last executing test programs:

6.295936473s ago: executing program 3 (id=6496):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b80000001400e5990000000000000000fc000000000003000000000000000000ac1e000100000000000000000000000000000000000000000a"], 0xb8}}, 0x300)

6.186998664s ago: executing program 3 (id=6498):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000010a84000000060a0b0400000000000000000200000058000480240001800b000100736f636b65740000140002800800024000000003080001400000000230000180080001006e6174002400028008000640000000030800054000000003080001400000000008000240000000020900010073797a30000000000900020073797a32"], 0xac}}, 0x0)

6.009840684s ago: executing program 3 (id=6499):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x25, @dev={0xfe, 0x80, '\x00', 0x26}, 0xd52}, 0x1c, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000d52000000002400000000000000290000003200000000000000000000000000ffffe00000", @ANYRES16], 0x40}}], 0x1, 0x8000)

5.895611093s ago: executing program 3 (id=6500):
syz_80211_inject_frame(0x0, 0x0, 0xb5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r4, 0x84, 0x11, &(0x7f0000000040)="020c0000098011e8", 0x8)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x3c, r5, 0x205, 0x0, 0x25dfdbf9, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x5c9d}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0xffffff45}]}, 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0)
r9 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r9, &(0x7f0000000080)={0x18, 0x0, {0x15, @remote, 'bond0\x00'}}, 0x1e)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}}, 0x20000000)
socket$packet(0x11, 0x3, 0x300)
ioctl$PPPIOCATTCHAN(r10, 0x40047438, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)}}], 0x2, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r7, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r6], 0x38}}, 0x10)
r12 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r12, &(0x7f0000000600), 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r13}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

5.701809056s ago: executing program 4 (id=6505):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="140000000400000004000000020002"], 0x50) (fail_nth: 12)

5.107335277s ago: executing program 4 (id=6509):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061118f000011000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)

4.831321703s ago: executing program 4 (id=6513):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000ffd71185000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)

4.699413313s ago: executing program 4 (id=6516):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendto$inet(r1, &(0x7f00000000c0)="d2664e3de44e5781659d1c2224a19de44fba87cf2fcf751c9b218685", 0xffffffffffffffe7, 0x2c000891, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x3, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) (async)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) (async)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x10000, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(0x4)

4.087207581s ago: executing program 4 (id=6521):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000380)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="b40500000000000061105000000000007301420000000000950000000000000074d1310637f40a9dc2491a1e588995bfd2c916d8c9b211d88291ca9c8eec498bec7b5f8b01cba22265aafe3204f3f3a4e5c470a07e5f6a9ae64bb2e570d40e9043f68713eed356e4885f60ebe3b1eb0ac6f1f0"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f00000004c0), 0x8, 0x10, &(0x7f0000000480), 0x10}, 0x94)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x25, &(0x7f0000001500)={r3, @in6={{0xa, 0x4e20, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x28f9fed5}}}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0xab, @empty, 0x1}, 0x1c)
setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000ec0)={'filter\x00', 0xb001, 0x4, 0x3c8, 0x110, 0x1f8, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@arp={@multicast2, @local, 0xff, 0xff000000, 0x3, 0x9, {@mac=@remote, {[0xff, 0xff, 0xff, 0x0, 0xff]}}, {@mac=@local, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x1, 0xf7fd, 0x5, 0x7, 0x7, 0xfff, 'tunl0\x00', 'hsr0\x00', {}, {}, 0x0, 0x10a}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @dev={0xac, 0x14, 0x14, 0x3a}, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2, 0x1}}}, {{@uncond, 0xc0, 0xe8, 0x0, {0x0, 0x1e03}}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x8de, 0x400}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x31caf518}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x7, 0x18, 0x9, 0x3, 0x8, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x64, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x9}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0x34, 0x2, [@TCA_BASIC_ACT={0x30, 0x3, [@m_xt={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x64}}, 0x24044094)
close(0x3)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r8, 0x11, 0x1, &(0x7f00000000c0)=0xffffffc0, 0x4)

3.888333643s ago: executing program 0 (id=6524):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x40000080806, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = gettid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x3, 0x4, &(0x7f0000000980)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffff610, 0x0, 0x0, 0x0, 0x7fb}, [@call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={<r5=>0x0, <r6=>0x0, <r7=>0x0}, &(0x7f00000013c0)=0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmmsg$unix(r4, &(0x7f0000003600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000000000000100", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0000fa00140000000000000001000000030000fa", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00'], 0x38, 0x40044}}], 0x1, 0x4)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000300), 0x4)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r9, 0xfffffffc)
r10 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r10, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r11 = socket$netlink(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r11, 0x8933, &(0x7f0000000240)={'team0\x00', <r13=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r11, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r12, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r13, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)={0x270, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x259, 0x2f, 0x0, 0x1, [@typed={0x4, 0xd4}, @nested={0x21e, 0x11a, 0x0, 0x1, [@typed={0x8, 0x1d, 0x0, 0x0, @u32=0x95}, @typed={0x8, 0x5a, 0x0, 0x0, @u32=0x7}, @generic="ca904abb10a5c86a28019d90227cf67a4c89c9318b1fb263a3236a02e9ad74bdf739a9a5c8f1f8732aca2719f83bab5b3c4e08c0bc60adb3ea93378179a98df946782fdb394bf88c2e1e05a6544040752ed2fbe200589583cffcf103b4bdea6a5b61b42437437fa8dfa6b8582e1e60dbcdd4e9846f6155fc4faec09b2d04871451e2843dcdac169a0047e837ca4fc87d101bad0af2af73b69efa5792c6c2cac623a6238672d9194b56fd77bd88e775f3f38a5c46254795ea675a59ab4810c2151d0e5ce41eb9df7bc192887e1f0012b546e5ae5e01c267bc0e287964782ed4760960f1423a18299ba0f074a0b13c03e1d0c788b959c0515633e11e2fc9d1c4", @typed={0x8, 0xd4, 0x0, 0x0, @pid=r2}, @typed={0x14, 0xa, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @generic="b58b3326bd5f3003a5effe68381a38da979838ed4ac2e29f6f8f01de6c44758ef778643cdc6f95f41a3496c25565589ed65d002731be4ed5a389037a34acf36cbcc6f6dc5264da14ba7ed70f2430636b0a135db26efa60b5ed39f84ba555c8814fffe93ddf1d2b85fcb08e1504a8e3f33ca643f11ed8b1d8b40b3c72778d7b2570a0e5fc0591fd980fa9526a3f5adb3c69c8da04a4b418147b34eba596d06b36d292df515887af3362f6f5e16c4639ff642769d3b85f144ceed0ee6f6d540b8bf79e1f05d09cf6ba42c60d0766653a66342aeb71d6cb3bd837e148fa2cb71bb71f08b9d1dd6188", @nested={0x4, 0xe7}, @nested={0x4, 0x142}]}, @generic="325a66db77815faacfe4c5ab34", @nested={0x24, 0x30, 0x0, 0x1, [@typed={0x8, 0x4d, 0x0, 0x0, @uid=r6}, @typed={0x14, 0x6b, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x24}}, @nested={0x4, 0x115}]}]}]}, 0x270}, 0x1, 0x600000, 0x0, 0x2406c089}, 0x20000000)

3.655209758s ago: executing program 2 (id=6527):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001d40)="d8750288189987d0fabb09b23867772c615b8004f5071a7715f73be32aea3bb1ecc3e0814fb9b752a6d48b1d4d68a4282f76c2c6535ec3ec0fe9843311", 0x3d}], 0x1}], 0x1, 0x40)
recvmmsg(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000740)=""/96, 0x60}, {&(0x7f0000000940)=""/53, 0x35}], 0x2}, 0x7fff}, {{0x0, 0x0, &(0x7f0000000580)=[{0x0}], 0x1}, 0x9}], 0x2, 0x10000, 0x0)
r2 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
sendmmsg$sock(r3, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@mark={{0x10, 0x1, 0x24, 0x3}}], 0x10}}], 0x1, 0x20000000)
ioctl$BTRFS_IOC_SPACE_INFO(r3, 0xc0109414, &(0x7f0000000980)={0xa72, 0x6, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0xfffffffe}, 0x1c)
ioctl$sock_qrtr_TIOCINQ(r5, 0x541b, &(0x7f0000000040))
setsockopt$MRT_DEL_MFC(r5, 0x0, 0xcd, &(0x7f0000000100)={@empty, @local, 0x1, "1f20c87e2b78e1c123a676e0bc24cdeccfea8edf38578e350959bfb1a9115b54", 0x8aa, 0x2, 0x7, 0x3ff}, 0x3c)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000000c0)=@bpf_lsm={0xe, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000009900000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000280)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000600)=""/247, 0xf7}, {&(0x7f0000010440)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/178, 0xb2}], 0x3, &(0x7f00000004c0)=""/10, 0xa}, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x40400d0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
syz_emit_ethernet(0x82, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa008100000086dd60f53a0400483a00fe8000000000000000000000000000bbff02000000000000000000000000000102009078000005006050835900000000fc010000000000000000000000000000ff0100000000000000000000000000013a01000000000000070800000000000080fe00000000"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r8}, 0xc)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x2, r6, 0x100}, 0xc)

3.432032214s ago: executing program 0 (id=6528):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000003006c0000006c00000008000000060000000100001304000000040000fa43000000010000000e000000060020040b0000040000000000000000f70a00000500000002000000970000ec0800000005000000030000000000000000000000ffffff7f0600000000000000020000000a0000000200000000000100005f71005f2e2e"], &(0x7f0000003340)=""/5, 0x8c, 0x5, 0x1, 0x6abb}, 0x28)

3.235847966s ago: executing program 0 (id=6530):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x7, 0x0, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f00000009c0)=""/4090, 0xffa}], 0x1}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x3000000}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(0x4)

3.138993188s ago: executing program 2 (id=6532):
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="850000008c0000006a0a00ff000000220c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000002100000000050000000000000095c333d4c0a3ecdd69086b8e4c36439a8808b90ea579cdf8bd475a470064827701f4169ebebecb5bba94f06f020fb64e5594a86f5f00000000000008c7533dc98a94008d7d2a7d2c23bc3f4cc1992aebd29fd21e95b3c7c49de340c24cb6ba1a33740825c424ecd87a3b02ae7840be900964b6948074a8f2ed867fd6601b0ca02215f4c2a5157135575fa1903abe92246853cb7cb868a3b2524a92bfa8aaeaf3ff3f08fb97ec0c126bfea903ef567bdf48aecb23342c8102732b7257f65b1f7d82adec836fd77d2f5c6e6c18ae428531d9e4d906b0a19827bffab9ced1e24e8f063d44fb76dd59e75486"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)

3.131878076s ago: executing program 4 (id=6533):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0500000004000000080000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000b39acc54000000000000000000100000004f89b5457472564aa0b5a3d3dce1762820b6ab9e6ae3a599d445c12d09a064e32d82aa19758de8494ea8a8f71b25d5fde0325beaaea526dc922150b7c25de71bec96eee56aca35dfb90efe06cb2b4980042c71ee80cb7823ae08714a2deee862067d551e"], 0x35)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000001c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000380)={0x1f, 0x7, @any, 0x0, 0x2}, 0xe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000440)={<r3=>0x0, 0x48, "4283bc9e8a4c85f6c6cbec19d086cad8354dc7e41d6476dfcea3c23d50a59aa361000a90b4eb26256eaf4c34cf3a2a49c685010373e71bd319cf1798104dd50407d7f17d1e9a6975"}, &(0x7f00000004c0)=0x50)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000500)={r3, 0x7e, "1aa4932dbb293ed7263942a6980b212c6fbcc7dcf4be0b60fdd0d7228f28ef524a9549677c403839f820d29cccc03424a1406d1dfa0e9cf2c27028e3646dd640c92e161b862816662e902ed4a2b30154ed6c2246cb8dceb9a98fcbed3cc6fb257ed9abf89cb05a8a341b966cbc63882af8fb86d2c093d2ffa122b88c7cd2"}, &(0x7f00000005c0)=0x86)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000009c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000008003000000003900001ca5fcfb008074a8c581384e1602d703874508787c9cbc432c2b6ccbfcf76fef91345c2be3ea29409a226b5462613cfbb603b628394b616423173692842d4e67040d96c24ff7e6f0ea6cc70ccdc3d2c2c1de668ac2fdb4849a88c5260a63518c85d36074e0ec1376cd4366c1b2b5c25fba1a92d457270b7e14adbda87c045725945b9018194d2591ef47f7343cbb481e77f89c1f01df52413dd2119853f163ef00f3aac4185e1af49cf0eab1f560fb6c6cb70d6d5a", @ANYRES32=r7, @ANYBLOB="10005a800c0001800700020002021100"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_GET_KEY(r5, &(0x7f0000000980)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000940)={&(0x7f0000000840)={0xe0, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xface, 0x63}}}}, [@NL80211_ATTR_KEY={0x88, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DEFAULT_TYPES={0x28, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_DEFAULT_TYPES={0xc, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "bb0d0e7dbb"}, @NL80211_KEY_CIPHER={0x8}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "4552bc55b2139ae46d1b15e337"}, @NL80211_KEY_SEQ={0x8, 0x4, "bafd990d"}, @NL80211_KEY_MODE={0x5}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x10, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "fa0e67b957"}]}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x3}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd70000000000001000000040008801400020077673000000000e4ffffffffffffff000800050001000000240003000000000000000000000000000000000000000000000000000000000000000000060006"], 0x60}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x43d6b990c9433eb3, {0x41, 0x0, 0x2}}, 0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000100)=0x8)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000d40)={0x0, {0x2, 0x4e21, @loopback}, {0x2, 0x4e21, @empty}, {0x2, 0x4e23, @broadcast}, 0x1b0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000d00)='vlan1\x00', 0x4, 0x2, 0x100})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r10, 0x20, &(0x7f00000001c0)={&(0x7f0000000140)=""/117, 0x75, <r11=>0x0, &(0x7f00000000c0)=""/13, 0xd}}, 0x10)
pipe(&(0x7f0000000040)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
unshare(0x24020400)
tee(r13, r12, 0xa000000000000000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000e80)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26765ba5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbdf8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d9447c4df6e21ee0e54f8be072e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r11}, 0x94)
r14 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r14, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x60, 0x1403, 0x1, 0x70bd26, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x200c08a5}, 0x8000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r10, 0xfeffff, 0x11d, 0x0, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f00000009c0)}, 0x50)

2.918626723s ago: executing program 2 (id=6536):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
socket$l2tp(0x2, 0x2, 0x73)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000001000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r2}, 0xc)
socket$inet6(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x1, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r4 = socket(0x10, 0x803, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295a5, 0x0, 0x0, {0xa, 0x0, 0x0, 0xc8, r6}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_ADDRESS={0x14, 0x1, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2.73875883s ago: executing program 1 (id=6537):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008001000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r3, 0x5, 0xe, 0x0, &(0x7f0000000440)="6121eed4cd50bb2b01e841acde1a", 0x0, 0x29d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x4}}}]}, 0x3c}}, 0x4000010)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000180)=0x7ff, 0x4)
setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000007c0)=@filter={'filter\x00', 0xe, 0x4, 0x398, 0xffffffff, 0x0, 0x0, 0xd0, 0xffffffff, 0xffffffff, 0x2c8, 0x2c8, 0x2c8, 0xffffffff, 0x4, &(0x7f00000006c0), {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}, {0x4, 0x1, 0x80, 0x1, 0x1, 0x400, 0x1000}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"511d"}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8)
sendmsg$inet(r4, &(0x7f0000000d00)={&(0x7f0000000700)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000bc0)="38409f1f1b5ecfd8a41e4fa5cf42422f7696b3e0cc7f80495f3fb26c1453baf927da870c5157fd41c21e64f65ec69915656bfe707124e37ba971aa946bd8af178a20fce20e25e83281b3ca43e654dc", 0x4f}], 0x1, &(0x7f0000000d40)=ANY=[@ANYBLOB="00080000000000000000000000000000fb9e85d02a6b3010a4bd901f2fb476feddcad6dd8777bc3f79ce54807419a1def4e56fc174678584fcca6ee193da5e0530601711bb810312bf2029fcb486993f7e6ac64375fe790a907d72bbc1721b7983c9129c", @ANYRES32=r1, @ANYBLOB="00000000ac1414bb000000001100000000000000000000000100000010000000000000001800000000000000000000000700000094040100940401001100000000000000000000000100000003000000000000001100000000000000000000000100000009000000000000001400000000000000000000000200"/132], 0x98}, 0x24000884)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2000008b0000099fb5e90000ea860ccf2964effcb4299195f4f9ef69256705daad160c8ad98471a8e118bcf8883859393ef5e17b5e0b7593706c6730b6a15e774a63213c3fab14b7d899fe6071bd005aa0151c205254645d10614afecbbc3fc0f9d1f6a2245d1f8d13518778d6bfc3850284c76715f822d594cc01524b032f5403b1543572891a5721aca4ac22eb5584dbdc32ef2e1456a8a9d2ab6381e6d298fd2d8f63b3966c6d07dcfd12a14be5b6e26b8b5d2c", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_int(r7, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000180)=ANY=[@ANYBLOB='-1'], 0x27)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x40000, 0x1, 0x2, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x300, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0)

2.607608342s ago: executing program 1 (id=6538):
socket$nl_route(0x10, 0x3, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@x25, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000080)=0x5)
setsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={r6, 0x4}, 0x8)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x7c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0x60, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x5c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x3c, 0x2, [{0x0, 0x7}, {0x5, 0x4}, {0x3, 0x8}, {0x0, 0x3}, {0x2, 0xa}, {0x6}, {0x7, 0x7}, {0x5, 0xa}, {0x7, 0x2}, {0x0, 0x7}, {0x1, 0x1b}, {0x5, 0x4}, {0x6, 0x1}, {0x0, 0x5}, {0x3, 0x1}, {0x3, 0x2}, {0x5, 0x4}, {0x5, 0x3}, {0x3, 0x2}, {0x4, 0x4}, {0x5, 0x6}, {0x0, 0x2}, {0x0, 0x4}, {0x2, 0x9}, {0x7}, {0x1, 0x5}, {0x2, 0x4}, {0x6, 0xa}, {0x7, 0x4}, {0x5, 0x9}, {0x5, 0x4}, {0x6, 0x1}, {0x4, 0x9}, {0x5, 0x3}, {0x6, 0x4}, {0x1, 0x7}, {0x5, 0x2}, {0x0, 0x6}, {0x2, 0x3}, {0x5, 0x9}, {0x6, 0x3}, {0x1, 0x5}, {0x0, 0xa}, {0x7, 0x7}, {0x6, 0x3}, {0x1}, {0x0, 0x7}, {0x2, 0x4}, {0x6, 0x7}, {0x4, 0x9}, {0x6, 0x1}, {0x6, 0x1}, {0x1, 0x1}, {0x1, 0x2}, {0x4, 0x4}, {0x5, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6, 0x2, 0x8, 0xffff, 0xfffd, 0x4, 0x300]}}]}]}]}, 0x7c}}, 0x0)

2.588250679s ago: executing program 1 (id=6539):
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/12], 0x48)
socket$inet(0x2b, 0x801, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5f8, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0xffffff95)
socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r4)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000000200)={'wlan1\x00', @random="ffffff8dffff"})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt(r6, 0x6, 0x0, 0x0, &(0x7f0000000000))
bind$inet(r5, &(0x7f0000000100)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="14010000220001000000000000000000020100800c001000000000000000000014000c002001000000000000000000000000000050bb2d6f67d29d6fabadb1def49c88ea04abde1d5e8d3fb22a1b5446778bdafefc46b0449ade68bf84b36ec72dd71265fc1a882348c26c2126237dd5086cda40e00aec58754734be31d750351dc076eb43d9621dc08c0272f49d1608a487f26fbe8101000000cb748edb353d70010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ceeb5f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd00000000"], 0x114}], 0x1}, 0x80)

2.287478573s ago: executing program 3 (id=6540):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c00)=@nat={'nat\x00', 0x1b, 0x2, 0x6d8, 0x608, 0x318, 0xffffffff, 0x228, 0x318, 0x608, 0x608, 0xffffffff, 0x608, 0x608, 0x5, 0x0, {[{{@ipv6={@loopback, @private2, [], [], 'veth1_virt_wifi\x00', 'tunl0\x00'}, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x6, [0x1, 0x10], 0x6, 0x30, 0x8, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @loopback, @dev={0xfe, 0x80, '\x00', 0x41}, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, @mcast1, @rand_addr=' \x01\x00', @local, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}], 0xa}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@private0, @ipv4=@local, @port, @icmp_id}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, [], [0x0, 0x0, 0x0, 0xff], 'dvmrp1\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x4, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @gre_key=0xd, @icmp_id=0x65}}}, {{@uncond, 0x0, 0x1e0, 0x220, 0x0, {}, [@common=@rt={{0x138}, {0x0, [0x608], 0x0, 0x0, 0x0, [@mcast2, @dev, @dev, @loopback, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @local}, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @dev, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}], 0xe}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "b10c2b32d88332bae7eeec407d5b77fe6e35fc4922b23a0007d5e70f0891"}}, {{@ipv6={@remote, @local, [], [], 'ipvlan1\x00', 'xfrm0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x738)

2.087678509s ago: executing program 3 (id=6541):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYRESDEC=0x0], 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c9042, 0x0)
r0 = getpid()
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r6}, 0x14)
r7 = socket$netlink(0x10, 0x3, 0x400000000000004)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r8, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
setsockopt$XDP_TX_RING(r8, 0x11b, 0x3, &(0x7f0000000040), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, 0x0, 0x0)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, 0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x1}, 0xc)
r11 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_KEY(r11, 0x6a, 0x1, 0x0, 0x20)

2.087242931s ago: executing program 0 (id=6542):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
r1 = accept(r0, &(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, &(0x7f0000000180)=0x80)
sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)={0x8c, 0x1, 0x7, 0x101, 0x0, 0x0, {0xa}, [@NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xfff}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0xffffffffffffffa6}, @NFACCT_FILTER={0x34, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4a}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}]}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x4c080)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_EXPR={0x10, 0x5, 0x0, 0x1, @payload={{0xc}, @void}}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x1c, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb0}}, 0x0)

1.984936055s ago: executing program 0 (id=6543):
r0 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000100023ff00"/20, @ANYRES32=0x0, @ANYRESHEX=r0], 0x58}, 0x1, 0x0, 0x0, 0x20044001}, 0x8000)
r1 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) (async)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={r3, 0x100, 0x6, 0x6, 0x36, 0x8}, &(0x7f00000000c0)=0x14) (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.sectors\x00', 0x0, 0x0) (async)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) (async)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
recvmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c00)=""/84, 0x54}, 0x101) (async)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) (async)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r6, 0x0, 0xd, &(0x7f0000000040)=0x6aba, 0x4) (async)
setsockopt$inet_int(r6, 0x0, 0x12, &(0x7f0000000180)=0x41fffffd, 0x4) (async)
recvmmsg(r6, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) (async)
r7 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r7, &(0x7f0000002680)=[{{&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000300)="3ef7ac843360", 0x6}], 0x1}}, {{&(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000640)="d0d41522", 0x4}, {0x0}], 0x2}}], 0x2, 0x4004081) (async)
setsockopt$sock_int(r7, 0x1, 0x7, &(0x7f0000000000), 0x4) (async)
getsockopt$sock_int(r5, 0x1, 0x1e, 0x0, &(0x7f0000000140)) (async)
listen(r4, 0x401) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r8, &(0x7f0000000600)=ANY=[@ANYBLOB="000008000305070003008000060061ece016000d2100fc000000000000000000000000000001fc00000800000000000000000000000189000839670000004e234e22040190781461e966fcd50ce8921826e4a94461c3c0dbf326e578f73b8b6eb75fee8be064a2fed8d5b451d80d7327ccedaac139537f4d04397300"/134], 0x86) (async)
r9 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

1.962343002s ago: executing program 2 (id=6544):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="14000000040000000400000002000200000000", @ANYRES32, @ANYBLOB="f6a700"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000"], 0x50)

1.851798335s ago: executing program 0 (id=6545):
syz_open_procfs$namespace(0x0, 0x0)
unshare(0x6a040000)
r0 = socket$netlink(0x10, 0x3, 0x12)
r1 = socket$packet(0x11, 0x2, 0x300)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
sendmsg(r2, 0x0, 0x844)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00'})
sendmsg$nl_route(r2, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x5, 0xfff}, 0x1c)
syz_genetlink_get_family_id$ipvs(0x0, r0)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, 0x0, 0x40c1)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r6, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0x2f9, 0x543, &(0x7f0000000040)="b90103600040f000009e0ff088a81fffffe100004000632177fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca3a0f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28)

1.824860873s ago: executing program 2 (id=6546):
preadv(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x6)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001180)=ANY=[@ANYBLOB="300000002000010000000000000000000200000000000000000000000c00144000000000000000000500130001"], 0x30}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe24, &(0x7f0000000000)='/proc/3\x00\xff\xff\xffat\x00AE\xf44.\xab%j'}, 0x30)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='-4'], 0xc)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0), 0x10)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, {0x8}, 0x0, 0x0, 0xa, 0x0, 0x2}}}, 0xf8}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x4, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@empty, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0) (async)
socket$netlink(0x10, 0x3, 0x6) (async)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001180)=ANY=[@ANYBLOB="300000002000010000000000000000000200000000000000000000000c00144000000000000000000500130001"], 0x30}}, 0x0) (async)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe24, &(0x7f0000000000)='/proc/3\x00\xff\xff\xffat\x00AE\xf44.\xab%j'}, 0x30) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) (async)
write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='-4'], 0xc) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0), 0x10) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, {0x8}, 0x0, 0x0, 0xa, 0x0, 0x2}}}, 0xf8}}, 0x0) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x4, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@empty, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0) (async)

1.665156189s ago: executing program 1 (id=6547):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x0, 0x8, 0x6a, 0x0, 0x1, 0x40000000}, 0x50)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$vsock_stream(0x28, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000000041000000", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r1, @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

1.427651153s ago: executing program 2 (id=6548):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x8}, 0x20)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x4000, 0x0, 0x5, 0x2}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r3)
sendmsg$NET_DM_CMD_START(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r4, 0x1}, 0x14}}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
r5 = socket(0x10, 0x3, 0x0)
bind$netlink(r5, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r5, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
socket$inet6_sctp(0xa, 0x0, 0x84)
connect$netlink(r5, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00'})
clock_gettime(0x0, 0x0)
sendmsg$can_bcm(r5, 0x0, 0x4804)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="e00000000001010400000000000000000a000000440001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c000280050001000000000006000340000200003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000070000000000000000010c00028005000100000000000800074000000000440010800800024000000fff0800024000000007080001"], 0xe0}}, 0x0)
syz_genetlink_get_family_id$smc(0x0, r5)
setsockopt$sock_int(r5, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4)
setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000001c0)={'broute\x00', 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x10000000000000], 0x0, 0x0}, 0x78)
write(0xffffffffffffffff, &(0x7f0000000000)="a2", 0x51)
recvmmsg(r5, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)

1.325331436s ago: executing program 1 (id=6549):
bind$l2tp(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local, 0x2}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
getsockopt$bt_hci(r1, 0x0, 0x2, &(0x7f00000001c0), &(0x7f0000001240))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r4})
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001300)={'wlan1\x00'})
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000440)={0x2, 0xfffffffc, 0x6}, 0x10)
r6 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r6, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000001940), 0x0, &(0x7f0000001c00)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f00000001c0)=""/117, 0x75}, &(0x7f0000001b40)=[{&(0x7f0000001a80)=""/79, 0x4f}], 0x1}}], 0x48}, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket(0x10, 0x803, 0x0)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'hsr0\x00', @link_local})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_BITWISE_XOR={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x40)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40482, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000140))
pwritev(r9, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd06000040", 0x27}], 0x2, 0x0, 0x4)

0s ago: executing program 1 (id=6550):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000100008000000000efff141afffe020000110c00018006"], 0x20}}, 0x24000000)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
sendmsg$nl_route(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000015000504e1ff4319918e00352d"], 0x2c}}, 0x60040050)
socket$tipc(0x1e, 0x5, 0x0)

kernel console output (not intermixed with test programs):

394788][T23399]  ? __pfx___btf_verifier_log+0x10/0x10
[  557.394811][T23399]  ? __might_fault+0xb0/0x130
[  557.394840][T23399]  ? btf_parse_hdr+0x1e2/0x6d0
[  557.394863][T23399]  btf_parse_hdr+0x2ad/0x6d0
[  557.394887][T23399]  btf_new_fd+0x36d/0xc90
[  557.394906][T23399]  ? apparmor_capable+0x137/0x1b0
[  557.394937][T23399]  ? __pfx_btf_new_fd+0x10/0x10
[  557.394958][T23399]  ? bpf_token_put+0x143/0x160
[  557.394983][T23399]  ? bpf_btf_load+0x126/0x190
[  557.395002][T23399]  __sys_bpf+0x635/0x860
[  557.395037][T23399]  ? __pfx___sys_bpf+0x10/0x10
[  557.395074][T23399]  ? ksys_write+0x22a/0x250
[  557.395100][T23399]  ? __pfx_ksys_write+0x10/0x10
[  557.395129][T23399]  __x64_sys_bpf+0x7c/0x90
[  557.395154][T23399]  do_syscall_64+0xfa/0x3b0
[  557.395188][T23399]  ? lockdep_hardirqs_on+0x9c/0x150
[  557.395216][T23399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.395235][T23399]  ? clear_bhb_loop+0x60/0xb0
[  557.395258][T23399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.395277][T23399] RIP: 0033:0x7fc1bb98e9a9
[  557.395302][T23399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.395318][T23399] RSP: 002b:00007fc1bc791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  557.395339][T23399] RAX: ffffffffffffffda RBX: 00007fc1bbbb5fa0 RCX: 00007fc1bb98e9a9
[  557.395354][T23399] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000012
[  557.395366][T23399] RBP: 00007fc1bc791090 R08: 0000000000000000 R09: 0000000000000000
[  557.395379][T23399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.395390][T23399] R13: 0000000000000001 R14: 00007fc1bbbb5fa0 R15: 00007fffdc47db08
[  557.395421][T23399]  </TASK>
[  557.637674][T23401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.700759][T23401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  558.019210][T23415] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5504'.
[  558.058678][T23416] macsec1: entered promiscuous mode
[  558.070547][T23416] gretap0: entered promiscuous mode
[  558.081901][T23416] gretap0: left promiscuous mode
[  558.135990][T23418] netlink: 276 bytes leftover after parsing attributes in process `syz.4.5506'.
[  558.647524][T23443] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5514'.
[  558.781608][T23450] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5519'.
[  559.173604][T23471] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5524'.
[  559.408070][T23482] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5531'.
[  559.468685][T23484] ip6_vti0: entered promiscuous mode
[  559.474248][T23484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5532'.
[  559.751191][T23500] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5537'.
[  560.228093][T23516] netlink: 'syz.4.5543': attribute type 20 has an invalid length.
[  560.819320][T23500] netlink: 'syz.2.5537': attribute type 2 has an invalid length.
[  561.289241][T23550] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  561.383510][T23554] dvmrp1: tun_chr_ioctl cmd 1074025677
[  561.391899][T23554] dvmrp1: linktype set to 773
[  561.436185][T23548] sctp: [Deprecated]: syz.4.5553 (pid 23548) Use of struct sctp_assoc_value in delayed_ack socket option.
[  561.436185][T23548] Use struct sctp_sack_info instead
[  561.590918][T23564] xt_hashlimit: max too large, truncated to 1048576
[  561.629523][T23564] No such timeout policy "syz1"
[  561.924275][T23581] FAULT_INJECTION: forcing a failure.
[  561.924275][T23581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  561.965463][T23581] CPU: 0 UID: 0 PID: 23581 Comm: syz.2.5563 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  561.965491][T23581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  561.965502][T23581] Call Trace:
[  561.965510][T23581]  <TASK>
[  561.965519][T23581]  dump_stack_lvl+0x189/0x250
[  561.965547][T23581]  ? __pfx____ratelimit+0x10/0x10
[  561.965576][T23581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  561.965598][T23581]  ? __pfx__printk+0x10/0x10
[  561.965622][T23581]  ? __might_fault+0xb0/0x130
[  561.965658][T23581]  should_fail_ex+0x414/0x560
[  561.965682][T23581]  _copy_from_user+0x2d/0xb0
[  561.965708][T23581]  do_sock_getsockopt+0x17d/0x450
[  561.965732][T23581]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  561.965752][T23581]  ? do_syscall_64+0x20/0x3b0
[  561.965769][T23581]  ? __fget_files+0x3a0/0x420
[  561.965784][T23581]  ? __fget_files+0x2a/0x420
[  561.965808][T23581]  __x64_sys_getsockopt+0x1a5/0x250
[  561.965827][T23581]  ? do_syscall_64+0x20/0x3b0
[  561.965846][T23581]  ? do_syscall_64+0x20/0x3b0
[  561.965868][T23581]  do_syscall_64+0xfa/0x3b0
[  561.965891][T23581]  ? lockdep_hardirqs_on+0x9c/0x150
[  561.965918][T23581]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.965936][T23581]  ? clear_bhb_loop+0x60/0xb0
[  561.965958][T23581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.965976][T23581] RIP: 0033:0x7fa91738e9a9
[  561.965992][T23581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.966008][T23581] RSP: 002b:00007fa918155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  561.966027][T23581] RAX: ffffffffffffffda RBX: 00007fa9175b5fa0 RCX: 00007fa91738e9a9
[  561.966040][T23581] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000003
[  561.966051][T23581] RBP: 00007fa918155090 R08: 00002000000001c0 R09: 0000000000000000
[  561.966063][T23581] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  561.966075][T23581] R13: 0000000000000000 R14: 00007fa9175b5fa0 R15: 00007fff4f959f68
[  561.966103][T23581]  </TASK>
[  562.312347][T23591] FAULT_INJECTION: forcing a failure.
[  562.312347][T23591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.330633][T23591] CPU: 0 UID: 0 PID: 23591 Comm: syz.2.5566 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  562.330661][T23591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  562.330674][T23591] Call Trace:
[  562.330683][T23591]  <TASK>
[  562.330691][T23591]  dump_stack_lvl+0x189/0x250
[  562.330720][T23591]  ? __pfx____ratelimit+0x10/0x10
[  562.330762][T23591]  ? __pfx_dump_stack_lvl+0x10/0x10
[  562.330785][T23591]  ? __pfx__printk+0x10/0x10
[  562.330812][T23591]  ? __might_fault+0xb0/0x130
[  562.330850][T23591]  should_fail_ex+0x414/0x560
[  562.330881][T23591]  _copy_from_user+0x2d/0xb0
[  562.330909][T23591]  ___sys_sendmsg+0x158/0x2a0
[  562.330935][T23591]  ? __pfx____sys_sendmsg+0x10/0x10
[  562.330996][T23591]  ? __fget_files+0x2a/0x420
[  562.331013][T23591]  ? __fget_files+0x3a0/0x420
[  562.331041][T23591]  __sys_sendmmsg+0x227/0x430
[  562.331070][T23591]  ? __pfx___sys_sendmmsg+0x10/0x10
[  562.331090][T23591]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  562.331137][T23591]  ? ksys_write+0x22a/0x250
[  562.331165][T23591]  ? __pfx_ksys_write+0x10/0x10
[  562.331188][T23591]  ? rcu_is_watching+0x15/0xb0
[  562.331217][T23591]  __x64_sys_sendmmsg+0xa0/0xc0
[  562.331243][T23591]  do_syscall_64+0xfa/0x3b0
[  562.331260][T23591]  ? lockdep_hardirqs_on+0x9c/0x150
[  562.331289][T23591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.331309][T23591]  ? clear_bhb_loop+0x60/0xb0
[  562.331332][T23591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.331351][T23591] RIP: 0033:0x7fa91738e9a9
[  562.331367][T23591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.331384][T23591] RSP: 002b:00007fa918155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  562.331405][T23591] RAX: ffffffffffffffda RBX: 00007fa9175b5fa0 RCX: 00007fa91738e9a9
[  562.331419][T23591] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  562.331433][T23591] RBP: 00007fa918155090 R08: 0000000000000000 R09: 0000000000000000
[  562.331445][T23591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.331456][T23591] R13: 0000000000000000 R14: 00007fa9175b5fa0 R15: 00007fff4f959f68
[  562.331487][T23591]  </TASK>
[  562.580749][T23592] "syz.3.5567" (23592) uses obsolete ecb(arc4) skcipher
[  562.920942][T23609] FAULT_INJECTION: forcing a failure.
[  562.920942][T23609] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.984896][T23609] CPU: 0 UID: 0 PID: 23609 Comm: syz.0.5571 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  562.984926][T23609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  562.984938][T23609] Call Trace:
[  562.984947][T23609]  <TASK>
[  562.984955][T23609]  dump_stack_lvl+0x189/0x250
[  562.984997][T23609]  ? __pfx____ratelimit+0x10/0x10
[  562.985025][T23609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  562.985069][T23609]  ? __pfx__printk+0x10/0x10
[  562.985107][T23609]  should_fail_ex+0x414/0x560
[  562.985132][T23609]  _copy_to_user+0x31/0xb0
[  562.985160][T23609]  simple_read_from_buffer+0xe1/0x170
[  562.985193][T23609]  proc_fail_nth_read+0x1df/0x250
[  562.985215][T23609]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  562.985237][T23609]  ? rw_verify_area+0x258/0x650
[  562.985261][T23609]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  562.985282][T23609]  vfs_read+0x200/0x980
[  562.985315][T23609]  ? __pfx_vfs_read+0x10/0x10
[  562.985336][T23609]  ? __asan_memset+0x22/0x50
[  562.985358][T23609]  ? _copy_from_user+0x4c/0xb0
[  562.985383][T23609]  ? raw_setsockopt+0x647/0x1160
[  562.985403][T23609]  ? do_sys_openat2+0x154/0x1c0
[  562.985425][T23609]  ? __pfx_aa_sk_perm+0x10/0x10
[  562.985455][T23609]  ? __pfx_raw_setsockopt+0x10/0x10
[  562.985485][T23609]  ksys_read+0x145/0x250
[  562.985513][T23609]  ? __pfx_ksys_read+0x10/0x10
[  562.985543][T23609]  ? do_syscall_64+0xbe/0x3b0
[  562.985565][T23609]  do_syscall_64+0xfa/0x3b0
[  562.985582][T23609]  ? lockdep_hardirqs_on+0x9c/0x150
[  562.985610][T23609]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.985629][T23609]  ? clear_bhb_loop+0x60/0xb0
[  562.985652][T23609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.985670][T23609] RIP: 0033:0x7f7d0118d3bc
[  562.985687][T23609] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  562.985703][T23609] RSP: 002b:00007f7d0209b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  562.985722][T23609] RAX: ffffffffffffffda RBX: 00007f7d013b5fa0 RCX: 00007f7d0118d3bc
[  562.985736][T23609] RDX: 000000000000000f RSI: 00007f7d0209b0a0 RDI: 0000000000000005
[  562.985749][T23609] RBP: 00007f7d0209b090 R08: 0000000000000000 R09: 0000000000000000
[  562.985761][T23609] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.985773][T23609] R13: 0000000000000000 R14: 00007f7d013b5fa0 R15: 00007ffd068401e8
[  562.985803][T23609]  </TASK>
[  563.751604][T23638] FAULT_INJECTION: forcing a failure.
[  563.751604][T23638] name failslab, interval 1, probability 0, space 0, times 0
[  563.775503][T23638] CPU: 1 UID: 0 PID: 23638 Comm: syz.3.5583 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  563.775529][T23638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  563.775541][T23638] Call Trace:
[  563.775549][T23638]  <TASK>
[  563.775557][T23638]  dump_stack_lvl+0x189/0x250
[  563.775584][T23638]  ? __pfx____ratelimit+0x10/0x10
[  563.775612][T23638]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.775634][T23638]  ? __pfx__printk+0x10/0x10
[  563.775679][T23638]  ? __pfx___might_resched+0x10/0x10
[  563.775701][T23638]  ? fs_reclaim_acquire+0x7d/0x100
[  563.775725][T23638]  should_fail_ex+0x414/0x560
[  563.775761][T23638]  should_failslab+0xa8/0x100
[  563.775791][T23638]  __kmalloc_noprof+0xcb/0x4f0
[  563.775817][T23638]  ? tomoyo_encode+0x28b/0x550
[  563.775844][T23638]  tomoyo_encode+0x28b/0x550
[  563.775873][T23638]  tomoyo_realpath_from_path+0x58d/0x5d0
[  563.775898][T23638]  ? tomoyo_domain+0xd9/0x130
[  563.775927][T23638]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  563.775957][T23638]  tomoyo_path_number_perm+0x1e8/0x5a0
[  563.775996][T23638]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  563.776044][T23638]  ? __lock_acquire+0xab9/0xd20
[  563.776086][T23638]  ? __fget_files+0x2a/0x420
[  563.776107][T23638]  ? __fget_files+0x2a/0x420
[  563.776123][T23638]  ? __fget_files+0x3a0/0x420
[  563.776138][T23638]  ? __fget_files+0x2a/0x420
[  563.776160][T23638]  security_file_ioctl+0xcb/0x2d0
[  563.776190][T23638]  __se_sys_ioctl+0x47/0x170
[  563.776218][T23638]  do_syscall_64+0xfa/0x3b0
[  563.776235][T23638]  ? lockdep_hardirqs_on+0x9c/0x150
[  563.776264][T23638]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.776284][T23638]  ? clear_bhb_loop+0x60/0xb0
[  563.776307][T23638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.776326][T23638] RIP: 0033:0x7f7a8138e9a9
[  563.776344][T23638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.776361][T23638] RSP: 002b:00007f7a8213a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  563.776381][T23638] RAX: ffffffffffffffda RBX: 00007f7a815b5fa0 RCX: 00007f7a8138e9a9
[  563.776395][T23638] RDX: 00002000000000c0 RSI: 000000000000890b RDI: 0000000000000004
[  563.776407][T23638] RBP: 00007f7a8213a090 R08: 0000000000000000 R09: 0000000000000000
[  563.776418][T23638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.776429][T23638] R13: 0000000000000000 R14: 00007f7a815b5fa0 R15: 00007ffd08f8b0e8
[  563.776461][T23638]  </TASK>
[  563.776483][T23638] ERROR: Out of memory at tomoyo_realpath_from_path.
[  563.842624][T23643] __nla_validate_parse: 3 callbacks suppressed
[  563.842648][T23643] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5586'.
[  564.502299][T23671] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5591'.
[  564.644899][T23675] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0
[  564.772433][T23681] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5593'.
[  564.863734][T23685] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5596'.
[  564.932713][T23685] bond0: entered promiscuous mode
[  564.984839][T23685] dummy0: entered promiscuous mode
[  565.010444][T23685] bond0: left promiscuous mode
[  565.015563][T23685] dummy0: left promiscuous mode
[  565.956478][T23729] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5606'.
[  566.066149][T23735] netlink: 'syz.1.5609': attribute type 1 has an invalid length.
[  566.094890][T23735] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5609'.
[  566.590751][T23756] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5615'.
[  566.604160][T23756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5615'.
[  566.640751][T23757] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5611'.
[  566.830453][T23760] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5616'.
[  567.197723][T23765] netlink: 'syz.2.5618': attribute type 6 has an invalid length.
[  567.407881][T23782] netlink: 'syz.3.5622': attribute type 10 has an invalid length.
[  567.530037][T23772] sit0: entered allmulticast mode
[  567.557200][T23772] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003
[  567.770383][T23793] syzkaller0: entered promiscuous mode
[  567.776460][T23793] syzkaller0: entered allmulticast mode
[  570.063808][T23844] ip6gretap0: entered promiscuous mode
[  570.077356][T23844] vlan0: entered promiscuous mode
[  570.282302][T23862] 8021q: adding VLAN 0 to HW filter on device team0
[  570.339446][T23862] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  570.396142][T23869] __nla_validate_parse: 2 callbacks suppressed
[  570.396159][T23869] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5645'.
[  570.452736][T23869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5645'.
[  570.475738][T23869] netlink: 'syz.4.5645': attribute type 14 has an invalid length.
[  570.483598][T23869] netlink: 'syz.4.5645': attribute type 11 has an invalid length.
[  571.443081][T23911] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5659'.
[  573.373552][T23921] netlink: 'syz.0.5660': attribute type 6 has an invalid length.
[  573.520313][T23931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5665'.
[  573.543347][T23933] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5663'.
[  573.607054][T23938] ipt_rpfilter: unknown options
[  573.790127][T23945] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  574.312974][T23973] netlink: 'syz.1.5676': attribute type 10 has an invalid length.
[  574.384487][T23977] FAULT_INJECTION: forcing a failure.
[  574.384487][T23977] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.423752][T23977] CPU: 1 UID: 0 PID: 23977 Comm: syz.2.5678 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  574.423779][T23977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.423791][T23977] Call Trace:
[  574.423799][T23977]  <TASK>
[  574.423807][T23977]  dump_stack_lvl+0x189/0x250
[  574.423834][T23977]  ? __pfx____ratelimit+0x10/0x10
[  574.423870][T23977]  ? __pfx_dump_stack_lvl+0x10/0x10
[  574.423891][T23977]  ? __pfx__printk+0x10/0x10
[  574.423918][T23977]  ? __asan_memcpy+0x40/0x70
[  574.423946][T23977]  should_fail_ex+0x414/0x560
[  574.423970][T23977]  _copy_to_user+0x31/0xb0
[  574.423996][T23977]  bpf_verifier_vlog+0x520/0x900
[  574.424032][T23977]  __btf_verifier_log+0xd4/0x120
[  574.424064][T23977]  ? __pfx___btf_verifier_log+0x10/0x10
[  574.424087][T23977]  ? __might_fault+0xb0/0x130
[  574.424117][T23977]  ? btf_parse_hdr+0x1e2/0x6d0
[  574.424141][T23977]  btf_parse_hdr+0x302/0x6d0
[  574.424166][T23977]  btf_new_fd+0x36d/0xc90
[  574.424184][T23977]  ? apparmor_capable+0x137/0x1b0
[  574.424215][T23977]  ? __pfx_btf_new_fd+0x10/0x10
[  574.424237][T23977]  ? bpf_token_put+0x143/0x160
[  574.424263][T23977]  ? bpf_btf_load+0x126/0x190
[  574.424283][T23977]  __sys_bpf+0x635/0x860
[  574.424311][T23977]  ? __pfx___sys_bpf+0x10/0x10
[  574.424350][T23977]  ? ksys_write+0x22a/0x250
[  574.424377][T23977]  ? __pfx_ksys_write+0x10/0x10
[  574.424408][T23977]  __x64_sys_bpf+0x7c/0x90
[  574.424434][T23977]  do_syscall_64+0xfa/0x3b0
[  574.424450][T23977]  ? lockdep_hardirqs_on+0x9c/0x150
[  574.424477][T23977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.424494][T23977]  ? clear_bhb_loop+0x60/0xb0
[  574.424517][T23977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.424533][T23977] RIP: 0033:0x7fa91738e9a9
[  574.424550][T23977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.424564][T23977] RSP: 002b:00007fa918155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  574.424584][T23977] RAX: ffffffffffffffda RBX: 00007fa9175b5fa0 RCX: 00007fa91738e9a9
[  574.424598][T23977] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000012
[  574.424610][T23977] RBP: 00007fa918155090 R08: 0000000000000000 R09: 0000000000000000
[  574.424621][T23977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  574.424632][T23977] R13: 0000000000000001 R14: 00007fa9175b5fa0 R15: 00007fff4f959f68
[  574.424661][T23977]  </TASK>
[  574.679246][T23978] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5677'.
[  574.786585][T23981] pimreg: entered allmulticast mode
[  574.842896][T23978] pimreg: left allmulticast mode
[  575.145027][T23995] SET target dimension over the limit!
[  575.361004][T24014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5688'.
[  575.525058][T24018] xt_hashlimit: overflow, try lower: 6/0
[  575.890670][T24042] netlink: 'syz.4.5698': attribute type 1 has an invalid length.
[  575.914083][T24042] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5698'.
[  576.071568][ T5924] IPVS: starting estimator thread 0...
[  576.164920][T24051] IPVS: using max 34 ests per chain, 81600 per kthread
[  576.644300][T24078] xt_connbytes: Forcing CT accounting to be enabled
[  576.653721][T24078] xt_bpf: check failed: parse error
[  576.683597][T24079] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5707'.
[  577.151917][T24093] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5714'.
[  577.152337][T24091] Bluetooth: MGMT ver 1.23
[  577.318073][T24103] x_tables: unsorted underflow at hook 4
[  577.762510][T24124] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5724'.
[  577.944549][T24133] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5727'.
[  578.473610][T24159] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5735'.
[  578.880764][T24178] FAULT_INJECTION: forcing a failure.
[  578.880764][T24178] name failslab, interval 1, probability 0, space 0, times 0
[  578.924365][T24178] CPU: 1 UID: 0 PID: 24178 Comm: syz.1.5738 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  578.924394][T24178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  578.924406][T24178] Call Trace:
[  578.924414][T24178]  <TASK>
[  578.924422][T24178]  dump_stack_lvl+0x189/0x250
[  578.924450][T24178]  ? __pfx____ratelimit+0x10/0x10
[  578.924489][T24178]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.924512][T24178]  ? __pfx__printk+0x10/0x10
[  578.924538][T24178]  ? __pfx___might_resched+0x10/0x10
[  578.924560][T24178]  ? fs_reclaim_acquire+0x7d/0x100
[  578.924583][T24178]  should_fail_ex+0x414/0x560
[  578.924606][T24178]  ? nf_hook_entries_grow+0x27c/0x710
[  578.924633][T24178]  should_failslab+0xa8/0x100
[  578.924661][T24178]  __kvmalloc_node_noprof+0x161/0x5f0
[  578.924688][T24178]  ? nf_hook_entries_grow+0x27c/0x710
[  578.924714][T24178]  ? __pfx___mutex_lock+0x10/0x10
[  578.924736][T24178]  nf_hook_entries_grow+0x27c/0x710
[  578.924779][T24178]  __nf_register_net_hook+0x2c9/0x930
[  578.924808][T24178]  nf_register_net_hook+0xb2/0x190
[  578.924829][T24178]  nf_register_net_hooks+0x44/0x1b0
[  578.924850][T24178]  nf_defrag_ipv6_enable+0x87/0x120
[  578.924877][T24178]  nf_ct_netns_do_get+0x1e7/0x5a0
[  578.924898][T24178]  ? __pfx_nf_ct_netns_do_get+0x10/0x10
[  578.924914][T24178]  ? rcu_is_watching+0x15/0xb0
[  578.924951][T24178]  connmark_tg_check+0x53/0xf0
[  578.924980][T24178]  xt_check_target+0x3c3/0xa90
[  578.925005][T24178]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  578.925025][T24178]  ? __pfx_xt_check_target+0x10/0x10
[  578.925049][T24178]  ? pcpu_alloc_noprof+0xfdd/0x16b0
[  578.925085][T24178]  ? xt_find_target+0x1f3/0x240
[  578.925113][T24178]  translate_table+0x186b/0x2040
[  578.925157][T24178]  ? __pfx_translate_table+0x10/0x10
[  578.925179][T24178]  ? __might_fault+0xb0/0x130
[  578.925223][T24178]  ? _copy_from_user+0x94/0xb0
[  578.925254][T24178]  do_ip6t_set_ctl+0x970/0xce0
[  578.925277][T24178]  ? get_pid_task+0x20/0x1f0
[  578.925304][T24178]  ? rcu_is_watching+0x15/0xb0
[  578.925325][T24178]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  578.925366][T24178]  ? __pfx___mutex_lock+0x10/0x10
[  578.925384][T24178]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  578.925413][T24178]  ? __lock_acquire+0xab9/0xd20
[  578.925438][T24178]  nf_setsockopt+0x26c/0x290
[  578.925466][T24178]  rawv6_setsockopt+0x23b/0x5b0
[  578.925499][T24178]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  578.925521][T24178]  ? aa_sock_opt_perm+0x74/0x110
[  578.925540][T24178]  ? sock_common_setsockopt+0x36/0xc0
[  578.925567][T24178]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  578.925597][T24178]  do_sock_setsockopt+0x179/0x1b0
[  578.925623][T24178]  __x64_sys_setsockopt+0x13f/0x1b0
[  578.925649][T24178]  do_syscall_64+0xfa/0x3b0
[  578.925666][T24178]  ? lockdep_hardirqs_on+0x9c/0x150
[  578.925692][T24178]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.925710][T24178]  ? clear_bhb_loop+0x60/0xb0
[  578.925733][T24178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.925750][T24178] RIP: 0033:0x7fa14c18e9a9
[  578.925767][T24178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.925783][T24178] RSP: 002b:00007fa14cf7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  578.925802][T24178] RAX: ffffffffffffffda RBX: 00007fa14c3b5fa0 RCX: 00007fa14c18e9a9
[  578.925815][T24178] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  578.925826][T24178] RBP: 00007fa14cf7f090 R08: 0000000000000488 R09: 0000000000000000
[  578.925837][T24178] R10: 0000200000000b00 R11: 0000000000000246 R12: 0000000000000002
[  578.925849][T24178] R13: 0000000000000000 R14: 00007fa14c3b5fa0 R15: 00007ffcea1cbf28
[  578.925879][T24178]  </TASK>
[  578.957726][T24179] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5737'.
[  579.005229][T24178] cannot load conntrack support for proto=10
[  579.305712][T24182] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5739'.
[  579.608176][T24194] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  579.734692][T24199] pim6reg: entered allmulticast mode
[  579.771479][T24207] pim6reg: left allmulticast mode
[  579.996903][T24216] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5752'.
[  580.028528][T24219] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5753'.
[  580.037573][T24216] netlink: 'syz.4.5752': attribute type 6 has an invalid length.
[  581.196456][T24260] netlink: 'syz.2.5762': attribute type 10 has an invalid length.
[  581.204362][T24260] bond0: (slave wlan1): refused to change device type
[  581.614292][T24280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5765'.
[  581.953408][T24288] netlink: 136 bytes leftover after parsing attributes in process `syz.0.5767'.
[  581.974001][T24288] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  582.123220][T24294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5769'.
[  582.324529][T24303] FAULT_INJECTION: forcing a failure.
[  582.324529][T24303] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  582.344898][T24303] CPU: 1 UID: 0 PID: 24303 Comm: syz.0.5771 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  582.344928][T24303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  582.344940][T24303] Call Trace:
[  582.344948][T24303]  <TASK>
[  582.344957][T24303]  dump_stack_lvl+0x189/0x250
[  582.344985][T24303]  ? __pfx____ratelimit+0x10/0x10
[  582.345015][T24303]  ? __pfx_dump_stack_lvl+0x10/0x10
[  582.345038][T24303]  ? __pfx__printk+0x10/0x10
[  582.345076][T24303]  should_fail_ex+0x414/0x560
[  582.345102][T24303]  _copy_to_user+0x31/0xb0
[  582.345130][T24303]  simple_read_from_buffer+0xe1/0x170
[  582.345163][T24303]  proc_fail_nth_read+0x1df/0x250
[  582.345192][T24303]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  582.345213][T24303]  ? rw_verify_area+0x258/0x650
[  582.345237][T24303]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  582.345257][T24303]  vfs_read+0x200/0x980
[  582.345298][T24303]  ? __pfx___mutex_lock+0x10/0x10
[  582.345316][T24303]  ? __pfx_vfs_read+0x10/0x10
[  582.345341][T24303]  ? __fget_files+0x2a/0x420
[  582.345362][T24303]  ? __fget_files+0x3a0/0x420
[  582.345376][T24303]  ? __fget_files+0x2a/0x420
[  582.345401][T24303]  ksys_read+0x145/0x250
[  582.345426][T24303]  ? __pfx_ksys_read+0x10/0x10
[  582.345447][T24303]  ? rcu_is_watching+0x15/0xb0
[  582.345474][T24303]  ? do_syscall_64+0xbe/0x3b0
[  582.345495][T24303]  do_syscall_64+0xfa/0x3b0
[  582.345511][T24303]  ? lockdep_hardirqs_on+0x9c/0x150
[  582.345538][T24303]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.345555][T24303]  ? clear_bhb_loop+0x60/0xb0
[  582.345577][T24303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.345595][T24303] RIP: 0033:0x7f7d0118d3bc
[  582.345611][T24303] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  582.345627][T24303] RSP: 002b:00007f7d0207a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  582.345646][T24303] RAX: ffffffffffffffda RBX: 00007f7d013b6080 RCX: 00007f7d0118d3bc
[  582.345659][T24303] RDX: 000000000000000f RSI: 00007f7d0207a0a0 RDI: 0000000000000004
[  582.345670][T24303] RBP: 00007f7d0207a090 R08: 0000000000000000 R09: 0000000000000000
[  582.345681][T24303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  582.345692][T24303] R13: 0000000000000001 R14: 00007f7d013b6080 R15: 00007ffd068401e8
[  582.345721][T24303]  </TASK>
[  583.110304][T24321] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  583.413126][T24326] ip6_vti0: left promiscuous mode
[  583.455677][T24326] vti0: left promiscuous mode
[  583.461284][T24326] bond1: left promiscuous mode
[  583.466564][T24326] bond1: left allmulticast mode
[  583.471804][T24326] veth3: left promiscuous mode
[  583.506971][T24326] veth5: left promiscuous mode
[  583.907879][T24342] vlan2: entered promiscuous mode
[  583.912968][T24342] ip6gretap0: entered promiscuous mode
[  583.923382][T24343] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5783'.
[  584.299938][T24359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5790'.
[  584.340664][T24359] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5790'.
[  584.470850][T24363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5791'.
[  584.545701][T24365] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5792'.
[  584.600166][T24365] FAULT_INJECTION: forcing a failure.
[  584.600166][T24365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.677898][T24365] CPU: 1 UID: 0 PID: 24365 Comm: syz.1.5792 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  584.677930][T24365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  584.677944][T24365] Call Trace:
[  584.677952][T24365]  <TASK>
[  584.677962][T24365]  dump_stack_lvl+0x189/0x250
[  584.677993][T24365]  ? __pfx____ratelimit+0x10/0x10
[  584.678027][T24365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.678052][T24365]  ? __pfx__printk+0x10/0x10
[  584.678096][T24365]  should_fail_ex+0x414/0x560
[  584.678124][T24365]  _copy_to_user+0x31/0xb0
[  584.678155][T24365]  simple_read_from_buffer+0xe1/0x170
[  584.678192][T24365]  proc_fail_nth_read+0x1df/0x250
[  584.678217][T24365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  584.678249][T24365]  ? rw_verify_area+0x258/0x650
[  584.678276][T24365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  584.678299][T24365]  vfs_read+0x200/0x980
[  584.678332][T24365]  ? __pfx___mutex_lock+0x10/0x10
[  584.678354][T24365]  ? __pfx_vfs_read+0x10/0x10
[  584.678383][T24365]  ? __fget_files+0x2a/0x420
[  584.678407][T24365]  ? __fget_files+0x3a0/0x420
[  584.678425][T24365]  ? __fget_files+0x2a/0x420
[  584.678454][T24365]  ksys_read+0x145/0x250
[  584.678485][T24365]  ? __pfx_ksys_read+0x10/0x10
[  584.678509][T24365]  ? rcu_is_watching+0x15/0xb0
[  584.678553][T24365]  ? do_syscall_64+0xbe/0x3b0
[  584.678577][T24365]  do_syscall_64+0xfa/0x3b0
[  584.678595][T24365]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.678626][T24365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.678647][T24365]  ? clear_bhb_loop+0x60/0xb0
[  584.678681][T24365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.678698][T24365] RIP: 0033:0x7fa14c18d3bc
[  584.678714][T24365] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  584.678728][T24365] RSP: 002b:00007fa14cf7f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  584.678748][T24365] RAX: ffffffffffffffda RBX: 00007fa14c3b5fa0 RCX: 00007fa14c18d3bc
[  584.678761][T24365] RDX: 000000000000000f RSI: 00007fa14cf7f0a0 RDI: 0000000000000004
[  584.678773][T24365] RBP: 00007fa14cf7f090 R08: 0000000000000000 R09: 0000000000000000
[  584.678784][T24365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.678794][T24365] R13: 0000000000000000 R14: 00007fa14c3b5fa0 R15: 00007ffcea1cbf28
[  584.678824][T24365]  </TASK>
[  585.417895][T24387] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5799'.
[  585.473258][T24389] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5800'.
[  586.011309][T21738] hid-generic 0005:15C2:1010.0001: item fetching failed at offset 0/1
[  586.035627][T21738] hid-generic 0005:15C2:1010.0001: probe with driver hid-generic failed with error -22
[  586.235004][T24408] netlink: 'syz.4.5808': attribute type 1 has an invalid length.
[  586.247374][T24408] nbd: error processing sock list
[  586.252722][T24408] block nbd0: shutting down sockets
[  586.460936][T24411] delete_channel: no stack
[  586.509444][T24416] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[  586.510068][T24420] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  586.630109][T24428] __nla_validate_parse: 2 callbacks suppressed
[  586.630128][T24428] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5812'.
[  586.775054][T24426] netlink: 120 bytes leftover after parsing attributes in process `syz.1.5813'.
[  586.822858][T24430] veth7: entered promiscuous mode
[  587.335699][T24455] netlink: 'syz.1.5819': attribute type 1 has an invalid length.
[  587.344343][T24455] nbd: error processing sock list
[  587.355206][T24455] block nbd0: shutting down sockets
[  587.608775][T24474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5829'.
[  587.688379][T24478] set match dimension is over the limit!
[  587.940937][T24485] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5834'.
[  588.168305][T24492] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  588.197154][T24496] netlink: 136 bytes leftover after parsing attributes in process `syz.0.5837'.
[  588.224929][T24496] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  588.328844][T24497] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5834'.
[  588.518142][T24506] netlink: 'syz.0.5839': attribute type 10 has an invalid length.
[  588.580238][T24506] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  588.900949][T24510] netlink: 'syz.4.5841': attribute type 1 has an invalid length.
[  588.909131][T24510] nbd: error processing sock list
[  588.924896][T24510] block nbd0: shutting down sockets
[  589.076604][T24526] vlan0: entered promiscuous mode
[  589.231901][T24531] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5846'.
[  589.342545][T24537] netlink: 276 bytes leftover after parsing attributes in process `syz.1.5849'.
[  589.557571][T24547] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5853'.
[  589.659183][T24553] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5854'.
[  590.159005][T24581] 8021q: VLANs not supported on vcan0
[  590.194953][T24569] netlink: 'syz.2.5860': attribute type 1 has an invalid length.
[  590.208263][T24569] nbd: error processing sock list
[  590.213608][T24569] block nbd0: shutting down sockets
[  590.865327][T24620] vlan2: entered promiscuous mode
[  590.885015][T24620] bridge0: entered promiscuous mode
[  591.653711][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  591.680320][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  591.699006][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  591.710973][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  591.723958][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  591.796861][T24647] netlink: 'syz.3.5890': attribute type 13 has an invalid length.
[  591.843136][T24647] netlink: 'syz.3.5890': attribute type 17 has an invalid length.
[  591.926649][T24647] 8021q: adding VLAN 0 to HW filter on device team0
[  591.954387][T24655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  591.966747][T24647] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  592.140938][T24647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  592.208265][T24647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  592.483459][T24643] chnl_net:caif_netlink_parms(): no params data found
[  592.751167][T24643] bridge0: port 1(bridge_slave_0) entered blocking state
[  592.757761][T24680] __nla_validate_parse: 6 callbacks suppressed
[  592.757782][T24680] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5895'.
[  592.770887][T24643] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.790916][T24643] bridge_slave_0: entered allmulticast mode
[  592.800630][T24643] bridge_slave_0: entered promiscuous mode
[  592.823690][T24643] bridge0: port 2(bridge_slave_1) entered blocking state
[  592.831156][T24643] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.840080][T24643] bridge_slave_1: entered allmulticast mode
[  592.849114][T24643] bridge_slave_1: entered promiscuous mode
[  592.939372][T24643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  592.965340][T24643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  593.059973][T24643] team0: Port device team_slave_0 added
[  593.079173][T24643] team0: Port device team_slave_1 added
[  593.231964][T24643] batman_adv: batadv0: Adding interface: batadv_slave_0
[  593.245929][T24643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.274380][T24643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  593.318385][T24643] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.326129][T24643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.355356][T24643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  593.518083][T24643] hsr_slave_0: entered promiscuous mode
[  593.536019][T24643] hsr_slave_1: entered promiscuous mode
[  593.542371][T24643] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  593.568983][T24643] Cannot create hsr debugfs directory
[  593.774784][ T5862] Bluetooth: hci3: command tx timeout
[  593.984608][T24723] vlan2: entered promiscuous mode
[  593.989911][T24723] bridge0: entered promiscuous mode
[  594.542503][   T49] bond0 (unregistering): Released all slaves
[  594.561086][   T49] bond1 (unregistering): Released all slaves
[  594.579008][   T49] bond2 (unregistering): Released all slaves
[  594.988189][T24752] dummy0: Device is already in use.
[  595.432858][T24767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5923'.
[  595.652009][T24774] netlink: 'syz.3.5926': attribute type 10 has an invalid length.
[  595.675849][T24643] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  595.697770][T24643] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  595.737366][T24643] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  595.803923][T24643] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  595.854767][ T5862] Bluetooth: hci3: command tx timeout
[  595.899795][   T49] hsr_slave_0: left promiscuous mode
[  595.971498][T24792] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5930'.
[  595.980795][T24792] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5930'.
[  596.003127][T24798] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5927'.
[  596.013297][T24792] netlink: 'syz.3.5930': attribute type 5 has an invalid length.
[  596.014004][T24797] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5929'.
[  596.049326][T24792] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5930'.
[  596.272094][T24805] tls_set_device_offload: netdev not found
[  596.877100][T24827] netlink: 1204 bytes leftover after parsing attributes in process `syz.2.5934'.
[  596.970829][T24830] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5934'.
[  597.837849][T24852] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[  597.886321][T24801] !
: renamed from dummy0 (while UP)
[  597.945948][ T5862] Bluetooth: hci3: command tx timeout
[  598.307148][T24643] 8021q: adding VLAN 0 to HW filter on device bond0
[  598.354596][T24643] 8021q: adding VLAN 0 to HW filter on device team0
[  598.403875][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.411046][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  598.494333][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.501534][ T3516] bridge0: port 2(bridge_slave_1) entered forwarding state
[  598.690427][   T49] IPVS: stop unused estimator thread 0...
[  599.142955][T24643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  599.748775][T24917] dummy0: Device is already in use.
[  599.777870][T24643] veth0_vlan: entered promiscuous mode
[  599.870686][T24643] veth1_vlan: entered promiscuous mode
[  599.988349][T24927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5955'.
[  600.005024][T24927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5955'.
[  600.014094][T24927] netlink: 'syz.1.5955': attribute type 7 has an invalid length.
[  600.028159][ T5862] Bluetooth: hci3: command tx timeout
[  600.047266][T24924] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5955'.
[  600.133797][T24643] veth0_macvtap: entered promiscuous mode
[  600.194464][T24643] veth1_macvtap: entered promiscuous mode
[  600.301294][T24643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  600.363592][T24643] batman_adv: batadv0: Interface activated: batadv_slave_1
[  600.450323][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  600.530032][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  600.547578][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  600.606141][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  600.621197][T24950] tipc: Cannot configure node identity twice
[  600.632140][T24935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.719413][T24935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.765201][T24953] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5961'.
[  600.979389][T24953] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  601.012500][T24953] bond0 (unregistering): Released all slaves
[  601.238581][ T7188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.264904][ T7188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.324065][T24969] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5966'.
[  601.324329][T24968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5966'.
[  601.328399][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.361028][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.482807][T24976] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5880'.
[  601.831616][T24984] netlink: 276 bytes leftover after parsing attributes in process `syz.1.5971'.
[  601.915735][T24986] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5973'.
[  602.433001][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  602.444319][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  602.454367][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  602.473036][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  602.483021][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  602.506285][T25010] netlink: 'syz.2.5979': attribute type 1 has an invalid length.
[  602.514131][T25010] nbd: error processing sock list
[  602.544028][T25010] block nbd0: shutting down sockets
[  602.559722][T25020] FAULT_INJECTION: forcing a failure.
[  602.559722][T25020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  602.611389][T25020] CPU: 0 UID: 0 PID: 25020 Comm: syz.3.5982 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  602.611418][T25020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  602.611430][T25020] Call Trace:
[  602.611438][T25020]  <TASK>
[  602.611447][T25020]  dump_stack_lvl+0x189/0x250
[  602.611476][T25020]  ? __pfx____ratelimit+0x10/0x10
[  602.611504][T25020]  ? __pfx_dump_stack_lvl+0x10/0x10
[  602.611526][T25020]  ? __pfx__printk+0x10/0x10
[  602.611552][T25020]  ? __asan_memcpy+0x40/0x70
[  602.611580][T25020]  should_fail_ex+0x414/0x560
[  602.611603][T25020]  _copy_to_user+0x31/0xb0
[  602.611631][T25020]  bpf_verifier_vlog+0x520/0x900
[  602.611666][T25020]  __btf_verifier_log+0xd4/0x120
[  602.611698][T25020]  ? __pfx___btf_verifier_log+0x10/0x10
[  602.611721][T25020]  ? __might_fault+0xb0/0x130
[  602.611756][T25020]  ? btf_parse_hdr+0x1e2/0x6d0
[  602.611780][T25020]  btf_parse_hdr+0x3aa/0x6d0
[  602.611805][T25020]  btf_new_fd+0x36d/0xc90
[  602.611824][T25020]  ? apparmor_capable+0x137/0x1b0
[  602.611856][T25020]  ? __pfx_btf_new_fd+0x10/0x10
[  602.611877][T25020]  ? bpf_token_put+0x143/0x160
[  602.611904][T25020]  ? bpf_btf_load+0x126/0x190
[  602.611923][T25020]  __sys_bpf+0x635/0x860
[  602.611952][T25020]  ? __pfx___sys_bpf+0x10/0x10
[  602.611991][T25020]  ? ksys_write+0x22a/0x250
[  602.612036][T25020]  ? __pfx_ksys_write+0x10/0x10
[  602.612069][T25020]  __x64_sys_bpf+0x7c/0x90
[  602.612095][T25020]  do_syscall_64+0xfa/0x3b0
[  602.612113][T25020]  ? lockdep_hardirqs_on+0x9c/0x150
[  602.612141][T25020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.612160][T25020]  ? clear_bhb_loop+0x60/0xb0
[  602.612184][T25020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.612203][T25020] RIP: 0033:0x7f7a8138e9a9
[  602.612220][T25020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  602.612236][T25020] RSP: 002b:00007f7a8213a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  602.612257][T25020] RAX: ffffffffffffffda RBX: 00007f7a815b5fa0 RCX: 00007f7a8138e9a9
[  602.612271][T25020] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000012
[  602.612283][T25020] RBP: 00007f7a8213a090 R08: 0000000000000000 R09: 0000000000000000
[  602.612307][T25020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  602.612318][T25020] R13: 0000000000000001 R14: 00007f7a815b5fa0 R15: 00007ffd08f8b0e8
[  602.612346][T25020]  </TASK>
[  602.909288][T25023] netlink: 'syz.4.5984': attribute type 14 has an invalid length.
[  602.936614][T25023] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5984'.
[  602.954636][T25025] netlink: 'syz.1.5983': attribute type 1 has an invalid length.
[  603.219861][T25032] netlink: 'syz.1.5987': attribute type 6 has an invalid length.
[  603.229760][T25014] chnl_net:caif_netlink_parms(): no params data found
[  604.355911][   T13] bond0 (unregistering): (slave 
0!
): Releasing backup interface
[  604.368759][   T13] bond0 (unregistering): Released all slaves
[  604.425508][T25014] bridge0: port 1(bridge_slave_0) entered blocking state
[  604.444802][T25014] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.461456][T25014] bridge_slave_0: entered allmulticast mode
[  604.471775][T25014] bridge_slave_0: entered promiscuous mode
[  604.485664][T25014] bridge0: port 2(bridge_slave_1) entered blocking state
[  604.493061][T25014] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.500841][T25014] bridge_slave_1: entered allmulticast mode
[  604.509947][T25014] bridge_slave_1: entered promiscuous mode
[  604.575535][ T5853] Bluetooth: hci0: command tx timeout
[  604.603872][T25014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  604.620515][T25073] netlink: 'syz.4.5996': attribute type 1 has an invalid length.
[  604.642535][T25073] nbd: error processing sock list
[  604.659391][T25014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  604.669577][T25073] block nbd0: shutting down sockets
[  604.805599][T25014] team0: Port device team_slave_0 added
[  604.824099][T25014] team0: Port device team_slave_1 added
[  605.006341][T25090] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  605.048714][T25014] batman_adv: batadv0: Adding interface: batadv_slave_0
[  605.062737][T25014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  605.090615][T25014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  605.101837][T25091] __nla_validate_parse: 4 callbacks suppressed
[  605.101857][T25091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6003'.
[  605.143421][T25014] batman_adv: batadv0: Adding interface: batadv_slave_1
[  605.170088][T25099] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6006'.
[  605.187118][T25014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  605.214174][T25014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  605.529354][T25110] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6009'.
[  605.669173][T25112] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.6010'.
[  605.707674][T25014] hsr_slave_0: entered promiscuous mode
[  605.715191][T25014] hsr_slave_1: entered promiscuous mode
[  605.726452][T25014] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  605.734399][T25014] Cannot create hsr debugfs directory
[  605.780571][T25116] netlink: 'syz.1.6011': attribute type 6 has an invalid length.
[  605.790537][T25114] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6011'.
[  606.018722][T25121] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6012'.
[  606.053981][T25123] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6014'.
[  606.221550][   T13] batman_adv: batadv0: Removing interface: macvtap1
[  606.464534][T25135] FAULT_INJECTION: forcing a failure.
[  606.464534][T25135] name failslab, interval 1, probability 0, space 0, times 0
[  606.480131][T25135] CPU: 1 UID: 0 PID: 25135 Comm: syz.3.6016 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  606.480158][T25135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  606.480169][T25135] Call Trace:
[  606.480177][T25135]  <TASK>
[  606.480185][T25135]  dump_stack_lvl+0x189/0x250
[  606.480212][T25135]  ? __pfx____ratelimit+0x10/0x10
[  606.480240][T25135]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.480260][T25135]  ? __pfx__printk+0x10/0x10
[  606.480290][T25135]  ? __pfx___might_resched+0x10/0x10
[  606.480316][T25135]  should_fail_ex+0x414/0x560
[  606.480340][T25135]  should_failslab+0xa8/0x100
[  606.480368][T25135]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  606.480393][T25135]  ? __alloc_skb+0x112/0x2d0
[  606.480422][T25135]  __alloc_skb+0x112/0x2d0
[  606.480443][T25135]  netlink_sendmsg+0x5c6/0xb30
[  606.480469][T25135]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.480491][T25135]  ? aa_sock_msg_perm+0x94/0x160
[  606.480511][T25135]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  606.480529][T25135]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.480548][T25135]  __sock_sendmsg+0x219/0x270
[  606.480577][T25135]  ____sys_sendmsg+0x505/0x830
[  606.480604][T25135]  ? __pfx_____sys_sendmsg+0x10/0x10
[  606.480635][T25135]  ? import_iovec+0x74/0xa0
[  606.480664][T25135]  ___sys_sendmsg+0x21f/0x2a0
[  606.480687][T25135]  ? __pfx____sys_sendmsg+0x10/0x10
[  606.480745][T25135]  ? __fget_files+0x2a/0x420
[  606.480760][T25135]  ? __fget_files+0x3a0/0x420
[  606.480786][T25135]  __x64_sys_sendmsg+0x19b/0x260
[  606.480810][T25135]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  606.480841][T25135]  ? __pfx_ksys_write+0x10/0x10
[  606.480871][T25135]  ? do_syscall_64+0xbe/0x3b0
[  606.480893][T25135]  do_syscall_64+0xfa/0x3b0
[  606.480909][T25135]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.480936][T25135]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.480954][T25135]  ? clear_bhb_loop+0x60/0xb0
[  606.480977][T25135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.480994][T25135] RIP: 0033:0x7f7a8138e9a9
[  606.481011][T25135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.481025][T25135] RSP: 002b:00007f7a82119038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  606.481045][T25135] RAX: ffffffffffffffda RBX: 00007f7a815b6080 RCX: 00007f7a8138e9a9
[  606.481059][T25135] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 0000000000000003
[  606.481071][T25135] RBP: 00007f7a82119090 R08: 0000000000000000 R09: 0000000000000000
[  606.481090][T25135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  606.481101][T25135] R13: 0000000000000001 R14: 00007f7a815b6080 R15: 00007ffd08f8b0e8
[  606.481130][T25135]  </TASK>
[  606.755057][ T5853] Bluetooth: hci0: command tx timeout
[  606.893891][   T13] hsr_slave_0: left promiscuous mode
[  606.904842][   T13] hsr_slave_1: left promiscuous mode
[  607.041898][T25148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6020'.
[  608.099849][T25154] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6022'.
[  608.123358][T25154] netlink: 'syz.2.6022': attribute type 6 has an invalid length.
[  608.226540][T25162] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6024'.
[  608.656371][T25174] 8021q: adding VLAN 0 to HW filter on device bond2
[  608.686520][T25174] bond2: entered allmulticast mode
[  608.692080][T25174] bond0: (slave bond2): Enslaving as an active interface with an up link
[  608.823947][ T5853] Bluetooth: hci0: command tx timeout
[  608.889577][T25014] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  608.931777][T25014] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  608.969257][T25014] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  608.997922][T25197] xt_recent: hitcount (50331648) is larger than allowed maximum (65535)
[  609.020358][T25014] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  609.096302][T25199] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap0
[  609.113569][T25199] ip6gretap0: entered promiscuous mode
[  609.119544][T25199] vlan2: entered promiscuous mode
[  609.220997][   T13] IPVS: stop unused estimator thread 0...
[  609.438675][T25222] netlink: 'syz.3.6046': attribute type 6 has an invalid length.
[  609.452818][T25014] 8021q: adding VLAN 0 to HW filter on device bond0
[  609.586131][T25223] bond0 (unregistering): left promiscuous mode
[  609.616724][T25223] bond0 (unregistering): Released all slaves
[  609.741595][T25014] 8021q: adding VLAN 0 to HW filter on device team0
[  609.784128][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.791353][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  609.833359][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.840636][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  610.139837][T25247] __nla_validate_parse: 10 callbacks suppressed
[  610.139858][T25247] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6056'.
[  610.357458][T25014] 8021q: adding VLAN 0 to HW filter on device batadv0
[  610.414558][T25261] FAULT_INJECTION: forcing a failure.
[  610.414558][T25261] name failslab, interval 1, probability 0, space 0, times 0
[  610.436693][T25261] CPU: 1 UID: 0 PID: 25261 Comm: syz.1.6060 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  610.436721][T25261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  610.436733][T25261] Call Trace:
[  610.436741][T25261]  <TASK>
[  610.436749][T25261]  dump_stack_lvl+0x189/0x250
[  610.436776][T25261]  ? __pfx____ratelimit+0x10/0x10
[  610.436805][T25261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.436826][T25261]  ? __pfx__printk+0x10/0x10
[  610.436855][T25261]  ? __pfx___might_resched+0x10/0x10
[  610.436880][T25261]  should_fail_ex+0x414/0x560
[  610.436904][T25261]  should_failslab+0xa8/0x100
[  610.436931][T25261]  __kmalloc_cache_noprof+0x70/0x3d0
[  610.436957][T25261]  ? call_usermodehelper_setup+0x8e/0x270
[  610.436975][T25261]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  610.437005][T25261]  call_usermodehelper_setup+0x8e/0x270
[  610.437023][T25261]  ? __pfx_free_modprobe_argv+0x10/0x10
[  610.437047][T25261]  __request_module+0x39f/0x5e0
[  610.437073][T25261]  ? __pfx___mutex_lock+0x10/0x10
[  610.437095][T25261]  ? __pfx___request_module+0x10/0x10
[  610.437117][T25261]  ? pcpu_alloc_noprof+0xfdd/0x16b0
[  610.437152][T25261]  ? xt_find_target+0x1fa/0x240
[  610.437176][T25261]  xt_request_find_target+0xc1/0x130
[  610.437197][T25261]  translate_table+0x16bd/0x2040
[  610.437239][T25261]  ? __pfx_translate_table+0x10/0x10
[  610.437261][T25261]  ? __might_fault+0xb0/0x130
[  610.437302][T25261]  ? _copy_from_user+0x94/0xb0
[  610.437331][T25261]  do_ip6t_set_ctl+0x970/0xce0
[  610.437353][T25261]  ? get_pid_task+0x20/0x1f0
[  610.437380][T25261]  ? rcu_is_watching+0x15/0xb0
[  610.437400][T25261]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  610.437458][T25261]  ? __pfx___mutex_lock+0x10/0x10
[  610.437480][T25261]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  610.437513][T25261]  ? __lock_acquire+0xab9/0xd20
[  610.437541][T25261]  nf_setsockopt+0x26c/0x290
[  610.437572][T25261]  rawv6_setsockopt+0x23b/0x5b0
[  610.437602][T25261]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  610.437628][T25261]  ? aa_sock_opt_perm+0x74/0x110
[  610.437651][T25261]  ? sock_common_setsockopt+0x36/0xc0
[  610.437682][T25261]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  610.437716][T25261]  do_sock_setsockopt+0x179/0x1b0
[  610.437745][T25261]  __x64_sys_setsockopt+0x13f/0x1b0
[  610.437775][T25261]  do_syscall_64+0xfa/0x3b0
[  610.437795][T25261]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.437826][T25261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.437848][T25261]  ? clear_bhb_loop+0x60/0xb0
[  610.437873][T25261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.437894][T25261] RIP: 0033:0x7fa14c18e9a9
[  610.437913][T25261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.437932][T25261] RSP: 002b:00007fa14cf7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  610.437954][T25261] RAX: ffffffffffffffda RBX: 00007fa14c3b5fa0 RCX: 00007fa14c18e9a9
[  610.437970][T25261] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  610.437982][T25261] RBP: 00007fa14cf7f090 R08: 0000000000000488 R09: 0000000000000000
[  610.437995][T25261] R10: 0000200000000b00 R11: 0000000000000246 R12: 0000000000000002
[  610.438009][T25261] R13: 0000000000000000 R14: 00007fa14c3b5fa0 R15: 00007ffcea1cbf28
[  610.438042][T25261]  </TASK>
[  610.796295][T25265] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6062'.
[  610.819128][T25014] veth0_vlan: entered promiscuous mode
[  610.860996][T25265] netlink: 256 bytes leftover after parsing attributes in process `syz.4.6062'.
[  610.889289][ T7188] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  610.898454][ T5853] Bluetooth: hci0: command tx timeout
[  610.918873][ T7188] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  610.930647][T25266] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6062'.
[  610.948972][   T13] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  611.000982][   T13] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  611.014197][T25014] veth1_vlan: entered promiscuous mode
[  611.129440][T25014] veth0_macvtap: entered promiscuous mode
[  611.170572][T25014] veth1_macvtap: entered promiscuous mode
[  611.189181][T25280] syzkaller1: entered allmulticast mode
[  611.240246][T25014] batman_adv: batadv0: Interface activated: batadv_slave_0
[  611.284700][T25014] batman_adv: batadv0: Interface activated: batadv_slave_1
[  611.325866][ T7188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  611.340556][ T7188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  611.379087][ T7188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  611.396661][ T7188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  611.552899][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  611.576107][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  611.633757][ T7188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  611.651866][ T7188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  611.728523][T25293] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  611.865557][T25301] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6075'.
[  612.136278][T25312] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6080'.
[  612.308761][T25316] netlink: 136 bytes leftover after parsing attributes in process `syz.2.6082'.
[  612.332346][T25316] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  612.469857][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  612.482646][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  612.492535][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  612.509660][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  612.520635][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  612.527670][T25323] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6083'.
[  612.937204][T25339] netlink: 84 bytes leftover after parsing attributes in process `syz.0.6087'.
[  613.116961][T25348] netlink: 276 bytes leftover after parsing attributes in process `syz.2.6092'.
[  613.903218][ T3516] bond1 (unregistering): Released all slaves
[  613.924356][T25319] chnl_net:caif_netlink_parms(): no params data found
[  614.039368][ T3516] tipc: Left network mode
[  614.081818][ T3516] IPVS: stopping backup sync thread 23675 ...
[  614.245947][T25319] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.263390][T25319] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.282694][T25319] bridge_slave_0: entered allmulticast mode
[  614.293422][T25319] bridge_slave_0: entered promiscuous mode
[  614.399633][T25319] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.418875][T25319] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.436113][T25319] bridge_slave_1: entered allmulticast mode
[  614.447581][T25319] bridge_slave_1: entered promiscuous mode
[  614.575450][ T5853] Bluetooth: hci2: command tx timeout
[  614.593299][T25319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  614.643057][T25319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  614.881804][T25319] team0: Port device team_slave_0 added
[  614.903190][T25319] team0: Port device team_slave_1 added
[  615.052577][T25319] batman_adv: batadv0: Adding interface: batadv_slave_0
[  615.072850][T25319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.099994][T25319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  615.136809][T25319] batman_adv: batadv0: Adding interface: batadv_slave_1
[  615.160069][T25319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.191073][T25319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  615.349353][T25319] hsr_slave_0: entered promiscuous mode
[  615.361238][T25319] hsr_slave_1: entered promiscuous mode
[  615.576923][T25445] __nla_validate_parse: 8 callbacks suppressed
[  615.576939][T25445] netlink: 136 bytes leftover after parsing attributes in process `syz.4.6126'.
[  615.594013][T25445] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  615.807748][T25455] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6130'.
[  615.836080][T25455] netlink: 'syz.3.6130': attribute type 1 has an invalid length.
[  615.941582][T25463] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6130'.
[  615.958964][T25463] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6130'.
[  615.991344][T25467] netlink: 120 bytes leftover after parsing attributes in process `syz.4.6131'.
[  616.053044][T25462] veth3: entered promiscuous mode
[  616.436988][T25484] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6133'.
[  616.671041][ T5853] Bluetooth: hci2: command tx timeout
[  616.922463][T25482] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6136'.
[  617.094490][T25486] netlink: 308 bytes leftover after parsing attributes in process `syz.4.6137'.
[  617.238787][T25496] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6139'.
[  617.303611][T25502] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6144'.
[  617.412287][T25319] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  617.432677][T25507] netlink: 'syz.3.6146': attribute type 1 has an invalid length.
[  617.460500][T25319] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  617.496255][T25319] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  617.513262][T25505] netlink: 'syz.0.6143': attribute type 6 has an invalid length.
[  617.534049][T25319] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  617.565116][ T3516] IPVS: stop unused estimator thread 0...
[  617.689799][T25521] netlink: 'syz.3.6149': attribute type 1 has an invalid length.
[  617.786625][T25521] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  617.900079][T25319] 8021q: adding VLAN 0 to HW filter on device bond0
[  617.927029][T25319] 8021q: adding VLAN 0 to HW filter on device team0
[  617.967913][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  617.975081][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  618.039534][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  618.046758][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  618.621202][T25555] Bluetooth: MGMT ver 1.23
[  618.739332][ T5853] Bluetooth: hci2: command tx timeout
[  618.770408][T25319] 8021q: adding VLAN 0 to HW filter on device batadv0
[  618.878826][T25319] veth0_vlan: entered promiscuous mode
[  618.939876][T25319] veth1_vlan: entered promiscuous mode
[  619.049522][T25319] veth0_macvtap: entered promiscuous mode
[  619.067640][T25319] veth1_macvtap: entered promiscuous mode
[  619.123239][T25319] batman_adv: batadv0: Interface activated: batadv_slave_0
[  619.186656][T25319] batman_adv: batadv0: Interface activated: batadv_slave_1
[  619.234444][ T3016] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  619.268278][ T3016] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  619.285566][ T3016] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  619.313893][ T3016] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  619.553296][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.584972][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.662578][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.681530][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.242400][T25606] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.250171][T25606] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.562264][T25606] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  620.576838][T25606] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  620.814968][ T5853] Bluetooth: hci2: command tx timeout
[  620.891720][   T13] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  620.917851][   T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  620.947321][   T13] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  620.969679][   T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.028058][   T13] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  621.047275][   T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.149567][T25625] __nla_validate_parse: 7 callbacks suppressed
[  621.149586][T25625] netlink: 120 bytes leftover after parsing attributes in process `syz.3.6180'.
[  621.223546][ T5862] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  621.234580][ T5862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  621.244302][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  621.253306][ T5862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  621.261896][ T5862] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  621.299647][T25624] veth7: entered promiscuous mode
[  621.313452][   T13] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  621.338136][   T13] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.397137][T25638] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6183'.
[  621.513765][T25642] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6185'.
[  621.958963][T25664] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6191'.
[  622.006575][T25662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6190'.
[  622.060064][T25662] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  622.125070][T25662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6190'.
[  622.203032][T25631] chnl_net:caif_netlink_parms(): no params data found
[  622.690502][T25688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6197'.
[  622.948177][   T12] tipc: Left network mode
[  623.010916][T25698] bond0: (slave macsec1): Error -34 calling dev_set_mtu
[  623.055690][T25631] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.074208][T25631] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.101783][T25631] bridge_slave_0: entered allmulticast mode
[  623.114424][T25631] bridge_slave_0: entered promiscuous mode
[  623.215557][T25631] bridge0: port 2(bridge_slave_1) entered blocking state
[  623.236836][T25631] bridge0: port 2(bridge_slave_1) entered disabled state
[  623.264593][T25631] bridge_slave_1: entered allmulticast mode
[  623.287799][T25631] bridge_slave_1: entered promiscuous mode
[  623.294936][ T5853] Bluetooth: hci1: command tx timeout
[  623.376135][T25710] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6203'.
[  623.446834][T25716] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6207'.
[  623.475131][T25716] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  623.544614][T25631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  623.624116][T25724] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6209'.
[  624.112767][T25631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  624.516221][T25733] FAULT_INJECTION: forcing a failure.
[  624.516221][T25733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  624.539603][T25733] CPU: 0 UID: 0 PID: 25733 Comm: syz.4.6211 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  624.539630][T25733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  624.539642][T25733] Call Trace:
[  624.539650][T25733]  <TASK>
[  624.539658][T25733]  dump_stack_lvl+0x189/0x250
[  624.539684][T25733]  ? __pfx____ratelimit+0x10/0x10
[  624.539712][T25733]  ? __pfx_dump_stack_lvl+0x10/0x10
[  624.539733][T25733]  ? __pfx__printk+0x10/0x10
[  624.539758][T25733]  ? __might_fault+0xb0/0x130
[  624.539793][T25733]  should_fail_ex+0x414/0x560
[  624.539816][T25733]  _copy_from_user+0x2d/0xb0
[  624.539841][T25733]  do_ipv6_setsockopt+0x23e/0x2eb0
[  624.539872][T25733]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  624.539894][T25733]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  624.539941][T25733]  ? vfs_write+0x8d8/0xa90
[  624.539968][T25733]  ? __pfx___might_resched+0x10/0x10
[  624.539999][T25733]  ? __lock_acquire+0xab9/0xd20
[  624.540022][T25733]  ? aa_sk_perm+0x81e/0x950
[  624.540054][T25733]  ? __pfx_aa_sk_perm+0x10/0x10
[  624.540085][T25733]  ? __fget_files+0x2a/0x420
[  624.540105][T25733]  ipv6_setsockopt+0x59/0x170
[  624.540125][T25733]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  624.540155][T25733]  do_sock_setsockopt+0x179/0x1b0
[  624.540180][T25733]  __x64_sys_setsockopt+0x13f/0x1b0
[  624.540205][T25733]  do_syscall_64+0xfa/0x3b0
[  624.540222][T25733]  ? lockdep_hardirqs_on+0x9c/0x150
[  624.540248][T25733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.540266][T25733]  ? clear_bhb_loop+0x60/0xb0
[  624.540288][T25733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.540305][T25733] RIP: 0033:0x7fa9ff98e9a9
[  624.540321][T25733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.540337][T25733] RSP: 002b:00007faa00730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  624.540356][T25733] RAX: ffffffffffffffda RBX: 00007fa9ffbb5fa0 RCX: 00007fa9ff98e9a9
[  624.540370][T25733] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  624.540380][T25733] RBP: 00007faa00730090 R08: 00000000000005b0 R09: 0000000000000000
[  624.540391][T25733] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.540403][T25733] R13: 0000000000000000 R14: 00007fa9ffbb5fa0 R15: 00007fff079354b8
[  624.540431][T25733]  </TASK>
[  624.936222][T25631] team0: Port device team_slave_0 added
[  624.956408][T25742] netlink: 'syz.3.6215': attribute type 1 has an invalid length.
[  624.977114][T25736] macvtap1: entered promiscuous mode
[  624.982520][T25736] batadv0: entered promiscuous mode
[  624.989465][T25736] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  625.006747][T25736] batadv0: left promiscuous mode
[  625.044885][T25742] netlink: 'syz.3.6215': attribute type 2 has an invalid length.
[  625.102859][T25748] netlink: 'syz.3.6215': attribute type 1 has an invalid length.
[  625.123116][   T12] hsr_slave_0: left promiscuous mode
[  625.127185][T25748] netlink: 'syz.3.6215': attribute type 2 has an invalid length.
[  625.169273][   T12] hsr_slave_1: left promiscuous mode
[  625.385331][ T5853] Bluetooth: hci1: command tx timeout
[  625.884400][T25631] team0: Port device team_slave_1 added
[  625.999039][T25631] batman_adv: batadv0: Adding interface: batadv_slave_0
[  626.018113][T25631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.108659][T25767] netlink: 'syz.1.6222': attribute type 9 has an invalid length.
[  626.111576][T25631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  626.138358][T25631] batman_adv: batadv0: Adding interface: batadv_slave_1
[  626.145663][T25631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.172982][T25631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  626.265934][T25767] hsr0: entered promiscuous mode
[  626.288093][T25767] macvlan2: entered promiscuous mode
[  626.293729][T25767] macvlan2: entered allmulticast mode
[  626.299195][T25767] hsr0: entered allmulticast mode
[  626.304364][T25767] hsr_slave_0: entered allmulticast mode
[  626.312709][T25767] hsr_slave_1: entered allmulticast mode
[  626.437047][T25781] __nla_validate_parse: 4 callbacks suppressed
[  626.437066][T25781] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6225'.
[  626.512073][T25787] netlink: 160 bytes leftover after parsing attributes in process `syz.3.6228'.
[  626.535544][T25787] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  626.559354][T25631] hsr_slave_0: entered promiscuous mode
[  626.588575][T25631] hsr_slave_1: entered promiscuous mode
[  626.595357][T25631] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  626.613612][T25631] Cannot create hsr debugfs directory
[  626.825220][T25804] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[  626.906409][   T12] IPVS: stop unused estimator thread 0...
[  627.181927][T25819] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6239'.
[  627.411380][T25825] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6241'.
[  627.451633][T25825] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6241'.
[  627.461201][ T5853] Bluetooth: hci1: command tx timeout
[  627.728391][T25831] netlink: 14 bytes leftover after parsing attributes in process `syz.0.6244'.
[  627.934249][T25836] netlink: 'syz.0.6245': attribute type 39 has an invalid length.
[  628.485789][T25852] netlink: 'syz.3.6249': attribute type 10 has an invalid length.
[  628.504088][T25853] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6250'.
[  628.654781][T25858] netlink: 27 bytes leftover after parsing attributes in process `syz.3.6251'.
[  628.709743][T25631] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  628.769268][T25631] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  628.808100][T25631] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  628.837418][T25864] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6251'.
[  628.871745][T25631] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  629.014290][T25880] macsec1: entered allmulticast mode
[  629.080764][T25883] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6255'.
[  629.219461][T25631] 8021q: adding VLAN 0 to HW filter on device bond0
[  629.252704][T25631] 8021q: adding VLAN 0 to HW filter on device team0
[  629.268384][T25890] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  629.302003][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.309206][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  629.335738][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.342916][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  629.384442][T25886] pim6reg: entered allmulticast mode
[  629.404792][T25892] pim6reg: left allmulticast mode
[  629.550001][ T5853] Bluetooth: hci1: command tx timeout
[  630.103970][T25631] 8021q: adding VLAN 0 to HW filter on device batadv0
[  630.258948][T25926] syzkaller1: entered promiscuous mode
[  630.264471][T25926] syzkaller1: entered allmulticast mode
[  630.290263][T25926] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324
[  630.375761][T25631] veth0_vlan: entered promiscuous mode
[  630.409761][T25631] veth1_vlan: entered promiscuous mode
[  630.489179][T25631] veth0_macvtap: entered promiscuous mode
[  630.489334][T25934] FAULT_INJECTION: forcing a failure.
[  630.489334][T25934] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  630.509369][T25631] veth1_macvtap: entered promiscuous mode
[  630.537355][T25934] CPU: 1 UID: 0 PID: 25934 Comm: syz.4.6272 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  630.537387][T25934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  630.537399][T25934] Call Trace:
[  630.537407][T25934]  <TASK>
[  630.537416][T25934]  dump_stack_lvl+0x189/0x250
[  630.537463][T25934]  ? __pfx____ratelimit+0x10/0x10
[  630.537497][T25934]  ? __pfx_dump_stack_lvl+0x10/0x10
[  630.537522][T25934]  ? __pfx__printk+0x10/0x10
[  630.537553][T25934]  ? fs_reclaim_acquire+0x7d/0x100
[  630.537584][T25934]  should_fail_ex+0x414/0x560
[  630.537611][T25934]  prepare_alloc_pages+0x213/0x610
[  630.537641][T25934]  __alloc_frozen_pages_noprof+0x123/0x370
[  630.537667][T25934]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  630.537710][T25934]  alloc_pages_bulk_noprof+0x560/0x710
[  630.537739][T25934]  ? alloc_pages_noprof+0xbe/0x190
[  630.537775][T25934]  kasan_populate_vmalloc+0xba/0x1a0
[  630.537807][T25934]  alloc_vmap_area+0xd51/0x1490
[  630.537855][T25934]  ? __pfx_alloc_vmap_area+0x10/0x10
[  630.537883][T25934]  ? __kasan_kmalloc+0x93/0xb0
[  630.537913][T25934]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  630.537943][T25934]  ? __get_vm_area_node+0x13f/0x300
[  630.537972][T25934]  ? reuseport_array_alloc+0x98/0x130
[  630.537996][T25934]  __get_vm_area_node+0x1f8/0x300
[  630.538033][T25934]  __vmalloc_node_range_noprof+0x301/0x12f0
[  630.538066][T25934]  ? reuseport_array_alloc+0x98/0x130
[  630.538107][T25934]  ? aa_get_newest_label+0xf7/0x5d0
[  630.538132][T25934]  ? __pfx_aa_get_newest_label+0x10/0x10
[  630.538165][T25934]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  630.538196][T25934]  ? rcu_is_watching+0x15/0xb0
[  630.538225][T25934]  ? apparmor_capable+0x137/0x1b0
[  630.538256][T25934]  bpf_map_area_alloc+0x12d/0x180
[  630.538278][T25934]  ? reuseport_array_alloc+0x98/0x130
[  630.538304][T25934]  reuseport_array_alloc+0x98/0x130
[  630.538329][T25934]  map_create+0xaa3/0x1310
[  630.538367][T25934]  ? security_bpf+0x7e/0x300
[  630.538388][T25934]  __sys_bpf+0x67e/0x860
[  630.538424][T25934]  ? __pfx___sys_bpf+0x10/0x10
[  630.538470][T25934]  ? ksys_write+0x22a/0x250
[  630.538500][T25934]  ? __pfx_ksys_write+0x10/0x10
[  630.538537][T25934]  __x64_sys_bpf+0x7c/0x90
[  630.538580][T25934]  do_syscall_64+0xfa/0x3b0
[  630.538599][T25934]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.538629][T25934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.538657][T25934]  ? clear_bhb_loop+0x60/0xb0
[  630.538678][T25934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.538694][T25934] RIP: 0033:0x7fa9ff98e9a9
[  630.538710][T25934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  630.538725][T25934] RSP: 002b:00007faa00730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  630.538745][T25934] RAX: ffffffffffffffda RBX: 00007fa9ffbb5fa0 RCX: 00007fa9ff98e9a9
[  630.538757][T25934] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 0000000000000000
[  630.538769][T25934] RBP: 00007faa00730090 R08: 0000000000000000 R09: 0000000000000000
[  630.538781][T25934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  630.538796][T25934] R13: 0000000000000001 R14: 00007fa9ffbb5fa0 R15: 00007fff079354b8
[  630.538825][T25934]  </TASK>
[  630.936853][T25631] batman_adv: batadv0: Interface activated: batadv_slave_0
[  631.000978][T25631] batman_adv: batadv0: Interface activated: batadv_slave_1
[  631.014357][ T1090] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  631.053577][ T1090] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  631.111314][ T1090] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  631.121000][ T1090] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  631.123746][T25955] netlink: 'syz.4.6278': attribute type 39 has an invalid length.
[  631.176286][T25957] FAULT_INJECTION: forcing a failure.
[  631.176286][T25957] name failslab, interval 1, probability 0, space 0, times 0
[  631.211475][T25957] CPU: 0 UID: 0 PID: 25957 Comm: syz.1.6279 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  631.211504][T25957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  631.211516][T25957] Call Trace:
[  631.211523][T25957]  <TASK>
[  631.211532][T25957]  dump_stack_lvl+0x189/0x250
[  631.211559][T25957]  ? __pfx____ratelimit+0x10/0x10
[  631.211587][T25957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  631.211608][T25957]  ? __pfx__printk+0x10/0x10
[  631.211637][T25957]  ? __pfx___might_resched+0x10/0x10
[  631.211656][T25957]  ? fs_reclaim_acquire+0x7d/0x100
[  631.211677][T25957]  should_fail_ex+0x414/0x560
[  631.211700][T25957]  ? xt_alloc_table_info+0x3b/0xa0
[  631.211720][T25957]  should_failslab+0xa8/0x100
[  631.211747][T25957]  __kvmalloc_node_noprof+0x161/0x5f0
[  631.211773][T25957]  ? xt_alloc_table_info+0x3b/0xa0
[  631.211799][T25957]  xt_alloc_table_info+0x3b/0xa0
[  631.211820][T25957]  do_ip6t_set_ctl+0x88a/0xce0
[  631.211849][T25957]  ? rcu_is_watching+0x15/0xb0
[  631.211870][T25957]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  631.211908][T25957]  ? __pfx___mutex_lock+0x10/0x10
[  631.211927][T25957]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  631.211943][T25957]  ? aa_sk_perm+0x81e/0x950
[  631.211977][T25957]  ? __pfx_aa_sk_perm+0x10/0x10
[  631.212009][T25957]  nf_setsockopt+0x26c/0x290
[  631.212031][T25957]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  631.212061][T25957]  do_sock_setsockopt+0x179/0x1b0
[  631.212086][T25957]  __x64_sys_setsockopt+0x13f/0x1b0
[  631.212112][T25957]  do_syscall_64+0xfa/0x3b0
[  631.212128][T25957]  ? lockdep_hardirqs_on+0x9c/0x150
[  631.212155][T25957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.212173][T25957]  ? clear_bhb_loop+0x60/0xb0
[  631.212195][T25957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.212212][T25957] RIP: 0033:0x7fcab818e9a9
[  631.212229][T25957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.212244][T25957] RSP: 002b:00007fcab9050038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  631.212261][T25957] RAX: ffffffffffffffda RBX: 00007fcab83b5fa0 RCX: 00007fcab818e9a9
[  631.212274][T25957] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  631.212285][T25957] RBP: 00007fcab9050090 R08: 00000000000005b0 R09: 0000000000000000
[  631.212296][T25957] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  631.212308][T25957] R13: 0000000000000000 R14: 00007fcab83b5fa0 R15: 00007ffef5474f58
[  631.212336][T25957]  </TASK>
[  631.558223][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.566605][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.602033][ T3016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.617064][ T3016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.999893][T25980] __nla_validate_parse: 7 callbacks suppressed
[  631.999912][T25980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6287'.
[  632.052179][T25980] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.061187][T25980] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.166194][T25985] bridge_slave_0: left allmulticast mode
[  632.265039][T25985] bridge_slave_0: left promiscuous mode
[  632.289028][T25985] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.310896][T25985] bridge_slave_1: left allmulticast mode
[  632.321254][T25985] bridge_slave_1: left promiscuous mode
[  632.349758][T25985] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.398758][T25985] bond0: (slave bond_slave_0): Releasing backup interface
[  632.444019][T25985] bond0: (slave bond_slave_1): Releasing backup interface
[  632.487442][T25985] team0: Port device team_slave_0 removed
[  632.545183][T25985] team0: Port device team_slave_1 removed
[  632.551783][T25985] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  632.567030][T25985] batman_adv: batadv0: Removing interface: batadv_slave_0
[  632.580748][T25985] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  632.596080][T25985] batman_adv: batadv0: Removing interface: batadv_slave_1
[  633.067822][T26019] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6303'.
[  633.325891][T26036] batadv_slave_1: entered promiscuous mode
[  633.343778][T26034] batadv_slave_1: left promiscuous mode
[  633.372568][T26041] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6311'.
[  633.452078][T26045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6311'.
[  633.500801][T26048] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6313'.
[  633.846700][T26055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6316'.
[  633.891233][T26055] macvtap1: entered promiscuous mode
[  633.917255][T26055] team0: entered promiscuous mode
[  633.922478][T26055] macvtap1: entered allmulticast mode
[  633.927988][T26055] team0: entered allmulticast mode
[  633.948478][T26055] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  634.142325][T26062] netlink: 'syz.4.6319': attribute type 17 has an invalid length.
[  634.176129][T26060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6318'.
[  634.341628][T26068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6322'.
[  635.682145][ T5862] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  635.691458][ T5862] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  635.700928][ T5862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  635.710068][ T5862] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  635.718238][ T5862] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  636.128562][ T6648] IPVS: starting estimator thread 0...
[  636.244788][T26123] IPVS: using max 29 ests per chain, 69600 per kthread
[  636.255608][T26126] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6336'.
[  636.439914][T26104] chnl_net:caif_netlink_parms(): no params data found
[  636.628024][T26139] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  636.668532][T26139] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6342'.
[  636.699861][T26104] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.714981][T26104] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.730469][T26104] bridge_slave_0: entered allmulticast mode
[  636.746580][T26104] bridge_slave_0: entered promiscuous mode
[  636.773341][T26104] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.793087][T26104] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.803114][T26104] bridge_slave_1: entered allmulticast mode
[  636.833162][T26104] bridge_slave_1: entered promiscuous mode
[  637.157650][T26104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.240910][T26104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  637.371117][T26159] __nla_validate_parse: 2 callbacks suppressed
[  637.371137][T26159] netlink: 148 bytes leftover after parsing attributes in process `syz.2.6346'.
[  637.395512][T26159] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  637.472540][T26104] team0: Port device team_slave_0 added
[  637.521980][T26104] team0: Port device team_slave_1 added
[  637.566862][T26166] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6350'.
[  637.650619][T26104] batman_adv: batadv0: Adding interface: batadv_slave_0
[  637.657998][T26104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.685693][T26104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  637.725342][T26104] batman_adv: batadv0: Adding interface: batadv_slave_1
[  637.742574][T26104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.772869][T26104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  637.804264][ T5853] Bluetooth: hci4: command tx timeout
[  637.907779][T26179] netlink: 1204 bytes leftover after parsing attributes in process `syz.0.6356'.
[  637.930088][T26104] hsr_slave_0: entered promiscuous mode
[  637.952431][T26104] hsr_slave_1: entered promiscuous mode
[  637.975502][T26104] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  637.983089][T26104] Cannot create hsr debugfs directory
[  638.212757][T26185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6359'.
[  638.448563][T26201] Cannot find del_set index 0 as target
[  638.754451][T26214] netlink: 210100 bytes leftover after parsing attributes in process `syz.1.6364'.
[  638.943524][T26214] veth0: entered promiscuous mode
[  639.068315][T26198] veth0: left promiscuous mode
[  639.209265][T26231] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6374'.
[  639.439966][T26104] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  639.485344][T26104] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  639.562717][T26104] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  639.603897][T26104] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  639.610955][T26252] netlink: 84 bytes leftover after parsing attributes in process `syz.2.6382'.
[  639.854975][ T5862] Bluetooth: hci4: command tx timeout
[  639.898695][T26104] 8021q: adding VLAN 0 to HW filter on device bond0
[  639.975095][T26276] netlink: 'syz.4.6389': attribute type 1 has an invalid length.
[  639.981209][T26104] 8021q: adding VLAN 0 to HW filter on device team0
[  640.029188][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.036384][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.087156][T26276] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6389'.
[  640.094098][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.103184][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.172237][T26276] lo: entered allmulticast mode
[  640.539624][T26104] 8021q: adding VLAN 0 to HW filter on device batadv0
[  640.618546][T26104] veth0_vlan: entered promiscuous mode
[  640.641638][T26104] veth1_vlan: entered promiscuous mode
[  640.676423][T26303] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6399'.
[  640.715297][T26270] lo: left allmulticast mode
[  640.726746][T26104] veth0_macvtap: entered promiscuous mode
[  640.740752][T26104] veth1_macvtap: entered promiscuous mode
[  640.772756][T26104] batman_adv: batadv0: Interface activated: batadv_slave_0
[  640.790294][T26104] batman_adv: batadv0: Interface activated: batadv_slave_1
[  640.791732][T26303] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6399'.
[  640.934814][   T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  640.951354][   T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  641.049256][   T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  641.063165][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  641.162587][T26315] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  641.356602][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.415374][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.537373][ T7188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.568616][ T7188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.924233][T26333] mac80211_hwsim hwsim97 wlan0: entered promiscuous mode
[  641.935360][ T5862] Bluetooth: hci4: command tx timeout
[  641.993145][T26333] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  642.530114][T26365] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  642.561619][T26367] netlink: 'syz.2.6421': attribute type 10 has an invalid length.
[  643.930994][T26395] __nla_validate_parse: 39 callbacks suppressed
[  643.931013][T26395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6429'.
[  643.993399][T26400] sctp: [Deprecated]: syz.4.6428 (pid 26400) Use of int in max_burst socket option.
[  643.993399][T26400] Use struct sctp_assoc_value instead
[  644.014793][ T5862] Bluetooth: hci4: command tx timeout
[  644.266067][T26409] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6433'.
[  644.353969][T26331] warn_alloc: 1 callbacks suppressed
[  644.353990][T26331] syz.3.6326: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  644.400868][T26331] CPU: 0 UID: 0 PID: 26331 Comm: syz.3.6326 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  644.400900][T26331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  644.400914][T26331] Call Trace:
[  644.400922][T26331]  <TASK>
[  644.400932][T26331]  dump_stack_lvl+0x189/0x250
[  644.400966][T26331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  644.400998][T26331]  ? __pfx__printk+0x10/0x10
[  644.401025][T26331]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  644.401051][T26331]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  644.401080][T26331]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  644.401108][T26331]  warn_alloc+0x214/0x310
[  644.401133][T26331]  ? __pfx_warn_alloc+0x10/0x10
[  644.401160][T26331]  ? __get_vm_area_node+0x28f/0x300
[  644.401193][T26331]  ? translate_table+0x198/0x2000
[  644.401226][T26331]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  644.401286][T26331]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  644.401321][T26331]  ? rcu_is_watching+0x15/0xb0
[  644.401345][T26331]  ? translate_table+0x198/0x2000
[  644.401373][T26331]  ? translate_table+0x198/0x2000
[  644.401400][T26331]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  644.401428][T26331]  ? translate_table+0x198/0x2000
[  644.401455][T26331]  ? xt_alloc_table_info+0x3b/0xa0
[  644.401486][T26331]  translate_table+0x198/0x2000
[  644.401529][T26331]  ? __lock_acquire+0xab9/0xd20
[  644.401554][T26331]  ? __pfx_translate_table+0x10/0x10
[  644.401586][T26331]  ? __might_fault+0xb0/0x130
[  644.401633][T26331]  ? _copy_from_user+0x94/0xb0
[  644.401665][T26331]  do_ipt_set_ctl+0x967/0xcd0
[  644.401702][T26331]  ? rcu_is_watching+0x15/0xb0
[  644.401723][T26331]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  644.401773][T26331]  ? __pfx___mutex_lock+0x10/0x10
[  644.401793][T26331]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  644.401811][T26331]  ? aa_sk_perm+0x81e/0x950
[  644.401846][T26331]  ? __pfx_aa_sk_perm+0x10/0x10
[  644.401883][T26331]  nf_setsockopt+0x26c/0x290
[  644.401907][T26331]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  644.401939][T26331]  do_sock_setsockopt+0x179/0x1b0
[  644.401967][T26331]  __x64_sys_setsockopt+0x13f/0x1b0
[  644.401999][T26331]  do_syscall_64+0xfa/0x3b0
[  644.402017][T26331]  ? lockdep_hardirqs_on+0x9c/0x150
[  644.402046][T26331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.402066][T26331]  ? clear_bhb_loop+0x60/0xb0
[  644.402089][T26331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.402108][T26331] RIP: 0033:0x7f3dc638e9a9
[  644.402126][T26331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  644.402143][T26331] RSP: 002b:00007f3dc7174038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  644.402165][T26331] RAX: ffffffffffffffda RBX: 00007f3dc65b5fa0 RCX: 00007f3dc638e9a9
[  644.402180][T26331] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  644.402192][T26331] RBP: 00007f3dc6410d69 R08: 0000000000000448 R09: 0000000000000000
[  644.402205][T26331] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000
[  644.402218][T26331] R13: 0000000000000000 R14: 00007f3dc65b5fa0 R15: 00007fff886fd6d8
[  644.402249][T26331]  </TASK>
[  644.402325][T26331] Mem-Info:
[  644.623329][T26419] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[  644.627867][T26331] active_anon:5574 inactive_anon:0 isolated_anon:0
[  644.627867][T26331]  active_file:2670 inactive_file:40075 isolated_file:0
[  644.627867][T26331]  unevictable:768 dirty:443 writeback:0
[  644.627867][T26331]  slab_reclaimable:12489 slab_unreclaimable:123487
[  644.627867][T26331]  mapped:29951 shmem:1499 pagetables:1076
[  644.627867][T26331]  sec_pagetables:0 bounce:0
[  644.627867][T26331]  kernel_misc_reclaimable:0
[  644.627867][T26331]  free:1267121 free_pcp:30694 free_cma:0
[  644.627928][T26331] Node 0 active_anon:22296kB inactive_anon:0kB active_file:10680kB inactive_file:160100kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119804kB dirty:1768kB writeback:0kB shmem:4460kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12248kB pagetables:4128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  644.627996][T26331] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  644.837667][T26331] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  644.883553][T26331] lowmem_reserve[]: 0 2498 2499 2499 2499
[  644.914924][T26331] Node 0 DMA32 free:1144536kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22248kB inactive_anon:0kB active_file:10680kB inactive_file:158528kB unevictable:1536kB writepending:1824kB present:3129332kB managed:2558344kB mlocked:0kB bounce:0kB free_pcp:111380kB local_pcp:45172kB free_cma:0kB
[  644.963589][T26331] lowmem_reserve[]: 0 0 1 1 1
[  644.979179][T26423] netlink: 'syz.4.6438': attribute type 39 has an invalid length.
[  645.020046][T26331] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1572kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  645.067150][T26331] lowmem_reserve[]: 0 0 0 0 0
[  645.071978][T26331] Node 1 Normal free:3909392kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:11296kB local_pcp:4512kB free_cma:0kB
[  645.107606][T26331] lowmem_reserve[]: 0 0 0 0 0
[  645.112640][T26331] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  645.144581][T26331] Node 0 DMA32: 1003*4kB (UME) 911*8kB (UME) 561*16kB (UME) 285*32kB (UME) 180*64kB (UME) 62*128kB (UME) 82*256kB (UM) 147*512kB (UME) 66*1024kB (UME) 15*2048kB (UM) 220*4096kB (UM) = 1144532kB
[  645.199692][T26331] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  645.227245][T26331] Node 1 Normal: 186*4kB (UM) 63*8kB (UME) 45*16kB (UME) 225*32kB (UME) 73*64kB (UME) 12*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (UM) = 3909392kB
[  645.264786][T26331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  645.294822][T26331] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  645.312416][T26331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  645.331059][T26331] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  645.346520][T26331] 44233 total pagecache pages
[  645.354012][T26331] 0 pages in swap cache
[  645.359640][T26331] Free swap  = 124996kB
[  645.364199][T26331] Total swap = 124996kB
[  645.373685][T26331] 2097051 pages RAM
[  645.379620][T26331] 0 pages HighMem/MovableOnly
[  645.384393][T26331] 425423 pages reserved
[  645.394017][T26331] 0 pages cma reserved
[  645.835271][T26427] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  646.328352][T26471] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6456'.
[  646.423872][T26474] netlink: 120 bytes leftover after parsing attributes in process `syz.0.6457'.
[  646.529334][T26472] veth3: entered promiscuous mode
[  646.699813][T26488] Cannot find del_set index 0 as target
[  646.830984][T26492] netlink: 'syz.1.6463': attribute type 9 has an invalid length.
[  647.130528][T26512] netlink: 'syz.0.6465': attribute type 13 has an invalid length.
[  647.149038][T26512] netlink: 'syz.0.6465': attribute type 17 has an invalid length.
[  647.275835][T26517] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[  647.308941][T26517] FAULT_INJECTION: forcing a failure.
[  647.308941][T26517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  647.327204][T26517] CPU: 1 UID: 0 PID: 26517 Comm: syz.3.6469 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  647.327230][T26517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  647.327242][T26517] Call Trace:
[  647.327250][T26517]  <TASK>
[  647.327258][T26517]  dump_stack_lvl+0x189/0x250
[  647.327285][T26517]  ? __pfx____ratelimit+0x10/0x10
[  647.327314][T26517]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.327336][T26517]  ? __pfx__printk+0x10/0x10
[  647.327372][T26517]  should_fail_ex+0x414/0x560
[  647.327419][T26517]  _copy_to_user+0x31/0xb0
[  647.327447][T26517]  simple_read_from_buffer+0xe1/0x170
[  647.327500][T26517]  proc_fail_nth_read+0x1df/0x250
[  647.327525][T26517]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  647.327550][T26517]  ? rw_verify_area+0x258/0x650
[  647.327576][T26517]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  647.327599][T26517]  vfs_read+0x200/0x980
[  647.327633][T26517]  ? __pfx___mutex_lock+0x10/0x10
[  647.327655][T26517]  ? __pfx_vfs_read+0x10/0x10
[  647.327684][T26517]  ? __fget_files+0x2a/0x420
[  647.327708][T26517]  ? __fget_files+0x3a0/0x420
[  647.327726][T26517]  ? __fget_files+0x2a/0x420
[  647.327761][T26517]  ksys_read+0x145/0x250
[  647.327791][T26517]  ? __pfx_ksys_read+0x10/0x10
[  647.327815][T26517]  ? rcu_is_watching+0x15/0xb0
[  647.327846][T26517]  ? do_syscall_64+0xbe/0x3b0
[  647.327872][T26517]  do_syscall_64+0xfa/0x3b0
[  647.327890][T26517]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.327923][T26517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.327944][T26517]  ? clear_bhb_loop+0x60/0xb0
[  647.327970][T26517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.327991][T26517] RIP: 0033:0x7f3dc638d3bc
[  647.328010][T26517] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  647.328029][T26517] RSP: 002b:00007f3dc7174030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  647.328052][T26517] RAX: ffffffffffffffda RBX: 00007f3dc65b5fa0 RCX: 00007f3dc638d3bc
[  647.328068][T26517] RDX: 000000000000000f RSI: 00007f3dc71740a0 RDI: 0000000000000004
[  647.328081][T26517] RBP: 00007f3dc7174090 R08: 0000000000000000 R09: 0000000000000000
[  647.328094][T26517] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.328107][T26517] R13: 0000000000000000 R14: 00007f3dc65b5fa0 R15: 00007fff886fd6d8
[  647.328142][T26517]  </TASK>
[  647.681112][T26521] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  647.681635][T26522] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  647.869050][T26528] FAULT_INJECTION: forcing a failure.
[  647.869050][T26528] name failslab, interval 1, probability 0, space 0, times 0
[  647.911270][T26531] netlink: 92 bytes leftover after parsing attributes in process `syz.3.6472'.
[  647.943610][T26528] CPU: 1 UID: 0 PID: 26528 Comm: syz.1.6471 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  647.943638][T26528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  647.943649][T26528] Call Trace:
[  647.943657][T26528]  <TASK>
[  647.943666][T26528]  dump_stack_lvl+0x189/0x250
[  647.943700][T26528]  ? __pfx____ratelimit+0x10/0x10
[  647.943729][T26528]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.943751][T26528]  ? __pfx__printk+0x10/0x10
[  647.943780][T26528]  ? __pfx___might_resched+0x10/0x10
[  647.943803][T26528]  ? fs_reclaim_acquire+0x7d/0x100
[  647.943826][T26528]  should_fail_ex+0x414/0x560
[  647.943851][T26528]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[  647.943869][T26528]  should_failslab+0xa8/0x100
[  647.943899][T26528]  __kvmalloc_node_noprof+0x161/0x5f0
[  647.943926][T26528]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[  647.943952][T26528]  __nf_hook_entries_try_shrink+0x316/0x6e0
[  647.943986][T26528]  __nf_unregister_net_hook+0x4f6/0x700
[  647.944028][T26528]  nf_unregister_net_hooks+0xcb/0x140
[  647.944051][T26528]  nf_defrag_ipv6_disable+0x95/0xe0
[  647.944081][T26528]  nf_ct_netns_put+0x375/0x520
[  647.944101][T26528]  ? __pfx_connmark_tg_destroy+0x10/0x10
[  647.944129][T26528]  cleanup_entry+0x262/0x320
[  647.944153][T26528]  ? __pfx_cleanup_entry+0x10/0x10
[  647.944189][T26528]  ? xt_find_target+0x1fa/0x240
[  647.944214][T26528]  translate_table+0x1e5f/0x2040
[  647.944257][T26528]  ? __pfx_translate_table+0x10/0x10
[  647.944279][T26528]  ? __might_fault+0xb0/0x130
[  647.944323][T26528]  ? _copy_from_user+0x94/0xb0
[  647.944353][T26528]  do_ip6t_set_ctl+0x970/0xce0
[  647.944376][T26528]  ? get_pid_task+0x20/0x1f0
[  647.944402][T26528]  ? rcu_is_watching+0x15/0xb0
[  647.944437][T26528]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  647.944477][T26528]  ? __pfx___mutex_lock+0x10/0x10
[  647.944496][T26528]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  647.944524][T26528]  ? __lock_acquire+0xab9/0xd20
[  647.944553][T26528]  nf_setsockopt+0x26c/0x290
[  647.944581][T26528]  rawv6_setsockopt+0x23b/0x5b0
[  647.944606][T26528]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  647.944628][T26528]  ? aa_sock_opt_perm+0x74/0x110
[  647.944647][T26528]  ? sock_common_setsockopt+0x36/0xc0
[  647.944674][T26528]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  647.944710][T26528]  do_sock_setsockopt+0x179/0x1b0
[  647.944736][T26528]  __x64_sys_setsockopt+0x13f/0x1b0
[  647.944763][T26528]  do_syscall_64+0xfa/0x3b0
[  647.944781][T26528]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.944808][T26528]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.944826][T26528]  ? clear_bhb_loop+0x60/0xb0
[  647.944848][T26528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.944865][T26528] RIP: 0033:0x7fcab818e9a9
[  647.944883][T26528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.944900][T26528] RSP: 002b:00007fcab9050038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  647.944920][T26528] RAX: ffffffffffffffda RBX: 00007fcab83b5fa0 RCX: 00007fcab818e9a9
[  647.944933][T26528] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  647.944944][T26528] RBP: 00007fcab9050090 R08: 0000000000000488 R09: 0000000000000000
[  647.944956][T26528] R10: 0000200000000b00 R11: 0000000000000246 R12: 0000000000000002
[  647.944968][T26528] R13: 0000000000000000 R14: 00007fcab83b5fa0 R15: 00007ffef5474f58
[  647.944998][T26528]  </TASK>
[  648.399839][T26512] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.407060][T26512] bridge0: port 2(bridge_slave_1) entered listening state
[  648.414485][T26512] bridge0: port 1(bridge_slave_0) entered blocking state
[  648.421661][T26512] bridge0: port 1(bridge_slave_0) entered listening state
[  648.489350][T26512] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  648.731740][T26546] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.6476'.
[  648.773442][T26551] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6478'.
[  648.909928][T26558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6483'.
[  649.006075][T26567] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6485'.
[  649.273564][T26587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6492'.
[  649.288734][T26589] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6493'.
[  649.310277][T26587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6492'.
[  649.385216][T26587] netlink: 'syz.3.6492': attribute type 5 has an invalid length.
[  649.407019][   T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  649.433750][   T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  649.463889][   T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  649.504887][   T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  649.638741][T26600] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6496'.
[  650.142998][T26611] lo speed is unknown, defaulting to 1000
[  650.150860][T26611] lo speed is unknown, defaulting to 1000
[  650.158407][T26611] lo speed is unknown, defaulting to 1000
[  650.213129][T26617] netlink: 404 bytes leftover after parsing attributes in process `syz.1.6504'.
[  650.239314][T26620] netlink: 300 bytes leftover after parsing attributes in process `syz.2.6501'.
[  650.263819][T26624] FAULT_INJECTION: forcing a failure.
[  650.263819][T26624] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  650.318590][T26624] CPU: 0 UID: 0 PID: 26624 Comm: syz.4.6505 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  650.318623][T26624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  650.318647][T26624] Call Trace:
[  650.318656][T26624]  <TASK>
[  650.318666][T26624]  dump_stack_lvl+0x189/0x250
[  650.318703][T26624]  ? __pfx____ratelimit+0x10/0x10
[  650.318731][T26624]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.318753][T26624]  ? __pfx__printk+0x10/0x10
[  650.318778][T26624]  ? fs_reclaim_acquire+0x7d/0x100
[  650.318803][T26624]  should_fail_ex+0x414/0x560
[  650.318830][T26624]  prepare_alloc_pages+0x213/0x610
[  650.318855][T26624]  __alloc_frozen_pages_noprof+0x123/0x370
[  650.318878][T26624]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  650.318915][T26624]  alloc_pages_bulk_noprof+0x560/0x710
[  650.318940][T26624]  ? alloc_pages_noprof+0xbe/0x190
[  650.318970][T26624]  kasan_populate_vmalloc+0xba/0x1a0
[  650.318997][T26624]  alloc_vmap_area+0xd51/0x1490
[  650.319037][T26624]  ? __pfx_alloc_vmap_area+0x10/0x10
[  650.319060][T26624]  ? __kasan_kmalloc+0x93/0xb0
[  650.319084][T26624]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  650.319110][T26624]  ? __get_vm_area_node+0x13f/0x300
[  650.319135][T26624]  ? reuseport_array_alloc+0x98/0x130
[  650.319155][T26624]  __get_vm_area_node+0x1f8/0x300
[  650.319186][T26624]  __vmalloc_node_range_noprof+0x301/0x12f0
[  650.319213][T26624]  ? reuseport_array_alloc+0x98/0x130
[  650.319247][T26624]  ? aa_get_newest_label+0xf7/0x5d0
[  650.319268][T26624]  ? __pfx_aa_get_newest_label+0x10/0x10
[  650.319289][T26624]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  650.319315][T26624]  ? rcu_is_watching+0x15/0xb0
[  650.319340][T26624]  ? apparmor_capable+0x137/0x1b0
[  650.319367][T26624]  bpf_map_area_alloc+0x12d/0x180
[  650.319386][T26624]  ? reuseport_array_alloc+0x98/0x130
[  650.319408][T26624]  reuseport_array_alloc+0x98/0x130
[  650.319428][T26624]  map_create+0xaa3/0x1310
[  650.319460][T26624]  ? security_bpf+0x7e/0x300
[  650.319479][T26624]  __sys_bpf+0x67e/0x860
[  650.319507][T26624]  ? __pfx___sys_bpf+0x10/0x10
[  650.319547][T26624]  ? ksys_write+0x22a/0x250
[  650.319572][T26624]  ? __pfx_ksys_write+0x10/0x10
[  650.319604][T26624]  __x64_sys_bpf+0x7c/0x90
[  650.319629][T26624]  do_syscall_64+0xfa/0x3b0
[  650.319646][T26624]  ? lockdep_hardirqs_on+0x9c/0x150
[  650.319673][T26624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.319691][T26624]  ? clear_bhb_loop+0x60/0xb0
[  650.319712][T26624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.319730][T26624] RIP: 0033:0x7fa9ff98e9a9
[  650.319746][T26624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.319761][T26624] RSP: 002b:00007faa00730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  650.319781][T26624] RAX: ffffffffffffffda RBX: 00007fa9ffbb5fa0 RCX: 00007fa9ff98e9a9
[  650.319794][T26624] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 0000000000000000
[  650.319806][T26624] RBP: 00007faa00730090 R08: 0000000000000000 R09: 0000000000000000
[  650.319818][T26624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  650.319835][T26624] R13: 0000000000000001 R14: 00007fa9ffbb5fa0 R15: 00007fff079354b8
[  650.319864][T26624]  </TASK>
[  650.771026][T26611] infiniband syz0: set active
[  650.775886][T26611] infiniband syz0: added lo
[  650.783255][ T5968] lo speed is unknown, defaulting to 1000
[  650.848793][T26611] RDS/IB: syz0: added
[  650.852858][T26611] smc: adding ib device syz0 with port count 1
[  650.859084][T26611] smc:    ib device syz0 port 1 has pnetid 
[  650.866041][T26611] lo speed is unknown, defaulting to 1000
[  650.988732][T26610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  651.020968][ T5968] lo speed is unknown, defaulting to 1000
[  651.042596][T26640] bond0: option arp_validate: invalid value (18446744073491447809)
[  651.089300][   T12] bond0: (slave bond_slave_0): interface is now down
[  651.114719][   T12] bond0: (slave bond_slave_1): interface is now down
[  651.123482][   T12] bond0: now running without any active interface!
[  651.348442][T26611] lo speed is unknown, defaulting to 1000
[  651.394074][T26652] FAULT_INJECTION: forcing a failure.
[  651.394074][T26652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.427931][T26652] CPU: 1 UID: 0 PID: 26652 Comm: syz.1.6517 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  651.427960][T26652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  651.427975][T26652] Call Trace:
[  651.427984][T26652]  <TASK>
[  651.427995][T26652]  dump_stack_lvl+0x189/0x250
[  651.428025][T26652]  ? __pfx____ratelimit+0x10/0x10
[  651.428058][T26652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  651.428084][T26652]  ? __pfx__printk+0x10/0x10
[  651.428128][T26652]  should_fail_ex+0x414/0x560
[  651.428155][T26652]  _copy_to_user+0x31/0xb0
[  651.428187][T26652]  simple_read_from_buffer+0xe1/0x170
[  651.428224][T26652]  proc_fail_nth_read+0x1df/0x250
[  651.428248][T26652]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  651.428273][T26652]  ? rw_verify_area+0x258/0x650
[  651.428300][T26652]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  651.428323][T26652]  vfs_read+0x200/0x980
[  651.428356][T26652]  ? __pfx___mutex_lock+0x10/0x10
[  651.428379][T26652]  ? __pfx_vfs_read+0x10/0x10
[  651.428408][T26652]  ? __fget_files+0x2a/0x420
[  651.428432][T26652]  ? __fget_files+0x3a0/0x420
[  651.428449][T26652]  ? __fget_files+0x2a/0x420
[  651.428478][T26652]  ksys_read+0x145/0x250
[  651.428509][T26652]  ? __pfx_ksys_read+0x10/0x10
[  651.428534][T26652]  ? rcu_is_watching+0x15/0xb0
[  651.428565][T26652]  ? do_syscall_64+0xbe/0x3b0
[  651.428590][T26652]  do_syscall_64+0xfa/0x3b0
[  651.428609][T26652]  ? lockdep_hardirqs_on+0x9c/0x150
[  651.428655][T26652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.428685][T26652]  ? clear_bhb_loop+0x60/0xb0
[  651.428707][T26652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.428724][T26652] RIP: 0033:0x7fcab818d3bc
[  651.428739][T26652] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  651.428755][T26652] RSP: 002b:00007fcab9050030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  651.428775][T26652] RAX: ffffffffffffffda RBX: 00007fcab83b5fa0 RCX: 00007fcab818d3bc
[  651.428788][T26652] RDX: 000000000000000f RSI: 00007fcab90500a0 RDI: 0000000000000004
[  651.428799][T26652] RBP: 00007fcab9050090 R08: 0000000000000000 R09: 0000000000000000
[  651.428810][T26652] R10: 0000200000000b00 R11: 0000000000000246 R12: 0000000000000002
[  651.428822][T26652] R13: 0000000000000000 R14: 00007fcab83b5fa0 R15: 00007ffef5474f58
[  651.428852][T26652]  </TASK>
[  651.878490][T26611] lo speed is unknown, defaulting to 1000
[  652.037053][T26670] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  652.072276][T26670] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  652.192498][T26683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6525'.
[  652.323851][T26684] veth5: entered promiscuous mode
[  652.342833][T26611] lo speed is unknown, defaulting to 1000
[  652.892134][T26706] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6534'.
[  652.902421][T26611] lo speed is unknown, defaulting to 1000
[  653.217538][T26715] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[  653.369652][T26611] lo speed is unknown, defaulting to 1000
[  653.561113][T26701] vxcan1 speed is unknown, defaulting to 1000
[  653.569762][T26701] vxcan1 speed is unknown, defaulting to 1000
[  653.576840][T26701] vxcan1 speed is unknown, defaulting to 1000
[  653.660328][T26723] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6539'.
[  653.923121][T26701] infiniband syz2: set down
[  653.932222][T26701] infiniband syz2: added vxcan1
[  653.943815][T26701] syz2: rxe_create_cq: returned err = -12
[  653.966407][T26701] infiniband syz2: Couldn't create ib_mad CQ
[  653.973419][T26701] infiniband syz2: Couldn't open port 1
[  654.046402][T26701] RDS/IB: syz2: added
[  654.055012][T26701] smc: adding ib device syz2 with port count 1
[  654.061200][T26701] smc:    ib device syz2 port 1 has pnetid 
[  654.155450][T26727] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  654.181704][T26727] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.284695][T26750] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6547'.
[  654.331662][ T6647] vxcan1 speed is unknown, defaulting to 1000
[  654.381577][T26750] vlan2: entered promiscuous mode
[  654.388608][T26750] bridge0: entered promiscuous mode
[  654.402200][ T8422] vxcan1 speed is unknown, defaulting to 1000
[  654.577038][T26727] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  654.625921][T26727] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.674249][T26701] vxcan1 speed is unknown, defaulting to 1000
[  654.715386][T26756] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6548'.
[  654.941041][T26727] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  655.128034][T26727] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.395169][T26740] lo speed is unknown, defaulting to 1000
[  655.401045][T26701] vxcan1 speed is unknown, defaulting to 1000
[  655.673826][T26727] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  655.694605][T26727] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.874430][   T13] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  655.890040][   T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  655.911589][T26727] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  655.925459][T26727] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.950864][   T13] ==================================================================
[  655.958941][   T13] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80
[  655.966396][   T13] Read of size 8 at addr ffff88807d1ed4b0 by task kworker/u8:1/13
[  655.974188][   T13] 
[  655.976505][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  655.976524][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  655.976535][   T13] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  655.976561][   T13] Call Trace:
[  655.976568][   T13]  <TASK>
[  655.976574][   T13]  dump_stack_lvl+0x189/0x250
[  655.976592][   T13]  ? __kasan_check_byte+0x12/0x40
[  655.976614][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  655.976630][   T13]  ? lock_release+0x4b/0x3e0
[  655.976647][   T13]  ? __virt_addr_valid+0x4a5/0x5c0
[  655.976667][   T13]  print_report+0xca/0x230
[  655.976680][   T13]  ? __mutex_lock+0x144/0xe80
[  655.976692][   T13]  kasan_report+0x118/0x150
[  655.976711][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  655.976733][   T13]  ? __mutex_lock+0x144/0xe80
[  655.976750][   T13]  __mutex_lock+0x144/0xe80
[  655.976762][   T13]  ? __lock_acquire+0xab9/0xd20
[  655.976776][   T13]  ? __mutex_lock+0x51b/0xe80
[  655.976791][   T13]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  655.976814][   T13]  ? __pfx___mutex_lock+0x10/0x10
[  655.976830][   T13]  ? __lock_acquire+0xab9/0xd20
[  655.976849][   T13]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  655.976874][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  655.976890][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  655.976907][   T13]  process_scheduled_works+0xae1/0x17b0
[  655.976934][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  655.976957][   T13]  worker_thread+0x8a0/0xda0
[  655.976984][   T13]  kthread+0x70e/0x8a0
[  655.977004][   T13]  ? __pfx_worker_thread+0x10/0x10
[  655.977028][   T13]  ? __pfx_kthread+0x10/0x10
[  655.977048][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  655.977067][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.977089][   T13]  ? __pfx_kthread+0x10/0x10
[  655.977108][   T13]  ret_from_fork+0x3fc/0x770
[  655.977125][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  655.977141][   T13]  ? __switch_to_asm+0x39/0x70
[  655.977160][   T13]  ? __switch_to_asm+0x33/0x70
[  655.977177][   T13]  ? __pfx_kthread+0x10/0x10
[  655.977197][   T13]  ret_from_fork_asm+0x1a/0x30
[  655.977223][   T13]  </TASK>
[  655.977228][   T13] 
[  656.187149][   T13] Allocated by task 26727:
[  656.191580][   T13]  kasan_save_track+0x3e/0x80
[  656.196276][   T13]  __kasan_kmalloc+0x93/0xb0
[  656.200862][   T13]  __kmalloc_noprof+0x27a/0x4f0
[  656.205707][   T13]  udp_tunnel_nic_netdevice_event+0x854/0x19f0
[  656.211865][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.216983][   T13]  register_netdevice+0x1608/0x1ae0
[  656.222178][   T13]  nsim_create+0xae8/0xf10
[  656.226600][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[  656.231709][   T13]  nsim_dev_port_add_all+0x37/0xf0
[  656.236811][   T13]  nsim_dev_reload_up+0x451/0x780
[  656.241827][   T13]  devlink_reload+0x4ec/0x8d0
[  656.246502][   T13]  devlink_nl_reload_doit+0x9c2/0xd50
[  656.251898][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[  656.257458][   T13]  genl_rcv_msg+0x60e/0x790
[  656.261962][   T13]  netlink_rcv_skb+0x208/0x470
[  656.266725][   T13]  genl_rcv+0x28/0x40
[  656.270701][   T13]  netlink_unicast+0x82c/0x9e0
[  656.275458][   T13]  netlink_sendmsg+0x805/0xb30
[  656.280213][   T13]  __sock_sendmsg+0x219/0x270
[  656.284888][   T13]  ____sys_sendmsg+0x505/0x830
[  656.289656][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  656.294332][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  656.299266][   T13]  do_syscall_64+0xfa/0x3b0
[  656.303759][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.309642][   T13] 
[  656.311956][   T13] Freed by task 26727:
[  656.316016][   T13]  kasan_save_track+0x3e/0x80
[  656.320691][   T13]  kasan_save_free_info+0x46/0x50
[  656.325711][   T13]  __kasan_slab_free+0x62/0x70
[  656.330477][   T13]  kfree+0x18e/0x440
[  656.334370][   T13]  udp_tunnel_nic_netdevice_event+0x1332/0x19f0
[  656.340607][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.345712][   T13]  unregister_netdevice_many_notify+0x14d7/0x1ff0
[  656.352128][   T13]  unregister_netdevice_queue+0x33c/0x380
[  656.357848][   T13]  nsim_destroy+0x217/0x6a0
[  656.362357][   T13]  __nsim_dev_port_del+0x14d/0x1b0
[  656.367480][   T13]  nsim_dev_port_add_all+0xae/0xf0
[  656.372591][   T13]  nsim_dev_reload_up+0x451/0x780
[  656.377613][   T13]  devlink_reload+0x4ec/0x8d0
[  656.382296][   T13]  devlink_nl_reload_doit+0x9c2/0xd50
[  656.387672][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[  656.393221][   T13]  genl_rcv_msg+0x60e/0x790
[  656.397725][   T13]  netlink_rcv_skb+0x208/0x470
[  656.402500][   T13]  genl_rcv+0x28/0x40
[  656.406478][   T13]  netlink_unicast+0x82c/0x9e0
[  656.411239][   T13]  netlink_sendmsg+0x805/0xb30
[  656.415994][   T13]  __sock_sendmsg+0x219/0x270
[  656.420672][   T13]  ____sys_sendmsg+0x505/0x830
[  656.425438][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  656.430110][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  656.435050][   T13]  do_syscall_64+0xfa/0x3b0
[  656.439548][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.445430][   T13] 
[  656.447752][   T13] Last potentially related work creation:
[  656.453458][   T13]  kasan_save_stack+0x3e/0x60
[  656.458133][   T13]  kasan_record_aux_stack+0xbd/0xd0
[  656.463329][   T13]  insert_work+0x3d/0x330
[  656.467655][   T13]  __queue_work+0xbd9/0xfe0
[  656.472162][   T13]  queue_work_on+0x181/0x270
[  656.476749][   T13]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  656.482384][   T13]  udp_tunnel_push_rx_port+0x180/0x200
[  656.487842][   T13]  geneve_offload_rx_ports+0xd7/0x160
[  656.493215][   T13]  geneve_netdevice_event+0x6a/0x80
[  656.498407][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.503519][   T13]  call_netdevice_notifiers+0x88/0xc0
[  656.508898][   T13]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  656.515277][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.520389][   T13]  register_netdevice+0x1608/0x1ae0
[  656.525588][   T13]  nsim_create+0xae8/0xf10
[  656.530013][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[  656.535114][   T13]  nsim_dev_port_add_all+0x37/0xf0
[  656.540226][   T13]  nsim_dev_reload_up+0x451/0x780
[  656.545246][   T13]  devlink_reload+0x4ec/0x8d0
[  656.549916][   T13]  devlink_nl_reload_doit+0x9c2/0xd50
[  656.555281][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[  656.560824][   T13]  genl_rcv_msg+0x60e/0x790
[  656.565320][   T13]  netlink_rcv_skb+0x208/0x470
[  656.570083][   T13]  genl_rcv+0x28/0x40
[  656.574059][   T13]  netlink_unicast+0x82c/0x9e0
[  656.578822][   T13]  netlink_sendmsg+0x805/0xb30
[  656.583577][   T13]  __sock_sendmsg+0x219/0x270
[  656.588263][   T13]  ____sys_sendmsg+0x505/0x830
[  656.593027][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  656.597703][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  656.602639][   T13]  do_syscall_64+0xfa/0x3b0
[  656.607134][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.613020][   T13] 
[  656.615343][   T13] Second to last potentially related work creation:
[  656.621915][   T13]  kasan_save_stack+0x3e/0x60
[  656.626588][   T13]  kasan_record_aux_stack+0xbd/0xd0
[  656.631778][   T13]  insert_work+0x3d/0x330
[  656.636128][   T13]  __queue_work+0xcfc/0xfe0
[  656.640629][   T13]  queue_work_on+0x181/0x270
[  656.645213][   T13]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  656.650844][   T13]  udp_tunnel_push_rx_port+0x180/0x200
[  656.656298][   T13]  vxlan_offload_rx_ports+0x139/0x200
[  656.661663][   T13]  vxlan_netdevice_event+0x111/0x470
[  656.666940][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.672050][   T13]  call_netdevice_notifiers+0x88/0xc0
[  656.677422][   T13]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  656.683687][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.688798][   T13]  register_netdevice+0x1608/0x1ae0
[  656.693994][   T13]  nsim_create+0xae8/0xf10
[  656.698411][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[  656.703520][   T13]  nsim_dev_port_add_all+0x37/0xf0
[  656.708631][   T13]  nsim_dev_reload_up+0x451/0x780
[  656.713657][   T13]  devlink_reload+0x4ec/0x8d0
[  656.718334][   T13]  devlink_nl_reload_doit+0x9c2/0xd50
[  656.723709][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[  656.729258][   T13]  genl_rcv_msg+0x60e/0x790
[  656.733754][   T13]  netlink_rcv_skb+0x208/0x470
[  656.738524][   T13]  genl_rcv+0x28/0x40
[  656.742510][   T13]  netlink_unicast+0x82c/0x9e0
[  656.747270][   T13]  netlink_sendmsg+0x805/0xb30
[  656.752023][   T13]  __sock_sendmsg+0x219/0x270
[  656.756698][   T13]  ____sys_sendmsg+0x505/0x830
[  656.761451][   T13]  ___sys_sendmsg+0x21f/0x2a0
[  656.766117][   T13]  __x64_sys_sendmsg+0x19b/0x260
[  656.771047][   T13]  do_syscall_64+0xfa/0x3b0
[  656.775542][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.781423][   T13] 
[  656.783738][   T13] The buggy address belongs to the object at ffff88807d1ed400
[  656.783738][   T13]  which belongs to the cache kmalloc-256 of size 256
[  656.797781][   T13] The buggy address is located 176 bytes inside of
[  656.797781][   T13]  freed 256-byte region [ffff88807d1ed400, ffff88807d1ed500)
[  656.811572][   T13] 
[  656.813884][   T13] The buggy address belongs to the physical page:
[  656.820294][   T13] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d1ec
[  656.829042][   T13] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  656.837536][   T13] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  656.845509][   T13] page_type: f5(slab)
[  656.849488][   T13] raw: 00fff00000000040 ffff88801a441b40 ffffea0001ecda00 0000000000000005
[  656.858069][   T13] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  656.866649][   T13] head: 00fff00000000040 ffff88801a441b40 ffffea0001ecda00 0000000000000005
[  656.875312][   T13] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  656.883978][   T13] head: 00fff00000000001 ffffea0001f47b01 00000000ffffffff 00000000ffffffff
[  656.892657][   T13] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  656.901313][   T13] page dumped because: kasan: bad access detected
[  656.907727][   T13] page_owner tracks the page as allocated
[  656.913436][   T13] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 26104, tgid 26104 (syz-executor), ts 640236410898, free_ts 628175218315
[  656.935131][   T13]  post_alloc_hook+0x240/0x2a0
[  656.939897][   T13]  get_page_from_freelist+0x21e4/0x22c0
[  656.945434][   T13]  __alloc_frozen_pages_noprof+0x181/0x370
[  656.951230][   T13]  alloc_pages_mpol+0x232/0x4a0
[  656.956081][   T13]  allocate_slab+0x8a/0x3b0
[  656.960576][   T13]  ___slab_alloc+0xbfc/0x1480
[  656.965250][   T13]  __kmalloc_noprof+0x305/0x4f0
[  656.970097][   T13]  fib_create_info+0x1728/0x3210
[  656.975034][   T13]  fib_table_insert+0xc6/0x1b50
[  656.979875][   T13]  fib_magic+0x2c4/0x390
[  656.984108][   T13]  fib_add_ifaddr+0x3fb/0x5f0
[  656.988776][   T13]  fib_netdev_event+0x382/0x490
[  656.993623][   T13]  notifier_call_chain+0x1b3/0x3e0
[  656.998728][   T13]  __dev_notify_flags+0x18d/0x2e0
[  657.003747][   T13]  netif_change_flags+0xe8/0x1a0
[  657.008683][   T13]  do_setlink+0xc55/0x41c0
[  657.013092][   T13] page last free pid 25014 tgid 25014 stack trace:
[  657.019580][   T13]  __free_frozen_pages+0xc71/0xe70
[  657.024694][   T13]  __slab_free+0x326/0x400
[  657.029102][   T13]  qlist_free_all+0x97/0x140
[  657.033685][   T13]  kasan_quarantine_reduce+0x148/0x160
[  657.039137][   T13]  __kasan_slab_alloc+0x22/0x80
[  657.043981][   T13]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  657.049433][   T13]  getname_flags+0xb8/0x540
[  657.053926][   T13]  user_path_at+0x24/0x60
[  657.058255][   T13]  __x64_sys_umount+0xee/0x160
[  657.063025][   T13]  do_syscall_64+0xfa/0x3b0
[  657.067525][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.073415][   T13] 
[  657.075727][   T13] Memory state around the buggy address:
[  657.081344][   T13]  ffff88807d1ed380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  657.089398][   T13]  ffff88807d1ed400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  657.097449][   T13] >ffff88807d1ed480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  657.105518][   T13]                                      ^
[  657.111137][   T13]  ffff88807d1ed500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  657.119184][   T13]  ffff88807d1ed580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  657.127230][   T13] ==================================================================
[  657.146159][T26763] netlink: 'syz.1.6550': attribute type 6 has an invalid length.
[  657.154817][T26763] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6550'.
[  657.185114][   T13] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  657.192328][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-syzkaller-01600-g1b02c861714b #0 PREEMPT(full) 
[  657.204287][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  657.214336][   T13] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  657.221625][   T13] Call Trace:
[  657.224900][   T13]  <TASK>
[  657.227833][   T13]  dump_stack_lvl+0x99/0x250
[  657.232439][   T13]  ? __asan_memcpy+0x40/0x70
[  657.237043][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.242250][   T13]  ? __pfx__printk+0x10/0x10
[  657.246855][   T13]  panic+0x2db/0x790
[  657.250766][   T13]  ? __pfx_panic+0x10/0x10
[  657.255202][   T13]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  657.261116][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  657.267485][   T13]  ? print_memory_metadata+0x314/0x400
[  657.272973][   T13]  ? __mutex_lock+0x144/0xe80
[  657.277662][   T13]  check_panic_on_warn+0x89/0xb0
[  657.282638][   T13]  ? __mutex_lock+0x144/0xe80
[  657.287326][   T13]  end_report+0x78/0x160
[  657.291584][   T13]  kasan_report+0x129/0x150
[  657.296100][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  657.302009][   T13]  ? __mutex_lock+0x144/0xe80
[  657.306699][   T13]  __mutex_lock+0x144/0xe80
[  657.311218][   T13]  ? __lock_acquire+0xab9/0xd20
[  657.316073][   T13]  ? __mutex_lock+0x51b/0xe80
[  657.320763][   T13]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  657.327025][   T13]  ? __pfx___mutex_lock+0x10/0x10
[  657.332065][   T13]  ? __lock_acquire+0xab9/0xd20
[  657.336952][   T13]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  657.343048][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  657.348780][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  657.354513][   T13]  process_scheduled_works+0xae1/0x17b0
[  657.360091][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  657.366100][   T13]  worker_thread+0x8a0/0xda0
[  657.370724][   T13]  kthread+0x70e/0x8a0
[  657.374817][   T13]  ? __pfx_worker_thread+0x10/0x10
[  657.379946][   T13]  ? __pfx_kthread+0x10/0x10
[  657.384555][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  657.389774][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  657.395018][   T13]  ? __pfx_kthread+0x10/0x10
[  657.399630][   T13]  ret_from_fork+0x3fc/0x770
[  657.404236][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  657.409361][   T13]  ? __switch_to_asm+0x39/0x70
[  657.414145][   T13]  ? __switch_to_asm+0x33/0x70
[  657.418924][   T13]  ? __pfx_kthread+0x10/0x10
[  657.423528][   T13]  ret_from_fork_asm+0x1a/0x30
[  657.428324][   T13]  </TASK>
[  657.431672][   T13] Kernel Offset: disabled
[  657.435991][   T13] Rebooting in 86400 seconds..