5703': attribute type 21 has an invalid length.
[ 1009.529163][T26142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1009.540933][T26251] netlink: 128 bytes leftover after parsing attributes in process `syz.6.5703'.
[ 1009.561548][T26142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1009.620092][T19574] Bluetooth: hci4: command tx timeout
[ 1009.649795][    C1] ------------[ cut here ]------------
[ 1009.655854][    C1] WARNING: CPU: 1 PID: 26254 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730
[ 1009.665551][    C1] Modules linked in:
[ 1009.669722][    C1] CPU: 1 UID: 0 PID: 26254 Comm: syz.7.5705 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[ 1009.681918][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1009.692031][    C1] RIP: 0010:inet_sock_destruct+0x623/0x730
[ 1009.697837][    C1] Code: 0f 0b 90 e9 62 fe ff ff e8 ca d2 c8 f7 90 0f 0b 90 e9 95 fe ff ff e8 bc d2 c8 f7 90 0f 0b 90 e9 bb fe ff ff e8 ae d2 c8 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[ 1009.717474][    C1] RSP: 0000:ffffc90000a08b48 EFLAGS: 00010246
[ 1009.724055][    C1] RAX: ffffffff89f78d52 RBX: dffffc0000000000 RCX: ffff888031a9bc00
[ 1009.732077][    C1] RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000
[ 1009.740157][    C1] RBP: 0000000000000fff R08: ffff88803ffee11f R09: 1ffff11007ffdc23
[ 1009.748159][    C1] R10: dffffc0000000000 R11: ffffed1007ffdc24 R12: ffff88803ffede80
[ 1009.756165][    C1] R13: dffffc0000000000 R14: ffff88803ffee104 R15: 1ffff11007ffdbd2
[ 1009.764172][    C1] FS:  000055555e8f9500(0000) GS:ffff888125d14000(0000) knlGS:0000000000000000
[ 1009.773149][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1009.779785][    C1] CR2: 000000110c292b9e CR3: 0000000060de0000 CR4: 00000000003526f0
[ 1009.787755][    C1] Call Trace:
[ 1009.791086][    C1]  <IRQ>
[ 1009.793964][    C1]  ? inet6_cleanup_sock+0x197/0x230
[ 1009.799249][    C1]  ? __pfx_inet6_sock_destruct+0x10/0x10
[ 1009.804912][    C1]  __sk_destruct+0x86/0x660
[ 1009.809543][    C1]  ? __pfx___sk_destruct+0x10/0x10
[ 1009.814658][    C1]  ? rcu_core+0xc34/0x1710
[ 1009.819133][    C1]  rcu_core+0xca5/0x1710
[ 1009.823410][    C1]  ? __pfx_rcu_core+0x10/0x10
[ 1009.828086][    C1]  ? sched_balance_domains+0x121/0x9e0
[ 1009.833588][    C1]  ? sched_balance_domains+0x8be/0x9e0
[ 1009.839097][    C1]  ? sched_balance_domains+0x121/0x9e0
[ 1009.844583][    C1]  handle_softirqs+0x286/0x870
[ 1009.849416][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[ 1009.854215][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1009.859561][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[ 1009.864767][    C1]  __irq_exit_rcu+0xca/0x1f0
[ 1009.869397][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1009.874599][    C1]  irq_exit_rcu+0x9/0x30
[ 1009.878876][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1009.884535][    C1]  </IRQ>
[ 1009.887472][    C1]  <TASK>
[ 1009.890422][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1009.896395][    C1] RIP: 0010:lock_acquire+0x175/0x360
[ 1009.901711][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b 8d 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1009.921427][    C1] RSP: 0000:ffffc9000ba77898 EFLAGS: 00000206
[ 1009.927489][    C1] RAX: a19176e62bdd5300 RBX: 0000000000000000 RCX: a19176e62bdd5300
[ 1009.935500][    C1] RDX: 0000000000000000 RSI: ffffffff8db8a5e2 RDI: ffffffff8be28f80
[ 1009.943499][    C1] RBP: ffffffff822f0a0d R08: 0000000000000000 R09: ffffffff822f0a0d
[ 1009.951520][    C1] R10: dffffc0000000000 R11: fffff940003c1881 R12: 0000000000000002
[ 1009.959619][    C1] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246
[ 1009.967590][    C1]  ? page_table_check_set+0x18d/0x730
[ 1009.972996][    C1]  ? page_table_check_set+0x18d/0x730
[ 1009.978415][    C1]  ? pfn_valid+0xba/0x490
[ 1009.982775][    C1]  ? pfn_valid+0xba/0x490
[ 1009.987130][    C1]  ? page_table_check_set+0x18d/0x730
[ 1009.992549][    C1]  page_table_check_set+0x1aa/0x730
[ 1009.997741][    C1]  ? page_table_check_set+0x18d/0x730
[ 1010.003309][    C1]  set_pte_range+0x6a5/0x700
[ 1010.007891][    C1]  ? next_uptodate_folio+0x543/0x5d0
[ 1010.013220][    C1]  filemap_map_pages+0xf29/0x1740
[ 1010.018284][    C1]  ? filemap_map_pages+0x14b/0x1740
[ 1010.023522][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1010.029039][    C1]  ? __handle_mm_fault+0x296f/0x5620
[ 1010.034380][    C1]  ? __handle_mm_fault+0x296f/0x5620
[ 1010.039706][    C1]  __handle_mm_fault+0x368a/0x5620
[ 1010.044828][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1010.049719][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1010.055185][    C1]  ? lock_vma_under_rcu+0xf8/0x710
[ 1010.060355][    C1]  ? lock_vma_under_rcu+0xf8/0x710
[ 1010.065482][    C1]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 1010.071054][    C1]  handle_mm_fault+0x40a/0x8e0
[ 1010.075836][    C1]  do_user_addr_fault+0xa81/0x1390
[ 1010.080995][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1010.085758][    C1]  ? trace_page_fault_user+0x84/0x1e0
[ 1010.091167][    C1]  exc_page_fault+0x76/0xf0
[ 1010.095698][    C1]  asm_exc_page_fault+0x26/0x30
[ 1010.100654][    C1] RIP: 0033:0x7f6f64c6ec8d
[ 1010.105072][    C1] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 2b
[ 1010.124722][    C1] RSP: 002b:00007ffe44cce930 EFLAGS: 00010202
[ 1010.130835][    C1] RAX: 000000110c290000 RBX: 00007f6f65ae5720 RCX: 0000000000000002
[ 1010.138872][    C1] RDX: 0000000000001f97 RSI: 0000000000000b7e RDI: 0000000000000004
[ 1010.146852][    C1] RBP: ffffffff8212df97 R08: 00007f6f64fb6038 R09: 00007f6f64fa2000
[ 1010.154862][    C1] R10: 00007f6f643ff008 R11: 0000000000000001 R12: 0000000000000001
[ 1010.162890][    C1] R13: 0000000000000000 R14: ffffffff8212da2f R15: 00000000000000ce
[ 1010.170905][    C1]  ? is_vmalloc_addr+0xf/0xb0
[ 1010.175583][    C1]  ? vmap_range_noflush+0x447/0xf20
[ 1010.180839][    C1]  </TASK>
[ 1010.183878][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1010.191146][    C1] CPU: 1 UID: 0 PID: 26254 Comm: syz.7.5705 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[ 1010.203365][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1010.213414][    C1] Call Trace:
[ 1010.216687][    C1]  <IRQ>
[ 1010.219522][    C1]  dump_stack_lvl+0x99/0x250
[ 1010.224117][    C1]  ? __asan_memcpy+0x40/0x70
[ 1010.228713][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1010.233994][    C1]  ? __pfx__printk+0x10/0x10
[ 1010.238942][    C1]  panic+0x2db/0x790
[ 1010.242856][    C1]  ? __pfx_panic+0x10/0x10
[ 1010.247289][    C1]  ? show_trace_log_lvl+0x4fb/0x550
[ 1010.252495][    C1]  ? vmap_range_noflush+0x447/0xf20
[ 1010.257687][    C1]  __warn+0x31b/0x4b0
[ 1010.261662][    C1]  ? inet_sock_destruct+0x623/0x730
[ 1010.266849][    C1]  ? inet_sock_destruct+0x623/0x730
[ 1010.272033][    C1]  report_bug+0x2be/0x4f0
[ 1010.276363][    C1]  ? inet_sock_destruct+0x623/0x730
[ 1010.281565][    C1]  ? inet_sock_destruct+0x623/0x730
[ 1010.286748][    C1]  ? inet_sock_destruct+0x625/0x730
[ 1010.291945][    C1]  handle_bug+0x84/0x160
[ 1010.296209][    C1]  exc_invalid_op+0x1a/0x50
[ 1010.300706][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1010.305572][    C1] RIP: 0010:inet_sock_destruct+0x623/0x730
[ 1010.311454][    C1] Code: 0f 0b 90 e9 62 fe ff ff e8 ca d2 c8 f7 90 0f 0b 90 e9 95 fe ff ff e8 bc d2 c8 f7 90 0f 0b 90 e9 bb fe ff ff e8 ae d2 c8 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[ 1010.331047][    C1] RSP: 0000:ffffc90000a08b48 EFLAGS: 00010246
[ 1010.337105][    C1] RAX: ffffffff89f78d52 RBX: dffffc0000000000 RCX: ffff888031a9bc00
[ 1010.345074][    C1] RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000
[ 1010.353068][    C1] RBP: 0000000000000fff R08: ffff88803ffee11f R09: 1ffff11007ffdc23
[ 1010.361037][    C1] R10: dffffc0000000000 R11: ffffed1007ffdc24 R12: ffff88803ffede80
[ 1010.369001][    C1] R13: dffffc0000000000 R14: ffff88803ffee104 R15: 1ffff11007ffdbd2
[ 1010.377003][    C1]  ? inet_sock_destruct+0x622/0x730
[ 1010.382196][    C1]  ? inet_sock_destruct+0x622/0x730
[ 1010.387380][    C1]  ? inet6_cleanup_sock+0x197/0x230
[ 1010.392668][    C1]  ? __pfx_inet6_sock_destruct+0x10/0x10
[ 1010.398331][    C1]  __sk_destruct+0x86/0x660
[ 1010.402837][    C1]  ? __pfx___sk_destruct+0x10/0x10
[ 1010.407937][    C1]  ? rcu_core+0xc34/0x1710
[ 1010.412347][    C1]  rcu_core+0xca5/0x1710
[ 1010.416584][    C1]  ? __pfx_rcu_core+0x10/0x10
[ 1010.421254][    C1]  ? sched_balance_domains+0x121/0x9e0
[ 1010.426787][    C1]  ? sched_balance_domains+0x8be/0x9e0
[ 1010.432246][    C1]  ? sched_balance_domains+0x121/0x9e0
[ 1010.437695][    C1]  handle_softirqs+0x286/0x870
[ 1010.442460][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[ 1010.447294][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1010.452588][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[ 1010.457778][    C1]  __irq_exit_rcu+0xca/0x1f0
[ 1010.462355][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1010.467561][    C1]  irq_exit_rcu+0x9/0x30
[ 1010.471812][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1010.477609][    C1]  </IRQ>
[ 1010.480528][    C1]  <TASK>
[ 1010.483452][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1010.489424][    C1] RIP: 0010:lock_acquire+0x175/0x360
[ 1010.494720][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b 8d 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1010.514406][    C1] RSP: 0000:ffffc9000ba77898 EFLAGS: 00000206
[ 1010.520465][    C1] RAX: a19176e62bdd5300 RBX: 0000000000000000 RCX: a19176e62bdd5300
[ 1010.528430][    C1] RDX: 0000000000000000 RSI: ffffffff8db8a5e2 RDI: ffffffff8be28f80
[ 1010.536385][    C1] RBP: ffffffff822f0a0d R08: 0000000000000000 R09: ffffffff822f0a0d
[ 1010.544349][    C1] R10: dffffc0000000000 R11: fffff940003c1881 R12: 0000000000000002
[ 1010.552335][    C1] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246
[ 1010.560303][    C1]  ? page_table_check_set+0x18d/0x730
[ 1010.565675][    C1]  ? page_table_check_set+0x18d/0x730
[ 1010.571087][    C1]  ? pfn_valid+0xba/0x490
[ 1010.575411][    C1]  ? pfn_valid+0xba/0x490
[ 1010.579741][    C1]  ? page_table_check_set+0x18d/0x730
[ 1010.585099][    C1]  page_table_check_set+0x1aa/0x730
[ 1010.590294][    C1]  ? page_table_check_set+0x18d/0x730
[ 1010.595696][    C1]  set_pte_range+0x6a5/0x700
[ 1010.600380][    C1]  ? next_uptodate_folio+0x543/0x5d0
[ 1010.605757][    C1]  filemap_map_pages+0xf29/0x1740
[ 1010.610778][    C1]  ? filemap_map_pages+0x14b/0x1740
[ 1010.615969][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1010.621445][    C1]  ? __handle_mm_fault+0x296f/0x5620
[ 1010.626734][    C1]  ? __handle_mm_fault+0x296f/0x5620
[ 1010.632017][    C1]  __handle_mm_fault+0x368a/0x5620
[ 1010.637125][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1010.641992][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1010.647473][    C1]  ? lock_vma_under_rcu+0xf8/0x710
[ 1010.652584][    C1]  ? lock_vma_under_rcu+0xf8/0x710
[ 1010.657685][    C1]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 1010.663223][    C1]  handle_mm_fault+0x40a/0x8e0
[ 1010.667997][    C1]  do_user_addr_fault+0xa81/0x1390
[ 1010.673280][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1010.678043][    C1]  ? trace_page_fault_user+0x84/0x1e0
[ 1010.683526][    C1]  exc_page_fault+0x76/0xf0
[ 1010.688027][    C1]  asm_exc_page_fault+0x26/0x30
[ 1010.692876][    C1] RIP: 0033:0x7f6f64c6ec8d
[ 1010.697304][    C1] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 2b
[ 1010.716899][    C1] RSP: 002b:00007ffe44cce930 EFLAGS: 00010202
[ 1010.722962][    C1] RAX: 000000110c290000 RBX: 00007f6f65ae5720 RCX: 0000000000000002
[ 1010.730924][    C1] RDX: 0000000000001f97 RSI: 0000000000000b7e RDI: 0000000000000004
[ 1010.738889][    C1] RBP: ffffffff8212df97 R08: 00007f6f64fb6038 R09: 00007f6f64fa2000
[ 1010.746875][    C1] R10: 00007f6f643ff008 R11: 0000000000000001 R12: 0000000000000001
[ 1010.754838][    C1] R13: 0000000000000000 R14: ffffffff8212da2f R15: 00000000000000ce
[ 1010.762811][    C1]  ? is_vmalloc_addr+0xf/0xb0
[ 1010.767483][    C1]  ? vmap_range_noflush+0x447/0xf20
[ 1010.772676][    C1]  </TASK>
[ 1010.775851][    C1] Kernel Offset: disabled
[ 1010.780166][    C1] Rebooting in 86400 seconds..