last executing test programs:

1m7.732108956s ago: executing program 1 (id=1460):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68)

57.129723543s ago: executing program 1 (id=1460):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68)

45.612055674s ago: executing program 1 (id=1460):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68)

42.806835799s ago: executing program 3 (id=2420):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r0, 0x0, 0x22, &(0x7f0000000140)=0xe0, 0x4)
setsockopt$inet_tcp_TLS_TX(r0, 0x11e, 0x1, &(0x7f0000000100)=@ccm_128={{}, "ee6a8e64a9f4d496", "2742cd9e1a7dee0a5709069c6e67af34", "2a715cd7", "bc0876e56d217c57"}, 0x28)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x2}, 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r3, r4, 0x2, 0x2}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810)

41.19410098s ago: executing program 3 (id=2432):
r0 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@ieee802154={0x24, @long}, &(0x7f0000000080)=0x80, 0x0)
r1 = accept4$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000100)=0x10, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000180)={0x2, [0x7, 0x7]}, 0x8)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), r0)
sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x74, r2, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'geneve0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'hsr0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x44810}, 0x4000c)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), r0)
sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, r3, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3ff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7ff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8}, 0x880)
syz_genetlink_get_family_id$team(&(0x7f00000004c0), r0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), r0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000680)={'tunl0\x00', &(0x7f0000000580)={'syztnl1\x00', <r5=>0x0, 0x700, 0x20, 0x7, 0x1, {{0x37, 0x4, 0x2, 0x1a, 0xdc, 0x65, 0x0, 0xf1, 0x29, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @lsrr={0x83, 0x1f, 0x9a, [@loopback, @dev={0xac, 0x14, 0x14, 0x22}, @loopback, @broadcast, @loopback, @local, @multicast2]}, @generic={0x44, 0x4, "b57f"}, @timestamp_addr={0x44, 0x34, 0x84, 0x1, 0x3, [{@loopback, 0x7f}, {@private=0xa010100, 0x81}, {@rand_addr=0x64010102, 0x3}, {@private=0xa010102, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}, {@private=0xa010101, 0x2}]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0xc9, 0x3, 0x1, [{@empty, 0xfff}, {@broadcast, 0x3}, {@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x2c}, 0x40000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1d1}]}, @noop, @cipso={0x86, 0x3c, 0xffffffffffffffff, [{0x1, 0xa, "d6671c4885ca584e"}, {0x1, 0x10, "426c19464feae8e674db8f0ccbea"}, {0x5, 0xe, "353df9b5b9a960f981339787"}, {0x5, 0xe, "0b18b0e0cca1d69eba17e4ec"}]}]}}}}})
sendmsg$ETHTOOL_MSG_EEE_GET(r0, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000007c0)={&(0x7f00000006c0)={0xec, r4, 0x400, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000040}, 0x80)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000840)=0x7, 0x4)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), r0)
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x94, r6, 0x8, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "b019dc3bd8d34dda5038a23ed8"}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "e1661511434727c519df526b50"}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}]}, 0x94}, 0x1, 0x0, 0x0, 0x40080}, 0x80)
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000c00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x138, r3, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0xd0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x84ed}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffff9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8c}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x812}, 0x4008854)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000c40))
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'team_slave_0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000001400)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000013c0)={&(0x7f0000000d00)={0x6a4, r6, 0x2, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x2c}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@pspoll={{}, @default, @from_mac=@broadcast, @broadcast}}, @NL80211_ATTR_FRAME={0x312, 0x33, @data_frame={@msdu=@type10={{0x0, 0x2, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @initial, @device_a, @broadcast, {0x2, 0xe}, "", @void, @value=@ver_80211n={0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @random="377cd7de36f18532e063c83f36ec58d6befe9372802ed6e2c758bb696b76edda0c7263d552ba9fb593f66d3930dadc68f6b06f1d1b4d25b6a3bbefcd6af257acfec7c29bbefd2133e07e44ce7ed5a0c38aaa2bfeab5ee4be380e62e89fee02191bcbef4870c10ec17bf65aca2f806dae9777410f1352410996a2f94176a6a1ad31c062b742c2932c089c9d02f306d4f5fb6c1ebd9a18d1d845e2a97cecab208bd59d79113f9af95f7ba699678e9551a6c0bfb7222ea4399445d99a3cc3a218f3c1cb84adf2626c48f28bf9ad3d026b060aebf64e594955c15fa8e08997d2c9b8282cc6ea93f64952bb3f32426ea4be063d393a09c6972811451ec241259b0ce61ca84e9d3cdde935ac3609723c4eba76f88c057cc5b797e70528513ced9bf201b7423f8c206146a74e18852763c336c1381f66e47ff513602dc927038a6cd5008f6750531009fc652c135efc1e8f150e9f5943ba1d8a3021c51fc7f9244e2d270cbb4297d7a9b5e30c170965b3757129e2a1c1858cd62287d9a270d94ba7afd901210f0526d832d8a6e8ba4f51a8c138255e4e9c9a298ceec5dc8c3ff5c4ba984c4268ace9f28677cbc9af0c71c012d82601b5b9dee9b942d4c03763ab850133de53e6a221f213f7840f146726f53f838d9e4e3b462105fa0387dd0fd6f8a36c8368b5d2d26960a9612a5b593abaa9ce59186c46e2d3c6f8b06d588274c7e4225c3338d109646ea374468040906b9f0da56eb5f12be2195df00405452cfd9d1a69173b50f38ececea2632ce27e957015085e039b41bbeaba843d105098254fb88c076106e4998b65ab4d8911b8f55d1872c8e5ff7fce309f630eabe761095d4c8a76387aaca3bc10848e5efde57d24ec269f2ec2c6ae8b7c3bc88075dba1507e9c4577143f2c8bb57e46dca0b42810a58a713e2a534c8fd59495b52541a854bf00e7fa0d9abc5d6d6c0aaa0b15958745427740140bceb1bf852db14efa74d92ea41549257aedab35382e8a66e3193499ab1f63f9f463fca9997d518a0ec8a37044ef5691fdd94d0d97a089d016abee9fd9a1"}}, @NL80211_ATTR_FRAME={0x32b, 0x33, @mgmt_frame=@beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x9}, @broadcast, @device_b, @random="7d0f8244e3a8", {0x4, 0x6}, @value=@ver_80211n={0x0, 0x3, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0x9, @default, 0x40, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @val={0x6, 0x2, 0xfff9}, @void, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x1, 0x0, 0x4, 0x0, {0x5, 0x8, 0x0, 0x48, 0x0, 0x0, 0x1, 0x3, 0x1}, 0x300, 0x8, 0x5}}, @void, @void, @val={0x76, 0x6, {0x5, 0x5, 0xb, 0x401}}, [{0xdd, 0xb2, "9dbcd0659ad6fc9d7584d7a807d60e92f336bbba2589d2273ca29253cca332cf00c9cf938cf0ba8ac713e923e07f95d1433ae1424e0f41711b0c6f3b16180918336d80218c08949a1e0702d5ad816b1af94cf7c9b6775988397dc39176a93a222cecff276563c959922d92c5fa883bec04870fbb3339fdfaf2b058d1dc277f5d16a7b1ae152b6a5882be135138f446d97a88bf2b981b8c0cb1201805ae201a4bd281e976b39103f5c6f5e1dbb2ace5d336e9"}, {0xdd, 0x6e, "e68c00122c2565b849e10aee863932006c0a0ec6d917a611880a87cbf090ff090f9095b9370708b7035c6ba29b68f2da441d64ee15c995daf4dd11a3416a52bf4fba54db62b1eb31e84c7d2ee3332f47d5c6493eed8656046f0714ea3901477ada028752f3cbb348bbfe1f387da7"}, {0xdd, 0x60, "d661fdd03847790e4c878f01b1c9a027ac18f7341d942ff5141d1686b1215659ddf230a13a218a118ce246d782ca4707f53fcf56368c3c909a9fb3a46c5bc2abda5632d3fb141b8472dd9270dc55b8633c176729ce1c961034298bdd29350a1e"}, {0xdd, 0x48, "7ebaff1ae281c5dc827adb5af5079d9a2108e83751b9b47d5d9c15920e5d84c02e2f9b4991c979acaaab051e08282e01aedf931efb43e97a3c49d3a87a2fdb2e88af13296c912fa3"}, {0xdd, 0xf8, "c993f718b3bf90972507e03514bdb7a226a71d3b673ea596b664c837e5625dce13b6ad2241c482497c10105e677cd05d51f193451714387c37cbc1ca595c495e7d6be21c22d3ae763b3d826a9d883c2c3d842e8f41d1991619564527bf45586b4919c8871de7c4cb1c2d65027ba94554e138f28a3b846820638837d2b1170bc139141a8fb00631ce864f7d2a9e163d1da043a46bc4a6fe3e634b238ed56f5e92e594d216f8c426c8b84e5473a76103684672ed042a514dae9b2ce177636c2077454b8ff94b10bad11723fab5325da407e4ee8f25a49cf6b569a36bb3007526528ceb97970283bfa64583b4f566abd11068e862ba5b9474d9"}]}}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@ack={{}, {0x5ab}, @device_b}}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x4}, @device_b, @broadcast}}]}, 0x6a4}, 0x1, 0x0, 0x0, 0x1}, 0x20040000)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000001840)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001800)={&(0x7f0000001480)={0x344, r3, 0xdc60335d5b40e015, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdf2e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xee}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x94, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xcec}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff9}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}]}, @TIPC_NLA_MEDIA={0x9c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2725}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xef7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}]}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'veth0\x00'}}]}, @TIPC_NLA_NODE={0x128, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "2f78e60868560ef954a348bfe95f274d52d9969919db8be0fa334abc230c464a368a"}}, @TIPC_NLA_NODE_ID={0x6d, 0x3, "b2d83a71f90a4139de555c6cc9e8442d2624029246f8c73346b482cb6bf9aba3825fc212efe9c69e95f6fa0a7074a0646b9b319d54ff649f61d40f3b398746e272ffad7cfe80c3c6fb6ebce3288cea7fb8589ffa429da8fe552cbb68ee564f57504dc5dc1e2fa4508d"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xfffffff7}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "aa7ca89fc6b7348c2efc1b46bacf2c72fffc73795e4fd8"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x800}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x344}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DISCONNECT(r8, &(0x7f0000001980)={&(0x7f0000001880)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001940)={&(0x7f00000018c0)={0x58, r6, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x80000000, 0x1f}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x27}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x41}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1c}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1a}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_REASON_CODE={0x6}]}, 0x58}}, 0x800)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000019c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xcf6, '\x00', r7, 0xffffffffffffffff, 0x3, 0x2, 0x4}, 0x50)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001b00)={&(0x7f0000001a40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x3, [@int={0xf, 0x0, 0x0, 0x1, 0x0, 0x61, 0x0, 0x7, 0x1}]}, {0x0, [0x30]}}, &(0x7f0000001a80)=""/67, 0x2b, 0x43, 0x1, 0xe82}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000001b40)=@base={0x1b, 0x0, 0xd, 0x1, 0x28000, r9, 0x0, '\x00', 0x0, r10, 0x2, 0x2, 0x4}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000002c40)={'sit0\x00', &(0x7f0000002bc0)={'syztnl2\x00', <r11=>r7, 0x711, 0x1, 0x3, 0x10000, {{0x10, 0x4, 0x1, 0x1d, 0x40, 0x68, 0x0, 0x8, 0x29, 0x0, @rand_addr=0x64010100, @multicast2, {[@timestamp_prespec={0x44, 0x2c, 0x14, 0x3, 0xe, [{@rand_addr=0x64010100, 0xfffffffc}, {@dev={0xac, 0x14, 0x14, 0x44}, 0x10000}, {@local, 0x9}, {@dev={0xac, 0x14, 0x14, 0x41}}, {@multicast2, 0x3}]}]}}}}})
recvfrom$packet(r0, &(0x7f0000001bc0)=""/4096, 0x1000, 0x10000, &(0x7f0000002c80)={0x11, 0x1b, r11, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)
sendmsg$NL80211_CMD_LEAVE_MESH(r8, &(0x7f0000002d80)={&(0x7f0000002cc0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000002d40)={&(0x7f0000002d00)={0x14, r6, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20058055)

41.006876637s ago: executing program 3 (id=2435):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.freeze\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000080)=r2, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000240)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x13, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8001}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff8}, @ldst={0x0, 0x3, 0x2, 0x7, 0x0, 0x100}, @generic={0xff, 0xc, 0xf, 0x7, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7fffffff}, @map_fd={0x18, 0x2, 0x1, 0x0, r4}]}, &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="740000001200030600"/20, @ANYRES32=0x0, @ANYBLOB="2fedaa88000000003800128009000100766c616e000000002800028006000100000000000c0002000000000000000000100004800c00010000000000", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x74}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x70}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="12cdde26e7c496e99a9cf8625ec9", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f0000000380)={<r10=>r1})
ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x2, 0x5})
sendmmsg$alg(r9, &(0x7f00000000c0), 0x492492492492627, 0x0)

34.533240335s ago: executing program 4 (id=2490):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
socketpair(0x1a, 0x2, 0x3, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000300), &(0x7f0000000540)=0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$kcm(0x2, 0xd, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
socketpair(0x2c, 0x3, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0x170, r5, 0x4, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x8, 0x6a}}}}, [@NL80211_ATTR_FRAME_MATCH={0x59, 0x5b, "452bd60a5aade9bfc59c567b9a3477668713f6e0b00626f4629c8aa5822a6ee93662935bbf6ac2deaae17a02245c9281e321b5743e9b277382d783a3a0b0eea7e372ab4b67d5bb0914f2a034066cecddfa944a98f9"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x3}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xaca0}, @NL80211_ATTR_FRAME_MATCH={0x8c, 0x5b, "0d0d193786d44a8781b0e97ea3f71457fc694756f28fd2c60cc46a61595f662d02005ee40736bd3ded359a1f93c55e92730e37eb1779d15265e551fdf0eb166f77b94cc496fda0776a3d21d222122a8131f468ea042680f3b4898649f50356f0846877115de7f43e334173f1d02b220abd8ea2e517a385d113b5de30580ce0fe80588639a948eab5"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x3}, @NL80211_ATTR_FRAME_MATCH={0x48, 0x5b, "edbc9d695dae58fbb6c050445ab747523b86f08afa7c084ef61a59566f37192f52ac57b41016a8082b4a46bad033b1193dc593c0f6f97e080eec6cb08afd4ff470f893f7"}]}, 0x170}, 0x1, 0x0, 0x0, 0x20000804}, 0x20008841)
write$tun(r2, &(0x7f0000000340)={@val={0xa}, @void, @eth={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x10, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e22, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0xfc, 0x100}}}}}}}}}, 0x4a)

34.318463923s ago: executing program 4 (id=2491):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000000000631149000000000085100000020000008500000005000000950000000000000095e9600500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x18}, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="e0feffff010805000000000000000000010000010600024088be00000900010073797a3000000000050003002f00000005000300840200"/64], 0x40}}, 0x810)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x6, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000f80)=@bpf_tracing={0x1a, 0x17, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0x7}, @generic={0xfc, 0x3, 0x3, 0x3ff, 0x93d7}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0x1f}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffb}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000800)='GPL\x00', 0xbeb, 0x11, &(0x7f0000000840)=""/17, 0x41100, 0x27, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x22c9f, 0xffffffffffffffff, 0x9, &(0x7f0000000e80)=[r2, r0], &(0x7f0000000ec0)=[{0x1, 0x2, 0x8, 0x8}, {0x1, 0x1, 0x5, 0x5}, {0x5, 0x4, 0x0, 0xc}, {0x5, 0x3, 0xc, 0x2}, {0x1, 0x4, 0xf, 0xc}, {0x2, 0x4, 0x9, 0xc}, {0x1, 0x1, 0x5}, {0x5, 0x5, 0xf, 0x7}, {0x4, 0x1, 0xa, 0x1}], 0x10, 0x3}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r3, 0xfffffffffffffda9, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56561, 0x4000, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000000)
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000180)="7c346244a3cd73e22fda4d9503ae835c04aad2ed3f7b88f2aba6bdf2153e78b2bc5e3fbeb7329082eef96cebf457564c7f16107c69f45b3661", 0x39}, {&(0x7f00000001c0)="0392b1b72eff7f6f38d341ecdf0fc518fcf2", 0x12}, {&(0x7f0000000200)="c80778d354b77c1bb8f37c5ab1447f0eb7d4b1c31c6854397404527daade1dd4ca477325f0c93bf1b0ef6a06780a287ca181db239985ee3587872586863d4e3080f15d9754fd2aef8474ad2d531f5075b01f2b93a257925a6229f9d5e1453f35878107792e7d21b6c290cfe5573d58c5e5686600ccae7541eb4bb6120137310ca37a0666e028ec30920ae97e4066fcd332db8225fa975b826abf71b21496b01af07d973d97029bdab5b15bcee6a1a5e58dec4959022bac20ab2a5ba7d25ab4f694fd844de743f84824c5", 0xca}, {&(0x7f0000000300)="cf86fd67cb79fa8c3e8ad9954f2f9e5974afc9986723a35d61daf17108729a3a32a573fa2230125d25", 0x29}, {&(0x7f0000000340)="9eda628bf1e72d042572e6cd751962d774d737eec2184141ff28", 0x1a}, {&(0x7f0000000380)="0fc35a9f5ddf60dbec480818103c61cdc40d871d875950c30a23de89cb6a473a07e598d7f5afbfac3ade48d96fb32cee18455f4c069ad2a8f4d461737938bdf02b494269861a06114caf656ffb8010fad3f63acaf0194d9c6f6703", 0x5b}], 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="2e0000000000000000000000000000002f110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1a0000c27e0008000000040000f7ff0000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0x46, &(0x7f0000000640)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @random="aa73f3fc913d", @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x1, @local, @ipv4={'\x00', '\xff\xff', @empty}, @local, @remote}}}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r7}, 0x18)
r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8)
close(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r6, @ANYRES32=r10, @ANYBLOB="0200000002"], 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r12 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000680)=ANY=[@ANYRES32=r12, @ANYRES32=r11, @ANYBLOB="0200000006"], 0x10)
r13 = socket$igmp6(0xa, 0x3, 0x2)
sendmsg$inet6(r13, &(0x7f0000000480)={&(0x7f0000000040)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2400000000000000290000003b000000fc010000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB='{\x00'], 0x28}, 0x40080)

34.163096569s ago: executing program 4 (id=2494):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = accept(r0, &(0x7f0000000040)=@can, &(0x7f0000000180)=0x80)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e21, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@ipmr_delroute={0x2c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5}, [@RTA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @RTA_DST={0x8, 0x1, @broadcast}]}, 0x2c}}, 0x0)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="200a04ff"], 0x10}}, 0x0)

33.990652044s ago: executing program 4 (id=2495):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0xdc, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x9c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x24, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x120}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

30.520429895s ago: executing program 1 (id=1460):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68)

27.904504602s ago: executing program 3 (id=2435):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.freeze\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000080)=r2, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000240)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x13, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8001}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff8}, @ldst={0x0, 0x3, 0x2, 0x7, 0x0, 0x100}, @generic={0xff, 0xc, 0xf, 0x7, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7fffffff}, @map_fd={0x18, 0x2, 0x1, 0x0, r4}]}, &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="740000001200030600"/20, @ANYRES32=0x0, @ANYBLOB="2fedaa88000000003800128009000100766c616e000000002800028006000100000000000c0002000000000000000000100004800c00010000000000", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x74}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x70}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="12cdde26e7c496e99a9cf8625ec9", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f0000000380)={<r10=>r1})
ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x2, 0x5})
sendmmsg$alg(r9, &(0x7f00000000c0), 0x492492492492627, 0x0)

18.512954777s ago: executing program 4 (id=2495):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0xdc, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x9c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x24, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x120}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

16.07541998s ago: executing program 1 (id=1460):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68)

13.946621521s ago: executing program 3 (id=2435):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.freeze\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000080)=r2, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000240)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x13, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8001}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff8}, @ldst={0x0, 0x3, 0x2, 0x7, 0x0, 0x100}, @generic={0xff, 0xc, 0xf, 0x7, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7fffffff}, @map_fd={0x18, 0x2, 0x1, 0x0, r4}]}, &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="740000001200030600"/20, @ANYRES32=0x0, @ANYBLOB="2fedaa88000000003800128009000100766c616e000000002800028006000100000000000c0002000000000000000000100004800c00010000000000", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x74}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x70}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="12cdde26e7c496e99a9cf8625ec9", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f0000000380)={<r10=>r1})
ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x2, 0x5})
sendmmsg$alg(r9, &(0x7f00000000c0), 0x492492492492627, 0x0)

5.078739915s ago: executing program 0 (id=2664):
r0 = socket(0x2b, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0))
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000100)={<r1=>0xffffffffffffffff, 0x8, 0x400, 0x1})
sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, 0x0, 0x0)
r3 = socket(0x1e, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720a07fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed00000f030000000000001d44000000000000730a06fe0000000072030000000a0000b500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef77997e344e61482808c02b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0)
connect$rose(r7, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c)
connect$rose(r7, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x40)
sendmmsg$alg(r3, &(0x7f0000009480)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040081}], 0x1, 0x40)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000240)=@req={0x9, 0x622, 0xb3, 0x80000001}, 0x10)
sendmmsg(r1, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000240)}, {&(0x7f0000000280)="52b51e77bc19be9ee35ecdc5e10beb5aaa16439e984ec79c5827cc9a719e26ac44ff842dda2a92a7691db721eaf8220f870502bc9b3206f8df1e98c2acb2f2e97533d7b66513e0bfe1625457a0986645afdb3b25a0b671990c73bae4e5087f10c13ca2653af62a0bf2836b1ec7b1b6c45839664572e396142fad69ab2fd7f6ead99f2c08deff8a01df2bd0fda7d1def230060d68346b4e9a44b1e991f4090255669953c0f530758c3531756c91aa995dbeb7482864f60c974d1bf2ca9deb9c569dd529b18ff9e1798e9ba15021e60ce180aa40d25fd6a785dad38527d9f48d", 0xdf}, {&(0x7f0000000800)="91640372ad87263f088ad02cee9ecddbf3c2742e3a1edf6f071c07b1ad053fcc3c7166ba7e392eda4d65cbc4fe70963fb26725daa4ef5a6b17a81cb064e2a49080ea60c82e8a5066c34fa5939c413db507b1d536fafca8f838253774345fdd8fd6b376bfc694975f72ab2f0cbc18d343a064d736c0535a864620a1705c7e7c81669534ded949df3209905294e79f643df4929b5e2062f5920bc0d74d09271c99cd91c260a829bad41562b0f1aa5ee8fe905bc66767ea54cb46afd4159ce3ecfe2edae0", 0xc3}, {&(0x7f0000000440)="d2fabb244a5661812b643e685f6c567b209f7a796b9a57f2b7d90543a3ee1488ae8d3b84dc46e2ede9c6853b", 0x2c}, {&(0x7f0000000480)="5aec410384517621ee29696647024ea4b8c9254142e469d5e4a8d4a281fa707de56ea1c03cbdb04bceaee25f45f594d5f641f28aac9704968c073eee69e7df31df34c1dff7b66c8a1bfa157810f081238525e67736819614c3757c6d4c07bbb9307fbc1560898480690aa79c8530af1d8c7e1c5b0e5d4c6a3cc54fe39c009d7204caf8c8317863a4091b4ab80660d71aa836fba8774f7cfaa83f885e19bca4b422f31af6ae7d6c19252a7e4e2b7640c934f4f576", 0xb4}, {&(0x7f0000000540)="15a57f436568026187546dba59433ddb8451c705b5b146bf89777259cd034a061c95c30a96", 0x25}, {&(0x7f0000000580)="7698a206d172895d3720628eb89509f7d29c2afbdaa019220bf0ff2a94ea29ab6d244aea2fa0bed370ede06d31a302bd2478b225a749f6340c361dd6d31277d9448e9169514921e3f3d6c3d3a5a028cc4f701575ae297129fee5135fccf03afe972b5ddb454aa1c77a23c239b45bfb92788f9dec0a085bad792269150742aedc1d7a23fa1028c67a778e52111dbe6eeec89ab1", 0x93}, {&(0x7f0000000640)="bf5f2c0643dd2dc35f243c2ad128aec012cffaf16205576e6c2c8b11d2a5eb8aa5a79ec3e98a51d50d12841fe7037ae1a62ac95f730387cfb0fc561b47cdbee608e884c141dae331d007c0b395bd2301fabee9644b13e0a7a5b868382aa3b455eb3513aa883b39158fd5963ded321f619baa79c7c4cfc7aec4ca34da6fd8c725cc10a457a2c923ed73e341b1cf36bbb1ed2349288acdbb564ad1d528f9604de092683158eb70c8f70b6aa87843f9d47c5f9318f9344cb1b495260617894c8e9b9f82651f3b023c040c7f486f0f8fee19c4c81cb6be19a26fdf4e8745b89860229083b564e94774", 0xe7}], 0x8}}], 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'rr\x00', 0xe, 0x9, 0x15}, 0x2c)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
socket$inet6_udplite(0xa, 0x2, 0x88)

4.184888946s ago: executing program 0 (id=2671):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_timeval(r1, 0x1, 0x2, &(0x7f0000000040), 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="000000006a00080029bd7000ffdbdb25020000000000000000000b00000001000100000000000500", @ANYRES32=r4, @ANYBLOB="000001000100000000000a000000000000000100010000000000090000000500", @ANYRES32=r4, @ANYBLOB="e6697e3aa427cf0000000000005c39c26c7c42f3b629f6be33d9996eeeedb6a66481af94ed70d2bd5e7f2759af0727b275832d266a1b893c9c78ca46a74a6d601f58aa19451cb0fb6a9b2e5afb3f838726d58e55bd962f65a03e30184a7b26000000000000982efa51f9a9cbe8695456f02679f7d6fa907ed2ba355aecae0896e01e2bfae2cc8d8c71a5f6e07801035df29b501ca25d62fe805af7674d20463392bc3cc15c42453fba2cdaeb2f237ed65ccac25bf4125e81358075246fc53078cf19f7f4272ba1dee9ef9796c7866d599b"], 0x43}}, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {}, 0xfd}, 0x18)
connect$can_j1939(r5, &(0x7f0000000080)={0x1d, r6, 0x0, {0x0, 0xf0, 0x2}, 0xfe}, 0x18)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@ipv4={""/10, ""/2, @local}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000400)=0xe8)
setsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000000c00)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4e24, 0x9, 0x4e23, 0x9, 0x2, 0x80, 0x80, 0x89, 0x0, r8}, {0x1, 0x98, 0x5, 0x9, 0x1, 0x8, 0x4, 0x5}, {0xffffffffffffff22, 0xe0, 0x823}, 0x68a4, 0x6e6bb9, 0x2, 0x1, 0x3, 0x1}, {{@in=@multicast2, 0x4d3, 0x3c}, 0x2, @in=@loopback, 0x3501, 0x1, 0x2, 0x1, 0xffff7fff, 0x3}}, 0xe8)
sendmsg$can_j1939(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)="434a9c5c0c00000000", 0x9}}, 0x0)
sendmsg$can_j1939(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={0x0}}, 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan1\x00'})
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0005d70000fe0806000108"], 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
pipe(&(0x7f00000000c0))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r10=>0x0})
sendto$packet(r9, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @link_local}, 0x14)
bind$can_j1939(r5, &(0x7f0000000040)={0x1d, r6, 0x3, {0x2, 0x1, 0x749704b6a0916242}, 0x1}, 0x18)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r11)
sendmsg$NLBL_CIPSOV4_C_ADD(r11, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000240), r11)

3.809973373s ago: executing program 4 (id=2495):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0xdc, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x9c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x24, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x120}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.757456971s ago: executing program 2 (id=2674):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x25dfdbfc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x26008000}, 0x4000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) (fail_nth: 9)

3.254350413s ago: executing program 0 (id=2675):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x8000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x800)
socket$pptp(0x18, 0x1, 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000014c0)=ANY=[], 0x50)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000015c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)

3.187503932s ago: executing program 2 (id=2676):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, 0x0, 0x8c0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r0 = socket$kcm(0x29, 0x5, 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, 0x0, 0x1ce0ef95c5c0bdc8)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xe1}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb0}}, 0x0)

2.947102583s ago: executing program 0 (id=2677):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100080200000018000066000000080003", @ANYRES32=r4, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x52895}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0x5}]}}}, @IFLA_LINK={0x8}]}, 0x44}}, 0x0)

2.937885327s ago: executing program 1 (id=1460):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68)

1.472875181s ago: executing program 0 (id=2678):
sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x14, 0x0, 0x711, 0x70bd27}, 0x14}, 0x1, 0x0, 0x0, 0x4004094}, 0x8894)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001700)={0x50, r1, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x50}}, 0x0)

1.472021787s ago: executing program 2 (id=2679):
socket(0x40000000015, 0x5, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'macvlan1\x00'})
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@private0={0xfc, 0x0, '\x00', 0x40}, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x400, 0x0, 0x0, 0xa, 0x60, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {0x0, 0x5}}}, 0xb8}}, 0x4000)

1.471473514s ago: executing program 3 (id=2435):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.freeze\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000080)=r2, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000240)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x13, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8001}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff8}, @ldst={0x0, 0x3, 0x2, 0x7, 0x0, 0x100}, @generic={0xff, 0xc, 0xf, 0x7, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7fffffff}, @map_fd={0x18, 0x2, 0x1, 0x0, r4}]}, &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="740000001200030600"/20, @ANYRES32=0x0, @ANYBLOB="2fedaa88000000003800128009000100766c616e000000002800028006000100000000000c0002000000000000000000100004800c00010000000000", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x74}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x70}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="12cdde26e7c496e99a9cf8625ec9", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f0000000380)={<r10=>r1})
ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x2, 0x5})
sendmmsg$alg(r9, &(0x7f00000000c0), 0x492492492492627, 0x0)

977.484721ms ago: executing program 2 (id=2680):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{0x7, 0x0, 0x300}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

156.3567ms ago: executing program 0 (id=2681):
r0 = socket(0x2b, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0))
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000100)={<r1=>0xffffffffffffffff, 0x8, 0x400, 0x1})
sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x4f)
r3 = socket(0x1e, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720a07fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed00000f030000000000001d44000000000000730a06fe0000000072030000000a0000b500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef77997e344e61482808c02b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c)
connect$rose(r6, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x40)
sendmmsg$alg(r3, &(0x7f0000009480)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040081}], 0x1, 0x40)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000240)=@req={0x9, 0x622, 0xb3, 0x80000001}, 0x10)
sendmmsg(r1, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000240)}, {&(0x7f0000000280)="52b51e77bc19be9ee35ecdc5e10beb5aaa16439e984ec79c5827cc9a719e26ac44ff842dda2a92a7691db721eaf8220f870502bc9b3206f8df1e98c2acb2f2e97533d7b66513e0bfe1625457a0986645afdb3b25a0b671990c73bae4e5087f10c13ca2653af62a0bf2836b1ec7b1b6c45839664572e396142fad69ab2fd7f6ead99f2c08deff8a01df2bd0fda7d1def230060d68346b4e9a44b1e991f4090255669953c0f530758c3531756c91aa995dbeb7482864f60c974d1bf2ca9deb9c569dd529b18ff9e1798e9ba15021e60ce180aa40d25fd6a785dad38527d9f48d", 0xdf}, {&(0x7f0000000800)="91640372ad87263f088ad02cee9ecddbf3c2742e3a1edf6f071c07b1ad053fcc3c7166ba7e392eda4d65cbc4fe70963fb26725daa4ef5a6b17a81cb064e2a49080ea60c82e8a5066c34fa5939c413db507b1d536fafca8f838253774345fdd8fd6b376bfc694975f72ab2f0cbc18d343a064d736c0535a864620a1705c7e7c81669534ded949df3209905294e79f643df4929b5e2062f5920bc0d74d09271c99cd91c260a829bad41562b0f1aa5ee8fe905bc66767ea54cb46afd4159ce3ecfe2edae0", 0xc3}, {&(0x7f0000000440)="d2fabb244a5661812b643e685f6c567b209f7a796b9a57f2b7d90543a3ee1488ae8d3b84dc46e2ede9c6853b", 0x2c}, {&(0x7f0000000480)="5aec410384517621ee29696647024ea4b8c9254142e469d5e4a8d4a281fa707de56ea1c03cbdb04bceaee25f45f594d5f641f28aac9704968c073eee69e7df31df34c1dff7b66c8a1bfa157810f081238525e67736819614c3757c6d4c07bbb9307fbc1560898480690aa79c8530af1d8c7e1c5b0e5d4c6a3cc54fe39c009d7204caf8c8317863a4091b4ab80660d71aa836fba8774f7cfaa83f885e19bca4b422f31af6ae7d6c19252a7e4e2b7640c934f4f576", 0xb4}, {&(0x7f0000000540)="15a57f436568026187546dba59433ddb8451c705b5b146bf89777259cd034a061c95c30a96", 0x25}, {&(0x7f0000000580)="7698a206d172895d3720628eb89509f7d29c2afbdaa019220bf0ff2a94ea29ab6d244aea2fa0bed370ede06d31a302bd2478b225a749f6340c361dd6d31277d9448e9169514921e3f3d6c3d3a5a028cc4f701575ae297129fee5135fccf03afe972b5ddb454aa1c77a23c239b45bfb92788f9dec0a085bad792269150742aedc1d7a23fa1028c67a778e52111dbe6eeec89ab1", 0x93}, {&(0x7f0000000640)="bf5f2c0643dd2dc35f243c2ad128aec012cffaf16205576e6c2c8b11d2a5eb8aa5a79ec3e98a51d50d12841fe7037ae1a62ac95f730387cfb0fc561b47cdbee608e884c141dae331d007c0b395bd2301fabee9644b13e0a7a5b868382aa3b455eb3513aa883b39158fd5963ded321f619baa79c7c4cfc7aec4ca34da6fd8c725cc10a457a2c923ed73e341b1cf36bbb1ed2349288acdbb564ad1d528f9604de092683158eb70c8f70b6aa87843f9d47c5f9318f9344cb1b495260617894c8e9b9f82651f3b023c040c7f486f0f8fee19c4c81cb6be19a26fdf4e8745b89860229083b564e94774", 0xe7}], 0x8}}], 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'rr\x00', 0xe, 0x9, 0x15}, 0x2c)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
socket$inet6_udplite(0xa, 0x2, 0x88)

86.601336ms ago: executing program 2 (id=2682):
r0 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d00000000000000000000000105000000030000000000000000000003000000000100000002"], 0x0, 0x4e}, 0x20)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x10)

0s ago: executing program 2 (id=2683):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x1c, r0, 0x121, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4008800}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), r1)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)=ANY=[@ANYRESDEC=0x0, @ANYRES16=r6], 0x10}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280), 0x4)
socketpair(0xb, 0x80000, 0xfffffffc, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r8, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r9, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x34, r11, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x3}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x12}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x6}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004800}, 0x4040080)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_PMK(r7, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xbc, r9, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x6, 0x57}}}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "a1a7cf0f258c4d33eb5bfa3a5ea035ea"}, @NL80211_ATTR_PMK={0x14, 0xfe, "41c0bd5f34d8ed1693d8ca6330f3eb70"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "781b670a1d2d4b9211612176cf9d29be"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "0a1542fcd0c23195c930b6b700e0ce2d"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMK={0x14, 0xfe, "91e2eacba9407bce90da17f8d78ea102"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40004}, 0x40000)

kernel console output (not intermixed with test programs):

le:107827
[  250.731710][T11942]  mapped:29301 shmem:1361 pagetables:1042
[  250.731710][T11942]  sec_pagetables:0 bounce:0
[  250.731710][T11942]  kernel_misc_reclaimable:0
[  250.731710][T11942]  free:1328970 free_pcp:10983 free_cma:0
[  250.794180][T11942] Node 0 active_anon:17112kB inactive_anon:0kB active_file:6232kB inactive_file:159408kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117204kB dirty:392kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12304kB pagetables:4032kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  250.831158][T11942] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  250.877902][T11942] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  250.909279][T11942] lowmem_reserve[]: 0 2500 2502 2502 2502
[  250.915864][T11942] Node 0 DMA32 free:1398400kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17060kB inactive_anon:0kB active_file:6332kB inactive_file:157584kB unevictable:1536kB writepending:388kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:25148kB local_pcp:12136kB free_cma:0kB
[  250.953111][T11942] lowmem_reserve[]: 0 0 1 1 1
[  250.959822][T11942] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1824kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  250.992433][T11942] lowmem_reserve[]: 0 0 0 0 0
[  250.998388][T11942] Node 1 Normal free:3901204kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19064kB local_pcp:9824kB free_cma:0kB
[  251.031854][T11942] lowmem_reserve[]: 0 0 0 0 0
[  251.037001][T11942] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  251.051286][T11942] Node 0 DMA32: 833*4kB (ME) 136*8kB (ME) 72*16kB (M) 123*32kB (UME) 91*64kB (UM) 37*128kB (UM) 57*256kB (UME) 23*512kB (UME) 16*1024kB (UM) 6*2048kB (UME) 323*4096kB (UM) = 1398116kB
[  251.072613][T11942] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  251.086759][T11942] Node 1 Normal: 122*4kB (UME) 59*8kB (UME) 46*16kB (UME) 98*32kB (UME) 38*64kB (UME) 9*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3901152kB
[  251.108301][T11942] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  251.118641][T11942] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  251.128881][T11942] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  251.139372][T11942] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  251.149560][T11942] 42842 total pagecache pages
[  251.159370][ T3486] hsr_slave_0: left promiscuous mode
[  251.167731][ T3486] hsr_slave_1: left promiscuous mode
[  251.179331][ T3486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.191227][ T3486] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.203713][ T3486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.207296][T11942] 0 pages in swap cache
[  251.214724][ T3486] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.227423][T11942] Free swap  = 124996kB
[  251.242683][T11942] Total swap = 124996kB
[  251.247311][T11942] 2097051 pages RAM
[  251.252118][ T3486] veth1_macvtap: left promiscuous mode
[  251.252166][T11942] 0 pages HighMem/MovableOnly
[  251.265052][ T3486] veth0_macvtap: left promiscuous mode
[  251.271122][ T3486] veth1_vlan: left promiscuous mode
[  251.284244][T11942] 424690 pages reserved
[  251.289689][T11942] 0 pages cma reserved
[  251.300662][ T3486] veth0_vlan: left promiscuous mode
[  251.324961][T11960] __nla_validate_parse: 6 callbacks suppressed
[  251.324981][T11960] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2179'.
[  251.450611][T11967] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2182'.
[  251.494945][ T5845] Bluetooth: hci4: command tx timeout
[  251.730378][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2186'.
[  251.988271][ T3486] team0 (unregistering): Port device team_slave_1 removed
[  252.031029][ T3486] team0 (unregistering): Port device team_slave_0 removed
[  252.551709][T11975] ip6tnl1: entered promiscuous mode
[  252.562208][T11975] ip6tnl1: entered allmulticast mode
[  252.735601][T11929] chnl_net:caif_netlink_parms(): no params data found
[  253.109878][T12001] netlink: 'syz.2.2195': attribute type 11 has an invalid length.
[  253.163831][T12005] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2196'.
[  253.168986][T11929] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.190566][T12001] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2195'.
[  253.212154][T11929] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.244791][T11929] bridge_slave_0: entered allmulticast mode
[  253.259407][T11929] bridge_slave_0: entered promiscuous mode
[  253.268829][T12006] netlink: 'syz.2.2195': attribute type 3 has an invalid length.
[  253.281478][T12006] netlink: 766 bytes leftover after parsing attributes in process `syz.2.2195'.
[  253.313596][T12009] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2197'.
[  253.329692][T11929] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.349845][T11929] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.365832][T11929] bridge_slave_1: entered allmulticast mode
[  253.387303][T11929] bridge_slave_1: entered promiscuous mode
[  253.410052][T12011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2198'.
[  253.478885][T11929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.529075][T11929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.584347][ T5845] Bluetooth: hci4: command tx timeout
[  253.611973][T12020] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2203'.
[  253.637366][T12020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2203'.
[  253.672357][T11929] team0: Port device team_slave_0 added
[  253.682461][T11929] team0: Port device team_slave_1 added
[  253.773323][T11929] batman_adv: batadv0: Adding interface: batadv_slave_0
[  253.794086][T11929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.883534][T11929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.909670][T11929] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.921937][T11929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.957437][T11929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  254.112396][T11929] hsr_slave_0: entered promiscuous mode
[  254.139354][T11929] hsr_slave_1: entered promiscuous mode
[  254.165125][T11929] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  254.211598][T11929] Cannot create hsr debugfs directory
[  254.759570][T12064] ip6tnl1: entered promiscuous mode
[  254.782676][T12064] ip6tnl1: entered allmulticast mode
[  255.086563][T10689] bond0: (slave bond_slave_0): link status definitely up, 10000 Mbps full duplex
[  255.116777][T10689] bond0: (slave bond_slave_1): link status definitely up, 10000 Mbps full duplex
[  255.143431][T12087] netlink: 'syz.2.2227': attribute type 5 has an invalid length.
[  255.147652][T10689] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex
[  255.171562][T12087] netlink: 'syz.2.2227': attribute type 7 has an invalid length.
[  255.182456][T10689] bond0: active interface up!
[  255.190406][T12087] netlink: 'syz.2.2227': attribute type 8 has an invalid length.
[  255.488167][T11929] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  255.566518][T11929] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  255.598408][T12110] netlink: 'syz.4.2232': attribute type 3 has an invalid length.
[  255.618931][T11929] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  255.619910][T12114] netlink: 'syz.0.2235': attribute type 11 has an invalid length.
[  255.654220][ T5845] Bluetooth: hci4: command tx timeout
[  255.660935][T11929] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  255.793377][T12125] netlink: 'syz.4.2238': attribute type 1 has an invalid length.
[  255.926728][T12134] netlink: 'syz.2.2240': attribute type 5 has an invalid length.
[  255.944519][T12134] netlink: 'syz.2.2240': attribute type 7 has an invalid length.
[  255.953145][T12134] netlink: 'syz.2.2240': attribute type 8 has an invalid length.
[  255.978152][T11929] 8021q: adding VLAN 0 to HW filter on device bond0
[  255.984403][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  256.028453][T11929] 8021q: adding VLAN 0 to HW filter on device team0
[  256.083159][  T739] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.091659][  T739] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.500507][T11929] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  256.518372][T11929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  256.578464][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.586547][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.859154][T12157] __nla_validate_parse: 15 callbacks suppressed
[  256.859175][T12157] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2245'.
[  256.970464][T12162] netlink: 'syz.2.2249': attribute type 10 has an invalid length.
[  257.023134][T12166] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2250'.
[  257.055451][T12166] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2250'.
[  257.157809][T11929] 8021q: adding VLAN 0 to HW filter on device batadv0
[  257.216333][T12171] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2252'.
[  257.288971][T11929] veth0_vlan: entered promiscuous mode
[  257.307206][T11929] veth1_vlan: entered promiscuous mode
[  257.408442][T11929] veth0_macvtap: entered promiscuous mode
[  257.425161][T11929] veth1_macvtap: entered promiscuous mode
[  257.449662][T11929] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.479984][T11929] batman_adv: batadv0: Interface activated: batadv_slave_1
[  257.492918][T11929] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.506128][T11929] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.516109][T11929] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.526590][T11929] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.600333][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.613391][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.648380][ T3486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.671967][ T3486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.734745][ T5845] Bluetooth: hci4: command tx timeout
[  257.790742][T12188] xt_hashlimit: max too large, truncated to 1048576
[  258.044600][T12197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2260'.
[  258.055219][T12197] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  258.068016][T12197] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1)
[  258.177305][T12199] netlink: 'syz.3.2261': attribute type 10 has an invalid length.
[  258.240979][T12201] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2262'.
[  258.254469][T12201] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2262'.
[  258.613714][T12225] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2270'.
[  258.650048][ T3486] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.992772][ T3486] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.549478][ T3486] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.666383][T12231] dvmrp1: entered allmulticast mode
[  259.846454][ T3486] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.121787][T12253] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  260.136776][T12255] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2282'.
[  260.236176][ T3486] bridge_slave_1: left allmulticast mode
[  260.257877][ T3486] bridge_slave_1: left promiscuous mode
[  260.280778][ T3486] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.326203][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  260.339461][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  260.349872][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  260.361087][ T3486] bridge_slave_0: left allmulticast mode
[  260.367898][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  260.376482][ T3486] bridge_slave_0: left promiscuous mode
[  260.385011][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  260.393242][ T3486] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.460057][T12271] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2285'.
[  260.776704][ T3486] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.788325][ T3486] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  260.800459][ T3486] bond0 (unregistering): Released all slaves
[  260.821460][T12262] delete_channel: no stack
[  261.532665][ T3486] hsr_slave_0: left promiscuous mode
[  261.556124][ T3486] hsr_slave_1: left promiscuous mode
[  261.563326][ T3486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  261.575615][ T3486] batman_adv: batadv0: Removing interface: batadv_slave_0
[  261.588315][ T3486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.599582][ T3486] batman_adv: batadv0: Removing interface: batadv_slave_1
[  261.650170][ T3486] veth1_macvtap: left promiscuous mode
[  261.668447][ T3486] veth0_macvtap: left promiscuous mode
[  261.688234][ T3486] veth1_vlan: left promiscuous mode
[  261.700658][ T3486] veth0_vlan: left promiscuous mode
[  262.282996][T12328] __nla_validate_parse: 2 callbacks suppressed
[  262.283009][T12328] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2305'.
[  262.411666][ T3486] team0 (unregistering): Port device team_slave_1 removed
[  262.460333][ T3486] team0 (unregistering): Port device team_slave_0 removed
[  262.468179][ T5845] Bluetooth: hci4: command tx timeout
[  263.268297][T12328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  263.302960][T12328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  263.341002][T12328] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  263.366275][T12328] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  263.392587][T12328] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.400084][T12328] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.419899][T12328] bond0 (unregistering): Released all slaves
[  263.448848][T12264] chnl_net:caif_netlink_parms(): no params data found
[  264.050898][T12264] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.078227][T12264] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.094154][T12264] bridge_slave_0: entered allmulticast mode
[  264.105260][T12264] bridge_slave_0: entered promiscuous mode
[  264.114794][T12383] FAULT_INJECTION: forcing a failure.
[  264.114794][T12383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.119023][T12386] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2319'.
[  264.131499][T12383] CPU: 1 UID: 0 PID: 12383 Comm: syz.0.2318 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  264.131526][T12383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  264.131536][T12383] Call Trace:
[  264.131543][T12383]  <TASK>
[  264.131550][T12383]  dump_stack_lvl+0x189/0x250
[  264.131579][T12383]  ? __pfx____ratelimit+0x10/0x10
[  264.131602][T12383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.131624][T12383]  ? __pfx__printk+0x10/0x10
[  264.131642][T12383]  ? __might_fault+0xb0/0x130
[  264.131670][T12383]  should_fail_ex+0x414/0x560
[  264.131696][T12383]  _copy_from_user+0x2d/0xb0
[  264.131713][T12383]  ioctl_standard_iw_point+0x59d/0xd40
[  264.131748][T12383]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  264.131765][T12383]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  264.131785][T12383]  ? __pfx___mutex_lock+0x10/0x10
[  264.131807][T12383]  ? full_name_hash+0x92/0xe0
[  264.131828][T12383]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  264.131847][T12383]  ioctl_standard_call+0xaf/0x1b0
[  264.131867][T12383]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  264.131883][T12383]  wext_ioctl_dispatch+0xee/0x410
[  264.131900][T12383]  ? __pfx_ioctl_standard_call+0x10/0x10
[  264.131921][T12383]  wext_handle_ioctl+0x100/0x1c0
[  264.131943][T12383]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  264.131958][T12383]  ? __lock_acquire+0xab9/0xd20
[  264.131996][T12383]  sock_ioctl+0x15f/0x790
[  264.132021][T12383]  ? __pfx_sock_ioctl+0x10/0x10
[  264.132043][T12383]  ? __fget_files+0x2a/0x420
[  264.132059][T12383]  ? __fget_files+0x3a0/0x420
[  264.132074][T12383]  ? __fget_files+0x2a/0x420
[  264.132095][T12383]  ? bpf_lsm_file_ioctl+0x9/0x20
[  264.132117][T12383]  ? __pfx_sock_ioctl+0x10/0x10
[  264.132147][T12383]  __se_sys_ioctl+0xfc/0x170
[  264.132170][T12383]  do_syscall_64+0xfa/0x3b0
[  264.132185][T12383]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.132206][T12383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.132222][T12383]  ? clear_bhb_loop+0x60/0xb0
[  264.132240][T12383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.132253][T12383] RIP: 0033:0x7f6585b8e929
[  264.132267][T12383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.132280][T12383] RSP: 002b:00007f6586aa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  264.132299][T12383] RAX: ffffffffffffffda RBX: 00007f6585db5fa0 RCX: 00007f6585b8e929
[  264.132311][T12383] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000006
[  264.132322][T12383] RBP: 00007f6586aa1090 R08: 0000000000000000 R09: 0000000000000000
[  264.132332][T12383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.132342][T12383] R13: 0000000000000000 R14: 00007f6585db5fa0 R15: 00007ffc483742f8
[  264.132371][T12383]  </TASK>
[  264.164414][T12264] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.459980][T12264] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.468501][T12264] bridge_slave_1: entered allmulticast mode
[  264.477114][T12264] bridge_slave_1: entered promiscuous mode
[  264.544378][ T5845] Bluetooth: hci4: command tx timeout
[  264.562202][T12264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.629776][T12397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2324'.
[  264.661916][T12264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.717004][T12405] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2325'.
[  264.789579][T12264] team0: Port device team_slave_0 added
[  264.831863][T12264] team0: Port device team_slave_1 added
[  264.946759][T12264] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.967549][T12264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.031678][T12417] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2331'.
[  265.042266][T12264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  265.077025][T12264] batman_adv: batadv0: Adding interface: batadv_slave_1
[  265.097389][T12264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.142763][T12264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  265.292249][T12264] hsr_slave_0: entered promiscuous mode
[  265.301144][T12264] hsr_slave_1: entered promiscuous mode
[  265.310504][T12264] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  265.319114][T12264] Cannot create hsr debugfs directory
[  265.354594][T12428] vxcan1: tx address claim with dlc 0
[  265.409414][T12428] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2335'.
[  265.511226][T12437] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2337'.
[  265.707314][T12449] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2341'.
[  265.746140][T12449] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2341'.
[  265.759535][T12453] validate_nla: 2 callbacks suppressed
[  265.759552][T12453] netlink: 'syz.0.2342': attribute type 15 has an invalid length.
[  266.023124][T12470] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  266.273351][T12264] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  266.316985][T12264] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  266.405032][T12264] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  266.430418][T12264] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  266.614806][ T5845] Bluetooth: hci4: command tx timeout
[  266.648533][T12505] netlink: 'syz.2.2357': attribute type 29 has an invalid length.
[  266.750239][T12264] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.834421][T12515] netlink: 'syz.2.2357': attribute type 29 has an invalid length.
[  266.877171][T12264] 8021q: adding VLAN 0 to HW filter on device team0
[  266.901131][T12498] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2357'.
[  266.919533][T10684] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.927109][T10684] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.938503][T12498] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  266.966876][T12520] warn_alloc: 3 callbacks suppressed
[  266.966902][T12520] syz.0.2362: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  266.977797][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.982654][T12520] ,cpuset=
[  266.991145][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state
[  267.024349][T12520] /,mems_allowed=0-1
[  267.037903][T12520] CPU: 1 UID: 0 PID: 12520 Comm: syz.0.2362 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  267.037933][T12520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  267.037945][T12520] Call Trace:
[  267.037952][T12520]  <TASK>
[  267.037962][T12520]  dump_stack_lvl+0x189/0x250
[  267.037993][T12520]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  267.038015][T12520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.038040][T12520]  ? __pfx__printk+0x10/0x10
[  267.038060][T12520]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  267.038079][T12520]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  267.038104][T12520]  warn_alloc+0x214/0x310
[  267.038124][T12520]  ? stack_depot_save_flags+0x40/0x900
[  267.038148][T12520]  ? __pfx_warn_alloc+0x10/0x10
[  267.038170][T12520]  ? kasan_save_track+0x4f/0x80
[  267.038196][T12520]  ? xskq_create+0x56/0x170
[  267.038217][T12520]  ? xsk_init_queue+0xb0/0x110
[  267.038237][T12520]  ? xsk_setsockopt+0x43f/0x710
[  267.038256][T12520]  ? do_sock_setsockopt+0x257/0x3e0
[  267.038276][T12520]  ? __x64_sys_setsockopt+0x18b/0x220
[  267.038294][T12520]  ? do_syscall_64+0xfa/0x3b0
[  267.038309][T12520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.038335][T12520]  __vmalloc_node_range_noprof+0x125/0x12f0
[  267.038386][T12520]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  267.038412][T12520]  ? __kasan_kmalloc+0x93/0xb0
[  267.038433][T12520]  vmalloc_user_noprof+0xad/0xf0
[  267.038452][T12520]  ? xskq_create+0xbf/0x170
[  267.038476][T12520]  xskq_create+0xbf/0x170
[  267.038502][T12520]  xsk_init_queue+0xb0/0x110
[  267.038527][T12520]  xsk_setsockopt+0x43f/0x710
[  267.038553][T12520]  ? __pfx_xsk_setsockopt+0x10/0x10
[  267.038574][T12520]  ? __lock_acquire+0xab9/0xd20
[  267.038608][T12520]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  267.038629][T12520]  ? __pfx_xsk_setsockopt+0x10/0x10
[  267.038652][T12520]  do_sock_setsockopt+0x257/0x3e0
[  267.038676][T12520]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  267.038702][T12520]  ? __fget_files+0x2a/0x420
[  267.038729][T12520]  __x64_sys_setsockopt+0x18b/0x220
[  267.038760][T12520]  do_syscall_64+0xfa/0x3b0
[  267.038775][T12520]  ? lockdep_hardirqs_on+0x9c/0x150
[  267.038799][T12520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.038816][T12520]  ? clear_bhb_loop+0x60/0xb0
[  267.038838][T12520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.038854][T12520] RIP: 0033:0x7f6585b8e929
[  267.038871][T12520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.038895][T12520] RSP: 002b:00007f6586aa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  267.038915][T12520] RAX: ffffffffffffffda RBX: 00007f6585db5fa0 RCX: 00007f6585b8e929
[  267.038928][T12520] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  267.038939][T12520] RBP: 00007f6585c10b39 R08: 0000000000000004 R09: 0000000000000000
[  267.038951][T12520] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  267.038962][T12520] R13: 0000000000000000 R14: 00007f6585db5fa0 R15: 00007ffc483742f8
[  267.038993][T12520]  </TASK>
[  267.041622][T12520] Mem-Info:
[  267.325192][T12264] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  267.370575][T12520] active_anon:4275 inactive_anon:0 isolated_anon:0
[  267.370575][T12520]  active_file:1605 inactive_file:39910 isolated_file:0
[  267.370575][T12520]  unevictable:768 dirty:298 writeback:0
[  267.370575][T12520]  slab_reclaimable:10947 slab_unreclaimable:109120
[  267.370575][T12520]  mapped:31393 shmem:1361 pagetables:1050
[  267.370575][T12520]  sec_pagetables:0 bounce:0
[  267.370575][T12520]  kernel_misc_reclaimable:0
[  267.370575][T12520]  free:1318776 free_pcp:11039 free_cma:0
[  267.370746][T12264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  267.423220][T12520] Node 0 active_anon:17200kB inactive_anon:0kB active_file:6420kB inactive_file:159440kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:125572kB dirty:1188kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12592kB pagetables:4064kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  267.482915][T12522] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  267.499914][T12520] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  267.590399][T12520] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  267.626889][T12520] lowmem_reserve[]: 0 2500 2502 2502 2502
[  267.632881][T12520] Node 0 DMA32 free:1357840kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17148kB inactive_anon:0kB active_file:6420kB inactive_file:157616kB unevictable:1536kB writepending:1184kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:55232kB local_pcp:22876kB free_cma:0kB
[  267.701499][T12520] lowmem_reserve[]: 0 0 1 1 1
[  267.711339][T12520] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1824kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  267.739730][T12531] netlink: 'syz.2.2364': attribute type 10 has an invalid length.
[  267.788864][T12520] lowmem_reserve[]: 0 0 0 0 0
[  267.815923][T12520] Node 1 Normal free:3901944kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18288kB local_pcp:9568kB free_cma:0kB
[  267.859257][T12520] lowmem_reserve[]: 0 0 0 0 0
[  267.865106][T12520] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  267.891488][T12520] Node 0 DMA32: 1037*4kB (UME) 287*8kB (UME) 124*16kB (UM) 28*32kB (ME) 9*64kB (M) 0*128kB 15*256kB (UME) 7*512kB (UME) 7*1024kB (U) 6*2048kB (UME) 323*4096kB (UM) = 1359788kB
[  267.923216][T12520] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  267.941071][T12520] Node 1 Normal: 184*4kB (UME) 59*8kB (UME) 46*16kB (UME) 109*32kB (UME) 41*64kB (UME) 9*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3901944kB
[  267.984623][T12520] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  268.018897][T12520] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  268.033745][T12520] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  268.048569][T12520] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  268.071597][T12264] 8021q: adding VLAN 0 to HW filter on device batadv0
[  268.093011][T12520] 42872 total pagecache pages
[  268.110475][T12520] 0 pages in swap cache
[  268.128128][T12520] Free swap  = 124996kB
[  268.132345][T12520] Total swap = 124996kB
[  268.152811][T12520] 2097051 pages RAM
[  268.169180][T12520] 0 pages HighMem/MovableOnly
[  268.178294][T12264] veth0_vlan: entered promiscuous mode
[  268.184492][T12520] 424690 pages reserved
[  268.188840][T12520] 0 pages cma reserved
[  268.201724][T12264] veth1_vlan: entered promiscuous mode
[  268.282584][T12264] veth0_macvtap: entered promiscuous mode
[  268.320451][T12264] veth1_macvtap: entered promiscuous mode
[  268.361037][T12264] batman_adv: batadv0: Interface activated: batadv_slave_0
[  268.388934][T12264] batman_adv: batadv0: Interface activated: batadv_slave_1
[  268.407691][T12264] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  268.421342][T12264] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  268.433079][T12264] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  268.443479][T12562] netlink: 'syz.0.2373': attribute type 21 has an invalid length.
[  268.456504][T12264] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.471067][T12562] netlink: 'syz.0.2373': attribute type 1 has an invalid length.
[  268.500987][T12562] x_tables: ip6_tables: dccp match: only valid for protocol 33
[  268.599590][T10684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.627536][T10684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.639195][T12572] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2376'.
[  268.654466][T12572] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2376'.
[  268.705529][ T5845] Bluetooth: hci4: command tx timeout
[  268.712502][T10688] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.744739][T10688] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.773076][T12574] netlink: 'syz.3.2377': attribute type 1 has an invalid length.
[  268.832159][T12576] netlink: 'syz.4.2378': attribute type 1 has an invalid length.
[  268.922609][T12576] 8021q: adding VLAN 0 to HW filter on device bond5
[  269.077653][T12590] netlink: 'syz.2.2383': attribute type 30 has an invalid length.
[  269.214148][T12596] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2386'.
[  269.269123][T12600] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2387'.
[  269.439771][T12611] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode
[  269.455029][T12611] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode
[  269.527964][T12620] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2392'.
[  269.691846][T12633] netlink: 'syz.4.2399': attribute type 1 has an invalid length.
[  269.781454][T12633] 8021q: adding VLAN 0 to HW filter on device bond6
[  269.810051][T12639] ip6tnl1: entered promiscuous mode
[  269.818937][T12639] ip6tnl1: entered allmulticast mode
[  269.837045][T12633] FAULT_INJECTION: forcing a failure.
[  269.837045][T12633] name failslab, interval 1, probability 0, space 0, times 0
[  269.850722][T12633] CPU: 0 UID: 0 PID: 12633 Comm: syz.4.2399 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  269.850747][T12633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  269.850758][T12633] Call Trace:
[  269.850765][T12633]  <TASK>
[  269.850772][T12633]  dump_stack_lvl+0x189/0x250
[  269.850800][T12633]  ? __pfx____ratelimit+0x10/0x10
[  269.850824][T12633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.850847][T12633]  ? __pfx__printk+0x10/0x10
[  269.850867][T12633]  ? __pfx___might_resched+0x10/0x10
[  269.850897][T12633]  ? fs_reclaim_acquire+0x7d/0x100
[  269.850921][T12633]  should_fail_ex+0x414/0x560
[  269.850947][T12633]  should_failslab+0xa8/0x100
[  269.850967][T12633]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  269.850984][T12633]  ? __alloc_skb+0x112/0x2d0
[  269.851008][T12633]  __alloc_skb+0x112/0x2d0
[  269.851030][T12633]  alloc_skb_with_frags+0xca/0x890
[  269.851055][T12633]  ? aa_label_sk_perm+0x413/0x560
[  269.851081][T12633]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  269.851104][T12633]  sock_alloc_send_pskb+0x857/0x990
[  269.851144][T12633]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  269.851177][T12633]  ? aa_sk_perm+0x81e/0x950
[  269.851199][T12633]  hci_sock_sendmsg+0x207/0xef0
[  269.851226][T12633]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  269.851247][T12633]  ? aa_sock_msg_perm+0x94/0x160
[  269.851269][T12633]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  269.851289][T12633]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  269.851310][T12633]  __sock_sendmsg+0x219/0x270
[  269.851337][T12633]  sock_write_iter+0x258/0x330
[  269.851361][T12633]  ? __pfx_sock_write_iter+0x10/0x10
[  269.851395][T12633]  ? bpf_lsm_file_permission+0x9/0x20
[  269.851415][T12633]  ? security_file_permission+0x75/0x290
[  269.851440][T12633]  vfs_write+0x548/0xa90
[  269.851468][T12633]  ? __pfx_sock_write_iter+0x10/0x10
[  269.851490][T12633]  ? __pfx_vfs_write+0x10/0x10
[  269.851524][T12633]  ? __fget_files+0x2a/0x420
[  269.851551][T12633]  ksys_write+0x145/0x250
[  269.851570][T12633]  ? __pfx_ksys_write+0x10/0x10
[  269.851583][T12633]  ? rcu_is_watching+0x15/0xb0
[  269.851611][T12633]  ? do_syscall_64+0xbe/0x3b0
[  269.851632][T12633]  do_syscall_64+0xfa/0x3b0
[  269.851646][T12633]  ? lockdep_hardirqs_on+0x9c/0x150
[  269.851667][T12633]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.851683][T12633]  ? clear_bhb_loop+0x60/0xb0
[  269.851707][T12633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.851723][T12633] RIP: 0033:0x7fcfac78e929
[  269.851739][T12633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.851753][T12633] RSP: 002b:00007fcfad6b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  269.851772][T12633] RAX: ffffffffffffffda RBX: 00007fcfac9b5fa0 RCX: 00007fcfac78e929
[  269.851784][T12633] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 000000000000000c
[  269.851795][T12633] RBP: 00007fcfad6b8090 R08: 0000000000000000 R09: 0000000000000000
[  269.851806][T12633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.851816][T12633] R13: 0000000000000000 R14: 00007fcfac9b5fa0 R15: 00007fffe916b948
[  269.851846][T12633]  </TASK>
[  270.247795][ T3530] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.465426][ T3530] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.821627][ T3530] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.898246][ T3530] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.015773][T12643] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2401'.
[  271.147934][T12650] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[  271.219623][ T3530] bridge_slave_1: left allmulticast mode
[  271.234735][ T3530] bridge_slave_1: left promiscuous mode
[  271.250967][ T3530] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.251130][T12656] FAULT_INJECTION: forcing a failure.
[  271.251130][T12656] name failslab, interval 1, probability 0, space 0, times 0
[  271.275296][ T3530] bridge_slave_0: left allmulticast mode
[  271.281735][ T3530] bridge_slave_0: left promiscuous mode
[  271.283364][T12656] CPU: 1 UID: 0 PID: 12656 Comm: syz.2.2407 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  271.283390][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  271.283401][T12656] Call Trace:
[  271.283408][T12656]  <TASK>
[  271.283417][T12656]  dump_stack_lvl+0x189/0x250
[  271.283445][T12656]  ? __pfx____ratelimit+0x10/0x10
[  271.283469][T12656]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.283491][T12656]  ? __pfx__printk+0x10/0x10
[  271.283515][T12656]  ? __pfx___might_resched+0x10/0x10
[  271.283537][T12656]  ? fs_reclaim_acquire+0x7d/0x100
[  271.283560][T12656]  should_fail_ex+0x414/0x560
[  271.283586][T12656]  should_failslab+0xa8/0x100
[  271.283615][T12656]  __kmalloc_noprof+0xcb/0x4f0
[  271.283630][T12656]  ? kfree+0x4d/0x440
[  271.283648][T12656]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  271.283675][T12656]  tomoyo_realpath_from_path+0xe3/0x5d0
[  271.283709][T12656]  ? tomoyo_domain+0xd9/0x130
[  271.283736][T12656]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  271.283754][T12656]  tomoyo_path_number_perm+0x1e8/0x5a0
[  271.283776][T12656]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  271.283813][T12656]  ? __lock_acquire+0xab9/0xd20
[  271.283858][T12656]  ? __fget_files+0x2a/0x420
[  271.283879][T12656]  ? __fget_files+0x2a/0x420
[  271.283895][T12656]  ? __fget_files+0x3a0/0x420
[  271.283911][T12656]  ? __fget_files+0x2a/0x420
[  271.283933][T12656]  security_file_ioctl+0xcb/0x2d0
[  271.283954][T12656]  __se_sys_ioctl+0x47/0x170
[  271.283979][T12656]  do_syscall_64+0xfa/0x3b0
[  271.283994][T12656]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.284015][T12656]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.284031][T12656]  ? clear_bhb_loop+0x60/0xb0
[  271.284051][T12656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.284067][T12656] RIP: 0033:0x7fadabb8e929
[  271.284082][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.284095][T12656] RSP: 002b:00007fadac944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.284113][T12656] RAX: ffffffffffffffda RBX: 00007fadabdb5fa0 RCX: 00007fadabb8e929
[  271.284125][T12656] RDX: 0000200000000200 RSI: 0000000040047435 RDI: 0000000000000005
[  271.284136][T12656] RBP: 00007fadac944090 R08: 0000000000000000 R09: 0000000000000000
[  271.284146][T12656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.284156][T12656] R13: 0000000000000000 R14: 00007fadabdb5fa0 R15: 00007ffffb7029e8
[  271.284185][T12656]  </TASK>
[  271.284589][T12656] ERROR: Out of memory at tomoyo_realpath_from_path.
[  271.294416][ T3530] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.643700][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  271.653160][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  271.664481][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  271.679711][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  271.688144][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  272.140379][ T3530] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  272.152146][ T3530] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  272.162818][ T3530] bond0 (unregistering): Released all slaves
[  272.346564][T12675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2409'.
[  272.389528][T12679] ip6tnl1: entered promiscuous mode
[  272.398502][T12679] ip6tnl1: entered allmulticast mode
[  272.517053][T12680] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2410'.
[  272.527479][T12680] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2410'.
[  272.572140][T12687] netlink: 'syz.4.2413': attribute type 10 has an invalid length.
[  272.712545][T12695] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2416'.
[  272.826098][ T3530] hsr_slave_0: left promiscuous mode
[  272.846544][ T3530] hsr_slave_1: left promiscuous mode
[  272.863839][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  272.881538][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_0
[  272.895592][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  272.903431][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_1
[  272.923507][ T3530] veth1_macvtap: left promiscuous mode
[  272.929879][ T3530] veth0_macvtap: left promiscuous mode
[  272.936545][ T3530] veth1_vlan: left promiscuous mode
[  272.942785][ T3530] veth0_vlan: left promiscuous mode
[  273.398695][ T3530] team0 (unregistering): Port device team_slave_1 removed
[  273.440228][ T3530] team0 (unregistering): Port device team_slave_0 removed
[  273.747361][   T51] Bluetooth: hci4: command tx timeout
[  273.823098][T12666] chnl_net:caif_netlink_parms(): no params data found
[  273.852404][T12703] lo speed is unknown, defaulting to 1000
[  273.949460][T12703] lo speed is unknown, defaulting to 1000
[  273.965839][T12703] lo speed is unknown, defaulting to 1000
[  274.035035][T12703] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -1
[  274.119435][T12703] lo speed is unknown, defaulting to 1000
[  274.151556][T12666] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.170963][T12666] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.188050][T12666] bridge_slave_0: entered allmulticast mode
[  274.203002][T12666] bridge_slave_0: entered promiscuous mode
[  274.213402][T12666] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.213417][T12703] lo speed is unknown, defaulting to 1000
[  274.228726][T12666] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.237679][T12666] bridge_slave_1: entered allmulticast mode
[  274.245832][T12666] bridge_slave_1: entered promiscuous mode
[  274.289836][T12703] lo speed is unknown, defaulting to 1000
[  274.299761][T12721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2426'.
[  274.339442][T12703] lo speed is unknown, defaulting to 1000
[  274.409563][T12703] lo speed is unknown, defaulting to 1000
[  274.413148][T12666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  274.452475][T12728] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2429'.
[  274.478680][T12666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  274.599496][T12732] bridge0: port 3(gretap0) entered blocking state
[  274.607666][T12732] bridge0: port 3(gretap0) entered disabled state
[  274.621942][T12732] gretap0: entered allmulticast mode
[  274.630998][T12732] gretap0: entered promiscuous mode
[  274.638104][T12732] bridge0: port 3(gretap0) entered blocking state
[  274.644950][T12732] bridge0: port 3(gretap0) entered forwarding state
[  274.685140][T12666] team0: Port device team_slave_0 added
[  274.735159][T12666] team0: Port device team_slave_1 added
[  274.956196][T12666] batman_adv: batadv0: Adding interface: batadv_slave_0
[  274.983730][T12666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  275.064286][T12666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  275.099635][T12666] batman_adv: batadv0: Adding interface: batadv_slave_1
[  275.106802][T12666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  275.134353][T12666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  275.236938][T12751] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2437'.
[  275.254957][T12748] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2438'.
[  275.273828][T12666] hsr_slave_0: entered promiscuous mode
[  275.285481][T12666] hsr_slave_1: entered promiscuous mode
[  275.292257][T12666] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  275.303485][T12666] Cannot create hsr debugfs directory
[  275.382409][ T3530] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.457534][T12755] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2440'.
[  275.528009][ T3530] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.703108][ T3530] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.730142][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  275.741690][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  275.750446][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  275.766192][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  275.775013][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  275.817604][   T51] Bluetooth: hci4: command tx timeout
[  275.889502][ T3530] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.996394][T12765] lo speed is unknown, defaulting to 1000
[  276.286040][ T3530] bridge_slave_1: left allmulticast mode
[  276.292327][ T3530] bridge_slave_1: left promiscuous mode
[  276.306565][ T3530] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.331338][ T3530] bridge_slave_0: left allmulticast mode
[  276.350343][ T3530] bridge_slave_0: left promiscuous mode
[  276.376501][ T3530] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.588180][ T3530] dvmrp1 (unregistering): left allmulticast mode
[  276.729723][ T3530] bond1 (unregistering): Released all slaves
[  276.832617][ T3530] bond2 (unregistering): Released all slaves
[  276.945121][ T3530] bond3 (unregistering): Released all slaves
[  276.959847][ T3530] bond4 (unregistering): Released all slaves
[  276.972857][ T3530] bond5 (unregistering): Released all slaves
[  277.082253][ T3530] bond6 (unregistering): Released all slaves
[  277.196094][ T3530] bond7 (unregistering): Released all slaves
[  277.413654][ T3530] tipc: Left network mode
[  277.428484][T12801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2453'.
[  277.536101][T12765] chnl_net:caif_netlink_parms(): no params data found
[  277.817865][   T51] Bluetooth: hci3: command tx timeout
[  277.860018][T12666] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  277.881219][T12819] xt_nat: multiple ranges no longer supported
[  277.896488][   T51] Bluetooth: hci4: command tx timeout
[  277.992975][T12825] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2463'.
[  278.013590][T12765] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.043173][T12765] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.053542][T12765] bridge_slave_0: entered allmulticast mode
[  278.073516][T12765] bridge_slave_0: entered promiscuous mode
[  278.083234][T12666] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  278.108760][T12828] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2465'.
[  278.122998][T12830] netlink: 'syz.2.2464': attribute type 10 has an invalid length.
[  278.124097][ T3530] hsr_slave_0: left promiscuous mode
[  278.138911][ T3530] hsr_slave_1: left promiscuous mode
[  278.145321][ T3530] batman_adv: batadv0: Removing interface: team0
[  278.152428][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.160158][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.168566][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.178506][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.200795][ T3530] veth1_macvtap: left promiscuous mode
[  278.207057][ T3530] veth0_macvtap: left promiscuous mode
[  278.212776][ T3530] veth1_vlan: left promiscuous mode
[  278.221096][ T3530] veth0_vlan: left promiscuous mode
[  278.729894][ T3530] team0 (unregistering): Port device team_slave_1 removed
[  278.771085][ T3530] team0 (unregistering): Port device team_slave_0 removed
[  279.152040][ T3530] lo (unregistering): left allmulticast mode
[  279.172366][T12765] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.184555][T12765] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.192059][T12765] bridge_slave_1: entered allmulticast mode
[  279.217280][T12765] bridge_slave_1: entered promiscuous mode
[  279.247636][T12666] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  279.312981][T12834] RDS: rds_bind could not find a transport for 400:0:1200:0:1030:0:ffff:ffff, load rds_tcp or rds_rdma?
[  279.357390][T12666] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  279.489223][T12765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.506378][T12765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.670410][T12853] netlink: 'syz.2.2472': attribute type 10 has an invalid length.
[  279.691721][T12765] team0: Port device team_slave_0 added
[  279.718863][T12850] FAULT_INJECTION: forcing a failure.
[  279.718863][T12850] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.772138][T12765] team0: Port device team_slave_1 added
[  279.784559][T12850] CPU: 1 UID: 0 PID: 12850 Comm: syz.4.2470 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  279.784588][T12850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  279.784599][T12850] Call Trace:
[  279.784606][T12850]  <TASK>
[  279.784614][T12850]  dump_stack_lvl+0x189/0x250
[  279.784643][T12850]  ? __pfx____ratelimit+0x10/0x10
[  279.784666][T12850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.784687][T12850]  ? __pfx__printk+0x10/0x10
[  279.784703][T12850]  ? __might_fault+0xb0/0x130
[  279.784728][T12850]  should_fail_ex+0x414/0x560
[  279.784753][T12850]  _copy_from_iter+0x1db/0x16f0
[  279.784776][T12850]  ? __lock_acquire+0xab9/0xd20
[  279.784806][T12850]  ? __pfx__copy_from_iter+0x10/0x10
[  279.784845][T12850]  tun_get_user+0x20f/0x3ce0
[  279.784888][T12850]  ? aa_file_perm+0x11f/0xed0
[  279.784910][T12850]  ? __pfx_tun_get_user+0x10/0x10
[  279.784931][T12850]  ? aa_file_perm+0x11f/0xed0
[  279.784951][T12850]  ? aa_file_perm+0x3e7/0xed0
[  279.784985][T12850]  ? ref_tracker_alloc+0x318/0x460
[  279.785004][T12850]  ? __lock_acquire+0xab9/0xd20
[  279.785027][T12850]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  279.785061][T12850]  ? tun_get+0x1c/0x2f0
[  279.785088][T12850]  ? tun_get+0x1c/0x2f0
[  279.785110][T12850]  ? tun_get+0x1c/0x2f0
[  279.785137][T12850]  tun_chr_write_iter+0x113/0x200
[  279.785162][T12850]  vfs_write+0x548/0xa90
[  279.785190][T12850]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  279.785213][T12850]  ? __pfx_vfs_write+0x10/0x10
[  279.785245][T12850]  ? __fget_files+0x2a/0x420
[  279.785273][T12850]  ksys_write+0x145/0x250
[  279.785291][T12850]  ? __pfx_ksys_write+0x10/0x10
[  279.785303][T12850]  ? rcu_is_watching+0x15/0xb0
[  279.785330][T12850]  ? do_syscall_64+0xbe/0x3b0
[  279.785349][T12850]  do_syscall_64+0xfa/0x3b0
[  279.785363][T12850]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.785385][T12850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.785402][T12850]  ? clear_bhb_loop+0x60/0xb0
[  279.785421][T12850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.785437][T12850] RIP: 0033:0x7fcfac78e929
[  279.785452][T12850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.785466][T12850] RSP: 002b:00007fcfad6b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  279.785484][T12850] RAX: ffffffffffffffda RBX: 00007fcfac9b5fa0 RCX: 00007fcfac78e929
[  279.785496][T12850] RDX: 000000000000004a RSI: 0000200000000340 RDI: 0000000000000004
[  279.785506][T12850] RBP: 00007fcfad6b8090 R08: 0000000000000000 R09: 0000000000000000
[  279.785516][T12850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.785526][T12850] R13: 0000000000000000 R14: 00007fcfac9b5fa0 R15: 00007fffe916b948
[  279.785555][T12850]  </TASK>
[  279.890117][T12859] openvswitch: netlink: Key type 16144 is out of range max 32
[  279.938596][   T51] Bluetooth: hci3: command tx timeout
[  279.983038][ T5845] Bluetooth: hci4: command tx timeout
[  280.221455][T12765] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.229282][T12765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.260289][T12765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.275006][T12765] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.282172][T12765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.309693][T12765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.327608][ T3530] IPVS: stop unused estimator thread 0...
[  280.441037][T12765] hsr_slave_0: entered promiscuous mode
[  280.460170][T12765] hsr_slave_1: entered promiscuous mode
[  280.471309][T12765] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  280.481962][T12765] Cannot create hsr debugfs directory
[  280.547826][T12871] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2478'.
[  280.643380][T12666] 8021q: adding VLAN 0 to HW filter on device bond0
[  280.783649][T12666] 8021q: adding VLAN 0 to HW filter on device team0
[  280.899597][T10684] bridge0: port 1(bridge_slave_0) entered blocking state
[  280.906844][T10684] bridge0: port 1(bridge_slave_0) entered forwarding state
[  280.937466][T10684] bridge0: port 2(bridge_slave_1) entered blocking state
[  280.944916][T10684] bridge0: port 2(bridge_slave_1) entered forwarding state
[  280.980702][T12894] netlink: 'syz.0.2484': attribute type 1 has an invalid length.
[  280.991044][T12894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2484'.
[  281.011650][T12892] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.2484'.
[  281.269623][T12902] netlink: 'syz.0.2489': attribute type 33 has an invalid length.
[  281.471135][T12666] 8021q: adding VLAN 0 to HW filter on device batadv0
[  281.622396][T12765] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  281.637127][T12765] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  281.658332][T12765] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  281.701387][T12765] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  281.967010][T12666] veth0_vlan: entered promiscuous mode
[  281.990914][T12924] netlink: 596 bytes leftover after parsing attributes in process `syz.0.2496'.
[  282.034464][T12666] veth1_vlan: entered promiscuous mode
[  282.044363][T12926] netlink: 596 bytes leftover after parsing attributes in process `syz.0.2496'.
[  282.062303][ T5845] Bluetooth: hci3: command tx timeout
[  282.121810][T12927] netlink: 'syz.2.2497': attribute type 10 has an invalid length.
[  282.196210][T12927] veth1_macvtap: entered allmulticast mode
[  282.214770][T12927] team0: Device veth1_macvtap failed to register rx_handler
[  282.232584][T12929] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2498'.
[  282.290285][T12666] veth0_macvtap: entered promiscuous mode
[  282.368457][T12666] veth1_macvtap: entered promiscuous mode
[  282.387271][T12765] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.456553][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  282.462433][T12933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2500'.
[  282.474945][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  282.491871][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  282.501559][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  282.517509][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  282.518367][T12666] batman_adv: batadv0: Interface activated: batadv_slave_0
[  282.617052][T12938] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2501'.
[  282.660397][T12940] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2502'.
[  282.726576][  T739] erspan0 (unregistering): left promiscuous mode
[  282.745812][  T739] gretap0 (unregistering): left promiscuous mode
[  282.774722][  T739] bond2 (unregistering): (slave gretap1): Releasing active interface
[  282.999627][  T739] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  283.008617][  T739] bond0 (unregistering): Released all slaves
[  283.022869][  T739] bond1 (unregistering): Released all slaves
[  283.122778][  T739] bond2 (unregistering): Released all slaves
[  283.223391][  T739] bond3 (unregistering): Released all slaves
[  283.237791][  T739] bond4 (unregistering): Released all slaves
[  283.351114][  T739] bond5 (unregistering): Released all slaves
[  283.451708][  T739] bond6 (unregistering): Released all slaves
[  283.470531][T12765] 8021q: adding VLAN 0 to HW filter on device team0
[  283.502422][ T3486] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.509645][ T3486] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.565676][T12666] batman_adv: batadv0: Interface activated: batadv_slave_1
[  283.606668][T12666] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.621748][T12666] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.631332][T12666] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.641272][T12666] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  283.677244][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.684552][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.701551][  T739] : left promiscuous mode
[  283.788015][  T739] tipc: Left network mode
[  283.962444][T10688] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.972595][T10688] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.092138][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.097221][T12954] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2507'.
[  284.101107][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.134792][ T5845] Bluetooth: hci3: command tx timeout
[  284.160750][T12954] netlink: 'syz.0.2507': attribute type 3 has an invalid length.
[  284.233712][  T739] hsr_slave_0: left promiscuous mode
[  284.243380][  T739] hsr_slave_1: left promiscuous mode
[  284.614484][ T5845] Bluetooth: hci2: command tx timeout
[  284.629477][T12959] netlink: 'syz.2.2509': attribute type 2 has an invalid length.
[  284.931398][  T739] lo (unregistering): left allmulticast mode
[  285.102709][T12965] netlink: 'syz.2.2511': attribute type 30 has an invalid length.
[  285.129926][T12967] netlink: 'syz.0.2510': attribute type 1 has an invalid length.
[  285.222260][T12967] 8021q: adding VLAN 0 to HW filter on device bond3
[  285.240422][T12765] 8021q: adding VLAN 0 to HW filter on device batadv0
[  285.346249][T12934] chnl_net:caif_netlink_parms(): no params data found
[  285.527148][T12765] veth0_vlan: entered promiscuous mode
[  285.549403][T12934] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.557487][T12934] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.564966][T12934] bridge_slave_0: entered allmulticast mode
[  285.571918][T12934] bridge_slave_0: entered promiscuous mode
[  285.584915][T12934] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.592120][T12934] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.600271][T12934] bridge_slave_1: entered allmulticast mode
[  285.607375][T12934] bridge_slave_1: entered promiscuous mode
[  285.643565][T12934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.656397][T12934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  285.666796][  T739] IPVS: stop unused estimator thread 0...
[  285.678493][T12765] veth1_vlan: entered promiscuous mode
[  285.722646][T12934] team0: Port device team_slave_0 added
[  285.748750][T12934] team0: Port device team_slave_1 added
[  285.782556][T12934] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.789715][T12934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.817834][T12934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.830828][T12765] veth0_macvtap: entered promiscuous mode
[  285.841402][T12934] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.849578][T12934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.876459][T12934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.910684][  T739] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.929462][T12765] veth1_macvtap: entered promiscuous mode
[  285.983234][T12765] batman_adv: batadv0: Interface activated: batadv_slave_0
[  286.008279][  T739] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.034477][T12934] hsr_slave_0: entered promiscuous mode
[  286.040812][T12934] hsr_slave_1: entered promiscuous mode
[  286.047005][T12934] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  286.055591][T12934] Cannot create hsr debugfs directory
[  286.079993][  T739] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.109034][T12765] batman_adv: batadv0: Interface activated: batadv_slave_1
[  286.157334][T12765] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  286.168592][T12765] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  286.178534][T12765] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  286.187529][T12765] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.211422][  T739] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.421561][T12979] __nla_validate_parse: 1 callbacks suppressed
[  286.421582][T12979] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2513'.
[  286.694493][ T5845] Bluetooth: hci2: command tx timeout
[  286.760609][ T3486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.804212][ T3486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.829101][  T739] bridge_slave_1: left allmulticast mode
[  286.843378][  T739] bridge_slave_1: left promiscuous mode
[  286.854853][  T739] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.877913][  T739] bridge_slave_0: left allmulticast mode
[  286.885402][  T739] bridge_slave_0: left promiscuous mode
[  286.892334][  T739] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.929852][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  286.943354][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  286.952511][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  286.967613][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  286.977406][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  287.270174][  T739] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  287.281167][  T739] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  287.291253][  T739] bond0 (unregistering): Released all slaves
[  287.329718][T10684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  287.364268][T10684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  287.596226][T13002] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2521'.
[  287.680807][T12934] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  287.703714][T12934] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  287.737269][T12934] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  287.760309][T12934] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  287.862034][T13012] xt_hashlimit: max too large, truncated to 1048576
[  287.880009][  T739] hsr_slave_0: left promiscuous mode
[  287.889187][T13015] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2524'.
[  287.900545][  T739] hsr_slave_1: left promiscuous mode
[  287.906693][  T739] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.914642][  T739] batman_adv: batadv0: Removing interface: batadv_slave_0
[  287.928301][  T739] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  287.936080][  T739] batman_adv: batadv0: Removing interface: batadv_slave_1
[  287.980526][  T739] veth1_macvtap: left promiscuous mode
[  287.986826][  T739] veth0_macvtap: left promiscuous mode
[  287.992555][  T739] veth1_vlan: left promiscuous mode
[  287.998178][  T739] veth0_vlan: left promiscuous mode
[  288.556466][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  288.573070][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  288.590551][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  288.603410][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  288.620911][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  288.743819][  T739] team0 (unregistering): Port device team_slave_1 removed
[  288.774920][   T51] Bluetooth: hci2: command tx timeout
[  288.790198][  T739] team0 (unregistering): Port device team_slave_0 removed
[  289.014463][   T51] Bluetooth: hci4: command tx timeout
[  289.207503][T13020] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2525'.
[  289.379192][T12994] chnl_net:caif_netlink_parms(): no params data found
[  289.401583][T13034] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2528'.
[  289.721765][T12994] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.730893][T12994] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.732511][T13046] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2532'.
[  289.738793][T12994] bridge_slave_0: entered allmulticast mode
[  289.756337][T12994] bridge_slave_0: entered promiscuous mode
[  289.794495][T12994] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.801785][T12994] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.809923][T12994] bridge_slave_1: entered allmulticast mode
[  289.819672][T12994] bridge_slave_1: entered promiscuous mode
[  289.847968][T12934] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.856341][T13050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2534'.
[  289.897174][T12994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  289.910515][T12994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.027136][T12994] team0: Port device team_slave_0 added
[  290.037078][T13054] netlink: 'syz.0.2535': attribute type 8 has an invalid length.
[  290.052926][T12994] team0: Port device team_slave_1 added
[  290.122578][T12934] 8021q: adding VLAN 0 to HW filter on device team0
[  290.138949][T13056] tipc: Started in network mode
[  290.145400][T13056] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[  290.155107][T13056] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  290.166650][T12994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.174593][T12994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.201951][T12994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.216458][T13025] chnl_net:caif_netlink_parms(): no params data found
[  290.232014][T12994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.241822][T12994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.269283][T12994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.297522][ T3486] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.304717][ T3486] bridge0: port 1(bridge_slave_0) entered forwarding state
[  290.321665][T13058] netlink: 'syz.0.2536': attribute type 10 has an invalid length.
[  290.357764][T10684] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.453571][T10684] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.485873][T10688] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.493078][T10688] bridge0: port 2(bridge_slave_1) entered forwarding state
[  290.555288][T10684] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.679271][T12994] hsr_slave_0: entered promiscuous mode
[  290.686199][T12994] hsr_slave_1: entered promiscuous mode
[  290.692689][T12994] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  290.704901][   T51] Bluetooth: hci3: command tx timeout
[  290.705543][T12994] Cannot create hsr debugfs directory
[  290.768886][T10684] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.802794][T13067] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode
[  290.812970][T13067] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode
[  290.854618][   T51] Bluetooth: hci2: command tx timeout
[  290.991538][T13025] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.008916][T13025] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.035109][T13025] bridge_slave_0: entered allmulticast mode
[  291.042874][T13025] bridge_slave_0: entered promiscuous mode
[  291.058430][T13071] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2540'.
[  291.104880][   T51] Bluetooth: hci4: command tx timeout
[  291.134315][T13025] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.141583][T13025] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.174276][T13025] bridge_slave_1: entered allmulticast mode
[  291.182355][T13025] bridge_slave_1: entered promiscuous mode
[  291.297553][T13025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.332348][T13025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.482238][T13079] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2544'.
[  291.517768][T13025] team0: Port device team_slave_0 added
[  291.589902][T13025] team0: Port device team_slave_1 added
[  291.624286][T10684] bridge_slave_1: left allmulticast mode
[  291.630130][T10684] bridge_slave_1: left promiscuous mode
[  291.641317][T10684] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.659088][T10684] bridge_slave_0: left allmulticast mode
[  291.664932][T10684] bridge_slave_0: left promiscuous mode
[  291.671386][T10684] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.712773][T13085] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2546'.
[  291.903234][T13091] FAULT_INJECTION: forcing a failure.
[  291.903234][T13091] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  291.930782][T13091] CPU: 1 UID: 0 PID: 13091 Comm: syz.2.2547 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  291.930810][T13091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  291.930820][T13091] Call Trace:
[  291.930827][T13091]  <TASK>
[  291.930833][T13091]  dump_stack_lvl+0x189/0x250
[  291.930854][T13091]  ? __pfx____ratelimit+0x10/0x10
[  291.930870][T13091]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.930885][T13091]  ? __pfx__printk+0x10/0x10
[  291.930902][T13091]  should_fail_ex+0x414/0x560
[  291.930917][T13091]  _copy_to_user+0x31/0xb0
[  291.930929][T13091]  simple_read_from_buffer+0xe1/0x170
[  291.930943][T13091]  proc_fail_nth_read+0x1df/0x250
[  291.930956][T13091]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  291.930969][T13091]  ? rw_verify_area+0x258/0x650
[  291.930985][T13091]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  291.930997][T13091]  vfs_read+0x1fd/0x980
[  291.931015][T13091]  ? __pfx___mutex_lock+0x10/0x10
[  291.931025][T13091]  ? __pfx_vfs_read+0x10/0x10
[  291.931039][T13091]  ? __fget_files+0x2a/0x420
[  291.931053][T13091]  ? __fget_files+0x3a0/0x420
[  291.931062][T13091]  ? __fget_files+0x2a/0x420
[  291.931078][T13091]  ksys_read+0x145/0x250
[  291.931088][T13091]  ? __pfx_ksys_read+0x10/0x10
[  291.931105][T13091]  ? do_syscall_64+0xbe/0x3b0
[  291.931116][T13091]  do_syscall_64+0xfa/0x3b0
[  291.931124][T13091]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.931138][T13091]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.931147][T13091]  ? clear_bhb_loop+0x60/0xb0
[  291.931159][T13091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.931169][T13091] RIP: 0033:0x7fadabb8d33c
[  291.931179][T13091] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  291.931187][T13091] RSP: 002b:00007fada99f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  291.931199][T13091] RAX: ffffffffffffffda RBX: 00007fadabdb6160 RCX: 00007fadabb8d33c
[  291.931206][T13091] RDX: 000000000000000f RSI: 00007fada99f60a0 RDI: 0000000000000005
[  291.931212][T13091] RBP: 00007fada99f6090 R08: 0000000000000000 R09: 0000000000000000
[  291.931218][T13091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  291.931223][T13091] R13: 0000000000000001 R14: 00007fadabdb6160 R15: 00007ffffb7029e8
[  291.931239][T13091]  </TASK>
[  292.280514][T10684] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  292.291645][T10684] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  292.301882][T10684] bond0 (unregistering): Released all slaves
[  292.328227][T13025] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.335666][T13025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.362074][T13025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.413575][T13025] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.434117][T13025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.463661][T13025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.576979][T13093] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  292.636057][T13095] 8021q: VLANs not supported on ip6tnl0
[  292.766488][T13025] hsr_slave_0: entered promiscuous mode
[  292.774811][   T51] Bluetooth: hci3: command tx timeout
[  292.785108][T13025] hsr_slave_1: entered promiscuous mode
[  292.792172][T13025] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  292.806763][T13025] Cannot create hsr debugfs directory
[  292.830210][T13103] netlink: 'syz.0.2552': attribute type 10 has an invalid length.
[  292.862314][T13102] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2551'.
[  293.043786][T10684] hsr_slave_0: left promiscuous mode
[  293.052047][T10684] hsr_slave_1: left promiscuous mode
[  293.058794][T10684] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  293.069816][T10684] batman_adv: batadv0: Removing interface: batadv_slave_0
[  293.078516][T10684] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  293.086372][T10684] batman_adv: batadv0: Removing interface: batadv_slave_1
[  293.105518][T10684] veth1_macvtap: left promiscuous mode
[  293.111176][T10684] veth0_macvtap: left promiscuous mode
[  293.117036][T10684] veth1_vlan: left promiscuous mode
[  293.123561][T10684] veth0_vlan: left promiscuous mode
[  293.174413][ T5845] Bluetooth: hci4: command tx timeout
[  293.561045][T10684] team0 (unregistering): Port device team_slave_1 removed
[  293.606851][T10684] team0 (unregistering): Port device team_slave_0 removed
[  294.109912][T12934] 8021q: adding VLAN 0 to HW filter on device batadv0
[  294.142344][T13112] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2555'.
[  294.300992][T13118] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2557'.
[  294.424144][T13122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2558'.
[  294.444105][T13122] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2558'.
[  294.483525][T12994] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  294.501350][T12994] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  294.519985][T12994] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  294.616372][T12994] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  294.743189][T13142] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2562'.
[  294.762621][T13142] 0ªX¹¦D: renamed from gretap0 (while UP)
[  294.777938][T13142] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  294.854836][ T5845] Bluetooth: hci3: command tx timeout
[  294.878519][T13152] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2564'.
[  294.892571][T12934] veth0_vlan: entered promiscuous mode
[  294.948839][T13154] warn_alloc: 2 callbacks suppressed
[  294.948858][T13154] syz.2.2565: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  294.969520][T13154] CPU: 0 UID: 0 PID: 13154 Comm: syz.2.2565 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  294.969548][T13154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  294.969559][T13154] Call Trace:
[  294.969567][T13154]  <TASK>
[  294.969575][T13154]  dump_stack_lvl+0x189/0x250
[  294.969608][T13154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.969632][T13154]  ? __pfx__printk+0x10/0x10
[  294.969651][T13154]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  294.969670][T13154]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  294.969691][T13154]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  294.969713][T13154]  warn_alloc+0x214/0x310
[  294.969733][T13154]  ? stack_depot_save_flags+0x40/0x900
[  294.969771][T13154]  ? __pfx_warn_alloc+0x10/0x10
[  294.969792][T13154]  ? kasan_save_track+0x4f/0x80
[  294.969816][T13154]  ? xskq_create+0x56/0x170
[  294.969837][T13154]  ? xsk_init_queue+0xb0/0x110
[  294.969857][T13154]  ? xsk_setsockopt+0x43f/0x710
[  294.969876][T13154]  ? do_sock_setsockopt+0x257/0x3e0
[  294.969894][T13154]  ? __x64_sys_setsockopt+0x18b/0x220
[  294.969912][T13154]  ? do_syscall_64+0xfa/0x3b0
[  294.969926][T13154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.969951][T13154]  __vmalloc_node_range_noprof+0x125/0x12f0
[  294.970001][T13154]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  294.970022][T13154]  ? xskq_create+0x56/0x170
[  294.970047][T13154]  ? __kasan_kmalloc+0x93/0xb0
[  294.970067][T13154]  vmalloc_user_noprof+0xad/0xf0
[  294.970086][T13154]  ? xskq_create+0xbf/0x170
[  294.970108][T13154]  xskq_create+0xbf/0x170
[  294.970134][T13154]  xsk_init_queue+0xb0/0x110
[  294.970159][T13154]  xsk_setsockopt+0x43f/0x710
[  294.970184][T13154]  ? __pfx_xsk_setsockopt+0x10/0x10
[  294.970204][T13154]  ? __lock_acquire+0xab9/0xd20
[  294.970235][T13154]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  294.970255][T13154]  ? __pfx_xsk_setsockopt+0x10/0x10
[  294.970275][T13154]  do_sock_setsockopt+0x257/0x3e0
[  294.970298][T13154]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  294.970323][T13154]  ? __fget_files+0x2a/0x420
[  294.970352][T13154]  __x64_sys_setsockopt+0x18b/0x220
[  294.970379][T13154]  do_syscall_64+0xfa/0x3b0
[  294.970394][T13154]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.970415][T13154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.970431][T13154]  ? clear_bhb_loop+0x60/0xb0
[  294.970452][T13154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.970469][T13154] RIP: 0033:0x7fadabb8e929
[  294.970487][T13154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.970502][T13154] RSP: 002b:00007fadac944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  294.970520][T13154] RAX: ffffffffffffffda RBX: 00007fadabdb5fa0 RCX: 00007fadabb8e929
[  294.970534][T13154] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  294.970545][T13154] RBP: 00007fadabc10b39 R08: 0000000000000004 R09: 0000000000000000
[  294.970557][T13154] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.970569][T13154] R13: 0000000000000000 R14: 00007fadabdb5fa0 R15: 00007ffffb7029e8
[  294.970600][T13154]  </TASK>
[  294.972077][T12934] veth1_vlan: entered promiscuous mode
[  294.973377][T13154] Mem-Info:
[  295.031896][T12994] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.049193][T13154] active_anon:4192 inactive_anon:0 isolated_anon:0
[  295.049193][T13154]  active_file:1605 inactive_file:39929 isolated_file:0
[  295.049193][T13154]  unevictable:768 dirty:83 writeback:0
[  295.049193][T13154]  slab_reclaimable:11262 slab_unreclaimable:105896
[  295.049193][T13154]  mapped:29286 shmem:1361 pagetables:960
[  295.049193][T13154]  sec_pagetables:0 bounce:0
[  295.049193][T13154]  kernel_misc_reclaimable:0
[  295.049193][T13154]  free:1327908 free_pcp:14654 free_cma:0
[  295.101887][T12934] veth0_macvtap: entered promiscuous mode
[  295.110317][   T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  295.115339][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout
[  295.254660][T12994] 8021q: adding VLAN 0 to HW filter on device team0
[  295.275303][ T5845] Bluetooth: hci4: command tx timeout
[  295.309461][T13154] Node 0 active_anon:16768kB inactive_anon:0kB active_file:6420kB inactive_file:159524kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117140kB dirty:332kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11984kB pagetables:3716kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  295.446385][T10689] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.453774][T10689] bridge0: port 1(bridge_slave_0) entered forwarding state
[  295.476852][T10689] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.484081][T10689] bridge0: port 2(bridge_slave_1) entered forwarding state
[  295.499759][T13154] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  295.510041][T13160] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2567'.
[  295.557151][T13154] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  295.591241][T13154] lowmem_reserve[]: 0 2500 2502 2502 2502
[  295.598290][T13154] Node 0 DMA32 free:1391700kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16760kB inactive_anon:0kB active_file:6420kB inactive_file:157700kB unevictable:1536kB writepending:328kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:41020kB local_pcp:21220kB free_cma:0kB
[  295.622286][T12934] veth1_macvtap: entered promiscuous mode
[  295.634824][T13154] lowmem_reserve[]: 0 0 1 1 1
[  295.641031][T13154] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1824kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  295.682448][T13154] lowmem_reserve[]: 0 0 0 0 0
[  295.691002][T13154] Node 1 Normal free:3902756kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17504kB local_pcp:8192kB free_cma:0kB
[  295.740221][T12934] batman_adv: batadv0: Interface activated: batadv_slave_0
[  295.752459][T12934] batman_adv: batadv0: Interface activated: batadv_slave_1
[  295.763297][T13154] lowmem_reserve[]: 0 0 0 0 0
[  295.768525][T13154] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  295.787951][T13025] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  295.798037][T13154] Node 0 DMA32: 159*4kB (UME) 449*8kB (UME) 207*16kB (ME) 167*32kB (UME) 50*64kB (UME) 27*128kB (UME) 22*256kB (UM) 9*512kB (UM) 22*1024kB (U) 8*2048kB (UME) 323*4096kB (UM) = 1391700kB
[  295.822615][T13154] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  295.830582][T12934] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  295.847703][T13154] Node 1 Normal: 183*4kB (UME) 61*8kB (UME) 46*16kB (UME) 124*32kB (UME) 44*64kB (UME) 10*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3902756kB
[  295.851722][T12934] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  295.882366][T12934] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  295.891139][T12934] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  295.922253][T13025] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  295.924339][T13154] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  295.945161][T13025] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  295.958364][T13154] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  295.974759][T13154] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  295.987947][T13154] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  295.995546][T13025] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  296.000809][T13154] 42893 total pagecache pages
[  296.009278][T13154] 0 pages in swap cache
[  296.013618][T13154] Free swap  = 124996kB
[  296.049550][T13154] Total swap = 124996kB
[  296.060169][T13154] 2097051 pages RAM
[  296.065878][T13154] 0 pages HighMem/MovableOnly
[  296.076220][T13154] 424690 pages reserved
[  296.085834][T13154] 0 pages cma reserved
[  296.219926][T13144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.230841][T13144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.281199][T13025] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.351469][T10681] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.356662][T13025] 8021q: adding VLAN 0 to HW filter on device team0
[  296.394466][T10681] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.533051][T13145] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.540762][T13145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.609970][T13145] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.617463][T13145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.790452][T13189] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2575'.
[  296.808351][T12994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.937344][ T5845] Bluetooth: hci3: command tx timeout
[  297.005790][T12994] veth0_vlan: entered promiscuous mode
[  297.039525][T13198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2578'.
[  297.065787][T12994] veth1_vlan: entered promiscuous mode
[  297.211919][T12994] veth0_macvtap: entered promiscuous mode
[  297.286719][T10689] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.330436][T13025] 8021q: adding VLAN 0 to HW filter on device batadv0
[  297.346576][T12994] veth1_macvtap: entered promiscuous mode
[  297.408058][T10689] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.453271][T12994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  297.529359][T10689] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.551262][T12994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  297.586497][T13025] veth0_vlan: entered promiscuous mode
[  297.640650][T10689] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.666154][T12994] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  297.675290][T12994] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  297.690947][T12994] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  297.700014][T12994] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  297.808931][T13025] veth1_vlan: entered promiscuous mode
[  297.851782][T13217] xt_hashlimit: max too large, truncated to 1048576
[  298.005765][T13025] veth0_macvtap: entered promiscuous mode
[  298.118616][T13025] veth1_macvtap: entered promiscuous mode
[  298.143697][T13227] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2587'.
[  298.162492][T13229] netlink: 'syz.0.2588': attribute type 10 has an invalid length.
[  298.180257][T10689] bridge_slave_1: left allmulticast mode
[  298.184591][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  298.187317][T10689] bridge_slave_1: left promiscuous mode
[  298.203716][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  298.205155][T10689] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.225612][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  298.237810][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  298.246536][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  298.259922][T10689] bridge_slave_0: left allmulticast mode
[  298.275503][T10689] bridge_slave_0: left promiscuous mode
[  298.281469][T10689] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.595862][T10689] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  298.609855][T10689] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  298.620544][T10689] bond0 (unregistering): Released all slaves
[  298.645112][T13139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.652978][T13139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.791028][T13025] batman_adv: batadv0: Interface activated: batadv_slave_0
[  298.869773][T13239] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2591'.
[  298.887958][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.897164][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.924873][T13241] FAULT_INJECTION: forcing a failure.
[  298.924873][T13241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.954556][T13241] CPU: 1 UID: 0 PID: 13241 Comm: syz.0.2592 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  298.954583][T13241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.954594][T13241] Call Trace:
[  298.954602][T13241]  <TASK>
[  298.954610][T13241]  dump_stack_lvl+0x189/0x250
[  298.954639][T13241]  ? __pfx____ratelimit+0x10/0x10
[  298.954663][T13241]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.954685][T13241]  ? __pfx__printk+0x10/0x10
[  298.954704][T13241]  ? __might_fault+0xb0/0x130
[  298.954732][T13241]  should_fail_ex+0x414/0x560
[  298.954759][T13241]  _copy_from_user+0x2d/0xb0
[  298.954777][T13241]  ___sys_sendmsg+0x158/0x2a0
[  298.954801][T13241]  ? __pfx____sys_sendmsg+0x10/0x10
[  298.954870][T13241]  ? __fget_files+0x2a/0x420
[  298.954891][T13241]  ? __fget_files+0x3a0/0x420
[  298.954920][T13241]  __x64_sys_sendmsg+0x19b/0x260
[  298.954944][T13241]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  298.954974][T13241]  ? __pfx_ksys_write+0x10/0x10
[  298.954988][T13241]  ? rcu_is_watching+0x15/0xb0
[  298.955016][T13241]  ? do_syscall_64+0xbe/0x3b0
[  298.955036][T13241]  do_syscall_64+0xfa/0x3b0
[  298.955050][T13241]  ? lockdep_hardirqs_on+0x9c/0x150
[  298.955072][T13241]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.955089][T13241]  ? clear_bhb_loop+0x60/0xb0
[  298.955109][T13241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.955124][T13241] RIP: 0033:0x7f6585b8e929
[  298.955139][T13241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.955152][T13241] RSP: 002b:00007f6586a80038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  298.955171][T13241] RAX: ffffffffffffffda RBX: 00007f6585db6080 RCX: 00007f6585b8e929
[  298.955183][T13241] RDX: 0000000000000001 RSI: 0000200000000740 RDI: 0000000000000003
[  298.955194][T13241] RBP: 00007f6586a80090 R08: 0000000000000000 R09: 0000000000000000
[  298.955205][T13241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.955215][T13241] R13: 0000000000000000 R14: 00007f6585db6080 R15: 00007ffc483742f8
[  298.955244][T13241]  </TASK>
[  299.262237][T13025] batman_adv: batadv0: Interface activated: batadv_slave_1
[  299.350304][T13025] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  299.361448][T13025] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  299.370999][T13025] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  299.380063][T13025] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  299.497541][T10689] hsr_slave_0: left promiscuous mode
[  299.517623][T10689] hsr_slave_1: left promiscuous mode
[  299.524792][T10689] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  299.532418][T10689] batman_adv: batadv0: Removing interface: batadv_slave_0
[  299.541434][T10689] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  299.549296][T10689] batman_adv: batadv0: Removing interface: batadv_slave_1
[  299.572961][T13258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2597'.
[  299.575444][T10689] veth1_macvtap: left promiscuous mode
[  299.587554][T10689] veth0_macvtap: left promiscuous mode
[  299.593236][T10689] veth1_vlan: left promiscuous mode
[  299.598796][T10689] veth0_vlan: left promiscuous mode
[  300.062704][T10689] team0 (unregistering): Port device team_slave_1 removed
[  300.109546][T10689] team0 (unregistering): Port device team_slave_0 removed
[  300.297533][   T51] Bluetooth: hci2: command tx timeout
[  300.484673][T13258] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  300.731482][T13230] chnl_net:caif_netlink_parms(): no params data found
[  300.794472][T13139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.802421][T13139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.885279][T13144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.894263][T13144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.947827][T13230] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.974492][T13230] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.009926][T13230] bridge_slave_0: entered allmulticast mode
[  301.038299][T13230] bridge_slave_0: entered promiscuous mode
[  301.066566][T13230] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.101629][T13230] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.126801][T13230] bridge_slave_1: entered allmulticast mode
[  301.145681][T13230] bridge_slave_1: entered promiscuous mode
[  301.183225][T13276] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2601'.
[  301.269410][T13230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  301.295576][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  301.310675][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  301.332048][T13230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  301.354484][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  301.372242][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  301.400251][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  301.449358][T13285] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2603'.
[  301.456564][T13283] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2602'.
[  301.511305][T10689] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.622394][T10689] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.651672][T13230] team0: Port device team_slave_0 added
[  301.672758][T13230] team0: Port device team_slave_1 added
[  301.760707][T10689] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.807418][T13230] batman_adv: batadv0: Adding interface: batadv_slave_0
[  301.820013][T13230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.857589][T13230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  301.900342][T10689] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.943206][T13230] batman_adv: batadv0: Adding interface: batadv_slave_1
[  301.966803][T13230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.999977][T13230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  302.135491][T13230] hsr_slave_0: entered promiscuous mode
[  302.153655][T13230] hsr_slave_1: entered promiscuous mode
[  302.175258][T13230] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  302.190307][T13230] Cannot create hsr debugfs directory
[  302.374026][ T5845] Bluetooth: hci2: command tx timeout
[  302.408565][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  302.437846][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  302.446587][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  302.466053][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  302.477276][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  302.528328][T10689] bridge_slave_1: left allmulticast mode
[  302.536066][T10689] bridge_slave_1: left promiscuous mode
[  302.542366][T10689] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.563246][T10689] bridge_slave_0: left allmulticast mode
[  302.570065][T10689] bridge_slave_0: left promiscuous mode
[  302.576321][T10689] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.960448][T10689] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  302.972076][T10689] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  302.982672][T10689] bond0 (unregistering): Released all slaves
[  303.162069][T13312] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2614'.
[  303.203446][T13314] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2615'.
[  303.483832][T13280] chnl_net:caif_netlink_parms(): no params data found
[  303.494205][ T5156] Bluetooth: hci4: command tx timeout
[  303.531525][T10689] hsr_slave_0: left promiscuous mode
[  303.541398][T10689] hsr_slave_1: left promiscuous mode
[  303.552667][T10689] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  303.563827][T10689] batman_adv: batadv0: Removing interface: batadv_slave_0
[  303.665305][T10689] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  303.673176][T10689] batman_adv: batadv0: Removing interface: batadv_slave_1
[  303.706922][T10689] veth1_macvtap: left promiscuous mode
[  303.712788][T10689] veth0_macvtap: left promiscuous mode
[  303.720532][T10689] veth1_vlan: left promiscuous mode
[  303.726391][T10689] veth0_vlan: left promiscuous mode
[  304.161732][T10689] team0 (unregistering): Port device team_slave_1 removed
[  304.209406][T10689] team0 (unregistering): Port device team_slave_0 removed
[  304.469596][ T5156] Bluetooth: hci2: command tx timeout
[  304.537684][ T5156] Bluetooth: hci3: command tx timeout
[  304.633127][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  304.684628][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  304.721799][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  304.782508][T13327] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  304.837536][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  304.837720][T13280] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.852342][T13280] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.860891][T13280] bridge_slave_0: entered allmulticast mode
[  304.876925][T13280] bridge_slave_0: entered promiscuous mode
[  304.885725][T13280] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.893172][T13280] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.900551][T13280] bridge_slave_1: entered allmulticast mode
[  304.910758][T13280] bridge_slave_1: entered promiscuous mode
[  304.942275][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  305.010275][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  305.019848][T13280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  305.043507][T13280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  305.059976][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  305.110585][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  305.148683][T13300] chnl_net:caif_netlink_parms(): no params data found
[  305.159404][T13327] syzkaller0 speed is unknown, defaulting to 1000
[  305.163715][T13280] team0: Port device team_slave_0 added
[  305.236081][T13280] team0: Port device team_slave_1 added
[  305.259386][T13339] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2623'.
[  305.302269][T13280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  305.325438][T13280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.356604][T13280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  305.374647][T13230] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  305.387658][T13280] batman_adv: batadv0: Adding interface: batadv_slave_1
[  305.395518][T13280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.423803][T13280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  305.453987][T13230] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  305.470706][T13230] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  305.489896][T13230] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  305.543659][T13144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.574433][ T5156] Bluetooth: hci4: command tx timeout
[  305.616770][T13144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.661127][T13300] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.668821][T13300] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.676227][T13300] bridge_slave_0: entered allmulticast mode
[  305.683302][T13300] bridge_slave_0: entered promiscuous mode
[  305.748017][T13144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.767196][T13300] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.775965][T13300] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.783307][T13300] bridge_slave_1: entered allmulticast mode
[  305.792574][T13300] bridge_slave_1: entered promiscuous mode
[  305.823022][T13280] hsr_slave_0: entered promiscuous mode
[  305.835360][T13280] hsr_slave_1: entered promiscuous mode
[  305.841954][T13280] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  305.847804][T13360] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2628'.
[  305.850218][T13280] Cannot create hsr debugfs directory
[  305.885356][T13300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  305.997677][T13144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.025798][T13300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  306.162782][T13300] team0: Port device team_slave_0 added
[  306.196421][T13300] team0: Port device team_slave_1 added
[  306.289466][T13300] batman_adv: batadv0: Adding interface: batadv_slave_0
[  306.304324][T13300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.343611][T13300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  306.381452][T13300] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.394773][T13300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.422499][T13300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.535155][ T5156] Bluetooth: hci2: command tx timeout
[  306.562304][T13144] bridge_slave_1: left allmulticast mode
[  306.569964][T13144] bridge_slave_1: left promiscuous mode
[  306.579754][T13144] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.606932][T13144] bridge_slave_0: left allmulticast mode
[  306.612794][T13144] bridge_slave_0: left promiscuous mode
[  306.620373][ T5156] Bluetooth: hci3: command tx timeout
[  306.630609][T13144] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.678839][T13382] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2639'.
[  307.008070][T13144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  307.019672][T13144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  307.030271][T13144] bond0 (unregistering): Released all slaves
[  307.159767][T13300] hsr_slave_0: entered promiscuous mode
[  307.166942][T13300] hsr_slave_1: entered promiscuous mode
[  307.173282][T13300] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  307.183970][T13300] Cannot create hsr debugfs directory
[  307.328246][T13230] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.553044][T13230] 8021q: adding VLAN 0 to HW filter on device team0
[  307.614682][T13144] hsr_slave_0: left promiscuous mode
[  307.631800][T13144] hsr_slave_1: left promiscuous mode
[  307.649994][T13144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  307.658009][ T5156] Bluetooth: hci4: command tx timeout
[  307.674196][T13144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  307.682488][T13144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  307.691096][T13144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  307.724855][T13144] veth1_macvtap: left promiscuous mode
[  307.733236][T13144] veth0_macvtap: left promiscuous mode
[  307.744827][T13144] veth1_vlan: left promiscuous mode
[  307.750316][T13144] veth0_vlan: left promiscuous mode
[  308.181259][T13144] team0 (unregistering): Port device team_slave_1 removed
[  308.223677][T13144] team0 (unregistering): Port device team_slave_0 removed
[  308.612009][T10689] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.619449][T10689] bridge0: port 1(bridge_slave_0) entered forwarding state
[  308.694411][ T5156] Bluetooth: hci3: command tx timeout
[  308.703752][T10689] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.711085][T10689] bridge0: port 2(bridge_slave_1) entered forwarding state
[  308.812261][T13408] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2650'.
[  308.923454][T13410] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2652'.
[  308.947735][T13280] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  308.985491][T13280] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  309.016990][T13280] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  309.081883][T13280] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  309.178345][T13426] xt_hashlimit: max too large, truncated to 1048576
[  309.388102][T13280] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.389003][T13432] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2655'.
[  309.440940][T13280] 8021q: adding VLAN 0 to HW filter on device team0
[  309.497976][T13145] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.505204][T13145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  309.516112][T13145] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.523403][T13145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.546730][T13230] 8021q: adding VLAN 0 to HW filter on device batadv0
[  309.591759][T13300] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  309.632451][T13300] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  309.657651][T13300] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  309.675325][T13440] netlink: 'syz.0.2656': attribute type 1 has an invalid length.
[  309.686935][T13440] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2656'.
[  309.713143][T13440] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2656'.
[  309.727314][T13440] openvswitch: netlink: Flow actions attr not present in new flow.
[  309.734675][ T5156] Bluetooth: hci4: command tx timeout
[  309.740097][T13300] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  310.068559][T13300] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.138552][T13454] 8021q: adding VLAN 0 to HW filter on device ipvlan6
[  310.237499][T13230] veth0_vlan: entered promiscuous mode
[  310.271430][T13300] 8021q: adding VLAN 0 to HW filter on device team0
[  310.288327][T13462] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  310.297036][T13230] veth1_vlan: entered promiscuous mode
[  310.316735][T10684] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.329645][T10684] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.360005][T13280] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.411035][T13145] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.418563][T13145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.505183][T13230] veth0_macvtap: entered promiscuous mode
[  310.519082][T13468] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2662'.
[  310.541202][T13230] veth1_macvtap: entered promiscuous mode
[  310.643648][T13230] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.697100][T13280] veth0_vlan: entered promiscuous mode
[  310.722816][T13230] batman_adv: batadv0: Interface activated: batadv_slave_1
[  310.762577][T13280] veth1_vlan: entered promiscuous mode
[  310.779371][ T5156] Bluetooth: hci3: command tx timeout
[  310.797345][T13230] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  310.816325][T13230] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  310.828470][T13230] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  310.838785][T13230] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  310.995380][T13280] veth0_macvtap: entered promiscuous mode
[  311.039913][T13280] veth1_macvtap: entered promiscuous mode
[  311.099146][T10689] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.123516][T10689] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.141387][T13300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  311.160908][T13280] batman_adv: batadv0: Interface activated: batadv_slave_0
[  311.182226][T13487] netlink: 'syz.2.2668': attribute type 1 has an invalid length.
[  311.218886][T13487] 8021q: adding VLAN 0 to HW filter on device bond5
[  311.232130][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.276400][T13280] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.285218][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.319880][T13280] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  311.359013][T13280] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.372525][T13280] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.382654][T13280] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.497484][T13300] veth0_vlan: entered promiscuous mode
[  311.551663][T13300] veth1_vlan: entered promiscuous mode
[  311.614715][T13145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.628141][T13145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.630721][T13497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2671'.
[  311.758380][T10689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.792997][T10689] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.836427][T13300] veth0_macvtap: entered promiscuous mode
[  311.987313][T13300] veth1_macvtap: entered promiscuous mode
[  312.060152][T13145] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.129246][T13509] FAULT_INJECTION: forcing a failure.
[  312.129246][T13509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  312.147039][T13300] batman_adv: batadv0: Interface activated: batadv_slave_0
[  312.155645][T13509] CPU: 0 UID: 0 PID: 13509 Comm: syz.2.2674 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  312.155671][T13509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  312.155681][T13509] Call Trace:
[  312.155689][T13509]  <TASK>
[  312.155696][T13509]  dump_stack_lvl+0x189/0x250
[  312.155725][T13509]  ? __pfx____ratelimit+0x10/0x10
[  312.155750][T13509]  ? __pfx_dump_stack_lvl+0x10/0x10
[  312.155773][T13509]  ? __pfx__printk+0x10/0x10
[  312.155805][T13509]  should_fail_ex+0x414/0x560
[  312.155831][T13509]  _copy_to_user+0x31/0xb0
[  312.155851][T13509]  simple_read_from_buffer+0xe1/0x170
[  312.155876][T13509]  proc_fail_nth_read+0x1df/0x250
[  312.155899][T13509]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  312.155922][T13509]  ? rw_verify_area+0x258/0x650
[  312.155944][T13509]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  312.155965][T13509]  vfs_read+0x1fd/0x980
[  312.155995][T13509]  ? __pfx___mutex_lock+0x10/0x10
[  312.156012][T13509]  ? __pfx_vfs_read+0x10/0x10
[  312.156036][T13509]  ? __fget_files+0x2a/0x420
[  312.156058][T13509]  ? __fget_files+0x3a0/0x420
[  312.156074][T13509]  ? __fget_files+0x2a/0x420
[  312.156102][T13509]  ksys_read+0x145/0x250
[  312.156121][T13509]  ? __pfx_ksys_read+0x10/0x10
[  312.156140][T13509]  ? rcu_is_watching+0x15/0xb0
[  312.156170][T13509]  ? do_syscall_64+0xbe/0x3b0
[  312.156190][T13509]  do_syscall_64+0xfa/0x3b0
[  312.156205][T13509]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.156227][T13509]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.156244][T13509]  ? clear_bhb_loop+0x60/0xb0
[  312.156264][T13509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.156280][T13509] RIP: 0033:0x7fadabb8d33c
[  312.156303][T13509] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  312.156317][T13509] RSP: 002b:00007fadac923030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  312.156335][T13509] RAX: ffffffffffffffda RBX: 00007fadabdb6080 RCX: 00007fadabb8d33c
[  312.156348][T13509] RDX: 000000000000000f RSI: 00007fadac9230a0 RDI: 0000000000000006
[  312.156358][T13509] RBP: 00007fadac923090 R08: 0000000000000000 R09: 0000000000000000
[  312.156369][T13509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  312.156379][T13509] R13: 0000000000000000 R14: 00007fadabdb6080 R15: 00007ffffb7029e8
[  312.156409][T13509]  </TASK>
[  312.452422][T13512] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2675'.
[  312.571650][T13145] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.673095][T13300] batman_adv: batadv0: Interface activated: batadv_slave_1
[  312.708760][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  312.718940][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  312.750806][T13300] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  312.760647][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  312.769029][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  312.778193][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  312.794489][T13300] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  312.811071][T13300] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  312.820364][T13300] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  312.870470][T13520] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2677'.
[  312.898639][T13145] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.043782][T13145] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.073211][T13515] syzkaller0 speed is unknown, defaulting to 1000
[  313.198276][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.209328][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.257242][T10689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.265862][T10689] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.275405][T13145] bridge_slave_1: left allmulticast mode
[  313.281049][T13145] bridge_slave_1: left promiscuous mode
[  313.289120][T13145] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.299222][T13145] bridge_slave_0: left allmulticast mode
[  313.307773][T13145] bridge_slave_0: left promiscuous mode
[  313.313597][T13145] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.641281][T13145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  313.655827][T13145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  313.666022][T13145] bond0 (unregistering): Released all slaves
[  313.780780][T13515] chnl_net:caif_netlink_parms(): no params data found
[  313.949005][T13515] bridge0: port 1(bridge_slave_0) entered blocking state
[  313.956912][T13515] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.968011][T13515] bridge_slave_0: entered allmulticast mode
[  313.976632][T13515] bridge_slave_0: entered promiscuous mode
[  313.985423][T13515] bridge0: port 2(bridge_slave_1) entered blocking state
[  313.992763][T13515] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.000300][T13515] bridge_slave_1: entered allmulticast mode
[  314.008476][T13515] bridge_slave_1: entered promiscuous mode
[  314.049192][T13145] hsr_slave_0: left promiscuous mode
[  314.063465][T13145] hsr_slave_1: left promiscuous mode
[  314.071951][T13145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  314.084187][T13145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  314.092633][T13145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  314.105044][T13145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  314.140129][T13145] veth1_macvtap: left promiscuous mode
[  314.147711][T13145] veth0_macvtap: left promiscuous mode
[  314.153405][T13145] veth1_vlan: left promiscuous mode
[  314.162338][T13145] veth0_vlan: left promiscuous mode
[  314.608454][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  314.634199][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  314.651148][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  314.669499][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  314.684439][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  314.861111][ T5156] Bluetooth: hci2: command tx timeout
[  314.975483][T13145] team0 (unregistering): Port device team_slave_1 removed
[  315.028485][T13145] team0 (unregistering): Port device team_slave_0 removed
[  315.070421][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  315.088790][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  315.099149][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  315.115262][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  315.135637][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  315.544154][T13515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.563529][T13533] syzkaller0 speed is unknown, defaulting to 1000
[  315.585892][T13515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  315.601662][T13538] syzkaller0 speed is unknown, defaulting to 1000
[  315.688560][T13543] ==================================================================
[  315.696759][T13543] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990
[  315.704427][T13543] Read of size 1 at addr ffff88805a6ac030 by task syz.0.2681/13543
[  315.712414][T13543] 
[  315.714763][T13543] CPU: 0 UID: 0 PID: 13543 Comm: syz.0.2681 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  315.714818][T13543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.714845][T13543] Call Trace:
[  315.714862][T13543]  <TASK>
[  315.714878][T13543]  dump_stack_lvl+0x189/0x250
[  315.714945][T13543]  ? __virt_addr_valid+0x1c8/0x5c0
[  315.714986][T13543]  ? rcu_is_watching+0x15/0xb0
[  315.715012][T13543]  ? __kasan_check_byte+0x12/0x40
[  315.715031][T13543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.715053][T13543]  ? rcu_is_watching+0x15/0xb0
[  315.715075][T13543]  ? lock_release+0x4b/0x3e0
[  315.715100][T13543]  ? __virt_addr_valid+0x1c8/0x5c0
[  315.715117][T13543]  ? __virt_addr_valid+0x4a5/0x5c0
[  315.715136][T13543]  print_report+0xd2/0x2b0
[  315.715157][T13543]  ? rose_get_neigh+0x391/0x990
[  315.715180][T13543]  kasan_report+0x118/0x150
[  315.715197][T13543]  ? rose_get_neigh+0x391/0x990
[  315.715224][T13543]  rose_get_neigh+0x391/0x990
[  315.715252][T13543]  rose_connect+0x416/0x10a0
[  315.715273][T13543]  ? __pfx_current_check_access_socket+0x10/0x10
[  315.715298][T13543]  ? aa_sk_perm+0x81e/0x950
[  315.715316][T13543]  ? __might_fault+0xb0/0x130
[  315.715332][T13543]  ? __pfx_rose_connect+0x10/0x10
[  315.715351][T13543]  ? aa_af_perm+0x1f0/0x2b0
[  315.715368][T13543]  ? tomoyo_socket_connect_permission+0x164/0x290
[  315.715394][T13543]  ? bpf_lsm_socket_connect+0x9/0x20
[  315.715416][T13543]  __sys_connect+0x313/0x440
[  315.715436][T13543]  ? __pfx___sys_connect+0x10/0x10
[  315.715459][T13543]  ? rcu_is_watching+0x15/0xb0
[  315.715486][T13543]  __x64_sys_connect+0x7a/0x90
[  315.715505][T13543]  do_syscall_64+0xfa/0x3b0
[  315.715521][T13543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.715538][T13543]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  315.715555][T13543]  ? clear_bhb_loop+0x60/0xb0
[  315.715574][T13543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.715591][T13543] RIP: 0033:0x7f6585b8e929
[  315.715607][T13543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.715623][T13543] RSP: 002b:00007f6586aa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  315.715643][T13543] RAX: ffffffffffffffda RBX: 00007f6585db5fa0 RCX: 00007f6585b8e929
[  315.715657][T13543] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000009
[  315.715669][T13543] RBP: 00007f6585c10b39 R08: 0000000000000000 R09: 0000000000000000
[  315.715681][T13543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  315.715692][T13543] R13: 0000000000000000 R14: 00007f6585db5fa0 R15: 00007ffc483742f8
[  315.715713][T13543]  </TASK>
[  315.715719][T13543] 
[  315.979061][T13543] Allocated by task 12207:
[  315.983460][T13543]  kasan_save_track+0x3e/0x80
[  315.988133][T13543]  __kasan_kmalloc+0x93/0xb0
[  315.992753][T13543]  __kmalloc_cache_noprof+0x230/0x3d0
[  315.998124][T13543]  rose_add_node+0x23a/0xde0
[  316.002707][T13543]  rose_rt_ioctl+0xa48/0xfb0
[  316.007300][T13543]  rose_ioctl+0x3ce/0x8b0
[  316.011891][T13543]  sock_do_ioctl+0xd9/0x300
[  316.016479][T13543]  sock_ioctl+0x576/0x790
[  316.020820][T13543]  __se_sys_ioctl+0xfc/0x170
[  316.025406][T13543]  do_syscall_64+0xfa/0x3b0
[  316.029900][T13543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.035783][T13543] 
[  316.038091][T13543] Freed by task 13543:
[  316.042138][T13543]  kasan_save_track+0x3e/0x80
[  316.046813][T13543]  kasan_save_free_info+0x46/0x50
[  316.051912][T13543]  __kasan_slab_free+0x62/0x70
[  316.056659][T13543]  kfree+0x18e/0x440
[  316.060546][T13543]  rose_rt_device_down+0x66d/0x6c0
[  316.065647][T13543]  rose_device_event+0x603/0x6a0
[  316.070680][T13543]  notifier_call_chain+0x1b3/0x3e0
[  316.075829][T13543]  __dev_notify_flags+0x18d/0x2e0
[  316.080857][T13543]  netif_change_flags+0xe8/0x1a0
[  316.085813][T13543]  dev_change_flags+0x130/0x260
[  316.090684][T13543]  dev_ioctl+0x7b4/0x1150
[  316.095023][T13543]  sock_do_ioctl+0x22c/0x300
[  316.099614][T13543]  sock_ioctl+0x576/0x790
[  316.103943][T13543]  __se_sys_ioctl+0xfc/0x170
[  316.108731][T13543]  do_syscall_64+0xfa/0x3b0
[  316.113233][T13543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.119122][T13543] 
[  316.121433][T13543] The buggy address belongs to the object at ffff88805a6ac000
[  316.121433][T13543]  which belongs to the cache kmalloc-512 of size 512
[  316.135597][T13543] The buggy address is located 48 bytes inside of
[  316.135597][T13543]  freed 512-byte region [ffff88805a6ac000, ffff88805a6ac200)
[  316.149312][T13543] 
[  316.151630][T13543] The buggy address belongs to the physical page:
[  316.158471][T13543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a6ac
[  316.167219][T13543] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  316.175821][T13543] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  316.183543][T13543] page_type: f5(slab)
[  316.187601][T13543] raw: 00fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[  316.196172][T13543] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  316.204748][T13543] head: 00fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[  316.213407][T13543] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  316.222066][T13543] head: 00fff00000000002 ffffea000169ab01 00000000ffffffff 00000000ffffffff
[  316.230819][T13543] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  316.239746][T13543] page dumped because: kasan: bad access detected
[  316.246348][T13543] page_owner tracks the page as allocated
[  316.252053][T13543] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 93213482868, free_ts 27511492706
[  316.273863][T13543]  post_alloc_hook+0x240/0x2a0
[  316.278620][T13543]  get_page_from_freelist+0x21e4/0x22c0
[  316.284244][T13543]  __alloc_frozen_pages_noprof+0x181/0x370
[  316.290136][T13543]  alloc_pages_mpol+0x232/0x4a0
[  316.295410][T13543]  allocate_slab+0x8a/0x3b0
[  316.300004][T13543]  ___slab_alloc+0xbfc/0x1480
[  316.304879][T13543]  __kmalloc_noprof+0x305/0x4f0
[  316.309995][T13543]  fib6_info_alloc+0x30/0xf0
[  316.314674][T13543]  ip6_route_info_create+0x142/0x860
[  316.320067][T13543]  ip6_route_add+0x49/0x1b0
[  316.324607][T13543]  add_v4_addrs+0x8b3/0xbd0
[  316.329450][T13543]  addrconf_init_auto_addrs+0x765/0xb50
[  316.335432][T13543]  addrconf_notify+0xacc/0x1010
[  316.340378][T13543]  notifier_call_chain+0x1b3/0x3e0
[  316.345571][T13543]  __dev_notify_flags+0x18d/0x2e0
[  316.350672][T13543]  netif_change_flags+0xe8/0x1a0
[  316.355804][T13543] page last free pid 1 tgid 1 stack trace:
[  316.361692][T13543]  __free_frozen_pages+0xc71/0xe70
[  316.366822][T13543]  free_contig_range+0x1bd/0x4a0
[  316.371789][T13543]  destroy_args+0x7e/0x5d0
[  316.376281][T13543]  debug_vm_pgtable+0x412/0x450
[  316.381119][T13543]  do_one_initcall+0x233/0x820
[  316.385866][T13543]  do_initcall_level+0x137/0x1f0
[  316.391147][T13543]  do_initcalls+0x69/0xd0
[  316.395569][T13543]  kernel_init_freeable+0x3d9/0x570
[  316.400771][T13543]  kernel_init+0x1d/0x1d0
[  316.405096][T13543]  ret_from_fork+0x3f9/0x770
[  316.409698][T13543]  ret_from_fork_asm+0x1a/0x30
[  316.414450][T13543] 
[  316.416769][T13543] Memory state around the buggy address:
[  316.422391][T13543]  ffff88805a6abf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  316.430485][T13543]  ffff88805a6abf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  316.438629][T13543] >ffff88805a6ac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  316.446679][T13543]                                      ^
[  316.452384][T13543]  ffff88805a6ac080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  316.460608][T13543]  ffff88805a6ac100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  316.468826][T13543] ==================================================================
[  316.477001][T13543] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  316.484213][T13543] CPU: 0 UID: 0 PID: 13543 Comm: syz.0.2681 Not tainted 6.16.0-rc2-syzkaller-00185-g010c40c1f50e #0 PREEMPT(full) 
[  316.496391][T13543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  316.506466][T13543] Call Trace:
[  316.509762][T13543]  <TASK>
[  316.512791][T13543]  dump_stack_lvl+0x99/0x250
[  316.517376][T13543]  ? __asan_memcpy+0x40/0x70
[  316.521957][T13543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.527147][T13543]  ? __pfx__printk+0x10/0x10
[  316.531843][T13543]  panic+0x2db/0x790
[  316.535819][T13543]  ? __pfx_panic+0x10/0x10
[  316.540229][T13543]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  316.546111][T13543]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  316.551998][T13543]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  316.558512][T13543]  ? print_memory_metadata+0x314/0x400
[  316.564046][T13543]  ? rose_get_neigh+0x391/0x990
[  316.568891][T13543]  check_panic_on_warn+0x89/0xb0
[  316.573832][T13543]  ? rose_get_neigh+0x391/0x990
[  316.578695][T13543]  end_report+0x78/0x160
[  316.582941][T13543]  kasan_report+0x129/0x150
[  316.587463][T13543]  ? rose_get_neigh+0x391/0x990
[  316.592325][T13543]  rose_get_neigh+0x391/0x990
[  316.597012][T13543]  rose_connect+0x416/0x10a0
[  316.601592][T13543]  ? __pfx_current_check_access_socket+0x10/0x10
[  316.608022][T13543]  ? aa_sk_perm+0x81e/0x950
[  316.612568][T13543]  ? __might_fault+0xb0/0x130
[  316.617235][T13543]  ? __pfx_rose_connect+0x10/0x10
[  316.622266][T13543]  ? aa_af_perm+0x1f0/0x2b0
[  316.626779][T13543]  ? tomoyo_socket_connect_permission+0x164/0x290
[  316.633189][T13543]  ? bpf_lsm_socket_connect+0x9/0x20
[  316.638666][T13543]  __sys_connect+0x313/0x440
[  316.643391][T13543]  ? __pfx___sys_connect+0x10/0x10
[  316.648515][T13543]  ? rcu_is_watching+0x15/0xb0
[  316.653451][T13543]  __x64_sys_connect+0x7a/0x90
[  316.658233][T13543]  do_syscall_64+0xfa/0x3b0
[  316.662749][T13543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.668831][T13543]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  316.675024][T13543]  ? clear_bhb_loop+0x60/0xb0
[  316.679810][T13543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.685799][T13543] RIP: 0033:0x7f6585b8e929
[  316.690218][T13543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.710294][T13543] RSP: 002b:00007f6586aa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  316.718719][T13543] RAX: ffffffffffffffda RBX: 00007f6585db5fa0 RCX: 00007f6585b8e929
[  316.726818][T13543] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000009
[  316.734894][T13543] RBP: 00007f6585c10b39 R08: 0000000000000000 R09: 0000000000000000
[  316.743156][T13543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  316.751317][T13543] R13: 0000000000000000 R14: 00007f6585db5fa0 R15: 00007ffc483742f8
[  316.759304][T13543]  </TASK>
[  316.762762][T13543] Kernel Offset: disabled
[  316.767195][T13543] Rebooting in 86400 seconds..