last executing test programs:

14.133328931s ago: executing program 3 (id=3018):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newqdisc={0x54, 0x24, 0xe0b, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x1ff, 0x6, 0xfffffffd, 0x0, 0xfffffffd, 0x32d}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x54}}, 0x0)
sendto$packet(r0, &(0x7f0000000580)="44c394f305916c4516999d", 0xb, 0x0, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)

14.063815654s ago: executing program 3 (id=3019):
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
close(r1)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_FLOW={0x8, 0xb, 0xe}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x6}}]}, 0x40}}, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x9}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4080014)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
socket(0x400000000010, 0x3, 0x0) (async)
socket$unix(0x1, 0x1, 0x0) (async)
close(r1) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_FLOW={0x8, 0xb, 0xe}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x6}}]}, 0x40}}, 0x0) (async)
socket$unix(0x1, 0x1, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x9}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4080014) (async)

13.784387432s ago: executing program 3 (id=3021):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="e7b3bd1ca4b5442ec6673e1d8579d1dd1b0eba73c08e35265d83625eb3094d14dec5a887bee130096ca8d91d398c260bd8b7b249999edc75fdd9cfc687942cd3e340e3df69f3698961d45621d636a9ccab682384061103018f31604ef0443d29eecf2e2587f54dead0754c25ad9adec47e12b78eeee1754130faf009b73c69778e6b619f090c21c5784713adb1cbe9a77f187ac36a916855427fcdf7f8d0b8131cfa4fb3e50fdce3805f772f0696d6dba96c6e78fef4273f09f21769a3b7d249318b46c2f83c2581f7af69ed7459", @ANYRESHEX=r0, @ANYRESHEX=r0], 0x68}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r2, 0x29, 0x38, 0x0, &(0x7f0000000100))
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, r4, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xe49, 0x65}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4c050}, 0x4004810)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f00000005c0)={0x30, 0x1405, 0x200, 0x70bd26, 0x25dfdbfc, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}, {{0x8}, {0x8, 0x3, 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c000}, 0x8010)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))

13.644514994s ago: executing program 3 (id=3023):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000004400000000b0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d10300002c0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000091401002cbd7000000091274a8a22208e834fed"], 0x18}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="000035006dffff7365633008000000000000f5000a000100000000000000000000000000000000000000000000ba5a87be91265501de9a5c6104f48062ff4c70892abe62e47e23a18a17a399372bf2eb4cd3c3d73043afd9436a6152f9ea6570d0dae5dfe7e9e5d1029a75b20dc0ae3ccf93610b6042134a9db85cac2c879060fef8213e5d43f4609e5b59d20e0564ecca5e5708a392763d424e8828a4ca46fa8fafc57194023a48b4b871398ce2b362bff58cfd5a79d10415f455c6a86e69bcc0eccad714466898bd3ca8a47af83c19b802d88a543a1541661e4ca2f6767014f737a4d1029b2eb3b869f7a9b4"], 0x40}, 0x1, 0x0, 0x0, 0x44800}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r4, 0x894b, &(0x7f00000001c0))

12.557545737s ago: executing program 3 (id=3032):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x10002}, 0x1c)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="49a1a8da23ac", @random="d5d460bdee3c", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0xe0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0)

12.372424723s ago: executing program 3 (id=3034):
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
r0 = socket$netlink(0x10, 0x3, 0x15)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000007208", 0x39}], 0x1)
close(0x3)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000240)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f00030001332564aaee7b1d58b9a64411f6bbf44d", 0x39}], 0x1)

8.897633866s ago: executing program 4 (id=3079):
r0 = socket(0x11, 0x3, 0x80000001)
unshare(0x20000400)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r3, &(0x7f0000000540)=[{&(0x7f0000000100)="89e7ee2c21fe62a3b47380c988ca4b5e", 0x10}], 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r7=>0x0})
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r8, 0x0)
recvmmsg(r8, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
recvmmsg(r8, &(0x7f0000006080)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)=""/15, 0xf}, {&(0x7f0000000040)=""/149, 0x95}, {&(0x7f0000000100)=""/185, 0xb9}, {&(0x7f00000001c0)=""/170, 0xaa}], 0x4, &(0x7f00000002c0)=""/73, 0x49}, 0x18000}, {{0x0, 0x0, &(0x7f00000035c0)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/160, 0xa0}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/4096, 0x1000}, {&(0x7f0000003400)=""/167, 0xa7}, {&(0x7f00000034c0)=""/9, 0x9}, {&(0x7f0000003500)=""/138, 0xfffffffffffffe9b}], 0x7}, 0x7b8}, {{&(0x7f0000003640)=@alg, 0x80, &(0x7f00000039c0)=[{&(0x7f00000036c0)=""/213, 0xd5}, {&(0x7f00000037c0)=""/10, 0xa}, {&(0x7f0000003800)=""/199, 0xc7}, {&(0x7f0000003900)=""/183, 0xb7}], 0x4}, 0x4}, {{&(0x7f0000003a00)=@hci, 0x80, &(0x7f0000003c80)=[{&(0x7f0000003a80)=""/150, 0x96}, {&(0x7f0000003b40)=""/99, 0x63}, {&(0x7f0000003bc0)=""/142, 0x8e}], 0x3, &(0x7f0000003cc0)=""/251, 0xfb}, 0x5710925a}, {{&(0x7f0000003dc0)=@nl=@proc, 0x80, &(0x7f0000004f00)=[{&(0x7f0000003e40)=""/154, 0x9a}, {&(0x7f0000003f00)=""/4096, 0x1000}], 0x2, &(0x7f0000004f40)=""/98, 0x62}, 0x3}, {{&(0x7f0000004fc0)=@ax25={{}, [@netrom, @null, @null, @null, @rose, @null, @netrom]}, 0x80, &(0x7f0000006040)=[{&(0x7f0000005040)=""/4096, 0x1000}], 0x1}, 0x400}], 0x6, 0x10142, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000006c0)={0x1c, r2, 0x1, 0xf0bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x20004804)
bind$can_j1939(r0, &(0x7f0000000000), 0x18)
unshare(0x40000200)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="58000000000000000c00078008001140000000000500010006000000050005000200000005000400000000000900020073797a3000000000130003000d0c73683a6e65740b12a6a9cf8ad7bc00"/88], 0x58}}, 0x0)

2.098548246s ago: executing program 1 (id=3122):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x9c}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) (async)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000d00)={r3}, 0x4) (async)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x9, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @func={0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x51}, 0x20)
write$cgroup_int(r4, &(0x7f0000001480)=0x2, 0x12) (async, rerun: 64)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x6c, 0x2, 0x6, 0x1, 0x6000006, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xa00}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0) (async)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r3}, @ldst={0x1, 0x2, 0x3}]}, &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x90)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r3, &(0x7f0000000380)="4c44ae5f583efb23ebc993ce2cdc87798d247e1e316f9dcbff5a6b2db1e0afafda3f1b5798b67a704b02436d3802e42efeeb45eacf519ba962e9c50fab505d3aa82e07c404dd9fcaf1cdbb579c5f33885f603566a513e53f45a5ddb92430859c35943cd9914c9a5cf77e1d7c116d59f1cadab9e68dc85350f4aae15839108a45d90c3b70029edb"}, 0x20) (async)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async)
write(r1, &(0x7f0000000340)="07000000010000", 0x7) (async)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000001c0)=0x51) (async)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x6}], 0x1, 0x0, 0x0) (async)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) (async, rerun: 32)
r8 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32)
setsockopt$inet_udp_int(r8, 0x11, 0xa, &(0x7f0000000240)=0x5, 0x4) (async, rerun: 64)
sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x40, r7, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x2d}}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) (async, rerun: 64)
unshare(0x66020600)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r9, &(0x7f0000000140)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) (async)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r10) (async)
sendmsg$NLBL_CIPSOV4_C_ADD(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)=ANY=[@ANYBLOB="84010000", @ANYRES8=r6, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000050009"], 0x184}}, 0x0) (async, rerun: 64)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) (rerun: 64)

1.86046912s ago: executing program 4 (id=3124):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r2 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0xa, 0x3032, 0xffffffffffffffff, 0xe08b8000)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, &(0x7f0000000000)=0x8, 0x4)
getsockopt$SO_TIMESTAMP(r3, 0x1, 0x41, 0x0, &(0x7f0000000080))
r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000000))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x28, r6, 0x1, 0x0, 0x2, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x24008091}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@local, 0x800, 0x0, 0x2, 0x1, 0x3}, 0x20)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = socket$kcm(0x2, 0xa, 0x2)
r11 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
ioctl$sock_kcm_SIOCKCMUNATTACH(r10, 0x89e1, &(0x7f0000000140)={r4})
listen(r11, 0x0)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_emit_ethernet(0x3e, &(0x7f0000001600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa00080045000030000000000001907864010100ac1414aa0b009078030000000300000089000000000000ac1414aa"], 0x0)
write$tun(r9, &(0x7f0000000380)=ANY=[@ANYBLOB="000008000100000000003d000000460000400000000700000002008490783fffffffac1414aa0000000020638d7f1467ab24089728dd08bb01ba", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b4000000907800040a0300050200000000000000000002d58838068b91000000"], 0x4e)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20)

1.851151226s ago: executing program 0 (id=3125):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0xff1b}, 0x1, 0x0, 0x0, 0xc800}, 0x231f2c7f64b7a571)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newqdisc={0x54, 0x24, 0xe0b, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x1ff, 0x6, 0xfffffffd, 0x0, 0xfffffffd, 0x32d}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x54}}, 0x0)
sendto$packet(r0, &(0x7f0000000580)="44c394f305916c4516999da286dd", 0x36, 0x0, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)

1.739354327s ago: executing program 1 (id=3127):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x41, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x23, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x11, 0x4, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x11, 0x8, @empty=0xac1414aa, @rand_addr, {[@cipso={0x86, 0x29, 0x0, [{0x7, 0xa, "eb8f641216a03acd"}, {0x2, 0xf, "b0f6091577449f16b135ce5d10"}, {0x2, 0x8, "3d5e92c0f1a6"}, {0x7, 0x2}]}, @timestamp_prespec={0x44, 0x4}]}}}}}}}, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x5, &(0x7f0000000300)=0x100000001, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0x8, 0x6, 0x2, 0x400, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x1, 0x11}, 0xffffffffffffffd1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r2, 0x0, 0x0}, 0x20)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000010101010000000000000000020000000400018018000a8014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000200012800e000100697036677265746170"], 0x40}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f0000000400000004000000a2"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140), 0x4)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/uts\x00')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
sendmsg$NL80211_CMD_AUTHENTICATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="11000000000000000000250000000a003400ca1a08de5bca8602020202020200002400508011000100ed39e5b970ea610f233a7fb6c60000000500020005000000040006000a00060008021100000000000a0006005050505050500000de283412d2257a3178b86e7953db73f47a368084048fedda51a5a4baa5f0ffb84ac111871acc7922c5c601755b51993e"], 0x5c}, 0x1, 0x0, 0x0, 0x8050}, 0x4)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYRES64=r4, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="e00000010000000000000000000000000000000032000000ac1414aa000000000000000000000000000000000000000000002000000000000100000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000000000000000000ff030000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000300af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017004a9245"], 0x1c0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c006613", @ANYRES64=r3, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r12, @ANYBLOB="10005e80040001000800020000000000"], 0x2c}}, 0x0)

1.688647758s ago: executing program 0 (id=3128):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c0000001a0001000000000000000000022000000000b8"], 0x2c}}, 0x0)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {}, [{0x34, 0x1, [@m_simple={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)

1.484013506s ago: executing program 0 (id=3131):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={<r1=>0xffffffffffffffff, 0x6, 0x8000, 0xa63})
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
ppoll(&(0x7f0000000040)=[{r0, 0x1081}, {r1, 0x40}], 0x2, &(0x7f00000000c0)={r2, r3+10000000}, &(0x7f0000000100)={[0x4a]}, 0x8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x54dd5e54}, @NFTA_HOOK_HOOKNUM={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=@newtaction={0x60, 0x30, 0xffff, 0x20000, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xfffffffb, 0x0, 0x1b2c}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x14}, 0x4)

1.030689979s ago: executing program 2 (id=3134):
r0 = socket$inet6(0xa, 0x3, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x44}}}, 0x1c)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
syz_emit_ethernet(0xba, &(0x7f00000000c0)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xac, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x24, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @remote, {[@lsrr={0x83, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@remote}, {@loopback}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@dev}, {@local}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private}, {@multicast2}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c657230000000000000080005000800000071d7"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)

982.606499ms ago: executing program 2 (id=3135):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
setsockopt$inet6_udp_int(r1, 0x11, 0x65, &(0x7f0000000080)=0x2, 0x4)
sendmmsg$inet6(r1, &(0x7f0000001340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0xa}}, 0x1c, 0x0}}], 0x1, 0xc040)
sendmmsg$inet6(r1, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r2)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)={0x34, r3, 0x615, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0xc040)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000013000000850000000c000000b707000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

903.258057ms ago: executing program 2 (id=3136):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0))
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'team0\x00', <r3=>0x0})
getpid()
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, r3, 0xc003}, [@IFLA_MASTER={0x8, 0xa, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1a00"/12, @ANYRES32, @ANYBLOB="571a8b65bad0b659464a4891cc8791952ef6f51ad446477d6376be25bf12f50927b74d8ce3575e56e40e3b", @ANYRES64=0x0], 0x20)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000010c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000004c00088048000080200009801c000080060001000200007f0f000200ac1414aa05000300020000002400010000000000000000000000000000000000000000000000000000000000000000000800050001000000140002007767310000"], 0x7c}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x2, 0x4e20, @private=0xa010102}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000200)}, {&(0x7f0000000240)="78017aec28ac1e65234fe043bf049165d851174ada9c5b73892cd8c96f0655ffb8294fd3c574c8163967cb3e27fa63f1ab50032553f2643689a5", 0x3a}, {&(0x7f0000000280)="a064491ddb371ceb18bb06fa175ef5fc456a0c7740", 0x15}], 0x3}, 0x4c400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061122c000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)

789.072422ms ago: executing program 1 (id=3137):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000000)=""/37, &(0x7f0000000040)=0x25)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
pwrite64(r3, 0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newqdisc={0x54, 0x24, 0xe0b, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x1ff, 0x6, 0xfffffffd, 0x0, 0xfffffffd, 0x32d}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x54}}, 0x0)
sendto$packet(r0, &(0x7f0000000580)="44c394f305916c4516999da286dd", 0x36, 0x0, &(0x7f0000000440)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)

786.479283ms ago: executing program 4 (id=3138):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000580)={0x41, 0x0, 0x1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
sendto$inet(r4, 0x0, 0x0, 0x24000000, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r3, 0x1, 0x0, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x1, 0x9, 0x0, 0x1}}}}, 0x30}}, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x0, 0x4}, 0x3}}, 0x10)

624.1885ms ago: executing program 2 (id=3139):
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lc\x00', 0x1, 0x4, 0x8}, 0x2c)
setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000080)={{0x32, @remote, 0x4e21, 0x2, 'lc\x00', 0x2, 0x9}, {@empty, 0x4e20, 0x0, 0x5, 0x6, 0x8000}}, 0x44)
r1 = socket$kcm(0xa, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

606.1698ms ago: executing program 4 (id=3140):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket(0x10, 0x2, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000013c0)={'erspan0\x00', &(0x7f0000001380)=@ethtool_cmd={0xa, 0x8, 0x57f959ea, 0x8, 0x6, 0x3, 0xc0, 0x4, 0xca, 0x2, 0x0, 0x4, 0x3, 0x3, 0x7, 0x8, [0x8, 0x34]}})
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10)
write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
sendmsg$nl_xfrm(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="7c02000021000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000019021100e0000001000000000000000000000000ac1414aa000000000000000000000000ac1414aa000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001000000000000000000000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bbff020000000000000000000000000001000000000000000000000000ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000fc020000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000ffffe000000200000000000000000000000000000000ac14140000000000000000000000eeff000000000000000000000000ff020000000000000000000000000001ffffffff000000000000000000000000fc020000000000000000000000000000fe8000000000004000000000000000bb0000000000000000000000000a00100000000000000000004000170009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005001900000000000c0015000000000000000000"], 0x27c}}, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$inet6(r4, &(0x7f0000000040)={&(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000002200)=[@rthdr_2292={{0x28, 0x29, 0x39, {0x0, 0x2, 0x2, 0x1, 0x0, [@mcast1]}}}, @rthdrdstopts={{0x18}}], 0x40}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000580)=ANY=[@ANYBLOB="900000001900010000000000000000001d0109002900838025b57efaa223b473fe7783bc4a506cf756740574b89d316af9b5963870ef3391f3ac176f880000004d000f"], 0x90}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000400)={'veth0\x00', <r8=>0x0})
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r6, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0xf}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x81}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x7}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x890}, 0x4c005)
unshare(0x20400)
r9 = socket$netlink(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000001380)={'wg1\x00', &(0x7f0000001340)=@ethtool_cmd={0x9, 0x1ff, 0xffff38ce, 0x5, 0x9, 0x7f, 0x2, 0x3, 0x3, 0x1, 0x9, 0xfffffffe, 0x6, 0xb4, 0x3, 0x6, [0x9, 0x1]}})
r10 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000000c0)='ns/ipc\x00')
ioctl$NS_GET_NSTYPE(r10, 0xb703, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@deltclass={0x40, 0x29, 0x800, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x6, 0xfff2}, {0xc, 0xfff8}, {0x7fe2, 0x3}}, [@tclass_kind_options=@c_skbprio={0xc}, @tclass_kind_options=@c_mq={0x7}, @tclass_kind_options=@c_sfq={0x8}]}, 0x40}}, 0x200400c0)
r11 = socket$unix(0x1, 0x5, 0x0)
ppoll(&(0x7f0000000080)=[{r11, 0x16}], 0x1, 0x0, 0x0, 0x0)
r12 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r12, 0x101, 0x19, &(0x7f0000000200), 0x4)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000002000010000000000fedbdf250a000000000000001700000014051100677265746170300000000000000000005228db74b039043614ff4cfafd6e8620225e"], 0x30}}, 0x0)

593.208651ms ago: executing program 1 (id=3141):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xfffa, 0xfff3}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_BOS={0x5, 0x44, 0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24004000) (async)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
syz_emit_ethernet(0xba, &(0x7f00000000c0)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xac, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x24, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @remote, {[@lsrr={0x83, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@remote}, {@loopback}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@dev}, {@local}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private}, {@multicast2}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)

523.779916ms ago: executing program 0 (id=3142):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008800)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x10002}, 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000001c0)={0x0, 0x5, 0x1, "ff"}, 0x9)
r4 = socket$kcm(0x25, 0x1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r3, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x6, 0x2, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0], 0x0, 0x27, &(0x7f0000000480)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000004c0), &(0x7f0000000840), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000008c0)}}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_newaddr={0x34, 0x14, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r8}, [@IFA_ADDRESS={0x14, 0x1, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x402}]}, 0x34}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'tunl0\x00', &(0x7f0000000a40)={'syztnl1\x00', <r9=>0x0, 0x80, 0x8000, 0x3, 0x3, {{0x12, 0x4, 0x1, 0x2, 0x48, 0x64, 0x0, 0x3f, 0x2f, 0x0, @multicast2, @multicast1, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0xb, 0xf8, [@local, @rand_addr=0x64010102]}, @timestamp={0x44, 0x1c, 0x81, 0x0, 0x3, [0xf7, 0xfffffc01, 0x200, 0x65d, 0x2, 0x8]}, @generic={0x82, 0x6, "001bd402"}]}}}}})
sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f0000000e80)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000e40)={&(0x7f0000000b00)={0x340, 0x0, 0x2819db4fe6238c30, 0x70bd25, 0x25dfdbfc, {}, [{{0x8}, {0x218, 0x2, 0x0, 0x1, [{0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x78, 0x9, 0x2, 0xfffffff9}, {0xfffc, 0x9, 0x4, 0x3ff}, {0xc0, 0x4, 0x6, 0x8}, {0x0, 0x5, 0x8, 0x3}, {0x2, 0x5, 0xbf, 0x10}, {0x6, 0x80, 0x78, 0x7}, {0x6, 0xf7, 0xe3, 0x6}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x83}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r5}, {0x104, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}]}}]}, 0x340}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
sendmsg$kcm(r4, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x408c050)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000080)={0x0, 0x5, 0x1, "c0"}, 0x9)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@ifindex, 0xffffffffffffffff, 0xe}, 0x20)
r10 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000180)={'wg1\x00', <r11=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r4, r11, 0x25, 0x3d, @val=@netfilter={0x2, 0x1, 0x3, 0x1}}, 0x20)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r10, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PEER_V6={0x14, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004800}, 0x71df66ad9f89f952)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="49a1a8da23ac", @random="d5d460bdee3c", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)={0x288, r12, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_IE={0xd2, 0x2a, [@challenge={0x10, 0x1, 0x68}, @mesh_config={0x71, 0x7, {0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfc, 0x69}}, @preq={0x82, 0x46, {{0x1, 0x1}, 0x8, 0x6, 0xd772, @device_a, 0x33f5b97e, @void, 0x10001, 0x0, 0x4, [{{0x1}, @device_a, 0x8187}, {{0x0, 0x0, 0x1}, @device_a, 0x3}, {{0x1}, @broadcast, 0x8}, {{0x1, 0x0, 0x1}, @device_b, 0x8001}]}}, @preq={0x82, 0x78, {{0x0, 0x0, 0x1, 0x0, 0x1}, 0x4, 0xfa, 0xa, @device_b, 0x59, @value, 0xa, 0xa4, 0x8, [{{0x0, 0x0, 0x1}, @device_b, 0xfffffff7}, {{0x1, 0x0, 0x1}, @device_a, 0x3851afa2}, {{0x1}, @device_b, 0x7}, {{0x0, 0x0, 0x1}, @broadcast, 0x5}, {{0x0, 0x0, 0x1}, @device_b, 0x91}, {{}, @device_a, 0x57}, {{0x1, 0x0, 0x1}, @device_a, 0x8}, {{0x1}, @broadcast, 0x4}]}}]}, @NL80211_ATTR_IE={0xe5, 0x2a, [@supported_rates, @random={0x8, 0x69, "45ebe2107be4e7c00b031c1af2ffe3ecb6e817fc72aa775f0812404aaeeaf07bbd7805434d2a758096eada0cd51608b28107e9b3e3496f2c095d7d0d1e508e5ec06986aefd1de027a32c77aa672300f95be047e3aa9c5bca5e322840019ff4a52c05678aff59638e26"}, @cf={0x4, 0x6, {0xe, 0x9, 0x3, 0x800}}, @preq={0x82, 0x51, {{0x0, 0x1}, 0x1f, 0x9, 0x8, @device_b, 0x7, @void, 0x3, 0x4, 0x5, [{{0x1}, @device_b, 0x7}, {{}, @device_b, 0xff}, {{}, @broadcast, 0x3f}, {{0x0, 0x0, 0x1}, @device_a, 0x610b7e4d}, {{0x1, 0x0, 0x1}, @device_b, 0xc}]}}, @dsss={0x3, 0x1, 0x88}, @peer_mgmt={0x75, 0x14, {0x1, 0xa, @void, @void, @val="4d65817ad66142c53735699eba8de3bd"}}]}, @NL80211_ATTR_IE={0xa2, 0x2a, [@gcr_ga={0xbd, 0x6}, @mesh_chsw={0x76, 0x6, {0x0, 0xcf, 0x2, 0x9}}, @supported_rates={0x1, 0x6, [{0x2}, {0x60}, {0x4}, {0x30, 0x1}, {0x5, 0x1}, {0x48, 0x1}]}, @erp={0x2a, 0x1, {0x1, 0x0, 0x1}}, @fast_bss_trans={0x37, 0x81, {0x1, 0x2, "a4d84d9073b6e01e270556dfab125199", "97b08c09ed31db922875a8ee37e47b73caae525eb364a51a57505a2f208f61d8", "88210fde4bab5dbe60c5ad3b2a80d9cf09b9ac6b0a6350eb4576c2ec54e29321", [{0x3, 0xc, "3311591a52a64559a5be7523"}, {0x3, 0x1f, "69d292b53ced0c88deb51ce6fc00465acb29ea573db5bcf19de0eefd53685f"}]}}]}, @NL80211_ATTR_IE={0x7, 0x2a, [@dsss={0x3, 0x1, 0x34}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x5}]]}, 0x288}, 0x1, 0x0, 0x0, 0x404c801}, 0x4000)

462.814518ms ago: executing program 2 (id=3143):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$caif_stream(0x25, 0x1, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r3, 0x84, 0x80, &(0x7f0000002700)=""/4089, &(0x7f0000001000)=0xff9)
setsockopt$sock_int(r2, 0x1, 0xc, &(0x7f0000000300)=0x3ff, 0x4)
connect$caif(r2, &(0x7f0000000100)=@rfm={0x25, 0x0, "d034e68fae880aca9de7751355b0eb74"}, 0x18)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x4, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x4005, 0x20, 0x7, 0x8}, 0x7e}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xfc, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20008010}, 0x0)

461.703595ms ago: executing program 1 (id=3144):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$net_dm(&(0x7f00000000c0), r0)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r2, 0x1, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400c880}, 0x40045) (async)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r2, 0x1, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400c880}, 0x40045)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0008280300000006000800a0aa000006000800a3aad7460ff1c8695c5800e906000800a3aa00000c0009000201aaaaaaaaaaaa0000000000000090f42bb946f0530e61f6ea1f5b46769e23c6d825b5003b3c2ed2318eb8cf08ee95160d74559dfddd6b33a0ba93e89317f152ab5829d83af6348691233d2670593d202efb59062d80eb3a040f7ae53b26b30d07b5b155fad4e5b6826d95932c105b26048ac0b7dd26deba7378dc2ea9f2d66971f15dbf70350b1291ed60a3adc313daa69adf79054a5fca1f26aec1511b06f16da359b9028a8cdac23dc254bf8956de302b340ad3753e6878c524537245332bc1441f3f8ee0c1fe762e3afe037e237bddff00"], 0x40}}, 0x4000)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000040)={0x30, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x30}}, 0x400002c)

379.15917ms ago: executing program 0 (id=3145):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000400)=@ethtool_cmd={0x1e, 0x80000001, 0x2, 0x4e, 0x3, 0x0, 0x9, 0x8, 0x6, 0x4, 0x9, 0x0, 0x5, 0xb, 0x6, 0xc988, [0xd4, 0x6]}})
sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="01000000080800"/16, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="4100f60001000000000000000001"], 0x80}}, 0x0)

232.015208ms ago: executing program 1 (id=3146):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r8, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x3c}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x16, 0x0, 0x0, @u64=0xfac0a}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb42d9621dc08c02b31608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}, {&(0x7f0000000000)={0x20, 0x1e, 0x100, 0x70bd2d, 0x25dfdbfd, "", [@nested={0x8, 0x2a, 0x0, 0x1, [@nested={0x4, 0x90}]}, @typed={0x6, 0x3, 0x0, 0x0, @str='+\x00'}]}, 0x20}], 0x2}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r9, 0xc400941d, &(0x7f00000007c0)={<r10=>0x0, 0x1, 0x2a7b})
ioctl$BTRFS_IOC_RESIZE(r9, 0x50009403, &(0x7f0000000140)={{r7}, {@val={r10}, @actul_num={@val=0x2b, 0xe48a, 0x74}}})

231.097088ms ago: executing program 2 (id=3147):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r5, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r8], 0x54}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x47c0a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x4}]}}}]}, 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r10, 0x20, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000040)
sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0xa)
r14 = socket$inet6(0xa, 0x5, 0x0)
r15 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r15, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r15, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r16=>0x0]}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r14, 0x84, 0x73, &(0x7f0000000040)={r16, 0xe869, 0x30, 0x7fff, 0x1}, &(0x7f00000000c0)=0x18)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="500000001000110f00"/20, @ANYRES32=0x0, @ANYBLOB="040100000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00 \x00\x00\x00\b\x00\n\x00', @ANYRES32=r13], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000680)={0x11, 0x0, <r17=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r17], 0x3c}}, 0x0)

187.613397ms ago: executing program 4 (id=3148):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24b8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866207d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a8acc1f76340f060cc9a3acad3451c17dc9b5ca5d10a0cb1708592d1900a046f33761d50895febd9fd58cb132989766cf7c252daac259576ec218e3857e6fa97fe445d1fab51d87302a4bb28a4cfe462ee4849cc6832650188ca187d85509d8beccf9d9cf752368985804195b9fd2faf1aff8248f3981bd55cbbf514cd8365fee72cc7af053e5388ceadadb96a9acd5261df6a90cab13f58f6d563c9ab4ad37297aecffd8446cb2b14ec36a99af8393e3760d5970ba1debdcbccd54012c559ee2797ff962328aa6a252c0756e396ce4d52937546675203bdf1d6b120acac576523f8b1daa922188bf61536312f90dba92fb380c3c6fb5f9883a2c4dd99a1bac9b7cb25ff2ef9bd58ff97ddfdd2d4bcc371ee82245b57cd91a7fa3479cd339f54a5c422b753cd42d441ea881d46e419312db1f0cccced13468a188df7ab4840b9961e2a8b5202c9d9b00ee912572eea15d13abdf3b21ad680c88a513021c1d3a7b30d64960c03a01364b2324966bd89d917b15dcb4f8cbacfe05ddcc213d14189edcd9f8b828ebaaab4f56470d3abef47b6d88dc438c9b0a253c26c386464754e76c0d7bfbc1dfa7248982ec26bd725eb623bb12f96e63eb5d1a0030e58a6653247c986c7ca9f15fd84d5eb1cd5ee35c4f464dc1a789b06c6c7074fc927680eac8546b2aee2f8867d6bf36b88a99ff67c7b2dd68ae3380622653efcad276a0f4b446091b80653014e67629dfde0091c7f090a22b5c427d03ddbc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xea, 0x0, 0x0, 0x10, 0x3}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff31000000330020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d74733e0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) (async)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100006000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a", 0x65, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r1)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f0070687930"], 0x28}}, 0x0)
r3 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r3, &(0x7f0000000440)={0x28, 0x0, 0x2711, @my=0x1}, 0x10) (async, rerun: 64)
r4 = socket$qrtr(0x2a, 0x2, 0x0) (async, rerun: 64)
ioctl$sock_netdev_private(r3, 0x89f2, &(0x7f00000002c0)="7ea9dc065f0d751371093875941c15be76aeabe41bf68cf89bc258cccbb08d51932820c424141df73d8a7568d3ebb32678d9073485cedfa13ae0f2dc2e8e2e4b45d64edc946e771001b1859c32f4758d43edf7062efeeda5df5f32107475c474dfc56d579c4b707740477b3b0cd6c726120ca881ffc8843636ca66946ece4cb6f26a52134b4917dabc3ad90e5ced3f949f9156c718b8f17b369bf50b812b60c7d1abb682887ce04ae72d58a82c35557c5a6a4e0a1c0edd94fc8520001939e672bc6f627dd3e19d6a3699ff2808dbe7782cb92e")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000071104200000000009500000700000000cd1dea8f1da3b2092f99be78892cca045bfe0744ac93c06728556316"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) (async, rerun: 32)
r5 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000200001000000000000000000020014000000000000000000080045b969a1b62c4d00d8e72574d7110a4d9603bd69630200e0000002080017004e224e2408000b0000000000"], 0x34}}, 0x0) (async)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207f00000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

58.235754ms ago: executing program 4 (id=3149):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f00000000c0), 0x4)
unshare(0x20000)

0s ago: executing program 0 (id=3150):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000a40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffef4}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r3, r4, 0x4}, 0x10)
r5 = socket(0x2, 0x2, 0x0)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xb0, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r7, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xb0}}, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r3, &(0x7f0000000240), &(0x7f00000000c0)=@tcp=r5, 0x2}, 0x20)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_batadv\x00', &(0x7f0000000080)=@ethtool_sfeatures})
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000002, 0x1852, r1, 0xffffe000)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000580)=0x80, 0x4)

kernel console output (not intermixed with test programs):

9][T10109]  ? __udp4_lib_rcv+0x137f/0x2600
[  254.751641][T10109]  __udp4_lib_rcv+0x138f/0x2600
[  254.751679][T10109]  ? __pfx___udp4_lib_rcv+0x10/0x10
[  254.751705][T10109]  ? __pfx_udp_rcv+0x10/0x10
[  254.751725][T10109]  ip_protocol_deliver_rcu+0x282/0x440
[  254.751746][T10109]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  254.751768][T10109]  ip_local_deliver_finish+0x3bb/0x6f0
[  254.751797][T10109]  NF_HOOK+0x309/0x3a0
[  254.751818][T10109]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  254.751838][T10109]  ? NF_HOOK+0x9a/0x3a0
[  254.751856][T10109]  ? __pfx_NF_HOOK+0x10/0x10
[  254.751879][T10109]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  254.751904][T10109]  ? ip_local_deliver+0x12a/0x1b0
[  254.751926][T10109]  ip_sublist_rcv_finish+0x221/0x2a0
[  254.751950][T10109]  ip_sublist_rcv+0x6e7/0x9b0
[  254.751983][T10109]  ? __pfx_ip_sublist_rcv+0x10/0x10
[  254.752005][T10109]  ? skb_orphan+0xaf/0xd0
[  254.752027][T10109]  ? __pfx_ip_rcv_finish+0x10/0x10
[  254.752059][T10109]  ip_list_rcv+0x3e2/0x430
[  254.752090][T10109]  ? __pfx_ip_list_rcv+0x10/0x10
[  254.752111][T10109]  ? kasan_save_track+0x3e/0x80
[  254.752133][T10109]  ? __kasan_slab_alloc+0x6c/0x80
[  254.752154][T10109]  ? bpf_test_run_xdp_live+0x15f1/0x1b10
[  254.752171][T10109]  ? __pfx_ip_list_rcv+0x10/0x10
[  254.752187][T10109]  __netif_receive_skb_list_core+0x7d2/0x800
[  254.752223][T10109]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[  254.752261][T10109]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  254.752289][T10109]  netif_receive_skb_list_internal+0x975/0xcc0
[  254.752323][T10109]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  254.752356][T10109]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[  254.752387][T10109]  ? __phys_addr+0xd3/0x180
[  254.752418][T10109]  ? build_skb_around+0x133/0x280
[  254.752442][T10109]  ? __xdp_build_skb_from_frame+0x34b/0x740
[  254.752475][T10109]  netif_receive_skb_list+0x54/0x450
[  254.752506][T10109]  bpf_test_run_xdp_live+0x1786/0x1b10
[  254.752538][T10109]  ? bpf_test_run_xdp_live+0x38e/0x1b10
[  254.752570][T10109]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  254.752590][T10109]  ? 0xffffffffa0205a80
[  254.752608][T10109]  ? 0xffffffffa0205a80
[  254.752675][T10109]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  254.752706][T10109]  ? _copy_from_user+0x94/0xb0
[  254.752732][T10109]  ? bpf_test_init+0x133/0x170
[  254.752749][T10109]  ? xdp_convert_md_to_buff+0x5b/0x330
[  254.752771][T10109]  bpf_prog_test_run_xdp+0x713/0x1000
[  254.752811][T10109]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  254.752837][T10109]  ? __fget_files+0x2a/0x420
[  254.752861][T10109]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  254.752882][T10109]  bpf_prog_test_run+0x2c7/0x340
[  254.752914][T10109]  __sys_bpf+0x581/0x870
[  254.752942][T10109]  ? __pfx___sys_bpf+0x10/0x10
[  254.752982][T10109]  ? ksys_write+0x22a/0x250
[  254.753010][T10109]  ? __pfx_ksys_write+0x10/0x10
[  254.753032][T10109]  ? rcu_is_watching+0x15/0xb0
[  254.753060][T10109]  __x64_sys_bpf+0x7c/0x90
[  254.753084][T10109]  do_syscall_64+0xfa/0x3b0
[  254.753105][T10109]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.753124][T10109]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.753143][T10109]  ? clear_bhb_loop+0x60/0xb0
[  254.753165][T10109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.753184][T10109] RIP: 0033:0x7f20b598eba9
[  254.753201][T10109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.753218][T10109] RSP: 002b:00007f20b6791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  254.753237][T10109] RAX: ffffffffffffffda RBX: 00007f20b5bd5fa0 RCX: 00007f20b598eba9
[  254.753251][T10109] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  254.753263][T10109] RBP: 00007f20b6791090 R08: 0000000000000000 R09: 0000000000000000
[  254.753275][T10109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  254.753286][T10109] R13: 00007f20b5bd6038 R14: 00007f20b5bd5fa0 R15: 00007ffcca037408
[  254.753319][T10109]  </TASK>
[  255.768919][T10127] __nla_validate_parse: 11 callbacks suppressed
[  255.768940][T10127] netlink: 14560 bytes leftover after parsing attributes in process `syz.4.1320'.
[  255.790820][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  256.232531][T10158] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  256.263019][T10163] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1333'.
[  256.276843][T10163] netlink: 'syz.3.1333': attribute type 2 has an invalid length.
[  256.294707][T10163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1333'.
[  256.365945][T10167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1331'.
[  256.404151][T10169] FAULT_INJECTION: forcing a failure.
[  256.404151][T10169] name failslab, interval 1, probability 0, space 0, times 0
[  256.416934][T10169] CPU: 0 UID: 0 PID: 10169 Comm: syz.4.1335 Not tainted syzkaller #0 PREEMPT(full) 
[  256.416960][T10169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  256.416972][T10169] Call Trace:
[  256.416980][T10169]  <TASK>
[  256.416988][T10169]  dump_stack_lvl+0x189/0x250
[  256.417016][T10169]  ? __pfx____ratelimit+0x10/0x10
[  256.417037][T10169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.417061][T10169]  ? __pfx__printk+0x10/0x10
[  256.417095][T10169]  ? bpf_test_run_xdp_live+0x1786/0x1b10
[  256.417118][T10169]  ? __x64_sys_bpf+0x7c/0x90
[  256.417138][T10169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.417167][T10169]  should_fail_ex+0x414/0x560
[  256.417202][T10169]  should_failslab+0xa8/0x100
[  256.417232][T10169]  kmem_cache_alloc_noprof+0x73/0x3c0
[  256.417257][T10169]  ? skb_ext_add+0x148/0x8f0
[  256.417283][T10169]  skb_ext_add+0x148/0x8f0
[  256.417316][T10169]  secpath_set+0x58/0x1f0
[  256.417348][T10169]  xfrm_input+0x7f0/0x72c0
[  256.417380][T10169]  ? ip_tunnel_lookup+0xca1/0xe90
[  256.417417][T10169]  vti_input+0x219/0x330
[  256.417440][T10169]  ? __pfx_vti_input+0x10/0x10
[  256.417457][T10169]  ? skb_checksum+0x7c1/0x8c0
[  256.417496][T10169]  xfrm4_rcv_encap+0x39c/0x620
[  256.417530][T10169]  udp_queue_rcv_one_skb+0x17b9/0x19e0
[  256.417557][T10169]  ? __pfx_xfrm4_udp_encap_rcv+0x10/0x10
[  256.417585][T10169]  ? __pfx_udp_queue_rcv_one_skb+0x10/0x10
[  256.417620][T10169]  udp_unicast_rcv_skb+0x257/0x400
[  256.417637][T10169]  ? __udp4_lib_rcv+0x137f/0x2600
[  256.417660][T10169]  __udp4_lib_rcv+0x138f/0x2600
[  256.417698][T10169]  ? __pfx___udp4_lib_rcv+0x10/0x10
[  256.417722][T10169]  ? __pfx_udp_rcv+0x10/0x10
[  256.417741][T10169]  ip_protocol_deliver_rcu+0x282/0x440
[  256.417764][T10169]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  256.417786][T10169]  ip_local_deliver_finish+0x3bb/0x6f0
[  256.417815][T10169]  NF_HOOK+0x309/0x3a0
[  256.417836][T10169]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  256.417856][T10169]  ? NF_HOOK+0x9a/0x3a0
[  256.417874][T10169]  ? __pfx_NF_HOOK+0x10/0x10
[  256.417896][T10169]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  256.417923][T10169]  ? ip_local_deliver+0x12a/0x1b0
[  256.417947][T10169]  ip_sublist_rcv_finish+0x221/0x2a0
[  256.417974][T10169]  ip_sublist_rcv+0x6e7/0x9b0
[  256.418008][T10169]  ? __pfx_ip_sublist_rcv+0x10/0x10
[  256.418027][T10169]  ? skb_orphan+0xaf/0xd0
[  256.418050][T10169]  ? __pfx_ip_rcv_finish+0x10/0x10
[  256.418088][T10169]  ip_list_rcv+0x3e2/0x430
[  256.418119][T10169]  ? __pfx_ip_list_rcv+0x10/0x10
[  256.418140][T10169]  ? kasan_save_track+0x3e/0x80
[  256.418161][T10169]  ? __kasan_slab_alloc+0x6c/0x80
[  256.418185][T10169]  ? bpf_test_run_xdp_live+0x15f1/0x1b10
[  256.418208][T10169]  ? __pfx_ip_list_rcv+0x10/0x10
[  256.418229][T10169]  __netif_receive_skb_list_core+0x7d2/0x800
[  256.418274][T10169]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[  256.418316][T10169]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  256.418344][T10169]  netif_receive_skb_list_internal+0x975/0xcc0
[  256.418376][T10169]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  256.418408][T10169]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[  256.418438][T10169]  ? __phys_addr+0xd3/0x180
[  256.418462][T10169]  ? build_skb_around+0x133/0x280
[  256.418486][T10169]  ? __xdp_build_skb_from_frame+0x34b/0x740
[  256.418519][T10169]  netif_receive_skb_list+0x54/0x450
[  256.418552][T10169]  bpf_test_run_xdp_live+0x1786/0x1b10
[  256.418586][T10169]  ? bpf_test_run_xdp_live+0x38e/0x1b10
[  256.418619][T10169]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  256.418639][T10169]  ? 0xffffffffa0205a80
[  256.418658][T10169]  ? 0xffffffffa0205a80
[  256.418723][T10169]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  256.418754][T10169]  ? _copy_from_user+0x94/0xb0
[  256.418779][T10169]  ? bpf_test_init+0x133/0x170
[  256.418795][T10169]  ? xdp_convert_md_to_buff+0x5b/0x330
[  256.418817][T10169]  bpf_prog_test_run_xdp+0x713/0x1000
[  256.418854][T10169]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  256.418880][T10169]  ? __fget_files+0x2a/0x420
[  256.418903][T10169]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  256.418926][T10169]  bpf_prog_test_run+0x2c7/0x340
[  256.418958][T10169]  __sys_bpf+0x581/0x870
[  256.418984][T10169]  ? __pfx___sys_bpf+0x10/0x10
[  256.419023][T10169]  ? ksys_write+0x22a/0x250
[  256.419051][T10169]  ? __pfx_ksys_write+0x10/0x10
[  256.419081][T10169]  ? rcu_is_watching+0x15/0xb0
[  256.419109][T10169]  __x64_sys_bpf+0x7c/0x90
[  256.419133][T10169]  do_syscall_64+0xfa/0x3b0
[  256.419152][T10169]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.419171][T10169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.419189][T10169]  ? clear_bhb_loop+0x60/0xb0
[  256.419213][T10169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.419231][T10169] RIP: 0033:0x7f872fd8eba9
[  256.419248][T10169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.419265][T10169] RSP: 002b:00007f8730cb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  256.419286][T10169] RAX: ffffffffffffffda RBX: 00007f872ffd5fa0 RCX: 00007f872fd8eba9
[  256.419300][T10169] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  256.419313][T10169] RBP: 00007f8730cb9090 R08: 0000000000000000 R09: 0000000000000000
[  256.419324][T10169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  256.419336][T10169] R13: 00007f872ffd6038 R14: 00007f872ffd5fa0 R15: 00007ffec3947728
[  256.419369][T10169]  </TASK>
[  256.422771][T10158] syzkaller0: entered promiscuous mode
[  256.958084][T10158] syzkaller0: entered allmulticast mode
[  256.964429][T10158] tipc: Resetting bearer <eth:syzkaller0>
[  257.082516][T10157] tipc: Resetting bearer <eth:syzkaller0>
[  257.315252][T10190] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1343'.
[  258.533738][T10157] tipc: Disabling bearer <eth:syzkaller0>
[  258.768455][T10198] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1344'.
[  258.873906][T10211] vlan2: entered promiscuous mode
[  258.896518][T10211] bridge0: entered promiscuous mode
[  258.925585][T10212] netlink: 'syz.4.1349': attribute type 10 has an invalid length.
[  258.955519][T10203] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  259.015775][T10212] bond0: (slave dummy0): Releasing backup interface
[  259.021445][T10218] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  259.027263][T10203] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  259.049446][T10212] team0: Port device dummy0 added
[  259.184809][T10222] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  259.266881][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1353'.
[  259.473686][T10239] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1354'.
[  259.619385][T10251] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1355'.
[  259.671160][T10248] netlink: 45 bytes leftover after parsing attributes in process `syz.1.1356'.
[  260.027294][T10271] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  260.554813][T10295] IPVS: set_ctl: invalid protocol: 47 224.0.0.1:20003
[  260.755326][T10307] tipc: Started in network mode
[  260.763960][T10307] tipc: Node identity fe800000000000000000000000000014, cluster identity 4711
[  260.794713][T10307] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  261.209467][T10340] openvswitch: netlink: Missing valid actions attribute.
[  261.276485][T10340] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  261.320828][T10346] __nla_validate_parse: 3 callbacks suppressed
[  261.320847][T10346] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1379'.
[  261.667860][T10352] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20001
[  261.795372][T10355] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  261.806464][T10355] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  261.840069][T10355] gretap1: entered promiscuous mode
[  261.854690][T10355] gretap1: entered allmulticast mode
[  262.145815][T10372] batman_adv: batadv0: Adding interface: dummy0
[  262.152302][T10372] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.181628][T10372] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  262.242219][T10375] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1391'.
[  262.662219][T10398] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1397'.
[  262.779351][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888057c51400: rx timeout, send abort
[  262.788016][    C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888057c51400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  262.876489][T10405] syzkaller0: entered promiscuous mode
[  262.903526][T10405] syzkaller0: entered allmulticast mode
[  263.139424][T10415] macvlan0: entered allmulticast mode
[  263.161182][T10415] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  263.162838][T10419] netlink: 'syz.3.1405': attribute type 1 has an invalid length.
[  263.201742][T10419] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1405'.
[  263.246646][T10426] TCP: TCP_TX_DELAY enabled
[  263.294072][T10425] delete_channel: no stack
[  263.320457][T10428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1407'.
[  263.390798][T10431] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1408'.
[  263.430215][T10435] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  263.593669][   T13] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  263.615065][T10444] netlink: 'syz.0.1413': attribute type 1 has an invalid length.
[  263.634298][ T1154] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  263.666630][ T1154] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  263.796767][ T1154] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  264.019474][T10465] : entered promiscuous mode
[  264.065553][T10471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1421'.
[  264.083973][T10468] macvlan0: entered allmulticast mode
[  264.096262][T10468] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  265.597872][ T5972] IPVS: starting estimator thread 0...
[  265.708077][T10557] IPVS: using max 25 ests per chain, 60000 per kthread
[  265.997165][T10577] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1458'.
[  266.014127][T10577] netlink: 788 bytes leftover after parsing attributes in process `syz.3.1458'.
[  266.127862][T10569] macvlan2: entered allmulticast mode
[  266.136096][T10569] bond0: (slave macvlan2): Opening slave failed
[  266.596913][T10597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1466'.
[  267.089080][T10621] FAULT_INJECTION: forcing a failure.
[  267.089080][T10621] name failslab, interval 1, probability 0, space 0, times 0
[  267.101875][T10621] CPU: 1 UID: 0 PID: 10621 Comm: syz.3.1473 Not tainted syzkaller #0 PREEMPT(full) 
[  267.101902][T10621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  267.101914][T10621] Call Trace:
[  267.101922][T10621]  <TASK>
[  267.101930][T10621]  dump_stack_lvl+0x189/0x250
[  267.101959][T10621]  ? __pfx____ratelimit+0x10/0x10
[  267.101981][T10621]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.102004][T10621]  ? __pfx__printk+0x10/0x10
[  267.102030][T10621]  ? __sys_bpf+0x581/0x870
[  267.102054][T10621]  ? do_syscall_64+0xfa/0x3b0
[  267.102074][T10621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.102094][T10621]  ? __pfx___xfrm_policy_check+0x10/0x10
[  267.102128][T10621]  should_fail_ex+0x414/0x560
[  267.102162][T10621]  should_failslab+0xa8/0x100
[  267.102193][T10621]  kmem_cache_alloc_noprof+0x73/0x3c0
[  267.102226][T10621]  ? skb_ext_add+0x148/0x8f0
[  267.102254][T10621]  skb_ext_add+0x148/0x8f0
[  267.102287][T10621]  secpath_set+0x58/0x1f0
[  267.102336][T10621]  xfrm_input+0x7f0/0x72c0
[  267.102358][T10621]  ? vti_input+0x223/0x330
[  267.102381][T10621]  ? __pfx_vti_input+0x10/0x10
[  267.102413][T10621]  xfrm4_rcv_encap+0x39c/0x620
[  267.102448][T10621]  udp_queue_rcv_one_skb+0x17b9/0x19e0
[  267.102474][T10621]  ? __pfx_xfrm4_udp_encap_rcv+0x10/0x10
[  267.102503][T10621]  ? __pfx_udp_queue_rcv_one_skb+0x10/0x10
[  267.102536][T10621]  udp_unicast_rcv_skb+0x257/0x400
[  267.102555][T10621]  ? __udp4_lib_rcv+0x137f/0x2600
[  267.102577][T10621]  __udp4_lib_rcv+0x138f/0x2600
[  267.102617][T10621]  ? __pfx___udp4_lib_rcv+0x10/0x10
[  267.102644][T10621]  ? __pfx_udp_rcv+0x10/0x10
[  267.102664][T10621]  ip_protocol_deliver_rcu+0x282/0x440
[  267.102685][T10621]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  267.102702][T10621]  ip_local_deliver_finish+0x3bb/0x6f0
[  267.102729][T10621]  NF_HOOK+0x309/0x3a0
[  267.102748][T10621]  ? __pfx_ip_route_input_noref+0x10/0x10
[  267.102775][T10621]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  267.102795][T10621]  ? NF_HOOK+0x9a/0x3a0
[  267.102812][T10621]  ? __pfx_NF_HOOK+0x10/0x10
[  267.102834][T10621]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  267.102860][T10621]  ? ip_local_deliver+0x12a/0x1b0
[  267.102884][T10621]  ip_sublist_rcv_finish+0x221/0x2a0
[  267.102910][T10621]  ip_sublist_rcv+0x6e7/0x9b0
[  267.102943][T10621]  ? __pfx_ip_sublist_rcv+0x10/0x10
[  267.102962][T10621]  ? skb_orphan+0xaf/0xd0
[  267.102985][T10621]  ? __pfx_ip_rcv_finish+0x10/0x10
[  267.103019][T10621]  ip_list_rcv+0x3e2/0x430
[  267.103048][T10621]  ? __pfx_ip_list_rcv+0x10/0x10
[  267.103066][T10621]  ? kasan_save_track+0x3e/0x80
[  267.103086][T10621]  ? __kasan_slab_alloc+0x6c/0x80
[  267.103109][T10621]  ? bpf_test_run_xdp_live+0x15f1/0x1b10
[  267.103130][T10621]  ? __pfx_ip_list_rcv+0x10/0x10
[  267.103151][T10621]  __netif_receive_skb_list_core+0x7d2/0x800
[  267.103196][T10621]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[  267.103235][T10621]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  267.103263][T10621]  netif_receive_skb_list_internal+0x975/0xcc0
[  267.103297][T10621]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  267.103341][T10621]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[  267.103372][T10621]  ? __phys_addr+0xd3/0x180
[  267.103397][T10621]  ? build_skb_around+0x133/0x280
[  267.103421][T10621]  ? __xdp_build_skb_from_frame+0x34b/0x740
[  267.103453][T10621]  netif_receive_skb_list+0x54/0x450
[  267.103485][T10621]  bpf_test_run_xdp_live+0x1786/0x1b10
[  267.103518][T10621]  ? bpf_test_run_xdp_live+0x38e/0x1b10
[  267.103550][T10621]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  267.103569][T10621]  ? 0xffffffffa0205a80
[  267.103587][T10621]  ? 0xffffffffa0205a80
[  267.103652][T10621]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  267.103682][T10621]  ? _copy_from_user+0x94/0xb0
[  267.103707][T10621]  ? bpf_test_init+0x133/0x170
[  267.103724][T10621]  ? xdp_convert_md_to_buff+0x5b/0x330
[  267.103746][T10621]  bpf_prog_test_run_xdp+0x713/0x1000
[  267.103781][T10621]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  267.103807][T10621]  ? __fget_files+0x2a/0x420
[  267.103830][T10621]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  267.103851][T10621]  bpf_prog_test_run+0x2c7/0x340
[  267.103883][T10621]  __sys_bpf+0x581/0x870
[  267.103911][T10621]  ? __pfx___sys_bpf+0x10/0x10
[  267.103950][T10621]  ? ksys_write+0x22a/0x250
[  267.103978][T10621]  ? __pfx_ksys_write+0x10/0x10
[  267.104000][T10621]  ? rcu_is_watching+0x15/0xb0
[  267.104028][T10621]  __x64_sys_bpf+0x7c/0x90
[  267.104053][T10621]  do_syscall_64+0xfa/0x3b0
[  267.104073][T10621]  ? lockdep_hardirqs_on+0x9c/0x150
[  267.104093][T10621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.104112][T10621]  ? clear_bhb_loop+0x60/0xb0
[  267.104135][T10621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.104154][T10621] RIP: 0033:0x7f22a898eba9
[  267.104171][T10621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.104189][T10621] RSP: 002b:00007f22a9868038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  267.104210][T10621] RAX: ffffffffffffffda RBX: 00007f22a8bd5fa0 RCX: 00007f22a898eba9
[  267.104224][T10621] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  267.104236][T10621] RBP: 00007f22a9868090 R08: 0000000000000000 R09: 0000000000000000
[  267.104248][T10621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  267.104260][T10621] R13: 00007f22a8bd6038 R14: 00007f22a8bd5fa0 R15: 00007ffce9f22ce8
[  267.104294][T10621]  </TASK>
[  267.994012][T10637] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  268.175675][T10645] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1482'.
[  268.243679][T10656] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1484'.
[  268.254250][T10645] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1482'.
[  268.264903][T10645] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1482'.
[  268.273998][T10645] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1482'.
[  268.279604][T10657] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1484'.
[  268.293615][T10645] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1482'.
[  268.434945][T10666] netlink: 'syz.3.1488': attribute type 24 has an invalid length.
[  268.639924][T10672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1490'.
[  268.699697][T10672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1490'.
[  268.785751][T10682] netlink: 'syz.1.1494': attribute type 5 has an invalid length.
[  268.834865][T10681] netlink: 'syz.1.1494': attribute type 5 has an invalid length.
[  268.892241][T10687] veth0: entered promiscuous mode
[  268.909883][T10689] veth0: left promiscuous mode
[  269.192669][T10712] netlink: 'syz.0.1503': attribute type 5 has an invalid length.
[  269.250825][ T5867] IPVS: starting estimator thread 0...
[  269.366630][T10714] IPVS: using max 27 ests per chain, 64800 per kthread
[  269.691412][T10746] openvswitch: netlink: Missing key (keys=40, expected=80)
[  270.628427][T10792] bridge0: port 3(batadv1) entered blocking state
[  270.650766][T10792] bridge0: port 3(batadv1) entered disabled state
[  270.663439][T10792] batadv1: entered allmulticast mode
[  270.681764][T10792] batadv1: entered promiscuous mode
[  270.702408][T10799] openvswitch: netlink: Message has 5 unknown bytes.
[  270.755526][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888057c5c800: rx timeout, send abort
[  270.765421][    C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888057c5c800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  271.123084][   T13] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  271.132583][   T13] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  271.317161][T10828] vlan0: entered allmulticast mode
[  271.322339][T10828] bridge_slave_0: entered allmulticast mode
[  271.514125][T10807] infiniband !yz!: set down
[  271.523450][ T5972] hid-generic 0005:04F3:1010.0001: item fetching failed at offset 0/1
[  271.533198][T10807] infiniband !yz!: added team_slave_0
[  271.538109][T10835] nbd: must specify an index to disconnect
[  271.577935][ T5972] hid-generic 0005:04F3:1010.0001: probe with driver hid-generic failed with error -22
[  271.656530][T10807] RDS/IB: !yz!: added
[  271.674187][T10807] smc: adding ib device !yz! with port count 1
[  271.698000][T10807] smc:    ib device !yz! port 1 has pnetid 
[  271.855554][T10848] __nla_validate_parse: 12 callbacks suppressed
[  271.855576][T10848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1549'.
[  271.954811][T10848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1549'.
[  272.007929][T10846] syzkaller0: entered promiscuous mode
[  272.013729][T10846] syzkaller0: entered allmulticast mode
[  272.022662][T10848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1549'.
[  272.347092][T10860] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  272.370048][T10860] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  272.540515][T10874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1554'.
[  272.671025][T10876] openvswitch: netlink: Key 9 has unexpected len 0 expected 4
[  274.367501][T10892] netlink: 'syz.2.1561': attribute type 1 has an invalid length.
[  274.393655][T10892] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1561'.
[  274.446882][T10892] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1561'.
[  274.509423][T10899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1563'.
[  274.546823][T10899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1563'.
[  274.590321][T10899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1563'.
[  275.075897][T10920] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1568'.
[  275.152527][T10926] dvmrp0: entered allmulticast mode
[  275.175941][T10926] dvmrp0: left allmulticast mode
[  275.924560][T10953] netlink: 'syz.2.1575': attribute type 5 has an invalid length.
[  275.935469][T10953] netlink: 'syz.2.1575': attribute type 10 has an invalid length.
[  276.663321][T10988] netlink: 'syz.4.1584': attribute type 62 has an invalid length.
[  277.022402][T11001] nbd: must specify a device to reconfigure
[  277.566550][T11020] openvswitch: netlink: IP tunnel dst address not specified
[  277.603618][T11022] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  277.763988][T11028] netlink: 'syz.0.1601': attribute type 1 has an invalid length.
[  277.867518][T11028] 8021q: adding VLAN 0 to HW filter on device bond6
[  277.875677][T11031] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  277.996748][T11032] bond6: (slave veth5): Enslaving as an active interface with a down link
[  278.107604][T11032] bond6: (slave veth7): Enslaving as an active interface with a down link
[  278.174374][T11028] bond6: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  278.198532][T11044] bridge: RTM_NEWNEIGH with invalid ether address
[  278.219691][T11036] sctp: [Deprecated]: syz.1.1603 (pid 11036) Use of int in maxseg socket option.
[  278.219691][T11036] Use struct sctp_assoc_value instead
[  278.425016][ T5183] Bluetooth: hci4: command 0x0406 tx timeout
[  278.631073][T11074] __nla_validate_parse: 68 callbacks suppressed
[  278.631089][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1613'.
[  278.826843][T11087] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1616'.
[  278.953041][T11089] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  279.062975][T11100] netlink: 'syz.2.1618': attribute type 5 has an invalid length.
[  279.065746][T11097] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  279.120343][T11099] syzkaller0: entered promiscuous mode
[  279.136582][T11099] syzkaller0: entered allmulticast mode
[  279.147160][T11103] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1619'.
[  279.187318][T11088] tipc: Disabling bearer <eth:syzkaller0>
[  279.242776][T11099] tipc: Resetting bearer <eth:syzkaller0>
[  279.320354][T11099] tipc: Disabling bearer <eth:syzkaller0>
[  279.493676][T11114] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1623'.
[  279.584350][T11119] netlink: 'syz.2.1625': attribute type 1 has an invalid length.
[  279.670079][T11123] macvlan0: entered promiscuous mode
[  279.676026][T11123] macvlan0: entered allmulticast mode
[  279.683663][T11123] bond3: entered promiscuous mode
[  279.689733][T11123] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  279.700965][T11123] bond3: left promiscuous mode
[  279.971877][T11136] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1629'.
[  280.225725][T11147] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1635'.
[  280.499908][T11168] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1643'.
[  280.523218][T11166] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1642'.
[  280.532774][T11168] netlink: 'syz.0.1643': attribute type 8 has an invalid length.
[  280.532844][T11166] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1642'.
[  280.747219][   T55] block nbd0: Possible stuck request ffff888024f30000: control (read@0,1024B). Runtime 30 seconds
[  280.759522][   T55] block nbd0: Possible stuck request ffff888024f301c0: control (read@1024,1024B). Runtime 30 seconds
[  280.770772][   T55] block nbd0: Possible stuck request ffff888024f30380: control (read@2048,1024B). Runtime 30 seconds
[  280.782411][   T55] block nbd0: Possible stuck request ffff888024f30540: control (read@3072,1024B). Runtime 30 seconds
[  281.000903][T11190] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1649'.
[  281.200329][T11195] netlink: 'syz.3.1650': attribute type 4 has an invalid length.
[  281.236248][T11195] sch_fq: defrate 0 ignored.
[  281.443252][   T36] batman_adv: batadv1: MLD Querier appeared
[  282.052082][T11247] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  282.387751][T11264] netlink: 'syz.1.1672': attribute type 1 has an invalid length.
[  282.415892][T11264] netlink: 'syz.1.1672': attribute type 2 has an invalid length.
[  282.435365][T11264] netlink: 'syz.1.1672': attribute type 1 has an invalid length.
[  283.252202][T11309] netlink: 'syz.1.1687': attribute type 1 has an invalid length.
[  283.440108][T11311] bond2 (unregistering): Released all slaves
[  283.614943][T11321] ip6tnl3: entered promiscuous mode
[  283.620288][T11321] ip6tnl3: entered allmulticast mode
[  284.177664][T11357] __nla_validate_parse: 14 callbacks suppressed
[  284.177683][T11357] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1697'.
[  284.204242][T11357] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1697'.
[  284.216051][T11357] netlink: 'syz.0.1697': attribute type 6 has an invalid length.
[  284.224017][T11357] netlink: 'syz.0.1697': attribute type 5 has an invalid length.
[  284.244168][T11357] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1697'.
[  284.311484][T11354] tipc: Cannot configure node identity twice
[  284.843791][   T30] audit: type=1107 audit(1758152773.785:3): pid=11379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ùfÜç€üv�hâ» &ƒ@΢'ò7¯)ù0ü*3?Éw¡©ƒ…ÖÉ{AIÕÿƒÁä^µðú8òÀ¼À,)i–Ê”-?<|
[  284.843791][   T30] NËþ»ËCÔáDyn½Yb/Ì·;I²ŒX$®_�b'
[  284.889279][T11385] netlink: 'syz.0.1707': attribute type 1 has an invalid length.
[  285.049883][T11391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1709'.
[  285.059325][T11392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1708'.
[  285.080552][T11392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1708'.
[  285.894303][T11420] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1719'.
[  285.953414][T11423] netlink: 'syz.1.1719': attribute type 10 has an invalid length.
[  286.051606][T11425] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1720'.
[  286.158158][T11422] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1720'.
[  286.178806][T11422] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1720'.
[  286.251125][T11423] team0: Device veth0_vlan failed to register rx_handler
[  286.351264][T11431] macvlan2: entered allmulticast mode
[  286.395246][T11431] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  286.679058][T11458] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  286.770790][T11460] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  286.780782][T11460] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  286.891682][T11468] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  287.529148][T11488] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.600776][T11488] tipc: Resetting bearer <eth:syzkaller0>
[  287.632757][T11485] tipc: Disabling bearer <eth:syzkaller0>
[  287.920267][T11504] netlink: 'syz.1.1742': attribute type 4 has an invalid length.
[  288.444311][T11523] syzkaller1: entered promiscuous mode
[  288.460944][T11523] syzkaller1: entered allmulticast mode
[  288.478338][T11523] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324
[  288.516514][T11531] macvlan0: entered allmulticast mode
[  288.525479][T11531] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  288.663124][T11539] syzkaller1: entered promiscuous mode
[  288.682868][T11539] syzkaller1: entered allmulticast mode
[  288.697372][T10732] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  288.733649][T10732] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  288.784232][T10732] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  288.796109][T10732] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  288.984352][T11553] netlink: 'syz.0.1761': attribute type 2 has an invalid length.
[  288.990224][T11543] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  289.002010][T11543] syzkaller0: entered promiscuous mode
[  289.009046][T11543] syzkaller0: entered allmulticast mode
[  289.041764][T11543] tipc: Resetting bearer <eth:syzkaller0>
[  289.055168][T11542] tipc: Resetting bearer <eth:syzkaller0>
[  289.096100][T11542] tipc: Disabling bearer <eth:syzkaller0>
[  290.382353][T11625] tap0: tun_chr_ioctl cmd 1074025678
[  290.388176][T11625] tap0: group set to 0
[  290.521866][T11631] syzkaller0: refused to change device tx_queue_len
[  290.728985][T11641] netlink: 'syz.1.1789': attribute type 1 has an invalid length.
[  290.737259][T11641] __nla_validate_parse: 12 callbacks suppressed
[  290.737279][T11641] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1789'.
[  290.755305][T11641] nbd: illegal input index 1048576
[  290.859850][T11643] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  290.870335][T11643] netlink: 'syz.3.1790': attribute type 1 has an invalid length.
[  291.190682][T11658] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1796'.
[  291.238045][  T980] IPVS: starting estimator thread 0...
[  291.334901][T11662] IPVS: using max 26 ests per chain, 62400 per kthread
[  292.117419][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1809'.
[  292.220322][T11712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1813'.
[  292.245632][T11711] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  293.036846][T11748] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1823'.
[  293.052578][T11750] netlink: 'syz.0.1824': attribute type 4 has an invalid length.
[  293.147585][T11750] wg2: entered promiscuous mode
[  293.170553][T11750] wg2: entered allmulticast mode
[  293.260673][T11758] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1827'.
[  293.291530][T11758] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1827'.
[  293.550140][T11777] pim6reg: entered allmulticast mode
[  293.562830][T11777] pim6reg: left allmulticast mode
[  293.861501][T11791] batman_adv: batadv0: Removing interface: dummy0
[  293.887234][T11791] bridge_slave_0: left allmulticast mode
[  293.899724][T11791] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.932058][T11791] bridge_slave_1: left allmulticast mode
[  293.938530][T11791] bridge_slave_1: left promiscuous mode
[  293.944414][T11791] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.956761][T11791] bond6: (slave veth0_to_bond): Releasing active interface
[  293.968109][T11791] bond0: (slave bond_slave_0): Releasing backup interface
[  293.980831][T11791] bond0: (slave bond_slave_1): Releasing backup interface
[  293.992570][T11791] team0: Port device team_slave_0 removed
[  294.001687][T11791] team0: Port device team_slave_1 removed
[  294.009599][T11791] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.023641][T11791] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.039818][T11791] bond0: (slave ÿ
): Releasing backup interface
[  294.051583][T11791] bond2: (slave geneve3): Releasing backup interface
[  294.064062][T11791] bond6: (slave veth5): Releasing active interface
[  294.070823][T11791] bond6: (slave veth5): the permanent HWaddr of slave - 7e:90:f3:23:ca:82 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  294.098600][T11791] bond6: (slave veth7): Releasing active interface
[  294.588717][T11831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1850'.
[  294.600633][T11832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1850'.
[  294.626671][T11828] netlink: 'syz.4.1851': attribute type 1 has an invalid length.
[  294.747870][T11839] vlan0: entered promiscuous mode
[  294.757706][T11839] vlan0: entered allmulticast mode
[  294.762876][T11839] veth0_vlan: entered allmulticast mode
[  295.087812][T11855] netlink: 'syz.0.1857': attribute type 83 has an invalid length.
[  295.088245][T11860] netdevsim netdevsim1: Direct firmware load for 	 failed with error -2
[  295.112234][T11860] netdevsim netdevsim1: Falling back to sysfs fallback for: 	
[  295.478656][T11880] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1866'.
[  295.590317][T11887] netlink: 'syz.2.1868': attribute type 30 has an invalid length.
[  295.638268][T11887] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  295.650706][T11887] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  295.671324][T11887] netlink: 'syz.2.1868': attribute type 2 has an invalid length.
[  295.701586][T11887] netlink: 'syz.2.1868': attribute type 83 has an invalid length.
[  295.830044][T11895] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  295.831026][T11898] __nla_validate_parse: 2 callbacks suppressed
[  295.831042][T11898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1871'.
[  295.886322][T11900] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  296.018042][T11909] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1875'.
[  296.031355][T11909] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1875'.
[  296.041388][T11909] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1875'.
[  296.050853][T11909] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1875'.
[  296.073287][T11912] sctp: [Deprecated]: syz.3.1876 (pid 11912) Use of int in maxseg socket option.
[  296.073287][T11912] Use struct sctp_assoc_value instead
[  296.239381][T11918] tun0: tun_chr_ioctl cmd 1074025675
[  296.254707][T11918] tun0: persist disabled
[  296.331826][T11922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1878'.
[  296.942895][T11927] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1880'.
[  297.096075][T11943] netlink: 'syz.1.1885': attribute type 21 has an invalid length.
[  297.110670][T11938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.129695][T11943] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode broadcast(3)
[  297.183057][T11938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.202029][T11938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.222398][T11946] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1886'.
[  297.252294][T11946] netlink: 272 bytes leftover after parsing attributes in process `syz.4.1886'.
[  297.277830][T11946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1886'.
[  297.344111][T11946] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  297.447933][T11967] syzkaller0: entered promiscuous mode
[  297.453894][T11967] syzkaller0: entered allmulticast mode
[  297.628987][T11973] netlink: 'syz.0.1892': attribute type 1 has an invalid length.
[  297.656274][T11973] netlink: 'syz.0.1892': attribute type 1 has an invalid length.
[  297.884060][T11991] openvswitch: netlink: EtherType 0 is less than min 600
[  298.745879][T12038] netlink: 'syz.1.1910': attribute type 10 has an invalid length.
[  298.790120][T12038] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  299.053955][T12052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.165208][T12052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.277038][T12063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.484918][T12075] FAULT_INJECTION: forcing a failure.
[  299.484918][T12075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.494870][T12074] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  299.504817][T12075] CPU: 0 UID: 0 PID: 12075 Comm: syz.4.1921 Not tainted syzkaller #0 PREEMPT(full) 
[  299.504845][T12075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  299.504857][T12075] Call Trace:
[  299.504865][T12075]  <TASK>
[  299.504873][T12075]  dump_stack_lvl+0x189/0x250
[  299.504902][T12075]  ? __pfx____ratelimit+0x10/0x10
[  299.504922][T12075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.504944][T12075]  ? __pfx__printk+0x10/0x10
[  299.504982][T12075]  ? __might_fault+0xb0/0x130
[  299.505019][T12075]  should_fail_ex+0x414/0x560
[  299.505051][T12075]  _copy_from_iter+0x1de/0x1790
[  299.505081][T12075]  ? rcu_is_watching+0x15/0xb0
[  299.505101][T12075]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  299.505128][T12075]  ? __pfx__copy_from_iter+0x10/0x10
[  299.505152][T12075]  ? __build_skb_around+0x257/0x3e0
[  299.505177][T12075]  ? netlink_sendmsg+0x642/0xb30
[  299.505196][T12075]  ? skb_put+0x11b/0x210
[  299.505220][T12075]  netlink_sendmsg+0x6b2/0xb30
[  299.505243][T12075]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.505262][T12075]  ? aa_sock_msg_perm+0xf1/0x1d0
[  299.505280][T12075]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  299.505298][T12075]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.505320][T12075]  __sock_sendmsg+0x21c/0x270
[  299.505351][T12075]  __sys_sendto+0x3bd/0x520
[  299.505375][T12075]  ? __pfx___sys_sendto+0x10/0x10
[  299.505393][T12075]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  299.505426][T12075]  ? __fget_files+0x3a0/0x420
[  299.505454][T12075]  ? ksys_write+0x22a/0x250
[  299.505480][T12075]  ? __pfx_ksys_write+0x10/0x10
[  299.505501][T12075]  ? rcu_is_watching+0x15/0xb0
[  299.505525][T12075]  __x64_sys_sendto+0xde/0x100
[  299.505549][T12075]  do_syscall_64+0xfa/0x3b0
[  299.505573][T12075]  ? lockdep_hardirqs_on+0x9c/0x150
[  299.505591][T12075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.505610][T12075]  ? clear_bhb_loop+0x60/0xb0
[  299.505632][T12075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.505650][T12075] RIP: 0033:0x7f872fd8eba9
[  299.505667][T12075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.505684][T12075] RSP: 002b:00007f8730c98038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  299.505703][T12075] RAX: ffffffffffffffda RBX: 00007f872ffd6090 RCX: 00007f872fd8eba9
[  299.505717][T12075] RDX: 000000000000004c RSI: 0000200000000080 RDI: 0000000000000006
[  299.505730][T12075] RBP: 00007f8730c98090 R08: 0000000000000000 R09: 0000000000000000
[  299.505742][T12075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.505753][T12075] R13: 00007f872ffd6128 R14: 00007f872ffd6090 R15: 00007ffec3947728
[  299.505783][T12075]  </TASK>
[  299.573480][T12078] netlink: 'syz.1.1920': attribute type 10 has an invalid length.
[  299.797622][T12078] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  300.128301][T12098] netlink: 'syz.0.1930': attribute type 1 has an invalid length.
[  300.139746][T12098] lo: entered promiscuous mode
[  300.148338][T12098] netlink: 'syz.0.1930': attribute type 2 has an invalid length.
[  300.159911][T12098] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  300.693378][T12130] nbd: must specify a device to reconfigure
[  300.758724][   T30] audit: type=1107 audit(1758152789.705:4): pid=12134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ù‹�5ž÷Œ•%èÍUýAÊ�ÃËÙ ë0ä�™l…t¿Ý•/Öÿ Ž6òŠ¨Šç›'
[  300.839839][T12146] __nla_validate_parse: 14 callbacks suppressed
[  300.839860][T12146] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1946'.
[  300.856232][T12146] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  301.396575][T12170] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1953'.
[  301.419665][T12173] nbd: must specify a device to reconfigure
[  301.789142][T12204] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1963'.
[  302.029611][T12214] nbd: must specify a device to reconfigure
[  302.793155][T12248] nbd: must specify a device to reconfigure
[  302.862918][T12253] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1982'.
[  303.087011][T12265] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1984'.
[  303.661032][T12299] nbd: must specify a device to reconfigure
[  303.682616][T12301] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (65535)
[  303.719449][T12301] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  303.980167][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2003'.
[  304.025040][T12327] netlink: 'syz.2.2003': attribute type 1 has an invalid length.
[  304.041948][T12328] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2002'.
[  304.051665][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2003'.
[  304.088333][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2003'.
[  304.111908][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2003'.
[  304.166187][T12334] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  304.193654][T12337] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  304.233327][T12351] vlan0: entered promiscuous mode
[  304.248867][T12351] vlan0: entered allmulticast mode
[  304.254022][T12351] veth0_vlan: entered allmulticast mode
[  304.274376][T12353] nbd: must specify a device to reconfigure
[  304.451701][T12356] bond8: entered allmulticast mode
[  304.457501][T12356] 8021q: adding VLAN 0 to HW filter on device bond8
[  304.465769][T12356] bridge0: port 1(bond8) entered blocking state
[  304.472468][T12356] bridge0: port 1(bond8) entered disabled state
[  304.477901][T12358] netlink: 'syz.0.2011': attribute type 33 has an invalid length.
[  304.490920][T12356] bond8: entered promiscuous mode
[  304.539208][T12372] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  304.547126][T12372] syzkaller0: entered promiscuous mode
[  304.552780][T12372] syzkaller0: entered allmulticast mode
[  304.594181][T12372] tipc: Resetting bearer <eth:syzkaller0>
[  304.603718][T12371] tipc: Resetting bearer <eth:syzkaller0>
[  304.642986][T12371] tipc: Disabling bearer <eth:syzkaller0>
[  304.976181][T12397] nbd: must specify a device to reconfigure
[  304.986529][T12395] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  304.994188][T12395] syzkaller0: entered promiscuous mode
[  305.003075][T12395] syzkaller0: entered allmulticast mode
[  305.109477][T12395] tipc: Resetting bearer <eth:syzkaller0>
[  305.157021][T12394] tipc: Resetting bearer <eth:syzkaller0>
[  305.245881][T12394] tipc: Disabling bearer <eth:syzkaller0>
[  305.595416][T12434] nbd: must specify a device to reconfigure
[  305.842281][T12453] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  305.862390][T12453] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  305.875441][T12453] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  305.959706][T12457] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  306.053223][T12457] __nla_validate_parse: 4 callbacks suppressed
[  306.053237][T12457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2045'.
[  306.299163][T10732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.315055][T10732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.317799][T12475] nbd: must specify a device to reconfigure
[  306.425405][T12477] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  306.458361][T12477] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2052'.
[  306.812500][T12501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2060'.
[  306.850230][T12501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2060'.
[  306.879742][T12508] nbd: must specify a device to reconfigure
[  306.962898][T12510] macvlan2: entered allmulticast mode
[  306.984064][T12510] bond0: (slave macvlan2): Opening slave failed
[  307.092887][T12517] netlink: 'syz.1.2065': attribute type 2 has an invalid length.
[  307.256587][T12526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2068'.
[  307.264380][T12529] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2067'.
[  307.588956][T12540] netlink: 'syz.3.2074': attribute type 2 has an invalid length.
[  307.653451][T12544] nbd: must specify a device to reconfigure
[  307.679078][T12545] FAULT_INJECTION: forcing a failure.
[  307.679078][T12545] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  307.728722][T12545] CPU: 0 UID: 0 PID: 12545 Comm: syz.0.2073 Not tainted syzkaller #0 PREEMPT(full) 
[  307.728750][T12545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  307.728774][T12545] Call Trace:
[  307.728782][T12545]  <TASK>
[  307.728791][T12545]  dump_stack_lvl+0x189/0x250
[  307.728819][T12545]  ? __pfx____ratelimit+0x10/0x10
[  307.728846][T12545]  ? __pfx_dump_stack_lvl+0x10/0x10
[  307.728869][T12545]  ? __pfx__printk+0x10/0x10
[  307.728910][T12545]  should_fail_ex+0x414/0x560
[  307.728944][T12545]  _copy_to_user+0x31/0xb0
[  307.728972][T12545]  simple_read_from_buffer+0xe1/0x170
[  307.729007][T12545]  proc_fail_nth_read+0x1b3/0x220
[  307.729033][T12545]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  307.729058][T12545]  ? rw_verify_area+0x2a6/0x4d0
[  307.729086][T12545]  ? __lock_acquire+0xab9/0xd20
[  307.729112][T12545]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  307.729136][T12545]  vfs_read+0x200/0xa30
[  307.729160][T12545]  ? fdget_pos+0x247/0x320
[  307.729182][T12545]  ? __pfx___mutex_lock+0x10/0x10
[  307.729203][T12545]  ? __pfx_vfs_read+0x10/0x10
[  307.729230][T12545]  ? __fget_files+0x2a/0x420
[  307.729252][T12545]  ? __fget_files+0x3a0/0x420
[  307.729268][T12545]  ? __fget_files+0x2a/0x420
[  307.729294][T12545]  ksys_read+0x145/0x250
[  307.729323][T12545]  ? __pfx_ksys_read+0x10/0x10
[  307.729345][T12545]  ? rcu_is_watching+0x15/0xb0
[  307.729371][T12545]  ? do_syscall_64+0xbe/0x3b0
[  307.729396][T12545]  do_syscall_64+0xfa/0x3b0
[  307.729416][T12545]  ? lockdep_hardirqs_on+0x9c/0x150
[  307.729436][T12545]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.729455][T12545]  ? clear_bhb_loop+0x60/0xb0
[  307.729478][T12545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.729496][T12545] RIP: 0033:0x7f5bcf58d5bc
[  307.729513][T12545] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  307.729529][T12545] RSP: 002b:00007f5bd039b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  307.729549][T12545] RAX: ffffffffffffffda RBX: 00007f5bcf7d5fa0 RCX: 00007f5bcf58d5bc
[  307.729563][T12545] RDX: 000000000000000f RSI: 00007f5bd039b0a0 RDI: 0000000000000007
[  307.729576][T12545] RBP: 00007f5bd039b090 R08: 0000000000000000 R09: 0000000000000000
[  307.729588][T12545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  307.729599][T12545] R13: 00007f5bcf7d6038 R14: 00007f5bcf7d5fa0 R15: 00007ffe1afcce18
[  307.729632][T12545]  </TASK>
[  308.048303][T12548] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2076'.
[  308.215287][T12558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2077'.
[  308.263840][T12558] team0: No ports can be present during mode change
[  308.280184][T12562] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2081'.
[  308.341666][T12558] netlink: 'syz.2.2077': attribute type 10 has an invalid length.
[  308.413193][T12558] team0: Device dummy0 failed to register rx_handler
[  308.468380][T12567] netlink: 'syz.4.2083': attribute type 11 has an invalid length.
[  308.514318][T12567] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2083'.
[  308.743623][T12577] nbd: must specify a device to reconfigure
[  309.102015][T12599] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  309.503633][T12643] macvlan2: entered allmulticast mode
[  309.526971][T12643] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  309.975499][T12674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.039753][T12674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.055095][T12674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.061257][T12676] netlink: 'syz.2.2115': attribute type 27 has an invalid length.
[  310.076192][T12676] netlink: 'syz.2.2115': attribute type 4 has an invalid length.
[  310.351455][T12693] netlink: 'syz.2.2120': attribute type 6 has an invalid length.
[  310.413879][T12697] netlink: 'syz.2.2122': attribute type 1 has an invalid length.
[  310.466859][T12697] bond6: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  310.481455][T12697] bond6: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  310.492156][T12697] bond6: (slave ipvlan0): Setting fail_over_mac to active for active-backup mode
[  310.539981][T12701] bond6: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  310.553857][T12701] bond6: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  310.825794][   T55] block nbd0: Possible stuck request ffff888024f30000: control (read@0,1024B). Runtime 60 seconds
[  310.837629][   T55] block nbd0: Possible stuck request ffff888024f301c0: control (read@1024,1024B). Runtime 60 seconds
[  310.852933][   T55] block nbd0: Possible stuck request ffff888024f30380: control (read@2048,1024B). Runtime 60 seconds
[  310.872354][   T55] block nbd0: Possible stuck request ffff888024f30540: control (read@3072,1024B). Runtime 60 seconds
[  310.975355][T12722] lo: entered allmulticast mode
[  311.209940][T12741] __nla_validate_parse: 4 callbacks suppressed
[  311.209959][T12741] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2135'.
[  311.386242][T12751] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2140'.
[  311.426836][T12751] nbd: must specify a device to reconfigure
[  311.437044][T12757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2141'.
[  311.493163][T12761] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2139'.
[  311.525920][T12763] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2142'.
[  311.723749][T12780] veth1_to_bond: entered allmulticast mode
[  311.736662][T12778] sctp: [Deprecated]: syz.0.2146 (pid 12778) Use of struct sctp_assoc_value in delayed_ack socket option.
[  311.736662][T12778] Use struct sctp_sack_info instead
[  311.761361][T12780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2147'.
[  311.902887][T12780] veth1_to_bond (unregistering): left allmulticast mode
[  312.268448][T12802] Can't find ip_set type 
[  312.352910][T12810] vlan2: entered allmulticast mode
[  312.370032][T12810] bridge_slave_0: entered allmulticast mode
[  312.400639][T12821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2157'.
[  312.448102][T12811] vlan2: entered allmulticast mode
[  312.513174][T12806] lo: left promiscuous mode
[  312.529548][T12829] netlink: 'syz.1.2160': attribute type 10 has an invalid length.
[  312.535275][T12806] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.548668][T12806] 8021q: adding VLAN 0 to HW filter on device team0
[  312.554881][T12827] netlink: 'syz.4.2159': attribute type 11 has an invalid length.
[  312.565879][T12806] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  312.593719][T12824] tipc: Enabling of bearer <eth:vlan1> rejected, failed to enable media
[  312.604950][T12831] netlink: 'syz.1.2160': attribute type 10 has an invalid length.
[  312.612978][T12831] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2160'.
[  312.642062][T12829] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.681847][T12829] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  312.693537][T12831] batadv0: entered promiscuous mode
[  312.706661][T12831] batadv0: entered allmulticast mode
[  312.714426][T12831] bond0: (slave batadv0): Releasing backup interface
[  312.749594][T12831] bridge0: port 2(batadv0) entered blocking state
[  312.758269][T12831] bridge0: port 2(batadv0) entered disabled state
[  312.774822][T12841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2162'.
[  312.919140][T12846] 8021q: VLANs not supported on sit0
[  313.155216][   T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  313.164754][   T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  313.317345][T12873] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  313.692410][T12890] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  313.735012][T12890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2178'.
[  314.032904][T12906] netlink: 'syz.1.2184': attribute type 1 has an invalid length.
[  314.317036][T12915] ip6tnl0: entered promiscuous mode
[  314.376736][T12914] ip6tnl0: left promiscuous mode
[  314.905996][T12940] netlink: 'syz.4.2197': attribute type 1 has an invalid length.
[  316.104941][T12979] netlink: 'syz.4.2207': attribute type 9 has an invalid length.
[  316.478461][T12999] macvlan0: entered allmulticast mode
[  316.488576][T12999] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  316.782001][T13022] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.954388][T13029] __nla_validate_parse: 4 callbacks suppressed
[  316.954407][T13029] netlink: 696 bytes leftover after parsing attributes in process `syz.2.2222'.
[  317.046483][T13035] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2224'.
[  317.108255][T13035] netlink: 'syz.3.2224': attribute type 2 has an invalid length.
[  317.197109][T13043] macvlan0: entered allmulticast mode
[  317.211859][T13043] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  317.232543][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  317.282842][T13048] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  317.379813][T13053] netlink: 4800 bytes leftover after parsing attributes in process `syz.0.2234'.
[  317.400432][T13053] openvswitch: netlink: Flow key attr not present in new flow.
[  317.919441][T13091] veth0: entered promiscuous mode
[  317.942490][T13093] openvswitch: netlink: Key 9 has unexpected len 0 expected 4
[  318.290310][T13082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  318.315356][T13101] netlink: 'syz.4.2253': attribute type 4 has an invalid length.
[  318.726993][T13086] veth0: left promiscuous mode
[  318.944024][T13124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2259'.
[  318.956065][T13124] netlink: 'syz.3.2259': attribute type 30 has an invalid length.
[  318.964574][T13124] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2259'.
[  319.055259][   T30] audit: type=1107 audit(1758152807.985:5): pid=13125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='”ìñIæMPn&Ÿä.a�$YGû¼éû´¤z†øäk({há®
ª2µž'
[  319.272804][T13139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2262'.
[  319.497064][T13149] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2268'.
[  320.082563][T13181] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2280'.
[  320.095614][T13181] netlink: 'syz.4.2280': attribute type 83 has an invalid length.
[  320.209831][T13186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2282'.
[  320.224017][T13186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2282'.
[  320.283491][T13186] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  320.541077][T13201] dvmrp0: entered allmulticast mode
[  320.571483][T13201] dvmrp0: left allmulticast mode
[  340.905448][   T55] block nbd0: Possible stuck request ffff888024f30000: control (read@0,1024B). Runtime 90 seconds
[  340.916258][   T55] block nbd0: Possible stuck request ffff888024f301c0: control (read@1024,1024B). Runtime 90 seconds
[  340.927505][   T55] block nbd0: Possible stuck request ffff888024f30380: control (read@2048,1024B). Runtime 90 seconds
[  340.938528][   T55] block nbd0: Possible stuck request ffff888024f30540: control (read@3072,1024B). Runtime 90 seconds
[  350.572171][T13258] __nla_validate_parse: 1 callbacks suppressed
[  350.572190][T13258] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2308'.
[  350.594963][T13258] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2308'.
[  350.620701][T13258] netlink: 'syz.4.2308': attribute type 5 has an invalid length.
[  352.043611][T13351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2335'.
[  352.691553][T13389] netlink: 'syz.4.2350': attribute type 3 has an invalid length.
[  352.710282][T13389] netlink: 'syz.4.2350': attribute type 1 has an invalid length.
[  352.783154][T13393] dvmrp0: entered allmulticast mode
[  352.804422][T13393] raw_sendmsg: syz.0.2352 forgot to set AF_INET. Fix it!
[  352.843291][T13398] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2353'.
[  352.871967][T13398] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  353.077137][T13409] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2357'.
[  353.133884][T13409] bridge0: port 2(batadv1) entered blocking state
[  353.143008][T13409] bridge0: port 2(batadv1) entered disabled state
[  353.157261][T13409] batadv1: entered allmulticast mode
[  353.183001][T13409] batadv1: entered promiscuous mode
[  353.221996][T13409] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  353.674865][T10739] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  353.684269][T10739] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  353.843164][T13464] nbd: must specify a device to reconfigure
[  353.879387][T13464] mac80211_hwsim hwsim20 wlan1: entered allmulticast mode
[  354.026723][T13475] netlink: 'syz.3.2380': attribute type 3 has an invalid length.
[  354.653754][T13516] netlink: 'syz.1.2395': attribute type 1 has an invalid length.
[  354.678118][T13516] netlink: 'syz.1.2395': attribute type 1 has an invalid length.
[  354.704111][T13516] netlink: 'syz.1.2395': attribute type 1 has an invalid length.
[  354.725693][T13520] netlink: 'syz.2.2397': attribute type 1 has an invalid length.
[  354.728549][T13516] netlink: 'syz.1.2395': attribute type 1 has an invalid length.
[  354.746612][T13524] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2398'.
[  354.759559][T13516] netlink: 'syz.1.2395': attribute type 2 has an invalid length.
[  354.897341][T13531] netlink: 'syz.2.2400': attribute type 11 has an invalid length.
[  355.143939][T13544] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2405'.
[  355.168452][T13544] bond0: Error: Cannot enslave bond to itself.
[  355.399553][T13570] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2413'.
[  355.765127][T13598] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  355.873841][T13601] gre0: entered promiscuous mode
[  355.983605][T13611] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2427'.
[  356.058696][T13611] IPVS: set_ctl: invalid protocol: 295 172.30.0.3:20000
[  356.098633][T13611] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2427'.
[  356.147400][T13611] ip_vti0: entered promiscuous mode
[  356.194090][T13611] ip_vti0: entered allmulticast mode
[  356.205954][T13618] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2431'.
[  356.235685][T13618] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2431'.
[  356.552823][T13643] FAULT_INJECTION: forcing a failure.
[  356.552823][T13643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  356.606749][T13643] CPU: 0 UID: 0 PID: 13643 Comm: syz.1.2438 Not tainted syzkaller #0 PREEMPT(full) 
[  356.606777][T13643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  356.606789][T13643] Call Trace:
[  356.606797][T13643]  <TASK>
[  356.606806][T13643]  dump_stack_lvl+0x189/0x250
[  356.606835][T13643]  ? __pfx____ratelimit+0x10/0x10
[  356.606856][T13643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  356.606879][T13643]  ? __pfx__printk+0x10/0x10
[  356.606918][T13643]  should_fail_ex+0x414/0x560
[  356.606951][T13643]  _copy_to_user+0x31/0xb0
[  356.606979][T13643]  simple_read_from_buffer+0xe1/0x170
[  356.607012][T13643]  proc_fail_nth_read+0x1b3/0x220
[  356.607038][T13643]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  356.607064][T13643]  ? rw_verify_area+0x2a6/0x4d0
[  356.607084][T13643]  ? __lock_acquire+0xab9/0xd20
[  356.607108][T13643]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  356.607127][T13643]  vfs_read+0x200/0xa30
[  356.607148][T13643]  ? fdget_pos+0x247/0x320
[  356.607168][T13643]  ? __pfx___mutex_lock+0x10/0x10
[  356.607190][T13643]  ? __pfx_vfs_read+0x10/0x10
[  356.607222][T13643]  ? __fget_files+0x2a/0x420
[  356.607243][T13643]  ? __fget_files+0x3a0/0x420
[  356.607259][T13643]  ? __fget_files+0x2a/0x420
[  356.607285][T13643]  ksys_read+0x145/0x250
[  356.607311][T13643]  ? __pfx_ksys_read+0x10/0x10
[  356.607332][T13643]  ? rcu_is_watching+0x15/0xb0
[  356.607356][T13643]  ? do_syscall_64+0xbe/0x3b0
[  356.607382][T13643]  do_syscall_64+0xfa/0x3b0
[  356.607402][T13643]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.607422][T13643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.607441][T13643]  ? clear_bhb_loop+0x60/0xb0
[  356.607465][T13643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.607484][T13643] RIP: 0033:0x7f20b598d5bc
[  356.607502][T13643] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  356.607519][T13643] RSP: 002b:00007f20b6791030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  356.607541][T13643] RAX: ffffffffffffffda RBX: 00007f20b5bd5fa0 RCX: 00007f20b598d5bc
[  356.607555][T13643] RDX: 000000000000000f RSI: 00007f20b67910a0 RDI: 0000000000000004
[  356.607568][T13643] RBP: 00007f20b6791090 R08: 0000000000000000 R09: 0000000000000000
[  356.607580][T13643] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  356.607592][T13643] R13: 00007f20b5bd6038 R14: 00007f20b5bd5fa0 R15: 00007ffcca037408
[  356.607625][T13643]  </TASK>
[  356.989514][T13648] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2440'.
[  357.389112][T13664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2447'.
[  357.629317][T13682] FAULT_INJECTION: forcing a failure.
[  357.629317][T13682] name failslab, interval 1, probability 0, space 0, times 0
[  357.636072][T13683] FAULT_INJECTION: forcing a failure.
[  357.636072][T13683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  357.649581][T13682] CPU: 0 UID: 0 PID: 13682 Comm: syz.2.2454 Not tainted syzkaller #0 PREEMPT(full) 
[  357.649609][T13682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  357.649621][T13682] Call Trace:
[  357.649629][T13682]  <TASK>
[  357.649638][T13682]  dump_stack_lvl+0x189/0x250
[  357.649666][T13682]  ? __pfx____ratelimit+0x10/0x10
[  357.649687][T13682]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.649709][T13682]  ? __pfx__printk+0x10/0x10
[  357.649741][T13682]  ? __pfx___might_resched+0x10/0x10
[  357.649764][T13682]  should_fail_ex+0x414/0x560
[  357.649797][T13682]  should_failslab+0xa8/0x100
[  357.649827][T13682]  __kmalloc_node_noprof+0xd1/0x4e0
[  357.649852][T13682]  ? crypto_create_tfm_node+0x83/0x3f0
[  357.649885][T13682]  crypto_create_tfm_node+0x83/0x3f0
[  357.649918][T13682]  crypto_alloc_tfm_node+0x172/0x3f0
[  357.649961][T13682]  esp6_init_state+0x36b/0x1140
[  357.649981][T13682]  ? __sock_sendmsg+0x21c/0x270
[  357.650006][T13682]  ? ____sys_sendmsg+0x505/0x830
[  357.650027][T13682]  ? ___sys_sendmsg+0x21f/0x2a0
[  357.650049][T13682]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.650077][T13682]  ? __pfx_esp6_init_state+0x10/0x10
[  357.650106][T13682]  ? __lock_acquire+0xab9/0xd20
[  357.650157][T13682]  ? __xfrm_init_state+0x7ef/0x13f0
[  357.650188][T13682]  __xfrm_init_state+0xa73/0x13f0
[  357.650213][T13682]  ? __xfrm_init_state+0x7ef/0x13f0
[  357.650244][T13682]  xfrm_add_sa+0x2f5b/0x4070
[  357.650278][T13682]  ? __pfx_xfrm_add_sa+0x10/0x10
[  357.650302][T13682]  ? apparmor_capable+0x137/0x1b0
[  357.650330][T13682]  ? __nla_parse+0x40/0x60
[  357.650354][T13682]  xfrm_user_rcv_msg+0x7a0/0xab0
[  357.650386][T13682]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  357.650448][T13682]  ? __pfx___mutex_trylock_common+0x10/0x10
[  357.650473][T13682]  ? rcu_is_watching+0x15/0xb0
[  357.650492][T13682]  ? trace_contention_end+0x39/0x120
[  357.650514][T13682]  ? __mutex_lock+0x335/0x1350
[  357.650544][T13682]  netlink_rcv_skb+0x208/0x470
[  357.650566][T13682]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  357.650594][T13682]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  357.650628][T13682]  ? netlink_deliver_tap+0x2e/0x1b0
[  357.650648][T13682]  ? netlink_deliver_tap+0x2e/0x1b0
[  357.650670][T13682]  xfrm_netlink_rcv+0x79/0x90
[  357.650696][T13682]  netlink_unicast+0x82f/0x9e0
[  357.650733][T13682]  ? __pfx_netlink_unicast+0x10/0x10
[  357.650763][T13682]  ? netlink_sendmsg+0x642/0xb30
[  357.650781][T13682]  ? skb_put+0x11b/0x210
[  357.650806][T13682]  netlink_sendmsg+0x805/0xb30
[  357.650836][T13682]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.650860][T13682]  ? aa_sock_msg_perm+0xf1/0x1d0
[  357.650880][T13682]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  357.650901][T13682]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.650927][T13682]  __sock_sendmsg+0x21c/0x270
[  357.650958][T13682]  ____sys_sendmsg+0x505/0x830
[  357.650988][T13682]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.651020][T13682]  ? import_iovec+0x74/0xa0
[  357.651048][T13682]  ___sys_sendmsg+0x21f/0x2a0
[  357.651074][T13682]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.651135][T13682]  ? __fget_files+0x2a/0x420
[  357.651150][T13682]  ? __fget_files+0x3a0/0x420
[  357.651176][T13682]  __x64_sys_sendmsg+0x19b/0x260
[  357.651203][T13682]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  357.651237][T13682]  ? __pfx_ksys_write+0x10/0x10
[  357.651259][T13682]  ? rcu_is_watching+0x15/0xb0
[  357.651283][T13682]  ? do_syscall_64+0xbe/0x3b0
[  357.651308][T13682]  do_syscall_64+0xfa/0x3b0
[  357.651326][T13682]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.651345][T13682]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.651362][T13682]  ? clear_bhb_loop+0x60/0xb0
[  357.651386][T13682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.651404][T13682] RIP: 0033:0x7f4e70f8eba9
[  357.651421][T13682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.651438][T13682] RSP: 002b:00007f4e71d82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.651458][T13682] RAX: ffffffffffffffda RBX: 00007f4e711d5fa0 RCX: 00007f4e70f8eba9
[  357.651472][T13682] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  357.651484][T13682] RBP: 00007f4e71d82090 R08: 0000000000000000 R09: 0000000000000000
[  357.651495][T13682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.651507][T13682] R13: 00007f4e711d6038 R14: 00007f4e711d5fa0 R15: 00007ffea80fb9f8
[  357.651537][T13682]  </TASK>
[  357.791673][T13686] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2455'.
[  357.833348][T13683] CPU: 1 UID: 0 PID: 13683 Comm: syz.3.2453 Not tainted syzkaller #0 PREEMPT(full) 
[  357.833374][T13683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  357.833387][T13683] Call Trace:
[  357.833396][T13683]  <TASK>
[  357.833404][T13683]  dump_stack_lvl+0x189/0x250
[  357.833432][T13683]  ? __pfx____ratelimit+0x10/0x10
[  357.833452][T13683]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.833474][T13683]  ? __pfx__printk+0x10/0x10
[  357.833500][T13683]  ? __might_fault+0xb0/0x130
[  357.833537][T13683]  should_fail_ex+0x414/0x560
[  357.833569][T13683]  _copy_from_user+0x2d/0xb0
[  357.833595][T13683]  ___sys_sendmsg+0x158/0x2a0
[  357.833621][T13683]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.833680][T13683]  ? __fget_files+0x2a/0x420
[  357.833696][T13683]  ? __fget_files+0x3a0/0x420
[  357.833722][T13683]  __sys_sendmmsg+0x227/0x430
[  357.833752][T13683]  ? __pfx___sys_sendmmsg+0x10/0x10
[  357.833772][T13683]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  357.833818][T13683]  ? ksys_write+0x22a/0x250
[  357.833844][T13683]  ? __pfx_ksys_write+0x10/0x10
[  357.833865][T13683]  ? rcu_is_watching+0x15/0xb0
[  357.833891][T13683]  __x64_sys_sendmmsg+0xa0/0xc0
[  357.833917][T13683]  do_syscall_64+0xfa/0x3b0
[  357.833937][T13683]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.833955][T13683]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.833974][T13683]  ? clear_bhb_loop+0x60/0xb0
[  357.833997][T13683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.834014][T13683] RIP: 0033:0x7f22a898eba9
[  357.834032][T13683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.834048][T13683] RSP: 002b:00007f22a9868038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  357.834074][T13683] RAX: ffffffffffffffda RBX: 00007f22a8bd5fa0 RCX: 00007f22a898eba9
[  357.834089][T13683] RDX: 03fffffffffffe3d RSI: 0000200000003e40 RDI: 0000000000000003
[  357.834101][T13683] RBP: 00007f22a9868090 R08: 0000000000000000 R09: 0000000000000000
[  357.834113][T13683] R10: 00000000000000f5 R11: 0000000000000246 R12: 0000000000000001
[  357.834125][T13683] R13: 00007f22a8bd6038 R14: 00007f22a8bd5fa0 R15: 00007ffce9f22ce8
[  357.834154][T13683]  </TASK>
[  358.294102][T13698] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2459'.
[  358.671945][T13725] nbd: must specify a device to reconfigure
[  358.681099][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2463'.
[  358.709422][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2463'.
[  358.784796][T13731] FAULT_INJECTION: forcing a failure.
[  358.784796][T13731] name failslab, interval 1, probability 0, space 0, times 0
[  358.826224][T13734] macvlan2: entered allmulticast mode
[  358.834364][T13734] bond0: (slave macvlan2): Opening slave failed
[  358.841954][T13731] CPU: 0 UID: 0 PID: 13731 Comm: syz.1.2469 Not tainted syzkaller #0 PREEMPT(full) 
[  358.841981][T13731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  358.841992][T13731] Call Trace:
[  358.842000][T13731]  <TASK>
[  358.842008][T13731]  dump_stack_lvl+0x189/0x250
[  358.842036][T13731]  ? __pfx____ratelimit+0x10/0x10
[  358.842057][T13731]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.842080][T13731]  ? __pfx__printk+0x10/0x10
[  358.842109][T13731]  ? __pfx___might_resched+0x10/0x10
[  358.842128][T13731]  ? fs_reclaim_acquire+0x7d/0x100
[  358.842151][T13731]  should_fail_ex+0x414/0x560
[  358.842185][T13731]  should_failslab+0xa8/0x100
[  358.842214][T13731]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  358.842241][T13731]  ? __alloc_skb+0x112/0x2d0
[  358.842267][T13731]  __alloc_skb+0x112/0x2d0
[  358.842293][T13731]  alloc_skb_with_frags+0xca/0x890
[  358.842331][T13731]  sock_alloc_send_pskb+0x857/0x990
[  358.842381][T13731]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  358.842410][T13731]  ? __local_bh_enable_ip+0x12d/0x1c0
[  358.842432][T13731]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  358.842464][T13731]  j1939_sk_sendmsg+0x6f5/0x1350
[  358.842511][T13731]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[  358.842535][T13731]  ? aa_sock_msg_perm+0xf1/0x1d0
[  358.842558][T13731]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  358.842579][T13731]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[  358.842604][T13731]  __sock_sendmsg+0x21c/0x270
[  358.842637][T13731]  ____sys_sendmsg+0x52d/0x830
[  358.842667][T13731]  ? __pfx_____sys_sendmsg+0x10/0x10
[  358.842707][T13731]  ? import_iovec+0x74/0xa0
[  358.842736][T13731]  ___sys_sendmsg+0x21f/0x2a0
[  358.842771][T13731]  ? __pfx____sys_sendmsg+0x10/0x10
[  358.842834][T13731]  ? __fget_files+0x2a/0x420
[  358.842850][T13731]  ? __fget_files+0x3a0/0x420
[  358.842878][T13731]  __sys_sendmmsg+0x227/0x430
[  358.842909][T13731]  ? __pfx___sys_sendmmsg+0x10/0x10
[  358.842931][T13731]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  358.842981][T13731]  ? ksys_write+0x22a/0x250
[  358.843009][T13731]  ? __pfx_ksys_write+0x10/0x10
[  358.843031][T13731]  ? rcu_is_watching+0x15/0xb0
[  358.843058][T13731]  __x64_sys_sendmmsg+0xa0/0xc0
[  358.843085][T13731]  do_syscall_64+0xfa/0x3b0
[  358.843106][T13731]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.843126][T13731]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.843145][T13731]  ? clear_bhb_loop+0x60/0xb0
[  358.843169][T13731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.843188][T13731] RIP: 0033:0x7f20b598eba9
[  358.843206][T13731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.843223][T13731] RSP: 002b:00007f20b6791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  358.843245][T13731] RAX: ffffffffffffffda RBX: 00007f20b5bd5fa0 RCX: 00007f20b598eba9
[  358.843260][T13731] RDX: 03fffffffffffe3d RSI: 0000200000003e40 RDI: 0000000000000003
[  358.843274][T13731] RBP: 00007f20b6791090 R08: 0000000000000000 R09: 0000000000000000
[  358.843286][T13731] R10: 00000000000000f5 R11: 0000000000000246 R12: 0000000000000001
[  358.843298][T13731] R13: 00007f20b5bd6038 R14: 00007f20b5bd5fa0 R15: 00007ffcca037408
[  358.843331][T13731]  </TASK>
[  359.279012][T13746] validate_nla: 2 callbacks suppressed
[  359.279032][T13746] netlink: 'syz.0.2473': attribute type 1 has an invalid length.
[  359.295663][T13746] netlink: 'syz.0.2473': attribute type 2 has an invalid length.
[  359.610242][T13728] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  359.624150][T13726] netlink: 'syz.4.2463': attribute type 1 has an invalid length.
[  359.642939][T13774] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  359.955599][T13793] netlink: 'syz.0.2487': attribute type 15 has an invalid length.
[  360.033773][T13797] tc_dump_action: action bad kind
[  360.151977][T13808] xt_HMARK: proto mask must be zero with L3 mode
[  360.374297][T13816] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  360.840329][T13845] netlink: 'syz.1.2510': attribute type 1 has an invalid length.
[  360.941713][T13845] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  360.979506][T13845] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  360.989988][T13859] netlink: 'syz.0.2511': attribute type 1 has an invalid length.
[  360.994684][T13855] __nla_validate_parse: 6 callbacks suppressed
[  360.994702][T13855] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2510'.
[  361.052552][T13855] 8021q: adding VLAN 0 to HW filter on device bond3
[  361.053719][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2512'.
[  361.092761][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2512'.
[  361.102130][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2512'.
[  361.114459][T13855] vlan3: entered allmulticast mode
[  361.134136][T13855] bridge0: entered allmulticast mode
[  361.149562][T13855] bond3: (slave vlan3): making interface the new active one
[  361.160291][T13845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2510'.
[  361.173758][T13855] bond3: (slave vlan3): Enslaving as an active interface with an up link
[  361.562751][T13888] macvlan2: entered allmulticast mode
[  361.593783][T13888] bond0: (slave macvlan2): Opening slave failed
[  361.737397][T13904] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  361.877368][T13911] IPVS: Unknown mcast interface: pimreg0
[  361.923110][T13915] Unsupported ieee802154 address type: 0
[  361.953125][T13911] netem: change failed
[  362.052499][T13920] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2536'.
[  362.112309][T13924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2537'.
[  362.140248][T13928] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2539'.
[  362.141127][T13929] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2539'.
[  362.172075][T13926] af_packet: tpacket_rcv: packet too big, clamped from 172 to 4294967272. macoff=96
[  362.186912][T13920] netlink: 'syz.0.2536': attribute type 4 has an invalid length.
[  362.225233][T13926] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2538'.
[  362.587494][T13960] netlink: 'syz.4.2546': attribute type 2 has an invalid length.
[  362.871609][T13975] netlink: 'syz.2.2553': attribute type 1 has an invalid length.
[  363.490170][T14012] nbd: must specify a device to reconfigure
[  363.672160][T14020] 8021q: adding VLAN 0 to HW filter on device bond6
[  363.773635][T14026] IPVS: set_ctl: invalid protocol: 43 224.0.0.1:20000
[  364.263135][T14062] sctp: [Deprecated]: syz.4.2579 (pid 14062) Use of struct sctp_assoc_value in delayed_ack socket option.
[  364.263135][T14062] Use struct sctp_sack_info instead
[  364.723022][T14083] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  364.853244][T14087] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  364.890844][T14087] macsec0: mtu less than device minimum
[  364.908051][T14085] tipc: Disabling bearer <eth:syzkaller0>
[  365.232205][T14107] syzkaller0: create flow: hash 137644864 index 1
[  365.266145][T10740] syzkaller0: tun_net_xmit 76
[  365.272985][T10740] syzkaller0: tun_net_xmit 48
[  365.294854][  T980] syzkaller0: tun_net_xmit 76
[  365.485570][  T980] syzkaller0: tun_net_xmit 76
[  365.517480][T14099] syzkaller0: delete flow: hash 137644864 index 1
[  367.934763][T14168] __nla_validate_parse: 4 callbacks suppressed
[  367.934784][T14168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2597'.
[  367.994772][T14168] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2597'.
[  368.072567][T14176] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2600'.
[  368.427760][T14201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2606'.
[  368.510659][T14206] netlink: 'syz.2.2607': attribute type 1 has an invalid length.
[  368.558482][T14206] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2607'.
[  368.653260][T14216] netlink: 'syz.3.2610': attribute type 83 has an invalid length.
[  368.768072][T14225] netlink: 'syz.2.2613': attribute type 1 has an invalid length.
[  368.892639][T14234] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2616'.
[  368.903521][T14234] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2616'.
[  368.915180][T14234] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2616'.
[  368.939752][T14238] netlink: 788 bytes leftover after parsing attributes in process `syz.3.2614'.
[  368.981121][T14232] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address
[  369.003352][T14232] bond7: (slave vxcan3): Error -95 calling set_mac_address
[  369.011077][T14234] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2616'.
[  369.062729][T14239] veth1_to_bond: entered allmulticast mode
[  369.171932][T14234] bond0: (slave bond_slave_1): Releasing backup interface
[  369.209474][T14234] veth1_to_bond (unregistering): left allmulticast mode
[  369.413273][T14254] C: renamed from team_slave_0
[  369.440980][T14254] netlink: 'syz.2.2619': attribute type 1 has an invalid length.
[  369.465108][T14254] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  369.670597][T14279] netlink: 'syz.0.2623': attribute type 1 has an invalid length.
[  370.911275][T14310] netlink: 'syz.3.2632': attribute type 1 has an invalid length.
[  370.992815][   T55] block nbd0: Possible stuck request ffff888024f30000: control (read@0,1024B). Runtime 120 seconds
[  370.994757][T14305] IPVS: persistence engine module ip_vs_pe_À
 not found
[  371.003982][   T55] block nbd0: Possible stuck request ffff888024f301c0: control (read@1024,1024B). Runtime 120 seconds
[  371.023450][   T55] block nbd0: Possible stuck request ffff888024f30380: control (read@2048,1024B). Runtime 120 seconds
[  371.034842][   T55] block nbd0: Possible stuck request ffff888024f30540: control (read@3072,1024B). Runtime 120 seconds
[  371.771779][T14361] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  371.803408][T14359] tipc: Enabled bearer <ib:gretap0>, priority 10
[  372.261805][T14376] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  372.533715][T14388] netlink: 'syz.2.2656': attribute type 12 has an invalid length.
[  372.574190][T14391] nbd: must specify a device to reconfigure
[  372.925200][ T5875] tipc: Node number set to 3359864797
[  373.041970][T14418] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  373.240187][T14427] nbd: must specify a device to reconfigure
[  373.252944][T14427] __nla_validate_parse: 3 callbacks suppressed
[  373.252961][T14427] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2671'.
[  373.268837][T14427] unsupported nlmsg_type 40
[  373.383325][T14436] ieee802154 phy1 wpan1: encryption failed: -22
[  373.608487][T14449] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2679'.
[  373.627960][T14449] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2679'.
[  373.671458][T14457] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2678'.
[  373.740921][T14462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2682'.
[  374.162426][T14480] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2690'.
[  374.180328][T14480] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2690'.
[  374.228511][T14484] IPv6: NLM_F_CREATE should be specified when creating new route
[  374.252987][T14488] veth0: entered promiscuous mode
[  374.300213][T14487] veth0: left promiscuous mode
[  374.499956][T14497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2698'.
[  374.511402][T14497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2698'.
[  374.578368][T14502] FAULT_INJECTION: forcing a failure.
[  374.578368][T14502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  374.614395][T14502] CPU: 0 UID: 0 PID: 14502 Comm: syz.0.2700 Not tainted syzkaller #0 PREEMPT(full) 
[  374.614423][T14502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  374.614439][T14502] Call Trace:
[  374.614447][T14502]  <TASK>
[  374.614456][T14502]  dump_stack_lvl+0x189/0x250
[  374.614485][T14502]  ? __pfx____ratelimit+0x10/0x10
[  374.614506][T14502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  374.614529][T14502]  ? __pfx__printk+0x10/0x10
[  374.614570][T14502]  should_fail_ex+0x414/0x560
[  374.614601][T14502]  _copy_to_user+0x31/0xb0
[  374.614627][T14502]  simple_read_from_buffer+0xe1/0x170
[  374.614668][T14502]  proc_fail_nth_read+0x1b3/0x220
[  374.614694][T14502]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  374.614720][T14502]  ? rw_verify_area+0x2a6/0x4d0
[  374.614744][T14502]  ? __lock_acquire+0xab9/0xd20
[  374.614770][T14502]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  374.614793][T14502]  vfs_read+0x200/0xa30
[  374.614826][T14502]  ? fdget_pos+0x247/0x320
[  374.614847][T14502]  ? __pfx___mutex_lock+0x10/0x10
[  374.614868][T14502]  ? __pfx_vfs_read+0x10/0x10
[  374.614894][T14502]  ? __fget_files+0x2a/0x420
[  374.614915][T14502]  ? __fget_files+0x3a0/0x420
[  374.614929][T14502]  ? __fget_files+0x2a/0x420
[  374.614955][T14502]  ksys_read+0x145/0x250
[  374.614978][T14502]  ? __fget_files+0x3a0/0x420
[  374.614995][T14502]  ? __pfx_ksys_read+0x10/0x10
[  374.615025][T14502]  ? do_syscall_64+0xbe/0x3b0
[  374.615051][T14502]  do_syscall_64+0xfa/0x3b0
[  374.615073][T14502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.615091][T14502]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  374.615111][T14502]  ? clear_bhb_loop+0x60/0xb0
[  374.615131][T14502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.615153][T14502] RIP: 0033:0x7f5bcf58d5bc
[  374.615169][T14502] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  374.615185][T14502] RSP: 002b:00007f5bd039b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  374.615204][T14502] RAX: ffffffffffffffda RBX: 00007f5bcf7d5fa0 RCX: 00007f5bcf58d5bc
[  374.615218][T14502] RDX: 000000000000000f RSI: 00007f5bd039b0a0 RDI: 0000000000000006
[  374.615231][T14502] RBP: 00007f5bd039b090 R08: 0000000000000000 R09: 0000000000000000
[  374.615243][T14502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.615255][T14502] R13: 00007f5bcf7d6038 R14: 00007f5bcf7d5fa0 R15: 00007ffe1afcce18
[  374.615286][T14502]  </TASK>
[  374.949638][T14508] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2703'.
[  375.098178][T14519] openvswitch: netlink: Actions may not be safe on all matching packets
[  375.219931][T14530] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  375.401733][T14543] batadv1: left allmulticast mode
[  375.436513][T14543] batadv1: left promiscuous mode
[  375.457408][T14543] bridge0: port 3(batadv1) entered disabled state
[  375.483222][T14543] bridge_slave_1: left allmulticast mode
[  375.494199][T14543] bridge_slave_1: left promiscuous mode
[  375.504693][T14543] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.528221][T14543] bridge_slave_0: left allmulticast mode
[  375.543474][T14543] bridge_slave_0: left promiscuous mode
[  375.550333][T14543] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.852055][T14564] netlink: 'syz.3.2719': attribute type 2 has an invalid length.
[  375.874402][T14564] netlink: 'syz.3.2719': attribute type 2 has an invalid length.
[  375.962594][T14570] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  377.582679][T14656] vlan2: entered allmulticast mode
[  377.588599][T14656] hsr0: entered allmulticast mode
[  377.593761][T14656] hsr_slave_0: entered allmulticast mode
[  377.600060][T14656] hsr_slave_1: entered allmulticast mode
[  377.964886][T14680] openvswitch: netlink: Key type 1552 is out of range max 32
[  378.012401][T14686] netlink: 'syz.4.2755': attribute type 83 has an invalid length.
[  378.207547][T14700] netlink: 'syz.1.2758': attribute type 12 has an invalid length.
[  378.386339][T14711] syzkaller1: entered promiscuous mode
[  378.396666][T14711] syzkaller1: entered allmulticast mode
[  378.422862][T14712] __nla_validate_parse: 6 callbacks suppressed
[  378.422880][T14712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2762'.
[  378.452097][T14712] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2762'.
[  378.555407][T14717] netlink: 160 bytes leftover after parsing attributes in process `syz.1.2764'.
[  378.600161][ T5183] Bluetooth: hci4: link tx timeout
[  378.606130][ T5183] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  378.625290][T14720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2766'.
[  378.665969][T14726] netlink: 'syz.1.2767': attribute type 4 has an invalid length.
[  378.682548][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  378.739303][T14730] netlink: 'syz.2.2769': attribute type 32 has an invalid length.
[  378.748666][T14730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2769'.
[  378.758582][T14730] (unnamed net_device) (uninitialized): option coupled_control: invalid value (16)
[  378.773500][T14730] netlink: 'syz.2.2769': attribute type 32 has an invalid length.
[  378.781910][T14730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2769'.
[  378.791990][T14730] (unnamed net_device) (uninitialized): option coupled_control: invalid value (16)
[  379.204806][T14764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2779'.
[  379.252328][T14764] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  379.383479][T14764] syzkaller0: entered promiscuous mode
[  379.411990][T14764] syzkaller0: entered allmulticast mode
[  379.429598][T14764] tipc: Resetting bearer <eth:syzkaller0>
[  379.441131][T14778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2780'.
[  379.491211][T14764] syzkaller0: left promiscuous mode
[  379.497084][T14764] syzkaller0: left allmulticast mode
[  379.504377][T14764] tipc: Resetting bearer <eth:syzkaller0>
[  379.513732][   T30] audit: type=1800 audit(1758152868.455:6): pid=14782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2784" name="memory.events" dev="tmpfs" ino=2790 res=0 errno=0
[  379.578387][T14771] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  379.590671][T14771] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue
[  379.608838][T14771] gretap2: entered promiscuous mode
[  379.614162][T14771] gretap2: entered allmulticast mode
[  379.627270][T14761] tipc: Resetting bearer <eth:syzkaller0>
[  380.325049][  T980] tipc: Node number set to 1145926864
[  380.668479][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  381.183555][T14761] tipc: Disabling bearer <eth:syzkaller0>
[  381.204194][T14791] º
: renamed from veth1_vlan (while UP)
[  381.423601][T14804] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2788'.
[  381.525334][T14814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2792'.
[  381.569848][T14815] netlink: 'syz.1.2792': attribute type 1 has an invalid length.
[  381.823373][T14840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  381.992738][T14844] netlink: 'syz.4.2801': attribute type 4 has an invalid length.
[  382.384523][T14866] sctp: [Deprecated]: syz.3.2809 (pid 14866) Use of struct sctp_assoc_value in delayed_ack socket option.
[  382.384523][T14866] Use struct sctp_sack_info instead
[  382.668874][T14886] delete_channel: no stack
[  382.677450][T14888] macvlan2: entered allmulticast mode
[  382.693808][T14888] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  382.720054][T14892] sctp: [Deprecated]: syz.2.2819 (pid 14892) Use of struct sctp_assoc_value in delayed_ack socket option.
[  382.720054][T14892] Use struct sctp_sack_info instead
[  382.743917][T14892] ip6gre0: Master is either lo or non-ether device
[  383.257991][T14923] netlink: 'syz.3.2832': attribute type 1 has an invalid length.
[  383.669116][T14944] __nla_validate_parse: 6 callbacks suppressed
[  383.669135][T14944] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2836'.
[  383.803682][T14951] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2841'.
[  383.864219][T14958] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2842'.
[  384.099564][T14970] netlink: 696 bytes leftover after parsing attributes in process `syz.2.2850'.
[  384.122580][T14970] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2850'.
[  384.180194][T14979] netlink: 696 bytes leftover after parsing attributes in process `syz.2.2850'.
[  384.268995][T14984] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2851'.
[  384.686406][T15004] netlink: 284 bytes leftover after parsing attributes in process `syz.1.2858'.
[  384.809539][T15012] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2859'.
[  385.243642][T15028] netlink: 'syz.4.2867': attribute type 1 has an invalid length.
[  385.332369][T15038] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2870'.
[  385.423048][T15031] 8021q: adding VLAN 0 to HW filter on device bond9
[  385.437248][T15031] bond8: (slave bond9): making interface the new active one
[  385.455946][T15031] bond8: (slave bond9): Enslaving as an active interface with an up link
[  385.476036][T15037] 8021q: adding VLAN 0 to HW filter on device bond8
[  385.753865][T15058] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  385.842404][T15061] bond9: entered promiscuous mode
[  385.847865][T15061] bond9: entered allmulticast mode
[  385.853514][T15061] 8021q: adding VLAN 0 to HW filter on device bond9
[  386.683619][T15123] netlink: 'syz.3.2898': attribute type 5 has an invalid length.
[  386.701799][T15123] Bluetooth: hci0: Opcode 0x080f failed: -22
[  386.850155][T15130] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  386.951377][T15139] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1)
[  387.327564][T15157] macvlan0: entered allmulticast mode
[  387.333716][T15157] bond0: (slave macvlan0): Error -98 calling set_mac_address
[  387.508343][T15166] (unnamed net_device) (uninitialized): (slave gre0): Device is not bonding slave
[  387.534949][T15166] (unnamed net_device) (uninitialized): option active_slave: invalid value (gre0)
[  387.575527][T15164] (unnamed net_device) (uninitialized): (slave gre0): Device is not bonding slave
[  387.595089][T15164] (unnamed net_device) (uninitialized): option active_slave: invalid value (gre0)
[  387.848218][T15180] netlink: 'syz.3.2919': attribute type 21 has an invalid length.
[  387.876035][T15180] netlink: 'syz.3.2919': attribute type 6 has an invalid length.
[  387.976042][T15183] netlink: 'syz.1.2921': attribute type 3 has an invalid length.
[  388.199552][T15193] openvswitch: netlink: EtherType 50a is less than min 600
[  388.239999][   T30] audit: type=1804 audit(1758152877.175:7): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2924" name="/newroot/591/memory.events" dev="tmpfs" ino=3015 res=1 errno=0
[  388.357564][   T30] audit: type=1800 audit(1758152877.175:8): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2924" name="memory.events" dev="tmpfs" ino=3015 res=0 errno=0
[  388.616857][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  388.632332][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  388.642607][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  388.653019][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  388.665593][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  388.744988][ T5183] Bluetooth: hci0: command tx timeout
[  388.941830][T15219] FAULT_INJECTION: forcing a failure.
[  388.941830][T15219] name failslab, interval 1, probability 0, space 0, times 0
[  388.995266][T15219] CPU: 0 UID: 0 PID: 15219 Comm: syz.0.2934 Not tainted syzkaller #0 PREEMPT(full) 
[  388.995294][T15219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  388.995306][T15219] Call Trace:
[  388.995314][T15219]  <TASK>
[  388.995322][T15219]  dump_stack_lvl+0x189/0x250
[  388.995350][T15219]  ? __pfx____ratelimit+0x10/0x10
[  388.995370][T15219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.995392][T15219]  ? __pfx__printk+0x10/0x10
[  388.995422][T15219]  ? __pfx___might_resched+0x10/0x10
[  388.995441][T15219]  ? fs_reclaim_acquire+0x7d/0x100
[  388.995465][T15219]  should_fail_ex+0x414/0x560
[  388.995500][T15219]  should_failslab+0xa8/0x100
[  388.995530][T15219]  __kmalloc_noprof+0xcb/0x4f0
[  388.995556][T15219]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  388.995589][T15219]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  388.995621][T15219]  genl_family_rcv_msg_doit+0xb8/0x300
[  388.995650][T15219]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  388.995684][T15219]  ? apparmor_capable+0x137/0x1b0
[  388.995710][T15219]  ? bpf_lsm_capable+0x9/0x20
[  388.995736][T15219]  ? security_capable+0x7e/0x2e0
[  388.995772][T15219]  genl_rcv_msg+0x60e/0x790
[  388.995806][T15219]  ? __pfx_genl_rcv_msg+0x10/0x10
[  388.995830][T15219]  ? __pfx_netlbl_unlabel_staticadddef+0x10/0x10
[  388.995873][T15219]  netlink_rcv_skb+0x208/0x470
[  388.995899][T15219]  ? __lock_acquire+0xab9/0xd20
[  388.995927][T15219]  ? __pfx_genl_rcv_msg+0x10/0x10
[  388.995955][T15219]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  388.995995][T15219]  ? down_read+0x1ad/0x2e0
[  388.996022][T15219]  genl_rcv+0x28/0x40
[  388.996045][T15219]  netlink_unicast+0x82f/0x9e0
[  388.996084][T15219]  ? __pfx_netlink_unicast+0x10/0x10
[  388.996116][T15219]  ? netlink_sendmsg+0x642/0xb30
[  388.996135][T15219]  ? skb_put+0x11b/0x210
[  388.996161][T15219]  netlink_sendmsg+0x805/0xb30
[  388.996193][T15219]  ? __pfx_netlink_sendmsg+0x10/0x10
[  388.996217][T15219]  ? aa_sock_msg_perm+0xf1/0x1d0
[  388.996239][T15219]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  388.996260][T15219]  ? __pfx_netlink_sendmsg+0x10/0x10
[  388.996282][T15219]  __sock_sendmsg+0x21c/0x270
[  388.996318][T15219]  ____sys_sendmsg+0x505/0x830
[  388.996349][T15219]  ? __pfx_____sys_sendmsg+0x10/0x10
[  388.996384][T15219]  ? import_iovec+0x74/0xa0
[  388.996413][T15219]  ___sys_sendmsg+0x21f/0x2a0
[  388.996441][T15219]  ? __pfx____sys_sendmsg+0x10/0x10
[  388.996506][T15219]  ? __fget_files+0x2a/0x420
[  388.996522][T15219]  ? __fget_files+0x3a0/0x420
[  388.996551][T15219]  __x64_sys_sendmsg+0x19b/0x260
[  388.996579][T15219]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  388.996614][T15219]  ? __pfx_ksys_write+0x10/0x10
[  388.996636][T15219]  ? rcu_is_watching+0x15/0xb0
[  388.996661][T15219]  ? do_syscall_64+0xbe/0x3b0
[  388.996688][T15219]  do_syscall_64+0xfa/0x3b0
[  388.996707][T15219]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.996726][T15219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.996746][T15219]  ? clear_bhb_loop+0x60/0xb0
[  388.996769][T15219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.996788][T15219] RIP: 0033:0x7f5bcf58eba9
[  388.996805][T15219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.996822][T15219] RSP: 002b:00007f5bd039b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  388.996843][T15219] RAX: ffffffffffffffda RBX: 00007f5bcf7d5fa0 RCX: 00007f5bcf58eba9
[  388.996858][T15219] RDX: 0000000000000004 RSI: 0000200000000d40 RDI: 0000000000000009
[  388.996870][T15219] RBP: 00007f5bd039b090 R08: 0000000000000000 R09: 0000000000000000
[  388.996889][T15219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.996901][T15219] R13: 00007f5bcf7d6038 R14: 00007f5bcf7d5fa0 R15: 00007ffe1afcce18
[  388.996933][T15219]  </TASK>
[  389.091961][T15223] __nla_validate_parse: 12 callbacks suppressed
[  389.091979][T15223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2936'.
[  389.417623][T15223] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2936'.
[  390.113865][T15261] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2947'.
[  390.256692][T15268] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2948'.
[  390.399349][T15262] bond4: (slave vcan1): The slave device specified does not support setting the MAC address
[  390.434439][T15262] bond4: (slave vcan1): Error -95 calling set_mac_address
[  390.619933][T15212] chnl_net:caif_netlink_parms(): no params data found
[  390.744719][ T5183] Bluetooth: hci1: command tx timeout
[  390.918949][T15212] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.926323][T15212] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.933590][T15212] bridge_slave_0: entered allmulticast mode
[  390.942891][T15212] bridge_slave_0: entered promiscuous mode
[  390.953359][T15212] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.960833][T15212] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.968691][T15212] bridge_slave_1: entered allmulticast mode
[  390.976863][T15212] bridge_slave_1: entered promiscuous mode
[  391.135965][T15212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.159471][T15212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.248289][T15212] team0: Port device team_slave_0 added
[  391.258805][T15212] team0: Port device team_slave_1 added
[  391.306276][T15212] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.371725][T15212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.406613][T15212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.430872][T15212] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.465693][T15212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.522502][T15212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.735942][T15337] netlink: 'syz.1.2966': attribute type 1 has an invalid length.
[  391.843589][T15212] hsr_slave_0: entered promiscuous mode
[  391.872095][T15212] hsr_slave_1: entered promiscuous mode
[  391.882179][T15212] debugfs: 'hsr0' already exists in 'hsr'
[  391.895648][T15212] Cannot create hsr debugfs directory
[  391.981790][T15337] 8021q: adding VLAN 0 to HW filter on device bond5
[  392.086425][T15338] bond5: (slave gretap1): making interface the new active one
[  392.096023][T15338] bond5: (slave gretap1): Enslaving as an active interface with an up link
[  392.134062][T15350] vlan4: entered allmulticast mode
[  392.139596][T15350] bond5: entered allmulticast mode
[  392.147643][T15350] gretap1: entered allmulticast mode
[  392.154539][T15350] bond5: (slave vlan4): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  392.366346][T15359] netlink: 'syz.4.2972': attribute type 29 has an invalid length.
[  392.412075][T15366] netlink: 'syz.4.2972': attribute type 29 has an invalid length.
[  392.578841][T15369] bridge0: port 1(veth0_to_bridge) entered disabled state
[  392.788216][T15381] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2978'.
[  392.825463][ T5183] Bluetooth: hci1: command tx timeout
[  393.078795][T15212] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  393.190035][   T49] bond3: (slave vlan3): link status definitely down, disabling slave
[  393.230255][   T49] bond3: now running without any active interface!
[  393.303665][T15212] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  393.399101][T15419] netlink: 'syz.0.2990': attribute type 1 has an invalid length.
[  393.440059][T15212] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  393.469474][T15419] netlink: 'syz.0.2990': attribute type 1 has an invalid length.
[  393.486726][T15418] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2991'.
[  393.548062][T15430] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5
[  393.739176][T15212] bond0: (slave netdevsim0): Releasing backup interface
[  393.765168][T15443] ieee802154 phy1 wpan1: encryption failed: -90
[  393.769252][T15212] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  394.151551][T15212] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  394.181771][T15212] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  394.212078][T15212] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  394.236256][T15212] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  394.271791][T15468] IPVS: set_ctl: invalid protocol: 50 172.20.20.187:20001
[  394.393036][T15478] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3010'.
[  394.423606][T15483] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3011'.
[  394.491463][T15212] 8021q: adding VLAN 0 to HW filter on device bond0
[  394.564438][T15212] 8021q: adding VLAN 0 to HW filter on device team0
[  394.581126][T10742] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.588371][T10742] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.609513][T15487] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3012'.
[  394.643656][T10732] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.650997][T10732] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.772067][T15496] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  394.783816][T15496] syzkaller0: entered promiscuous mode
[  394.790496][T15496] syzkaller0: entered allmulticast mode
[  394.802193][T15496] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  394.836095][T15496] tipc: Resetting bearer <eth:syzkaller0>
[  394.865999][T15495] tipc: Resetting bearer <eth:syzkaller0>
[  394.891644][T15495] tipc: Disabling bearer <eth:syzkaller0>
[  394.911951][ T5183] Bluetooth: hci1: command tx timeout
[  395.085633][T15509] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3017'.
[  395.167210][T15512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3019'.
[  395.197469][T15512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3019'.
[  395.242736][T15212] 8021q: adding VLAN 0 to HW filter on device batadv0
[  395.303410][T15517] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  395.422933][T15212] veth0_vlan: entered promiscuous mode
[  395.449085][T15212] veth1_vlan: entered promiscuous mode
[  395.632698][T15530] netlink: 'syz.3.3023': attribute type 3 has an invalid length.
[  395.639578][T15212] veth0_macvtap: entered promiscuous mode
[  395.653968][T15212] veth1_macvtap: entered promiscuous mode
[  395.723419][T15212] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.735935][T15212] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.756200][T10732] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.796043][T15537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3023'.
[  395.813561][T15537] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3023'.
[  396.018100][T10732] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  396.047626][T10732] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  396.095482][T10732] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  396.423221][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.475213][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.692006][T15567] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3033'.
[  396.725966][T10733] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.733813][T10733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.844399][T15571] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  396.986744][ T5183] Bluetooth: hci1: command tx timeout
[  397.859059][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  397.875179][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  397.884689][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  397.908359][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  397.929979][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  398.126088][T15628] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.3052'.
[  398.874557][T15658] netlink: 'syz.4.3063': attribute type 25 has an invalid length.
[  399.174331][T15683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.256040][T15681] IPVS: set_ctl: invalid protocol: 51 127.0.0.1:20003
[  399.282888][T15687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.300434][T15683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.381120][   T13] tipc: Disabling bearer <ib:gretap0>
[  399.620397][   T13] bond0 (unregistering): Released all slaves
[  399.735570][   T13] bond1 (unregistering): Released all slaves
[  399.749436][   T13] bond2 (unregistering): Released all slaves
[  399.767463][   T13] bond3 (unregistering): Released all slaves
[  399.789125][   T13] bond4 (unregistering): Released all slaves
[  399.807381][   T13] bond5 (unregistering): Released all slaves
[  399.850975][T15686] __nla_validate_parse: 1 callbacks suppressed
[  399.851015][T15686] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3072'.
[  399.886485][T15686] netlink: 21 bytes leftover after parsing attributes in process `syz.0.3072'.
[  399.933804][T15686] netlink: 21 bytes leftover after parsing attributes in process `syz.0.3072'.
[  399.962580][   T13] : left promiscuous mode
[  400.039309][ T5183] Bluetooth: hci2: command tx timeout
[  400.103608][   T13] tipc: Left network mode
[  400.321269][T15707] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  400.451638][T15707] syzkaller0: entered promiscuous mode
[  400.463644][T15707] syzkaller0: entered allmulticast mode
[  400.475093][T15707] tipc: Resetting bearer <eth:syzkaller0>
[  400.520560][T15613] chnl_net:caif_netlink_parms(): no params data found
[  400.598929][T15722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  400.619572][T15722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  400.640170][T15722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  400.850445][T15613] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.888139][T15613] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.903573][T15613] bridge_slave_0: entered allmulticast mode
[  400.941768][T15613] bridge_slave_0: entered promiscuous mode
[  400.972569][T15613] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.984061][T15613] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.001998][T15613] bridge_slave_1: entered allmulticast mode
[  401.011978][T15613] bridge_slave_1: entered promiscuous mode
[  401.068821][   T55] block nbd0: Possible stuck request ffff888024f30000: control (read@0,1024B). Runtime 150 seconds
[  401.079827][   T55] block nbd0: Possible stuck request ffff888024f301c0: control (read@1024,1024B). Runtime 150 seconds
[  401.091077][   T55] block nbd0: Possible stuck request ffff888024f30380: control (read@2048,1024B). Runtime 150 seconds
[  401.102359][   T55] block nbd0: Possible stuck request ffff888024f30540: control (read@3072,1024B). Runtime 150 seconds
[  401.197217][T10740] tipc: Resetting bearer <eth:syzkaller0>
[  401.251598][T15744] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  401.330614][T15707] tipc: Resetting bearer <eth:syzkaller0>
[  402.106407][ T5183] Bluetooth: hci2: command tx timeout
[  402.411168][T15761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3097'.
[  403.175264][T15707] tipc: Disabling bearer <eth:syzkaller0>
[  403.204163][T15757] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3096'.
[  403.233603][   T13] hsr_slave_0: left promiscuous mode
[  403.250654][   T13] hsr_slave_1: left promiscuous mode
[  403.265898][   T13] batman_adv: batadv0: Removing interface: dummy0
[  403.294913][T15765] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3098'.
[  403.320659][T15765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3098'.
[  403.749972][T10732] smc: removing ib device !yz!
[  404.161146][   T13] lo (unregistering): left allmulticast mode
[  404.181243][T15613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  404.191116][ T5183] Bluetooth: hci2: command tx timeout
[  404.218379][T15613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  404.554234][T15785] bridge4: the hash_elasticity option has been deprecated and is always 16
[  404.571682][T15785] bridge4: entered promiscuous mode
[  404.573091][T15790] FAULT_INJECTION: forcing a failure.
[  404.573091][T15790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.579012][T15785] bridge4: entered allmulticast mode
[  404.605103][T15784] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  404.621276][T15790] CPU: 1 UID: 0 PID: 15790 Comm: syz.1.3104 Not tainted syzkaller #0 PREEMPT(full) 
[  404.621307][T15790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  404.621320][T15790] Call Trace:
[  404.621327][T15790]  <TASK>
[  404.621336][T15790]  dump_stack_lvl+0x189/0x250
[  404.621365][T15790]  ? __pfx____ratelimit+0x10/0x10
[  404.621387][T15790]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.621410][T15790]  ? __pfx__printk+0x10/0x10
[  404.621436][T15790]  ? __might_fault+0xb0/0x130
[  404.621474][T15790]  should_fail_ex+0x414/0x560
[  404.621507][T15790]  _copy_from_user+0x2d/0xb0
[  404.621534][T15790]  __sys_sendto+0x25c/0x520
[  404.621560][T15790]  ? __pfx___sys_sendto+0x10/0x10
[  404.621578][T15790]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  404.621612][T15790]  ? __fget_files+0x3a0/0x420
[  404.621648][T15790]  ? ksys_write+0x22a/0x250
[  404.621675][T15790]  ? __pfx_ksys_write+0x10/0x10
[  404.621706][T15790]  __x64_sys_sendto+0xde/0x100
[  404.621731][T15790]  do_syscall_64+0xfa/0x3b0
[  404.621752][T15790]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.621769][T15790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.621787][T15790]  ? clear_bhb_loop+0x60/0xb0
[  404.621807][T15790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.621824][T15790] RIP: 0033:0x7f20b598eba9
[  404.621839][T15790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.621856][T15790] RSP: 002b:00007f20b6770038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  404.621876][T15790] RAX: ffffffffffffffda RBX: 00007f20b5bd6090 RCX: 00007f20b598eba9
[  404.621891][T15790] RDX: 0000000000000036 RSI: 0000200000000580 RDI: 0000000000000003
[  404.621904][T15790] RBP: 00007f20b6770090 R08: 0000200000000440 R09: 0000000000000014
[  404.621917][T15790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.621928][T15790] R13: 00007f20b5bd6128 R14: 00007f20b5bd6090 R15: 00007ffcca037408
[  404.621959][T15790]  </TASK>
[  404.643352][T15613] team0: Port device team_slave_0 added
[  404.842390][T15613] team0: Port device team_slave_1 added
[  404.996417][T15799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3106'.
[  405.015326][T15796] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3106'.
[  405.705655][T15805] bond8: left promiscuous mode
[  405.729046][T15805] bridge0: port 1(bond8) entered disabled state
[  405.774546][T15805] batadv1: left allmulticast mode
[  405.791522][T15805] batadv1: left promiscuous mode
[  405.797908][T15805] bridge0: port 2(batadv1) entered disabled state
[  405.829848][T15613] batman_adv: batadv0: Adding interface: batadv_slave_0
[  405.839497][T15613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  405.893520][T15613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  406.095188][T15613] batman_adv: batadv0: Adding interface: batadv_slave_1
[  406.115795][T15613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  406.180086][T15613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  406.265091][ T5183] Bluetooth: hci2: command tx timeout
[  406.482328][T15827] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3115'.
[  406.514155][T15613] hsr_slave_0: entered promiscuous mode
[  406.528705][T15613] hsr_slave_1: entered promiscuous mode
[  406.542181][T15613] debugfs: 'hsr0' already exists in 'hsr'
[  406.559176][T15613] Cannot create hsr debugfs directory
[  406.963794][   T13] IPVS: stop unused estimator thread 0...
[  406.971928][T15844] openvswitch: netlink: nsh attr 0 has unexpected len 1 expected 0
[  406.999007][T15846] openvswitch: netlink: nsh attr 0 has unexpected len 1 expected 0
[  407.453452][T15867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3127'.
[  407.500792][T15867] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3127'.
[  407.652473][T15878] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3130'.
[  407.756614][T15613] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  407.778617][T15613] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  407.799582][T15613] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  407.822313][T15613] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  407.860508][T15883] netlink: 'syz.2.3132': attribute type 1 has an invalid length.
[  407.881723][T15883] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  407.993760][T15895] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3133'.
[  408.033850][T15613] 8021q: adding VLAN 0 to HW filter on device bond0
[  408.076875][T15613] 8021q: adding VLAN 0 to HW filter on device team0
[  408.113214][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.121417][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  408.143058][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.150264][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  408.331226][T15901] team0: Cannot enslave team device to itself
[  408.410742][T15908] tipc: Can't bind to reserved service type 0
[  408.537184][T15911] IPVS: set_ctl: invalid protocol: 50 172.20.20.187:20001
[  408.549786][    T9] IPVS: starting estimator thread 0...
[  408.665038][T15912] IPVS: using max 34 ests per chain, 81600 per kthread
[  408.686313][T15920] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3140'.
[  408.750288][T15613] 8021q: adding VLAN 0 to HW filter on device batadv0
[  408.790901][T15915] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3140'.
[  408.910286][T15613] veth0_vlan: entered promiscuous mode
[  408.961271][T15613] veth1_vlan: entered promiscuous mode
[  408.985025][T15931] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.001777][T15931] syzkaller0: entered promiscuous mode
[  409.002721][T15936] netlink: 'syz.2.3147': attribute type 1 has an invalid length.
[  409.015933][T15931] syzkaller0: entered allmulticast mode
[  409.104057][T15944] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  409.152309][T15941] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  409.168339][T15943] ------------[ cut here ]------------
[  409.174086][T15943] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[  409.182784][T15943] WARNING: CPU: 1 PID: 15943 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.193605][T15943] Modules linked in:
[  409.198252][T15943] CPU: 1 UID: 0 PID: 15943 Comm: syz.4.3149 Not tainted syzkaller #0 PREEMPT(full) 
[  409.207727][T15943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  409.217866][T15943] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.224402][T15943] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 00 3f b0 8c e8 d6 fa 9a f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 67 5f d7 f6 90 0f 0b 90 42 80 7c 3d
[  409.239853][T15951] netlink: 'syz.1.3146': attribute type 1 has an invalid length.
[  409.244906][T15943] RSP: 0018:ffffc900198c7050 EFLAGS: 00010246
[  409.258370][T15943] RAX: 368db95bbf749600 RBX: 0000000000000000 RCX: 0000000000080000
[  409.266702][T15943] RDX: ffffc9000cfe4000 RSI: 000000000000833d RDI: 000000000000833e
[  409.274749][T15943] RBP: ffff88802eb55728 R08: 0000000000000003 R09: 0000000000000004
[  409.282748][T15943] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: ffff88802eb569d0
[  409.290785][T15943] R13: ffff88802eb54d80 R14: 1ffff11005d6aae5 R15: dffffc0000000000
[  409.298897][T15943] FS:  00007f8730cb96c0(0000) GS:ffff888125d15000(0000) knlGS:0000000000000000
[  409.308009][T15943] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  409.308507][T15954] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3147'.
[  409.314644][T15943] CR2: 000000110c38aa8d CR3: 000000007fb2c000 CR4: 00000000003526f0
[  409.314671][T15943] Call Trace:
[  409.314682][T15943]  <TASK>
[  409.314699][T15943]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[  409.314744][T15943]  __ieee80211_link_release_channel+0x33b/0x4a0
[  409.314778][T15943]  ieee80211_if_change_type+0x14c/0x990
[  409.314810][T15943]  ieee80211_change_iface+0xd5/0x510
[  409.314848][T15943]  cfg80211_change_iface+0x795/0xef0
[  409.314886][T15943]  nl80211_set_interface+0x773/0xaa0
[  409.314926][T15943]  ? __pfx_nl80211_set_interface+0x10/0x10
[  409.370327][T15949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.372170][T15943]  ? nl80211_pre_doit+0x4fb/0x930
[  409.394553][T15943]  genl_family_rcv_msg_doit+0x212/0x300
[  409.401088][T15943]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  409.407304][T15943]  ? bpf_lsm_capable+0x9/0x20
[  409.412011][T15943]  ? security_capable+0x7e/0x2e0
[  409.417257][T15943]  genl_rcv_msg+0x60e/0x790
[  409.421802][T15943]  ? __pfx_genl_rcv_msg+0x10/0x10
[  409.426896][T15943]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  409.432285][T15943]  ? __pfx_nl80211_set_interface+0x10/0x10
[  409.438161][T15943]  ? __pfx_nl80211_post_doit+0x10/0x10
[  409.443671][T15943]  ? __asan_memcpy+0x40/0x70
[  409.448411][T15943]  ? __pfx_ref_tracker_free+0x10/0x10
[  409.453830][T15943]  netlink_rcv_skb+0x208/0x470
[  409.458786][T15943]  ? __lock_acquire+0xab9/0xd20
[  409.463666][T15943]  ? __pfx_genl_rcv_msg+0x10/0x10
[  409.468964][T15943]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  409.474321][T15943]  ? down_read+0x1ad/0x2e0
[  409.478840][T15943]  genl_rcv+0x28/0x40
[  409.482842][T15943]  netlink_unicast+0x82f/0x9e0
[  409.487641][T15943]  ? __pfx_netlink_unicast+0x10/0x10
[  409.492933][T15943]  ? netlink_sendmsg+0x642/0xb30
[  409.497965][T15943]  ? skb_put+0x11b/0x210
[  409.502247][T15943]  netlink_sendmsg+0x805/0xb30
[  409.507112][T15943]  ? __pfx_netlink_sendmsg+0x10/0x10
[  409.512512][T15943]  ? aa_sock_msg_perm+0xf1/0x1d0
[  409.517523][T15943]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  409.522833][T15943]  ? __pfx_netlink_sendmsg+0x10/0x10
[  409.528214][T15943]  __sock_sendmsg+0x21c/0x270
[  409.532949][T15943]  ____sys_sendmsg+0x505/0x830
[  409.537806][T15943]  ? __pfx_____sys_sendmsg+0x10/0x10
[  409.543121][T15943]  ? import_iovec+0x74/0xa0
[  409.547979][T15943]  ___sys_sendmsg+0x21f/0x2a0
[  409.552694][T15943]  ? __pfx____sys_sendmsg+0x10/0x10
[  409.558022][T15943]  ? __fget_files+0x2a/0x420
[  409.562626][T15943]  ? __fget_files+0x3a0/0x420
[  409.567560][T15943]  __x64_sys_sendmsg+0x19b/0x260
[  409.572630][T15943]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  409.578186][T15943]  ? rcu_is_watching+0x15/0xb0
[  409.582973][T15943]  ? do_syscall_64+0xbe/0x3b0
[  409.587722][T15943]  do_syscall_64+0xfa/0x3b0
[  409.592248][T15943]  ? lockdep_hardirqs_on+0x9c/0x150
[  409.597560][T15943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.603645][T15943]  ? clear_bhb_loop+0x60/0xb0
[  409.608499][T15943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.614424][T15943] RIP: 0033:0x7f872fd8eba9
[  409.619255][T15943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.639573][T15943] RSP: 002b:00007f8730cb9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  409.648267][T15943] RAX: ffffffffffffffda RBX: 00007f872ffd5fa0 RCX: 00007f872fd8eba9
[  409.656348][T15943] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  409.664444][T15943] RBP: 00007f872fe11e19 R08: 0000000000000000 R09: 0000000000000000
[  409.672460][T15943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  409.680594][T15943] R13: 00007f872ffd6038 R14: 00007f872ffd5fa0 R15: 00007ffec3947728
[  409.688637][T15943]  </TASK>
[  409.691673][T15943] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  409.698961][T15943] CPU: 1 UID: 0 PID: 15943 Comm: syz.4.3149 Not tainted syzkaller #0 PREEMPT(full) 
[  409.708344][T15943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  409.718502][T15943] Call Trace:
[  409.721788][T15943]  <TASK>
[  409.724716][T15943]  dump_stack_lvl+0x99/0x250
[  409.729331][T15943]  ? __asan_memcpy+0x40/0x70
[  409.733925][T15943]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.739120][T15943]  ? __pfx__printk+0x10/0x10
[  409.743725][T15943]  vpanic+0x281/0x750
[  409.747706][T15943]  ? __pfx__printk+0x10/0x10
[  409.752299][T15943]  ? __pfx_vpanic+0x10/0x10
[  409.756796][T15943]  ? is_bpf_text_address+0x292/0x2b0
[  409.762095][T15943]  panic+0xb9/0xc0
[  409.765815][T15943]  ? __pfx_panic+0x10/0x10
[  409.770240][T15943]  __warn+0x31b/0x4b0
[  409.774230][T15943]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.780019][T15943]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.785757][T15943]  report_bug+0x2be/0x4f0
[  409.790081][T15943]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.795807][T15943]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.801626][T15943]  ? drv_unassign_vif_chanctx+0x50d/0x7e0
[  409.807377][T15943]  handle_bug+0x84/0x160
[  409.811640][T15943]  exc_invalid_op+0x1a/0x50
[  409.816160][T15943]  asm_exc_invalid_op+0x1a/0x20
[  409.821021][T15943] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[  409.827360][T15943] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 00 3f b0 8c e8 d6 fa 9a f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 67 5f d7 f6 90 0f 0b 90 42 80 7c 3d
[  409.847055][T15943] RSP: 0018:ffffc900198c7050 EFLAGS: 00010246
[  409.853218][T15943] RAX: 368db95bbf749600 RBX: 0000000000000000 RCX: 0000000000080000
[  409.861186][T15943] RDX: ffffc9000cfe4000 RSI: 000000000000833d RDI: 000000000000833e
[  409.869159][T15943] RBP: ffff88802eb55728 R08: 0000000000000003 R09: 0000000000000004
[  409.877131][T15943] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: ffff88802eb569d0
[  409.885102][T15943] R13: ffff88802eb54d80 R14: 1ffff11005d6aae5 R15: dffffc0000000000
[  409.893096][T15943]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[  409.899174][T15943]  __ieee80211_link_release_channel+0x33b/0x4a0
[  409.905425][T15943]  ieee80211_if_change_type+0x14c/0x990
[  409.910975][T15943]  ieee80211_change_iface+0xd5/0x510
[  409.916270][T15943]  cfg80211_change_iface+0x795/0xef0
[  409.921565][T15943]  nl80211_set_interface+0x773/0xaa0
[  409.926867][T15943]  ? __pfx_nl80211_set_interface+0x10/0x10
[  409.932693][T15943]  ? nl80211_pre_doit+0x4fb/0x930
[  409.937725][T15943]  genl_family_rcv_msg_doit+0x212/0x300
[  409.943283][T15943]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  409.949377][T15943]  ? bpf_lsm_capable+0x9/0x20
[  409.954083][T15943]  ? security_capable+0x7e/0x2e0
[  409.959039][T15943]  genl_rcv_msg+0x60e/0x790
[  409.963555][T15943]  ? __pfx_genl_rcv_msg+0x10/0x10
[  409.968681][T15943]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  409.974138][T15943]  ? __pfx_nl80211_set_interface+0x10/0x10
[  409.979945][T15943]  ? __pfx_nl80211_post_doit+0x10/0x10
[  409.985411][T15943]  ? __asan_memcpy+0x40/0x70
[  409.990001][T15943]  ? __pfx_ref_tracker_free+0x10/0x10
[  409.995444][T15943]  netlink_rcv_skb+0x208/0x470
[  410.000207][T15943]  ? __lock_acquire+0xab9/0xd20
[  410.005061][T15943]  ? __pfx_genl_rcv_msg+0x10/0x10
[  410.010086][T15943]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  410.015383][T15943]  ? down_read+0x1ad/0x2e0
[  410.019808][T15943]  genl_rcv+0x28/0x40
[  410.023817][T15943]  netlink_unicast+0x82f/0x9e0
[  410.028601][T15943]  ? __pfx_netlink_unicast+0x10/0x10
[  410.033993][T15943]  ? netlink_sendmsg+0x642/0xb30
[  410.039029][T15943]  ? skb_put+0x11b/0x210
[  410.043277][T15943]  netlink_sendmsg+0x805/0xb30
[  410.048133][T15943]  ? __pfx_netlink_sendmsg+0x10/0x10
[  410.053420][T15943]  ? aa_sock_msg_perm+0xf1/0x1d0
[  410.058366][T15943]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  410.063654][T15943]  ? __pfx_netlink_sendmsg+0x10/0x10
[  410.069165][T15943]  __sock_sendmsg+0x21c/0x270
[  410.073848][T15943]  ____sys_sendmsg+0x505/0x830
[  410.078612][T15943]  ? __pfx_____sys_sendmsg+0x10/0x10
[  410.083904][T15943]  ? import_iovec+0x74/0xa0
[  410.088496][T15943]  ___sys_sendmsg+0x21f/0x2a0
[  410.093173][T15943]  ? __pfx____sys_sendmsg+0x10/0x10
[  410.098406][T15943]  ? __fget_files+0x2a/0x420
[  410.103006][T15943]  ? __fget_files+0x3a0/0x420
[  410.107681][T15943]  __x64_sys_sendmsg+0x19b/0x260
[  410.112650][T15943]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  410.118206][T15943]  ? rcu_is_watching+0x15/0xb0
[  410.122984][T15943]  ? do_syscall_64+0xbe/0x3b0
[  410.127663][T15943]  do_syscall_64+0xfa/0x3b0
[  410.132170][T15943]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.137393][T15943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.143456][T15943]  ? clear_bhb_loop+0x60/0xb0
[  410.148581][T15943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.154471][T15943] RIP: 0033:0x7f872fd8eba9
[  410.159145][T15943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.178760][T15943] RSP: 002b:00007f8730cb9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  410.187172][T15943] RAX: ffffffffffffffda RBX: 00007f872ffd5fa0 RCX: 00007f872fd8eba9
[  410.195137][T15943] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  410.203098][T15943] RBP: 00007f872fe11e19 R08: 0000000000000000 R09: 0000000000000000
[  410.211060][T15943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  410.219026][T15943] R13: 00007f872ffd6038 R14: 00007f872ffd5fa0 R15: 00007ffec3947728
[  410.227009][T15943]  </TASK>
[  410.230352][T15943] Kernel Offset: disabled
[  410.234670][T15943] Rebooting in 86400 seconds..