last executing test programs:

31.490113377s ago: executing program 3 (id=9208):
syz_emit_ethernet(0x88, &(0x7f00000015c0)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x4a, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x800, [0x65, 0x1, 0xe]}, {}, {0x8, 0x88be, 0x1, {{0x0, 0x1, 0x7}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x80, 0x3}}}, {0x8, 0x6558, 0x7600}}}}}}}, 0x0)

31.291432104s ago: executing program 3 (id=9210):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0xc)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x11003f00}, 0xc, &(0x7f0000000580)={0x0}}, 0x4)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f00000002c0)=0x1, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

30.855605503s ago: executing program 3 (id=9214):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x94, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x60, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x400, 0x20000008, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x4, 0x3, 0x1}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)={<r4=>0x0, @multicast1, @loopback}, &(0x7f0000000040)=0xc)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@RTM_NEWMDB={0x38, 0x54, 0x10, 0x70bd29, 0x25dfdbfc, {0x7, r3}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x1, 0x1, 0x4, {@ip4=@private=0xa010101, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

30.144158015s ago: executing program 3 (id=9221):
socket$nl_xfrm(0x10, 0x3, 0x6)

29.859870391s ago: executing program 3 (id=9225):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0xc)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x11003f00}, 0xc, &(0x7f0000000580)={0x0}}, 0x4)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f00000002c0)=0x1, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

29.121243601s ago: executing program 3 (id=9230):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x40000a0}, 0x8810)

13.788493339s ago: executing program 32 (id=9230):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x40000a0}, 0x8810)

5.502126607s ago: executing program 1 (id=9363):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xa4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f", 0x85}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="bf", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbdd600fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f74", 0x13b}], 0x1}}, {{&(0x7f0000000780)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f0000000d80)=[{&(0x7f0000000200)="e49ff2601bc031eaa16431dc4fc2dd33251a76f4ad34b92117475ace52026efdd9c3538126f3aca2f3ce1a05dc8df6529adba224a49dcb64bd389b38102e338a5897aea4b0e21be46cfcbf7805e2181ebe65dfb37e1279435e749ce463427b18799c6e69c6d7b8b3f61954c995011e9fb9fbe6628cebe288", 0x78}, {&(0x7f00000007c0)="9091d38d1f35ff530b34457de7cad5f52626b6dd81f2991de5a41cc169abfc507532b44586a9db7ac7aa0268672eebd907f43649f3", 0x35}, {0x0}, {&(0x7f0000000c80)="22a0d45e8e7f1f6f6e44", 0xa}], 0x4, &(0x7f0000000e00)}}], 0x4, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

4.558813987s ago: executing program 1 (id=9364):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="8c00000010000304000000000000040600000000", @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e0000000040000280060001000000000004000480280003800c00030040000000060000000c0001000004000000000000d8fd010006000000090000000600050088a8000008000a00", @ANYRES32=r2, @ANYBLOB="08000500", @ANYRES32=r2], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)

1.784630606s ago: executing program 0 (id=9372):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYRES32=<r1=>0x0, @ANYRES32, @ANYRESOCT], 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000400000007000000a300000010000000", @ANYRESHEX=r1, @ANYBLOB="e0840000000004fd561afa855f4d93d470670000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
pipe(&(0x7f00000007c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r5, 0x10c, 0x1, &(0x7f0000000280)=0xd1, 0x4)
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
setsockopt$sock_int(r6, 0x1, 0x200000010, &(0x7f0000000040)=0x9, 0x65)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x21, 0x800000}, 0x28)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r7)
r8 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
splice(r3, 0x0, r4, 0x0, 0xfffd, 0x0)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4, 0x4000010, r2, 0xef47a000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0x1a, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000500000000000000aa8c000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000040000000001801000020756c3d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="00000000000000008500000075000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r9}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="b70000000000000061111c0000000000c60a00000000000095000000000000001eefadd6132b2142b7929349cc6f836b8cba9cc7d517ab051ae031806f86b1cb2abe8a9eb510f32d6ef48ac947e8b6896e7fdcce25c7be8ce0f3c170040f7133c787dae2805f7058c681d1d743460810169e1378acf56d92b8fe58da7b9aba4b306edfce0e66519ba3c034842244173b18f1156075de92c77cbf5a6eb7914ed0027f0909580679e7f344dcea34de837fd2cf89fa57eeb28ab43a80f7801b6f3fa4dc304306e4c949e55df08e5401001fc120583a6cf8c979f916c6cc89e115ce2ae54e00daceac3d5199af3ba48061c21742b4a2d837fa7db400d337", @ANYRESDEC=r8], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r12, &(0x7f0000000140)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44000000100000", @ANYRES32=0x0, @ANYBLOB="00000000042004001c002b8008000800", @ANYRES32=r14, @ANYBLOB='\b\x00\b\x00', @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYBLOB="08001b0000000000"], 0x44}}, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_delroute={0x24, 0x19, 0x103, 0x70bd2d, 0x25dfdbff, {0x1d, 0x1, 0x2}, [@CGW_SRC_IF={0x8, 0x9, r13}, @CGW_DST_IF={0x8, 0xa, r13}]}, 0x24}}, 0x4040000)
r15 = socket(0xa, 0x5, 0x0)
setsockopt$sock_int(r15, 0x1, 0x3e, &(0x7f0000000100)=0x1fffff, 0x4)
bind$inet6(r15, &(0x7f0000000040)={0xa, 0x4e23, 0x3, @loopback, 0xf}, 0x1c)
socket$phonet(0x23, 0x2, 0x1)

1.619750194s ago: executing program 2 (id=9373):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@ip_ttl={{0x14, 0x0, 0x2, 0x9}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7ffffff7}}], 0x30}, 0x884)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x8000000, 0xffffffffffffffff, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'virt_wifi0\x00', @random="a2928798d874"}) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x1)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r5, 0x84, 0x10, &(0x7f0000001f00)=""/4062, &(0x7f00000004c0)=0x744) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r6) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000001200)={0x20, 0x17, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x80) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000080)={'wg2\x00', <r9=>0x0}) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, 0x0, &(0x7f0000000840)=r10}, 0x20) (async)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r11}, 0x18) (async)
r12 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r12, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x300, 0x18c, 0x203, 0x300, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {0x1000000}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000001c0)={0x0, 0x1, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100006506d14b87d1b6e480c70d97145185d90000f36cc0b8850e000308cb5164c1", @ANYRES32=r9, @ANYBLOB="4c00088048000080200004000a004e2100000000000000000000000000000000000000010000000024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c"], 0x68}}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@delchain={0x24, 0x66, 0xf31, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xb, 0x8}, {0x9, 0xffff}}}, 0x24}}, 0x0)

1.49116791s ago: executing program 0 (id=9375):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140))
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r5, 0x11, 0x70bd26, 0x7, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x88d0}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x44, r5, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000800}, 0x4040)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x1c, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x0, 0x96, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x8000)

1.37156935s ago: executing program 2 (id=9376):
socket$netlink(0x10, 0x3, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f0000000680)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '!\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x19, 0x300, 0x0, [{0x5, 0xa, "a78ce54006598080000000001f4023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000000001991319c00"}, {0x19, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde27a5b85b9d930914625d8a049b4cf0d129806a610ad8467a6b2600000000000055a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef5523e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18989f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x0, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b01b9387f85932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0)

1.370970877s ago: executing program 1 (id=9377):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'caif0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_PEER_NOTIF_DELAY={0x8, 0x1c, 0x48c}, @IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={<r2=>0xffffffffffffffff, 0x9, 0xd, 0x9})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x20000080)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x170, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x100, 0x5, 0x400, 0x9, 0x81, 0x101, 0xe, 0x4, 0x7fffffff, 0xfffffffd, 0x20, 0xb, 0xff, 0x6, 0xca11, 0xffff}}, @TCA_GRED_STAB={0xd8, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x170}, 0x1, 0x0, 0x0, 0x845}, 0x24008004)
accept4(r2, &(0x7f0000000180)=@pptp={0x18, 0x2, {0x0, @initdev}}, &(0x7f0000000080)=0x80, 0x80000)

1.112346506s ago: executing program 2 (id=9378):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r3 = openat$cgroup_pressure(r1, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r2}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r3, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
close(r2)
close(r3)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x56}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd96b58014999e7254000008000300", @ANYRES32=r7, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40041}, 0x4000)
sendmsg$NL80211_CMD_DISASSOCIATE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)={0x53c, r6, 0x2, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x1c}}}}, [@NL80211_ATTR_SSID={0x1b, 0x34, @random="0fc23f108fe9198ab6105c1478b214720f73f1a3ed048a"}, @NL80211_ATTR_IE={0x14f, 0x2a, [@challenge={0x10, 0x1, 0xca}, @preq={0x82, 0x5c, {{0x1}, 0x6, 0x0, 0x2, @broadcast, 0x1, @void, 0x4, 0x4a, 0x6, [{{0x0, 0x0, 0x1}, @broadcast, 0x80000001}, {{0x1, 0x0, 0x1}, @device_a, 0x10000}, {{0x0, 0x0, 0x1}, @broadcast, 0xb}, {{0x1}, @device_b, 0x7}, {{0x0, 0x0, 0x1}, @broadcast, 0x6}, {{0x1, 0x0, 0x1}, @device_a, 0x10}]}}, @challenge={0x10, 0x1, 0xb9}, @link_id={0x65, 0x12, {@from_mac, @broadcast}}, @mic={0x8c, 0x10, {0x181, "950b83c5d4c3", @short="724f266bc7c5181a"}}, @fast_bss_trans={0x37, 0xbf, {0x8, 0x5, "996535f2544a146e3e9addfc61d0a640", "090f9b608339e265a6c02702afc1ba09fa4028eb9f80395b535e95101714308f", "0b380031483b9d39ecf0acff7762ac1c1e05fe8487aaa3f9a485ba4b9424b760", [{0x4, 0x3, "066b57"}, {0x2, 0x23, "b37e5c1ea08e60d189e261da55b19027c509f7c7c2168cde3e48bb743118b499b83564"}, {0x1, 0x18, "f2e869d31c4b2d731e9c316cddbfb049f317129d56228461"}, {0x2, 0x22, "90f19de17dcb3787ccada5d57b85675bbfe994f6163d3b3e8ba5a620963ab8f855c9"}, {0x1, 0x3, "9e26c9"}]}}]}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x8e5}, @NL80211_ATTR_IE={0xb0, 0x2a, [@random_vendor={0xdd, 0x21, "dea7a32d3b5bde3ada609d6234ce6c5635369e91eac64646b33d2f4afbac2858bd"}, @challenge={0x10, 0x1, 0x7c}, @preq={0x82, 0x3b, {{0x0, 0x0, 0x1}, 0xb, 0x4, 0x3, @device_a, 0x0, @void, 0xb, 0x3, 0x3, [{{}, @broadcast, 0xd}, {{0x1, 0x0, 0x1}, @device_a, 0xd}, {{0x1}, @device_a, 0x10001}]}}, @measure_req={0x26, 0x44, {0x2, 0x8, 0x7, "07a7647b3f06b6fa77cd2ca0564da3319477d48398396a3cea11ac6c6d1b0153e04b0ffa99a7b12bacc91a90628f0ccf6ba83386d3c9e16295803c0f64586230e4"}}, @erp={0x2a, 0x1, {0x1, 0x1, 0x1}}]}, @NL80211_ATTR_IE={0x2df, 0x2a, [@preq={0x82, 0x36, {{0x0, 0x0, 0x1, 0x0, 0x1}, 0x0, 0x6, 0xb, @device_b, 0x100, @value, 0x0, 0x5, 0x2, [{{0x0, 0x0, 0x1}, @device_b, 0x4}, {{0x1}, @device_a, 0x4}]}}, @mic={0x8c, 0x10, {0xf8e, "b59932fbaeb5", @short="ce9a265a8a6ac2a3"}}, @prep={0x83, 0x1f, {{}, 0x3, 0x0, @device_a, 0x5, @void, 0x8, 0x1, @device_b, 0x2}}, @dsss={0x3, 0x1, 0x9d}, @mic={0x8c, 0x10, {0xb07, "faf59d77077f", @short="1c4e29a4b4c48281"}}, @ht={0x2d, 0x1a, {0x800, 0x1, 0x0, 0x0, {0x40, 0x8, 0x0, 0x7, 0x0, 0x1, 0x0, 0x3}, 0x400, 0xffffff00, 0xaa}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x5, 0x24, 0x6a}}, @fast_bss_trans={0x37, 0x13f, {0x4, 0x7, "6d1296883316af3a673afdb1a2aeaf16", "8e72221d33d40ee7a856c2807c2f0e57e16f9b4ee48b05ce23b6a3a460ce30f0", "3b066b34ef5b24707ff91f026874c0df6d0cb7abad1efb0ae8462be1448b9b1a", [{0x4, 0x28, "e1e3dc666c2c1020d1b176e0db89f668ce776d7c2400816bc89fe4962d418b510010449cbd20ed40"}, {0x1, 0x1b, "5ca177925d4b0b359a61dbf34803c9df44cfa97ecdcea51d8a012b"}, {0x1, 0x14, "f119aeeea3681ec301de54234fda238a4dc36e82"}, {0x2, 0x1d, "e71e356b978fb128da206ca4f117aafa8288697796739e6ecd9ce72340"}, {0x4, 0x27, "39ea49bbb377c3462e8b0c8c7d6d0b8033d8881f3d43524ea712ca740a685ad53482e0ae9f270f"}, {0x3, 0x21, "323c10eddb9941aefdbba5ab180423c2ff290416f6957d71ce47f8f9394bdb5594"}, {0x1, 0x23, "f892489ff92fefca48c9b6852b03b67c489b73dbb886c184f6db5e861c83b6336f8e30"}]}}, @perr={0x84, 0xf6, {0x0, 0x10, [{{}, @broadcast, 0x8, @void, 0x30}, {{}, @device_a, 0x5, @void, 0x12}, {{}, @device_a, 0x5, @void, 0x1d}, {{}, @device_b, 0x10000, @void, 0x42}, {{}, @device_b, 0xffffffff, @void, 0x2f}, {{}, @device_a, 0x10, @void, 0xe}, {{}, @device_a, 0x888, @void, 0x27}, {{}, @broadcast, 0x1, @void, 0x33}, {{}, @device_a, 0x9, @void, 0x35}, {{}, @device_b, 0x2, @void, 0x38}, {{0x0, 0x1}, @device_b, 0x8, @value, 0x5}, {{0x0, 0x1}, @device_a, 0x200, @value, 0x3}, {{0x0, 0x1}, @broadcast, 0x4, @value=@broadcast, 0x6}, {{0x0, 0x1}, @broadcast, 0x10000, @value, 0x2c}, {{0x0, 0x1}, @device_b, 0xfb9db402, @value=@device_b, 0x2f}, {{0x0, 0x1}, @device_a, 0x5, @value=@device_b, 0xf}]}}]}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xc1ef}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x53c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000800)

1.111914653s ago: executing program 0 (id=9379):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r1, 0x84, 0x7f, &(0x7f0000000080)="01e9ff000980ffff", 0x8)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000080))
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)={0x11c, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x108, 0x11, 0x0, 0x1, [@nested={0x101, 0xcf, 0x0, 0x1, [@generic="d478b585fcf4962925eb81095dd3d92e983e841d6ef7368187237f5e91a74d57e8aaee05ec6319", @generic="8f3bec68ef62803fe98daf2de4c76a713091d7d093f16995a391c42d5dfc312e9b67f3e831135df00a399b5234733f156436b0ed25721632972efdd7a775655ff99c2abdc650ece6458a5f9db07c36adc6ebcfe60b70e5a54a83041bc8e1c08dc0afd69868eddb1e9634f84ef01b3f9c31b8c76a0e2ac9dba5adc10a3c9a2360cb2fe6e11e9efcaff1b39dd49895a112f947e4923d9b5c428a37b673f33f3ed02d225807d47efe0a590665b49bf5eaa0890c512f2a01eb6713c6b3539790dca05a2632596c591745bbbf4953c0a783a881f8cf755e6c"]}]}]}, 0x11c}], 0x1, 0x0, 0x0, 0x84}, 0x300)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
setsockopt(r1, 0x84, 0x7f, &(0x7f0000000080)="01e9ff000980ffff", 0x8) (async)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000080)) (async)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)={0x11c, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x108, 0x11, 0x0, 0x1, [@nested={0x101, 0xcf, 0x0, 0x1, [@generic="d478b585fcf4962925eb81095dd3d92e983e841d6ef7368187237f5e91a74d57e8aaee05ec6319", @generic="8f3bec68ef62803fe98daf2de4c76a713091d7d093f16995a391c42d5dfc312e9b67f3e831135df00a399b5234733f156436b0ed25721632972efdd7a775655ff99c2abdc650ece6458a5f9db07c36adc6ebcfe60b70e5a54a83041bc8e1c08dc0afd69868eddb1e9634f84ef01b3f9c31b8c76a0e2ac9dba5adc10a3c9a2360cb2fe6e11e9efcaff1b39dd49895a112f947e4923d9b5c428a37b673f33f3ed02d225807d47efe0a590665b49bf5eaa0890c512f2a01eb6713c6b3539790dca05a2632596c591745bbbf4953c0a783a881f8cf755e6c"]}]}]}, 0x11c}], 0x1, 0x0, 0x0, 0x84}, 0x300) (async)

884.080131ms ago: executing program 1 (id=9382):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000000c0)={@multicast1, @private, <r1=>0x0}, &(0x7f0000000100)=0xc)
ioctl(r0, 0x7, &(0x7f0000000200)="2ec1ff15e2ac29c56d8a2bc44cda0646bf9883c13cb56fc400e9037fffba8fd8572535cc9866ff352506ba6ef9fe34c7cabb83a155b13ac743cff5bf88fad2a4a99c504977613f39bdffed391e95508027cce40db8c27fe264442aa84ddde440a1dae2be9adf216d92210a981b3a99686a50e44df04f19edfe6b3d364382")
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000061111c0000000000c60000000000000095000000000000001eefadd6132b2142b7929349cc6f836b8cba9cc7d517ab051ae031806f86b1cb2abe8a9eb510f32d6ef48ac947e8b6896e7fdcce25c7be8ce0f3c170040f7133c787dae2805f7058c681d1d743460810169e1378acf56d92b8fe58da7b9aba4b306edfce0e66519ba3c034842244173b18f1156075de92c77cbf5a6eb7914ed0027f4909580679e7f344dcea34de837fd2cf89fa57eeb28ab43a80f7801b6f3fa4dc304306e4c949e55df08e5401001fc120583a6cf8c979f916c6cc89e115ce2ae54e00daceac3d5199af3ba48061c21742b4a2d837fa7db400d337", @ANYRES16=r0, @ANYBLOB="0cf8e40c55e9826edcca33eab04915f523fe070f152ffcaef8fc542f9ce2ef1969ded596c6bb0103158be575a256d6818160e669097846ccc6cc073f33a9372ea42bbe8deee415c96994c57a3e730305e94439a51eb01cb6a08c0efe830e8a4a61b1f5bb47693babf480726b22e9d2e2ac85656e12ed12c37b56124fcb3491e04618dcac13c0368195336d2664a85cad845ab8687c27c9d9248439f29cc6820cfb74434aa00f9d4beac9d475"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r1, @fallback=0x4}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000fc0)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x22329}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_FLAGS={0x8, 0xd, 0x7fffffff}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc042}, 0x0)
pwrite64(r2, &(0x7f0000000140)="f4e0c0750648009169ac1ca81835b689cfc81784959376a7498c9aee19db0aeedcf0d4c56f0d217ed9b2328ff08d95244e", 0x31, 0x8132)

849.931821ms ago: executing program 1 (id=9383):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x6a, 0x3, 0x20000000, 0x4)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000080)={@remote, 0x0, 0x0, 0x80, 0x0, [{@private}, {@multicast2}, {}, {@initdev}, {@private}, {@empty}, {@remote}, {@local}]}})
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x3, 0x33)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
getsockopt$inet_mreqsrc(r2, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000004c0)={'wlan1\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x5}})

838.201521ms ago: executing program 4 (id=9384):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2000000}, 0x90)
recvmsg$can_raw(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)=""/243, 0xf3}, {&(0x7f0000000300)=""/115, 0x73}], 0x2}, 0x0)
sendmsg$xdp(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)="60481a316f1aa678318d8d77bf44cced0b70bfcbc4905b8152f20c18be2eeef743f54cb7a16bbb6e3bf2fbbe9ff7481627c2561e1a6c8b02f0eb88c7f32f68b9e2423a0fe87501577efd40b70965d66b09f2cdeb159d2d3d6c095271ce37fbf7fb3712f3e95b9aacc6c1af787c5bdcfcc9b313bd46d1fc3d148d86d5ffb261ace6c45c2fbdced8e4b45e4358b95d4212e53ef729d308e08ed3e683813c1dcac50bf343bc65be49dbd852caf9a2d0656abc82adf0651c4ac76bf558a3179de6c947fb553be50db8ba2860b2483934d5d39cbcc8bc393eb926dbdb8de385f7d627982072679d9853515e79", 0xea}, {&(0x7f00000005c0)="63311794932b42fa800fe297013ca7feab7756ef7824de8a320ce51a7d2a8f9354bbec77c836bc975b39c022940880a890aff150d32e9641e2ec516273f54e5b972dfa3ba0ce3d330c754f50784dd3d120ebfa42481477f49fb6de051c98a3aff4f0cb9f1ea7841c11fe0f25b2dd3f90d203d9c390a2031dffeb947bd6", 0x7d}], 0x2, 0x0, 0x0, 0x20000080}, 0x440000d0)

652.165939ms ago: executing program 0 (id=9385):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001680)=""/4091, 0xffb}, {&(0x7f00000003c0)=""/253, 0xfd}], 0x2}}], 0x1, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01002d"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x810)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x4000084)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa}, 0x1c)

649.912256ms ago: executing program 2 (id=9386):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'macvlan0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, <r4=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)={0x3c, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r4}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}, @nested={0x18, 0x1, 0x0, 0x1, [@nested={0x11, 0x10d, 0x0, 0x1, [@generic="905176c518740da397a9423603"]}]}]}, 0x3c}], 0x1}, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000004c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010102}, @in=@empty, 0x4e22, 0xc, 0x4e22, 0xc, 0xa, 0xa0, 0x20, 0x87, r1, r4}, {0x4, 0x1, 0x7fffffffffffffff, 0x0, 0x10, 0xffff, 0x0, 0x674}, {0x875, 0xffff, 0xbe, 0x1}, 0x1, 0x6e6bb1, 0x2, 0x0, 0x1, 0x2}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4d4, 0x3c}, 0x2, @in6=@empty, 0x3503, 0x4, 0x2, 0xff, 0x0, 0x4, 0x9}}, 0xe8)
recvmmsg(r0, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x100}], 0x2, 0x20, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000071102200000000009500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0xa, [@const={0x6, 0x0, 0x0, 0xa, 0x3}, @int={0xc, 0x0, 0x0, 0x1, 0x0, 0x33, 0x0, 0xf, 0x2}]}, {0x0, [0x0, 0x5f, 0x30, 0x61, 0x5f, 0x10, 0x0, 0x30]}}, &(0x7f0000000380)=""/211, 0x3e, 0xd3, 0x1, 0x6}, 0x28)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x7, 0xfffe, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5}, 0x50)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x1c, 0x21, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x8, 0x8, 0x0, 0x0, @fd=r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

547.099164ms ago: executing program 4 (id=9387):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f00000003c0)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "9ea504", 0x9c, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, {[], {0x4e23, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "75477d9a6d0a5770e90bdd60ae3ebeab39f676409364a963dd2c1c77fd2f7017", "3a3fc7fad3d5282c51fb56c4202473e7e0a63474eee8b075cd64174e83a1315a729012d7a8db3a2bac9f6cffd8d70927", "4bfae8ea07d427b5264632e4cfc7382bb54bb31f4f4d532f26a9c603", {"624156eb1d0800000000000000000020", "626dc18ead41fce3878b510bdcf91b1c"}}}}}}}}, 0x0)

543.380971ms ago: executing program 1 (id=9388):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000007c0)={0x4c, r1, 0x1, 0x70bd2a, 0x0, {0x4e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xab, 0xfffffffc}}, {0x8, 0xb, 0x60a7}, {0x6, 0x11, 0x2}}]}, 0x4c}}, 0x4004880) (async, rerun: 32)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (rerun: 32)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) (async)
write$tun(r2, &(0x7f0000000080)={@void, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x6}, @val={@void, {0x8100, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x4000, 0x0, 0x3, 0x2f, 0x0, @private=0xa010101, @multicast1}, {0xa001, 0x880b, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x9, 0x0, @void}}}}}}}}, 0x32)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000000000080010a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a90000000000000000000000000000000000000000000000f100000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400000000900000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c", @ANYRESDEC=r0, @ANYRESHEX=r4, @ANYRESHEX=r1, @ANYRES64=r1, @ANYBLOB="d5aec1f4e7ef", @ANYRES8=r0, @ANYRES64=r0], 0xfc}}, 0x0) (async)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="84010000210001000000000000000000fc020000000000000000000000000000fe80000000000000000000000000003500000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000034011100ac14140c000000000000000000000000fc000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aa6c01a8000200000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ff020000000000000000000000000001ff020000003500000a000800ac1414bb000000000000000000000000fc02000000000000000000000000000064010102000000000000000000000000fe8000000000000000000000000000323c"], 0x184}}, 0x0)

470.265613ms ago: executing program 4 (id=9389):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
socket(0x10, 0x3, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x0, 0x0, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}, 0x20}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

360.041366ms ago: executing program 2 (id=9390):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000000)={0x0, 'virt_wifi0\x00', {}, 0x4})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000001d000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00008ca0"], 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x8000)

279.886825ms ago: executing program 4 (id=9391):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x8}]}, 0x10)
syz_emit_ethernet(0xd2, &(0x7f00000003c0)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "9ea504", 0x9c, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, {[], {0x4e23, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "75477d9a6d0a5770e90bdd60ae3ebeab39f676409364a963dd2c1c77fd2f7017", "3a3fc7fad3d5282c51fb56c4202473e7e0a63474eee8b075cd64174e83a1315a729012d7a8db3a2bac9f6cffd8d70927", "4bfae8ea07d427b5264632e4cfc7382bb54bb31f4f4d532f26a9c603", {"624156eb1d0800", "626dc18ead41fce3878b510bdcf91b1c"}}}}}}}}, 0x0)

242.526575ms ago: executing program 0 (id=9392):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, &(0x7f0000000040), r2, 0x0, 0x800000000ff, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@base={0x5, 0x4, 0x4, 0x9, 0x10, 0x1}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4}, 0x38)
r5 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}, @TCA_FLOWER_KEY_SCTP_DST={0x6}]}}]}, 0x4c}}, 0x24004000)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendfile(r7, r8, 0x0, 0x7feff000)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$TUNSETNOCSUM(r9, 0xc0189436, 0x1ffffffe)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x100, 0x18}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{0x1, <r11=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x26, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5df}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_fd={0x18, 0x6, 0x1, 0x0, r3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffff9}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0xf, 0x8c, &(0x7f00000000c0)=""/140, 0x40f00, 0x68, '\x00', r6, @fallback=0x7, r7, 0x8, &(0x7f0000000300)={0x7, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x4, &(0x7f0000000500)=[r9, 0x1, r10, r11], &(0x7f0000000540)=[{0x3, 0x4, 0x10, 0x4}, {0x0, 0x5, 0x9, 0xc}, {0x3, 0x4, 0x3, 0x5}, {0x2, 0x5, 0xd, 0x9}], 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000600)='syzkaller\x00'}, 0x94)

154.263212ms ago: executing program 4 (id=9393):
r0 = socket$nl_rdma(0x10, 0x3, 0x14) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xd4}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x1416, 0x1}, 0x10}}, 0x448c0)

114.554808ms ago: executing program 0 (id=9394):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1020, 0x40000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) (async)
r1 = socket$inet6(0xa, 0x3, 0x80)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) (async)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0xc0) (async)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r2)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, r3, 0xa5456c2fe1cd7aeb, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x40882) (async)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) (async)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x18, 0x3e, 0x107, 0x70bd2d, 0x25dfdbfd, {0x4, 0x7c}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x18}}, 0x0) (async)
setsockopt$IP_VS_SO_SET_TIMEOUT(r4, 0x0, 0x48a, &(0x7f0000000000)={0x8, 0x10, 0x6}, 0xc) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, 0x0, 0x0}, 0x94) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x1, 0x70bd2f, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x28062}, [@IFLA_IFNAME={0xfffffffffffffe0b, 0x3, 'gre0\x00'}, @IFLA_EVENT={0x8, 0x2c, 0x1}]}, 0x3c}}, 0x24040800) (async)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x2}, 0x20)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x400c000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="0800050006000000140017800400050004000400060001"], 0x60}}, 0x0) (async)
getgid() (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01002deb91fce6dd0c8e0200000018000180140002006970766c616e3100000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2001}, 0x4010000)

99.739413ms ago: executing program 2 (id=9395):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="040100001a0001000000000000000000e00000020000000000000000000000002001000000000000000000000000000100000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa000000003c000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000200000000000000000014000e00000000000000000000000000000000007de90f31305a7cc34a1640914fe013fe9264dbfc7b584ce2ec031d39f9d9b008a0eadb7a44cac38ff8b1e7dcd803b8b9a4324cc3ccf83cf734b5b0d8f7e0584ea5a75274ca665de3b2ca671d2cbb687add8f5352bfbec00c2cfaffffffffffffffd17a353b86bcaee35e8378c42a85b7095c89ecf396075a3a56c190e2034b2a88580068310c9ecc5f1e2947a9043d30f336018d6a6cba22420664a769edb36423dd0aa0511bb530464003ea152bc83a947c8fa66ad1aa2bdab84cb927eb9b3431494d4624dc7bab3d3955674dccec9c6111a3ff48ae7d6c4aed6728b79af3f43c54fd83bd3a266ba8a6ddc7f4ed213f2c0ffdf37cb8fc75ba98ca035682d57ccb0ebb705535a6fecfa56c3a7ff17a45664d50723242bde4705a204d1c41fe9ee1d76f84754155fdba"], 0x104}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x5}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}}, 0x24000041)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000ffdbdf252e00000008000300", @ANYRES32=r7, @ANYBLOB="05003400b30000002400fe00e01b15db00cfc71b861e2c78057d854f8321fef9010a2ca7687995410db6d492c4bee71858fb36797f5783ee4f581e5f64c0a35c94536dc55951eef044305c6609e1beb90949f0849b8684c120f5b95feb6f3f18790aae1939aabe2ef62b989e4ba6d63f350acf7f8338175e7e8120d679c25cbf99fee135041d0c35974c1944444739c77bea1226b0033be8fe3b0824c4f24a615a37d1b1108bb30531ae173e451e9579558d2c25d2a93ff89e8669f5ed0ce9a09cbabad14968d6566295"], 0x48}}, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)=ANY=[@ANYBLOB='A\x003\x00', @ANYRES16=r3, @ANYBLOB="000425bd7000fedbdf253700000008009f0000000000080026006c0900000500180113000000050018013300000008002700000000000800260008160000"], 0x44}, 0x1, 0x0, 0x0, 0x408c804}, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00'})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0xf5, 0x7, 0x6, 0x5c, @mcast1, @local, 0x8, 0x1, 0xb4, 0x6}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @initdev}, &(0x7f0000000280)=0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00'})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000340)={0x0, @loopback, @private}, &(0x7f0000000380)=0xc)
r8 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r8, &(0x7f0000000240)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x2, 0x0, {0x0, 0x0, 0x0, r9, {0xb, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0xfe}]}]}]}}]}, 0x44}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f00000003c0)}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000007c0)={'gre0\x00', &(0x7f00000006c0)={'sit0\x00', 0x0, 0x8, 0x20, 0x10001, 0x7, {{0x2e, 0x4, 0x2, 0x35, 0xb8, 0x64, 0x0, 0x80, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2b}, @private=0xa010100, {[@end, @end, @noop, @ra={0x94, 0xfffffffffffffcc2, 0x1}, @rr={0x7, 0x7, 0xfe, [@remote]}, @timestamp_prespec={0x44, 0x54, 0xfa, 0x3, 0x2, [{@dev={0xac, 0x14, 0x14, 0x2b}, 0x5}, {@empty, 0x8}, {@dev={0xac, 0x14, 0x14, 0xf}, 0x6}, {@remote, 0x4}, {@multicast2, 0x81}, {@multicast1, 0x8}, {@multicast1, 0xb}, {@private=0xa010101, 0x5}, {@empty, 0x2}, {@multicast1, 0x401}]}, @timestamp_prespec={0x44, 0xc, 0x6, 0x3, 0x7, [{@private=0xa010102, 0xeee}]}, @timestamp_addr={0x44, 0x2c, 0x5a, 0x1, 0xb, [{@remote, 0xff}, {@local, 0x4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6f}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}, {@loopback, 0x2}]}, @ssrr={0x89, 0x7, 0x47, [@rand_addr=0x64010100]}]}}}}})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r10, &(0x7f0000001700)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000016c0)={&(0x7f0000002240)=ANY=[@ANYBLOB='`\n\b\x00', @ANYRES16=r3, @ANYBLOB="00022bbd7000fddbdf25830000000c0099000100000006000000400a11803c0a0580300100808c000380880001800c00018004000b00040009002c000180040008000500060017000000040001000400080006000400090000000500060003000000040001002400018004000c00050006000200000005000600040000000500030002000000040001002000018004000b0006000400fbff00000400010004000c0005000500080000000800018004000c000a00010008021100000100002c00028008002600a01400000500190107000000050019010f000000080026000c17000008002600e0150000040002802c000280050019010b0000000800a00009000000080022016b02000008002600a01400000800a0000700000038000380040002002c00018028000180080002000000000008000200020000000500050009000000050003002c00000004000900040002002c06008008030380580001800800018004000c0010000180050006000f00000004000c003c0001800800020001000000050007000a000000050006001c000000050006000d00000004000100060004000c0000000400080004000b0004000100040002000400020004000200fc0001800400018044000180080002000100000004000a0004000100050005000200000008000200030000000800020001000000050006000a00000006000400ff000000040001000400090010000180050007000500000004000c001800018004000b0005000300080000000500050005000000440001800800020003000000060004001000000004000100060004000180000004000900050007000600000004000100040008000800020002000000080002000000000020000180050005000800000004000c000800020004000000050003000d000000240001800400090004000100050003000900000005000600030000000500050008000000cc0001801c00018004000a000500070092000000050006000900000004000a001000018004000c00050005000500000014000180050005000a00000005000700060000003c00018004000c00040001000500060008000000050003000b000000060004000b0000000600040002000000050003000d00000004000b0004000b0030000180050006001400000004000c000400090004000a000500070000000000050003000f00000006000400020000000c00018004000c0004000c001000018004000a000500060001000000100001800c0001800500030001000000c00001800c00018004000800040008001c000180060004007f000000050006001000000005000700080000001c00018006000400050000000400010004000c00050005000d0000003c000180050003000b000000080002000500000004000800040009000400090004000b00050007000100000008000200030000000400010004000c002800018004000b0005000700f4000000080002000100000004000a000500050009000000040008000c000180060004000004000008000180040008000400020004000200e401038004000200c400018024000180040001000400080005000500010000000800020002000000050005000400000018000180050006001d0000000400090006000400400000002c000180050005000300000004000a0005000600180000000400090004000100050006000b00000004000900280001800500070001000000050003000f000000050003000c00000004000a0004000b0004000c000800018004000a002800018004000b0004000800060004000300000004000b0004000100040008000800020000000000d40001801400018004000a0004000c0004000100040001003800018004000c00050003000200000004000800040009000800020000000000050007007f000000050003008000000004000900040009001c0001800400080004000c00040009000500070007000000040001004000018004000a00050007000900000004000800050006000700000005000500030000000400010004000b00060004000002000004000c000500070004000000280001800500060002000000050003000300000004000b0004000b00060004000400000004000a00440001801000018004000a00050006000700000024000180040001000400080005000600080000000400080004000c0004000b0004000c000c00018005000700090000004c0002800800a0000400000008009f0002000000080027000300000008002201210200000500180115000000050019010900000008002600fd1600000800a00000100000080026006c0900000a00010008021100000100004c000280080027000300000008002700020000000800270000000000080022019a00000008002201cd000000050019010b0000000800a100050000000800270001000000080026006c0900009800038094000180300001800600040001800000050006000800000004000c000400010005000500070000000400080004000c0004000c0014000180060004000d0000000400080004000100380001800500060013000000040001000600040005000000050007000000000004000a00040009000500050001000000050005000c00000014000180050006000b00000004000c0004000b008c0200800a000100080211000000000068020380200001801c000180050006000c00000004000a0004000a000800020001000000d000018014000180050006001d0000000400080004000a0028000180050003000400000004000c000400010004000100050007004d00000005000700fe000000140001800500050008000000050007000600000028000180060004009ef400000400090005000300090000000400010004000b0005000700080000002400018004000b0004000900050006000a0000000500050004000000050007002c00000014000180050007000300000005000600190000001c0001800500060007000000050005000a0000000400010004000c00c00001802c000180050005000000000004000a00080002000000000004000b0005000700060000000400080004000a0040000180050003000a00000004000c0004000100050007000900000005000600070000000800020004000000050005000b000000080002000400000004000c00100001800500070004000000040001000c000180050005000d0000002c0001800400090005000500040000000500030000000000050003000d000000050003000d00000004000b00080001800400010004000200b00001803c0001800500050007000000050005000b0000000500060001000000050005000c00000005000500090000000600040007000000050005000100000028000180050006000c000000060004000900000006000400050000000400010004000c00040009002400018004000c0006000400820c0000080002000100000004000c00050006000600000024000180060004000700000005000300050000000800020002000000050007000900000008000380040002000c0003800400020004000200500000804c000280080026006c0900000800a1003a0000000800a0000400000008002201fb0200000800270001000000080026007c150000050019010d000000050019010d0000000800a00005000000"], 0xa60}}, 0x14880)

0s ago: executing program 4 (id=9396):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r0, r1, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, @void}, 0x10)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000240)={0x10000000})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f00000006c0)=[{{&(0x7f0000000000)={0xa, 0x40, 0x0, @private0={0xfc, 0x0, '\x00', 0xfe}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000080)="18", 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0xfffffffb, @remote, 0x5}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)='.', 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r4, 0x1)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
writev(r5, &(0x7f0000000400)=[{&(0x7f00000002c0)="a609a89c9edd34187123b5adceb3968557f4e107445a53c0815c9636d00f896d1e8cd8de77a79f1e3e2c53ddf1bb9f8ac5cb5257ff4e8b960026bc4244c4b09179a97dffdf02563e23546d3e78f944e7e2fee2a00b6313048fe354223318badb21d8c086669c5f7772f4a6d90d0997babdf79f7d557e055b3e6f2e4f41ec06a39a57b9ccc00bbca22395e41f9e9652af665f0e1603fb85d4799d54d44c706ff8df9bb805b182a1260b5936ae44f649b5e2fdca240984dcd0033ec28aeaaa686608c5c50538eea153", 0xc8}, {&(0x7f00000004c0)="7ee25c099579d92f8da721f68a8100b6adf04e0cd543f7d26019d57e6a3ecf7ef34486da35c482845d517dc801cca9e4f248b15413a7e252b0", 0x39}], 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000009c0)={0x0, @in6={{0xa, 0x4e23, 0xab9, @local, 0x8}}}, &(0x7f0000000100)=0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xa, 0x12, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x420}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@exit, @alu={0x4, 0x0, 0x0, 0x6, 0x5, 0x50, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbd55}, 0x94)

kernel console output (not intermixed with test programs):

kaller0>, priority 0
[  742.563712][T28273] syzkaller0: entered promiscuous mode
[  742.570070][T28273] syzkaller0: entered allmulticast mode
[  742.587244][T28280] netlink: 404 bytes leftover after parsing attributes in process `syz.0.8267'.
[  742.597906][T28280] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8267'.
[  742.599557][T28278] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8266'.
[  742.619756][T28272] tipc: Resetting bearer <eth:syzkaller0>
[  742.684711][T28272] tipc: Disabling bearer <eth:syzkaller0>
[  743.166283][T28301] bond12: entered promiscuous mode
[  743.212510][T28301] bond12: entered allmulticast mode
[  743.223367][T28301] 8021q: adding VLAN 0 to HW filter on device bond12
[  743.405043][T28318] netlink: 'syz.0.8281': attribute type 29 has an invalid length.
[  743.467535][T28318] netlink: 'syz.0.8281': attribute type 29 has an invalid length.
[  743.700835][T28334] netlink: 'syz.3.8288': attribute type 1 has an invalid length.
[  743.814226][T28339] 8021q: adding VLAN 0 to HW filter on device bond8
[  744.313807][T28367] xt_SECMARK: invalid mode: 9
[  744.325192][T28370] sch_tbf: peakrate 7 is lower than or equals to rate 2147483647 !
[  744.984077][T28412] FAULT_INJECTION: forcing a failure.
[  744.984077][T28412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  745.048135][T28412] CPU: 1 UID: 0 PID: 28412 Comm: syz.0.8322 Not tainted syzkaller #0 PREEMPT(full) 
[  745.048168][T28412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  745.048183][T28412] Call Trace:
[  745.048192][T28412]  <TASK>
[  745.048203][T28412]  dump_stack_lvl+0x189/0x250
[  745.048239][T28412]  ? __pfx____ratelimit+0x10/0x10
[  745.048271][T28412]  ? __pfx_dump_stack_lvl+0x10/0x10
[  745.048301][T28412]  ? __pfx__printk+0x10/0x10
[  745.048325][T28412]  ? __might_fault+0xb0/0x130
[  745.048371][T28412]  should_fail_ex+0x414/0x560
[  745.048410][T28412]  _copy_from_user+0x2d/0xb0
[  745.048439][T28412]  kstrtouint_from_user+0xc4/0x170
[  745.048466][T28412]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  745.048508][T28412]  proc_fail_nth_write+0x88/0x200
[  745.048537][T28412]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  745.048571][T28412]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  745.048601][T28412]  vfs_write+0x27e/0xb30
[  745.048641][T28412]  ? __pfx_vfs_write+0x10/0x10
[  745.048673][T28412]  ? __fget_files+0x2a/0x420
[  745.048707][T28412]  ? __fget_files+0x3a0/0x420
[  745.048726][T28412]  ? __fget_files+0x2a/0x420
[  745.048757][T28412]  ksys_write+0x145/0x250
[  745.048793][T28412]  ? __pfx_ksys_write+0x10/0x10
[  745.048829][T28412]  ? do_syscall_64+0xbe/0xfa0
[  745.048864][T28412]  do_syscall_64+0xfa/0xfa0
[  745.048892][T28412]  ? lockdep_hardirqs_on+0x9c/0x150
[  745.048924][T28412]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.048946][T28412]  ? clear_bhb_loop+0x60/0xb0
[  745.048972][T28412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.049002][T28412] RIP: 0033:0x7fdfde18e1ff
[  745.049023][T28412] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  745.049042][T28412] RSP: 002b:00007fdfdf041030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  745.049065][T28412] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdfde18e1ff
[  745.049081][T28412] RDX: 0000000000000001 RSI: 00007fdfdf0410a0 RDI: 0000000000000003
[  745.049095][T28412] RBP: 00007fdfdf041090 R08: 0000000000000000 R09: 0000000000000000
[  745.049108][T28412] R10: 0000000000000096 R11: 0000000000000293 R12: 0000000000000001
[  745.049122][T28412] R13: 00007fdfde3e6038 R14: 00007fdfde3e5fa0 R15: 00007ffd8732a458
[  745.049166][T28412]  </TASK>
[  746.253664][T20275] net_ratelimit: 60 callbacks suppressed
[  746.253688][T20275] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  746.352420][T20275] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  746.412639][T28475] gre0: entered promiscuous mode
[  746.454467][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  746.462869][T28480] veth1_to_bond: entered allmulticast mode
[  746.472494][   T13] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  746.474780][T28480] __nla_validate_parse: 8 callbacks suppressed
[  746.474804][T28480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8336'.
[  746.557170][T28484] veth1_to_bond: left allmulticast mode
[  746.668192][T28495] netlink: 'syz.3.8340': attribute type 1 has an invalid length.
[  746.775441][T28495] 8021q: adding VLAN 0 to HW filter on device bond9
[  746.883806][T28495] gretap1: entered promiscuous mode
[  746.934163][T28495] bond9: (slave gretap1): making interface the new active one
[  746.969335][T28495] bond9: (slave gretap1): Enslaving as an active interface with an up link
[  747.002096][T28496] syzkaller1: entered promiscuous mode
[  747.013826][T28496] syzkaller1: entered allmulticast mode
[  747.192436][   T13] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  747.232428][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  747.322711][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  747.395085][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  747.465422][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  747.512771][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  747.553580][T28545] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8354'.
[  747.804041][T28562] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8360'.
[  748.190992][T28584] bridge0: port 3(veth0_to_bridge) entered blocking state
[  748.201901][T28575] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  748.212769][T28584] bridge0: port 3(veth0_to_bridge) entered disabled state
[  748.216122][T28573] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  748.252098][T28584] veth0_to_bridge: entered allmulticast mode
[  748.290673][T28583] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8367'.
[  748.324845][T28584] veth0_to_bridge: entered promiscuous mode
[  748.396120][T28584] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  748.452971][T28584] bridge0: port 3(veth0_to_bridge) entered blocking state
[  748.461207][T28584] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  748.636116][T28601] netlink: 830 bytes leftover after parsing attributes in process `syz.0.8373'.
[  748.772858][T28610] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  748.877079][T28617] netlink: 'syz.4.8377': attribute type 11 has an invalid length.
[  748.967518][T28624] netlink: 'syz.2.8378': attribute type 1 has an invalid length.
[  749.072026][T28624] 8021q: adding VLAN 0 to HW filter on device bond12
[  749.080937][T28633] bond12: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  749.437728][T28655] netlink: 'syz.0.8389': attribute type 10 has an invalid length.
[  749.489521][T28655] team0: Port device dummy0 added
[  749.659139][T28661] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.8388'.
[  750.128792][T28676] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8396'.
[  750.142646][T28676] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8396'.
[  750.358502][T28696] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8401'.
[  750.365398][T28697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8403'.
[  750.794420][T28718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.028320][T28733] x_tables: unsorted underflow at hook 4
[  751.047647][T28740] netlink: 'syz.0.8418': attribute type 29 has an invalid length.
[  751.064697][T28740] netlink: 'syz.0.8418': attribute type 29 has an invalid length.
[  751.208510][T28748] netlink: 'syz.3.8422': attribute type 2 has an invalid length.
[  751.271933][T28751] hsr_slave_0: left promiscuous mode
[  751.297717][T28751] hsr_slave_1: left promiscuous mode
[  751.469685][T20276] net_ratelimit: 62 callbacks suppressed
[  751.469710][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  751.522333][ T6400] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  751.638086][T28764] __nla_validate_parse: 6 callbacks suppressed
[  751.638109][T28764] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8427'.
[  751.658769][T28761] netlink: 348 bytes leftover after parsing attributes in process `syz.4.8425'.
[  751.668596][T28764] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8427'.
[  751.689221][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  751.719895][T28764] bridge0: port 3(vlan3) entered blocking state
[  751.733857][T28764] bridge0: port 3(vlan3) entered disabled state
[  751.743763][T28764] vlan3: entered allmulticast mode
[  751.751210][T28764] bridge0: entered allmulticast mode
[  751.765430][T28764] vlan3: left allmulticast mode
[  751.770802][T28764] bridge0: left allmulticast mode
[  751.802487][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  751.832416][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  751.911746][T28767] openvswitch: netlink: nsh attr 60 is out of range max 3
[  751.931568][ T6400] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  751.942236][T28767] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  751.954580][T28767] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8428'.
[  751.965266][ T6400] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  752.122430][   T13] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  752.135229][T28770] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  752.157916][T28772] syzkaller0: entered promiscuous mode
[  752.202388][T28772] syzkaller0: entered allmulticast mode
[  752.216729][T28777] netlink: 'syz.2.8432': attribute type 29 has an invalid length.
[  752.253940][T28777] netlink: 'syz.2.8432': attribute type 29 has an invalid length.
[  752.293321][T28777] netlink: 500 bytes leftover after parsing attributes in process `syz.2.8432'.
[  752.315172][T28770] tipc: Resetting bearer <eth:syzkaller0>
[  752.360572][T28782] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8433'.
[  752.391090][T28770] tipc: Disabling bearer <eth:syzkaller0>
[  753.049456][T28815] netlink: 'syz.2.8444': attribute type 58 has an invalid length.
[  753.085161][T28815] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8444'.
[  753.107094][T28821] netlink: 'syz.3.8446': attribute type 29 has an invalid length.
[  753.155700][T28821] netlink: 'syz.3.8446': attribute type 29 has an invalid length.
[  753.186522][T28821] netlink: 500 bytes leftover after parsing attributes in process `syz.3.8446'.
[  753.270969][T28823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8447'.
[  753.495629][T28835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8452'.
[  753.942787][T28859] gtp0: entered promiscuous mode
[  753.961830][T28859] gtp0: entered allmulticast mode
[  753.994418][T28859] validate_nla: 1 callbacks suppressed
[  753.994443][T28859] netlink: 'syz.4.8460': attribute type 1 has an invalid length.
[  754.784110][T28905] xt_cluster: you have exceeded the maximum number of cluster nodes (37482740 > 32)
[  754.900561][T28912] netlink: 'syz.1.8480': attribute type 1 has an invalid length.
[  755.005217][T28912] 8021q: adding VLAN 0 to HW filter on device bond18
[  755.040582][T28912] veth25: entered promiscuous mode
[  755.058527][T28912] bond18: (slave veth25): Enslaving as a backup interface with a down link
[  755.087007][T28921] IPv6: sit1: Disabled Multicast RS
[  755.110816][T28921] sit1: entered allmulticast mode
[  755.286052][T28932] netlink: 'syz.1.8487': attribute type 10 has an invalid length.
[  755.334489][T28932] bond0: (slave geneve1): Enslaving as an active interface with an up link
[  755.598901][T28953] netlink: 'syz.1.8495': attribute type 1 has an invalid length.
[  755.645728][T28953] 8021q: adding VLAN 0 to HW filter on device bond19
[  755.676615][T28953] veth27: entered promiscuous mode
[  755.688216][T28953] bond19: (slave veth27): Enslaving as a backup interface with a down link
[  756.472538][T20274] net_ratelimit: 69 callbacks suppressed
[  756.472563][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  756.553713][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  756.622371][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  756.682401][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  756.769872][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  756.787404][T29014] __nla_validate_parse: 17 callbacks suppressed
[  756.787426][T29014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8515'.
[  756.832962][T29011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8517'.
[  756.857181][T29014] veth0_macvtap: left promiscuous mode
[  757.122566][T29022] openvswitch: netlink: nsh attr 60 is out of range max 3
[  757.152670][T29022] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  757.186168][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  757.242421][T20276] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  757.256267][T29037] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8521'.
[  757.334288][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  758.057184][T29069] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8533'.
[  758.087566][T29071] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8533'.
[  758.484187][T29083] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8538'.
[  758.573588][T29090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8542'.
[  758.947409][T29090] netlink: 260 bytes leftover after parsing attributes in process `syz.1.8542'.
[  758.976370][T29101] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  759.498354][T29126] netlink: 18 bytes leftover after parsing attributes in process `syz.2.8553'.
[  759.804834][T29139] netlink: 'syz.2.8557': attribute type 4 has an invalid length.
[  759.899835][T29145] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8560'.
[  760.428173][T29166] netlink: 'syz.2.8564': attribute type 1 has an invalid length.
[  760.586343][T29166] 8021q: adding VLAN 0 to HW filter on device bond13
[  760.600765][T29169] bond13: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  760.675733][T29175] bridge0: port 3(vlan4) entered blocking state
[  760.685569][T29175] bridge0: port 3(vlan4) entered disabled state
[  760.695421][T29175] vlan4: entered allmulticast mode
[  760.701701][T29175] bridge0: entered allmulticast mode
[  760.710324][T29175] vlan4: left allmulticast mode
[  760.726009][T29175] bridge0: left allmulticast mode
[  761.389119][T29203] netlink: 'syz.0.8580': attribute type 1 has an invalid length.
[  761.419732][T29206] netlink: 'syz.3.8582': attribute type 1 has an invalid length.
[  761.536716][T29203] 8021q: adding VLAN 0 to HW filter on device bond4
[  761.567701][T29211] bond4: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  761.770491][T10760] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  761.782466][ T1014] net_ratelimit: 53 callbacks suppressed
[  761.782491][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  761.788657][T10760] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  761.807545][T29223] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5
[  761.818387][T10760] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  761.820027][T29215] 8021q: adding VLAN 0 to HW filter on device bond10
[  761.859537][T10760] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  761.871731][T10760] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  761.941028][T29216] veth11: entered promiscuous mode
[  761.966536][T29216] bond10: (slave veth11): Enslaving as a backup interface with a down link
[  762.103483][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.111516][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.149523][T29235] __nla_validate_parse: 7 callbacks suppressed
[  762.149547][T29235] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8585'.
[  762.264917][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.403494][T29241] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8590'.
[  762.483594][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.512411][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.536027][T29245] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8593'.
[  762.553760][T29245] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8593'.
[  762.574349][T29245] bridge0: port 4(vlan2) entered blocking state
[  762.581671][T29245] bridge0: port 4(vlan2) entered disabled state
[  762.590241][T29245] vlan2: entered allmulticast mode
[  762.596696][T29245] bridge0: entered allmulticast mode
[  762.608872][T29245] vlan2: left allmulticast mode
[  762.614885][T29245] bridge0: left allmulticast mode
[  762.656154][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.682375][   T13] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.774395][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  762.883895][T29257] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8597'.
[  762.913894][T29259] netlink: 'syz.3.8598': attribute type 1 has an invalid length.
[  763.059823][T29259] 8021q: adding VLAN 0 to HW filter on device bond11
[  763.082004][T29261] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  763.094912][T29261] syzkaller0: entered promiscuous mode
[  763.101915][T29261] syzkaller0: entered allmulticast mode
[  763.163522][T29259] veth13: entered promiscuous mode
[  763.188147][T29259] bond11: (slave veth13): Enslaving as a backup interface with a down link
[  763.240554][T29261] tipc: Resetting bearer <eth:syzkaller0>
[  763.410096][T29260] tipc: Resetting bearer <eth:syzkaller0>
[  763.438512][T29260] tipc: Disabling bearer <eth:syzkaller0>
[  763.538870][T29283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8608'.
[  763.653569][T29220] chnl_net:caif_netlink_parms(): no params data found
[  763.908416][T29303] veth1_vlan: left allmulticast mode
[  763.914634][T29303] macvlan0: left promiscuous mode
[  763.924231][T29303] macvlan0: left allmulticast mode
[  763.932823][T10760] Bluetooth: hci4: command tx timeout
[  763.933421][T29303] netlink: 'syz.1.8613': attribute type 2 has an invalid length.
[  763.951739][T29309] netlink: 'syz.4.8614': attribute type 1 has an invalid length.
[  763.980780][T29303] netlink: 'syz.1.8613': attribute type 13 has an invalid length.
[  763.990375][T29303] netlink: 'syz.1.8613': attribute type 17 has an invalid length.
[  764.009398][T29303] gre0: left promiscuous mode
[  764.383828][T29322] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8617'.
[  764.461933][T29220] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.470559][T29220] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.513592][T29220] bridge_slave_0: entered allmulticast mode
[  764.538319][T29220] bridge_slave_0: entered promiscuous mode
[  764.579639][T29220] bridge0: port 2(bridge_slave_1) entered blocking state
[  764.599312][T29220] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.617655][T29220] bridge_slave_1: entered allmulticast mode
[  764.641760][T29220] bridge_slave_1: entered promiscuous mode
[  764.905405][T29317] 8021q: adding VLAN 0 to HW filter on device bond15
[  765.234297][T29309] veth15: entered promiscuous mode
[  765.248574][T29309] bond15: (slave veth15): Enslaving as a backup interface with a down link
[  765.263768][T29308] syz_tun: entered allmulticast mode
[  765.298483][T29308] syz_tun: left allmulticast mode
[  766.012916][T10760] Bluetooth: hci4: command tx timeout
[  766.792302][    C0] net_ratelimit: 9188 callbacks suppressed
[  766.792326][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.815929][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.829385][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.842550][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.855543][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.868561][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.881530][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.894135][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.906604][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  766.919483][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  767.549306][T29332] netlink: 'syz.0.8620': attribute type 3 has an invalid length.
[  767.599152][T29220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  767.660741][T29220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  767.910158][T29354] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8627'.
[  768.098001][T10760] Bluetooth: hci4: command tx timeout
[  768.175550][T29358] netlink: 'syz.1.8627': attribute type 10 has an invalid length.
[  768.237352][T29358] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8627'.
[  768.464468][T29220] team0: Port device team_slave_0 added
[  768.501269][T29220] team0: Port device team_slave_1 added
[  768.642621][T29368] netlink: 596 bytes leftover after parsing attributes in process `syz.4.8630'.
[  768.720563][T29363] netlink: 'syz.4.8630': attribute type 29 has an invalid length.
[  768.751198][T29365] batman_adv: batadv0: Adding interface: dummy0
[  768.790320][T29365] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  768.899457][T29365] batman_adv: batadv0: Interface activated: dummy0
[  769.169253][T29220] batman_adv: batadv0: Adding interface: batadv_slave_0
[  769.180862][T29220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  769.302535][T29220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  769.365139][T29366] netlink: 'syz.4.8630': attribute type 29 has an invalid length.
[  769.423975][T29220] batman_adv: batadv0: Adding interface: batadv_slave_1
[  769.461218][T29384] netlink: 'syz.1.8636': attribute type 1 has an invalid length.
[  769.472300][T29220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  769.561263][T29220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  769.601474][T29382] tap0: tun_chr_ioctl cmd 1074025676
[  769.607696][T29382] tap0: owner set to 0
[  769.894845][T29388] 8021q: adding VLAN 0 to HW filter on device bond20
[  770.030397][T29391] veth31: entered promiscuous mode
[  770.044451][T29391] bond20: (slave veth31): Enslaving as a backup interface with a down link
[  770.172685][T10760] Bluetooth: hci4: command tx timeout
[  770.367586][T29401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8639'.
[  770.392463][T29405] x_tables: duplicate underflow at hook 1
[  770.497321][T29402] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8639'.
[  770.715638][T29220] hsr_slave_0: entered promiscuous mode
[  770.785546][T29220] hsr_slave_1: entered promiscuous mode
[  770.847780][T29220] debugfs: 'hsr0' already exists in 'hsr'
[  770.895166][T29220] Cannot create hsr debugfs directory
[  771.086790][T29415] netlink: 'syz.0.8645': attribute type 1 has an invalid length.
[  771.151156][T29420] netlink: 'syz.3.8643': attribute type 1 has an invalid length.
[  771.191267][T29422] netlink: 'syz.3.8643': attribute type 1 has an invalid length.
[  771.422080][T29420] workqueue: Failed to create a rescuer kthread for wq "bond12": -EINTR
[  771.500525][T29422] bond12: entered promiscuous mode
[  771.516508][T29422] 8021q: adding VLAN 0 to HW filter on device bond12
[  771.802333][    C0] net_ratelimit: 17048 callbacks suppressed
[  771.802361][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.823108][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.836482][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.849942][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.863712][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.877650][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.890758][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.905314][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.917884][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  771.931113][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  772.157552][T29449] netlink: 596 bytes leftover after parsing attributes in process `syz.4.8651'.
[  772.218323][T29444] netlink: 'syz.4.8651': attribute type 29 has an invalid length.
[  772.510059][T29447] netlink: 'syz.4.8651': attribute type 29 has an invalid length.
[  773.044955][T29220] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  773.086766][T29220] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.346072][T29474] netlink: 'syz.3.8660': attribute type 1 has an invalid length.
[  773.520718][T29477] netlink: 'syz.4.8662': attribute type 23 has an invalid length.
[  773.542711][T29481] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8663'.
[  773.671705][T29220] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  773.715310][T29220] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.800994][T29492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8664'.
[  774.090605][T29483] 8021q: adding VLAN 0 to HW filter on device bond13
[  774.269555][T29488] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  774.320618][T29484] veth15: entered promiscuous mode
[  774.368730][T29484] bond13: (slave veth15): Enslaving as a backup interface with a down link
[  774.486399][T29492] batman_adv: batadv0: Removing interface: batadv_slave_1
[  775.001496][T29220] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  775.039135][T29512] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8667'.
[  775.057378][T29220] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  775.246974][T29506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8667'.
[  775.473939][T29506] vlan4: entered allmulticast mode
[  775.509011][T29506] mac80211_hwsim hwsim32 wlan0: entered allmulticast mode
[  775.544696][T29525] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8673'.
[  775.675430][T29220] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  775.703777][T29220] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  775.872109][   T52] Bluetooth: hci5: command 0x0406 tx timeout
[  776.252086][T29533] macvlan2: entered promiscuous mode
[  776.335786][T29533] macvlan2: entered allmulticast mode
[  776.342166][T29533] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  776.812313][    C0] net_ratelimit: 16762 callbacks suppressed
[  776.812333][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.827706][T29220] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  776.831927][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.851225][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.864141][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.876817][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.889463][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.902015][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.914452][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.926889][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.939875][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  776.970842][T29220] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  777.044660][T29220] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  777.124610][T29541] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  777.179501][T29220] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  777.597311][T29567] netlink: 164 bytes leftover after parsing attributes in process `syz.0.8686'.
[  777.671134][T29573] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8686'.
[  777.857833][T29220] 8021q: adding VLAN 0 to HW filter on device bond0
[  777.981216][T29580] macvlan3: entered promiscuous mode
[  778.005080][T29580] macvlan3: entered allmulticast mode
[  778.018476][T29580] bond0: (slave macvlan3): Error -98 calling set_mac_address
[  778.156988][T29220] 8021q: adding VLAN 0 to HW filter on device team0
[  778.184892][T29588] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8691'.
[  778.244605][T21316] bridge0: port 1(bridge_slave_0) entered blocking state
[  778.252260][T21316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  778.315435][T21316] bridge0: port 2(bridge_slave_1) entered blocking state
[  778.322932][T21316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  778.392693][ T1014] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  778.434424][ T1014] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  778.472620][ T1014] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  778.513051][ T1014] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  778.571725][T29594] can: request_module (can-proto-3) failed.
[  778.729976][T29220] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  778.839717][T29220] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  779.097806][T29611] tap0: tun_chr_ioctl cmd 1074025672
[  779.116223][T29611] tap0: ignored: set checksum disabled
[  780.589903][T29220] 8021q: adding VLAN 0 to HW filter on device batadv0
[  780.655156][T29645] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8706'.
[  780.673425][T29637] netlink: 'syz.1.8705': attribute type 4 has an invalid length.
[  780.874654][T29220] veth0_vlan: entered promiscuous mode
[  780.936506][T29220] veth1_vlan: entered promiscuous mode
[  781.183461][T29220] veth0_macvtap: entered promiscuous mode
[  781.247531][T29220] veth1_macvtap: entered promiscuous mode
[  781.608682][T29663] bond21: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  781.818042][T29663] bond21 (unregistering): Released all slaves
[  781.824809][    C0] net_ratelimit: 17912 callbacks suppressed
[  781.824833][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.825102][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.858420][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.871425][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.884302][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.897894][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.912622][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.926192][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.939801][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.954113][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  781.981539][T29220] batman_adv: batadv0: Interface activated: batadv_slave_0
[  782.089714][T29220] batman_adv: batadv0: Interface activated: batadv_slave_1
[  782.331387][T29682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8717'.
[  782.362774][T29682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8717'.
[  783.336294][T29682] bridge0: port 4(vlan2) entered blocking state
[  783.343536][T29682] bridge0: port 4(vlan2) entered disabled state
[  783.351228][T29682] vlan2: entered allmulticast mode
[  783.357252][T29682] bridge0: entered allmulticast mode
[  783.384787][T29682] vlan2: left allmulticast mode
[  783.405982][T29682] bridge0: left allmulticast mode
[  783.478136][T29699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8725'.
[  783.506211][ T6400] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  783.527080][T29699] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8725'.
[  783.556809][ T6400] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  783.591600][ T6400] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  783.613263][ T6400] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  783.743758][T29704] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8727'.
[  784.558901][T29715] bond0: (slave macvlan3): Error -98 calling set_mac_address
[  784.769617][T29726] netlink: 'syz.3.8734': attribute type 2 has an invalid length.
[  784.921569][T29730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8736'.
[  784.932075][T29730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8736'.
[  785.537747][T29730] bridge0: port 4(vlan2) entered blocking state
[  785.576365][T29730] bridge0: port 4(vlan2) entered disabled state
[  785.602763][T29730] vlan2: entered allmulticast mode
[  785.625652][T29730] bridge0: entered allmulticast mode
[  785.673710][T29730] vlan2: left allmulticast mode
[  785.687878][T29730] bridge0: left allmulticast mode
[  785.931445][T29742] netlink: 'syz.3.8741': attribute type 1 has an invalid length.
[  786.346612][ T6400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  786.392053][ T6400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  786.470236][T29744] 8021q: adding VLAN 0 to HW filter on device bond14
[  786.592144][T29745] veth17: entered promiscuous mode
[  786.646839][T29745] bond14: (slave veth17): Enslaving as a backup interface with a down link
[  786.759581][T29755] netlink: 348 bytes leftover after parsing attributes in process `syz.1.8744'.
[  786.833284][    C0] net_ratelimit: 18568 callbacks suppressed
[  786.833307][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.852727][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.866342][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.880208][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.882539][   T13] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  786.893035][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.914818][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.928584][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.942011][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  786.956054][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  787.002926][ T2955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  787.051924][ T2955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  788.490560][T29799] FAULT_INJECTION: forcing a failure.
[  788.490560][T29799] name failslab, interval 1, probability 0, space 0, times 0
[  788.625085][T29799] CPU: 1 UID: 0 PID: 29799 Comm: syz.3.8759 Not tainted syzkaller #0 PREEMPT(full) 
[  788.625117][T29799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  788.625130][T29799] Call Trace:
[  788.625140][T29799]  <TASK>
[  788.625151][T29799]  dump_stack_lvl+0x189/0x250
[  788.625186][T29799]  ? __pfx____ratelimit+0x10/0x10
[  788.625215][T29799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  788.625245][T29799]  ? __pfx__printk+0x10/0x10
[  788.625273][T29799]  ? __pfx___might_resched+0x10/0x10
[  788.625303][T29799]  should_fail_ex+0x414/0x560
[  788.625343][T29799]  should_failslab+0xa8/0x100
[  788.625369][T29799]  __kmalloc_noprof+0xcb/0x7f0
[  788.625397][T29799]  ? kfree+0x4d/0x6d0
[  788.625421][T29799]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  788.625464][T29799]  tomoyo_realpath_from_path+0xe3/0x5d0
[  788.625499][T29799]  ? tomoyo_domain+0xd9/0x130
[  788.625527][T29799]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  788.625556][T29799]  tomoyo_path_number_perm+0x1e8/0x5a0
[  788.625586][T29799]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  788.625755][T29799]  ? __fget_files+0x2a/0x420
[  788.625785][T29799]  ? __fget_files+0x3a0/0x420
[  788.625804][T29799]  ? __fget_files+0x2a/0x420
[  788.625831][T29799]  security_file_ioctl+0xcb/0x2d0
[  788.625864][T29799]  __se_sys_ioctl+0x47/0x170
[  788.625895][T29799]  do_syscall_64+0xfa/0xfa0
[  788.625924][T29799]  ? lockdep_hardirqs_on+0x9c/0x150
[  788.625955][T29799]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.625977][T29799]  ? clear_bhb_loop+0x60/0xb0
[  788.626003][T29799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.626023][T29799] RIP: 0033:0x7f9b4598f749
[  788.626044][T29799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  788.626062][T29799] RSP: 002b:00007f9b4677a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  788.626085][T29799] RAX: ffffffffffffffda RBX: 00007f9b45be5fa0 RCX: 00007f9b4598f749
[  788.626101][T29799] RDX: 0000200000000000 RSI: 00000000000089e0 RDI: 0000000000000003
[  788.626115][T29799] RBP: 00007f9b4677a090 R08: 0000000000000000 R09: 0000000000000000
[  788.626128][T29799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  788.626140][T29799] R13: 00007f9b45be6038 R14: 00007f9b45be5fa0 R15: 00007ffe51d69a68
[  788.626177][T29799]  </TASK>
[  788.917983][T29799] ERROR: Out of memory at tomoyo_realpath_from_path.
[  789.031128][T29806] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  790.194334][T29830] netlink: 596 bytes leftover after parsing attributes in process `syz.4.8769'.
[  790.435144][T29828] netlink: 'syz.4.8769': attribute type 29 has an invalid length.
[  790.489968][T29829] netlink: 'syz.4.8769': attribute type 29 has an invalid length.
[  791.396223][T29854] Cannot find add_set index 65532 as target
[  791.472112][   T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  791.486008][   T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  791.500820][   T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  791.517710][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  791.526025][   T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  791.842325][    C0] net_ratelimit: 17978 callbacks suppressed
[  791.842351][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  791.862535][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  791.866766][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  791.877147][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  791.877480][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  791.877770][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  791.878060][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  791.933341][T29863] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8777'.
[  791.941163][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  791.964441][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  791.979096][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  793.367611][T29886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8787'.
[  793.472886][T29886] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  793.614970][   T52] Bluetooth: hci1: command tx timeout
[  793.688724][T29886] batman_adv: batadv0: Removing interface: batadv_slave_1
[  793.758339][T29894] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8791'.
[  794.245464][T29901] vlan3: entered promiscuous mode
[  794.283199][T29901] bridge0: entered promiscuous mode
[  794.748157][T29916] netlink: 'syz.0.8797': attribute type 1 has an invalid length.
[  794.870023][T29856] chnl_net:caif_netlink_parms(): no params data found
[  794.908288][T29916] 8021q: adding VLAN 0 to HW filter on device bond5
[  795.002485][T29916] veth5: entered promiscuous mode
[  795.079894][T29916] bond5: (slave veth5): Enslaving as a backup interface with a down link
[  795.405785][T29928] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8801'.
[  795.438418][T29920] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8798'.
[  795.450767][T29920] netlink: 6 bytes leftover after parsing attributes in process `syz.4.8798'.
[  795.693258][   T52] Bluetooth: hci1: command tx timeout
[  795.941235][T29856] bridge0: port 1(bridge_slave_0) entered blocking state
[  795.985682][T29856] bridge0: port 1(bridge_slave_0) entered disabled state
[  796.015594][T29856] bridge_slave_0: entered allmulticast mode
[  796.061584][T29856] bridge_slave_0: entered promiscuous mode
[  796.206588][T29856] bridge0: port 2(bridge_slave_1) entered blocking state
[  796.262578][T29856] bridge0: port 2(bridge_slave_1) entered disabled state
[  796.270031][T29856] bridge_slave_1: entered allmulticast mode
[  796.382840][T29856] bridge_slave_1: entered promiscuous mode
[  796.700203][T29856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  796.852355][    C0] net_ratelimit: 17914 callbacks suppressed
[  796.852378][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  796.857014][T29959] openvswitch: netlink: ct_state flags 010000e0 unsupported
[  796.858715][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  796.890652][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  796.903053][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  796.915732][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  796.928076][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  796.940380][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  796.953112][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  796.965500][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.070027][T29856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  797.363230][T29856] team0: Port device team_slave_0 added
[  797.426335][T29856] team0: Port device team_slave_1 added
[  797.733925][T29974] geneve2: entered promiscuous mode
[  797.762541][T29974] geneve2: entered allmulticast mode
[  797.774429][   T52] Bluetooth: hci1: command tx timeout
[  797.893067][T29856] batman_adv: batadv0: Adding interface: batadv_slave_0
[  797.925831][T29856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  798.028624][T29856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  798.103144][   T13] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0
[  798.139217][   T13] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0
[  798.189273][T29856] batman_adv: batadv0: Adding interface: batadv_slave_1
[  798.214824][T29856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  798.309689][T29856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  798.341922][   T13] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0
[  798.381987][   T13] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0
[  798.861979][T29856] hsr_slave_0: entered promiscuous mode
[  798.870245][T30006] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.8825'.
[  798.901630][T29856] hsr_slave_1: entered promiscuous mode
[  798.924015][T29856] debugfs: 'hsr0' already exists in 'hsr'
[  798.953589][T29856] Cannot create hsr debugfs directory
[  799.334291][T30025] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8827'.
[  799.854591][   T52] Bluetooth: hci1: command tx timeout
[  800.171446][T30040] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8834'.
[  800.783774][T30057] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.8837'.
[  800.805703][T29856] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  800.805770][T29856] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.259729][T29856] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  801.307210][T29856] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.485979][T30067] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8840'.
[  801.860986][T29856] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  801.871445][    C0] net_ratelimit: 18397 callbacks suppressed
[  801.871469][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  801.871737][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  801.902438][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  801.914847][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  801.927352][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  801.939708][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  801.952939][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  801.964897][T29856] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.965459][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  801.988073][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.000862][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.469621][T29856] bond0: (slave netdevsim0): Releasing backup interface
[  802.577974][T29856] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  802.634965][T29856] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.784962][T30098] syzkaller0: entered promiscuous mode
[  802.790844][T30098] syzkaller0: entered allmulticast mode
[  802.816676][T30098] netlink: 'syz.3.8853': attribute type 1 has an invalid length.
[  803.687028][T29856] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  803.757565][T29856] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  803.868961][T29856] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  803.937996][T29856] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  804.086931][T30137] FAULT_INJECTION: forcing a failure.
[  804.086931][T30137] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  804.119576][T30137] CPU: 1 UID: 0 PID: 30137 Comm: syz.3.8863 Not tainted syzkaller #0 PREEMPT(full) 
[  804.119608][T30137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  804.119621][T30137] Call Trace:
[  804.119631][T30137]  <TASK>
[  804.119640][T30137]  dump_stack_lvl+0x189/0x250
[  804.119676][T30137]  ? __pfx____ratelimit+0x10/0x10
[  804.119706][T30137]  ? __pfx_dump_stack_lvl+0x10/0x10
[  804.119734][T30137]  ? __pfx__printk+0x10/0x10
[  804.119758][T30137]  ? __might_fault+0xb0/0x130
[  804.119801][T30137]  should_fail_ex+0x414/0x560
[  804.119840][T30137]  _copy_from_iter+0x1de/0x1790
[  804.119872][T30137]  ? rcu_is_watching+0x15/0xb0
[  804.119914][T30137]  ? kmalloc_reserve+0xbd/0x290
[  804.119936][T30137]  ? __pfx__copy_from_iter+0x10/0x10
[  804.119962][T30137]  ? __build_skb_around+0x262/0x3f0
[  804.120000][T30137]  ? netlink_sendmsg+0x642/0xb30
[  804.120020][T30137]  ? skb_put+0x11b/0x210
[  804.120045][T30137]  netlink_sendmsg+0x6b2/0xb30
[  804.120077][T30137]  ? __pfx_netlink_sendmsg+0x10/0x10
[  804.120103][T30137]  ? aa_sock_msg_perm+0xf1/0x1d0
[  804.120138][T30137]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  804.120158][T30137]  ? __pfx_netlink_sendmsg+0x10/0x10
[  804.120180][T30137]  __sock_sendmsg+0x21c/0x270
[  804.120219][T30137]  ____sys_sendmsg+0x505/0x830
[  804.120250][T30137]  ? __pfx_____sys_sendmsg+0x10/0x10
[  804.120283][T30137]  ? import_iovec+0x74/0xa0
[  804.120315][T30137]  ___sys_sendmsg+0x21f/0x2a0
[  804.120341][T30137]  ? __pfx____sys_sendmsg+0x10/0x10
[  804.120406][T30137]  ? __fget_files+0x2a/0x420
[  804.120426][T30137]  ? __fget_files+0x3a0/0x420
[  804.120458][T30137]  __x64_sys_sendmsg+0x19b/0x260
[  804.120485][T30137]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  804.120521][T30137]  ? __pfx_ksys_write+0x10/0x10
[  804.120569][T30137]  ? do_syscall_64+0xbe/0xfa0
[  804.120605][T30137]  do_syscall_64+0xfa/0xfa0
[  804.120633][T30137]  ? lockdep_hardirqs_on+0x9c/0x150
[  804.120662][T30137]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.120684][T30137]  ? clear_bhb_loop+0x60/0xb0
[  804.120711][T30137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.120732][T30137] RIP: 0033:0x7f9b4598f749
[  804.120753][T30137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  804.120771][T30137] RSP: 002b:00007f9b4677a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  804.120794][T30137] RAX: ffffffffffffffda RBX: 00007f9b45be5fa0 RCX: 00007f9b4598f749
[  804.120811][T30137] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  804.120824][T30137] RBP: 00007f9b4677a090 R08: 0000000000000000 R09: 0000000000000000
[  804.120838][T30137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  804.120850][T30137] R13: 00007f9b45be6038 R14: 00007f9b45be5fa0 R15: 00007ffe51d69a68
[  804.120886][T30137]  </TASK>
[  804.755345][T30143] netlink: 52 bytes leftover after parsing attributes in process `syz.0.8864'.
[  805.069017][ T1014] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  805.159765][ T1014] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  805.216528][ T1014] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  805.294456][ T1014] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  805.501890][T29856] 8021q: adding VLAN 0 to HW filter on device bond0
[  805.591310][T30162] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  805.837556][T29856] 8021q: adding VLAN 0 to HW filter on device team0
[  805.895971][ T2955] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.905349][ T2955] bridge0: port 1(bridge_slave_0) entered forwarding state
[  806.043090][ T2955] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.050388][ T2955] bridge0: port 2(bridge_slave_1) entered forwarding state
[  806.872442][    C0] net_ratelimit: 18461 callbacks suppressed
[  806.872464][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.891416][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.904294][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.917894][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  806.931069][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.944638][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.957144][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.969673][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  806.973400][ T6400] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  806.982535][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  807.271372][T29856] 8021q: adding VLAN 0 to HW filter on device batadv0
[  807.418035][T30194] nbd4: detected capacity change from 0 to 63
[  807.498677][   T52] block nbd4: Receive control failed (result -32)
[  807.560406][T29856] veth0_vlan: entered promiscuous mode
[  807.578177][T29856] veth1_vlan: entered promiscuous mode
[  807.886698][T29856] veth0_macvtap: entered promiscuous mode
[  807.975665][T29856] veth1_macvtap: entered promiscuous mode
[  808.105101][T29856] batman_adv: batadv0: Interface activated: batadv_slave_0
[  808.161385][T29856] batman_adv: batadv0: Interface activated: batadv_slave_1
[  808.246761][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  808.300998][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  808.419622][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.500003][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.890920][T20275] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.967959][T20275] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  809.170875][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  809.204606][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  809.745991][T30242] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  809.888861][T30252] netlink: 596 bytes leftover after parsing attributes in process `syz.2.8903'.
[  810.195201][T30258] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8907'.
[  810.646311][T30268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8911'.
[  810.660263][T30270] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.8912'.
[  810.672852][T30268] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8911'.
[  811.027086][T30246] netlink: 'syz.2.8903': attribute type 29 has an invalid length.
[  811.059310][T30247] netlink: 232 bytes leftover after parsing attributes in process `syz.0.8904'.
[  811.481313][T30280] netlink: 'syz.0.8916': attribute type 4 has an invalid length.
[  811.520390][T30280] netlink: 'syz.0.8916': attribute type 4 has an invalid length.
[  811.770434][T30284] bond6: option min_links: invalid value (18446744073709551614)
[  811.812867][T30284] bond6: option min_links: allowed values 0 - 2147483647
[  811.859613][T30291] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8920'.
[  811.881731][T30291] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8920'.
[  811.890992][    C0] net_ratelimit: 18241 callbacks suppressed
[  811.891013][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  811.891283][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  811.923309][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  811.935693][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  811.948452][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  811.960902][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  811.973271][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  811.986124][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  811.998711][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.011629][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.083569][T30295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8922'.
[  812.316764][T30284] bond6 (unregistering): Released all slaves
[  812.391633][T30291] bridge0: port 3(vlan2) entered blocking state
[  812.400540][T30291] bridge0: port 3(vlan2) entered disabled state
[  812.417042][T30291] vlan2: entered allmulticast mode
[  812.422516][T30291] bridge0: entered allmulticast mode
[  812.434633][T30291] vlan2: left allmulticast mode
[  812.440092][T30291] bridge0: left allmulticast mode
[  813.096922][T30304] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  813.297216][T30311] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.8925'.
[  813.633791][T30310] netlink: 'syz.0.8926': attribute type 29 has an invalid length.
[  813.666296][T30312] netlink: 'syz.0.8926': attribute type 29 has an invalid length.
[  814.115673][T30328] sctp: [Deprecated]: syz.0.8933 (pid 30328) Use of int in max_burst socket option.
[  814.115673][T30328] Use struct sctp_assoc_value instead
[  814.238046][T30328] netlink: 'syz.0.8933': attribute type 21 has an invalid length.
[  814.998064][T30353] __nla_validate_parse: 6 callbacks suppressed
[  814.998084][T30353] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.8941'.
[  815.401445][T30358] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.8943'.
[  815.430719][T30360] netlink: 'syz.3.8944': attribute type 10 has an invalid length.
[  815.457319][T30360] batman_adv: batadv0: Interface deactivated: dummy0
[  815.508519][T30360] batman_adv: batadv0: Removing interface: dummy0
[  815.592051][T30360] team0: Port device dummy0 added
[  815.773122][T30373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8948'.
[  815.792183][    C0] sched: DL replenish lagged too much
[  816.653106][T30394] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8956'.
[  816.711665][T30394] unsupported nlmsg_type 40
[  816.718971][T30398] netlink: 'syz.4.8957': attribute type 4 has an invalid length.
[  816.809765][T30394] raw_sendmsg: syz.3.8956 forgot to set AF_INET. Fix it!
[  816.892370][    C0] net_ratelimit: 18809 callbacks suppressed
[  816.892392][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  816.910643][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  816.923079][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  816.935616][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  816.948854][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  816.961174][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  816.973556][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  816.973656][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  816.985978][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.005760][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.114773][T30408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8961'.
[  818.946197][T30446] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8975'.
[  819.455738][T30454] netlink: 'syz.3.8978': attribute type 1 has an invalid length.
[  819.777502][T30454] bond15: entered promiscuous mode
[  819.793916][T10760] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  819.804989][T10760] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  819.821572][T10760] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  819.837439][T10760] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  819.846496][T10760] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  819.882364][T30454] bond15: entered allmulticast mode
[  819.907826][T30454] 8021q: adding VLAN 0 to HW filter on device bond15
[  821.186503][T30489] netlink: 'syz.3.8990': attribute type 6 has an invalid length.
[  821.577145][T30463] chnl_net:caif_netlink_parms(): no params data found
[  821.611727][T30498] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8995'.
[  821.634422][T30494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8992'.
[  821.645946][T30500] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8993'.
[  821.678789][T30498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8995'.
[  821.699408][T30494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8992'.
[  821.799519][T30494] bridge0: port 3(vlan2) entered blocking state
[  821.832728][T30494] bridge0: port 3(vlan2) entered disabled state
[  821.850144][T30494] vlan2: entered allmulticast mode
[  821.881090][T30494] bridge0: entered allmulticast mode
[  821.902284][    C0] net_ratelimit: 19605 callbacks suppressed
[  821.902305][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.920539][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.932962][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.934620][   T52] Bluetooth: hci2: command tx timeout
[  821.945331][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.963390][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.977174][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  821.977610][T30494] vlan2: left allmulticast mode
[  821.989767][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  821.990037][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.990305][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  821.990544][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.058749][T30494] bridge0: left allmulticast mode
[  822.983215][T30463] bridge0: port 1(bridge_slave_0) entered blocking state
[  823.042570][T30463] bridge0: port 1(bridge_slave_0) entered disabled state
[  823.080614][T30463] bridge_slave_0: entered allmulticast mode
[  823.107233][T30463] bridge_slave_0: entered promiscuous mode
[  823.150819][T30463] bridge0: port 2(bridge_slave_1) entered blocking state
[  823.197307][T30463] bridge0: port 2(bridge_slave_1) entered disabled state
[  823.215171][T30463] bridge_slave_1: entered allmulticast mode
[  823.250228][T30463] bridge_slave_1: entered promiscuous mode
[  823.261057][T30534] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9004'.
[  823.445685][T30540] ipt_rpfilter: unknown options
[  823.456608][T30541] ipt_rpfilter: unknown options
[  823.473672][T30536] macsec1: entered promiscuous mode
[  823.479307][T30536] macsec1: entered allmulticast mode
[  823.513569][T30538] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9006'.
[  824.012517][   T52] Bluetooth: hci2: command tx timeout
[  824.095175][T30463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  824.126774][T30555] netlink: 'syz.2.9010': attribute type 3 has an invalid length.
[  824.259874][T30463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  824.655357][T30463] team0: Port device team_slave_0 added
[  824.696981][T30463] team0: Port device team_slave_1 added
[  824.918320][T30574] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9018'.
[  825.015352][T30463] batman_adv: batadv0: Adding interface: batadv_slave_0
[  825.030316][T30463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  825.161083][T30463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  825.260874][T30581] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9019'.
[  825.298891][T30463] batman_adv: batadv0: Adding interface: batadv_slave_1
[  825.312931][T30581] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9019'.
[  825.347012][T30463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  825.398423][T30463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  825.496197][T30581] bridge0: port 3(vlan2) entered blocking state
[  825.508414][T30581] bridge0: port 3(vlan2) entered disabled state
[  825.515297][T30581] vlan2: entered allmulticast mode
[  825.520747][T30581] bridge0: entered allmulticast mode
[  825.545815][T30581] vlan2: left allmulticast mode
[  825.550750][T30581] bridge0: left allmulticast mode
[  826.022100][T30463] hsr_slave_0: entered promiscuous mode
[  826.073125][T30463] hsr_slave_1: entered promiscuous mode
[  826.092573][   T52] Bluetooth: hci2: command tx timeout
[  826.111761][T30463] debugfs: 'hsr0' already exists in 'hsr'
[  826.147142][T30463] Cannot create hsr debugfs directory
[  826.183476][T30602] macvlan2: entered promiscuous mode
[  826.188842][T30602] macvlan2: entered allmulticast mode
[  826.226726][T30602] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  826.912230][    C0] net_ratelimit: 19754 callbacks suppressed
[  826.912253][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  826.930640][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  826.943033][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  826.955350][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  826.967781][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  826.980101][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  826.992513][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.008440][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.020874][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.033248][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  827.910733][T30463] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  827.964966][T30463] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  828.175255][   T52] Bluetooth: hci2: command tx timeout
[  828.387058][T30463] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  828.434285][T30463] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.004381][T30463] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  829.042311][T30463] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.126847][T30674] netlink: 'syz.1.9051': attribute type 29 has an invalid length.
[  829.298818][T30674] netlink: 500 bytes leftover after parsing attributes in process `syz.1.9051'.
[  829.560707][T30695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9056'.
[  829.573281][T30463] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  829.617490][T30463] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.679502][T30679] netlink: 'syz.1.9051': attribute type 29 has an invalid length.
[  829.839269][T20275] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  829.882079][T20275] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  830.002628][T30701] netlink: 'syz.1.9058': attribute type 1 has an invalid length.
[  830.049844][T20275] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  830.077154][T20275] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  830.349516][T30704] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  830.383448][T30706] 8021q: adding VLAN 0 to HW filter on device bond1
[  830.531962][T30712] veth3: entered promiscuous mode
[  830.566666][T30712] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  830.822794][T30721] netlink: 72 bytes leftover after parsing attributes in process `syz.2.9063'.
[  830.995972][T30463] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  831.114240][T30463] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  831.239750][T30463] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  831.326046][T30463] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  831.379990][T30739] nbd: must specify a size in bytes for the device
[  831.818809][T30753] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.9072'.
[  831.922199][    C0] net_ratelimit: 18846 callbacks suppressed
[  831.922222][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  831.940575][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  831.953065][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  831.965864][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  831.978377][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  831.990931][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.003262][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.015673][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.020403][ T1014] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  832.028023][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  832.298372][T30463] 8021q: adding VLAN 0 to HW filter on device bond0
[  832.501027][T30463] 8021q: adding VLAN 0 to HW filter on device team0
[  832.595299][T20275] bridge0: port 1(bridge_slave_0) entered blocking state
[  832.602599][T20275] bridge0: port 1(bridge_slave_0) entered forwarding state
[  832.806167][T20275] bridge0: port 2(bridge_slave_1) entered blocking state
[  832.813481][T20275] bridge0: port 2(bridge_slave_1) entered forwarding state
[  833.061846][T30780] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9081'.
[  833.146825][T30780] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9081'.
[  833.442807][T30789] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.9084'.
[  835.854731][   T52] Bluetooth: hci2: command tx timeout
[  836.933187][    C0] net_ratelimit: 21298 callbacks suppressed
[  836.933224][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  836.951842][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  836.964330][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  836.976789][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  836.989169][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  837.001490][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  837.013656][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.025951][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.038256][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.050602][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  838.956080][T30812] netlink: 'syz.3.9090': attribute type 1 has an invalid length.
[  839.279378][T30820] 8021q: adding VLAN 0 to HW filter on device bond16
[  839.450058][T30822] veth19: entered promiscuous mode
[  839.510531][T30822] bond16: (slave veth19): Enslaving as a backup interface with a down link
[  840.159059][T30850] xt_CT: You must specify a L4 protocol and not use inversions on it
[  840.215182][T30848] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.9097'.
[  840.315328][T30852] netlink: 256 bytes leftover after parsing attributes in process `syz.0.9099'.
[  840.449715][T30852] xt_time: unknown flags 0xf4
[  840.568359][T30855] bond6: Removing last arp target with arp_interval on
[  840.759761][T30463] 8021q: adding VLAN 0 to HW filter on device batadv0
[  841.134639][T30869] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9103'.
[  841.466510][T30875] syzkaller1: entered promiscuous mode
[  841.539055][T30875] syzkaller1: entered allmulticast mode
[  841.581724][T30881] netlink: 56 bytes leftover after parsing attributes in process `syz.0.9106'.
[  841.713864][T30881] bond7: (slave ip_vti0): Device is not bonding slave
[  841.721138][T30881] bond7: option active_slave: invalid value (ip_vti0)
[  841.896342][T30881] bond7 (unregistering): Released all slaves
[  841.942230][    C0] net_ratelimit: 20767 callbacks suppressed
[  841.942252][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  841.961188][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  841.973518][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  841.985682][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  841.998034][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.010240][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  842.022637][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  842.034906][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.047267][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.059532][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.239612][T30894] netlink: 'syz.2.9111': attribute type 1 has an invalid length.
[  842.400771][T30900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9110'.
[  842.730690][T30897] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  842.763653][T30901] 8021q: adding VLAN 0 to HW filter on device bond1
[  842.874170][T30894] veth3: entered promiscuous mode
[  842.898641][T30894] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  842.941494][T30910] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.9113'.
[  843.399289][T30917] xt_l2tp: missing protocol rule (udp|l2tpip)
[  843.501648][T30463] veth0_vlan: entered promiscuous mode
[  843.698163][T30463] veth1_vlan: entered promiscuous mode
[  843.743847][T30919] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9117'.
[  843.763611][T30923] netlink: 1760 bytes leftover after parsing attributes in process `syz.2.9118'.
[  843.855695][T30463] veth0_macvtap: entered promiscuous mode
[  843.935412][T30463] veth1_macvtap: entered promiscuous mode
[  844.054750][T30463] batman_adv: batadv0: Interface activated: batadv_slave_0
[  844.108443][T30463] batman_adv: batadv0: Interface activated: batadv_slave_1
[  844.285648][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  844.295416][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  844.368120][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  844.417092][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.964345][T30948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9125'.
[  844.993814][T30947] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.9126'.
[  845.016643][T21323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.046280][T21323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.128751][T30949] veth0_macvtap: left promiscuous mode
[  845.263080][T30958] __nla_validate_parse: 1 callbacks suppressed
[  845.263102][T30958] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9127'.
[  845.361502][T30961] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.9128'.
[  845.386409][T30962] netlink: 212360 bytes leftover after parsing attributes in process `syz.3.9129'.
[  845.425011][T21316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.484651][T21316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  846.190021][T30977] syzkaller1: entered promiscuous mode
[  846.227246][T30977] syzkaller1: entered allmulticast mode
[  846.364679][T30982] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.9137'.
[  846.411017][T30987] atomic_op ffff88806203c198 conn xmit_atomic 0000000000000000
[  846.920344][T30998] atomic_op ffff88807bfae198 conn xmit_atomic 0000000000000000
[  846.954770][    C0] net_ratelimit: 19576 callbacks suppressed
[  846.954792][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  846.968876][T30998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9143'.
[  846.973212][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  846.994368][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.004127][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  847.007585][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  847.027082][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  847.039404][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.051929][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.064231][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.070428][T30998] openvswitch: netlink: Flow actions attr not present in new flow.
[  847.530386][T31013] FAULT_INJECTION: forcing a failure.
[  847.530386][T31013] name failslab, interval 1, probability 0, space 0, times 0
[  847.591316][T31013] CPU: 1 UID: 0 PID: 31013 Comm: syz.1.9150 Not tainted syzkaller #0 PREEMPT(full) 
[  847.591348][T31013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  847.591362][T31013] Call Trace:
[  847.591372][T31013]  <TASK>
[  847.591390][T31013]  dump_stack_lvl+0x189/0x250
[  847.591427][T31013]  ? __pfx____ratelimit+0x10/0x10
[  847.591457][T31013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.591486][T31013]  ? __pfx__printk+0x10/0x10
[  847.591515][T31013]  ? __lock_acquire+0xab9/0xd20
[  847.591545][T31013]  should_fail_ex+0x414/0x560
[  847.591585][T31013]  should_failslab+0xa8/0x100
[  847.591609][T31013]  kmem_cache_alloc_noprof+0x74/0x6e0
[  847.591641][T31013]  ? skb_clone+0x212/0x3a0
[  847.591672][T31013]  skb_clone+0x212/0x3a0
[  847.591700][T31013]  __netlink_deliver_tap+0x404/0x850
[  847.591736][T31013]  ? netlink_deliver_tap+0x2e/0x1b0
[  847.591765][T31013]  netlink_deliver_tap+0x19c/0x1b0
[  847.591788][T31013]  netlink_unicast+0x7fa/0x9e0
[  847.591830][T31013]  ? __pfx_netlink_unicast+0x10/0x10
[  847.591864][T31013]  ? netlink_sendmsg+0x642/0xb30
[  847.591883][T31013]  ? skb_put+0x11b/0x210
[  847.591909][T31013]  netlink_sendmsg+0x805/0xb30
[  847.591942][T31013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  847.591968][T31013]  ? aa_sock_msg_perm+0xf1/0x1d0
[  847.592003][T31013]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  847.592025][T31013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  847.592048][T31013]  __sock_sendmsg+0x21c/0x270
[  847.592080][T31013]  ____sys_sendmsg+0x505/0x830
[  847.592111][T31013]  ? __pfx_____sys_sendmsg+0x10/0x10
[  847.592144][T31013]  ? import_iovec+0x74/0xa0
[  847.592173][T31013]  ___sys_sendmsg+0x21f/0x2a0
[  847.592200][T31013]  ? __pfx____sys_sendmsg+0x10/0x10
[  847.592267][T31013]  ? __fget_files+0x2a/0x420
[  847.592287][T31013]  ? __fget_files+0x3a0/0x420
[  847.592320][T31013]  __x64_sys_sendmsg+0x19b/0x260
[  847.592347][T31013]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  847.592391][T31013]  ? __pfx_ksys_write+0x10/0x10
[  847.592426][T31013]  ? do_syscall_64+0xbe/0xfa0
[  847.592462][T31013]  do_syscall_64+0xfa/0xfa0
[  847.592489][T31013]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.592520][T31013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.592542][T31013]  ? clear_bhb_loop+0x60/0xb0
[  847.592569][T31013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.592590][T31013] RIP: 0033:0x7fe44058f749
[  847.592610][T31013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.592629][T31013] RSP: 002b:00007fe441513038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  847.592653][T31013] RAX: ffffffffffffffda RBX: 00007fe4407e5fa0 RCX: 00007fe44058f749
[  847.592668][T31013] RDX: 0000000000008000 RSI: 00002000000000c0 RDI: 0000000000000004
[  847.592682][T31013] RBP: 00007fe441513090 R08: 0000000000000000 R09: 0000000000000000
[  847.592694][T31013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  847.592706][T31013] R13: 00007fe4407e6038 R14: 00007fe4407e5fa0 R15: 00007ffc9c5239c8
[  847.592742][T31013]  </TASK>
[  848.269182][T31023] FAULT_INJECTION: forcing a failure.
[  848.269182][T31023] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  848.302359][T31023] CPU: 1 UID: 0 PID: 31023 Comm: syz.4.9155 Not tainted syzkaller #0 PREEMPT(full) 
[  848.302390][T31023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  848.302404][T31023] Call Trace:
[  848.302413][T31023]  <TASK>
[  848.302423][T31023]  dump_stack_lvl+0x189/0x250
[  848.302459][T31023]  ? __pfx____ratelimit+0x10/0x10
[  848.302488][T31023]  ? __pfx_dump_stack_lvl+0x10/0x10
[  848.302517][T31023]  ? __pfx__printk+0x10/0x10
[  848.302541][T31023]  ? __might_fault+0xb0/0x130
[  848.302586][T31023]  should_fail_ex+0x414/0x560
[  848.302625][T31023]  _copy_from_user+0x2d/0xb0
[  848.302654][T31023]  kstrtouint_from_user+0xc4/0x170
[  848.302680][T31023]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  848.302723][T31023]  proc_fail_nth_write+0x88/0x200
[  848.302752][T31023]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  848.302787][T31023]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  848.302817][T31023]  vfs_write+0x27e/0xb30
[  848.302858][T31023]  ? __pfx_vfs_write+0x10/0x10
[  848.302890][T31023]  ? __fget_files+0x2a/0x420
[  848.302916][T31023]  ? __fget_files+0x3a0/0x420
[  848.302935][T31023]  ? __fget_files+0x2a/0x420
[  848.302966][T31023]  ksys_write+0x145/0x250
[  848.303001][T31023]  ? __pfx_ksys_write+0x10/0x10
[  848.303035][T31023]  ? do_syscall_64+0xbe/0xfa0
[  848.303072][T31023]  do_syscall_64+0xfa/0xfa0
[  848.303099][T31023]  ? lockdep_hardirqs_on+0x9c/0x150
[  848.303130][T31023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.303152][T31023]  ? clear_bhb_loop+0x60/0xb0
[  848.303178][T31023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.303199][T31023] RIP: 0033:0x7f1d8878e1ff
[  848.303219][T31023] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  848.303237][T31023] RSP: 002b:00007f1d8957b030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  848.303260][T31023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1d8878e1ff
[  848.303275][T31023] RDX: 0000000000000001 RSI: 00007f1d8957b0a0 RDI: 0000000000000007
[  848.303288][T31023] RBP: 00007f1d8957b090 R08: 0000000000000000 R09: 0000000000000000
[  848.303302][T31023] R10: 0000000000000088 R11: 0000000000000293 R12: 0000000000000001
[  848.303315][T31023] R13: 00007f1d889e6128 R14: 00007f1d889e6090 R15: 00007ffc566d9e38
[  848.303360][T31023]  </TASK>
[  849.687668][T31057] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[  849.733111][T31061] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  850.886701][T31100] netlink: 2 bytes leftover after parsing attributes in process `syz.0.9180'.
[  851.306596][T31115] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9183'.
[  851.522880][T31111] netlink: 'syz.1.9183': attribute type 7 has an invalid length.
[  851.565201][T31113] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  851.748894][T31116] syzkaller0: entered promiscuous mode
[  851.780321][T31116] syzkaller0: entered allmulticast mode
[  851.962217][    C0] net_ratelimit: 19472 callbacks suppressed
[  851.962241][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  851.980526][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  851.992929][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.005686][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.018013][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  852.030407][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  852.042984][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.055408][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.067706][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.080110][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.142489][T31104] tipc: Resetting bearer <eth:syzkaller0>
[  852.348627][T31144] netlink: 'syz.1.9187': attribute type 1 has an invalid length.
[  852.376405][T31144] netlink: 216 bytes leftover after parsing attributes in process `syz.1.9187'.
[  852.417998][T31148] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9191'.
[  852.529524][T31104] tipc: Disabling bearer <eth:syzkaller0>
[  852.617234][T31154] netlink: 'syz.0.9192': attribute type 1 has an invalid length.
[  852.985502][T31154] 8021q: adding VLAN 0 to HW filter on device bond7
[  853.352671][T31156] veth7: entered promiscuous mode
[  853.410209][T31156] bond7: (slave veth7): Enslaving as a backup interface with a down link
[  854.118211][T31187] netlink: 'syz.1.9205': attribute type 3 has an invalid length.
[  855.041884][T31207] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9212'.
[  856.071443][T31231] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9223'.
[  856.118234][T31234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9224'.
[  856.154090][T31235] netlink: 'syz.2.9223': attribute type 21 has an invalid length.
[  856.184221][T31234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9224'.
[  856.316827][T31235] bond2: option lacp_rate: mode dependency failed, not supported in mode broadcast(3)
[  856.362916][T31235] bond2 (unregistering): Released all slaves
[  856.403047][T31243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9227'.
[  856.550296][T31234] bridge0: port 3(vlan3) entered blocking state
[  856.735951][T31234] bridge0: port 3(vlan3) entered disabled state
[  856.779474][T31234] vlan3: entered allmulticast mode
[  856.804831][T31234] bridge0: entered allmulticast mode
[  856.845717][T31234] vlan3: left allmulticast mode
[  856.861183][T31234] bridge0: left allmulticast mode
[  856.972230][    C0] net_ratelimit: 19685 callbacks suppressed
[  856.972253][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  856.991004][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.003425][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.015746][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.028146][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.040453][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  857.052803][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  857.065170][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.077588][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.089876][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.464000][T31249] lo speed is unknown, defaulting to 1000
[  857.503346][T31249] lo speed is unknown, defaulting to 1000
[  857.510100][T31249] lo speed is unknown, defaulting to 1000
[  857.900730][T31261] netlink: 244 bytes leftover after parsing attributes in process `syz.4.9235'.
[  857.912469][T31264] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge_slave_1, syncid = 1, id = 0
[  858.149621][ T5979] IPVS: starting estimator thread 0...
[  858.269741][T31272] IPVS: using max 24 ests per chain, 57600 per kthread
[  858.941004][T31249] infiniband s
z1: set down
[  858.948066][ T5979] lo speed is unknown, defaulting to 1000
[  859.003834][T31249] infiniband s
z1: added lo
[  859.009896][T31249] s
z1: rxe_create_cq: returned err = -12
[  859.068128][T31249] infiniband s
z1: Couldn't create ib_mad CQ
[  859.078407][T31249] infiniband s
z1: Couldn't open port 1
[  859.277007][T31249] RDS/IB: s
z1: added
[  859.314808][T31249] smc: adding ib device s
z1 with port count 1
[  859.347864][T31249] smc:    ib device s
z1 port 1 has no pnetid
[  859.399874][T31249] lo speed is unknown, defaulting to 1000
[  859.469436][ T5979] lo speed is unknown, defaulting to 1000
[  860.041296][T31308] macvlan3: entered promiscuous mode
[  860.086107][T31308] macvlan3: entered allmulticast mode
[  860.114425][T31308] bond0: (slave macvlan3): Error -98 calling set_mac_address
[  860.289772][T31321] netlink: 596 bytes leftover after parsing attributes in process `syz.0.9254'.
[  860.371161][T31313] netlink: 'syz.0.9254': attribute type 29 has an invalid length.
[  860.463257][T31318] netlink: 'syz.0.9254': attribute type 29 has an invalid length.
[  860.874806][T31249] lo speed is unknown, defaulting to 1000
[  861.982204][    C0] net_ratelimit: 19987 callbacks suppressed
[  861.982226][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  861.997616][T20275] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  862.000676][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.020000][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.032521][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:00:20:10:00:00:00, vlan:0)
[  862.045000][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  862.053953][T20275] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  862.057350][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.076831][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.089152][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.210501][T31352] macvlan2: entered promiscuous mode
[  862.256953][T31352] macvlan2: entered allmulticast mode
[  862.273939][T31352] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  862.366649][T31249] lo speed is unknown, defaulting to 1000
[  862.376765][T31358] netlink: 'syz.4.9267': attribute type 29 has an invalid length.
[  862.388453][T31359] netlink: 'syz.1.9269': attribute type 1 has an invalid length.
[  862.399420][T31358] netlink: 'syz.4.9267': attribute type 29 has an invalid length.
[  862.409491][T31359] netlink: 228 bytes leftover after parsing attributes in process `syz.1.9269'.
[  862.433404][T31358] netlink: 500 bytes leftover after parsing attributes in process `syz.4.9267'.
[  862.592812][T31359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9269'.
[  862.704187][T31362] IPv6: sit1: Disabled Multicast RS
[  862.725749][T31362] sit1: entered allmulticast mode
[  862.793538][T31368] netlink: 'syz.4.9270': attribute type 33 has an invalid length.
[  862.811839][T31368] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9270'.
[  862.895354][T10760] Bluetooth: hci3: command 0x0406 tx timeout
[  864.000778][T31249] lo speed is unknown, defaulting to 1000
[  864.094340][T31390] FAULT_INJECTION: forcing a failure.
[  864.094340][T31390] name failslab, interval 1, probability 0, space 0, times 0
[  864.202604][T31390] CPU: 1 UID: 0 PID: 31390 Comm: syz.2.9280 Not tainted syzkaller #0 PREEMPT(full) 
[  864.202647][T31390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  864.202661][T31390] Call Trace:
[  864.202670][T31390]  <TASK>
[  864.202680][T31390]  dump_stack_lvl+0x189/0x250
[  864.202716][T31390]  ? __pfx____ratelimit+0x10/0x10
[  864.202745][T31390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  864.202775][T31390]  ? __pfx__printk+0x10/0x10
[  864.202803][T31390]  ? __pfx___might_resched+0x10/0x10
[  864.202826][T31390]  ? fs_reclaim_acquire+0x7d/0x100
[  864.202852][T31390]  should_fail_ex+0x414/0x560
[  864.202891][T31390]  should_failslab+0xa8/0x100
[  864.202915][T31390]  __kmalloc_cache_noprof+0x6f/0x6f0
[  864.202945][T31390]  ? __kasan_kmalloc+0x93/0xb0
[  864.202976][T31390]  ? ovs_nla_get_identifier+0x72/0xd0
[  864.203005][T31390]  ovs_nla_get_identifier+0x72/0xd0
[  864.203029][T31390]  ovs_flow_cmd_new+0x436/0xd80
[  864.203057][T31390]  ? netlink_deliver_tap+0x19c/0x1b0
[  864.203089][T31390]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  864.203181][T31390]  ? rcu_is_watching+0x15/0xb0
[  864.203211][T31390]  ? __nla_parse+0x40/0x60
[  864.203239][T31390]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  864.203278][T31390]  genl_family_rcv_msg_doit+0x215/0x300
[  864.203314][T31390]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  864.203357][T31390]  ? bpf_lsm_capable+0x9/0x20
[  864.203384][T31390]  ? security_capable+0x7e/0x2e0
[  864.203421][T31390]  genl_rcv_msg+0x60e/0x790
[  864.203456][T31390]  ? __pfx_genl_rcv_msg+0x10/0x10
[  864.203481][T31390]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  864.203514][T31390]  ? __asan_memcpy+0x40/0x70
[  864.203541][T31390]  ? __pfx_ref_tracker_free+0x10/0x10
[  864.203572][T31390]  netlink_rcv_skb+0x208/0x470
[  864.203589][T31390]  ? __lock_acquire+0xab9/0xd20
[  864.203611][T31390]  ? __pfx_genl_rcv_msg+0x10/0x10
[  864.203687][T31390]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  864.203731][T31390]  ? down_read+0x1ad/0x2e0
[  864.203755][T31390]  genl_rcv+0x28/0x40
[  864.203779][T31390]  netlink_unicast+0x82f/0x9e0
[  864.203821][T31390]  ? __pfx_netlink_unicast+0x10/0x10
[  864.203855][T31390]  ? netlink_sendmsg+0x642/0xb30
[  864.203873][T31390]  ? skb_put+0x11b/0x210
[  864.203899][T31390]  netlink_sendmsg+0x805/0xb30
[  864.203932][T31390]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.203958][T31390]  ? aa_sock_msg_perm+0xf1/0x1d0
[  864.203992][T31390]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  864.204013][T31390]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.204036][T31390]  __sock_sendmsg+0x21c/0x270
[  864.204068][T31390]  ____sys_sendmsg+0x505/0x830
[  864.204098][T31390]  ? __pfx_____sys_sendmsg+0x10/0x10
[  864.204132][T31390]  ? import_iovec+0x74/0xa0
[  864.204164][T31390]  ___sys_sendmsg+0x21f/0x2a0
[  864.204191][T31390]  ? __pfx____sys_sendmsg+0x10/0x10
[  864.204258][T31390]  ? __fget_files+0x2a/0x420
[  864.204278][T31390]  ? __fget_files+0x3a0/0x420
[  864.204310][T31390]  __x64_sys_sendmsg+0x19b/0x260
[  864.204338][T31390]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  864.204374][T31390]  ? __pfx_ksys_write+0x10/0x10
[  864.204409][T31390]  ? do_syscall_64+0xbe/0xfa0
[  864.204444][T31390]  do_syscall_64+0xfa/0xfa0
[  864.204473][T31390]  ? lockdep_hardirqs_on+0x9c/0x150
[  864.204502][T31390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.204523][T31390]  ? clear_bhb_loop+0x60/0xb0
[  864.204549][T31390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.204570][T31390] RIP: 0033:0x7f058358f749
[  864.204590][T31390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  864.204608][T31390] RSP: 002b:00007f05844ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  864.204638][T31390] RAX: ffffffffffffffda RBX: 00007f05837e5fa0 RCX: 00007f058358f749
[  864.204653][T31390] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  864.204667][T31390] RBP: 00007f05844ce090 R08: 0000000000000000 R09: 0000000000000000
[  864.204680][T31390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  864.204692][T31390] R13: 00007f05837e6038 R14: 00007f05837e5fa0 R15: 00007ffd9b8ce6a8
[  864.204729][T31390]  </TASK>
[  865.010527][T31396] netlink: 596 bytes leftover after parsing attributes in process `syz.4.9281'.
[  865.068307][T31394] netlink: 'syz.4.9281': attribute type 29 has an invalid length.
[  865.079117][T31249] lo speed is unknown, defaulting to 1000
[  865.112667][T31395] netlink: 'syz.4.9281': attribute type 29 has an invalid length.
[  865.683255][T31406] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9288'.
[  865.825845][T31406] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9288'.
[  866.278205][T31423] xt_SECMARK: invalid mode: 9
[  866.336788][T31249] lo speed is unknown, defaulting to 1000
[  866.352913][ T1014] veth0_to_bridge: left allmulticast mode
[  866.362074][T31421] netlink: 256 bytes leftover after parsing attributes in process `syz.1.9292'.
[  866.386270][ T1014] veth0_to_bridge: left promiscuous mode
[  866.426910][ T1014] bridge0: port 3(veth0_to_bridge) entered disabled state
[  866.469709][T31431] IPVS: set_ctl: invalid protocol: 58 0.0.0.0:20004
[  866.483176][ T1014] bridge_slave_1: left allmulticast mode
[  866.488985][ T1014] bridge_slave_1: left promiscuous mode
[  866.502929][ T1014] bridge0: port 2(bridge_slave_1) entered disabled state
[  866.527531][ T1014] bridge_slave_0: left promiscuous mode
[  866.533853][ T1014] bridge0: port 1(bridge_slave_0) entered disabled state
[  866.628777][T31441] netlink: 596 bytes leftover after parsing attributes in process `syz.2.9295'.
[  866.667711][T31442] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9293'.
[  866.925096][ T1014] bond2 (unregistering): (slave ip6gretap1): Removing an active aggregator
[  866.935959][ T1014] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  866.944889][ T1014] bond2 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 8a:02:48:9a:05:9e - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  867.037956][ T1014] bond6 (unregistering): (slave xfrm1): Releasing backup interface
[  867.205357][ T1014] bond0 (unregistering): (slave geneve1): Releasing backup interface
[  867.451169][ T1014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  867.467236][ T1014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  867.478400][ T1014] bond0 (unregistering): Released all slaves
[  867.494334][ T1014] bond1 (unregistering): Released all slaves
[  867.641563][ T1014] bond2 (unregistering): (slave veth3): Releasing backup interface
[  867.655280][ T1014] bond2 (unregistering): Released all slaves
[  867.798169][ T1014] bond3 (unregistering): Released all slaves
[  867.933685][ T1014] bond4 (unregistering): (slave veth5): Releasing backup interface
[  867.944727][ T1014] bond4 (unregistering): Released all slaves
[  867.961181][ T1014] bond5 (unregistering): Released all slaves
[  867.975471][ T1014] bond6 (unregistering): Released all slaves
[  868.117291][ T1014] bond7 (unregistering): (slave veth7): Releasing backup interface
[  868.127141][ T1014] bond7 (unregistering): Released all slaves
[  868.269008][ T1014] bond8 (unregistering): (slave veth9): Releasing backup interface
[  868.278954][ T1014] bond8 (unregistering): Released all slaves
[  868.420470][ T1014] bond9 (unregistering): (slave veth11): Releasing backup interface
[  868.430739][ T1014] bond9 (unregistering): Released all slaves
[  868.576621][ T1014] bond10 (unregistering): Released all slaves
[  868.710150][ T1014] bond11 (unregistering): (slave veth13): Releasing backup interface
[  868.720479][ T1014] bond11 (unregistering): Released all slaves
[  868.860904][ T1014] bond12 (unregistering): Released all slaves
[  868.994165][ T1014] bond13 (unregistering): Released all slaves
[  869.120923][ T1014] bond14 (unregistering): Released all slaves
[  869.255900][ T1014] bond15 (unregistering): (slave veth15): Releasing active interface
[  869.264300][ T1014] veth0_to_bond: entered promiscuous mode
[  869.274812][ T1014] bond15 (unregistering): (slave veth0_to_bond): Releasing active interface
[  869.286491][ T1014] bond15 (unregistering): (slave veth17): Releasing active interface
[  869.300163][ T1014] bond15 (unregistering): Released all slaves
[  869.430450][ T1014] bond16 (unregistering): (slave veth21): Releasing backup interface
[  869.440529][ T1014] bond16 (unregistering): Released all slaves
[  869.582626][ T1014] bond17 (unregistering): (slave veth23): Releasing backup interface
[  869.592781][ T1014] bond17 (unregistering): Released all slaves
[  869.730093][ T1014] bond18 (unregistering): (slave veth25): Releasing backup interface
[  869.740393][ T1014] bond18 (unregistering): Released all slaves
[  869.874842][ T1014] bond19 (unregistering): (slave veth27): Releasing backup interface
[  869.884974][ T1014] bond19 (unregistering): Released all slaves
[  870.019466][ T1014] bond20 (unregistering): (slave veth31): Releasing backup interface
[  870.029694][ T1014] bond20 (unregistering): Released all slaves
[  870.055811][T31421] netlink: 'syz.1.9292': attribute type 29 has an invalid length.
[  870.117846][T31434] netlink: 'syz.2.9295': attribute type 29 has an invalid length.
[  870.212265][ T6398] net_ratelimit: 16902 callbacks suppressed
[  870.212289][ T6398] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  870.243271][T31249] lo speed is unknown, defaulting to 1000
[  870.243804][ T1014] tipc: Left network mode
[  870.259753][T20275] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  870.342342][T20275] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  870.421314][ T6398] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  870.472534][ T6398] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  870.662556][T31468] netlink: 'syz.2.9302': attribute type 1 has an invalid length.
[  870.861867][T31470] bond2: (slave bridge1): making interface the new active one
[  870.903612][T31470] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  870.998935][T31465] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  871.229789][T31249] lo speed is unknown, defaulting to 1000
[  872.527943][T10760] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  872.556812][T10760] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  872.582948][T10760] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  872.591288][T10760] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  872.600196][T10760] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  874.016455][T31249] lo speed is unknown, defaulting to 1000
[  874.023324][T31505] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9313'.
[  874.052436][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  874.113136][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  874.162558][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  874.233081][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  874.258814][T31519] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9319'.
[  874.273737][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  874.299092][T31521] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9318'.
[  874.344557][T31523] FAULT_INJECTION: forcing a failure.
[  874.344557][T31523] name failslab, interval 1, probability 0, space 0, times 0
[  874.351951][T31521] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9318'.
[  874.390299][T31523] CPU: 0 UID: 0 PID: 31523 Comm: syz.0.9320 Not tainted syzkaller #0 PREEMPT(full) 
[  874.390327][T31523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  874.390340][T31523] Call Trace:
[  874.390348][T31523]  <TASK>
[  874.390357][T31523]  dump_stack_lvl+0x189/0x250
[  874.390387][T31523]  ? __pfx____ratelimit+0x10/0x10
[  874.390411][T31523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  874.390435][T31523]  ? __pfx__printk+0x10/0x10
[  874.390458][T31523]  ? __pfx___might_resched+0x10/0x10
[  874.390485][T31523]  should_fail_ex+0x414/0x560
[  874.390521][T31523]  should_failslab+0xa8/0x100
[  874.390544][T31523]  kmem_cache_alloc_node_noprof+0x77/0x710
[  874.390575][T31523]  ? __alloc_skb+0x112/0x2d0
[  874.390600][T31523]  __alloc_skb+0x112/0x2d0
[  874.390623][T31523]  netlink_ack+0x146/0xa50
[  874.390653][T31523]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.390704][T31523]  netlink_rcv_skb+0x28c/0x470
[  874.390722][T31523]  ? __lock_acquire+0xab9/0xd20
[  874.390744][T31523]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.390777][T31523]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  874.390810][T31523]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.390840][T31523]  netlink_unicast+0x82f/0x9e0
[  874.390879][T31523]  ? __pfx_netlink_unicast+0x10/0x10
[  874.390920][T31523]  ? netlink_sendmsg+0x642/0xb30
[  874.390939][T31523]  ? skb_put+0x11b/0x210
[  874.390964][T31523]  netlink_sendmsg+0x805/0xb30
[  874.390996][T31523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.391021][T31523]  ? aa_sock_msg_perm+0xf1/0x1d0
[  874.391056][T31523]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  874.391076][T31523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.391099][T31523]  __sock_sendmsg+0x21c/0x270
[  874.391132][T31523]  ____sys_sendmsg+0x505/0x830
[  874.391161][T31523]  ? __pfx_____sys_sendmsg+0x10/0x10
[  874.391196][T31523]  ? import_iovec+0x74/0xa0
[  874.391227][T31523]  ___sys_sendmsg+0x21f/0x2a0
[  874.391258][T31523]  ? __pfx____sys_sendmsg+0x10/0x10
[  874.391323][T31523]  ? __fget_files+0x2a/0x420
[  874.391343][T31523]  ? __fget_files+0x3a0/0x420
[  874.391375][T31523]  __x64_sys_sendmsg+0x19b/0x260
[  874.391402][T31523]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  874.391436][T31523]  ? __pfx_ksys_write+0x10/0x10
[  874.391471][T31523]  ? do_syscall_64+0xbe/0xfa0
[  874.391505][T31523]  do_syscall_64+0xfa/0xfa0
[  874.391534][T31523]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.391564][T31523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.391585][T31523]  ? clear_bhb_loop+0x60/0xb0
[  874.391611][T31523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.391632][T31523] RIP: 0033:0x7fdfde18f749
[  874.391651][T31523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.391670][T31523] RSP: 002b:00007fdfdf041038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  874.391692][T31523] RAX: ffffffffffffffda RBX: 00007fdfde3e5fa0 RCX: 00007fdfde18f749
[  874.391708][T31523] RDX: 0000000000008000 RSI: 00002000000000c0 RDI: 0000000000000004
[  874.391721][T31523] RBP: 00007fdfdf041090 R08: 0000000000000000 R09: 0000000000000000
[  874.391734][T31523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.391746][T31523] R13: 00007fdfde3e6038 R14: 00007fdfde3e5fa0 R15: 00007ffd8732a458
[  874.391782][T31523]  </TASK>
[  874.399882][T31521] bridge0: port 3(vlan2) entered blocking state
[  874.578486][T31531] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9321'.
[  874.622640][T31521] bridge0: port 3(vlan2) entered disabled state
[  874.732534][T10760] Bluetooth: hci0: command tx timeout
[  874.761792][T31521] vlan2: entered allmulticast mode
[  874.767627][T31521] bridge0: entered allmulticast mode
[  874.777620][T31521] vlan2: left allmulticast mode
[  874.782913][T31521] bridge0: left allmulticast mode
[  874.898170][T31534] bond8: entered promiscuous mode
[  874.903459][T31534] bond8: entered allmulticast mode
[  874.909694][T31534] 8021q: adding VLAN 0 to HW filter on device bond8
[  875.038037][T31249] lo speed is unknown, defaulting to 1000
[  875.203288][T31546] netlink: 'syz.0.9326': attribute type 1 has an invalid length.
[  875.322419][T21316] net_ratelimit: 6 callbacks suppressed
[  875.322441][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.373419][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.463222][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.485584][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.572641][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.589789][T31562] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9335'.
[  875.613198][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.682283][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.724174][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.777632][T31249] lo speed is unknown, defaulting to 1000
[  875.792658][T21323] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  875.800817][T31566] netlink: 76 bytes leftover after parsing attributes in process `syz.4.9333'.
[  876.263125][T31588] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9342'.
[  876.297611][T31588] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9342'.
[  876.425295][T31593] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  876.607311][T31597] netlink: 104 bytes leftover after parsing attributes in process `syz.1.9346'.
[  876.818268][T10760] Bluetooth: hci0: command tx timeout
[  878.240480][T31249] lo speed is unknown, defaulting to 1000
[  878.410784][T31604] FAULT_INJECTION: forcing a failure.
[  878.410784][T31604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  878.482343][T31604] CPU: 0 UID: 0 PID: 31604 Comm: syz.0.9348 Not tainted syzkaller #0 PREEMPT(full) 
[  878.482373][T31604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  878.482386][T31604] Call Trace:
[  878.482395][T31604]  <TASK>
[  878.482405][T31604]  dump_stack_lvl+0x189/0x250
[  878.482440][T31604]  ? __pfx____ratelimit+0x10/0x10
[  878.482468][T31604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  878.482496][T31604]  ? __pfx__printk+0x10/0x10
[  878.482518][T31604]  ? __might_fault+0xb0/0x130
[  878.482572][T31604]  should_fail_ex+0x414/0x560
[  878.482612][T31604]  _copy_from_user+0x2d/0xb0
[  878.482641][T31604]  kstrtouint_from_user+0xc4/0x170
[  878.482667][T31604]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  878.482709][T31604]  proc_fail_nth_write+0x88/0x200
[  878.482738][T31604]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  878.482772][T31604]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  878.482802][T31604]  vfs_write+0x27e/0xb30
[  878.482842][T31604]  ? __pfx_vfs_write+0x10/0x10
[  878.482880][T31604]  ? __fget_files+0x2a/0x420
[  878.482907][T31604]  ? __fget_files+0x3a0/0x420
[  878.482925][T31604]  ? __fget_files+0x2a/0x420
[  878.482955][T31604]  ksys_write+0x145/0x250
[  878.482990][T31604]  ? __pfx_ksys_write+0x10/0x10
[  878.483024][T31604]  ? do_syscall_64+0xbe/0xfa0
[  878.483058][T31604]  do_syscall_64+0xfa/0xfa0
[  878.483087][T31604]  ? lockdep_hardirqs_on+0x9c/0x150
[  878.483117][T31604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.483139][T31604]  ? clear_bhb_loop+0x60/0xb0
[  878.483165][T31604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.483184][T31604] RIP: 0033:0x7fdfde18e1ff
[  878.483202][T31604] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  878.483220][T31604] RSP: 002b:00007fdfdf041030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  878.483242][T31604] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdfde18e1ff
[  878.483256][T31604] RDX: 0000000000000001 RSI: 00007fdfdf0410a0 RDI: 0000000000000005
[  878.483268][T31604] RBP: 00007fdfdf041090 R08: 0000000000000000 R09: 0000000000000000
[  878.483280][T31604] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  878.483291][T31604] R13: 00007fdfde3e6038 R14: 00007fdfde3e5fa0 R15: 00007ffd8732a458
[  878.483325][T31604]  </TASK>
[  878.896241][T10760] Bluetooth: hci0: command tx timeout
[  879.093024][T31617] netlink: 'syz.0.9354': attribute type 1 has an invalid length.
[  879.423346][T31630] syzkaller0: tun_chr_ioctl cmd 1074025677
[  879.432647][T31630] syzkaller0: Linktype set failed because interface is up
[  879.475054][T31633] __nla_validate_parse: 2 callbacks suppressed
[  879.475076][T31633] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9358'.
[  879.529221][T21323] syzkaller0: tun_net_xmit 76
[  879.542518][T21323] syzkaller0: tun_net_xmit 48
[  879.552509][T15437] syzkaller0: tun_net_xmit 76
[  879.602465][ T5915] syzkaller0: tun_net_xmit 76
[  880.015443][T23066] syzkaller0: tun_net_xmit 76
[  880.187099][T31653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9362'.
[  880.973000][T10760] Bluetooth: hci0: command tx timeout
[  881.273964][T31659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9364'.
[  881.283720][T31659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9364'.
[  882.224333][T31653] macvlan2: entered promiscuous mode
[  882.229706][T31653] macvlan2: entered allmulticast mode
[  882.265891][T31659] bridge0: port 3(vlan2) entered blocking state
[  882.296693][T31661] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9366'.
[  882.298334][T31659] bridge0: port 3(vlan2) entered disabled state
[  882.314433][T31659] vlan2: entered allmulticast mode
[  882.320362][T31659] bridge0: entered allmulticast mode
[  882.337028][T31659] vlan2: left allmulticast mode
[  882.341974][T31659] bridge0: left allmulticast mode
[  882.373907][ T1014] hsr_slave_0: left promiscuous mode
[  882.381037][ T1014] hsr_slave_1: left promiscuous mode
[  882.415741][ T1014] veth1_macvtap: left promiscuous mode
[  882.421563][ T1014] veth0_macvtap: left promiscuous mode
[  882.427734][ T1014] veth1_vlan: left promiscuous mode
[  882.433962][ T1014] veth0_vlan: left promiscuous mode
[  883.358593][ T1014] team0 (unregistering): Port device team_slave_1 removed
[  883.410187][ T1014] team0 (unregistering): Port device team_slave_0 removed
[  883.840240][T31661] bridge0: port 2(bridge_slave_1) entered disabled state
[  883.848650][T31661] bridge0: port 1(bridge_slave_0) entered disabled state
[  883.872603][T31671] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9369'.
[  884.053232][ T2955] net_ratelimit: 16 callbacks suppressed
[  884.053257][ T2955] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  884.145320][T31681] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  884.162318][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  884.322711][ T2955] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  884.341217][ T2955] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  884.512403][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  884.542678][T31511] chnl_net:caif_netlink_parms(): no params data found
[  884.572101][ T1014] IPVS: stop unused estimator thread 0...
[  884.604514][T31700] bond2: peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms
[  884.611095][T31708] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9377'.
[  884.617089][T31700] bond2: entered promiscuous mode
[  884.630120][T31700] bond2: entered allmulticast mode
[  884.636098][T31700] 8021q: adding VLAN 0 to HW filter on device bond2
[  884.678052][T31708] chnl_net:caif_netlink_parms(): no params data found
[  884.822379][T21316] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  884.847574][T31717] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9381'.
[  884.961763][ T1014] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  884.976431][ T1014] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  885.123480][ T1014] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.137589][ T1014] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  885.166968][T31511] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.174603][T31511] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.182029][T31511] bridge_slave_0: entered allmulticast mode
[  885.190557][T31511] bridge_slave_0: entered promiscuous mode
[  885.284423][ T1014] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.300872][ T1014] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  885.331930][T31511] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.349869][T31511] bridge0: port 2(bridge_slave_1) entered disabled state
[  885.373417][T31511] bridge_slave_1: entered allmulticast mode
[  885.393631][T31511] bridge_slave_1: entered promiscuous mode
[  885.528047][ T1014] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.570344][ T1014] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  885.644299][T31511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  885.749694][T31511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  885.899770][ T2955] smc: removing ib device syz1
[  885.953149][T20274] bond1: (slave ip6gretap1): failed to get link speed/duplex
[  885.985298][T31511] team0: Port device team_slave_0 added
[  886.002921][ T5979] ==================================================================
[  886.011052][ T5979] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[  886.019840][ T5979] Read of size 8 at addr ffff888057a282e8 by task kworker/1:6/5979
[  886.027745][ T5979] 
[  886.030087][ T5979] CPU: 1 UID: 0 PID: 5979 Comm: kworker/1:6 Not tainted syzkaller #0 PREEMPT(full) 
[  886.030109][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  886.030122][ T5979] Workqueue: events smc_ib_port_event_work
[  886.030151][ T5979] Call Trace:
[  886.030158][ T5979]  <TASK>
[  886.030166][ T5979]  dump_stack_lvl+0x189/0x250
[  886.030190][ T5979]  ? rcu_is_watching+0x15/0xb0
[  886.030209][ T5979]  ? __kasan_check_byte+0x12/0x40
[  886.030226][ T5979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  886.030248][ T5979]  ? rcu_is_watching+0x15/0xb0
[  886.030266][ T5979]  ? lock_release+0x4b/0x3e0
[  886.030285][ T5979]  ? __virt_addr_valid+0x1c8/0x5c0
[  886.030309][ T5979]  ? __virt_addr_valid+0x4a5/0x5c0
[  886.030333][ T5979]  print_report+0xca/0x240
[  886.030353][ T5979]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  886.030373][ T5979]  kasan_report+0x118/0x150
[  886.030390][ T5979]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  886.030413][ T5979]  __ethtool_get_link_ksettings+0x6e/0x190
[  886.030435][ T5979]  ib_get_eth_speed+0x15e/0x7b0
[  886.030460][ T5979]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  886.030488][ T5979]  ? do_raw_spin_unlock+0x122/0x240
[  886.030517][ T5979]  rxe_query_port+0x93/0x3b0
[  886.030539][ T5979]  ib_query_port+0x170/0x830
[  886.030568][ T5979]  smc_ib_port_event_work+0x15a/0x940
[  886.030595][ T5979]  ? _raw_spin_unlock_irq+0x23/0x50
[  886.030617][ T5979]  ? process_scheduled_works+0x9ef/0x17b0
[  886.030635][ T5979]  ? process_scheduled_works+0x9ef/0x17b0
[  886.030654][ T5979]  process_scheduled_works+0xae1/0x17b0
[  886.030685][ T5979]  ? __pfx_process_scheduled_works+0x10/0x10
[  886.030711][ T5979]  worker_thread+0x8a0/0xda0
[  886.030731][ T5979]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  886.030757][ T5979]  ? __kthread_parkme+0x7b/0x200
[  886.030781][ T5979]  kthread+0x711/0x8a0
[  886.030811][ T5979]  ? __pfx_worker_thread+0x10/0x10
[  886.030829][ T5979]  ? __pfx_kthread+0x10/0x10
[  886.030852][ T5979]  ? _raw_spin_unlock_irq+0x23/0x50
[  886.030873][ T5979]  ? lockdep_hardirqs_on+0x9c/0x150
[  886.030895][ T5979]  ? __pfx_kthread+0x10/0x10
[  886.030918][ T5979]  ret_from_fork+0x4bc/0x870
[  886.030936][ T5979]  ? __pfx_ret_from_fork+0x10/0x10
[  886.030957][ T5979]  ? __switch_to_asm+0x39/0x70
[  886.030971][ T5979]  ? __switch_to_asm+0x33/0x70
[  886.030984][ T5979]  ? __pfx_kthread+0x10/0x10
[  886.031006][ T5979]  ret_from_fork_asm+0x1a/0x30
[  886.031029][ T5979]  </TASK>
[  886.031035][ T5979] 
[  886.264870][ T5979] Allocated by task 26025:
[  886.269311][ T5979]  kasan_save_track+0x3e/0x80
[  886.274009][ T5979]  __kasan_kmalloc+0x93/0xb0
[  886.278623][ T5979]  __kvmalloc_node_noprof+0x5cd/0x910
[  886.284039][ T5979]  alloc_netdev_mqs+0xa6/0x11b0
[  886.289103][ T5979]  rtnl_create_link+0x31f/0xd10
[  886.293967][ T5979]  rtnl_newlink_create+0x25c/0xb00
[  886.299084][ T5979]  rtnl_newlink+0x16e4/0x1c80
[  886.303784][ T5979]  rtnetlink_rcv_msg+0x7cf/0xb70
[  886.308752][ T5979]  netlink_rcv_skb+0x208/0x470
[  886.313529][ T5979]  netlink_unicast+0x82f/0x9e0
[  886.318308][ T5979]  netlink_sendmsg+0x805/0xb30
[  886.323080][ T5979]  __sock_sendmsg+0x21c/0x270
[  886.327779][ T5979]  __sys_sendto+0x3bd/0x520
[  886.332295][ T5979]  __x64_sys_sendto+0xde/0x100
[  886.337091][ T5979]  do_syscall_64+0xfa/0xfa0
[  886.341610][ T5979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.347546][ T5979] 
[  886.349887][ T5979] Freed by task 31754:
[  886.353968][ T5979]  kasan_save_track+0x3e/0x80
[  886.358779][ T5979]  __kasan_save_free_info+0x46/0x50
[  886.363997][ T5979]  __kasan_slab_free+0x5c/0x80
[  886.368783][ T5979]  kfree+0x19a/0x6d0
[  886.372698][ T5979]  device_release+0x9c/0x1c0
[  886.377306][ T5979]  kobject_put+0x22b/0x480
[  886.381740][ T5979]  netdev_run_todo+0xd2e/0xea0
[  886.386524][ T5979]  rtnl_dellink+0x5aa/0x700
[  886.391044][ T5979]  rtnetlink_rcv_msg+0x7cf/0xb70
[  886.396034][ T5979]  netlink_rcv_skb+0x208/0x470
[  886.400804][ T5979]  netlink_unicast+0x82f/0x9e0
[  886.405586][ T5979]  netlink_sendmsg+0x805/0xb30
[  886.410360][ T5979]  __sock_sendmsg+0x21c/0x270
[  886.415062][ T5979]  ____sys_sendmsg+0x505/0x830
[  886.419852][ T5979]  ___sys_sendmsg+0x21f/0x2a0
[  886.424537][ T5979]  __x64_sys_sendmsg+0x19b/0x260
[  886.429485][ T5979]  do_syscall_64+0xfa/0xfa0
[  886.434006][ T5979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.439910][ T5979] 
[  886.442244][ T5979] The buggy address belongs to the object at ffff888057a28000
[  886.442244][ T5979]  which belongs to the cache kmalloc-cg-4k of size 4096
[  886.456561][ T5979] The buggy address is located 744 bytes inside of
[  886.456561][ T5979]  freed 4096-byte region [ffff888057a28000, ffff888057a29000)
[  886.470455][ T5979] 
[  886.472791][ T5979] The buggy address belongs to the physical page:
[  886.479230][ T5979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57a28
[  886.487996][ T5979] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  886.496503][ T5979] memcg:ffff888067c96581
[  886.500759][ T5979] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  886.508312][ T5979] page_type: f5(slab)
[  886.512305][ T5979] raw: 00fff00000000040 ffff88801a030500 dead000000000122 0000000000000000
[  886.520897][ T5979] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff888067c96581
[  886.529496][ T5979] head: 00fff00000000040 ffff88801a030500 dead000000000122 0000000000000000
[  886.538179][ T5979] head: 0000000000000000 0000000000040004 00000000f5000000 ffff888067c96581
[  886.546859][ T5979] head: 00fff00000000003 ffffea00015e8a01 00000000ffffffff 00000000ffffffff
[  886.555536][ T5979] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  886.564297][ T5979] page dumped because: kasan: bad access detected
[  886.570729][ T5979] page_owner tracks the page as allocated
[  886.576466][ T5979] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 26025, tgid 26025 (syz-executor), ts 670858749410, free_ts 670541917327
[  886.599929][ T5979]  post_alloc_hook+0x240/0x2a0
[  886.604803][ T5979]  get_page_from_freelist+0x2365/0x2440
[  886.610356][ T5979]  __alloc_frozen_pages_noprof+0x181/0x370
[  886.616172][ T5979]  alloc_pages_mpol+0x232/0x4a0
[  886.621031][ T5979]  allocate_slab+0x96/0x350
[  886.625570][ T5979]  ___slab_alloc+0xf56/0x1990
[  886.630253][ T5979]  __slab_alloc+0x65/0x100
[  886.634678][ T5979]  __kvmalloc_node_noprof+0x6ba/0x910
[  886.640070][ T5979]  alloc_netdev_mqs+0xa6/0x11b0
[  886.644955][ T5979]  rtnl_create_link+0x31f/0xd10
[  886.649828][ T5979]  rtnl_newlink_create+0x25c/0xb00
[  886.654941][ T5979]  rtnl_newlink+0x16e4/0x1c80
[  886.659630][ T5979]  rtnetlink_rcv_msg+0x7cf/0xb70
[  886.664590][ T5979]  netlink_rcv_skb+0x208/0x470
[  886.669360][ T5979]  netlink_unicast+0x82f/0x9e0
[  886.674139][ T5979]  netlink_sendmsg+0x805/0xb30
[  886.678912][ T5979] page last free pid 26025 tgid 26025 stack trace:
[  886.685417][ T5979]  __free_frozen_pages+0xbc4/0xd30
[  886.690551][ T5979]  __put_partials+0x146/0x170
[  886.695238][ T5979]  put_cpu_partial+0x1f2/0x2e0
[  886.700022][ T5979]  __slab_free+0x2b9/0x390
[  886.704538][ T5979]  qlist_free_all+0x97/0x140
[  886.709146][ T5979]  kasan_quarantine_reduce+0x148/0x160
[  886.714708][ T5979]  __kasan_slab_alloc+0x22/0x80
[  886.719581][ T5979]  __kmalloc_cache_noprof+0x36f/0x6f0
[  886.724972][ T5979]  ref_tracker_alloc+0x133/0x460
[  886.729913][ T5979]  netdev_queue_update_kobjects+0x1d1/0x6c0
[  886.735916][ T5979]  netdev_register_kobject+0x258/0x310
[  886.741399][ T5979]  register_netdevice+0x126c/0x1ae0
[  886.746611][ T5979]  veth_newlink+0x437/0xa60
[  886.751122][ T5979]  rtnl_newlink_create+0x310/0xb00
[  886.756243][ T5979]  rtnl_newlink+0x16e4/0x1c80
[  886.760934][ T5979]  rtnetlink_rcv_msg+0x7cf/0xb70
[  886.765890][ T5979] 
[  886.768216][ T5979] Memory state around the buggy address:
[  886.773850][ T5979]  ffff888057a28180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  886.781934][ T5979]  ffff888057a28200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  886.790038][ T5979] >ffff888057a28280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  886.798115][ T5979]                                                           ^
[  886.805589][ T5979]  ffff888057a28300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  886.813687][ T5979]  ffff888057a28380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  886.821753][ T5979] ==================================================================
[  886.862762][ T5979] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  886.870480][ T5979] CPU: 1 UID: 0 PID: 5979 Comm: kworker/1:6 Not tainted syzkaller #0 PREEMPT(full) 
[  886.879937][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  886.890006][ T5979] Workqueue: events smc_ib_port_event_work
[  886.895868][ T5979] Call Trace:
[  886.899153][ T5979]  <TASK>
[  886.902088][ T5979]  dump_stack_lvl+0x99/0x250
[  886.906704][ T5979]  ? __asan_memcpy+0x40/0x70
[  886.911304][ T5979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  886.916515][ T5979]  ? __pfx__printk+0x10/0x10
[  886.921122][ T5979]  vpanic+0x237/0x6d0
[  886.925122][ T5979]  ? __pfx_vpanic+0x10/0x10
[  886.929646][ T5979]  ? preempt_schedule+0xae/0xc0
[  886.934505][ T5979]  ? __pfx_preempt_schedule+0x10/0x10
[  886.939892][ T5979]  panic+0xb9/0xc0
[  886.943634][ T5979]  ? __pfx_panic+0x10/0x10
[  886.948068][ T5979]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  886.953978][ T5979]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  886.959965][ T5979]  check_panic_on_warn+0x89/0xb0
[  886.964921][ T5979]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  886.970909][ T5979]  end_report+0x78/0x160
[  886.975159][ T5979]  kasan_report+0x129/0x150
[  886.979688][ T5979]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  886.985711][ T5979]  __ethtool_get_link_ksettings+0x6e/0x190
[  886.991533][ T5979]  ib_get_eth_speed+0x15e/0x7b0
[  886.996402][ T5979]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  887.001875][ T5979]  ? do_raw_spin_unlock+0x122/0x240
[  887.007096][ T5979]  rxe_query_port+0x93/0x3b0
[  887.011695][ T5979]  ib_query_port+0x170/0x830
[  887.016298][ T5979]  smc_ib_port_event_work+0x15a/0x940
[  887.021685][ T5979]  ? _raw_spin_unlock_irq+0x23/0x50
[  887.026891][ T5979]  ? process_scheduled_works+0x9ef/0x17b0
[  887.032618][ T5979]  ? process_scheduled_works+0x9ef/0x17b0
[  887.038350][ T5979]  process_scheduled_works+0xae1/0x17b0
[  887.043914][ T5979]  ? __pfx_process_scheduled_works+0x10/0x10
[  887.050001][ T5979]  worker_thread+0x8a0/0xda0
[  887.054608][ T5979]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  887.060951][ T5979]  ? __kthread_parkme+0x7b/0x200
[  887.065901][ T5979]  kthread+0x711/0x8a0
[  887.070005][ T5979]  ? __pfx_worker_thread+0x10/0x10
[  887.075131][ T5979]  ? __pfx_kthread+0x10/0x10
[  887.079763][ T5979]  ? _raw_spin_unlock_irq+0x23/0x50
[  887.084980][ T5979]  ? lockdep_hardirqs_on+0x9c/0x150
[  887.090192][ T5979]  ? __pfx_kthread+0x10/0x10
[  887.094807][ T5979]  ret_from_fork+0x4bc/0x870
[  887.099406][ T5979]  ? __pfx_ret_from_fork+0x10/0x10
[  887.104526][ T5979]  ? __switch_to_asm+0x39/0x70
[  887.109299][ T5979]  ? __switch_to_asm+0x33/0x70
[  887.114153][ T5979]  ? __pfx_kthread+0x10/0x10
[  887.118760][ T5979]  ret_from_fork_asm+0x1a/0x30
[  887.123542][ T5979]  </TASK>
[  887.126931][ T5979] Kernel Offset: disabled
[  887.131265][ T5979] Rebooting in 86400 seconds..