last executing test programs:

1m43.216329907s ago: executing program 0 (id=59):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000030529bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="09840000000000003c0012800b00010062726964676500002c000280060027000300000006000600fcff000008001d00000000000500260000000000050025"], 0x64}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xffffffff}, 0x1c)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff00000006000000000800000086dd88a888"], 0x0)

1m20.567899326s ago: executing program 0 (id=59):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000030529bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="09840000000000003c0012800b00010062726964676500002c000280060027000300000006000600fcff000008001d00000000000500260000000000050025"], 0x64}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xffffffff}, 0x1c)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff00000006000000000800000086dd88a888"], 0x0)

1m3.889070266s ago: executing program 0 (id=59):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000030529bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="09840000000000003c0012800b00010062726964676500002c000280060027000300000006000600fcff000008001d00000000000500260000000000050025"], 0x64}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xffffffff}, 0x1c)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff00000006000000000800000086dd88a888"], 0x0)

48.843877471s ago: executing program 0 (id=59):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000030529bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="09840000000000003c0012800b00010062726964676500002c000280060027000300000006000600fcff000008001d00000000000500260000000000050025"], 0x64}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xffffffff}, 0x1c)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff00000006000000000800000086dd88a888"], 0x0)

41.076604747s ago: executing program 2 (id=944):
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
splice(r1, 0x0, r0, 0x0, 0xffffffffffff8000, 0x0)
close(r1)
write$cgroup_subtree(r2, &(0x7f0000003100)=ANY=[], 0x10448) (fail_nth: 21)

40.604480469s ago: executing program 2 (id=947):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="0200000001"], 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x50, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="02"], 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[], 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="27031c00590214000000002f1eafbcf706e105000000894f000f1102ee1680ca8286cee844000000000019b0fb0bba00"/65, 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada32bc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d3333ce2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8d223fbcfe5a638cfeb9f79c930a4dffd35ed8371cff78119319b2b62c7cd937cac497e6bd5623e755ef26cb00000000000026fe0000", 0x87}, {&(0x7f0000000540)="fe112162c63e6da8bc84614c32294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cda6d167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b0a00000000000000a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb3685a55722f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad717979d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b3a83cbe56d24f14ab78fd718947077ea736251c7b8eee267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a8a7d36be414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c91919cd3f02530cdf3435063e2d2cab17b0", 0x1b0}], 0x3}, 0x0)

40.492798675s ago: executing program 2 (id=948):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x2}, {}]}]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x38, 0xff9, 0x8}, 0x20)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000400)=0xc)
ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000140)={0x3, @bcast, r2})

39.896526588s ago: executing program 2 (id=951):
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'ip_vti0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}, @TCA_NETEM_RATE={0x14, 0xd}]}}}]}, 0x64}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0c372380f159a69ab708ecff000000007b8af8ffb1e50d3f000000990224d5c6622964ed00bc820000f8ffffffb703000008000000b7030000000000008500000097aae25e6b019e9b748ec275f1327d830ff3b9b3ff21f2ca2b5e2dd21b00055fa6f04b4a1cad94d2aa0c805ce482e04603c2957d5e6b71f71d1a241f31c8b0d836a10295f85cb4ad9a97fa83ea87737f17946206859fed594756fb734350edac87784295d56028f9a812103aa46b590193eb71ee395b78e8e1ce53dbadca739906d504af946aced272e746be7e72ecd527cbf5da2156cda421cad562cdc8359211cef73b874b6668993445361025bae72c6832f437dadfbb35506efd712b6a39d1ff10cd05e51452fc5e0000000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000240)=@req={0xfffffbff, 0x6, 0x9, 0x9}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2b}, {}, {0x0, 0xfef2}, 0x0, 0x1, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@val={0x88a8, 0x0, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x1}}, {@arp={0x806, @generic={0xffff, 0x6002, 0x6, 0x0, 0x1, @multicast, "", @multicast}}}}, 0x0)

31.942107834s ago: executing program 0 (id=59):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000030529bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="09840000000000003c0012800b00010062726964676500002c000280060027000300000006000600fcff000008001d00000000000500260000000000050025"], 0x64}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xffffffff}, 0x1c)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff00000006000000000800000086dd88a888"], 0x0)

25.978116993s ago: executing program 2 (id=951):
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'ip_vti0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}, @TCA_NETEM_RATE={0x14, 0xd}]}}}]}, 0x64}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0c372380f159a69ab708ecff000000007b8af8ffb1e50d3f000000990224d5c6622964ed00bc820000f8ffffffb703000008000000b7030000000000008500000097aae25e6b019e9b748ec275f1327d830ff3b9b3ff21f2ca2b5e2dd21b00055fa6f04b4a1cad94d2aa0c805ce482e04603c2957d5e6b71f71d1a241f31c8b0d836a10295f85cb4ad9a97fa83ea87737f17946206859fed594756fb734350edac87784295d56028f9a812103aa46b590193eb71ee395b78e8e1ce53dbadca739906d504af946aced272e746be7e72ecd527cbf5da2156cda421cad562cdc8359211cef73b874b6668993445361025bae72c6832f437dadfbb35506efd712b6a39d1ff10cd05e51452fc5e0000000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000240)=@req={0xfffffbff, 0x6, 0x9, 0x9}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2b}, {}, {0x0, 0xfef2}, 0x0, 0x1, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@val={0x88a8, 0x0, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x1}}, {@arp={0x806, @generic={0xffff, 0x6002, 0x6, 0x0, 0x1, @multicast, "", @multicast}}}}, 0x0)

14.00437895s ago: executing program 0 (id=59):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000030529bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="09840000000000003c0012800b00010062726964676500002c000280060027000300000006000600fcff000008001d00000000000500260000000000050025"], 0x64}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xffffffff}, 0x1c)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff00000006000000000800000086dd88a888"], 0x0)

12.698380803s ago: executing program 2 (id=951):
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'ip_vti0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}, @TCA_NETEM_RATE={0x14, 0xd}]}}}]}, 0x64}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0c372380f159a69ab708ecff000000007b8af8ffb1e50d3f000000990224d5c6622964ed00bc820000f8ffffffb703000008000000b7030000000000008500000097aae25e6b019e9b748ec275f1327d830ff3b9b3ff21f2ca2b5e2dd21b00055fa6f04b4a1cad94d2aa0c805ce482e04603c2957d5e6b71f71d1a241f31c8b0d836a10295f85cb4ad9a97fa83ea87737f17946206859fed594756fb734350edac87784295d56028f9a812103aa46b590193eb71ee395b78e8e1ce53dbadca739906d504af946aced272e746be7e72ecd527cbf5da2156cda421cad562cdc8359211cef73b874b6668993445361025bae72c6832f437dadfbb35506efd712b6a39d1ff10cd05e51452fc5e0000000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000240)=@req={0xfffffbff, 0x6, 0x9, 0x9}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2b}, {}, {0x0, 0xfef2}, 0x0, 0x1, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@val={0x88a8, 0x0, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x1}}, {@arp={0x806, @generic={0xffff, 0x6002, 0x6, 0x0, 0x1, @multicast, "", @multicast}}}}, 0x0)

2.415472552s ago: executing program 3 (id=1136):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x806000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x2a, 0x0, 0x1}, 0x20)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, 0x0, 0x40000)
ioctl$SIOCSIFHWADDR(r1, 0x8937, &(0x7f0000000000)={'veth1_virt_wifi\x00', @random="010000201000"})
r3 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
epoll_pwait(r3, &(0x7f0000000140)=[{}], 0x1, 0x2d516fb6, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r3, &(0x7f0000000000)={0xa0000001})
getpeername$unix(r4, &(0x7f0000000240)=@abs, &(0x7f00000000c0)=0x6e)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000090a010400000000000000000100000008004b4dd34800000900020073797a32000000000900010073797a30000000000800054000000021300011800b00010074617267657425002000028005000300c400000008000240000000000a0001004155444954000000140000001000010000000000000000000500000a"], 0xb4}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r9, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x2000)
ioctl$TUNSETNOCSUM(r10, 0xc040ff0b, 0x0)
getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f00000003c0), &(0x7f00000002c0)=0x80)
ppoll(&(0x7f0000000200)=[{r6, 0x1}], 0x1, 0x0, 0x0, 0x3)
epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x400)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000180))
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc})

1.788506591s ago: executing program 4 (id=1140):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x2, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x3}, 0x50) (async)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x2, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x16, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2c3, 0x0, 0x0, 0x0, 0x7a0}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @ldst={0x1, 0x1, 0x0, 0x3, 0x7, 0xffffffffffffffff, 0x1}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xa2}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc6, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc///\x00\x82q\xee\x00!\xbd\xc2\x98#YP\xee\x9c2G\xf0\x81x\x97'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)

1.665465257s ago: executing program 4 (id=1141):
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8)
unshare(0x20000400)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e40)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CSA_IES={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004004}, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r2, 0x4, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7fff}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x6}]}, 0x2c}}, 0x800)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x300000d, 0x6052, r5, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="180500000000000000000000000000001836000005000000000000000600000095"], &(0x7f0000000540)='syzkaller\x00', 0x5, 0xdb, &(0x7f0000003e40)=""/219, 0x41000, 0x74, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "1e1907", 0xc, 0x2f, 0x0, @remote, @mcast2, {[], {0x0, 0x6558, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000000300000008000000e2cf00003082", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000005000000030000000000", @ANYRES32], 0x50)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffe})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2400000026000100000000000000000008000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32], 0x24}], 0x1}, 0x0)
getsockopt$inet6_mptcp_buf(r7, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000003e0007012dbd7000fcdbdf25047c000004006e001c00018006000600800a0000100007"], 0x34}}, 0x0)

1.41256449s ago: executing program 4 (id=1144):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0}) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'hsr0\x00', <r2=>0x0}) (rerun: 64)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="40090000873201252000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="ffbada9df56719997ee2dd52beb5d9ab7f38b7e9d8ce6bf2168fb26139a3197188073d376630242ba7d039e4b1f39c6fa79be063f66195620f1f2c883b005b965dc3e57427fc553755b92749fb988bc49acb84599ce7a8270df93d9449253cdc742051760da1350c93ddaf8b0418ff484055cbc5b0139d2b4e711825c4bd0f1e3737b46e04a26ed71827b83c2f50cb28b2b1cd8a499685191e99104b4017ef03e5f31a3a01750a02550859636ab0876bd034a03f1da16c4450ffbe9f0fb9827b935958b774d2b1b16f1ce257ee0fd98479e2ef1ccb13e23efe47bd3d21744b1581f15aed072e2a74a2bc5592861eb343e99c9d85fc06fa0dbe71aac1eadf4c356a006a9ed20483ff828ea545190e996e6918d9daa8c5161ce67fd2a577c0e7e087cb56a27c046c5683ed8c74b806f8319edb"], 0x40}, 0x1, 0x0, 0x0, 0xd1}, 0x0)

1.379516347s ago: executing program 3 (id=1145):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001001700"], 0x1c}}, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r7}, &(0x7f0000000600), &(0x7f0000000940)}, 0x20)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='percpu_alloc_percpu\x00', r9}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c)
splice(r6, 0x0, r8, 0x0, 0xf3a, 0x0)
write(r4, &(0x7f0000000240)="94", 0x1)
tee(r3, r8, 0x8f5, 0x100000000000000)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, 0x0, 0x60800)
write$cgroup_type(r8, &(0x7f0000000180), 0x9)
write(r5, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2c}}, @time_exceeded={0x5, 0xea452954ff7d0934, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0xd, 0x1, 0x0, @local, @empty}, "001863714ab99043"}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
socket$inet6_tcp(0xa, 0x1, 0x0)

1.272630795s ago: executing program 4 (id=1146):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x33, &(0x7f00000008c0)=';', 0x1)

1.158319365s ago: executing program 4 (id=1148):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x25, 0x16, &(0x7f0000000c40)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6cd8532c}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x75}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f0000000100)='GPL\x00', 0x100, 0xbc, &(0x7f0000000d00)=""/188, 0x41100, 0x40, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000dc0)={0x1, 0xc, 0xffffcdd3, 0x10}, 0x10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000e00)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000e40)=[{0x3, 0x1, 0x7, 0x9}, {0x1, 0x2, 0x8, 0x5}, {0x0, 0x2, 0x7, 0x8}, {0x3, 0x5, 0x10}, {0x3, 0x2, 0x0, 0x1}, {0x1, 0x4, 0xc, 0x2}, {0x0, 0x2, 0x6, 0x1}, {0x4, 0x1, 0x6, 0x1}], 0x10, 0x6}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a02fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000000000001d440000000000006b0a04fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f46d341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a827aeb66c4cf778e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebb2a7ef1491ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000080), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYRES64=r1, @ANYRES32=r1], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x1b, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

1.004692461s ago: executing program 1 (id=1150):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="05000000000000007910b8000000000055000000000000009500000c000000006e74eca6cf9181df413c26b1819cc72f09e2740df421d67d7338c879ff5a80a3f4e56770b473d8b72a000000000000000018f6c47c442d1aebac7a8ef1618cbf378a33af0f809a73e491145e656d2105e68a31647221e841c95dfefc11061366cc036247aba99b7f16700de80f2b7b78233a4982916745d0d9b5494355b8dcf4cf9740d762aa313a9361dd43e909b91fdcd047a344536c48b3815b8b2bde5bb1509f31986e6d5e0cc8700259fd426c662aa05a3f1e571d061143215bf955570dc9fe1b6fdb4a8a232d9db3e6165bd19175e1a32fc54d6df3bbe0ed9477435a49bad3a19de4abdb7d94e207fc72a4adb94c83c797ceb1ae4c2c0db84afe00d52acbaac2a1d1ff2aa6dac0979875de707bd22449847ae03f2a7bfb2995054753b2fa4b8ffbe441bd643cc1cd1fcb0c3dd02af36b333fb0f989b187f76618fe08123c06984863b3e1b6f0e1fa4ac726b36d8ebd2ed96d8a0201cac44761"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
unshare(0x2c020400)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x2}, 0x94)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r2, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x4000, './file0\x00'}, 0x6e, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
recvmmsg(r1, &(0x7f0000005180), 0x400000000000166, 0x1a000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x3c2d95585913d2a0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)=ANY=[@ANYBLOB="682400003e000701feffffff00000000017c000008004280040008000c00018006000600aa470000402402"], 0x2468}, 0x1, 0x0, 0x0, 0x4004c000}, 0x40000)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000002200010324bd7002ffdbff2501"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)

990.418993ms ago: executing program 4 (id=1151):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
unshare(0x62040200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000006a0001002abd7000ffdbdf250081000000000000080001"], 0x20}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000003440)='./cgroup/syz0\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='-1'], 0x27)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0) (async)
bind$inet(r2, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc01, 0x3, 0x2298, 0x1100, 0x5002004a, 0x0, 0x0, 0x0, 0x2200, 0x3c8, 0x3c8, 0x2200, 0x3c8, 0x3, 0x0, {[{{@uncond, 0x60, 0x10a0, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x2, 0x1, 0x7], 0x6, 0x2}, {0x2, [0x0, 0x6, 0x4, 0x9, 0x0, 0x89ce99baffcf6900], 0x1, 0x1}}}}, {{@uncond, 0x0, 0x10a0, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x1, 0x1, './cgroup.net/syz1\x00', 0x2, {0x5}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@loopback, [0xffffff00, 0xff000000, 0xff, 0xff0000ff], 0x4e22, 0x4c20, 0x4e24, 0x4e23, 0xc9, 0x0, 0x3b, 0x83, 0x25}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x22f8)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) (async)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) (async)
sendto$inet(r2, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r7 = socket(0x15, 0x5, 0x0) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000000000000000000000000008500000087000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r7, 0x114, 0xa, 0x0, 0x0) (async)
r9 = socket$kcm(0x10, 0x2, 0x4) (async)
syz_emit_ethernet(0x1135, &(0x7f0000004780)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff08004100112700650000072f90780a010100000000004424d743ac14142a000002006401010200000009e0000001000000036401010200007fff940400000707ca0a010100000420880b10000002112cc5f4b3db0d4e85375d12bc340c230f1cdb63f8823eeb7d7cda71a11b4e84f222b9241bf59f8ebfb1e4aaccd0049c0b4a6f3beffd3e2642d8282b115ad3d4a03c8b43c73658d8de8565979066b69f41a9c5987cf22e5448f26f8166c78c4315c6ddb0b1c311352da1102cf79b4f34981e7fa60e00697255043132360dcb009335376bc0d55087dcb92fc4cc15333b2ad3ce85c6fe112a4483794998304fa8b974b13b68d9f6ab71cdc18377fcc7b460a03a22dc2cf6fe019ee6e8ca20450da68f2715d78c9c657f2b361c6db19b7118115b17e7809c0c359d6aef55933c513ae810f8e405781fd29392df3a83503e91f41ec1c1daf87f674a92f16099ab47aa723d4567e90d3351698e5ee97e6ef84a56f46bb9008800fe42b4176c9cf3e8f37496f63ecf916ebc695490babfa9fb43988e644f9555d40972a20be342fd92f4d044b4f1deb0ce7564fef9e31229504b57996568f8c137a9d2645c536f2fce48026afdfe4f2fe6e587550dc3ed49b2de309abbc2c941867633f92998fad03c0205f5cbd0fb7ac5a75a3c0fb57c6c71a3efa5f48100a6af292c91e6b29a1235ba2cbd38125ca4985c6ec06003c15d3fa0cdbd912d850e73b8c8f5fc1b9834bf48ea7fc097104ac74d70490643d1f53e308814baad2911c184b471bf19cf9927d978e32b0942330eee0f8d2f935478fcc3c8e603ce2612982c19bb07e7afaf202e720de631f0d7fbbb67b6f0301fb7350b96ac1dfa0ec513e7069afa223fd808fb7e4f55ea0ea814646d1aa7c30b1a7a7396318d8cd9fd575150b4eadc8f94cee2fc33db7d6e9fa0db3df4ce3bd0a1b1fa35ec2d4184646066234e306558d83a7d114b4c417646476e06e521915f933feb236663803c3bad63c0f9f72812723bd49855b5b1625800385addc6f99d97db877241e4c90f21bd9ecf854e6a89500dad2e336c2bdad885348ec3214c693954de7fc4392b40b0ec8accef26288f0572067d7d6f553eba3b15c9f5ec986acdcddec7918dc10182a0cc7ea27f130fd2887467f4d58ffdb0ee7ab4783ed44c0bc4fba7fdaa291b6d789267592660e2fc317074034eddc4d28465ed9d3303ae6410c06895e91227eed899a2508111762c5dc533ab84a99773443f1d2207acbdb1f01a569636d6861adeb1cf5d6f3aff5c5562838f159205f8d0ebe430ef6e2ccd25c301bef5b675ee06ea6e2e5567e7184c23377b54174eb7b5caf58237afd3512290727c054dca76448a231e51bd844787b3811aa43212abf716b751b3b6d20db5d463fca44a06376272da66c109f62f8babcb2633c37add96229cc8696093d99c6447949b64ed12815899ea16917c378257497dc2895a279674e0d9b3147242e3a3a038403996c5306e0ef28ee768a7cfd2d39361883cc62afa098e58fc7f807678195c76d536acd91a0c9a2bd8e682c5f0b8df1006ceb4c9e752c85ce7bd229dff2d0630d4eb388a4c5be9b8cb386dacfa3f292cf95def3c48e3a8935206b55ce6daed58adbb58f8f8b0dc3cd646e58a68fd81a079099408ed3ffef0c4b2fb201d48875d3ca59d24e9a7eb179f1e4cfc98d0e7efe68d71aa6ea15f5f741e1d24e2cf557662dc619fbc64efa57787dc4ca0dfc76713f6dedab2a4cae15cd7ffbb1ee40ea77d2f69fd47cba22d434ba1efb2083e7a13eaa6129f67a8a192aaa729c197f867b727db44ba70cc2ec139ce56adb094d511ab3480883dba7c7625bb22a5bdacfdffc4088a576dd802c586ae167bf856e9a39296fd8b4cd5eb2b7e432e4113b75d70aaf965fa8058f8e14d8d2ea4ab868751aebbe168de2ee694113b6044b5f10a51b7bb3e96d678f1eced30281a7d9d5b6f8e264d534247812399054c748bcdea2d7cfdbbbaeb63bca2258e29c4dbaf7d565da9d3ac71eeb089e10ae03166a7abbbe782267046655fd3c1e46b94219765220e29031286daefc5032e0c642db9fa17d5650b4cbe2270d5a17ce2578e54ff0ed620a0bddf6b9b632878f6a336169ded2ed490aa101404e1b92c613fadfaa1ac760055e177bb1059107164f170fdf4f001f19180cdbd0f88aaf7cb613dec10b56fdda5393ca87b01135b5ec829b6e29f88f0bfa3a68e7700bdac6fa4c061de0faabb1f42a8208fd5d33c8279789ca0f0dbf409d7f10ddee25a0aeff968467ad74e401c01c3e9b98cbbe9f2763846ea746330147a53f5c063cb9392a9c1777a65784d2f1f708a8d632ed1d3c853bed7f134bf955c45d02feaca68d82008ed5626f4a7f8c548445f3b239b0642205185b40237c4e0469dc6970ba6fb991177ae7a6fb1697839a34d1df55ee4999b526b505a98765efb3fa62733b0284b8e5ab3570611aeeef55275768bfd63bc45e701ba66ce1951991b42e148b3e0f425d790a78237c2cfa800d8b7dcd94aa9c60b36464a9beafccd8e5b2ea50c0934d860e38161ab5f32e02c312ea6ced99bb6b34eec170e990929e11f02de5ffc3e9090cad87e63a2646d88eb4fff79ca54b267df0e79a802ebe4d563da76c3ee8bb8f3b08a96ed937180939f898a84cb87f2d0fea2b393fb8dcdf1aaf25a1196a30a0e5896a9e4b95134cf6be51fee395056be773e6e02a59cf873501311454dcb1e3d616988314be13131fcad2df8aaecd8655e002059a2781d4126acc95240b1c8a8a33470e39fa30e2d31d8d36cebb18a1cc86535ae4740f12a903a4d1d796137f6c2fa77a8ecb8a67d633f2d7f25b41979883055c2cb9a51b1f59a04b4c13e6cc33d5e643a7b8b404aa424ec29e4479cd0927729a9a7093508d3999c486e6c412b2e44704dad70d6bc545f5cb17137edd277b8e76cf81e545002d2ab882667efb5c1250db8cb7875c545487ad50233542d7ef8ac0e0db2787269a57c61b8784e5414560ece8a7aa6f42f744bdab45f88ade3b27c276e612e901c4a8055e5087302856d7f58cd373549f3bd4db9dac059ecaee086698860e0abd029928e92fab234ce22fa8e454dbd8748244f94bfc668bf2d3c5d92093cef101356b81df21332523dad413d5b6562d6cde195bbc879f8b31d0665845df398ce90fd6c6615ac29058240b364ceb8ca7e8ebe0c21e5cc1f0ee8f7b90c043289d5672ea805a02da26fa07dd84e8714deb0ed18360bf7e290f2783f96291ac12906e2afcbe8c2f6be4a4a02289322e1ac8225c8f780e209beac7c88dde6aba8af7de4870f85fd0092a12a7ec9965aee70c9c68dd00e456c4ef07028f3270a6594b7a68dfb5bc9280ae5d500306eddb6b35029467fc60a7e84859b5ef1f8ca57080122d481550e8dbf6c2f445ddb594e8e60bec2195af19cbcc2ee9d7c1862f619554cd11d4af76a5123c42c4328cdf5e8ccfad0a25ce24562914347cafd7929232061bee73e1f77b9194ac42af10389d08e9a9dda83a4e4e331f4f0403cca29570cc828f32c5ed2875049c6eb1ed691c203b3afeca6b66c6ba044f1435801c62b1b92a00359ed040a8177702904ee36638582952653f17893016fc1d77ac6a455055db66a76bcc08b3326e82236cc28ef5adfb61cb6994d1386af7fb170d3130c3dbd72e670e119ff81a6f431ca9f512613bc1107353a17791ad27f409530ac9f6664cb42924cb2308c4fd5626eb34ab039db93b6e0a365f89c5dfea9d77812be87eac58fed324caab2ca0bac9e69a1145c607f86f28cfc60372516b156faae9f9033694a3fc2e0527ee7fc564791d7bb5e9ec7a6207d4c98cf1c713b51db4568517276315ad5319976e751155477201e5295ad999c9da8249ccbc6eb99533219ecd91af3c08c17e6699f74490d7400724aca16e1ceecb7be3531d030737eb63d932d463e7ea168a03ac23e7f88a6be4e733fe134c21f56c338bed5023241dd4777dc3bb2186624cbd0aeb1fe32e0287a22e6f37132efb573a8398b6d802964f780584b1c3163c25295c763e47f289e929afbc994cc3d0127e878600135fc28278d416517a762dc861998aacdc7a90f5d8d7e9ad63974dca4a8cbe5fe7c30dc5193e8a77b79d761af439f8692cbb92595e350e14571f7f1f8273ba8f25847191ff8e4700484f31e9e8ab5efad0b446b77661e037790ac11d1c2a6db2360ad258f62ec9922704887316dd04ce019078f969198f13d3cd95ab735d5d94ae0ac802241271602a72a5d1454e028a245e8e192d8aff275e45c49dad4071b8cab038e55be1ce860d9393edb836275f8fd6966833863cfa221c403fae3818d3bf9b2c9dfb032271f533ad86f0efce8c706bc116ce115b7be57fc4a55c0c1eeedc85c3735434bda1fd0057606bd6f25aa4311ec68ab3045f2d39dce6397860abbe54654b9243bff2381d048839f58a164ef6c60aeaa2368b8081ff6ddf6da7025946cff14ba43e91093f9000fcb91ed1ccaa520373049055d15c6eae85fc350f665dfc56253563652278bf7739f1b6c7291aa6d2cdc0aeba63e9b6c39700af584ddb8e4d1db316096c442dc9d2098094ad6aa5d5e6bf5a37ac6d541248e6c7924582cc516805627df7088830d81408277b482c0dd83c0ad098fa48a94396a917f9cf38772c642fa3237c5aec7c1d15d621e83bfecf385c308dd25d10ef8f59dc6d443d1b8f5ae942a78535e7ae23597e1b319d01b745dccc4bdfb5f743ad4e8811a38d5fe45fc08774b6fe3b3f4340afb61c9ce82005a2ca90c88c4ac378d9f9828fa4f7f95f16ec4933b3e0925d6069261a394c7f9066fc242d7948041755bd3a6cdb3d78ae5d6811f2debc68ba7d9a305bde621fbaeb51c00486da84957fe6e452f9da08f7c6536c0d81980afc2a7d01f0371605d1cea029029b3dfebff1ca26ebad1fb6d412193091b2286d21ad8bd2eec15715076079a0ba1e785680697867bb3fbf04712711c51288584c314fe45dd7dc1a966629c99d66280ab492932dabecda1b9c1f4c532fcad42144928179dc4086bed90caba8ade4896716e9df5bd10441222d98da8335164573fde45d6b6ce63d96251e6ecd003d30a934fbb80788d333c11428a6074ee1a10b35563762e69fccbaead3871edd49449b7ba10c0b6ffef1e8c9fe9ba05e24a63480fad869c018f7d87e265948f889636228ab211ff452b8245fa2026c3fd1b47a27d293d628fb83994ec41a32d7d6982ab887a95a2ff3df32a6cd6ce8622774e2a186e01427f319848d1d46e39d48f3bb007ba7e8d1673bd969b5d406bd2d8ac52388c640b0ecf687b1ed6f92ab3fff9186142406d292d01d0b53a879b930bb1b3175623612b9bea2b3a4c6f87e23c10e447130b6424a3df14ff9cb4c424cdd520c6b59cc4842cfa7dc3ad9a04cd69e7b21f3fadf555a8d9461ef1607ecdbbe6b70a78e7cc676da27e187c076e099289e6ab58692ee3937959b978c55c5887e08cd4d23235fa4e10bfd1f093ef1878af491ee7e21321f06e92f0a86aa9b2835c0b891772df3abfdc121263f2982bb3585c3dad735ae0d2487236768f0de3e61118572294c5191547f6a2c6e5e3bf5c90817666ab579a65b67f90f5b9ef9c611d77df9276f66bcdc0f484997fda0ee62486b8b7062a3ccfb02d393f990274139860860d4ddf30ab3bb69c0a2083436759edc893600bd9c1a6f360f45719579ec684c03ae5452a104ffc7e6b5687e300b3fa0a16c46891c83c7aa8a083305ffbbcc0a7efe32b6896033d31e99f44edd7acc020e2580b7e562768bee540a31fefefbacdf7fcdbe26a1a2abd268b6b1fb5414fbea1fe627f625eea90899859978e174cfbaa9d47aca43de0bb56129cbed93229b607acf1029b07d2b49722909d5b0d000800000800004ce1b59fba9743fd82f337a1136441beb9359959224793e0ed7a60d3d89a22f855268a0c0086dde38d080088be0000000115ffbe6e01000000000003c9080022eb0000000128f36605020000000000000f00031e1e0800655800000001d06858a6e1032afe698e993700107b96a7735e5f070ec2eb8cb93c7d701a376994faf9df52cb311dfd19cb7f4e9bf0f9850dac381f2bdb4ff5d3fdf0bd290004d800ff42904a3cf1c6cbf932a729a0d686699e8f0a4247d53813ee121e7ea01bc1794e32060d94700915f87a15f2534cad192ecec80125a752aa93fcbca58e7a2f0c803ec25d90567a92e789eff3be369f5229e1754b47b24312bf555127005f22b9e483703795134b574b4de8194e6c59fb32d1c705aca5dadcc8aabbf499d97688f378ae90c72881db323a95d16792699dc88ae2538f3558dfb93bbbcba5202acb736e6a4994f23be43739bb31707753681b4d43327658eecaea261cb5080e15551adb375d4a884466d8b0c0f2badfe93fdba334fb0d46691f91237b2849b54527bea041f3c99f4fb15b83ca01c02fedd264482d52efec1218cf4524ba3d7a4eeb2f55dff7103077dbc98f9da690aed9a58c64536f1d43e4c054b0"], 0x0)
sendmsg$kcm(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x80)

952.252458ms ago: executing program 3 (id=1152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="3103010000003c0000000900000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x24000000}, 0x200480c4)

744.606936ms ago: executing program 1 (id=1153):
bind$alg(0xffffffffffffffff, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180)="c99bcf2eb770052857381801e500000003", 0x11)

723.252071ms ago: executing program 3 (id=1154):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x7ffe, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {}, {0xffff, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008050}, 0x20004044)
ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f0000000000)={0x1, 0x5, 0x1c0, 0x74, 0x5, 0x1c, 0x28, "800d6a4fb36ba1ad6885828d263c45621a8d1473", "e7db2498560ec300deb016ab4de2e79cdef92f7c"})
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x6)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000000c0)='%pK    \x00'}, 0x20)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4)
r7 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xc4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x94, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x7f}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80000001}]}, {0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x6, 0xf17, 0x4, 0xa072, r4, 0x9ad, '\x00', 0x0, r5, 0x4, 0x5, 0x1, 0xf, @value=r6}, 0x50)
ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f0000000140)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})

586.991623ms ago: executing program 1 (id=1155):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4080, @loopback}, 0xfffffffffffffedd, 0x0}, 0x1400c080)
setsockopt$sock_attach_bpf(r0, 0x1, 0x9, &(0x7f0000000080), 0x4)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=0x4)
r2 = socket(0x1e, 0x4, 0x0)
sendmsg$tipc(r2, &(0x7f0000000000)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x3, {0x204e22}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20008080}, 0xc1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9d, 0x9d, 0x5, [@union={0x5, 0x0, 0x0, 0x5, 0x0, 0x3}, @datasec={0xb, 0x1, 0x0, 0xf, 0x1, [{0x1, 0xc, 0x4}], 'M'}, @struct={0x1, 0x3, 0x0, 0x4, 0x1, 0x2, [{0x8, 0x5, 0x4}, {0xd, 0x2, 0x1}, {0xc, 0x2}]}, @struct={0x2, 0x2, 0x0, 0x4, 0x0, 0xe, [{0x4, 0x1, 0xa87e}, {0x1, 0x5, 0xe21f}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0xadc}}, @typedef={0xc}]}, {0x0, [0x5f, 0x5f, 0x2e]}}, &(0x7f00000000c0)=""/125, 0xbd, 0x7d, 0x0, 0x2, 0x10000}, 0x28)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r6, 0x701, 0x0, 0x0, {0x16}}, 0x14}}, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@restrict={0xd, 0x0, 0x0, 0xb, 0x3}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x73, 0x0, 0x24, 0x5}]}, {0x0, [0x30, 0x0]}}, &(0x7f00000003c0)=""/40, 0x38, 0x28, 0x1, 0x0, 0x10000}, 0x28)
close(r2)
r8 = socket$tipc(0x1e, 0x2, 0x0)
ppoll(&(0x7f0000001380)=[{r8, 0x2010}], 0x1, &(0x7f0000001400), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x11, 0x2, 0x0, 0x7, 0xc840, 0x1, 0x9, '\x00', r1, r3, 0x5, 0x3, 0x2, 0x0, @value=r7}, 0x50)

372.113744ms ago: executing program 1 (id=1156):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES16=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_STATS(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x1c, r9, 0x1}, 0x1c}}, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r7, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r9, 0x10, 0x70bd2b, 0x25dfdbff, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0xc0000000}]}}]}, 0x38}}, 0x44080)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ipvlan1\x00', <r10=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000140)={'syztnl0\x00', <r11=>0x0, 0x10, 0x20, 0x3, 0x7fff, {{0x15, 0x4, 0x1, 0x4, 0x54, 0x65, 0x0, 0x3, 0x4, 0x0, @remote, @rand_addr=0x64010102, {[@timestamp={0x44, 0x20, 0x73, 0x0, 0x9, [0xfffffbff, 0x1, 0x4, 0xffff, 0x7fffffff, 0x4, 0x80]}, @timestamp={0x44, 0x10, 0x69, 0x0, 0x9, [0xffffffff, 0x9, 0x6]}, @generic={0x0, 0xf, "5e6807172472ecc0e530f00716"}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', <r12=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000002c0)={'ip6gre0\x00', <r13=>0x0, 0x2f, 0xae, 0xd, 0x1, 0x44, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @local, 0x700, 0x20, 0x1, 0x5}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xce, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000680)={'batadv0\x00', <r15=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000880)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000840)={&(0x7f00000006c0)={0x170, r3, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x800}, 0x4000080)
r16 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r17=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x44, r16, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r17}, @void}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x5c4}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x83}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x4814)

371.749501ms ago: executing program 3 (id=1157):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x14, 0x14, 0x1, 0x0, 0x0, "", [@nested={0x3}]}, 0x14}], 0x1}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x78, 0x30, 0x9, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x1, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x9}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x1}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x6}]}, {0x4}, {0xc, 0x8}, {0xc, 0x9}}}]}]}, 0x78}}, 0x0)

223.613456ms ago: executing program 3 (id=1158):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$WPAN_WANTACK(r0, 0x0, 0x0, &(0x7f0000000040), &(0x7f00000001c0)=0x4)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0900000004000000080000000c00000000000000", @ANYRES32, @ANYRESOCT=r2, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="6ac1000000000000000000004600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300004000000085000000060000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r8)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)
r11 = socket$unix(0x1, 0x1, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=@newqdisc={0x60, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffff0000, 0x6}, [@TCA_NETEM_ECN={0x8}, @TCA_NETEM_REORDER={0xc, 0x3, {0x7f, 0x3ff}}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r13, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r10, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
setsockopt$sock_attach_bpf(r12, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r14 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r14, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r14, &(0x7f0000000080)={0xa, 0x4e25, 0x657e, @loopback, 0x60be0441}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r14, 0x6, 0x1f, &(0x7f00000003c0), 0x3)

165.897173ms ago: executing program 1 (id=1159):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff000}, {0x6}]}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0xa}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)

0s ago: executing program 1 (id=1160):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000004340)=@assoc_value, 0x8)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='freezer.self_freezing\x00', 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000140)={'syztnl2\x00', <r5=>0x0, 0x80, 0x7800, 0x73, 0x7fffffff, {{0x3d, 0x4, 0x2, 0x5, 0xf4, 0x64, 0x0, 0x5, 0x2f, 0x0, @remote, @rand_addr=0x64010101, {[@cipso={0x86, 0x78, 0x3, [{0x0, 0xf, "2d66e350619c66633ea2e13afe"}, {0x7, 0x12, "b39cbd0f9c93f3b05ab83a2ecf01e56b"}, {0x7, 0xd, "af38fb6e9b709d6c61b879"}, {0x1, 0x11, "d10d7caca1656d6b89b9c13a6c0023"}, {0x0, 0x11, "2e7a8f5eb7a3a93080d0c52f6b8dca"}, {0x1, 0x8, "7972abee72f2"}, {0x6, 0x3, "bc"}, {0x2, 0x2}, {0x6, 0x8, "2998a64ecbfe"}, {0x7, 0xd, "969815fe61850284cac2e3"}]}, @ra={0x94, 0x4}, @rr={0x7, 0xb, 0x2c, [@remote, @remote]}, @timestamp_prespec={0x44, 0x34, 0x86, 0x3, 0x1, [{@multicast2, 0xe}, {@remote, 0x9}, {@local, 0x9}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}, {@dev={0xac, 0x14, 0x14, 0x3d}, 0x74}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}]}, @ssrr={0x89, 0x7, 0x43, [@loopback]}, @ssrr={0x89, 0x1b, 0x19, [@private=0xa010100, @multicast1, @multicast1, @multicast1, @broadcast, @loopback]}, @noop]}}}}})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r4, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x50000010}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x40, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x3c}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}]}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0d1}, 0x4c080)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fedbdf255100000008000300", @ANYRES32=r2, @ANYBLOB="05008a"], 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0xc000)

kernel console output (not intermixed with test programs):

0
[  242.462180][   T63] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  242.589881][   T63] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  242.622344][   T63] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  242.701301][ T9232] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.876220][ T9520] netlink: 28 bytes leftover after parsing attributes in process `syz.4.788'.
[  242.890380][ T9232] veth0_vlan: entered promiscuous mode
[  242.896471][ T9520] netlink: 28 bytes leftover after parsing attributes in process `syz.4.788'.
[  242.942344][ T9232] veth1_vlan: entered promiscuous mode
[  243.012705][ T9520] erspan0: entered promiscuous mode
[  243.038542][ T9520] erspan0: left promiscuous mode
[  243.078228][ T9526] netlink: 'syz.2.789': attribute type 10 has an invalid length.
[  243.110373][ T9526] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.118147][ T9526] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.170568][ T9526] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.177849][ T9526] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.185544][ T9526] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.192725][ T9526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.250973][ T9526] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  243.316281][ T9232] veth0_macvtap: entered promiscuous mode
[  243.334236][ T9535] !
: renamed from dummy0
[  243.549426][ T9232] veth1_macvtap: entered promiscuous mode
[  244.065786][ T9551] FAULT_INJECTION: forcing a failure.
[  244.065786][ T9551] name failslab, interval 1, probability 0, space 0, times 0
[  244.082966][ T9551] CPU: 1 UID: 0 PID: 9551 Comm: syz.1.796 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  244.082998][ T9551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  244.083012][ T9551] Call Trace:
[  244.083021][ T9551]  <TASK>
[  244.083029][ T9551]  dump_stack_lvl+0x189/0x250
[  244.083090][ T9551]  ? __pfx____ratelimit+0x10/0x10
[  244.083133][ T9551]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.083160][ T9551]  ? __pfx__printk+0x10/0x10
[  244.083196][ T9551]  ? __pfx___might_resched+0x10/0x10
[  244.083228][ T9551]  should_fail_ex+0x414/0x560
[  244.083263][ T9551]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  244.083308][ T9551]  should_failslab+0xa8/0x100
[  244.083339][ T9551]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  244.083364][ T9551]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  244.083392][ T9551]  ? alloc_inode+0x6a/0x1b0
[  244.083424][ T9551]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  244.083450][ T9551]  alloc_inode+0x6a/0x1b0
[  244.083480][ T9551]  new_inode+0x22/0x170
[  244.083515][ T9551]  __debugfs_create_file+0x14d/0x4f0
[  244.083565][ T9551]  debugfs_create_file_full+0x3f/0x60
[  244.083596][ T9551]  ref_tracker_dir_debugfs+0x14e/0x270
[  244.083619][ T9551]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  244.083671][ T9551]  ? rcu_is_watching+0x15/0xb0
[  244.083696][ T9551]  ? alloc_netdev_mqs+0xa3/0x1170
[  244.083726][ T9551]  ? __raw_spin_lock_init+0x45/0x100
[  244.083761][ T9551]  alloc_netdev_mqs+0x26f/0x1170
[  244.083783][ T9551]  ? __pfx_macvlan_setup+0x10/0x10
[  244.083823][ T9551]  rtnl_create_link+0x31f/0xd10
[  244.083856][ T9551]  rtnl_newlink_create+0x25c/0xb00
[  244.083895][ T9551]  ? __mutex_lock+0x51b/0xe80
[  244.083931][ T9551]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  244.083962][ T9551]  ? rtnl_newlink+0x8db/0x1c70
[  244.083995][ T9551]  ? __pfx___mutex_lock+0x10/0x10
[  244.084038][ T9551]  ? ns_capable+0x8a/0xf0
[  244.084074][ T9551]  rtnl_newlink+0x16d6/0x1c70
[  244.084106][ T9551]  ? netlink_sendmsg+0x805/0xb30
[  244.084150][ T9551]  ? __pfx_rtnl_newlink+0x10/0x10
[  244.084207][ T9551]  ? kasan_quarantine_put+0xdd/0x220
[  244.084231][ T9551]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.084267][ T9551]  ? nlmon_xmit+0xb0/0x100
[  244.084292][ T9551]  ? kmem_cache_free+0x18f/0x400
[  244.084327][ T9551]  ? __local_bh_enable_ip+0x12d/0x1c0
[  244.084353][ T9551]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.084383][ T9551]  ? __local_bh_enable_ip+0x12d/0x1c0
[  244.084408][ T9551]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  244.084438][ T9551]  ? __dev_queue_xmit+0x27b/0x3b50
[  244.084477][ T9551]  ? __lock_acquire+0xab9/0xd20
[  244.084530][ T9551]  ? __pfx_rtnl_newlink+0x10/0x10
[  244.084559][ T9551]  rtnetlink_rcv_msg+0x7cf/0xb70
[  244.084593][ T9551]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  244.084621][ T9551]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  244.084648][ T9551]  ? ref_tracker_free+0x63a/0x7d0
[  244.084666][ T9551]  ? __copy_skb_header+0xa7/0x550
[  244.084690][ T9551]  ? __pfx_ref_tracker_free+0x10/0x10
[  244.084724][ T9551]  netlink_rcv_skb+0x205/0x470
[  244.084756][ T9551]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  244.084787][ T9551]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  244.084834][ T9551]  ? netlink_deliver_tap+0x2e/0x1b0
[  244.084863][ T9551]  ? netlink_deliver_tap+0x2e/0x1b0
[  244.084899][ T9551]  netlink_unicast+0x758/0x8d0
[  244.084940][ T9551]  netlink_sendmsg+0x805/0xb30
[  244.084982][ T9551]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.085016][ T9551]  ? aa_sock_msg_perm+0x94/0x160
[  244.085057][ T9551]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  244.085078][ T9551]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.085109][ T9551]  __sock_sendmsg+0x219/0x270
[  244.085139][ T9551]  ____sys_sendmsg+0x505/0x830
[  244.085181][ T9551]  ? __pfx_____sys_sendmsg+0x10/0x10
[  244.085226][ T9551]  ? import_iovec+0x74/0xa0
[  244.085257][ T9551]  ___sys_sendmsg+0x21f/0x2a0
[  244.085281][ T9551]  ? __pfx____sys_sendmsg+0x10/0x10
[  244.085344][ T9551]  ? __fget_files+0x2a/0x420
[  244.085373][ T9551]  ? __fget_files+0x3a0/0x420
[  244.085417][ T9551]  __x64_sys_sendmsg+0x19b/0x260
[  244.085441][ T9551]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  244.085475][ T9551]  ? __pfx_ksys_write+0x10/0x10
[  244.085499][ T9551]  ? rcu_is_watching+0x15/0xb0
[  244.085531][ T9551]  ? do_syscall_64+0xbe/0x3b0
[  244.085568][ T9551]  do_syscall_64+0xfa/0x3b0
[  244.085609][ T9551]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.085636][ T9551]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.085657][ T9551]  ? clear_bhb_loop+0x60/0xb0
[  244.085683][ T9551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.085704][ T9551] RIP: 0033:0x7f221c58e929
[  244.085722][ T9551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.085740][ T9551] RSP: 002b:00007f221a3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.085763][ T9551] RAX: ffffffffffffffda RBX: 00007f221c7b5fa0 RCX: 00007f221c58e929
[  244.085779][ T9551] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  244.085792][ T9551] RBP: 00007f221a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  244.085804][ T9551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.085817][ T9551] R13: 0000000000000000 R14: 00007f221c7b5fa0 R15: 00007ffe7c2a9b98
[  244.085851][ T9551]  </TASK>
[  244.085879][ T9551] debugfs: out of free dentries, can not create file 'netdev@ffff88805e5d6610'
[  244.379352][ T9556] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  244.441239][ T9232] batman_adv: batadv0: Interface activated: batadv_slave_0
[  244.488819][ T9561] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  244.516175][ T9232] batman_adv: batadv0: Interface activated: batadv_slave_1
[  244.733405][ T3510] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  244.765344][ T3470] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  244.817700][ T3470] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  244.867838][ T3470] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  244.912281][ T9571] trusted_key: syz.2.803 sent an empty control message without MSG_MORE.
[  245.042381][ T9576] lo speed is unknown, defaulting to 1000
[  245.052041][ T9581] netlink: 'syz.2.803': attribute type 1 has an invalid length.
[  245.082463][ T9582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.805'.
[  245.126040][ T6039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  245.139209][ T6039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.216661][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.234031][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.270898][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.294482][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.324024][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.343559][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.362649][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.802'.
[  245.492251][ T6039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  245.508724][ T6039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.873278][ T9604] FAULT_INJECTION: forcing a failure.
[  245.873278][ T9604] name failslab, interval 1, probability 0, space 0, times 0
[  245.897379][ T9604] CPU: 1 UID: 0 PID: 9604 Comm: syz.2.812 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  245.897410][ T9604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  245.897423][ T9604] Call Trace:
[  245.897432][ T9604]  <TASK>
[  245.897441][ T9604]  dump_stack_lvl+0x189/0x250
[  245.897472][ T9604]  ? __pfx____ratelimit+0x10/0x10
[  245.897502][ T9604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.897528][ T9604]  ? __pfx__printk+0x10/0x10
[  245.897563][ T9604]  ? __pfx___might_resched+0x10/0x10
[  245.897589][ T9604]  ? fs_reclaim_acquire+0x7d/0x100
[  245.897625][ T9604]  should_fail_ex+0x414/0x560
[  245.897663][ T9604]  should_failslab+0xa8/0x100
[  245.897693][ T9604]  __kmalloc_cache_noprof+0x70/0x3d0
[  245.897720][ T9604]  ? __xdp_reg_mem_model+0x1d8/0x5a0
[  245.897777][ T9604]  __xdp_reg_mem_model+0x1d8/0x5a0
[  245.897817][ T9604]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[  245.897854][ T9604]  ? page_pool_create_percpu+0x800/0xbe0
[  245.897885][ T9604]  xdp_reg_mem_model+0x22/0x40
[  245.897918][ T9604]  bpf_test_run_xdp_live+0x215/0x1b10
[  245.897953][ T9604]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  245.898000][ T9604]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  245.898044][ T9604]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  245.898073][ T9604]  ? 0xffffffffa02052c0
[  245.898094][ T9604]  ? 0xffffffffa02052c0
[  245.898166][ T9604]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  245.898207][ T9604]  ? _copy_from_user+0x94/0xb0
[  245.898234][ T9604]  ? bpf_test_init+0x133/0x170
[  245.898260][ T9604]  ? xdp_convert_md_to_buff+0x5b/0x330
[  245.898293][ T9604]  bpf_prog_test_run_xdp+0x713/0x1000
[  245.898341][ T9604]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  245.898378][ T9604]  ? __fget_files+0x2a/0x420
[  245.898414][ T9604]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  245.898445][ T9604]  bpf_prog_test_run+0x2c4/0x340
[  245.898473][ T9604]  __sys_bpf+0x4a4/0x860
[  245.898498][ T9604]  ? __pfx___sys_bpf+0x10/0x10
[  245.898533][ T9604]  ? ksys_write+0x22a/0x250
[  245.898563][ T9604]  ? __pfx_ksys_write+0x10/0x10
[  245.898587][ T9604]  ? rcu_is_watching+0x15/0xb0
[  245.898621][ T9604]  __x64_sys_bpf+0x7c/0x90
[  245.898655][ T9604]  do_syscall_64+0xfa/0x3b0
[  245.898685][ T9604]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.898713][ T9604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.898736][ T9604]  ? clear_bhb_loop+0x60/0xb0
[  245.898763][ T9604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.898785][ T9604] RIP: 0033:0x7f9d3a78e929
[  245.898804][ T9604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.898823][ T9604] RSP: 002b:00007f9d3b596038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  245.898846][ T9604] RAX: ffffffffffffffda RBX: 00007f9d3a9b5fa0 RCX: 00007f9d3a78e929
[  245.898862][ T9604] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  245.898882][ T9604] RBP: 00007f9d3b596090 R08: 0000000000000000 R09: 0000000000000000
[  245.898896][ T9604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.898908][ T9604] R13: 0000000000000000 R14: 00007f9d3a9b5fa0 R15: 00007ffdce4c5e98
[  245.898942][ T9604]  </TASK>
[  246.291388][ T6039] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  246.430568][ T3510] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.584796][ T9613] netlink: 'syz.2.815': attribute type 1 has an invalid length.
[  246.592684][ T9614] FAULT_INJECTION: forcing a failure.
[  246.592684][ T9614] name failslab, interval 1, probability 0, space 0, times 0
[  246.606276][ T9614] CPU: 1 UID: 0 PID: 9614 Comm: syz.2.815 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  246.606307][ T9614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  246.606321][ T9614] Call Trace:
[  246.606330][ T9614]  <TASK>
[  246.606339][ T9614]  dump_stack_lvl+0x189/0x250
[  246.606378][ T9614]  ? __pfx____ratelimit+0x10/0x10
[  246.606408][ T9614]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.606434][ T9614]  ? __pfx__printk+0x10/0x10
[  246.606469][ T9614]  ? __pfx___might_resched+0x10/0x10
[  246.606502][ T9614]  should_fail_ex+0x414/0x560
[  246.606540][ T9614]  should_failslab+0xa8/0x100
[  246.606573][ T9614]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  246.606602][ T9614]  ? __alloc_skb+0x112/0x2d0
[  246.606639][ T9614]  __alloc_skb+0x112/0x2d0
[  246.606675][ T9614]  netlink_dump+0x22b/0xe20
[  246.606718][ T9614]  ? __pfx_netlink_dump+0x10/0x10
[  246.606764][ T9614]  ? kmem_cache_free+0x18f/0x400
[  246.606796][ T9614]  netlink_recvmsg+0x676/0xa30
[  246.606842][ T9614]  ? __pfx_netlink_recvmsg+0x10/0x10
[  246.606878][ T9614]  ? aa_sock_msg_perm+0x94/0x160
[  246.606913][ T9614]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  246.606931][ T9614]  ? security_socket_recvmsg+0x7e/0x2e0
[  246.606955][ T9614]  ? __pfx_netlink_recvmsg+0x10/0x10
[  246.606986][ T9614]  sock_recvmsg+0x229/0x270
[  246.607018][ T9614]  ____sys_recvmsg+0x1c9/0x460
[  246.607051][ T9614]  ? __pfx_____sys_recvmsg+0x10/0x10
[  246.607091][ T9614]  ? import_iovec+0x74/0xa0
[  246.607122][ T9614]  ___sys_recvmsg+0x1b5/0x510
[  246.607148][ T9614]  ? __pfx____sys_recvmsg+0x10/0x10
[  246.607198][ T9614]  ? __fget_files+0x3a0/0x420
[  246.607242][ T9614]  __x64_sys_recvmsg+0x198/0x260
[  246.607267][ T9614]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  246.607300][ T9614]  ? __pfx_ksys_write+0x10/0x10
[  246.607334][ T9614]  ? do_syscall_64+0xbe/0x3b0
[  246.607369][ T9614]  do_syscall_64+0xfa/0x3b0
[  246.607398][ T9614]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.607427][ T9614]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.607466][ T9614]  ? clear_bhb_loop+0x60/0xb0
[  246.607493][ T9614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.607513][ T9614] RIP: 0033:0x7f9d3a78e929
[  246.607534][ T9614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.607553][ T9614] RSP: 002b:00007f9d3b575038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  246.607575][ T9614] RAX: ffffffffffffffda RBX: 00007f9d3a9b6080 RCX: 00007f9d3a78e929
[  246.607592][ T9614] RDX: 0000000000002000 RSI: 0000200000000340 RDI: 0000000000000004
[  246.607606][ T9614] RBP: 00007f9d3b575090 R08: 0000000000000000 R09: 0000000000000000
[  246.607620][ T9614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.607633][ T9614] R13: 0000000000000001 R14: 00007f9d3a9b6080 R15: 00007ffdce4c5e98
[  246.607668][ T9614]  </TASK>
[  247.060774][ T3510] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.138124][ T3510] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.225506][ T3510] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.361283][ T3510] bridge_slave_1: left allmulticast mode
[  247.367169][ T3510] bridge_slave_1: left promiscuous mode
[  247.418551][ T3510] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.456881][ T3510] bridge_slave_0: left allmulticast mode
[  247.470538][ T3510] bridge_slave_0: left promiscuous mode
[  247.478316][ T3510] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.828982][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  247.838830][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  247.847150][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  247.856280][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  247.874857][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  247.972667][ T3510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.984290][ T3510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.997672][ T3510] bond0 (unregistering): Released all slaves
[  248.022639][ T9623] netlink: 'syz.3.818': attribute type 1 has an invalid length.
[  248.032026][ T9623] __nla_validate_parse: 47 callbacks suppressed
[  248.032049][ T9623] netlink: 5624 bytes leftover after parsing attributes in process `syz.3.818'.
[  248.194168][ T9632] lo speed is unknown, defaulting to 1000
[  248.257493][ T9637] netlink: 16 bytes leftover after parsing attributes in process `syz.1.821'.
[  248.584535][ T9655] Bluetooth: MGMT ver 1.23
[  248.628547][ T9656] netlink: 'syz.2.825': attribute type 1 has an invalid length.
[  248.642373][ T9656] netlink: 224 bytes leftover after parsing attributes in process `syz.2.825'.
[  248.781180][ T9655] netlink: 20 bytes leftover after parsing attributes in process `syz.1.823'.
[  249.376414][ T9665] syzkaller1: entered promiscuous mode
[  249.381935][ T9665] syzkaller1: entered allmulticast mode
[  249.438020][ T9678] netlink: 40 bytes leftover after parsing attributes in process `syz.4.830'.
[  249.527969][ T3510] hsr_slave_0: left promiscuous mode
[  249.531373][ T9684] netlink: 28 bytes leftover after parsing attributes in process `syz.3.832'.
[  249.566687][ T3510] hsr_slave_1: left promiscuous mode
[  249.569034][ T9684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.832'.
[  249.593236][ T3510] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.632449][ T3510] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.671281][ T3510] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.681840][ T9690] netlink: 'syz.3.832': attribute type 10 has an invalid length.
[  249.693997][ T3510] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.766643][ T3510] veth1_macvtap: left promiscuous mode
[  249.779072][ T3510] veth0_macvtap: left promiscuous mode
[  249.794875][ T3510] veth1_vlan: left promiscuous mode
[  249.810609][ T3510] veth0_vlan: left promiscuous mode
[  249.958805][ T5853] Bluetooth: hci0: command tx timeout
[  250.997835][ T3510] team0 (unregistering): Port device team_slave_1 removed
[  251.036095][ T3510] team0 (unregistering): Port device team_slave_0 removed
[  251.420622][ T9690] bridge0: port 3(team0) entered blocking state
[  251.446628][ T9690] bridge0: port 3(team0) entered disabled state
[  251.464035][ T9690] team0: entered allmulticast mode
[  251.469223][ T9690] team_slave_0: entered allmulticast mode
[  251.485007][ T9690] team_slave_1: entered allmulticast mode
[  251.503909][ T9690] team0: entered promiscuous mode
[  251.516376][ T9690] team_slave_0: entered promiscuous mode
[  251.523226][ T9690] team_slave_1: entered promiscuous mode
[  251.536551][ T9690] bridge0: port 3(team0) entered blocking state
[  251.543121][ T9690] bridge0: port 3(team0) entered forwarding state
[  251.683661][ T9743] netlink: 28 bytes leftover after parsing attributes in process `syz.3.835'.
[  251.689444][ T9632] chnl_net:caif_netlink_parms(): no params data found
[  251.751871][ T9745] netlink: 'syz.1.836': attribute type 2 has an invalid length.
[  252.043583][ T5853] Bluetooth: hci0: command tx timeout
[  252.064369][ T9758] netlink: 'syz.3.838': attribute type 1 has an invalid length.
[  252.084743][ T9758] netlink: 224 bytes leftover after parsing attributes in process `syz.3.838'.
[  252.191985][ T9632] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.226128][ T9632] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.253206][ T9632] bridge_slave_0: entered allmulticast mode
[  252.272726][ T9632] bridge_slave_0: entered promiscuous mode
[  252.312174][ T9632] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.323352][ T9632] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.333555][ T9632] bridge_slave_1: entered allmulticast mode
[  252.341445][ T9632] bridge_slave_1: entered promiscuous mode
[  252.377643][ T9769] netlink: 4 bytes leftover after parsing attributes in process `syz.1.842'.
[  252.507583][ T9632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.544274][ T9632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  252.598172][ T9777] veth0_to_team: entered promiscuous mode
[  252.607632][ T9777] veth0_to_team: entered allmulticast mode
[  252.827798][ T9632] team0: Port device team_slave_0 added
[  252.859206][ T9632] team0: Port device team_slave_1 added
[  253.077461][ T9632] batman_adv: batadv0: Adding interface: batadv_slave_0
[  253.100163][ T9632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.177027][ T9632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.201630][ T9632] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.227971][ T9632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.298801][ T9632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  253.325405][ T9811] pim6reg: entered allmulticast mode
[  253.347690][ T9817] pim6reg: entered allmulticast mode
[  253.579790][ T9828] x_tables: duplicate underflow at hook 1
[  253.618905][ T9632] hsr_slave_0: entered promiscuous mode
[  253.636445][ T9632] hsr_slave_1: entered promiscuous mode
[  253.654237][ T9632] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  253.673759][ T9632] Cannot create hsr debugfs directory
[  253.679249][ T9829] __nla_validate_parse: 3 callbacks suppressed
[  253.679268][ T9829] netlink: 40 bytes leftover after parsing attributes in process `syz.4.858'.
[  253.698180][ T9833] FAULT_INJECTION: forcing a failure.
[  253.698180][ T9833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.717877][ T9833] CPU: 1 UID: 0 PID: 9833 Comm: syz.3.860 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  253.717908][ T9833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  253.717922][ T9833] Call Trace:
[  253.717930][ T9833]  <TASK>
[  253.717939][ T9833]  dump_stack_lvl+0x189/0x250
[  253.717970][ T9833]  ? __pfx____ratelimit+0x10/0x10
[  253.717999][ T9833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.718024][ T9833]  ? __pfx__printk+0x10/0x10
[  253.718061][ T9833]  ? __might_fault+0xb0/0x130
[  253.718101][ T9833]  should_fail_ex+0x414/0x560
[  253.718140][ T9833]  _copy_from_user+0x2d/0xb0
[  253.718167][ T9833]  __cgroup_bpf_run_filter_setsockopt+0x2ef/0xc70
[  253.718204][ T9833]  ? vfs_write+0x8d8/0xa90
[  253.718234][ T9833]  ? __pfx___cgroup_bpf_run_filter_setsockopt+0x10/0x10
[  253.718264][ T9833]  ? aa_sk_perm+0x81e/0x950
[  253.718300][ T9833]  ? __pfx_aa_sk_perm+0x10/0x10
[  253.718336][ T9833]  ? aa_sock_opt_perm+0x74/0x110
[  253.718376][ T9833]  do_sock_setsockopt+0x37a/0x3e0
[  253.718414][ T9833]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  253.718451][ T9833]  ? __fget_files+0x2a/0x420
[  253.718486][ T9833]  __x64_sys_setsockopt+0x18b/0x220
[  253.718525][ T9833]  do_syscall_64+0xfa/0x3b0
[  253.718555][ T9833]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.718583][ T9833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.718604][ T9833]  ? clear_bhb_loop+0x60/0xb0
[  253.718631][ T9833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.718652][ T9833] RIP: 0033:0x7f09ed18e929
[  253.718673][ T9833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.718692][ T9833] RSP: 002b:00007f09edf13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  253.718715][ T9833] RAX: ffffffffffffffda RBX: 00007f09ed3b5fa0 RCX: 00007f09ed18e929
[  253.718730][ T9833] RDX: 0000000000000067 RSI: 0000000000000088 RDI: 0000000000000006
[  253.718744][ T9833] RBP: 00007f09edf13090 R08: 0000000000000004 R09: 0000000000000000
[  253.718757][ T9833] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  253.718771][ T9833] R13: 0000000000000000 R14: 00007f09ed3b5fa0 R15: 00007ffea510aa18
[  253.718806][ T9833]  </TASK>
[  254.116435][ T5853] Bluetooth: hci0: command tx timeout
[  254.281530][ T9841] netlink: 20 bytes leftover after parsing attributes in process `syz.3.862'.
[  254.463098][ T9841] ipt_ECN: cannot use operation on non-tcp rule
[  254.480691][ T9831] lo speed is unknown, defaulting to 1000
[  254.530109][ T9850] netlink: 12 bytes leftover after parsing attributes in process `syz.2.865'.
[  254.581703][ T9850] netlink: 40 bytes leftover after parsing attributes in process `syz.2.865'.
[  255.450658][ T9878] netlink: 8 bytes leftover after parsing attributes in process `syz.1.870'.
[  255.947759][ T9857] lo speed is unknown, defaulting to 1000
[  256.203438][ T5853] Bluetooth: hci0: command tx timeout
[  256.213141][ T9632] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  256.229740][ T9632] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  256.261854][ T9632] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  256.371754][ T9632] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  256.544196][ T9869] lo speed is unknown, defaulting to 1000
[  256.787302][ T9632] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.859486][ T9632] 8021q: adding VLAN 0 to HW filter on device team0
[  256.891291][ T9719] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.898616][ T9719] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.934913][ T9719] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.942134][ T9719] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.018053][ T9898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.873'.
[  257.694072][ T9917] FAULT_INJECTION: forcing a failure.
[  257.694072][ T9917] name failslab, interval 1, probability 0, space 0, times 0
[  257.710233][ T9632] 8021q: adding VLAN 0 to HW filter on device batadv0
[  257.803087][ T9917] CPU: 1 UID: 0 PID: 9917 Comm: syz.3.876 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  257.803120][ T9917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.803138][ T9917] Call Trace:
[  257.803147][ T9917]  <TASK>
[  257.803156][ T9917]  dump_stack_lvl+0x189/0x250
[  257.803189][ T9917]  ? __pfx____ratelimit+0x10/0x10
[  257.803231][ T9917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.803257][ T9917]  ? __pfx__printk+0x10/0x10
[  257.803302][ T9917]  should_fail_ex+0x414/0x560
[  257.803340][ T9917]  should_failslab+0xa8/0x100
[  257.803371][ T9917]  kmem_cache_alloc_noprof+0x73/0x3c0
[  257.803397][ T9917]  ? skb_clone+0x212/0x3a0
[  257.803424][ T9917]  skb_clone+0x212/0x3a0
[  257.803449][ T9917]  __netlink_deliver_tap+0x404/0x850
[  257.803493][ T9917]  ? netlink_deliver_tap+0x2e/0x1b0
[  257.803524][ T9917]  netlink_deliver_tap+0x19c/0x1b0
[  257.803555][ T9917]  netlink_sendskb+0x68/0x140
[  257.803583][ T9917]  netlink_rcv_skb+0x28c/0x470
[  257.803614][ T9917]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  257.803641][ T9917]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  257.803683][ T9917]  ? bpf_lsm_capable+0x9/0x20
[  257.803707][ T9917]  ? security_capable+0x7e/0x2e0
[  257.803748][ T9917]  nfnetlink_rcv+0x26a/0x2520
[  257.803784][ T9917]  ? __dev_queue_xmit+0x1d79/0x3b50
[  257.803819][ T9917]  ? __dev_queue_xmit+0x27b/0x3b50
[  257.803842][ T9917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.803875][ T9917]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  257.803898][ T9917]  ? __pfx___dev_queue_xmit+0x10/0x10
[  257.803936][ T9917]  ? ref_tracker_free+0x63a/0x7d0
[  257.803955][ T9917]  ? __copy_skb_header+0xa7/0x550
[  257.803977][ T9917]  ? __pfx_ref_tracker_free+0x10/0x10
[  257.804017][ T9917]  ? skb_clone+0x246/0x3a0
[  257.804043][ T9917]  ? __netlink_deliver_tap+0x807/0x850
[  257.804072][ T9917]  ? netlink_deliver_tap+0x2e/0x1b0
[  257.804107][ T9917]  ? netlink_deliver_tap+0x2e/0x1b0
[  257.804135][ T9917]  ? netlink_deliver_tap+0x2e/0x1b0
[  257.804169][ T9917]  netlink_unicast+0x758/0x8d0
[  257.804207][ T9917]  netlink_sendmsg+0x805/0xb30
[  257.804247][ T9917]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.804280][ T9917]  ? aa_sock_msg_perm+0x94/0x160
[  257.804315][ T9917]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  257.804335][ T9917]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.804364][ T9917]  __sock_sendmsg+0x219/0x270
[  257.804394][ T9917]  ____sys_sendmsg+0x505/0x830
[  257.804433][ T9917]  ? __pfx_____sys_sendmsg+0x10/0x10
[  257.804477][ T9917]  ? import_iovec+0x74/0xa0
[  257.804505][ T9917]  ___sys_sendmsg+0x21f/0x2a0
[  257.804527][ T9917]  ? __pfx____sys_sendmsg+0x10/0x10
[  257.804588][ T9917]  ? __fget_files+0x2a/0x420
[  257.804617][ T9917]  ? __fget_files+0x3a0/0x420
[  257.804658][ T9917]  __x64_sys_sendmsg+0x19b/0x260
[  257.804682][ T9917]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  257.804713][ T9917]  ? __pfx_ksys_write+0x10/0x10
[  257.804736][ T9917]  ? rcu_is_watching+0x15/0xb0
[  257.804776][ T9917]  ? do_syscall_64+0xbe/0x3b0
[  257.804810][ T9917]  do_syscall_64+0xfa/0x3b0
[  257.804838][ T9917]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.804866][ T9917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.804887][ T9917]  ? clear_bhb_loop+0x60/0xb0
[  257.804912][ T9917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.804932][ T9917] RIP: 0033:0x7f09ed18e929
[  257.804951][ T9917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.804969][ T9917] RSP: 002b:00007f09edf13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  257.804992][ T9917] RAX: ffffffffffffffda RBX: 00007f09ed3b5fa0 RCX: 00007f09ed18e929
[  257.805007][ T9917] RDX: 0000000000004804 RSI: 0000200000000040 RDI: 0000000000000003
[  257.805021][ T9917] RBP: 00007f09edf13090 R08: 0000000000000000 R09: 0000000000000000
[  257.805053][ T9917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.805066][ T9917] R13: 0000000000000000 R14: 00007f09ed3b5fa0 R15: 00007ffea510aa18
[  257.805100][ T9917]  </TASK>
[  258.791203][ T9939] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  258.810353][ T9939] bridge0: port 3(team0) entered disabled state
[  258.817164][ T9939] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.824720][ T9939] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.918320][ T9632] veth0_vlan: entered promiscuous mode
[  259.026708][ T9632] veth1_vlan: entered promiscuous mode
[  259.115507][ T9945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.879'.
[  259.123610][ T9632] veth0_macvtap: entered promiscuous mode
[  259.189802][ T9632] veth1_macvtap: entered promiscuous mode
[  259.416700][ T9632] batman_adv: batadv0: Interface activated: batadv_slave_0
[  259.439944][ T9632] batman_adv: batadv0: Interface activated: batadv_slave_1
[  259.607689][ T3431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  259.731137][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  259.804860][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  259.936942][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.056088][ T9732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.093912][ T9732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.197843][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.253003][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.304315][ T9955] netlink: 12 bytes leftover after parsing attributes in process `syz.3.884'.
[  260.428400][ T9962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.885'.
[  260.913438][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  260.931169][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  261.053278][ T9987] netlink: 12 bytes leftover after parsing attributes in process `syz.4.891'.
[  261.143390][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.4.891'.
[  261.157176][ T9979] netlink: 'syz.2.889': attribute type 3 has an invalid length.
[  261.169068][ T9979] netlink: 60 bytes leftover after parsing attributes in process `syz.2.889'.
[  261.169173][ T9987] netlink: 16 bytes leftover after parsing attributes in process `syz.4.891'.
[  261.178092][ T9979] netlink: 60 bytes leftover after parsing attributes in process `syz.2.889'.
[  261.227005][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.4.891'.
[  261.934428][ T9727] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.011088][ T9727] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.187479][ T9727] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.250014][ T9727] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.381015][ T9727] bridge_slave_1: left allmulticast mode
[  262.389206][ T9727] bridge_slave_1: left promiscuous mode
[  262.395511][ T9727] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.405642][ T9727] bridge_slave_0: left allmulticast mode
[  262.411301][ T9727] bridge_slave_0: left promiscuous mode
[  262.418416][ T9727] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.873010][T10003] netlink: 40 bytes leftover after parsing attributes in process `syz.4.899'.
[  262.928686][ T9727] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  262.970511][ T9727] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  263.031444][ T9727] bond0 (unregistering): Released all slaves
[  263.162383][T10011] lo speed is unknown, defaulting to 1000
[  263.181537][T10021] sock: sock_set_timeout: `syz.3.902' (pid 10021) tries to set negative timeout
[  263.741169][T10038] Bluetooth: MGMT ver 1.23
[  263.808701][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  263.820953][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  263.829491][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  263.838209][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  263.846274][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  264.118808][T10049] FAULT_INJECTION: forcing a failure.
[  264.118808][T10049] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  264.157120][T10049] CPU: 1 UID: 0 PID: 10049 Comm: syz.1.910 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  264.157154][T10049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  264.157166][T10049] Call Trace:
[  264.157174][T10049]  <TASK>
[  264.157182][T10049]  dump_stack_lvl+0x189/0x250
[  264.157214][T10049]  ? __pfx____ratelimit+0x10/0x10
[  264.157244][T10049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.157279][T10049]  ? __pfx__printk+0x10/0x10
[  264.157312][T10049]  ? fs_reclaim_acquire+0x7d/0x100
[  264.157354][T10049]  should_fail_ex+0x414/0x560
[  264.157391][T10049]  prepare_alloc_pages+0x213/0x610
[  264.157433][T10049]  __alloc_frozen_pages_noprof+0x123/0x370
[  264.157473][T10049]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  264.157518][T10049]  ? policy_nodemask+0x27c/0x720
[  264.157544][T10049]  ? __lock_acquire+0xab9/0xd20
[  264.157574][T10049]  alloc_pages_mpol+0x232/0x4a0
[  264.157609][T10049]  vma_alloc_folio_noprof+0xe4/0x200
[  264.157638][T10049]  ? page_table_check_set+0x18d/0x730
[  264.157667][T10049]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  264.157711][T10049]  folio_prealloc+0x30/0x180
[  264.157742][T10049]  __handle_mm_fault+0x2c88/0x5620
[  264.157791][T10049]  ? __pfx___handle_mm_fault+0x10/0x10
[  264.157832][T10049]  ? follow_page_pte+0x8d6/0x14b0
[  264.157869][T10049]  handle_mm_fault+0x40a/0x8e0
[  264.157906][T10049]  __get_user_pages+0x1af4/0x30b0
[  264.157970][T10049]  ? __pfx___get_user_pages+0x10/0x10
[  264.157993][T10049]  ? __gup_longterm_locked+0xbf7/0x15b0
[  264.158017][T10049]  ? down_read_killable+0x1d1/0x350
[  264.158050][T10049]  ? try_get_folio+0x633/0x660
[  264.158080][T10049]  __gup_longterm_locked+0xd66/0x15b0
[  264.158110][T10049]  ? try_grab_folio_fast+0x35b/0x4f0
[  264.158140][T10049]  ? sanity_check_pinned_pages+0x11c8/0x12c0
[  264.158175][T10049]  gup_fast_fallback+0x1cd4/0x2260
[  264.158197][T10049]  ? is_bpf_text_address+0x26/0x2b0
[  264.158265][T10049]  ? __pfx_gup_fast_fallback+0x10/0x10
[  264.158295][T10049]  ? stack_trace_save+0x9c/0xe0
[  264.158329][T10049]  ? stack_depot_save_flags+0x40/0x900
[  264.158364][T10049]  ? register_lock_class+0x51/0x320
[  264.158392][T10049]  ? pin_user_pages_fast+0x4d/0xb0
[  264.158420][T10049]  iov_iter_extract_pages+0x35a/0x5e0
[  264.158457][T10049]  extract_iter_to_sg+0xe46/0x24e0
[  264.158497][T10049]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  264.158541][T10049]  ? __asan_memset+0x22/0x50
[  264.158566][T10049]  af_alg_get_rsgl+0x436/0x810
[  264.158621][T10049]  aead_recvmsg+0x4cc/0x13f0
[  264.158642][T10049]  ? __lock_acquire+0xab9/0xd20
[  264.158688][T10049]  ? __pfx_aead_recvmsg+0x10/0x10
[  264.158709][T10049]  ? __lock_acquire+0xab9/0xd20
[  264.158734][T10049]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  264.158757][T10049]  ? __pfx_aead_recvmsg+0x10/0x10
[  264.158781][T10049]  sock_recvmsg_nosec+0x186/0x1c0
[  264.158814][T10049]  ____sys_recvmsg+0x3aa/0x460
[  264.158847][T10049]  ? __pfx_____sys_recvmsg+0x10/0x10
[  264.158888][T10049]  ? import_iovec+0x74/0xa0
[  264.158920][T10049]  ___sys_recvmsg+0x1b5/0x510
[  264.158949][T10049]  ? __pfx____sys_recvmsg+0x10/0x10
[  264.159009][T10049]  ? __might_fault+0xb0/0x130
[  264.159040][T10049]  do_recvmmsg+0x307/0x770
[  264.159073][T10049]  ? __pfx_do_recvmmsg+0x10/0x10
[  264.159111][T10049]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  264.159163][T10049]  __x64_sys_recvmmsg+0x190/0x240
[  264.159191][T10049]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  264.159211][T10049]  ? rcu_is_watching+0x15/0xb0
[  264.159243][T10049]  ? do_syscall_64+0xbe/0x3b0
[  264.159285][T10049]  do_syscall_64+0xfa/0x3b0
[  264.159315][T10049]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.159344][T10049]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.159366][T10049]  ? clear_bhb_loop+0x60/0xb0
[  264.159394][T10049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.159415][T10049] RIP: 0033:0x7f221c58e929
[  264.159435][T10049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.159454][T10049] RSP: 002b:00007f221a3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  264.159477][T10049] RAX: ffffffffffffffda RBX: 00007f221c7b5fa0 RCX: 00007f221c58e929
[  264.159493][T10049] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000005
[  264.159507][T10049] RBP: 00007f221a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  264.159520][T10049] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000002
[  264.159533][T10049] R13: 0000000000000000 R14: 00007f221c7b5fa0 R15: 00007ffe7c2a9b98
[  264.159569][T10049]  </TASK>
[  264.884494][T10040] lo speed is unknown, defaulting to 1000
[  265.088848][T10063] __nla_validate_parse: 3 callbacks suppressed
[  265.088866][T10063] netlink: 28 bytes leftover after parsing attributes in process `syz.3.916'.
[  265.117321][T10059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.916'.
[  265.399006][T10071] netlink: 'syz.1.921': attribute type 4 has an invalid length.
[  265.562338][T10077] netlink: 28 bytes leftover after parsing attributes in process `syz.1.923'.
[  265.591380][T10077] netlink: 28 bytes leftover after parsing attributes in process `syz.1.923'.
[  265.658395][T10077] gretap0: entered promiscuous mode
[  265.734118][T10077] gretap0: left promiscuous mode
[  265.873020][ T5853] Bluetooth: hci0: command tx timeout
[  266.302499][T10087] 8021q: adding VLAN 0 to HW filter on device bond2
[  266.332693][T10087] bond0: (slave bond2): Enslaving as an active interface with an up link
[  266.580258][ T9727] hsr_slave_0: left promiscuous mode
[  266.591420][ T9727] hsr_slave_1: left promiscuous mode
[  266.639772][ T9727] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  266.647319][ T9727] batman_adv: batadv0: Removing interface: batadv_slave_0
[  266.667426][ T9727] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.675391][ T9727] batman_adv: batadv0: Removing interface: batadv_slave_1
[  266.711272][ T9727] veth1_macvtap: left promiscuous mode
[  266.717312][ T9727] veth0_macvtap: left promiscuous mode
[  266.726972][ T9727] veth1_vlan: left promiscuous mode
[  266.732368][ T9727] veth0_vlan: left promiscuous mode
[  267.336102][ T9727] team0 (unregistering): Port device team_slave_1 removed
[  267.373933][ T9727] team0 (unregistering): Port device team_slave_0 removed
[  267.741776][T10104] netlink: 28 bytes leftover after parsing attributes in process `syz.3.928'.
[  267.751131][T10105] netlink: 'syz.1.929': attribute type 28 has an invalid length.
[  267.783156][T10110] smc: net device bond0 applied user defined pnetid SYZ2
[  267.953004][ T5853] Bluetooth: hci0: command tx timeout
[  268.002975][T10121] FAULT_INJECTION: forcing a failure.
[  268.002975][T10121] name failslab, interval 1, probability 0, space 0, times 0
[  268.022189][T10121] CPU: 0 UID: 0 PID: 10121 Comm: syz.2.933 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  268.022234][T10121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  268.022248][T10121] Call Trace:
[  268.022257][T10121]  <TASK>
[  268.022266][T10121]  dump_stack_lvl+0x189/0x250
[  268.022298][T10121]  ? __pfx____ratelimit+0x10/0x10
[  268.022328][T10121]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.022355][T10121]  ? __pfx__printk+0x10/0x10
[  268.022404][T10121]  ? __pfx___might_resched+0x10/0x10
[  268.022429][T10121]  ? fs_reclaim_acquire+0x7d/0x100
[  268.022463][T10121]  should_fail_ex+0x414/0x560
[  268.022495][T10121]  should_failslab+0xa8/0x100
[  268.022524][T10121]  __kmalloc_cache_noprof+0x70/0x3d0
[  268.022549][T10121]  ? ipv6_add_addr+0x530/0x1090
[  268.022579][T10121]  ipv6_add_addr+0x530/0x1090
[  268.022610][T10121]  ? __pfx_ipv6_add_addr+0x10/0x10
[  268.022632][T10121]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  268.022662][T10121]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  268.022695][T10121]  inet6_addr_add+0x387/0xc00
[  268.022732][T10121]  ? __pfx_inet6_addr_add+0x10/0x10
[  268.022763][T10121]  ? addrconf_add_ifaddr+0x13e/0x400
[  268.022792][T10121]  ? __pfx___mutex_lock+0x10/0x10
[  268.022867][T10121]  addrconf_add_ifaddr+0x27d/0x400
[  268.022907][T10121]  ? __pfx_addrconf_add_ifaddr+0x10/0x10
[  268.022951][T10121]  inet6_ioctl+0x13d/0x280
[  268.022977][T10121]  ? __pfx_inet6_ioctl+0x10/0x10
[  268.023001][T10121]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  268.023033][T10121]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  268.023055][T10121]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  268.023079][T10121]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  268.023114][T10121]  sock_do_ioctl+0xd9/0x300
[  268.023137][T10121]  ? __pfx_sock_do_ioctl+0x10/0x10
[  268.023155][T10121]  ? __lock_acquire+0xab9/0xd20
[  268.023189][T10121]  sock_ioctl+0x576/0x790
[  268.023220][T10121]  ? __pfx_sock_ioctl+0x10/0x10
[  268.023240][T10121]  ? __fget_files+0x2a/0x420
[  268.023263][T10121]  ? __fget_files+0x3a0/0x420
[  268.023285][T10121]  ? __fget_files+0x2a/0x420
[  268.023312][T10121]  ? bpf_lsm_file_ioctl+0x9/0x20
[  268.023330][T10121]  ? __pfx_sock_ioctl+0x10/0x10
[  268.023349][T10121]  __se_sys_ioctl+0xf9/0x170
[  268.023371][T10121]  do_syscall_64+0xfa/0x3b0
[  268.023394][T10121]  ? lockdep_hardirqs_on+0x9c/0x150
[  268.023416][T10121]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.023433][T10121]  ? clear_bhb_loop+0x60/0xb0
[  268.023454][T10121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.023471][T10121] RIP: 0033:0x7f9d3a78e929
[  268.023488][T10121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.023503][T10121] RSP: 002b:00007f9d3b596038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.023522][T10121] RAX: ffffffffffffffda RBX: 00007f9d3a9b5fa0 RCX: 00007f9d3a78e929
[  268.023535][T10121] RDX: 0000200000005b80 RSI: 0000000000008916 RDI: 0000000000000003
[  268.023546][T10121] RBP: 00007f9d3b596090 R08: 0000000000000000 R09: 0000000000000000
[  268.023556][T10121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.023566][T10121] R13: 0000000000000000 R14: 00007f9d3a9b5fa0 R15: 00007ffdce4c5e98
[  268.023594][T10121]  </TASK>
[  268.606177][T10040] chnl_net:caif_netlink_parms(): no params data found
[  268.796122][T10040] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.828856][T10040] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.848491][T10040] bridge_slave_0: entered allmulticast mode
[  268.864921][T10040] bridge_slave_0: entered promiscuous mode
[  268.891787][T10040] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.909859][T10040] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.928767][T10040] bridge_slave_1: entered allmulticast mode
[  268.950535][T10040] bridge_slave_1: entered promiscuous mode
[  268.958439][T10147] netlink: 44 bytes leftover after parsing attributes in process `syz.2.940'.
[  269.022111][T10149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'.
[  269.031633][T10149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'.
[  269.087874][T10040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.144446][T10040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.190866][T10153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.943'.
[  269.249742][T10040] team0: Port device team_slave_0 added
[  269.257825][T10157] FAULT_INJECTION: forcing a failure.
[  269.257825][T10157] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  269.258873][T10156] netlink: 248 bytes leftover after parsing attributes in process `syz.1.943'.
[  269.279672][T10040] team0: Port device team_slave_1 added
[  269.299090][T10157] CPU: 1 UID: 0 PID: 10157 Comm: syz.2.944 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  269.299121][T10157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  269.299135][T10157] Call Trace:
[  269.299143][T10157]  <TASK>
[  269.299153][T10157]  dump_stack_lvl+0x189/0x250
[  269.299185][T10157]  ? __pfx____ratelimit+0x10/0x10
[  269.299214][T10157]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.299238][T10157]  ? __pfx__printk+0x10/0x10
[  269.299269][T10157]  ? fs_reclaim_acquire+0x7d/0x100
[  269.299309][T10157]  should_fail_ex+0x414/0x560
[  269.299346][T10157]  prepare_alloc_pages+0x213/0x610
[  269.299387][T10157]  __alloc_frozen_pages_noprof+0x123/0x370
[  269.299425][T10157]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  269.299464][T10157]  ? __pfx__copy_from_iter+0x10/0x10
[  269.299488][T10157]  ? policy_nodemask+0x27c/0x720
[  269.299516][T10157]  ? aa_file_perm+0x11f/0xed0
[  269.299541][T10157]  alloc_pages_mpol+0x232/0x4a0
[  269.299577][T10157]  alloc_pages_noprof+0xa9/0x190
[  269.299605][T10157]  anon_pipe_write+0xb85/0x1360
[  269.299662][T10157]  ? __pfx_anon_pipe_write+0x10/0x10
[  269.299690][T10157]  ? common_file_perm+0x199/0x200
[  269.299727][T10157]  ? bpf_lsm_file_permission+0x9/0x20
[  269.299749][T10157]  ? security_file_permission+0x75/0x290
[  269.299788][T10157]  vfs_write+0x54b/0xa90
[  269.299820][T10157]  ? __pfx_anon_pipe_write+0x10/0x10
[  269.299852][T10157]  ? __pfx_vfs_write+0x10/0x10
[  269.299900][T10157]  ? __fget_files+0x2a/0x420
[  269.299941][T10157]  ksys_write+0x145/0x250
[  269.299971][T10157]  ? __pfx_ksys_write+0x10/0x10
[  269.299994][T10157]  ? rcu_is_watching+0x15/0xb0
[  269.300026][T10157]  ? do_syscall_64+0xbe/0x3b0
[  269.300062][T10157]  do_syscall_64+0xfa/0x3b0
[  269.300090][T10157]  ? lockdep_hardirqs_on+0x9c/0x150
[  269.300119][T10157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.300141][T10157]  ? clear_bhb_loop+0x60/0xb0
[  269.300167][T10157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.300187][T10157] RIP: 0033:0x7f9d3a78e929
[  269.300207][T10157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.300225][T10157] RSP: 002b:00007f9d3b575038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  269.300248][T10157] RAX: ffffffffffffffda RBX: 00007f9d3a9b6080 RCX: 00007f9d3a78e929
[  269.300264][T10157] RDX: 0000000000010448 RSI: 0000200000003100 RDI: 0000000000000006
[  269.300278][T10157] RBP: 00007f9d3b575090 R08: 0000000000000000 R09: 0000000000000000
[  269.300292][T10157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  269.300304][T10157] R13: 0000000000000000 R14: 00007f9d3a9b6080 R15: 00007ffdce4c5e98
[  269.300339][T10157]  </TASK>
[  269.432364][T10159] netlink: 'syz.3.945': attribute type 9 has an invalid length.
[  269.647593][T10040] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.674731][T10040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.701532][T10159] netlink: 'syz.3.945': attribute type 6 has an invalid length.
[  269.745825][T10040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.883842][T10040] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.900054][T10040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.929394][T10040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.950724][T10164] lo speed is unknown, defaulting to 1000
[  269.958230][T10175] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  270.043637][ T5850] Bluetooth: hci0: command tx timeout
[  270.261048][T10177] netlink: 40 bytes leftover after parsing attributes in process `syz.4.950'.
[  270.429311][T10040] hsr_slave_0: entered promiscuous mode
[  270.450605][T10040] hsr_slave_1: entered promiscuous mode
[  270.470376][T10040] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  270.491155][T10040] Cannot create hsr debugfs directory
[  270.764605][T10178] lo speed is unknown, defaulting to 1000
[  271.626407][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  271.639894][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  271.653225][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  271.673589][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  271.683477][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  272.113334][ T5847] Bluetooth: hci0: command 0x0419 tx timeout
[  272.122905][T10181] lo speed is unknown, defaulting to 1000
[  272.502117][T10040] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  272.539534][T10186] netlink: 'syz.1.952': attribute type 1 has an invalid length.
[  272.557440][T10040] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  272.583286][T10186] netlink: 228 bytes leftover after parsing attributes in process `syz.1.952'.
[  272.649318][T10187] 8021q: adding VLAN 0 to HW filter on device macvlan6
[  272.740556][T10040] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  272.762214][T10040] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  272.955063][T10196] netlink: 64 bytes leftover after parsing attributes in process `syz.1.953'.
[  273.043480][T10196] netlink: 36 bytes leftover after parsing attributes in process `syz.1.953'.
[  273.269311][T10040] 8021q: adding VLAN 0 to HW filter on device bond0
[  273.366345][T10040] 8021q: adding VLAN 0 to HW filter on device team0
[  273.643444][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.650666][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  273.709876][ T9727] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.717226][ T9727] bridge0: port 2(bridge_slave_1) entered forwarding state
[  273.751775][T10181] chnl_net:caif_netlink_parms(): no params data found
[  273.793281][ T5853] Bluetooth: hci4: command tx timeout
[  274.125038][T10181] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.132326][T10181] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.153580][T10181] bridge_slave_0: entered allmulticast mode
[  274.161564][T10181] bridge_slave_0: entered promiscuous mode
[  274.193643][ T5853] Bluetooth: hci0: command 0x0419 tx timeout
[  274.224873][T10206] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.255941][T10181] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.263395][T10181] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.271384][T10181] bridge_slave_1: entered allmulticast mode
[  274.283261][T10181] bridge_slave_1: entered promiscuous mode
[  274.350638][T10206] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.379128][T10181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  274.426637][T10181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  274.470748][T10206] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.552204][T10206] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.672071][T10181] team0: Port device team_slave_0 added
[  274.700250][T10181] team0: Port device team_slave_1 added
[  274.863745][T10181] batman_adv: batadv0: Adding interface: batadv_slave_0
[  274.871140][T10181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.910226][T10181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  274.929487][   T49] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  274.943810][T10181] batman_adv: batadv0: Adding interface: batadv_slave_1
[  274.950787][T10181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.988107][T10181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  275.042025][ T9727] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.079208][T10220] bridge0: port 3(team0) entered blocking state
[  275.085851][T10220] bridge0: port 3(team0) entered forwarding state
[  275.092953][T10220] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.100149][T10220] bridge0: port 2(bridge_slave_1) entered forwarding state
[  275.107744][T10220] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.114983][T10220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  275.129171][T10220] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  275.146524][ T9727] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.227519][T10181] hsr_slave_0: entered promiscuous mode
[  275.244939][T10181] hsr_slave_1: entered promiscuous mode
[  275.254938][T10181] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  275.268162][T10181] Cannot create hsr debugfs directory
[  275.314134][T10224] netlink: 104 bytes leftover after parsing attributes in process `syz.3.961'.
[  275.324725][   T49] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  275.360513][T10224] netlink: 'syz.3.961': attribute type 13 has an invalid length.
[  275.414339][T10224] netlink: 224 bytes leftover after parsing attributes in process `syz.3.961'.
[  275.428954][T10040] 8021q: adding VLAN 0 to HW filter on device batadv0
[  275.436362][T10224] openvswitch: netlink: Flow key attr not present in new flow.
[  275.616303][T10231] netlink: 4 bytes leftover after parsing attributes in process `syz.3.964'.
[  275.712372][T10181] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.746504][T10040] veth0_vlan: entered promiscuous mode
[  275.807999][T10181] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.821927][T10238] netlink: 'syz.3.966': attribute type 9 has an invalid length.
[  275.846073][T10040] veth1_vlan: entered promiscuous mode
[  275.849843][T10238] netlink: 'syz.3.966': attribute type 6 has an invalid length.
[  275.873262][ T5853] Bluetooth: hci4: command tx timeout
[  276.014368][T10181] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.043483][T10040] veth0_macvtap: entered promiscuous mode
[  276.055390][T10040] veth1_macvtap: entered promiscuous mode
[  276.185008][T10181] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.262164][T10040] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.291358][T10040] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.322467][ T9727] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.366110][ T9727] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.422244][ T9727] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.451398][ T9727] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.783323][ T9730] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  276.791201][ T9730] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.864467][T10181] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  276.880368][T10249] FAULT_INJECTION: forcing a failure.
[  276.880368][T10249] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.904720][T10181] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  276.912578][T10249] CPU: 1 UID: 0 PID: 10249 Comm: syz.1.970 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  276.912607][T10249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  276.912619][T10249] Call Trace:
[  276.912627][T10249]  <TASK>
[  276.912636][T10249]  dump_stack_lvl+0x189/0x250
[  276.912667][T10249]  ? __pfx____ratelimit+0x10/0x10
[  276.912696][T10249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.912723][T10249]  ? __pfx__printk+0x10/0x10
[  276.912766][T10249]  should_fail_ex+0x414/0x560
[  276.912805][T10249]  _copy_to_user+0x31/0xb0
[  276.912839][T10249]  simple_read_from_buffer+0xe1/0x170
[  276.912873][T10249]  proc_fail_nth_read+0x1df/0x250
[  276.912909][T10249]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  276.912945][T10249]  ? rw_verify_area+0x258/0x650
[  276.912970][T10249]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  276.913004][T10249]  vfs_read+0x200/0x980
[  276.913036][T10249]  ? __pfx___mutex_lock+0x10/0x10
[  276.913067][T10249]  ? __pfx_vfs_read+0x10/0x10
[  276.913095][T10249]  ? __fget_files+0x2a/0x420
[  276.913131][T10249]  ? __fget_files+0x3a0/0x420
[  276.913159][T10249]  ? __fget_files+0x2a/0x420
[  276.913200][T10249]  ksys_read+0x145/0x250
[  276.913229][T10249]  ? __pfx_ksys_read+0x10/0x10
[  276.913251][T10249]  ? rcu_is_watching+0x15/0xb0
[  276.913283][T10249]  ? do_syscall_64+0xbe/0x3b0
[  276.913318][T10249]  do_syscall_64+0xfa/0x3b0
[  276.913347][T10249]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.913375][T10249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.913397][T10249]  ? clear_bhb_loop+0x60/0xb0
[  276.913425][T10249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.913446][T10249] RIP: 0033:0x7f221c58d33c
[  276.913466][T10249] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  276.913486][T10249] RSP: 002b:00007f221a3f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  276.913517][T10249] RAX: ffffffffffffffda RBX: 00007f221c7b5fa0 RCX: 00007f221c58d33c
[  276.913533][T10249] RDX: 000000000000000f RSI: 00007f221a3f60a0 RDI: 0000000000000005
[  276.913547][T10249] RBP: 00007f221a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  276.913560][T10249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  276.913573][T10249] R13: 0000000000000000 R14: 00007f221c7b5fa0 R15: 00007ffe7c2a9b98
[  276.913608][T10249]  </TASK>
[  277.219390][T10181] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  277.295372][T10181] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  277.319778][ T3431] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.345987][ T3431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.445405][T10264] netlink: 'syz.1.974': attribute type 10 has an invalid length.
[  277.501372][T10264] team0: Cannot enslave team device to itself
[  277.507194][T10266] netlink: 248 bytes leftover after parsing attributes in process `syz.4.975'.
[  277.574521][T10267] FAULT_INJECTION: forcing a failure.
[  277.574521][T10267] name failslab, interval 1, probability 0, space 0, times 0
[  277.627442][T10267] CPU: 0 UID: 0 PID: 10267 Comm: syz.4.975 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  277.627474][T10267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  277.627487][T10267] Call Trace:
[  277.627504][T10267]  <TASK>
[  277.627513][T10267]  dump_stack_lvl+0x189/0x250
[  277.627546][T10267]  ? __pfx____ratelimit+0x10/0x10
[  277.627575][T10267]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.627602][T10267]  ? __pfx__printk+0x10/0x10
[  277.627638][T10267]  ? __pfx___might_resched+0x10/0x10
[  277.627665][T10267]  ? fs_reclaim_acquire+0x7d/0x100
[  277.627702][T10267]  should_fail_ex+0x414/0x560
[  277.627740][T10267]  should_failslab+0xa8/0x100
[  277.627771][T10267]  __kmalloc_noprof+0xcb/0x4f0
[  277.627796][T10267]  ? read_adv_mon_features+0x1e4/0x4c0
[  277.627835][T10267]  read_adv_mon_features+0x1e4/0x4c0
[  277.627877][T10267]  ? __pfx_read_adv_mon_features+0x10/0x10
[  277.627935][T10267]  hci_mgmt_cmd+0x9c9/0xef0
[  277.627973][T10267]  hci_sock_sendmsg+0x6ca/0xef0
[  277.628014][T10267]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  277.628049][T10267]  ? aa_sock_msg_perm+0x94/0x160
[  277.628084][T10267]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  277.628104][T10267]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  277.628139][T10267]  __sock_sendmsg+0x219/0x270
[  277.628170][T10267]  sock_write_iter+0x258/0x330
[  277.628198][T10267]  ? __pfx_sock_write_iter+0x10/0x10
[  277.628237][T10267]  ? bpf_lsm_file_permission+0x9/0x20
[  277.628259][T10267]  ? security_file_permission+0x75/0x290
[  277.628299][T10267]  vfs_write+0x54b/0xa90
[  277.628332][T10267]  ? __pfx_sock_write_iter+0x10/0x10
[  277.628357][T10267]  ? __pfx_vfs_write+0x10/0x10
[  277.628397][T10267]  ? __fget_files+0x2a/0x420
[  277.628440][T10267]  ksys_write+0x145/0x250
[  277.628469][T10267]  ? __pfx_ksys_write+0x10/0x10
[  277.628492][T10267]  ? rcu_is_watching+0x15/0xb0
[  277.628534][T10267]  ? do_syscall_64+0xbe/0x3b0
[  277.628569][T10267]  do_syscall_64+0xfa/0x3b0
[  277.628597][T10267]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.628626][T10267]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.628648][T10267]  ? clear_bhb_loop+0x60/0xb0
[  277.628675][T10267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.628696][T10267] RIP: 0033:0x7f775ed8e929
[  277.628715][T10267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.628734][T10267] RSP: 002b:00007f775fb92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  277.628758][T10267] RAX: ffffffffffffffda RBX: 00007f775efb6080 RCX: 00007f775ed8e929
[  277.628774][T10267] RDX: 0000000000000006 RSI: 00002000000000c0 RDI: 0000000000000009
[  277.628787][T10267] RBP: 00007f775fb92090 R08: 0000000000000000 R09: 0000000000000000
[  277.628801][T10267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.628814][T10267] R13: 0000000000000000 R14: 00007f775efb6080 R15: 00007ffd53ec7108
[  277.628850][T10267]  </TASK>
[  277.697410][T10181] 8021q: adding VLAN 0 to HW filter on device bond0
[  277.955037][ T5853] Bluetooth: hci4: command tx timeout
[  278.000454][T10181] 8021q: adding VLAN 0 to HW filter on device team0
[  278.156867][ T3431] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.164265][ T3431] bridge0: port 1(bridge_slave_0) entered forwarding state
[  278.194657][ T9727] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  278.197167][ T3431] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.212145][ T3431] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.392218][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.643989][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.729427][T10281] lo speed is unknown, defaulting to 1000
[  278.788017][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.010117][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.305455][T10181] 8021q: adding VLAN 0 to HW filter on device batadv0
[  279.324140][   T49] bridge_slave_1: left allmulticast mode
[  279.329863][   T49] bridge_slave_1: left promiscuous mode
[  279.353258][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.377223][   T49] bridge_slave_0: left allmulticast mode
[  279.393491][   T49] bridge_slave_0: left promiscuous mode
[  279.399371][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.901211][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  279.912436][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  279.926452][   T49] bond0 (unregistering): Released all slaves
[  280.007128][T10286] lo speed is unknown, defaulting to 1000
[  280.033269][ T5853] Bluetooth: hci4: command tx timeout
[  280.153094][T10299] netlink: 248 bytes leftover after parsing attributes in process `syz.3.982'.
[  280.615551][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  280.633237][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  280.647957][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  280.679050][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  280.687795][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  280.761389][T10181] veth0_vlan: entered promiscuous mode
[  280.884053][T10181] veth1_vlan: entered promiscuous mode
[  280.989141][T10316] netlink: 20 bytes leftover after parsing attributes in process `syz.3.985'.
[  281.039231][T10306] lo speed is unknown, defaulting to 1000
[  281.366963][T10181] veth0_macvtap: entered promiscuous mode
[  281.403390][T10181] veth1_macvtap: entered promiscuous mode
[  281.524032][   T49] hsr_slave_0: left promiscuous mode
[  281.533351][   T49] hsr_slave_1: left promiscuous mode
[  281.539531][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  281.566365][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  281.584070][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  281.591513][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.616118][   T49] veth1_macvtap: left promiscuous mode
[  281.621720][   T49] veth0_macvtap: left promiscuous mode
[  281.627478][   T49] veth1_vlan: left promiscuous mode
[  281.635184][   T49] veth0_vlan: left promiscuous mode
[  282.218464][   T49] team0 (unregistering): Port device team_slave_1 removed
[  282.258556][   T49] team0 (unregistering): Port device team_slave_0 removed
[  282.754042][ T5853] Bluetooth: hci0: command tx timeout
[  282.895925][T10181] batman_adv: batadv0: Interface activated: batadv_slave_0
[  282.909529][T10181] batman_adv: batadv0: Interface activated: batadv_slave_1
[  282.969549][ T9728] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  282.982686][ T9728] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.036500][ T9727] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.081517][ T9727] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  283.287536][ T9727] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.304264][ T9727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.343375][ T9728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.351372][ T9728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.448225][T10349] FAULT_INJECTION: forcing a failure.
[  283.448225][T10349] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.452463][T10306] chnl_net:caif_netlink_parms(): no params data found
[  283.471372][T10349] CPU: 0 UID: 0 PID: 10349 Comm: syz.1.995 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  283.471404][T10349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  283.471418][T10349] Call Trace:
[  283.471427][T10349]  <TASK>
[  283.471436][T10349]  dump_stack_lvl+0x189/0x250
[  283.471468][T10349]  ? __pfx____ratelimit+0x10/0x10
[  283.471498][T10349]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.471525][T10349]  ? __pfx__printk+0x10/0x10
[  283.471556][T10349]  ? __might_fault+0xb0/0x130
[  283.471597][T10349]  should_fail_ex+0x414/0x560
[  283.471635][T10349]  _copy_from_iter+0x1db/0x16f0
[  283.471664][T10349]  ? rcu_is_watching+0x15/0xb0
[  283.471692][T10349]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  283.471722][T10349]  ? __pfx__copy_from_iter+0x10/0x10
[  283.471748][T10349]  ? __build_skb_around+0x257/0x3e0
[  283.471784][T10349]  ? netlink_sendmsg+0x642/0xb30
[  283.471812][T10349]  ? skb_put+0x11b/0x210
[  283.471848][T10349]  netlink_sendmsg+0x6b2/0xb30
[  283.471889][T10349]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.471924][T10349]  ? aa_sock_msg_perm+0x94/0x160
[  283.471959][T10349]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  283.471979][T10349]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.472010][T10349]  __sock_sendmsg+0x219/0x270
[  283.472040][T10349]  ____sys_sendmsg+0x505/0x830
[  283.472082][T10349]  ? __pfx_____sys_sendmsg+0x10/0x10
[  283.472136][T10349]  ? import_iovec+0x74/0xa0
[  283.472167][T10349]  ___sys_sendmsg+0x21f/0x2a0
[  283.472190][T10349]  ? __pfx____sys_sendmsg+0x10/0x10
[  283.472254][T10349]  ? __fget_files+0x2a/0x420
[  283.472283][T10349]  ? __fget_files+0x3a0/0x420
[  283.472325][T10349]  __x64_sys_sendmsg+0x19b/0x260
[  283.472350][T10349]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  283.472383][T10349]  ? __pfx_ksys_write+0x10/0x10
[  283.472406][T10349]  ? rcu_is_watching+0x15/0xb0
[  283.472438][T10349]  ? do_syscall_64+0xbe/0x3b0
[  283.472472][T10349]  do_syscall_64+0xfa/0x3b0
[  283.472500][T10349]  ? lockdep_hardirqs_on+0x9c/0x150
[  283.472528][T10349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.472550][T10349]  ? clear_bhb_loop+0x60/0xb0
[  283.472577][T10349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.472598][T10349] RIP: 0033:0x7f221c58e929
[  283.472618][T10349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.472637][T10349] RSP: 002b:00007f221a3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  283.472661][T10349] RAX: ffffffffffffffda RBX: 00007f221c7b5fa0 RCX: 00007f221c58e929
[  283.472677][T10349] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  283.472690][T10349] RBP: 00007f221a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  283.472704][T10349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.472715][T10349] R13: 0000000000000000 R14: 00007f221c7b5fa0 R15: 00007ffe7c2a9b98
[  283.472748][T10349]  </TASK>
[  283.934855][T10359] netlink: 'syz.1.998': attribute type 6 has an invalid length.
[  284.111684][T10306] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.121150][T10306] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.129549][T10306] bridge_slave_0: entered allmulticast mode
[  284.139930][T10306] bridge_slave_0: entered promiscuous mode
[  284.148543][T10367] netlink: 'syz.4.1000': attribute type 1 has an invalid length.
[  284.159363][T10367] netlink: 'syz.4.1000': attribute type 2 has an invalid length.
[  284.207948][T10369] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.219091][T10369] 8021q: adding VLAN 0 to HW filter on device team0
[  284.232805][T10369] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  284.282650][T10306] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.303323][T10306] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.323258][T10306] bridge_slave_1: entered allmulticast mode
[  284.331226][T10306] bridge_slave_1: entered promiscuous mode
[  284.362083][ T6004] lo speed is unknown, defaulting to 1000
[  284.368192][ T6004] syz0: Port: 1 Link ACTIVE
[  284.372803][ T6004] lo speed is unknown, defaulting to 1000
[  284.454171][T10306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.520506][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.549493][T10306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.681748][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.745830][T10306] team0: Port device team_slave_0 added
[  284.828408][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.833809][ T5853] Bluetooth: hci0: command tx timeout
[  284.858669][T10384] Bluetooth: MGMT ver 1.23
[  284.878371][T10306] team0: Port device team_slave_1 added
[  285.056292][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.070032][T10386] x_tables: ip_tables: udp match: only valid for protocol 17
[  285.133728][T10306] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.142944][T10306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.178657][T10306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.198581][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  285.208777][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  285.210204][T10386] syzkaller1: entered promiscuous mode
[  285.223269][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  285.230453][T10386] syzkaller1: entered allmulticast mode
[  285.240368][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  285.248884][T10306] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.257965][T10306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.258014][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  285.292009][T10306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.410941][T10306] hsr_slave_0: entered promiscuous mode
[  285.420220][T10306] hsr_slave_1: entered promiscuous mode
[  285.430608][T10306] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  285.441798][T10306] Cannot create hsr debugfs directory
[  285.654202][T10391] lo speed is unknown, defaulting to 1000
[  285.787880][   T13] bridge_slave_1: left allmulticast mode
[  285.812558][   T13] bridge_slave_1: left promiscuous mode
[  285.842250][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.904955][   T13] bridge_slave_0: left allmulticast mode
[  285.910668][   T13] bridge_slave_0: left promiscuous mode
[  285.936046][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.228917][T10409] FAULT_INJECTION: forcing a failure.
[  286.228917][T10409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.282964][T10409] CPU: 0 UID: 0 PID: 10409 Comm: syz.3.1012 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  286.282998][T10409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.283016][T10409] Call Trace:
[  286.283025][T10409]  <TASK>
[  286.283034][T10409]  dump_stack_lvl+0x189/0x250
[  286.283067][T10409]  ? __pfx____ratelimit+0x10/0x10
[  286.283097][T10409]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.283124][T10409]  ? __pfx__printk+0x10/0x10
[  286.283169][T10409]  should_fail_ex+0x414/0x560
[  286.283208][T10409]  _copy_to_user+0x31/0xb0
[  286.283237][T10409]  simple_read_from_buffer+0xe1/0x170
[  286.283273][T10409]  proc_fail_nth_read+0x1df/0x250
[  286.283309][T10409]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  286.283344][T10409]  ? rw_verify_area+0x258/0x650
[  286.283368][T10409]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  286.283401][T10409]  vfs_read+0x200/0x980
[  286.283434][T10409]  ? __pfx___mutex_lock+0x10/0x10
[  286.283465][T10409]  ? __pfx_vfs_read+0x10/0x10
[  286.283492][T10409]  ? __fget_files+0x2a/0x420
[  286.283527][T10409]  ? __fget_files+0x3a0/0x420
[  286.283555][T10409]  ? __fget_files+0x2a/0x420
[  286.283591][T10409]  ksys_read+0x145/0x250
[  286.283620][T10409]  ? __pfx_ksys_read+0x10/0x10
[  286.283642][T10409]  ? rcu_is_watching+0x15/0xb0
[  286.283674][T10409]  ? do_syscall_64+0xbe/0x3b0
[  286.283709][T10409]  do_syscall_64+0xfa/0x3b0
[  286.283737][T10409]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.283765][T10409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.283786][T10409]  ? clear_bhb_loop+0x60/0xb0
[  286.283822][T10409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.283843][T10409] RIP: 0033:0x7f09ed18d33c
[  286.283862][T10409] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  286.283881][T10409] RSP: 002b:00007f09edf13030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  286.283904][T10409] RAX: ffffffffffffffda RBX: 00007f09ed3b5fa0 RCX: 00007f09ed18d33c
[  286.283920][T10409] RDX: 000000000000000f RSI: 00007f09edf130a0 RDI: 0000000000000004
[  286.283934][T10409] RBP: 00007f09edf13090 R08: 0000000000000000 R09: 0000000000000000
[  286.283947][T10409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  286.283960][T10409] R13: 0000000000000000 R14: 00007f09ed3b5fa0 R15: 00007ffea510aa18
[  286.284001][T10409]  </TASK>
[  286.791967][T10420] netlink: 'syz.3.1016': attribute type 1 has an invalid length.
[  286.826032][T10420] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1016'.
[  286.919687][ T5847] Bluetooth: hci0: command tx timeout
[  287.110987][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  287.127333][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  287.140259][   T13] bond0 (unregistering): Released all slaves
[  287.192682][T10420] bond0: entered promiscuous mode
[  287.198149][T10420] bond_slave_0: entered promiscuous mode
[  287.213428][T10420] bond_slave_1: entered promiscuous mode
[  287.219481][T10420] bond2: entered promiscuous mode
[  287.231061][T10420] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  287.258798][T10420] bond0: left promiscuous mode
[  287.264140][T10420] bond_slave_0: left promiscuous mode
[  287.269895][T10420] bond_slave_1: left promiscuous mode
[  287.281897][T10420] bond2: left promiscuous mode
[  287.393697][ T5847] Bluetooth: hci4: command tx timeout
[  287.971064][   T13] hsr_slave_0: left promiscuous mode
[  287.980570][   T13] hsr_slave_1: left promiscuous mode
[  287.986843][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.994632][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  288.002519][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  288.010700][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  288.035333][   T13] veth1_macvtap: left promiscuous mode
[  288.040973][   T13] veth0_macvtap: left promiscuous mode
[  288.046949][   T13] veth1_vlan: left promiscuous mode
[  288.052395][   T13] veth0_vlan: left promiscuous mode
[  288.522228][   T13] team0 (unregistering): Port device team_slave_1 removed
[  288.565607][   T13] team0 (unregistering): Port device team_slave_0 removed
[  288.597833][ T5847] Bluetooth: hci3: command 0x0405 tx timeout
[  288.997791][ T5853] Bluetooth: hci0: command tx timeout
[  289.109041][T10452] FAULT_INJECTION: forcing a failure.
[  289.109041][T10452] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  289.136335][T10452] CPU: 1 UID: 0 PID: 10452 Comm: syz.1.1025 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  289.136366][T10452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  289.136380][T10452] Call Trace:
[  289.136388][T10452]  <TASK>
[  289.136396][T10452]  dump_stack_lvl+0x189/0x250
[  289.136428][T10452]  ? __pfx____ratelimit+0x10/0x10
[  289.136456][T10452]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.136477][T10452]  ? __pfx__printk+0x10/0x10
[  289.136502][T10452]  ? __might_fault+0xb0/0x130
[  289.136533][T10452]  should_fail_ex+0x414/0x560
[  289.136563][T10452]  _copy_from_user+0x2d/0xb0
[  289.136586][T10452]  ___sys_sendmsg+0x158/0x2a0
[  289.136605][T10452]  ? __pfx____sys_sendmsg+0x10/0x10
[  289.136661][T10452]  ? __fget_files+0x2a/0x420
[  289.136684][T10452]  ? __fget_files+0x3a0/0x420
[  289.136717][T10452]  __sys_sendmmsg+0x227/0x430
[  289.136738][T10452]  ? __pfx___sys_sendmmsg+0x10/0x10
[  289.136752][T10452]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  289.136800][T10452]  ? ksys_write+0x22a/0x250
[  289.136823][T10452]  ? __pfx_ksys_write+0x10/0x10
[  289.136841][T10452]  ? rcu_is_watching+0x15/0xb0
[  289.136867][T10452]  __x64_sys_sendmmsg+0xa0/0xc0
[  289.136885][T10452]  do_syscall_64+0xfa/0x3b0
[  289.136908][T10452]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.136931][T10452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.136947][T10452]  ? clear_bhb_loop+0x60/0xb0
[  289.136968][T10452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.136984][T10452] RIP: 0033:0x7f221c58e929
[  289.137000][T10452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.137015][T10452] RSP: 002b:00007f221a3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  289.137033][T10452] RAX: ffffffffffffffda RBX: 00007f221c7b5fa0 RCX: 00007f221c58e929
[  289.137046][T10452] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000003
[  289.137057][T10452] RBP: 00007f221a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  289.137068][T10452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.137077][T10452] R13: 0000000000000000 R14: 00007f221c7b5fa0 R15: 00007ffe7c2a9b98
[  289.137104][T10452]  </TASK>
[  289.153658][T10391] chnl_net:caif_netlink_parms(): no params data found
[  289.405679][T10462] netlink: 'syz.3.1028': attribute type 10 has an invalid length.
[  289.453166][T10462] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1028'.
[  289.472955][ T5853] Bluetooth: hci4: command tx timeout
[  289.473599][T10465] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1028'.
[  289.624460][T10462] geneve0: entered promiscuous mode
[  289.661477][T10462] geneve0: entered allmulticast mode
[  289.674360][T10462] team0: Port device geneve0 added
[  289.721691][T10461] lo speed is unknown, defaulting to 1000
[  289.987832][T10479] netlink: 'syz.3.1030': attribute type 1 has an invalid length.
[  290.018431][T10479] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1030'.
[  290.069193][T10391] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.082129][T10391] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.090435][T10391] bridge_slave_0: entered allmulticast mode
[  290.100612][T10391] bridge_slave_0: entered promiscuous mode
[  290.128817][T10481] bond0: entered promiscuous mode
[  290.141596][T10481] bond_slave_0: entered promiscuous mode
[  290.148292][T10481] bond_slave_1: entered promiscuous mode
[  290.162364][T10481] bond2: entered promiscuous mode
[  290.170375][T10481] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  290.184317][T10481] bond0: left promiscuous mode
[  290.189205][T10481] bond_slave_0: left promiscuous mode
[  290.195724][T10481] bond_slave_1: left promiscuous mode
[  290.201453][T10481] bond2: left promiscuous mode
[  290.246509][T10391] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.258978][T10391] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.266749][T10391] bridge_slave_1: entered allmulticast mode
[  290.277878][T10391] bridge_slave_1: entered promiscuous mode
[  290.300019][T10306] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  290.385534][T10306] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  290.420023][T10391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.434240][T10306] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  290.489423][T10391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.514815][T10306] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  290.582068][T10391] team0: Port device team_slave_0 added
[  290.594899][T10391] team0: Port device team_slave_1 added
[  290.785540][T10391] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.801895][T10391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.863113][T10391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.891661][T10391] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.899710][T10391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.928309][T10391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.981508][T10499] netlink: 'syz.4.1035': attribute type 6 has an invalid length.
[  291.058752][T10391] hsr_slave_0: entered promiscuous mode
[  291.065561][T10391] hsr_slave_1: entered promiscuous mode
[  291.071928][T10391] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  291.100097][T10391] Cannot create hsr debugfs directory
[  291.187686][T10502] netlink: 'syz.4.1036': attribute type 9 has an invalid length.
[  291.213333][T10502] netlink: 'syz.4.1036': attribute type 6 has an invalid length.
[  291.330258][T10511] FAULT_INJECTION: forcing a failure.
[  291.330258][T10511] name failslab, interval 1, probability 0, space 0, times 0
[  291.343382][T10511] CPU: 0 UID: 0 PID: 10511 Comm: syz.3.1038 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  291.343417][T10511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  291.343432][T10511] Call Trace:
[  291.343442][T10511]  <TASK>
[  291.343453][T10511]  dump_stack_lvl+0x189/0x250
[  291.343489][T10511]  ? __pfx____ratelimit+0x10/0x10
[  291.343522][T10511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.343550][T10511]  ? __pfx__printk+0x10/0x10
[  291.343586][T10511]  ? __lock_acquire+0xab9/0xd20
[  291.343621][T10511]  should_fail_ex+0x414/0x560
[  291.343663][T10511]  should_failslab+0xa8/0x100
[  291.343699][T10511]  __kmalloc_cache_noprof+0x70/0x3d0
[  291.343729][T10511]  ? xfrm_policy_inexact_insert_node+0xa57/0xb60
[  291.343760][T10511]  xfrm_policy_inexact_insert_node+0xa57/0xb60
[  291.343789][T10511]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  291.343841][T10511]  xfrm_policy_inexact_alloc_chain+0x7d4/0xeb0
[  291.343885][T10511]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  291.343929][T10511]  xfrm_policy_inexact_insert+0xc9/0x180
[  291.343966][T10511]  xfrm_policy_insert+0x116/0x940
[  291.344011][T10511]  xfrm_add_policy+0x2e2/0x800
[  291.344106][T10511]  ? __pfx_xfrm_add_policy+0x10/0x10
[  291.344139][T10511]  ? apparmor_capable+0x137/0x1b0
[  291.344184][T10511]  ? __nla_parse+0x40/0x60
[  291.344216][T10511]  xfrm_user_rcv_msg+0x7a3/0xab0
[  291.344262][T10511]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  291.344345][T10511]  ? __mutex_trylock_common+0x153/0x260
[  291.344383][T10511]  ? __pfx___mutex_trylock_common+0x10/0x10
[  291.344424][T10511]  ? rcu_is_watching+0x15/0xb0
[  291.344455][T10511]  ? trace_contention_end+0x39/0x120
[  291.344497][T10511]  netlink_rcv_skb+0x205/0x470
[  291.344533][T10511]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  291.344572][T10511]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  291.344628][T10511]  ? netlink_deliver_tap+0x2e/0x1b0
[  291.344670][T10511]  ? netlink_deliver_tap+0x2e/0x1b0
[  291.344708][T10511]  xfrm_netlink_rcv+0x79/0x90
[  291.344744][T10511]  netlink_unicast+0x758/0x8d0
[  291.344791][T10511]  netlink_sendmsg+0x805/0xb30
[  291.344840][T10511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  291.344881][T10511]  ? aa_sock_msg_perm+0x94/0x160
[  291.344920][T10511]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  291.344943][T10511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  291.344978][T10511]  __sock_sendmsg+0x219/0x270
[  291.345013][T10511]  ____sys_sendmsg+0x505/0x830
[  291.345061][T10511]  ? __pfx_____sys_sendmsg+0x10/0x10
[  291.345114][T10511]  ? import_iovec+0x74/0xa0
[  291.345150][T10511]  ___sys_sendmsg+0x21f/0x2a0
[  291.345184][T10511]  ? __pfx____sys_sendmsg+0x10/0x10
[  291.345261][T10511]  ? __fget_files+0x2a/0x420
[  291.345294][T10511]  ? __fget_files+0x3a0/0x420
[  291.345344][T10511]  __x64_sys_sendmsg+0x19b/0x260
[  291.345374][T10511]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  291.345412][T10511]  ? __pfx_ksys_write+0x10/0x10
[  291.345439][T10511]  ? rcu_is_watching+0x15/0xb0
[  291.345477][T10511]  ? do_syscall_64+0xbe/0x3b0
[  291.345518][T10511]  do_syscall_64+0xfa/0x3b0
[  291.345550][T10511]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.345583][T10511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.345607][T10511]  ? clear_bhb_loop+0x60/0xb0
[  291.345639][T10511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.345662][T10511] RIP: 0033:0x7f09ed18e929
[  291.345693][T10511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.345714][T10511] RSP: 002b:00007f09edf13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  291.345740][T10511] RAX: ffffffffffffffda RBX: 00007f09ed3b5fa0 RCX: 00007f09ed18e929
[  291.345758][T10511] RDX: 0000000000004000 RSI: 0000200000000480 RDI: 0000000000000003
[  291.345774][T10511] RBP: 00007f09edf13090 R08: 0000000000000000 R09: 0000000000000000
[  291.345790][T10511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  291.345805][T10511] R13: 0000000000000000 R14: 00007f09ed3b5fa0 R15: 00007ffea510aa18
[  291.345846][T10511]  </TASK>
[  291.563120][ T5853] Bluetooth: hci4: command tx timeout
[  292.045402][T10306] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.252026][T10306] 8021q: adding VLAN 0 to HW filter on device team0
[  292.278164][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.285383][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.357242][T10530] netlink: 'syz.1.1042': attribute type 1 has an invalid length.
[  292.372848][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.380063][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.382975][T10530] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1042'.
[  292.502490][T10530] 8021q: adding VLAN 0 to HW filter on device macvlan6
[  292.646428][T10306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  293.037484][T10391] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  293.068608][T10391] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  293.126775][T10391] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  293.204489][T10391] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  293.277678][T10554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1049'.
[  293.321935][T10554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1049'.
[  293.337739][T10557] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1049'.
[  293.380769][T10554] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1049'.
[  293.451621][T10306] 8021q: adding VLAN 0 to HW filter on device batadv0
[  293.661367][T10306] veth0_vlan: entered promiscuous mode
[  293.765112][T10391] 8021q: adding VLAN 0 to HW filter on device bond0
[  293.793654][ T5853] Bluetooth: hci4: command tx timeout
[  293.811891][T10306] veth1_vlan: entered promiscuous mode
[  293.849116][T10391] 8021q: adding VLAN 0 to HW filter on device team0
[  293.877173][ T9727] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.884409][ T9727] bridge0: port 1(bridge_slave_0) entered forwarding state
[  293.905781][T10572] netlink: 'syz.3.1052': attribute type 1 has an invalid length.
[  293.945558][T10572] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1052'.
[  293.962727][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.969953][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  294.054347][T10572] bond0: entered promiscuous mode
[  294.085262][T10572] bond_slave_0: entered promiscuous mode
[  294.104285][T10572] bond_slave_1: entered promiscuous mode
[  294.116600][T10572] bond2: entered promiscuous mode
[  294.129816][T10572] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  294.147197][T10572] bond0: left promiscuous mode
[  294.152269][T10572] bond_slave_0: left promiscuous mode
[  294.160184][T10572] bond_slave_1: left promiscuous mode
[  294.170362][T10572] bond2: left promiscuous mode
[  294.175243][T10576] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1053'.
[  294.304637][T10306] veth0_macvtap: entered promiscuous mode
[  294.366860][T10306] veth1_macvtap: entered promiscuous mode
[  294.449292][T10306] batman_adv: batadv0: Interface activated: batadv_slave_0
[  294.486241][T10306] batman_adv: batadv0: Interface activated: batadv_slave_1
[  294.494663][T10583] netlink: 'syz.1.1054': attribute type 9 has an invalid length.
[  294.502516][T10583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1054'.
[  294.530277][T10584] netlink: 'syz.3.1055': attribute type 1 has an invalid length.
[  294.560855][T10584] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1055'.
[  294.578080][T10583] macvlan6: entered promiscuous mode
[  294.613942][T10583] macvlan6: entered allmulticast mode
[  294.646855][T10584] bond0: entered promiscuous mode
[  294.657020][T10584] bond_slave_0: entered promiscuous mode
[  294.663489][T10584] bond_slave_1: entered promiscuous mode
[  294.676363][T10584] bond2: entered promiscuous mode
[  294.682363][T10584] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  294.707508][T10584] bond0: left promiscuous mode
[  294.712434][T10584] bond_slave_0: left promiscuous mode
[  294.744338][T10584] bond_slave_1: left promiscuous mode
[  294.750036][T10584] bond2: left promiscuous mode
[  294.831564][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  294.864148][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  294.945243][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  294.962500][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  295.180839][ T9728] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  295.222975][ T9728] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  295.231994][T10391] 8021q: adding VLAN 0 to HW filter on device batadv0
[  295.283206][T10598] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  295.289800][T10598] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  295.297051][T10598] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  295.303545][T10598] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  295.311181][T10598] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  295.317691][T10598] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  295.361247][T10598] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  295.367811][T10598] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  295.377043][ T9728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  295.400361][ T9728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  295.427272][T10598] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  295.433781][T10598] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  295.530402][T10391] veth0_vlan: entered promiscuous mode
[  295.575435][T10391] veth1_vlan: entered promiscuous mode
[  295.690447][T10608] FAULT_INJECTION: forcing a failure.
[  295.690447][T10608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.710024][T10391] veth0_macvtap: entered promiscuous mode
[  295.736192][T10608] CPU: 1 UID: 0 PID: 10608 Comm: syz.3.1062 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  295.736222][T10608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.736235][T10608] Call Trace:
[  295.736243][T10608]  <TASK>
[  295.736252][T10608]  dump_stack_lvl+0x189/0x250
[  295.736284][T10608]  ? __pfx____ratelimit+0x10/0x10
[  295.736313][T10608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.736339][T10608]  ? __pfx__printk+0x10/0x10
[  295.736384][T10608]  should_fail_ex+0x414/0x560
[  295.736422][T10608]  _copy_to_user+0x31/0xb0
[  295.736452][T10608]  simple_read_from_buffer+0xe1/0x170
[  295.736486][T10608]  proc_fail_nth_read+0x1df/0x250
[  295.736522][T10608]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  295.736556][T10608]  ? rw_verify_area+0x258/0x650
[  295.736580][T10608]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  295.736612][T10608]  vfs_read+0x200/0x980
[  295.736641][T10608]  ? __pfx___mutex_lock+0x10/0x10
[  295.736671][T10608]  ? __pfx_vfs_read+0x10/0x10
[  295.736698][T10608]  ? __fget_files+0x2a/0x420
[  295.736732][T10608]  ? __fget_files+0x3a0/0x420
[  295.736761][T10608]  ? __fget_files+0x2a/0x420
[  295.736801][T10608]  ksys_read+0x145/0x250
[  295.736829][T10608]  ? __pfx_ksys_read+0x10/0x10
[  295.736852][T10608]  ? rcu_is_watching+0x15/0xb0
[  295.736885][T10608]  ? do_syscall_64+0xbe/0x3b0
[  295.736920][T10608]  do_syscall_64+0xfa/0x3b0
[  295.736947][T10608]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.736975][T10608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.736996][T10608]  ? clear_bhb_loop+0x60/0xb0
[  295.737024][T10608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.737045][T10608] RIP: 0033:0x7f09ed18d33c
[  295.737064][T10608] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  295.737091][T10608] RSP: 002b:00007f09edf13030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  295.737114][T10608] RAX: ffffffffffffffda RBX: 00007f09ed3b5fa0 RCX: 00007f09ed18d33c
[  295.737129][T10608] RDX: 000000000000000f RSI: 00007f09edf130a0 RDI: 0000000000000004
[  295.737142][T10608] RBP: 00007f09edf13090 R08: 0000000000000000 R09: 0000000000000014
[  295.737155][T10608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.737168][T10608] R13: 0000000000000000 R14: 00007f09ed3b5fa0 R15: 00007ffea510aa18
[  295.737203][T10608]  </TASK>
[  295.741649][T10391] veth1_macvtap: entered promiscuous mode
[  296.108441][T10391] batman_adv: batadv0: Interface activated: batadv_slave_0
[  296.151366][T10391] batman_adv: batadv0: Interface activated: batadv_slave_1
[  296.419099][ T9727] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.483385][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  296.533203][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  296.549384][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  296.596458][ T9727] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.617736][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  296.668358][ T9727] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.730824][ T3431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.749607][ T3431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.788181][ T9727] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.818620][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.827392][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.978646][ T9727] bridge_slave_1: left allmulticast mode
[  296.984909][ T9727] bridge_slave_1: left promiscuous mode
[  296.991247][ T9727] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.001723][ T9727] bridge_slave_0: left allmulticast mode
[  297.007865][ T9727] bridge_slave_0: left promiscuous mode
[  297.014330][ T9727] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.360915][ T9727] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  297.379174][ T9727] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.395503][ T9727] bond0 (unregistering): Released all slaves
[  297.911137][T10634] netlink: 'syz.4.1069': attribute type 1 has an invalid length.
[  297.920718][T10634] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1069'.
[  298.002801][T10634] bond0: entered promiscuous mode
[  298.013333][T10634] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  298.024181][T10634] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  298.105099][T10634] bond0: left promiscuous mode
[  298.109956][T10634] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  298.134275][T10641] netlink: 320 bytes leftover after parsing attributes in process `syz.1.1071'.
[  298.144845][T10641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1071'.
[  298.541954][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  298.551726][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  298.559938][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  298.571514][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  298.580843][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  298.669809][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  298.680605][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  298.690986][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  298.693734][T10651] lo speed is unknown, defaulting to 1000
[  298.705360][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  298.714226][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  298.868723][ T9727] hsr_slave_0: left promiscuous mode
[  298.892964][ T9727] hsr_slave_1: left promiscuous mode
[  298.907269][ T9727] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.918991][ T9727] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.930072][ T9727] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.941241][ T9727] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.984459][ T9727] veth1_macvtap: left promiscuous mode
[  299.000336][ T9727] veth0_macvtap: left promiscuous mode
[  299.010614][ T9727] veth1_vlan: left promiscuous mode
[  299.021703][ T9727] veth0_vlan: left promiscuous mode
[  299.370405][T10675] netlink: 'syz.4.1082': attribute type 6 has an invalid length.
[  299.661305][T10689] netlink: 'syz.4.1086': attribute type 1 has an invalid length.
[  299.701649][T10689] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1086'.
[  300.216106][ T9727] team0 (unregistering): Port device team_slave_1 removed
[  300.251555][ T9727] team0 (unregistering): Port device team_slave_0 removed
[  300.649662][T10657] lo speed is unknown, defaulting to 1000
[  300.668301][T10691] bond0: entered promiscuous mode
[  300.683151][ T5853] Bluetooth: hci0: command tx timeout
[  300.683477][T10691] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  300.717551][T10691] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  300.755348][ T5853] Bluetooth: hci4: command tx timeout
[  300.784194][T10691] bond0: left promiscuous mode
[  300.789000][T10691] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  300.817193][T10697] sctp: [Deprecated]: syz.3.1089 (pid 10697) Use of struct sctp_assoc_value in delayed_ack socket option.
[  300.817193][T10697] Use struct sctp_sack_info instead
[  301.005905][T10700] FAULT_INJECTION: forcing a failure.
[  301.005905][T10700] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  301.037301][T10700] CPU: 0 UID: 0 PID: 10700 Comm: syz.1.1090 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  301.037333][T10700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  301.037346][T10700] Call Trace:
[  301.037354][T10700]  <TASK>
[  301.037363][T10700]  dump_stack_lvl+0x189/0x250
[  301.037395][T10700]  ? __pfx____ratelimit+0x10/0x10
[  301.037423][T10700]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.037458][T10700]  ? __pfx__printk+0x10/0x10
[  301.037487][T10700]  ? __might_fault+0xb0/0x130
[  301.037526][T10700]  should_fail_ex+0x414/0x560
[  301.037563][T10700]  _copy_from_iter+0x1db/0x16f0
[  301.037591][T10700]  ? rcu_is_watching+0x15/0xb0
[  301.037618][T10700]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  301.037647][T10700]  ? __pfx__copy_from_iter+0x10/0x10
[  301.037690][T10700]  ? __build_skb_around+0x257/0x3e0
[  301.037726][T10700]  ? netlink_sendmsg+0x642/0xb30
[  301.037754][T10700]  ? skb_put+0x11b/0x210
[  301.037789][T10700]  netlink_sendmsg+0x6b2/0xb30
[  301.037830][T10700]  ? __pfx_netlink_sendmsg+0x10/0x10
[  301.037865][T10700]  ? aa_sock_msg_perm+0x94/0x160
[  301.037900][T10700]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  301.037919][T10700]  ? __pfx_netlink_sendmsg+0x10/0x10
[  301.037950][T10700]  __sock_sendmsg+0x219/0x270
[  301.037980][T10700]  ____sys_sendmsg+0x505/0x830
[  301.038021][T10700]  ? __pfx_____sys_sendmsg+0x10/0x10
[  301.038067][T10700]  ? import_iovec+0x74/0xa0
[  301.038097][T10700]  ___sys_sendmsg+0x21f/0x2a0
[  301.038121][T10700]  ? __pfx____sys_sendmsg+0x10/0x10
[  301.038185][T10700]  ? __fget_files+0x2a/0x420
[  301.038214][T10700]  ? __fget_files+0x3a0/0x420
[  301.038256][T10700]  __x64_sys_sendmsg+0x19b/0x260
[  301.038280][T10700]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  301.038313][T10700]  ? __pfx_ksys_write+0x10/0x10
[  301.038336][T10700]  ? rcu_is_watching+0x15/0xb0
[  301.038367][T10700]  ? do_syscall_64+0xbe/0x3b0
[  301.038402][T10700]  do_syscall_64+0xfa/0x3b0
[  301.038430][T10700]  ? lockdep_hardirqs_on+0x9c/0x150
[  301.038465][T10700]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.038486][T10700]  ? clear_bhb_loop+0x60/0xb0
[  301.038513][T10700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.038534][T10700] RIP: 0033:0x7f221c58e929
[  301.038554][T10700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.038572][T10700] RSP: 002b:00007f221a3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  301.038595][T10700] RAX: ffffffffffffffda RBX: 00007f221c7b5fa0 RCX: 00007f221c58e929
[  301.038610][T10700] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  301.038624][T10700] RBP: 00007f221a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  301.038637][T10700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.038650][T10700] R13: 0000000000000000 R14: 00007f221c7b5fa0 R15: 00007ffe7c2a9b98
[  301.038684][T10700]  </TASK>
[  301.601887][T10651] chnl_net:caif_netlink_parms(): no params data found
[  301.700621][T10720] netlink: 'syz.1.1093': attribute type 4 has an invalid length.
[  301.790780][T10725] netlink: 'syz.1.1093': attribute type 4 has an invalid length.
[  301.971947][T10651] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.980144][T10651] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.988429][T10651] bridge_slave_0: entered allmulticast mode
[  301.996802][T10651] bridge_slave_0: entered promiscuous mode
[  302.024165][T10651] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.031408][T10651] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.043211][T10651] bridge_slave_1: entered allmulticast mode
[  302.058792][T10651] bridge_slave_1: entered promiscuous mode
[  302.142745][ T1086] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.218531][T10651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  302.278519][ T1086] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.300576][T10651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  302.338126][T10737] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1098'.
[  302.484945][T10739] Unsupported ieee802154 address type: 0
[  302.499625][ T1086] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.556471][T10657] chnl_net:caif_netlink_parms(): no params data found
[  302.579329][T10651] team0: Port device team_slave_0 added
[  302.658412][ T1086] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.697730][T10651] team0: Port device team_slave_1 added
[  302.753567][ T5853] Bluetooth: hci0: command tx timeout
[  302.831836][T10651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  302.839113][ T5853] Bluetooth: hci4: command tx timeout
[  302.844053][T10651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  302.871900][T10651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  302.959259][T10651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  302.968811][T10651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  302.997268][T10651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  303.044658][T10657] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.054360][T10657] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.069461][T10657] bridge_slave_0: entered allmulticast mode
[  303.084440][T10657] bridge_slave_0: entered promiscuous mode
[  303.163049][T10657] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.171437][T10657] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.179197][T10657] bridge_slave_1: entered allmulticast mode
[  303.186741][T10657] bridge_slave_1: entered promiscuous mode
[  303.227905][T10769] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1108'.
[  303.278456][T10765] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1107'.
[  303.294561][T10765] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1107'.
[  303.305957][T10765] net_ratelimit: 68 callbacks suppressed
[  303.305974][T10765] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  303.325810][T10770] xt_CT: You must specify a L4 protocol and not use inversions on it
[  303.354610][T10651] hsr_slave_0: entered promiscuous mode
[  303.370247][T10651] hsr_slave_1: entered promiscuous mode
[  303.377577][T10651] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  303.385389][T10651] Cannot create hsr debugfs directory
[  303.410767][T10657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  303.445117][T10767] lo speed is unknown, defaulting to 1000
[  303.456312][T10657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  303.509479][ T1086] bridge_slave_1: left allmulticast mode
[  303.523590][ T1086] bridge_slave_1: left promiscuous mode
[  303.539038][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.579298][ T1086] bridge_slave_0: left allmulticast mode
[  303.593681][ T1086] bridge_slave_0: left promiscuous mode
[  303.603644][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.093807][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.107423][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.119424][ T1086] bond0 (unregistering): Released all slaves
[  304.169278][T10777] FAULT_INJECTION: forcing a failure.
[  304.169278][T10777] name failslab, interval 1, probability 0, space 0, times 0
[  304.199842][T10777] CPU: 0 UID: 0 PID: 10777 Comm: syz.4.1111 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  304.199876][T10777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  304.199894][T10777] Call Trace:
[  304.199903][T10777]  <TASK>
[  304.199913][T10777]  dump_stack_lvl+0x189/0x250
[  304.199945][T10777]  ? __pfx____ratelimit+0x10/0x10
[  304.199975][T10777]  ? __pfx_dump_stack_lvl+0x10/0x10
[  304.200001][T10777]  ? __pfx__printk+0x10/0x10
[  304.200039][T10777]  ? __pfx___might_resched+0x10/0x10
[  304.200064][T10777]  ? fs_reclaim_acquire+0x7d/0x100
[  304.200101][T10777]  should_fail_ex+0x414/0x560
[  304.200140][T10777]  should_failslab+0xa8/0x100
[  304.200171][T10777]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  304.200244][T10777]  ? __alloc_skb+0x112/0x2d0
[  304.200281][T10777]  __alloc_skb+0x112/0x2d0
[  304.200317][T10777]  netlink_ack+0x146/0xa50
[  304.200343][T10777]  ? __pfx_genl_rcv_msg+0x10/0x10
[  304.200363][T10777]  ? ref_tracker_free+0x63a/0x7d0
[  304.200381][T10777]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  304.200413][T10777]  ? __pfx_nl80211_post_doit+0x10/0x10
[  304.200437][T10777]  ? __pfx_ref_tracker_free+0x10/0x10
[  304.200471][T10777]  netlink_rcv_skb+0x28c/0x470
[  304.200502][T10777]  ? __pfx_genl_rcv_msg+0x10/0x10
[  304.200525][T10777]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  304.200574][T10777]  ? down_read+0x1ad/0x2e0
[  304.200610][T10777]  genl_rcv+0x28/0x40
[  304.200629][T10777]  netlink_unicast+0x758/0x8d0
[  304.200671][T10777]  netlink_sendmsg+0x805/0xb30
[  304.200713][T10777]  ? __pfx_netlink_sendmsg+0x10/0x10
[  304.200748][T10777]  ? aa_sock_msg_perm+0x94/0x160
[  304.200783][T10777]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  304.200804][T10777]  ? __pfx_netlink_sendmsg+0x10/0x10
[  304.200840][T10777]  __sock_sendmsg+0x219/0x270
[  304.200871][T10777]  ____sys_sendmsg+0x505/0x830
[  304.200913][T10777]  ? __pfx_____sys_sendmsg+0x10/0x10
[  304.200959][T10777]  ? import_iovec+0x74/0xa0
[  304.200991][T10777]  ___sys_sendmsg+0x21f/0x2a0
[  304.201013][T10777]  ? __pfx____sys_sendmsg+0x10/0x10
[  304.201071][T10777]  ? __fget_files+0x2a/0x420
[  304.201097][T10777]  ? __fget_files+0x3a0/0x420
[  304.201139][T10777]  __x64_sys_sendmsg+0x19b/0x260
[  304.201161][T10777]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  304.201202][T10777]  ? __pfx_ksys_write+0x10/0x10
[  304.201225][T10777]  ? rcu_is_watching+0x15/0xb0
[  304.201257][T10777]  ? do_syscall_64+0xbe/0x3b0
[  304.201293][T10777]  do_syscall_64+0xfa/0x3b0
[  304.201322][T10777]  ? lockdep_hardirqs_on+0x9c/0x150
[  304.201350][T10777]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.201372][T10777]  ? clear_bhb_loop+0x60/0xb0
[  304.201399][T10777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.201429][T10777] RIP: 0033:0x7f775ed8e929
[  304.201450][T10777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.201470][T10777] RSP: 002b:00007f775fbb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  304.201494][T10777] RAX: ffffffffffffffda RBX: 00007f775efb5fa0 RCX: 00007f775ed8e929
[  304.201511][T10777] RDX: 0000000000000044 RSI: 0000200000000100 RDI: 0000000000000009
[  304.201526][T10777] RBP: 00007f775fbb3090 R08: 0000000000000000 R09: 0000000000000000
[  304.201539][T10777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  304.201553][T10777] R13: 0000000000000000 R14: 00007f775efb5fa0 R15: 00007ffd53ec7108
[  304.201589][T10777]  </TASK>
[  304.640600][T10657] team0: Port device team_slave_0 added
[  304.676453][T10779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1112'.
[  304.705924][T10657] team0: Port device team_slave_1 added
[  304.832949][ T5853] Bluetooth: hci0: command tx timeout
[  304.859387][T10657] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.866665][T10657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.893398][T10657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.913084][ T5853] Bluetooth: hci4: command tx timeout
[  304.999833][T10657] batman_adv: batadv0: Adding interface: batadv_slave_1
[  305.006989][T10657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.033468][T10657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  305.352950][T10791] veth0_virt_wifi: renamed from vlan0
[  305.644474][T10657] hsr_slave_0: entered promiscuous mode
[  305.662207][T10657] hsr_slave_1: entered promiscuous mode
[  305.679970][T10806] FAULT_INJECTION: forcing a failure.
[  305.679970][T10806] name failslab, interval 1, probability 0, space 0, times 0
[  305.685179][T10657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  305.699638][T10806] CPU: 1 UID: 0 PID: 10806 Comm: syz.3.1119 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  305.699675][T10806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  305.699691][T10806] Call Trace:
[  305.699701][T10806]  <TASK>
[  305.699711][T10806]  dump_stack_lvl+0x189/0x250
[  305.699748][T10806]  ? __pfx____ratelimit+0x10/0x10
[  305.699782][T10806]  ? __pfx_dump_stack_lvl+0x10/0x10
[  305.699812][T10806]  ? __pfx__printk+0x10/0x10
[  305.699853][T10806]  ? __pfx___might_resched+0x10/0x10
[  305.699881][T10806]  ? fs_reclaim_acquire+0x7d/0x100
[  305.699923][T10806]  should_fail_ex+0x414/0x560
[  305.699966][T10806]  should_failslab+0xa8/0x100
[  305.700002][T10806]  kmem_cache_alloc_noprof+0x73/0x3c0
[  305.700031][T10806]  ? alloc_empty_file+0x55/0x1d0
[  305.700073][T10806]  alloc_empty_file+0x55/0x1d0
[  305.700112][T10806]  alloc_file_pseudo+0x13d/0x210
[  305.700154][T10806]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  305.700198][T10806]  ? do_raw_spin_unlock+0x122/0x240
[  305.700230][T10806]  ? _raw_spin_unlock+0x28/0x50
[  305.700262][T10806]  sock_alloc_file+0xb8/0x2e0
[  305.700283][T10806]  ? __sys_socket+0x12c/0x1b0
[  305.700310][T10806]  __sys_socket+0x13d/0x1b0
[  305.700349][T10806]  __x64_sys_socket+0x7a/0x90
[  305.700378][T10806]  do_syscall_64+0xfa/0x3b0
[  305.700405][T10806]  ? lockdep_hardirqs_on+0x9c/0x150
[  305.700432][T10806]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.700452][T10806]  ? clear_bhb_loop+0x60/0xb0
[  305.700479][T10806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.700500][T10806] RIP: 0033:0x7f09ed190847
[  305.700519][T10806] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.700538][T10806] RSP: 002b:00007f09eafd3fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[  305.700560][T10806] RAX: ffffffffffffffda RBX: 00007f09ed3b6160 RCX: 00007f09ed190847
[  305.700576][T10806] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  305.700588][T10806] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[  305.700601][T10806] R10: 0000200000001540 R11: 0000000000000286 R12: 0000000000000001
[  305.700614][T10806] R13: 0000000000000000 R14: 00007f09ed3b6160 R15: 00007ffea510aa18
[  305.700648][T10806]  </TASK>
[  305.932636][T10657] Cannot create hsr debugfs directory
[  305.960885][ T1086] hsr_slave_0: left promiscuous mode
[  305.971173][ T1086] hsr_slave_1: left promiscuous mode
[  305.985990][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  305.998080][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0
[  306.009094][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  306.017168][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1
[  306.044047][ T1086] veth1_macvtap: left promiscuous mode
[  306.050764][ T1086] veth0_macvtap: left promiscuous mode
[  306.056937][ T1086] veth1_vlan: left promiscuous mode
[  306.062439][ T1086] veth0_vlan: left promiscuous mode
[  306.671937][ T1086] team0 (unregistering): Port device team_slave_1 removed
[  306.672686][T10824] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  306.730503][ T1086] team0 (unregistering): Port device team_slave_0 removed
[  306.913505][ T5853] Bluetooth: hci0: command tx timeout
[  307.003966][ T5853] Bluetooth: hci4: command tx timeout
[  307.593938][T10837] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1132'.
[  307.612268][T10837] unsupported nlmsg_type 40
[  307.988798][T10651] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  308.015119][T10651] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  308.040033][T10651] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  308.103595][T10651] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  308.270942][T10657] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  308.291387][T10657] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  308.310496][T10657] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  308.327594][T10657] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  308.518951][T10651] 8021q: adding VLAN 0 to HW filter on device bond0
[  308.600505][T10651] 8021q: adding VLAN 0 to HW filter on device team0
[  308.627677][T10657] 8021q: adding VLAN 0 to HW filter on device bond0
[  308.642402][ T9727] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.649608][ T9727] bridge0: port 1(bridge_slave_0) entered forwarding state
[  308.685084][T10877] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  308.691974][T10657] 8021q: adding VLAN 0 to HW filter on device team0
[  308.749946][ T9730] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.757189][ T9730] bridge0: port 2(bridge_slave_1) entered forwarding state
[  308.809723][ T9730] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.816935][ T9730] bridge0: port 1(bridge_slave_0) entered forwarding state
[  308.870919][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.878155][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.453605][T10906] lo speed is unknown, defaulting to 1000
[  309.652128][T10918] syzkaller0: Caught tx_queue_len zero misconfig
[  309.761013][T10657] 8021q: adding VLAN 0 to HW filter on device batadv0
[  309.790016][T10651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.027608][T10651] veth0_vlan: entered promiscuous mode
[  310.051694][T10657] veth0_vlan: entered promiscuous mode
[  310.087507][T10651] veth1_vlan: entered promiscuous mode
[  310.160872][T10657] veth1_vlan: entered promiscuous mode
[  310.175706][T10926] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  310.194099][   T13] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  310.269853][T10930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1160'.
[  310.284472][T10926] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI
[  310.296412][T10926] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[  310.304933][T10926] CPU: 0 UID: 0 PID: 10926 Comm: syz.3.1158 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) 
[  310.317015][T10926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  310.327088][T10926] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[  310.333536][T10926] Code: 89 ef e8 e0 0d ab f8 4d 89 ef 85 db 74 0d e8 64 8d 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 a9 0d ab f8 48 8b
[  310.353340][T10926] RSP: 0018:ffffc90002f07128 EFLAGS: 00010202
[  310.359430][T10926] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002
[  310.367408][T10926] RDX: ffff8880251d8000 RSI: 0000000000000000 RDI: 0000000000000000
[  310.375392][T10926] RBP: 0000000000000000 R08: ffff8880251d8000 R09: 0000000000000002
[  310.383389][T10926] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000b0002
[  310.391369][T10926] R13: ffff888026ada000 R14: dffffc0000000000 R15: ffff888026ada000
[  310.399349][T10926] FS:  00007f09edf136c0(0000) GS:ffff888125c14000(0000) knlGS:0000000000000000
[  310.408287][T10926] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  310.414969][T10926] CR2: 000000110c352f2f CR3: 000000007879a000 CR4: 00000000003526f0
[  310.422960][T10926] Call Trace:
[  310.426245][T10926]  <TASK>
[  310.429182][T10926]  ? qdisc_tree_reduce_backlog+0x3c/0x480
[  310.434920][T10926]  hhf_change+0x764/0xad0
[  310.439267][T10926]  ? __pfx_hhf_change+0x10/0x10
[  310.444123][T10926]  ? __raw_spin_lock_init+0x45/0x100
[  310.449422][T10926]  ? qdisc_alloc+0x7a1/0xaa0
[  310.454026][T10926]  ? __pfx_hhf_init+0x10/0x10
[  310.458735][T10926]  hhf_init+0x213/0x950
[  310.462907][T10926]  ? __pfx_hhf_init+0x10/0x10
[  310.467591][T10926]  qdisc_create+0x7a9/0xea0
[  310.472110][T10926]  tc_modify_qdisc+0x1426/0x2010
[  310.477064][T10926]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  310.482372][T10926]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  310.487683][T10926]  rtnetlink_rcv_msg+0x779/0xb70
[  310.492642][T10926]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  310.497770][T10926]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.503239][T10926]  ? ref_tracker_free+0x63a/0x7d0
[  310.508270][T10926]  ? __copy_skb_header+0xa7/0x550
[  310.513479][T10926]  ? __pfx_ref_tracker_free+0x10/0x10
[  310.518858][T10926]  netlink_rcv_skb+0x205/0x470
[  310.523640][T10926]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.529112][T10926]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  310.534414][T10926]  ? netlink_deliver_tap+0x2e/0x1b0
[  310.539624][T10926]  ? netlink_deliver_tap+0x2e/0x1b0
[  310.544927][T10926]  netlink_unicast+0x758/0x8d0
[  310.549724][T10926]  netlink_sendmsg+0x805/0xb30
[  310.554513][T10926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.559816][T10926]  ? aa_sock_msg_perm+0x94/0x160
[  310.564774][T10926]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  310.570064][T10926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.575463][T10926]  __sock_sendmsg+0x219/0x270
[  310.580241][T10926]  ____sys_sendmsg+0x505/0x830
[  310.585037][T10926]  ? __pfx_____sys_sendmsg+0x10/0x10
[  310.590343][T10926]  ? import_iovec+0x74/0xa0
[  310.594857][T10926]  ___sys_sendmsg+0x21f/0x2a0
[  310.599540][T10926]  ? __pfx____sys_sendmsg+0x10/0x10
[  310.604766][T10926]  ? __fget_files+0x2a/0x420
[  310.609469][T10926]  ? __fget_files+0x3a0/0x420
[  310.614166][T10926]  __x64_sys_sendmsg+0x19b/0x260
[  310.619108][T10926]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  310.624573][T10926]  ? rcu_is_watching+0x15/0xb0
[  310.629354][T10926]  ? do_syscall_64+0xbe/0x3b0
[  310.634046][T10926]  do_syscall_64+0xfa/0x3b0
[  310.638560][T10926]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.643949][T10926]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.650024][T10926]  ? clear_bhb_loop+0x60/0xb0
[  310.654712][T10926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.660728][T10926] RIP: 0033:0x7f09ed18e929
[  310.665152][T10926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.684851][T10926] RSP: 002b:00007f09edf13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  310.693277][T10926] RAX: ffffffffffffffda RBX: 00007f09ed3b5fa0 RCX: 00007f09ed18e929
[  310.701258][T10926] RDX: 0000000004008000 RSI: 0000200000000200 RDI: 0000000000000009
[  310.709251][T10926] RBP: 00007f09ed210b39 R08: 0000000000000000 R09: 0000000000000000
[  310.717434][T10926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  310.725419][T10926] R13: 0000000000000000 R14: 00007f09ed3b5fa0 R15: 00007ffea510aa18
[  310.733499][T10926]  </TASK>
[  310.736535][T10926] Modules linked in:
[  310.740663][T10926] ---[ end trace 0000000000000000 ]---
[  310.746179][T10926] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[  310.752618][T10926] Code: 89 ef e8 e0 0d ab f8 4d 89 ef 85 db 74 0d e8 64 8d 47 f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 a9 0d ab f8 48 8b
[  310.772271][T10926] RSP: 0018:ffffc90002f07128 EFLAGS: 00010202
[  310.778361][T10926] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002
[  310.786356][T10926] RDX: ffff8880251d8000 RSI: 0000000000000000 RDI: 0000000000000000
[  310.794453][T10926] RBP: 0000000000000000 R08: ffff8880251d8000 R09: 0000000000000002
[  310.802517][T10926] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000b0002
[  310.810517][T10926] R13: ffff888026ada000 R14: dffffc0000000000 R15: ffff888026ada000
[  310.818526][T10926] FS:  00007f09edf136c0(0000) GS:ffff888125c14000(0000) knlGS:0000000000000000
[  310.827479][T10926] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  310.834102][T10926] CR2: 000000110c352f2f CR3: 000000007879a000 CR4: 00000000003526f0
[  310.842090][T10926] Kernel panic - not syncing: Fatal exception in interrupt
[  310.849433][T10926] Kernel Offset: disabled
[  310.853768][T10926] Rebooting in 86400 seconds..