last executing test programs:

16.662978634s ago: executing program 1 (id=3005):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
accept$alg(r0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x15, 0x5, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x10000000000, 0x0, 0x8811}, 0x0)

11.030970401s ago: executing program 2 (id=3040):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
accept$alg(r0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x15, 0x5, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x100000000000, 0x0, 0x8811}, 0x0)

10.625987173s ago: executing program 2 (id=3043):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x11, 0x2, 0x10001)
socket(0x2b, 0x80801, 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
socket(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

10.212833456s ago: executing program 2 (id=3050):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r1, 0x8, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TESTDATA={0x46, 0x45, "2c5cd625bd69d695a30f2fa8bad55fd5b43c1a6950cc3832375bd5d25e623d474f6c10d4ea32a95f10ffaccec4a6f848f1f8f0b340098e74e71b136675267c90ec92"}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008025}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000340)={0x208, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x800}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x7}, @ETHTOOL_A_LINKMODES_OURS={0x1cc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x63, 0x4, "e5204c19ae9e62cb5d86f6c41e11545ffc0ec9b0199a3813e2a39ea3cbdead3ab7f80782f10503a1847142519e435ef4a0db955ae66a341398ad97d7dfbac66aa2ad29c6944ec7048d26531233316b5cebc2b8d9cd23a5a9968a907f9315a9"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x150, 0x3, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '-^.\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ')\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3c}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x27}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '.}%.:)\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, ',}%&%\xb2\xac(!$\x00'}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x4}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x8}]}, 0x208}, 0x1, 0x0, 0x0, 0xc040000}, 0x200408c8)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r3, 0x4, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x24008812)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x48, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x10000, 0x1]}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x7ff, 0x5, 0x7, 0x6]}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0xc0000)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000900)=<r5=>0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x2c, r3, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a40), r0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={0xffffffffffffffff, 0xe0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x1, 0x7, &(0x7f0000000ac0)=[0x0], &(0x7f0000000b00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xce, &(0x7f0000000b40)=[{}, {}], 0x10, 0x10, &(0x7f0000000b80), &(0x7f0000000bc0), 0x8, 0xe1, 0x8, 0x8, &(0x7f0000000c00)}}, 0x10)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000d80)={<r8=>0x0, @initdev, @local}, &(0x7f0000000dc0)=0xc)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r0, &(0x7f0000000f00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e00)={0x98, r6, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xe3}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x54, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x43}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x10001}]}, 0x98}, 0x1, 0x0, 0x0, 0x20048841}, 0x48040)
socket$inet6_udplite(0xa, 0x2, 0x88)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000001400)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000013c0)={&(0x7f0000000fc0)={0x3c4, r9, 0x600, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0xcc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x400, 0x1, 0x10, 0x4, 0x5, 0xb, 0x1, 0x800]}}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0xa4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8001, 0x2, 0x7, 0x800, 0x20, 0x7ff, 0xb4ba, 0xd]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x7, 0x1e3c, 0x1, 0x2, 0x400, 0x8, 0x2]}}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x0, 0x8}, {0x7, 0x5}, {0x3, 0x1}, {0x1, 0x8}, {}, {0x0, 0x6}, {0x6, 0xa}, {0x0, 0x6}, {0x5, 0x1}, {0x3, 0xa}, {0x5, 0x4}, {0x3, 0x7}, {0x0, 0xa}, {0x4, 0x5}, {0x6, 0xa}, {0x1}, {0x0, 0x3}, {0x4, 0x4}, {0x3, 0x7}, {0x2, 0xa}, {0x1, 0xa}, {0x1, 0x2}, {0x7, 0x2}, {0x5, 0x9}, {0x6, 0x6}, {0x0, 0x4}, {0x1, 0x6}, {0x5}, {0x1, 0x1}, {0x1, 0x7}, {0x3, 0x7}, {0x2, 0x8}, {0x7, 0x1}, {0x6, 0x8}, {0x1, 0x5}, {0x2, 0x4}, {0x3, 0x8}, {0x7, 0x9}, {0x3, 0x7}, {0x4, 0x9}, {0x6, 0x2}, {0x1, 0x7}, {0x0, 0x1}, {0x1, 0x2}, {0x4, 0x9}, {0x7, 0x3}, {0x0, 0x9}, {0x0, 0x8}, {0x1, 0x7}, {0x5, 0x9}, {0x6, 0x6}, {0x2, 0x3}, {0x1, 0x1}, {0x0, 0x9}, {}, {0x5, 0xa}, {0x5, 0x9}, {0x3, 0x3}, {0x3, 0x3}, {0x1}, {0x5, 0x4}, {0x0, 0x6}, {0x7, 0x5}, {0x2, 0x5}, {0x5}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x5}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x2, 0x6}, {0x7, 0x2}, {0x5, 0x2}, {0x6}, {0x6, 0x5}, {0x5, 0x8}, {0x2, 0x7}, {0x1, 0xa}, {0x1, 0x1}, {0x6, 0x6}, {0x6, 0x9}, {0x5, 0x3}, {0x4, 0x9}, {0x4, 0x5}, {0x2, 0x3}, {0x2, 0x4}, {0x1, 0x4}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x6}, {0x5, 0x5}, {0x0, 0xa}, {0x4, 0x1}, {0x6, 0x3}, {0x7, 0x8}, {0x6, 0x8}, {0x0, 0xa}, {0x5, 0x9}]}]}]}, @NL80211_ATTR_TX_RATES={0x128, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xca0f, 0x5, 0x4, 0x1, 0x8, 0x99d, 0x2, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x3, 0x8, 0x2, 0xfbf0, 0xa, 0x0, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x38c, 0x0, 0x0, 0x9, 0xffff, 0x3, 0xcb, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x4c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x6, 0x6}, {0x1, 0x6}, {0x7}, {0x0, 0x8}, {0x1, 0x9}, {0x4, 0xa}, {0x6, 0xa}, {0x1, 0x1}, {0x2, 0x4}, {0x3, 0x1}, {0x0, 0x9}, {0x4, 0x1}, {0x7, 0x4}, {0x0, 0x3}, {0x6, 0x5}, {0x1, 0x3}, {0x3, 0xa}, {0x6, 0x1}, {0x5, 0x5}, {0x1, 0x7}, {0x0, 0x6}, {0x1, 0x1}, {0x1, 0x9}, {0x2}, {0x2, 0x1}, {0x1, 0x4}, {0x1, 0x6}, {0x1, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_6GHZ={0x14, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0x3, 0x8, 0x0, 0x7, 0x1, 0x401]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x34, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_ATTR_TX_RATES={0x50, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x4c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x995, 0x1, 0x8, 0x2, 0x8, 0x5, 0x800]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x5, 0x1b, 0x12, 0x5, 0x3, 0x3, 0x30, 0x60, 0x60, 0x36, 0xc, 0x3, 0x16, 0x4, 0x1, 0x6, 0x24, 0xc, 0x48, 0x0, 0x6c, 0x24, 0x3, 0x9, 0x3, 0x60, 0x36, 0xb]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ef, 0x4, 0x4, 0x2, 0x5771, 0x81, 0xb, 0x3]}}]}]}, @NL80211_ATTR_TX_RATES={0x164, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x3, 0x8, 0x8, 0x8, 0x7, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xfffa, 0x48, 0x3, 0x0, 0x0, 0xff, 0x80]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x3ff, 0x200, 0x4, 0xbc, 0x9, 0x2, 0x544b]}}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x48, 0x5, 0x24, 0x16, 0x1, 0x5, 0x30, 0xb, 0x60, 0x5, 0x6, 0x18, 0x5, 0x48]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0x1800, 0xcf, 0x8, 0x1000, 0x3, 0x3, 0x5]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_2GHZ={0xc0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3ff, 0x9, 0x9, 0x6, 0x20fe, 0x400, 0x6b81, 0x9]}}, @NL80211_TXRATE_HT={0x38, 0x2, [{0x0, 0x1}, {0x5}, {0x6, 0x3}, {0x3, 0x6}, {0x0, 0x7}, {0x0, 0xa}, {0x6, 0x2}, {0x3, 0x3}, {0x7, 0x3}, {0x3, 0x7}, {0x2}, {0x6, 0x8}, {0x0, 0x5}, {0x1, 0x3}, {0x0, 0x8}, {0x2, 0x1}, {0x5, 0x1}, {0x7, 0x2}, {0x4, 0x6}, {0x0, 0x1}, {0x4, 0x5}, {0x5, 0x6}, {0x1, 0x3}, {0x0, 0x9}, {0x2, 0x1}, {}, {0x5}, {0x7, 0x1}, {0x2}, {0x1, 0x2}, {0x6, 0x9}, {0x0, 0x2}, {0x4}, {0x1, 0x6}, {0x4, 0x7}, {0x2}, {0x5, 0x2}, {0x1, 0x2}, {0x2, 0x7}, {0x5, 0x5}, {}, {0x2}, {0x2, 0x7}, {0x4}, {0x1, 0x3}, {0x3, 0x5}, {0x0, 0xa}, {0x0, 0x5}, {0x3}, {0x1, 0x7}, {0x2, 0x6}, {0x7, 0x1}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x3, 0x82, 0xf24, 0x8, 0x101, 0x0, 0xb5]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x5, 0x1}, {0x4, 0x7}, {0x3, 0xa}, {0x1, 0x8}, {0x4}, {0x2, 0x4}, {0x2}, {0x0, 0x5}, {0x2, 0x2}, {0x5, 0x6}, {0x2, 0x9}, {0x2, 0x9}, {0x3, 0x2}, {0x0, 0x6}, {0x2, 0xa}, {0x0, 0x2}, {0x5, 0x4}, {}, {0x0, 0x8}, {0x4, 0x5}, {0x4, 0x1}, {0x5, 0x4}, {0x1, 0x9}, {0x7, 0x5}, {0x5, 0x6}, {0x4, 0x3}, {0x1, 0x2}, {0x7, 0x3}, {0x4, 0x7}, {0x0, 0x1}, {0x6, 0x4}, {0x0, 0x2}, {0x4, 0x9}, {0x1, 0x5}, {0x1, 0x1}, {0x4, 0x9}, {0x6, 0x5}, {0x3}, {0x7, 0x6}, {0x2, 0x2}, {0x7, 0x4}, {0x7, 0x2}, {0x4, 0x6}, {0x3, 0x2}, {0x3, 0x1d}, {0x1, 0xa}, {0x0, 0x9}]}]}, @NL80211_BAND_6GHZ={0x1c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x1, 0x16, 0x3, 0x1, 0x12, 0x36, 0x4f, 0x36, 0x48, 0xe1, 0xa]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}]}]}]}, 0x3c4}, 0x1, 0x0, 0x0, 0x4091}, 0x20000000)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001540)={&(0x7f0000001480)={0xbc, r9, 0x4, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x953}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x327}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x393}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x7ff}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xfffffffe}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xa29}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x14}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x6}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x34b}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x26}]]}, 0xbc}, 0x1, 0x0, 0x0, 0x40000}, 0x8801)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000001600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000001700)={0x0, 'team_slave_0\x00', {0x3}, 0x20})
syz_80211_inject_frame(&(0x7f0000001740), &(0x7f0000001780)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x5}, @device_a, @initial, @from_mac=@device_b, {0x0, 0xd}, "", @void, @value=@ver_80211n={0x0, 0x7ffd, 0x3, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1}}, @random="6071db8f6cd793d0fa7c41eaa597a2b4912d7816324b2ce6c45f283b509706b1ae8cccf641a2efec0cb58544ce51a3b26b542b04d005a38f6295c56063b5333f27d2846b0212b5142baf554b3cb788d267edac5f43e9c3ec66916f4772eed511b0ef8b10dbe8428a549297fa14a3efe0a4172ce66af5abbe605d93f5100836902b2f0f3db7204d9cdc01715bef06e5f2e9f0e63184dd73cade99e5a449e28ff8567082ef3c31bcda94edbbe18018a17778e5baba26352d41ffb1f1f4e2de0d447b3dc9a70af472b4c4487a1e0a62df2c8233b4b5a1c6be89d9785d587e1b0f2ef6403436388b3b577a6ebafa32b458dcfe5b8ae01344c2950ee34a1d89080126e103f9f6240d5c54c2653aeed2326e4c0c21be1fef30decdb6728757b068ddd7ddbd2f7beff96cf14c0058b3ffe9e21a593aca7a37cf71ed78c0d163f6a5de8f25972c1711565a3c63ef9f84c63034ff0191607ac8d0147e52db3f226cccc2c2dbbba720c5f55ac6daf4c566fe2e51dec7d84a5bab216c1717fccb5c328a64c9492c0c4ecaa524d83eebb3696ce1266624d013bf96cacf4236b2ce5c1a7277cdbb6553f0bf8100e1b0d1afa8730350aafd71b5d6263cf818c65dea78f4ef397939e273fa485c7f11f7b6110082b91ef42d1d114e2d7e6fc4b412a8194c3cf12d85f174f9619a2588d4784ecfe04d9ff94d0b8d6ad8d981ffab0212e167770404600e5a8e55903a8a920ab50bb655f0dbacfc7283aae6795783e620bc6eeac1f082dc299860c5e350798ca05c334d32d5abd7bc9c77f651378817c16ad378d5b4e1af5e45f9933a01565fe29c5207e463db1cfb40069379dab96367ab30a9099470dc20cc515ba00ffb94c5e5ba0f8153ef54d2d96bf1dc1f26033016fe04df006b94cf8cfe9a0d78cc9c4199add53dcf1d7530dc536d34876d044c161f9f204e39a93b16d24cdffaf18bfd0b13a244dfba68c497da836d67731f1822974915009a888190be68c64cab5d57fe1be4d0dd9066c9deeff31bdf6f8bab2208b84a49233c5bc86e7a1a4bc5256d981f312fda1d6c22f8d6d4650421ba1c97b26f45f66acffbca9c95b416ed67e493fa09ee7cea1bc881c382d23a3c83ff97eac49a6c1876a37d781c9a3da0fd052a1f4d1643243791ca5e1e4fbcc9d7e41f78437c2915e00df528b34dcca54211f41f2c55d3106b907189bc2948e5a07c6ca5532dc567d512204e62e83c40f4513add9ef515b52ffc10fc3029578283ec764d98e75e111fcfc2d2d8e3281f7eb62fffe01e383a360e075b6f878638"}, 0x3b5)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000001b40)='blkio.throttle.write_iops_device\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000001b80), &(0x7f0000001bc0)=0x4)

9.472401576s ago: executing program 2 (id=3059):
syz_emit_ethernet(0x66, &(0x7f0000000300)=ANY=[@ANYRES64=0x0], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x800)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a0b0400000000000000000200000088000480240001800b000100736f636b6574000014000280080002400000000308000140000000024c0001800b00010065787468647200003c000280080002400000007508000340000000590800064000000002080006400000000108000440000000b905000200070000000500020007000000140001800a00010071756f7461000000"], 0x17c}}, 0x40880)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0)
mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r1, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
r2 = socket(0x22, 0x2, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000001d00070f000000000000000007000000091f0160e188391750d65df593fb9cdbaad8940f19e0f847c60a660df5cdda1680349d93fa875e8656622dc8300016b7d1907cc21c3123ff64f934d7e50d53ae0970b394a30b762ed457c36da911e265780048ad49ed19dfb49f3758fba0d633f5e10239ba24c670208d8e953f27e5e575280cc1e11eedc5162283768d0191141c7258f5cb9a29477c75923a24e98eab17697534055723938d47f7", @ANYRES32=0x0, @ANYBLOB="0000d20b"], 0x1c}}, 0x0)
accept4$inet(r2, 0x0, 0x0, 0x800)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0x1a)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000000)=0x18, 0x4)
ioctl$sock_SIOCETHTOOL(r4, 0x89f1, &(0x7f0000000000)={'sit0\x00', 0x0})
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f0000000000)="2e000300010000", 0x7)
r7 = socket$kcm(0x10, 0x7, 0x10)
r8 = socket(0x1e, 0x805, 0x0)
connect$tipc(r8, &(0x7f0000000040)=@id={0x1e, 0x3, 0x0, {0x4e24}}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000480), r8)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a", 0xa}], 0x1}, 0x0)

8.765763152s ago: executing program 2 (id=3066):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFNETMASK(r2, 0x891b, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x0, @broadcast}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x8000)
sendmmsg$inet6(r1, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}, {{&(0x7f0000000500)={0xa, 0x4e22, 0x0, @remote, 0x40}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000006c0)="02", 0x1}], 0x1}}], 0x2, 0x24000045)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0xc)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={r10, 0xffffffffffffffff, 0x24}, 0xc)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000000)="0800d90700000000000000bd5656", 0xe)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
unshare(0x62040200)
socket$nl_generic(0x10, 0x3, 0x10)

4.818787859s ago: executing program 0 (id=3103):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback={0xfec0ffff00000000}, 0x48000000, 0x0, 0x0, 0x1, 0x2000, 0x20}, 0x20)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xc, @remote, 'ip6tnl0\x00'}}, 0x1e)
r3 = socket(0xa, 0x3, 0x2)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x8, 0x0, 0x401}, 0xc)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0xc, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x10)

4.638655572s ago: executing program 0 (id=3096):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003440)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000000)="f2", 0x1}], 0x1}}, {{&(0x7f0000000840)={0xa, 0x4e24, 0x9, @mcast1, 0x8}, 0x1c, &(0x7f0000000d00)=[{&(0x7f0000000880)="127d", 0x2}], 0x1}}], 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012)

4.371032589s ago: executing program 0 (id=3097):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
unshare(0x2040400)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r3 = openat$cgroup_procs(r0, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
close(r4)
r5 = epoll_create(0x3ff)
r6 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000240)={0xa0000000})
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3f, r6, &(0x7f0000000280)={0x2000000})
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
pread64(r3, &(0x7f0000001840)=""/4096, 0x1000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe0b, 0x0, 0x0, 0x0, 0x800000}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)

4.22603655s ago: executing program 0 (id=3099):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000380)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xa}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
bind$can_raw(r2, &(0x7f0000000400)={0x1d, r3}, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@deltclass={0x64, 0x29, 0x10, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x3, 0xf}, {0x3, 0xb}, {0xb, 0xc}}, [@tclass_kind_options=@c_multiq={0xb}, @tclass_kind_options=@c_sfb={0x8}, @TCA_RATE={0x6, 0x5, {0xf1, 0x2e}}, @TCA_RATE={0x6, 0x5, {0x8, 0xe}}, @tclass_kind_options=@c_red={0x8}, @tclass_kind_options=@c_qfq={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xf7, 0x3}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0xc050)
recvmsg$can_raw(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f0000000440)=[{{0x2, 0x1, 0x1, 0x1}, {0x2, 0x1}}, {{0x3, 0x1, 0x0, 0x1}, {0x4, 0x1, 0x1, 0x1}}, {{0x3, 0x1}, {0x4, 0x1, 0x1}}], 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYRES32=r5, @ANYRES64=r3, @ANYRES16=0x0, @ANYRES8], 0x0, 0x34, 0x0, 0xa, 0x0, 0x10000}, 0x28)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0xfffbffff}, [@bcast, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
r6 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0209fa000400000025bd7000fedbdf250900180007ff000001001400570000003b3b430d677f"], 0x20}}, 0x24000800)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'hsr0\x00'})
ioctl$F2FS_IOC_MOVE_RANGE(r7, 0xc020f509, &(0x7f0000000280)={<r9=>r8, 0x3, 0x4, 0x7})
r10 = getpid()
write$cgroup_pid(r9, &(0x7f00000003c0)=r10, 0x12)
ioctl$sock_FIOSETOWN(r6, 0x8901, &(0x7f0000000040)=r10)
listen(r0, 0x1ad72f7)
socket$nl_xfrm(0x10, 0x3, 0x6)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
close(0x4)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f00000000c0)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})

3.954953228s ago: executing program 2 (id=3101):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001580)=ANY=[@ANYBLOB="30000000be000701fefffffffcffffff01e28191037c00b608004280040008000c0001db0ed10a188006000600800a0000080002800400178017907e48a4d4cd2041493003dc5493d1660a3104a7417ef1bb47c47847f7c106d5a6cb7217d78dc3de5c9b440ac711dfacc298017a4b2b5d4aeb751e635d08346a0b9d715769d096b881ab2131fd36196c2df67e744e75e24d1a6540ce97571a079c8700e9f7657b46c20108bbb52eb31b97b4fc8c1ddcab4005b42b68db643c1d12b8413ad0ff7d22c57940e107c2fa40c88044a4"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x6, 0x0, &(0x7f0000001440), &(0x7f0000000580)='syzkaller\x00', 0xc, 0x5, &(0x7f0000001540)=""/5, 0x40f00, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0xfffffffe}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x20, 0x0, 0x7, 0x201, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r4}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x5, 0x0, 0x1}, 0x48)
sendmsg$NFNL_MSG_ACCT_DEL(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x20, 0x3, 0x7, 0x187a67a68afe9213, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x40048c0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.349042999s ago: executing program 0 (id=3105):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xb, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100f30000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e2}, 0x94)

3.182965956s ago: executing program 3 (id=3106):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x4, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x0, r2}, 0x10)
socket$inet(0xa, 0x801, 0x84)
socket$inet(0xa, 0x801, 0x84)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x0, 0x3000000}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

3.046909211s ago: executing program 0 (id=3107):
r0 = socket$inet6(0xa, 0x4, 0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000240)={0x2b, 0x0, '\x00', [@ra={0x5, 0x2, 0x35b}]}, 0x10)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r2, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @local}, 0x10)
getsockopt$inet_int(r2, 0x0, 0x6, &(0x7f00000000c0), 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000940)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @private1, 0x3}, 0x1c, &(0x7f0000000840)=[{&(0x7f0000000040)="2e360e", 0x3}], 0x1}}], 0x1, 0x931766f6119e6dc0)
shutdown(r3, 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x9}, &(0x7f0000000340)=0x8)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000", 0x48}], 0x1)
r5 = socket$netlink(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x40}, {0x6}]}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})

2.557681018s ago: executing program 1 (id=3011):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000003000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="7993ff01190000e5ffa53b00008f", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) (fail_nth: 9)

2.362899853s ago: executing program 1 (id=3112):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
accept$alg(r0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x15, 0x5, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x100000000000000, 0x0, 0x8811}, 0x0)

2.142952363s ago: executing program 3 (id=3113):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000fbdbdf25170000002c003080050003000500000014000400de067486d928a27e16fa9e9bf01d2cf00c000180220001000100000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010800040000000000000af8000008000300", @ANYRES32=r7, @ANYBLOB="100050800500020005000000040006"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x10c, r5, 0x0, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void, @val={0xc, 0x99, {0xe4, 0x50}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "342c1c13b574a51c1be95753ac45fee026f0f1b9f5a4a818"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "6207a4d6d2cfbdfd534b8d29013ef3e8daf98924145ab92e"}], @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}], @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4000405}, 0x40000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x24, r3, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x11}, 0x0)

1.884999459s ago: executing program 1 (id=3115):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x2c, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "dbeb00171c"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x0)

1.763319391s ago: executing program 3 (id=3116):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x44, 0x1, 0x1, 0x301, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x4ad}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}]}]}, 0x44}}, 0x0)
sendmsg$TIPC_NL_KEY_FLUSH(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x24, r2, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x4}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000000100000a20000000000a01040000000000000000010000030900010073797a3000000000140000000200010200000000000000000000000520000000060a010400000000000000000100fffe0900010073797a3000000000140000001100010000100000000000000700000a"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

1.651064368s ago: executing program 1 (id=3118):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r1, 0x8, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TESTDATA={0x46, 0x45, "2c5cd625bd69d695a30f2fa8bad55fd5b43c1a6950cc3832375bd5d25e623d474f6c10d4ea32a95f10ffaccec4a6f848f1f8f0b340098e74e71b136675267c90ec92"}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008025}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000340)={0x208, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x800}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x7}, @ETHTOOL_A_LINKMODES_OURS={0x1cc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x63, 0x4, "e5204c19ae9e62cb5d86f6c41e11545ffc0ec9b0199a3813e2a39ea3cbdead3ab7f80782f10503a1847142519e435ef4a0db955ae66a341398ad97d7dfbac66aa2ad29c6944ec7048d26531233316b5cebc2b8d9cd23a5a9968a907f9315a9"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x150, 0x3, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '-^.\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ')\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3c}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x27}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '.}%.:)\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, ',}%&%\xb2\xac(!$\x00'}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x4}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x8}]}, 0x208}, 0x1, 0x0, 0x0, 0xc040000}, 0x200408c8)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r2, 0x4, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x24008812)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x48, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x10000, 0x1]}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x7ff, 0x5, 0x7, 0x6]}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0xc0000)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000900)=<r4=>0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x2c, r2, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @val={0x8}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a40), r0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={0xffffffffffffffff, 0xe0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x1, 0x7, &(0x7f0000000ac0)=[0x0], &(0x7f0000000b00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xce, &(0x7f0000000b40)=[{}, {}], 0x10, 0x10, &(0x7f0000000b80), &(0x7f0000000bc0), 0x8, 0xe1, 0x8, 0x8, &(0x7f0000000c00)}}, 0x10)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000d80)={<r7=>0x0, @initdev, @local}, &(0x7f0000000dc0)=0xc)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r0, &(0x7f0000000f00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e00)={0x98, r5, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xe3}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x54, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x43}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x10001}]}, 0x98}, 0x1, 0x0, 0x0, 0x20048841}, 0x48040)
socket$inet6_udplite(0xa, 0x2, 0x88)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000001400)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000013c0)={&(0x7f0000000fc0)={0x3c4, r8, 0x600, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0xcc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x400, 0x1, 0x10, 0x4, 0x5, 0xb, 0x1, 0x800]}}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0xa4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8001, 0x2, 0x7, 0x800, 0x20, 0x7ff, 0xb4ba, 0xd]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x7, 0x1e3c, 0x1, 0x2, 0x400, 0x8, 0x2]}}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x0, 0x8}, {0x7, 0x5}, {0x3, 0x1}, {0x1, 0x8}, {}, {0x0, 0x6}, {0x6, 0xa}, {0x0, 0x6}, {0x5, 0x1}, {0x3, 0xa}, {0x5, 0x4}, {0x3, 0x7}, {0x0, 0xa}, {0x4, 0x5}, {0x6, 0xa}, {0x1}, {0x0, 0x3}, {0x4, 0x4}, {0x3, 0x7}, {0x2, 0xa}, {0x1, 0xa}, {0x1, 0x2}, {0x7, 0x2}, {0x5, 0x9}, {0x6, 0x6}, {0x0, 0x4}, {0x1, 0x6}, {0x5}, {0x1, 0x1}, {0x1, 0x7}, {0x3, 0x7}, {0x2, 0x8}, {0x7, 0x1}, {0x6, 0x8}, {0x1, 0x5}, {0x2, 0x4}, {0x3, 0x8}, {0x7, 0x9}, {0x3, 0x7}, {0x4, 0x9}, {0x6, 0x2}, {0x1, 0x7}, {0x0, 0x1}, {0x1, 0x2}, {0x4, 0x9}, {0x7, 0x3}, {0x0, 0x9}, {0x0, 0x8}, {0x1, 0x7}, {0x5, 0x9}, {0x6, 0x6}, {0x2, 0x3}, {0x1, 0x1}, {0x0, 0x9}, {}, {0x5, 0xa}, {0x5, 0x9}, {0x3, 0x3}, {0x3, 0x3}, {0x1}, {0x5, 0x4}, {0x0, 0x6}, {0x7, 0x5}, {0x2, 0x5}, {0x5}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x5}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x2, 0x6}, {0x7, 0x2}, {0x5, 0x2}, {0x6}, {0x6, 0x5}, {0x5, 0x8}, {0x2, 0x7}, {0x1, 0xa}, {0x1, 0x1}, {0x6, 0x6}, {0x6, 0x9}, {0x5, 0x3}, {0x4, 0x9}, {0x4, 0x5}, {0x2, 0x3}, {0x2, 0x4}, {0x1, 0x4}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x6}, {0x5, 0x5}, {0x0, 0xa}, {0x4, 0x1}, {0x6, 0x3}, {0x7, 0x8}, {0x6, 0x8}, {0x0, 0xa}, {0x5, 0x9}]}]}]}, @NL80211_ATTR_TX_RATES={0x128, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xca0f, 0x5, 0x4, 0x1, 0x8, 0x99d, 0x2, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x3, 0x8, 0x2, 0xfbf0, 0xa, 0x0, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x38c, 0x0, 0x0, 0x9, 0xffff, 0x3, 0xcb, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x4c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x6, 0x6}, {0x1, 0x6}, {0x7}, {0x0, 0x8}, {0x1, 0x9}, {0x4, 0xa}, {0x6, 0xa}, {0x1, 0x1}, {0x2, 0x4}, {0x3, 0x1}, {0x0, 0x9}, {0x4, 0x1}, {0x7, 0x4}, {0x0, 0x3}, {0x6, 0x5}, {0x1, 0x3}, {0x3, 0xa}, {0x6, 0x1}, {0x5, 0x5}, {0x1, 0x7}, {0x0, 0x6}, {0x1, 0x1}, {0x1, 0x9}, {0x2}, {0x2, 0x1}, {0x1, 0x4}, {0x1, 0x6}, {0x1, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_6GHZ={0x14, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0x3, 0x8, 0x0, 0x7, 0x1, 0x401]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x34, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_ATTR_TX_RATES={0x50, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x4c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x995, 0x1, 0x8, 0x2, 0x8, 0x5, 0x800]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x5, 0x1b, 0x12, 0x5, 0x3, 0x3, 0x30, 0x60, 0x60, 0x36, 0xc, 0x3, 0x16, 0x4, 0x1, 0x6, 0x24, 0xc, 0x48, 0x0, 0x6c, 0x24, 0x3, 0x9, 0x3, 0x60, 0x36, 0xb]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ef, 0x4, 0x4, 0x2, 0x5771, 0x81, 0xb, 0x3]}}]}]}, @NL80211_ATTR_TX_RATES={0x164, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x3, 0x8, 0x8, 0x8, 0x7, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xfffa, 0x48, 0x3, 0x0, 0x0, 0xff, 0x80]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x3ff, 0x200, 0x4, 0xbc, 0x9, 0x2, 0x544b]}}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x48, 0x5, 0x24, 0x16, 0x1, 0x5, 0x30, 0xb, 0x60, 0x5, 0x6, 0x18, 0x5, 0x48]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0x1800, 0xcf, 0x8, 0x1000, 0x3, 0x3, 0x5]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_2GHZ={0xc0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3ff, 0x9, 0x9, 0x6, 0x20fe, 0x400, 0x6b81, 0x9]}}, @NL80211_TXRATE_HT={0x38, 0x2, [{0x0, 0x1}, {0x5}, {0x6, 0x3}, {0x3, 0x6}, {0x0, 0x7}, {0x0, 0xa}, {0x6, 0x2}, {0x3, 0x3}, {0x7, 0x3}, {0x3, 0x7}, {0x2}, {0x6, 0x8}, {0x0, 0x5}, {0x1, 0x3}, {0x0, 0x8}, {0x2, 0x1}, {0x5, 0x1}, {0x7, 0x2}, {0x4, 0x6}, {0x0, 0x1}, {0x4, 0x5}, {0x5, 0x6}, {0x1, 0x3}, {0x0, 0x9}, {0x2, 0x1}, {}, {0x5}, {0x7, 0x1}, {0x2}, {0x1, 0x2}, {0x6, 0x9}, {0x0, 0x2}, {0x4}, {0x1, 0x6}, {0x4, 0x7}, {0x2}, {0x5, 0x2}, {0x1, 0x2}, {0x2, 0x7}, {0x5, 0x5}, {}, {0x2}, {0x2, 0x7}, {0x4}, {0x1, 0x3}, {0x3, 0x5}, {0x0, 0xa}, {0x0, 0x5}, {0x3}, {0x1, 0x7}, {0x2, 0x6}, {0x7, 0x1}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x3, 0x82, 0xf24, 0x8, 0x101, 0x0, 0xb5]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x5, 0x1}, {0x4, 0x7}, {0x3, 0xa}, {0x1, 0x8}, {0x4}, {0x2, 0x4}, {0x2}, {0x0, 0x5}, {0x2, 0x2}, {0x5, 0x6}, {0x2, 0x9}, {0x2, 0x9}, {0x3, 0x2}, {0x0, 0x6}, {0x2, 0xa}, {0x0, 0x2}, {0x5, 0x4}, {}, {0x0, 0x8}, {0x4, 0x5}, {0x4, 0x1}, {0x5, 0x4}, {0x1, 0x9}, {0x7, 0x5}, {0x5, 0x6}, {0x4, 0x3}, {0x1, 0x2}, {0x7, 0x3}, {0x4, 0x7}, {0x0, 0x1}, {0x6, 0x4}, {0x0, 0x2}, {0x4, 0x9}, {0x1, 0x5}, {0x1, 0x1}, {0x4, 0x9}, {0x6, 0x5}, {0x3}, {0x7, 0x6}, {0x2, 0x2}, {0x7, 0x4}, {0x7, 0x2}, {0x4, 0x6}, {0x3, 0x2}, {0x3, 0x1d}, {0x1, 0xa}, {0x0, 0x9}]}]}, @NL80211_BAND_6GHZ={0x1c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x1, 0x16, 0x3, 0x1, 0x12, 0x36, 0x4f, 0x36, 0x48, 0xe1, 0xa]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}]}]}]}, 0x3c4}, 0x1, 0x0, 0x0, 0x4091}, 0x20000000)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001540)={&(0x7f0000001480)={0xbc, r8, 0x4, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x953}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x327}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x393}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x7ff}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xfffffffe}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xa29}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x14}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x6}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x34b}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x26}]]}, 0xbc}, 0x1, 0x0, 0x0, 0x40000}, 0x8801)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000001600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000001700)={0x0, 'team_slave_0\x00', {0x3}, 0x20})
syz_80211_inject_frame(&(0x7f0000001740), &(0x7f0000001780)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x5}, @device_a, @initial, @from_mac=@device_b, {0x0, 0xd}, "", @void, @value=@ver_80211n={0x0, 0x7ffd, 0x3, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1}}, @random="6071db8f6cd793d0fa7c41eaa597a2b4912d7816324b2ce6c45f283b509706b1ae8cccf641a2efec0cb58544ce51a3b26b542b04d005a38f6295c56063b5333f27d2846b0212b5142baf554b3cb788d267edac5f43e9c3ec66916f4772eed511b0ef8b10dbe8428a549297fa14a3efe0a4172ce66af5abbe605d93f5100836902b2f0f3db7204d9cdc01715bef06e5f2e9f0e63184dd73cade99e5a449e28ff8567082ef3c31bcda94edbbe18018a17778e5baba26352d41ffb1f1f4e2de0d447b3dc9a70af472b4c4487a1e0a62df2c8233b4b5a1c6be89d9785d587e1b0f2ef6403436388b3b577a6ebafa32b458dcfe5b8ae01344c2950ee34a1d89080126e103f9f6240d5c54c2653aeed2326e4c0c21be1fef30decdb6728757b068ddd7ddbd2f7beff96cf14c0058b3ffe9e21a593aca7a37cf71ed78c0d163f6a5de8f25972c1711565a3c63ef9f84c63034ff0191607ac8d0147e52db3f226cccc2c2dbbba720c5f55ac6daf4c566fe2e51dec7d84a5bab216c1717fccb5c328a64c9492c0c4ecaa524d83eebb3696ce1266624d013bf96cacf4236b2ce5c1a7277cdbb6553f0bf8100e1b0d1afa8730350aafd71b5d6263cf818c65dea78f4ef397939e273fa485c7f11f7b6110082b91ef42d1d114e2d7e6fc4b412a8194c3cf12d85f174f9619a2588d4784ecfe04d9ff94d0b8d6ad8d981ffab0212e167770404600e5a8e55903a8a920ab50bb655f0dbacfc7283aae6795783e620bc6eeac1f082dc299860c5e350798ca05c334d32d5abd7bc9c77f651378817c16ad378d5b4e1af5e45f9933a01565fe29c5207e463db1cfb40069379dab96367ab30a9099470dc20cc515ba00ffb94c5e5ba0f8153ef54d2d96bf1dc1f26033016fe04df006b94cf8cfe9a0d78cc9c4199add53dcf1d7530dc536d34876d044c161f9f204e39a93b16d24cdffaf18bfd0b13a244dfba68c497da836d67731f1822974915009a888190be68c64cab5d57fe1be4d0dd9066c9deeff31bdf6f8bab2208b84a49233c5bc86e7a1a4bc5256d981f312fda1d6c22f8d6d4650421ba1c97b26f45f66acffbca9c95b416ed67e493fa09ee7cea1bc881c382d23a3c83ff97eac49a6c1876a37d781c9a3da0fd052a1f4d1643243791ca5e1e4fbcc9d7e41f78437c2915e00df528b34dcca54211f41f2c55d3106b907189bc2948e5a07c6ca5532dc567d512204e62e83c40f4513add9ef515b52ffc10fc3029578283ec764d98e75e111fcfc2d2d8e3281f7eb62fffe01e383a360e075b6f878638"}, 0x3b5)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000001b40)='blkio.throttle.write_iops_device\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000001b80), &(0x7f0000001bc0)=0x4)

1.496550107s ago: executing program 3 (id=3120):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
accept4$bt_l2cap(r0, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080), 0x4)

1.339089397s ago: executing program 3 (id=3121):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000003000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="7993ff01190000e5ffa53b00198f", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50)

1.167026736s ago: executing program 4 (id=3122):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000040000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000001"], 0xfc}}, 0x0)

1.069798919s ago: executing program 3 (id=3123):
socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x6a040000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (rerun: 32)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000280)=[{0x20}]}, 0x10)
r1 = epoll_create1(0x80000) (async, rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32)
getsockname(0xffffffffffffffff, 0x0, 0x0) (rerun: 32)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
r4 = socket$inet(0x2, 0x4000000805, 0x0)
listen(r4, 0x5)
sendmmsg(r4, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18}}], 0x2, 0x844) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) (async)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xa0000009}) (async, rerun: 32)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000340)={<r6=>r3, 0xfffffffffffffffa, 0x5, 0x2}) (rerun: 32)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000480)=ANY=[@ANYBLOB="1e00000006000000b4ffffff0300000040000000", @ANYRES32, @ANYBLOB="3f00000002000000000000000000000000000000f673f202000000000000001abca17c2a0a45bbf7990a1f28464656ee72ffa863ac149c18898f1bf6aacc21e211681ef558b9844517a703000000000000093cbf0739edca5e708abe876301c712166dfb3391101a9edee50047d49f3777e87f6f7fc2a8e1836946e37303a5ecfa021edfc0766ce6622281eb0f246b34c9db708e7290", @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="0100000001000000000000000a00"/28], 0x50) (async)
unshare(0x60600) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000009000000010001000900000001000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC=r3], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4, r7}, 0x38)
ppoll(&(0x7f0000000200)=[{r5, 0x1}], 0x1, 0x0, 0x0, 0x3)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
syz_emit_ethernet(0x2a, 0x0, 0x0) (async, rerun: 64)
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={0x0}}, 0x0) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) (async)
epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x400) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180200f1ffffff85070000180800009500000800000000000000242700000000"], &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100}, 0x94)

935.841303ms ago: executing program 4 (id=3124):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000003060104"], 0x28}, 0x1, 0x0, 0x0, 0x48090}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c008400090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c000280180002"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

758.238825ms ago: executing program 1 (id=3125):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000001200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/35, 0x23}, 0x9e2}], 0x1, 0x1832b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01c5d147650500001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x80, 0x10, 0xffffff1f, 0x0, 0x25dfdbfb, {}, [@IFLA_LINKINFO={0x58, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x44, 0x2, 0x0, 0x1, [@IFLA_GRE_FLAGS={0x8, 0xd, 0x9}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x2}, @IFLA_GRE_TTL={0x5, 0x8, 0xfd}, @IFLA_GRE_IKEY={0x8}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e22}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x7f}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
close(r6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000e1850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f00000000c0)=r10, 0x4)
sendmsg$unix(r9, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r11 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r11)
getsockname$packet(r11, &(0x7f0000000680)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r12, @ANYBLOB="01"], 0x3c}}, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

671.097505ms ago: executing program 4 (id=3126):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000002000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50af8ff00000700850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)

465.465474ms ago: executing program 4 (id=3127):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00001800bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

240.426852ms ago: executing program 4 (id=3128):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x2c, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "dbeb00171c"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x0)

0s ago: executing program 4 (id=3129):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r3, 0x0, 0x0, 0x81d0)
setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f0000000140)=0x9, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
socket(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x5, 0x0)
socket$inet6(0xa, 0x5, 0x0)
r5 = socket$inet(0x2, 0x80001, 0x84)
listen(r5, 0x3a5)
pselect6(0x40, &(0x7f00000001c0)={0x58, 0x8, 0x5, 0x5, 0x3, 0x1, 0x10001, 0x5}, 0x0, 0x0, &(0x7f0000000400), 0x0)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x60, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x11b}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x60}, 0x1, 0x0, 0x0, 0x8800}, 0x20000000)

kernel console output (not intermixed with test programs):

b69
[  363.927532][T13007] RDX: 0000200000000080 RSI: 0000000040107446 RDI: 0000000000000003
[  363.927545][T13007] RBP: 00007f5304178090 R08: 0000000000000000 R09: 0000000000000000
[  363.927555][T13007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.927565][T13007] R13: 0000000000000000 R14: 00007f53035b5fa0 R15: 00007ffee34e0cd8
[  363.927594][T13007]  </TASK>
[  364.188654][T13007] ERROR: Out of memory at tomoyo_realpath_from_path.
[  364.475834][T13018] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2163'.
[  364.586468][T13022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2164'.
[  364.809791][ T5852] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  364.816881][ T5852] Bluetooth: hci2: command 0x0406 tx timeout
[  364.841327][T13028] vlan3: entered promiscuous mode
[  364.847405][T13028] vlan3: entered allmulticast mode
[  364.853543][T13028] bridge0: entered allmulticast mode
[  365.291571][T13042] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2172'.
[  365.328698][T13043] batadv_slave_0: entered promiscuous mode
[  365.335618][T13042] netlink: 'syz.0.2172': attribute type 12 has an invalid length.
[  365.495233][T13042] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2172'.
[  365.495545][   T36] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  365.522993][T13037] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2171'.
[  365.546910][T13046] FAULT_INJECTION: forcing a failure.
[  365.546910][T13046] name failslab, interval 1, probability 0, space 0, times 0
[  365.563783][   T36] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  365.573882][T13042] netlink: 'syz.0.2172': attribute type 12 has an invalid length.
[  365.592342][T13046] CPU: 0 UID: 0 PID: 13046 Comm: syz.1.2173 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  365.592377][T13046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  365.592390][T13046] Call Trace:
[  365.592398][T13046]  <TASK>
[  365.592409][T13046]  dump_stack_lvl+0x189/0x250
[  365.592439][T13046]  ? __pfx____ratelimit+0x10/0x10
[  365.592468][T13046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.592489][T13046]  ? __pfx__printk+0x10/0x10
[  365.592522][T13046]  ? __pfx___might_resched+0x10/0x10
[  365.592551][T13046]  ? fs_reclaim_acquire+0x7d/0x100
[  365.592580][T13046]  should_fail_ex+0x414/0x560
[  365.592618][T13046]  should_failslab+0xa8/0x100
[  365.592640][T13046]  __kmalloc_cache_noprof+0x70/0x3d0
[  365.592669][T13046]  ? mgmt_pending_new+0x65/0x1e0
[  365.592707][T13046]  mgmt_pending_new+0x65/0x1e0
[  365.592743][T13046]  mgmt_pending_add+0x35/0x140
[  365.592778][T13046]  start_discovery_internal+0x3b7/0x5c0
[  365.592811][T13046]  hci_mgmt_cmd+0x9c6/0xef0
[  365.592848][T13046]  hci_sock_sendmsg+0x6ca/0xef0
[  365.592876][T13046]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  365.592896][T13046]  ? aa_sock_msg_perm+0x94/0x160
[  365.592925][T13046]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  365.592949][T13046]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  365.592971][T13046]  __sock_sendmsg+0x219/0x270
[  365.593001][T13046]  sock_write_iter+0x258/0x330
[  365.593030][T13046]  ? __pfx_sock_write_iter+0x10/0x10
[  365.593070][T13046]  ? bpf_lsm_file_permission+0x9/0x20
[  365.593095][T13046]  ? security_file_permission+0x75/0x290
[  365.593129][T13046]  vfs_write+0x54b/0xa90
[  365.593166][T13046]  ? __pfx_sock_write_iter+0x10/0x10
[  365.593191][T13046]  ? __pfx_vfs_write+0x10/0x10
[  365.593233][T13046]  ? __fget_files+0x2a/0x420
[  365.593276][T13046]  ksys_write+0x145/0x250
[  365.593308][T13046]  ? __pfx_ksys_write+0x10/0x10
[  365.593332][T13046]  ? rcu_is_watching+0x15/0xb0
[  365.593368][T13046]  ? do_syscall_64+0xbe/0x3b0
[  365.593404][T13046]  do_syscall_64+0xfa/0x3b0
[  365.593431][T13046]  ? lockdep_hardirqs_on+0x9c/0x150
[  365.593458][T13046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.593478][T13046]  ? clear_bhb_loop+0x60/0xb0
[  365.593504][T13046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.593523][T13046] RIP: 0033:0x7fb4b8f8eb69
[  365.593542][T13046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.593559][T13046] RSP: 002b:00007fb4b9e7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  365.593582][T13046] RAX: ffffffffffffffda RBX: 00007fb4b91b5fa0 RCX: 00007fb4b8f8eb69
[  365.593597][T13046] RDX: 0000000000000007 RSI: 0000200000000140 RDI: 0000000000000004
[  365.593610][T13046] RBP: 00007fb4b9e7f090 R08: 0000000000000000 R09: 0000000000000000
[  365.593622][T13046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.593634][T13046] R13: 0000000000000000 R14: 00007fb4b91b5fa0 R15: 00007ffe32a214e8
[  365.593671][T13046]  </TASK>
[  365.946305][   T36] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  365.987498][   T36] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  366.311190][T13036] batadv_slave_0: left promiscuous mode
[  368.559573][T13104] __nla_validate_parse: 6 callbacks suppressed
[  368.559597][T13104] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2191'.
[  368.827551][T13113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2193'.
[  368.907825][T13116] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2194'.
[  369.095493][T13121] syz.3.2197 (13121) used obsolete PPPIOCDETACH ioctl
[  369.367605][T13128] FAULT_INJECTION: forcing a failure.
[  369.367605][T13128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  369.402968][T13128] CPU: 1 UID: 0 PID: 13128 Comm: syz.2.2200 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  369.403003][T13128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  369.403013][T13128] Call Trace:
[  369.403021][T13128]  <TASK>
[  369.403029][T13128]  dump_stack_lvl+0x189/0x250
[  369.403054][T13128]  ? __pfx____ratelimit+0x10/0x10
[  369.403078][T13128]  ? __pfx_dump_stack_lvl+0x10/0x10
[  369.403095][T13128]  ? __pfx__printk+0x10/0x10
[  369.403126][T13128]  should_fail_ex+0x414/0x560
[  369.403166][T13128]  _copy_to_user+0x31/0xb0
[  369.403192][T13128]  simple_read_from_buffer+0xe1/0x170
[  369.403222][T13128]  proc_fail_nth_read+0x1b3/0x220
[  369.403245][T13128]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  369.403266][T13128]  ? rw_verify_area+0x258/0x650
[  369.403286][T13128]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  369.403309][T13128]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  369.403329][T13128]  vfs_read+0x1fd/0x980
[  369.403350][T13128]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  369.403378][T13128]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  369.403404][T13128]  ? __pfx_vfs_read+0x10/0x10
[  369.403432][T13128]  ? ppp_ioctl+0x145a/0x19a0
[  369.403462][T13128]  ksys_read+0x145/0x250
[  369.403487][T13128]  ? __pfx_ksys_read+0x10/0x10
[  369.403513][T13128]  ? do_syscall_64+0xbe/0x3b0
[  369.403541][T13128]  do_syscall_64+0xfa/0x3b0
[  369.403562][T13128]  ? lockdep_hardirqs_on+0x9c/0x150
[  369.403584][T13128]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.403600][T13128]  ? clear_bhb_loop+0x60/0xb0
[  369.403619][T13128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.403635][T13128] RIP: 0033:0x7f19a3d8d57c
[  369.403656][T13128] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  369.403670][T13128] RSP: 002b:00007f19a4b31030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  369.403690][T13128] RAX: ffffffffffffffda RBX: 00007f19a3fb5fa0 RCX: 00007f19a3d8d57c
[  369.403702][T13128] RDX: 000000000000000f RSI: 00007f19a4b310a0 RDI: 0000000000000004
[  369.403711][T13128] RBP: 00007f19a4b31090 R08: 0000000000000000 R09: 0000000000000000
[  369.403721][T13128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.403730][T13128] R13: 0000000000000000 R14: 00007f19a3fb5fa0 R15: 00007ffc49dc6248
[  369.403756][T13128]  </TASK>
[  369.661601][T13132] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2201'.
[  369.917324][T13131] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2202'.
[  370.299631][T13143] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2205'.
[  370.375225][T13145] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2208'.
[  370.396406][T13147] netlink: 'syz.4.2209': attribute type 1 has an invalid length.
[  370.659358][T13158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2211'.
[  370.798346][T13161] FAULT_INJECTION: forcing a failure.
[  370.798346][T13161] name failslab, interval 1, probability 0, space 0, times 0
[  370.850204][T13161] CPU: 1 UID: 0 PID: 13161 Comm: syz.2.2214 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  370.850237][T13161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.850248][T13161] Call Trace:
[  370.850257][T13161]  <TASK>
[  370.850265][T13161]  dump_stack_lvl+0x189/0x250
[  370.850294][T13161]  ? __pfx____ratelimit+0x10/0x10
[  370.850322][T13161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.850342][T13161]  ? __pfx__printk+0x10/0x10
[  370.850387][T13161]  should_fail_ex+0x414/0x560
[  370.850425][T13161]  should_failslab+0xa8/0x100
[  370.850448][T13161]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  370.850479][T13161]  ? __alloc_skb+0x112/0x2d0
[  370.850514][T13161]  __alloc_skb+0x112/0x2d0
[  370.850548][T13161]  create_monitor_ctrl_event+0x38/0x480
[  370.850588][T13161]  mgmt_cmd_complete+0x20f/0x590
[  370.850626][T13161]  start_discovery_internal+0x289/0x5c0
[  370.850659][T13161]  hci_mgmt_cmd+0x9c6/0xef0
[  370.850694][T13161]  hci_sock_sendmsg+0x6ca/0xef0
[  370.850719][T13161]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  370.850738][T13161]  ? aa_sock_msg_perm+0x94/0x160
[  370.850766][T13161]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  370.850788][T13161]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  370.850808][T13161]  __sock_sendmsg+0x219/0x270
[  370.850838][T13161]  sock_write_iter+0x258/0x330
[  370.850865][T13161]  ? __pfx_sock_write_iter+0x10/0x10
[  370.850920][T13161]  ? bpf_lsm_file_permission+0x9/0x20
[  370.850946][T13161]  ? security_file_permission+0x75/0x290
[  370.850981][T13161]  vfs_write+0x54b/0xa90
[  370.851016][T13161]  ? __pfx_sock_write_iter+0x10/0x10
[  370.851041][T13161]  ? __pfx_vfs_write+0x10/0x10
[  370.851081][T13161]  ? __fget_files+0x2a/0x420
[  370.851113][T13161]  ksys_write+0x145/0x250
[  370.851144][T13161]  ? __pfx_ksys_write+0x10/0x10
[  370.851174][T13161]  ? rcu_is_watching+0x15/0xb0
[  370.851212][T13161]  ? do_syscall_64+0xbe/0x3b0
[  370.851246][T13161]  do_syscall_64+0xfa/0x3b0
[  370.851272][T13161]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.851298][T13161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.851317][T13161]  ? clear_bhb_loop+0x60/0xb0
[  370.851343][T13161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.851363][T13161] RIP: 0033:0x7f19a3d8eb69
[  370.851381][T13161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.851399][T13161] RSP: 002b:00007f19a4b31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  370.851423][T13161] RAX: ffffffffffffffda RBX: 00007f19a3fb5fa0 RCX: 00007f19a3d8eb69
[  370.851439][T13161] RDX: 0000000000000007 RSI: 0000200000000140 RDI: 0000000000000004
[  370.851451][T13161] RBP: 00007f19a4b31090 R08: 0000000000000000 R09: 0000000000000000
[  370.851464][T13161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.851476][T13161] R13: 0000000000000000 R14: 00007f19a3fb5fa0 R15: 00007ffc49dc6248
[  370.851513][T13161]  </TASK>
[  371.715662][T13175] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2215'.
[  371.758006][T13178] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2219'.
[  371.862710][T13180] netlink: 'syz.2.2218': attribute type 4 has an invalid length.
[  372.651161][ T5858] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  372.659388][ T5858] Bluetooth: hci2: command 0x0406 tx timeout
[  374.088097][T13230] __nla_validate_parse: 4 callbacks suppressed
[  374.088125][T13230] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.2236'.
[  374.669647][T13240] vlan2: entered promiscuous mode
[  374.674878][T13240] gretap0: entered promiscuous mode
[  374.751281][T13242] netlink: 'syz.3.2240': attribute type 1 has an invalid length.
[  374.880888][T13246] netlink: 'syz.3.2240': attribute type 1 has an invalid length.
[  374.981008][T13249] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2242'.
[  375.410099][T13258] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2243'.
[  375.632157][T13264] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2245'.
[  375.956615][T13269] FAULT_INJECTION: forcing a failure.
[  375.956615][T13269] name failslab, interval 1, probability 0, space 0, times 0
[  376.074440][T13269] CPU: 1 UID: 0 PID: 13269 Comm: syz.2.2246 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  376.074478][T13269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  376.074491][T13269] Call Trace:
[  376.074500][T13269]  <TASK>
[  376.074511][T13269]  dump_stack_lvl+0x189/0x250
[  376.074542][T13269]  ? __pfx____ratelimit+0x10/0x10
[  376.074571][T13269]  ? __pfx_dump_stack_lvl+0x10/0x10
[  376.074594][T13269]  ? __pfx__printk+0x10/0x10
[  376.074630][T13269]  ? __pfx___might_resched+0x10/0x10
[  376.074658][T13269]  ? fs_reclaim_acquire+0x7d/0x100
[  376.074688][T13269]  should_fail_ex+0x414/0x560
[  376.074724][T13269]  ? __pfx_start_discovery_sync+0x10/0x10
[  376.074749][T13269]  should_failslab+0xa8/0x100
[  376.074771][T13269]  __kmalloc_cache_noprof+0x70/0x3d0
[  376.074801][T13269]  ? hci_cmd_sync_submit+0xcb/0x2b0
[  376.074827][T13269]  ? __pfx_start_discovery_sync+0x10/0x10
[  376.074851][T13269]  hci_cmd_sync_submit+0xcb/0x2b0
[  376.074873][T13269]  ? __pfx_start_discovery_complete+0x10/0x10
[  376.074913][T13269]  start_discovery_internal+0x3d8/0x5c0
[  376.074948][T13269]  hci_mgmt_cmd+0x9c6/0xef0
[  376.074987][T13269]  hci_sock_sendmsg+0x6ca/0xef0
[  376.075016][T13269]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  376.075036][T13269]  ? aa_sock_msg_perm+0x94/0x160
[  376.075065][T13269]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  376.075088][T13269]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  376.075110][T13269]  __sock_sendmsg+0x219/0x270
[  376.075143][T13269]  sock_write_iter+0x258/0x330
[  376.075170][T13269]  ? __pfx_sock_write_iter+0x10/0x10
[  376.075211][T13269]  ? bpf_lsm_file_permission+0x9/0x20
[  376.075235][T13269]  ? security_file_permission+0x75/0x290
[  376.075271][T13269]  vfs_write+0x54b/0xa90
[  376.075308][T13269]  ? __pfx_sock_write_iter+0x10/0x10
[  376.075333][T13269]  ? __pfx_vfs_write+0x10/0x10
[  376.075376][T13269]  ? __fget_files+0x2a/0x420
[  376.075410][T13269]  ksys_write+0x145/0x250
[  376.075442][T13269]  ? __pfx_ksys_write+0x10/0x10
[  376.075473][T13269]  ? rcu_is_watching+0x15/0xb0
[  376.075511][T13269]  ? do_syscall_64+0xbe/0x3b0
[  376.075547][T13269]  do_syscall_64+0xfa/0x3b0
[  376.075572][T13269]  ? lockdep_hardirqs_on+0x9c/0x150
[  376.075598][T13269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.075618][T13269]  ? clear_bhb_loop+0x60/0xb0
[  376.075642][T13269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.075661][T13269] RIP: 0033:0x7f19a3d8eb69
[  376.075681][T13269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.075698][T13269] RSP: 002b:00007f19a4b31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  376.075723][T13269] RAX: ffffffffffffffda RBX: 00007f19a3fb5fa0 RCX: 00007f19a3d8eb69
[  376.075738][T13269] RDX: 0000000000000007 RSI: 0000200000000140 RDI: 0000000000000004
[  376.075750][T13269] RBP: 00007f19a4b31090 R08: 0000000000000000 R09: 0000000000000000
[  376.075761][T13269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  376.075772][T13269] R13: 0000000000000000 R14: 00007f19a3fb5fa0 R15: 00007ffc49dc6248
[  376.075806][T13269]  </TASK>
[  377.087037][   T15] sched: DL replenish lagged too much
[  377.110660][T13273] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2247'.
[  377.191586][T13277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2250'.
[  379.457082][T13301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2257'.
[  380.374563][T13320] netlink: 'syz.0.2262': attribute type 23 has an invalid length.
[  380.391283][T13319] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2263'.
[  380.807408][T13326] netlink: 'syz.1.2264': attribute type 1 has an invalid length.
[  381.005506][T13326] 8021q: adding VLAN 0 to HW filter on device bond2
[  381.141673][T13326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2264'.
[  381.443021][T13324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  381.960763][ T5858] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  381.992366][T13325] bond2: (slave veth31): Enslaving as an active interface with a down link
[  382.009690][ T5858] Bluetooth: hci2: command 0x0406 tx timeout
[  382.027883][T13328] vlan3: entered allmulticast mode
[  382.034302][T13328] veth1: entered allmulticast mode
[  382.042919][T13328] veth1: entered promiscuous mode
[  382.052624][T13328] veth1: left promiscuous mode
[  382.062926][T13328] bond2: (slave vlan3): making interface the new active one
[  382.072606][T13328] veth1: entered promiscuous mode
[  382.364097][T13328] vlan3: entered promiscuous mode
[  382.455566][T13328] bond2: (slave vlan3): Enslaving as an active interface with an up link
[  382.508726][T13326] netlink: 'syz.1.2264': attribute type 1 has an invalid length.
[  382.527398][T13326] netlink: 'syz.1.2264': attribute type 2 has an invalid length.
[  383.257707][T13356] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2270'.
[  383.498639][T13364] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  384.067119][T13367] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2273'.
[  384.658503][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  385.081678][T13373] netlink: 'syz.4.2274': attribute type 6 has an invalid length.
[  385.111242][T13373] netlink: 'syz.4.2274': attribute type 6 has an invalid length.
[  387.216649][T13391] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2281'.
[  387.255856][T13393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2279'.
[  389.331172][T13421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2288'.
[  389.639843][T13434] netlink: 'syz.3.2291': attribute type 23 has an invalid length.
[  391.345582][T13457] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2299'.
[  391.405992][T13454] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2298'.
[  391.632431][T13461] vlan4: entered promiscuous mode
[  391.664769][T13466] netlink: 'syz.3.2303': attribute type 10 has an invalid length.
[  391.836653][T13466] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  392.459536][T13480] netlink: 'syz.0.2305': attribute type 17 has an invalid length.
[  392.466157][T13481] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2306'.
[  392.627081][T13489] netlink: 'syz.0.2305': attribute type 10 has an invalid length.
[  392.784243][T13480] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2305'.
[  392.832415][T13480] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  392.937041][T13495] netlink: 'syz.4.2309': attribute type 10 has an invalid length.
[  392.941212][T13489] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.945823][T13495] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2309'.
[  393.026147][T13489] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  393.233757][T13495] team0: Port device geneve0 added
[  393.556456][T13505] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2313'.
[  393.581940][T13503] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2312'.
[  393.599493][T13503] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2312'.
[  393.660327][T13503] v: entered promiscuous mode
[  393.667798][T13503] v: left promiscuous mode
[  393.822430][T13515] wg1: entered promiscuous mode
[  393.842864][T13515] wg1: entered allmulticast mode
[  393.920253][ T1014] vlan3: left promiscuous mode
[  394.205572][T13524] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.2320'.
[  394.608634][T13542] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2323'.
[  394.889557][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  394.907126][T13552] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2322'.
[  395.542380][T13570] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2331'.
[  395.613896][T13558] bridge0: port 3(batadv0) entered disabled state
[  395.621690][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.629591][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.381492][T13558] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  396.430327][T13558] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  396.797512][T13558] mac80211_hwsim hwsim7 wlan0: left promiscuous mode
[  396.862111][T13558] vlan2: left promiscuous mode
[  396.887236][T13558] vlan2: left allmulticast mode
[  396.897074][T13558] hsr_slave_1: left allmulticast mode
[  396.932838][T13558] ip6gre1: left allmulticast mode
[  396.977122][T13558] gretap1: left promiscuous mode
[  396.987896][T13558] geneve3: left promiscuous mode
[  397.000327][T13558] geneve3: left allmulticast mode
[  397.061996][T13558] batadv1: left allmulticast mode
[  397.101682][T13558] vlan3: left promiscuous mode
[  397.115214][T13558] vlan3: left allmulticast mode
[  397.121328][T13558] bridge0: left allmulticast mode
[  397.189332][   T37] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.199703][   T37] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[  397.209979][ T1014] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.237986][ T1014] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0
[  397.326481][ T1014] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.346187][ T1014] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0
[  397.376362][ T1014] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.409376][ T1014] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0
[  397.557820][T13592] lo speed is unknown, defaulting to 1000
[  397.608175][T13587] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  398.135336][T13592] lo speed is unknown, defaulting to 1000
[  398.627845][T13622] __nla_validate_parse: 1 callbacks suppressed
[  398.627874][T13622] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2346'.
[  398.970493][T13630] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2349'.
[  399.030057][T13630] tipc: Invalid UDP bearer configuration
[  399.030139][T13630] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  399.240920][T13642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2353'.
[  399.451606][T13647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2354'.
[  399.721101][T13650] bridge_slave_1: mtu less than device minimum
[  399.877433][T13652] lo speed is unknown, defaulting to 1000
[  400.168266][T13652] lo speed is unknown, defaulting to 1000
[  400.472112][T13658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2357'.
[  401.475561][T13679] xt_limit: Overflow, try lower: 604147548/4200216962
[  401.609837][T13683] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2366'.
[  401.951222][T13684] lo speed is unknown, defaulting to 1000
[  401.982240][T13689] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2367'.
[  402.138371][T13689] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2367'.
[  402.248220][T13695] sctp: [Deprecated]: syz.0.2370 (pid 13695) Use of int in max_burst socket option.
[  402.248220][T13695] Use struct sctp_assoc_value instead
[  402.349506][T13697] netlink: 'syz.2.2371': attribute type 13 has an invalid length.
[  402.358072][T13697] netlink: 'syz.2.2371': attribute type 17 has an invalid length.
[  402.506559][T13697] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  402.831705][T13684] lo speed is unknown, defaulting to 1000
[  403.147842][T13721] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2378'.
[  403.168622][T13722] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  403.338552][T13724] vlan2: entered promiscuous mode
[  403.423198][T13726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2380'.
[  403.749060][T13731] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  403.880362][T13731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2382'.
[  403.908637][T13731] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  403.916726][T13731] IPv6: NLM_F_CREATE should be set when creating new route
[  403.924174][T13731] IPv6: NLM_F_CREATE should be set when creating new route
[  403.932048][T13731] IPv6: NLM_F_CREATE should be set when creating new route
[  403.966371][T13731] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  404.927142][T13729] team0: left promiscuous mode
[  404.958448][T13729] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[  404.987820][T13729] macvtap1: left allmulticast mode
[  405.049442][   T37] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  405.099654][   T37] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.108377][   T37] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  405.144092][   T37] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.175858][   T37] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  405.219652][   T37] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.271214][   T37] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  405.309389][   T37] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.468443][T13753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2386'.
[  405.990102][T13768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2391'.
[  406.022569][T13760] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2391'.
[  406.345151][T13773] lo speed is unknown, defaulting to 1000
[  406.502449][T13569] Set syz1 is full, maxelem 65536 reached
[  406.706960][T13777] netlink: 'syz.4.2396': attribute type 10 has an invalid length.
[  406.755477][T13777] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  407.104050][T13773] lo speed is unknown, defaulting to 1000
[  407.104066][T13772] lo speed is unknown, defaulting to 1000
[  407.243147][T13774] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2395'.
[  407.271752][T13774] netlink: 'syz.1.2395': attribute type 13 has an invalid length.
[  407.292992][T13774] netlink: 'syz.1.2395': attribute type 17 has an invalid length.
[  407.521902][T13775] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2394'.
[  407.589960][T13793] netlink: 'syz.3.2394': attribute type 13 has an invalid length.
[  407.619405][T13793] netlink: 'syz.3.2394': attribute type 17 has an invalid length.
[  407.872592][T13774] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.985563][T13790] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  407.997076][T13792] syzkaller0: entered promiscuous mode
[  408.019382][T13792] syzkaller0: entered allmulticast mode
[  408.122241][T13793] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  408.176039][T13804] tipc: Resetting bearer <eth:syzkaller0>
[  408.200929][T13786] tipc: Resetting bearer <eth:syzkaller0>
[  408.245959][T13786] tipc: Disabling bearer <eth:syzkaller0>
[  408.275447][T13772] lo speed is unknown, defaulting to 1000
[  408.732915][T13819] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2406'.
[  408.815523][T13816] vlan4: entered promiscuous mode
[  408.849914][T13817] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.157642][T13817] syzkaller0: entered promiscuous mode
[  409.175865][T13817] syzkaller0: entered allmulticast mode
[  409.986494][ T5826] tipc: Node number set to 625115843
[  410.052958][T13844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  411.865132][T13814] tipc: Resetting bearer <eth:syzkaller0>
[  411.905391][T13814] tipc: Disabling bearer <eth:syzkaller0>
[  412.177429][T13855] bridge_slave_0: left allmulticast mode
[  412.219430][T13855] bridge_slave_0: left promiscuous mode
[  412.251587][T13855] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.293113][T13855] bond0: (slave bond_slave_0): Releasing backup interface
[  412.350047][T13855] bond0: (slave bond_slave_1): Releasing backup interface
[  412.389494][T13855] team_slave_0: left promiscuous mode
[  412.405182][T13855] team0: Port device team_slave_0 removed
[  412.428538][T13855] team_slave_1: left promiscuous mode
[  412.465600][T13855] team0: Port device team_slave_1 removed
[  412.481947][T13855] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  412.492113][T13855] batman_adv: batadv0: Removing interface: batadv_slave_0
[  412.515254][T13855] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  412.524249][T13855] batman_adv: batadv0: Removing interface: batadv_slave_1
[  412.529574][T13874] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2418'.
[  412.550953][T13855] bond0: (slave netdevsim0): Releasing backup interface
[  412.618272][ T9067] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  412.641499][T13863] team0: Mode changed to "loadbalance"
[  412.678833][T13876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2418'.
[  412.771070][T13872] lo speed is unknown, defaulting to 1000
[  412.924538][T13882] netlink: 'syz.1.2421': attribute type 13 has an invalid length.
[  412.933356][T13882] netlink: 'syz.1.2421': attribute type 17 has an invalid length.
[  413.074479][T13882] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  413.164847][T13887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2423'.
[  413.593488][T13875] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2419'.
[  413.669611][T13875] netlink: 'syz.4.2419': attribute type 13 has an invalid length.
[  413.685928][ T9067] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  413.835589][T13901] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2428'.
[  413.866734][T13875] netlink: 'syz.4.2419': attribute type 17 has an invalid length.
[  413.946068][T13904] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2429'.
[  414.059714][T13875] 8021q: adding VLAN 0 to HW filter on device bond0
[  414.092508][T13875] 8021q: adding VLAN 0 to HW filter on device team0
[  414.133410][T13875] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  414.159798][T13872] lo speed is unknown, defaulting to 1000
[  414.214948][T13881] lo speed is unknown, defaulting to 1000
[  414.376910][T13921] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2432'.
[  414.616703][ T6010] hid-generic 0005:16C0:5507.0001: hidraw0: BLUETOOTH HID v0.8d Device [syz0] on aa:aa:aa:aa:aa:aa
[  414.857353][T13931] erspan0: entered promiscuous mode
[  414.868721][T13931] batman_adv: batadv0: Adding interface: macvlan1
[  414.877537][T13931] batman_adv: batadv0: The MTU of interface macvlan1 is too small (1536) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1596 would solve the problem.
[  414.905565][T13931] batman_adv: batadv0: Interface activated: macvlan1
[  414.916369][T13881] lo speed is unknown, defaulting to 1000
[  415.178411][T13938] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2440'.
[  415.403106][T13940] pim6reg1: entered promiscuous mode
[  415.408732][T13940] pim6reg1: entered allmulticast mode
[  415.481753][T13941] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2441'.
[  416.252841][T13956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2446'.
[  417.200692][T13982] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  417.993447][T13996] lo speed is unknown, defaulting to 1000
[  418.001782][T14001] __nla_validate_parse: 3 callbacks suppressed
[  418.001823][T14001] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2460'.
[  418.092986][T14002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  418.127107][T14003] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2459'.
[  418.407734][T14019] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2466'.
[  418.472560][T14020] netlink: 'syz.0.2467': attribute type 8 has an invalid length.
[  418.494045][T14020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2467'.
[  418.848059][T13994] lo speed is unknown, defaulting to 1000
[  418.863787][T13996] lo speed is unknown, defaulting to 1000
[  419.780314][T14057] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2478'.
[  420.014474][T14059] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2479'.
[  420.089826][T13994] lo speed is unknown, defaulting to 1000
[  420.124165][T14064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  420.860376][T14083] lo speed is unknown, defaulting to 1000
[  420.995357][T14087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2486'.
[  421.067864][T14087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2486'.
[  421.114539][T14087] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2486'.
[  421.164861][T14087] netem: change failed
[  421.199478][T14083] lo speed is unknown, defaulting to 1000
[  421.316471][T14094] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2489'.
[  422.296281][T14121] erspan0: entered promiscuous mode
[  422.847461][T14139] netlink: 'syz.0.2502': attribute type 3 has an invalid length.
[  422.885884][T14139] syz_tun: entered allmulticast mode
[  422.914549][T14139] siw: device registration error -23
[  423.002652][T14139] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.055829][T14139] 8021q: adding VLAN 0 to HW filter on device team0
[  423.076394][T14139] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  423.139923][ T3482] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  423.149048][ T3482] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  423.275630][T14138] syz_tun: left allmulticast mode
[  423.333227][T14151] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  423.355142][T14151] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  423.554234][T14155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  423.738085][T14157] lo speed is unknown, defaulting to 1000
[  423.930418][ T9067] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  424.233418][   T37] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  424.255575][   T37] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  424.298843][ T5901] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  424.446739][T14176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  424.523962][T14180] __nla_validate_parse: 3 callbacks suppressed
[  424.523991][T14180] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2513'.
[  424.569524][T14181] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2512'.
[  424.584492][T14157] lo speed is unknown, defaulting to 1000
[  424.593256][T14166] lo speed is unknown, defaulting to 1000
[  424.619726][T14181] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2512'.
[  425.197285][T14191] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2515'.
[  425.262562][T14171] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2508'.
[  425.318150][T14171] netlink: 'syz.1.2508': attribute type 13 has an invalid length.
[  425.370649][T14171] netlink: 'syz.1.2508': attribute type 17 has an invalid length.
[  425.464862][T14171] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  425.668315][T14205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2520'.
[  425.816284][T14208] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2521'.
[  425.838302][T14166] lo speed is unknown, defaulting to 1000
[  426.394598][T14218] netlink: 'syz.3.2524': attribute type 1 has an invalid length.
[  426.405339][T14218] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2524'.
[  426.598016][T14222] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2526'.
[  426.686438][T14222] bond0: entered promiscuous mode
[  426.702985][T14222] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode
[  426.716355][T14227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2528'.
[  426.746514][T14222] bond0: left promiscuous mode
[  426.769427][T14222] mac80211_hwsim hwsim6 wlan1: left promiscuous mode
[  427.570032][T14245] nbd0: detected capacity change from 0 to 127
[  427.615703][T14249] lo speed is unknown, defaulting to 1000
[  427.682151][ T5858] block nbd0: Receive control failed (result -32)
[  428.052693][T14264] geneve4: entered promiscuous mode
[  428.058377][T14264] geneve4: entered allmulticast mode
[  428.070058][T14249] lo speed is unknown, defaulting to 1000
[  428.108148][   T78] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 36506 - 0
[  428.124654][   T78] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 59007 - 0
[  428.166294][   T78] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 36506 - 0
[  428.176437][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  428.205624][   T78] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 59007 - 0
[  428.293530][   T78] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 36506 - 0
[  428.305521][   T78] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 59007 - 0
[  428.376890][   T78] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 36506 - 0
[  428.393950][   T78] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 59007 - 0
[  429.533840][T14308] geneve2: entered promiscuous mode
[  429.546000][T14308] geneve2: entered allmulticast mode
[  430.005028][T14313] lo speed is unknown, defaulting to 1000
[  430.355985][T14320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  430.506910][T14325] __nla_validate_parse: 4 callbacks suppressed
[  430.506939][T14325] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2559'.
[  430.729608][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.865889][T14332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2562'.
[  430.905636][T14313] lo speed is unknown, defaulting to 1000
[  431.270443][T14344] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2566'.
[  431.776568][T14313] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2554'.
[  431.829918][T14313] netlink: 'syz.0.2554': attribute type 13 has an invalid length.
[  431.859747][T14313] netlink: 'syz.0.2554': attribute type 17 has an invalid length.
[  431.926153][T14313] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  432.163195][T14367] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2571'.
[  432.644629][T14371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  432.871434][T14378] netlink: ct family unspecified
[  432.909495][T14378] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  432.997642][T14383] netlink: 'syz.3.2575': attribute type 1 has an invalid length.
[  433.004124][ T1014] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xea
[  433.016833][T14383] netlink: 'syz.3.2575': attribute type 2 has an invalid length.
[  433.327547][T14392] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2579'.
[  433.425625][T14392] bond0: entered promiscuous mode
[  433.455922][T14392] bond0: left promiscuous mode
[  434.076491][T14426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2586'.
[  434.214290][T14434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2589'.
[  434.277080][T14439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2586'.
[  434.297766][T14436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  434.326089][T14441] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2591'.
[  434.491154][T14445] bond0 (unregistering): Released all slaves
[  434.713246][T14454] FAULT_INJECTION: forcing a failure.
[  434.713246][T14454] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.762874][T14454] CPU: 0 UID: 0 PID: 14454 Comm: syz.4.2595 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  434.762916][T14454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  434.762930][T14454] Call Trace:
[  434.762940][T14454]  <TASK>
[  434.762951][T14454]  dump_stack_lvl+0x189/0x250
[  434.762983][T14454]  ? __pfx____ratelimit+0x10/0x10
[  434.763031][T14454]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.763052][T14454]  ? __pfx__printk+0x10/0x10
[  434.763078][T14454]  ? __might_fault+0xb0/0x130
[  434.763121][T14454]  should_fail_ex+0x414/0x560
[  434.763159][T14454]  _copy_from_user+0x2d/0xb0
[  434.763188][T14454]  ppp_write+0x186/0x400
[  434.763217][T14454]  vfs_writev+0x4b6/0x960
[  434.763244][T14454]  ? __pfx_ppp_write+0x10/0x10
[  434.763271][T14454]  ? __pfx_vfs_writev+0x10/0x10
[  434.763309][T14454]  ? __fget_files+0x2a/0x420
[  434.763336][T14454]  ? __fget_files+0x3a0/0x420
[  434.763354][T14454]  ? __fget_files+0x2a/0x420
[  434.763395][T14454]  __x64_sys_pwritev+0x197/0x2a0
[  434.763430][T14454]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  434.763458][T14454]  ? rcu_is_watching+0x15/0xb0
[  434.763495][T14454]  ? do_syscall_64+0xbe/0x3b0
[  434.763531][T14454]  do_syscall_64+0xfa/0x3b0
[  434.763557][T14454]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.763583][T14454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.763604][T14454]  ? clear_bhb_loop+0x60/0xb0
[  434.763630][T14454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.763647][T14454] RIP: 0033:0x7f530338eb69
[  434.763667][T14454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.763685][T14454] RSP: 002b:00007f5304178038 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  434.763710][T14454] RAX: ffffffffffffffda RBX: 00007f53035b5fa0 RCX: 00007f530338eb69
[  434.763725][T14454] RDX: 0000000000000001 RSI: 0000200000000540 RDI: 0000000000000003
[  434.763738][T14454] RBP: 00007f5304178090 R08: 0000000000000000 R09: 0000000000000000
[  434.763751][T14454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.763762][T14454] R13: 0000000000000000 R14: 00007f53035b5fa0 R15: 00007ffee34e0cd8
[  434.763797][T14454]  </TASK>
[  435.338975][T14476] vlan3: entered promiscuous mode
[  435.736506][T14485] __nla_validate_parse: 4 callbacks suppressed
[  435.736535][T14485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2605'.
[  435.849381][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  435.883950][T14480] sctp: [Deprecated]: syz.3.2604 (pid 14480) Use of int in maxseg socket option.
[  435.883950][T14480] Use struct sctp_assoc_value instead
[  435.954180][T14481] sctp: [Deprecated]: syz.3.2604 (pid 14481) Use of int in maxseg socket option.
[  435.954180][T14481] Use struct sctp_assoc_value instead
[  436.124604][T14489] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3952. macoff=96
[  436.261695][T14493] lo speed is unknown, defaulting to 1000
[  436.439628][T14498] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2610'.
[  436.831283][T14506] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2611'.
[  437.438490][T14495] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2607'.
[  437.491435][T14520] netlink: 'syz.1.2607': attribute type 13 has an invalid length.
[  437.515527][T14520] netlink: 'syz.1.2607': attribute type 17 has an invalid length.
[  437.594591][T14520] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  437.706094][T14493] lo speed is unknown, defaulting to 1000
[  437.919996][T14533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2620'.
[  438.903466][T14548] lo speed is unknown, defaulting to 1000
[  439.155512][T14558] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2626'.
[  439.832661][T14548] lo speed is unknown, defaulting to 1000
[  439.903382][T14573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  440.349614][T14586] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2637'.
[  440.563312][T14593] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2639'.
[  440.625259][T14590] lo speed is unknown, defaulting to 1000
[  440.723746][T14600] netlink: 'syz.0.2642': attribute type 21 has an invalid length.
[  440.791127][T14600] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2642'.
[  440.969987][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  441.086046][T14590] lo speed is unknown, defaulting to 1000
[  441.094761][T14594] lo speed is unknown, defaulting to 1000
[  441.373319][T14607] syzkaller0: entered promiscuous mode
[  441.382031][T14611] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2645'.
[  441.392071][T14607] syzkaller0: entered allmulticast mode
[  441.804875][T14598] netlink: 'syz.1.2640': attribute type 13 has an invalid length.
[  441.816170][T14598] netlink: 'syz.1.2640': attribute type 17 has an invalid length.
[  444.092246][T14611] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2645'.
[  444.179663][T14598] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  444.205690][T14594] lo speed is unknown, defaulting to 1000
[  444.212793][T14605] lo speed is unknown, defaulting to 1000
[  444.223484][T14616] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2646'.
[  444.255962][T14616] bond0: entered promiscuous mode
[  444.265853][T14616] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode
[  444.280138][T14616] bond0: left promiscuous mode
[  444.299375][T14616] mac80211_hwsim hwsim6 wlan1: left promiscuous mode
[  444.374190][T14620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2647'.
[  444.796022][T14631] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2649'.
[  444.875580][T14605] lo speed is unknown, defaulting to 1000
[  444.946479][T14631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2649'.
[  445.014034][T14639] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2652'.
[  445.036274][T14639] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2652'.
[  445.891582][T14647] pimreg3: entered allmulticast mode
[  446.105823][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  446.192492][T14653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2656'.
[  446.363441][T14651] vxcan3: entered allmulticast mode
[  446.716393][T14671] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2660'.
[  447.002801][T14687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2663'.
[  447.020338][T14687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2663'.
[  447.048813][T14685] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.2661'.
[  447.109339][T14687] bridge_slave_0: entered promiscuous mode
[  447.300111][ T5901] IPVS: starting estimator thread 0...
[  447.414962][T14698] IPVS: using max 31 ests per chain, 74400 per kthread
[  447.455713][T14701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2668'.
[  447.477294][T14701] netlink: 'syz.2.2668': attribute type 5 has an invalid length.
[  447.502514][T14701] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2668'.
[  447.660603][T14703] netlink: 'syz.4.2670': attribute type 2 has an invalid length.
[  447.768121][T14707] netlink: 'syz.3.2669': attribute type 4 has an invalid length.
[  447.854466][T14714] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2672'.
[  448.002342][T14720] lo speed is unknown, defaulting to 1000
[  448.082860][T14727] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2676'.
[  448.287542][T14730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  448.530855][T14737] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2678'.
[  448.859501][T14741] FAULT_INJECTION: forcing a failure.
[  448.859501][T14741] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.879644][T14741] CPU: 1 UID: 0 PID: 14741 Comm: syz.4.2682 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  448.879702][T14741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  448.879714][T14741] Call Trace:
[  448.879723][T14741]  <TASK>
[  448.879732][T14741]  dump_stack_lvl+0x189/0x250
[  448.879761][T14741]  ? __pfx____ratelimit+0x10/0x10
[  448.879790][T14741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.879808][T14741]  ? __pfx__printk+0x10/0x10
[  448.879833][T14741]  ? __might_fault+0xb0/0x130
[  448.879871][T14741]  should_fail_ex+0x414/0x560
[  448.879915][T14741]  _copy_from_user+0x2d/0xb0
[  448.879945][T14741]  core_sys_select+0x4b7/0xa20
[  448.879989][T14741]  ? __pfx_core_sys_select+0x10/0x10
[  448.880047][T14741]  ? __pfx_set_user_sigmask+0x10/0x10
[  448.880089][T14741]  __se_sys_pselect6+0x27a/0x300
[  448.880122][T14741]  ? __pfx___se_sys_pselect6+0x10/0x10
[  448.880179][T14741]  ? rcu_is_watching+0x15/0xb0
[  448.880215][T14741]  ? __x64_sys_pselect6+0x21/0xf0
[  448.880249][T14741]  do_syscall_64+0xfa/0x3b0
[  448.880277][T14741]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.880303][T14741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.880322][T14741]  ? clear_bhb_loop+0x60/0xb0
[  448.880346][T14741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.880366][T14741] RIP: 0033:0x7f530338eb69
[  448.880386][T14741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.880403][T14741] RSP: 002b:00007f5304178038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  448.880428][T14741] RAX: ffffffffffffffda RBX: 00007f53035b5fa0 RCX: 00007f530338eb69
[  448.880443][T14741] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  448.880456][T14741] RBP: 00007f5304178090 R08: 0000000000000000 R09: 0000000000000000
[  448.880469][T14741] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  448.880482][T14741] R13: 0000000000000000 R14: 00007f53035b5fa0 R15: 00007ffee34e0cd8
[  448.880516][T14741]  </TASK>
[  449.171380][T14750] netlink: 'syz.3.2675': attribute type 13 has an invalid length.
[  449.179868][T14750] netlink: 'syz.3.2675': attribute type 17 has an invalid length.
[  449.186865][T14720] lo speed is unknown, defaulting to 1000
[  449.235341][T14750] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  449.896925][T14774] netlink: 'syz.2.2691': attribute type 1 has an invalid length.
[  449.951883][T14777] netlink: 'syz.3.2693': attribute type 10 has an invalid length.
[  449.975729][T14777] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  450.012147][T14777] 8021q: adding VLAN 0 to HW filter on device bond0
[  450.084429][T14777] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  450.135608][T14783] netlink: 'syz.0.2694': attribute type 21 has an invalid length.
[  450.151799][T14783] netlink: 'syz.0.2694': attribute type 1 has an invalid length.
[  450.345283][T14787] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 36506 - 0
[  450.366945][T14787] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 59007 - 0
[  450.447348][T14792] vlan2: entered promiscuous mode
[  450.568619][T14787] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 36506 - 0
[  450.589415][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  450.605348][T14787] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 59007 - 0
[  450.773517][T14799] vlan2: entered promiscuous mode
[  450.865009][T14787] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 36506 - 0
[  450.923550][T14787] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 59007 - 0
[  451.125431][T14787] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 36506 - 0
[  451.149912][T14787] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 59007 - 0
[  451.321266][ T1014] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 59007 - 0
[  451.339011][ T1014] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 36506 - 0
[  451.367986][ T1014] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 59007 - 0
[  451.374434][T14824] __nla_validate_parse: 8 callbacks suppressed
[  451.374459][T14824] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2709'.
[  451.394681][ T1014] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 36506 - 0
[  451.417771][   T13] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 59007 - 0
[  451.431301][   T13] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 36506 - 0
[  451.485681][T14826] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2710'.
[  451.495965][   T37] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 59007 - 0
[  451.496008][   T37] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 36506 - 0
[  451.667293][T14833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2711'.
[  451.691380][T14836] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2714'.
[  451.968540][T14846] netlink: 'syz.4.2716': attribute type 21 has an invalid length.
[  451.990221][T14846] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2716'.
[  452.124742][T14849] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2717'.
[  452.488783][T14871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2725'.
[  452.502573][T14871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2725'.
[  452.525529][T14871] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2725'.
[  452.547383][T14871] veth1_to_bond: entered allmulticast mode
[  452.556472][T14871] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2725'.
[  452.611639][T14871] bond0: (slave bond_slave_1): Releasing backup interface
[  452.674497][T14871] veth1_to_bond (unregistering): left allmulticast mode
[  453.241028][T14883] lo speed is unknown, defaulting to 1000
[  454.507842][T14883] lo speed is unknown, defaulting to 1000
[  455.406344][T14927] bond0: entered promiscuous mode
[  455.427004][T14927] bond_slave_0: entered promiscuous mode
[  455.439635][T14927] v: entered promiscuous mode
[  455.451372][T14927] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  455.472925][T14927] bond0: left promiscuous mode
[  455.488019][T14927] bond_slave_0: left promiscuous mode
[  455.500948][T14927] v: left promiscuous mode
[  455.514548][T14927] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  456.095627][T14942] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  456.123213][T14942] syzkaller0: entered promiscuous mode
[  456.129033][T14942] syzkaller0: entered allmulticast mode
[  456.192727][T14942] tipc: Resetting bearer <eth:syzkaller0>
[  456.739034][T14940] tipc: Resetting bearer <eth:syzkaller0>
[  456.788643][T14940] tipc: Disabling bearer <eth:syzkaller0>
[  456.930198][T14962] FAULT_INJECTION: forcing a failure.
[  456.930198][T14962] name failslab, interval 1, probability 0, space 0, times 0
[  456.969363][T14962] CPU: 0 UID: 0 PID: 14962 Comm: syz.3.2757 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  456.969396][T14962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  456.969409][T14962] Call Trace:
[  456.969417][T14962]  <TASK>
[  456.969426][T14962]  dump_stack_lvl+0x189/0x250
[  456.969455][T14962]  ? __pfx____ratelimit+0x10/0x10
[  456.969493][T14962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  456.969515][T14962]  ? __pfx__printk+0x10/0x10
[  456.969547][T14962]  ? __pfx___might_resched+0x10/0x10
[  456.969575][T14962]  ? fs_reclaim_acquire+0x7d/0x100
[  456.969603][T14962]  should_fail_ex+0x414/0x560
[  456.969640][T14962]  should_failslab+0xa8/0x100
[  456.969662][T14962]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  456.969692][T14962]  ? __alloc_skb+0x112/0x2d0
[  456.969728][T14962]  __alloc_skb+0x112/0x2d0
[  456.969762][T14962]  netlink_ack+0x146/0xa50
[  456.969787][T14962]  ? __pfx_genl_rcv_msg+0x10/0x10
[  456.969808][T14962]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  456.969830][T14962]  ? __pfx_nl80211_post_doit+0x10/0x10
[  456.969853][T14962]  ? __asan_memcpy+0x40/0x70
[  456.969879][T14962]  ? __pfx_ref_tracker_free+0x10/0x10
[  456.969911][T14962]  netlink_rcv_skb+0x28c/0x470
[  456.969937][T14962]  ? __lock_acquire+0xab9/0xd20
[  456.969965][T14962]  ? __pfx_genl_rcv_msg+0x10/0x10
[  456.969990][T14962]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  456.970044][T14962]  ? down_read+0x1ad/0x2e0
[  456.970068][T14962]  genl_rcv+0x28/0x40
[  456.970089][T14962]  netlink_unicast+0x82c/0x9e0
[  456.970127][T14962]  ? __pfx_netlink_unicast+0x10/0x10
[  456.970156][T14962]  ? netlink_sendmsg+0x642/0xb30
[  456.970183][T14962]  ? skb_put+0x11b/0x210
[  456.970207][T14962]  netlink_sendmsg+0x805/0xb30
[  456.970247][T14962]  ? __pfx_netlink_sendmsg+0x10/0x10
[  456.970281][T14962]  ? aa_sock_msg_perm+0x94/0x160
[  456.970310][T14962]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  456.970333][T14962]  ? __pfx_netlink_sendmsg+0x10/0x10
[  456.970365][T14962]  __sock_sendmsg+0x219/0x270
[  456.970396][T14962]  ____sys_sendmsg+0x505/0x830
[  456.970426][T14962]  ? __pfx_____sys_sendmsg+0x10/0x10
[  456.970460][T14962]  ? import_iovec+0x74/0xa0
[  456.970502][T14962]  ___sys_sendmsg+0x21f/0x2a0
[  456.970526][T14962]  ? __pfx____sys_sendmsg+0x10/0x10
[  456.970596][T14962]  ? __fget_files+0x2a/0x420
[  456.970615][T14962]  ? __fget_files+0x3a0/0x420
[  456.970649][T14962]  __x64_sys_sendmsg+0x19b/0x260
[  456.970674][T14962]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  456.970708][T14962]  ? __pfx_ksys_write+0x10/0x10
[  456.970734][T14962]  ? rcu_is_watching+0x15/0xb0
[  456.970772][T14962]  ? do_syscall_64+0xbe/0x3b0
[  456.970807][T14962]  do_syscall_64+0xfa/0x3b0
[  456.970834][T14962]  ? lockdep_hardirqs_on+0x9c/0x150
[  456.970862][T14962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.970883][T14962]  ? clear_bhb_loop+0x60/0xb0
[  456.970909][T14962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.970928][T14962] RIP: 0033:0x7f595ad8eb69
[  456.970947][T14962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.970966][T14962] RSP: 002b:00007f595bb59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  456.970990][T14962] RAX: ffffffffffffffda RBX: 00007f595afb5fa0 RCX: 00007f595ad8eb69
[  456.971005][T14962] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  456.971018][T14962] RBP: 00007f595bb59090 R08: 0000000000000000 R09: 0000000000000000
[  456.971031][T14962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.971043][T14962] R13: 0000000000000000 R14: 00007f595afb5fa0 R15: 00007ffd36dd1cb8
[  456.971078][T14962]  </TASK>
[  457.396901][T14965] __nla_validate_parse: 5 callbacks suppressed
[  457.396925][T14965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2759'.
[  457.564030][T14970] netlink: 'syz.4.2758': attribute type 4 has an invalid length.
[  457.929905][T14984] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2763'.
[  458.004553][T14986] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2765'.
[  458.220617][T14993] sctp: [Deprecated]: syz.0.2768 (pid 14993) Use of int in max_burst socket option.
[  458.220617][T14993] Use struct sctp_assoc_value instead
[  458.284473][T14996] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2770'.
[  458.455813][T15005] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2773'.
[  458.750836][T15015] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2778'.
[  459.066473][T15034] netlink: 'syz.3.2781': attribute type 1 has an invalid length.
[  459.352008][T15048] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2785'.
[  459.642065][T15051] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2787'.
[  459.672619][T15053] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2788'.
[  459.783113][T15020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  459.864066][T15061] netlink: 'syz.4.2789': attribute type 1 has an invalid length.
[  459.970736][ T9067] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  460.059989][ T9067] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  460.182606][T15061] 8021q: adding VLAN 0 to HW filter on device bond5
[  460.191990][T15067] syzkaller0: entered promiscuous mode
[  460.198097][T15067] syzkaller0: entered allmulticast mode
[  460.281072][T15057] netlink: 'syz.0.2786': attribute type 2 has an invalid length.
[  460.306859][T15057] netlink: 'syz.0.2786': attribute type 1 has an invalid length.
[  460.492685][T15083] netlink: 'syz.2.2796': attribute type 10 has an invalid length.
[  460.542537][T15083] 8021q: adding VLAN 0 to HW filter on device bond0
[  460.583886][T15083] team0: Port device bond0 added
[  460.676309][T15088] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  460.696960][T15085] syzkaller0: entered promiscuous mode
[  460.717839][T15085] syzkaller0: entered allmulticast mode
[  460.835106][T15085] tipc: Resetting bearer <eth:syzkaller0>
[  460.880309][T15100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  460.927244][T15084] tipc: Resetting bearer <eth:syzkaller0>
[  461.002004][T15084] tipc: Disabling bearer <eth:syzkaller0>
[  461.839837][T15125] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2809'.
[  461.910400][T15127] netlink: 'syz.2.2810': attribute type 3 has an invalid length.
[  462.140177][T15131] FAULT_INJECTION: forcing a failure.
[  462.140177][T15131] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  462.178693][T15130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  462.199363][T15131] CPU: 0 UID: 0 PID: 15131 Comm: syz.1.2812 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  462.199399][T15131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  462.199423][T15131] Call Trace:
[  462.199431][T15131]  <TASK>
[  462.199440][T15131]  dump_stack_lvl+0x189/0x250
[  462.199470][T15131]  ? __pfx____ratelimit+0x10/0x10
[  462.199499][T15131]  ? __pfx_dump_stack_lvl+0x10/0x10
[  462.199520][T15131]  ? __pfx__printk+0x10/0x10
[  462.199546][T15131]  ? fs_reclaim_acquire+0x7d/0x100
[  462.199578][T15131]  should_fail_ex+0x414/0x560
[  462.199615][T15131]  prepare_alloc_pages+0x213/0x610
[  462.199647][T15131]  __alloc_frozen_pages_noprof+0x123/0x370
[  462.199676][T15131]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  462.199704][T15131]  ? kfree+0x18e/0x440
[  462.199728][T15131]  ? __scm_recv_common+0x4d3/0x610
[  462.199752][T15131]  ? scm_recv_unix+0xab/0x360
[  462.199774][T15131]  ? unix_stream_read_generic+0x2150/0x2480
[  462.199799][T15131]  ? policy_nodemask+0x27c/0x720
[  462.199824][T15131]  ? __x64_sys_recvmmsg+0x190/0x240
[  462.199844][T15131]  ? do_syscall_64+0xfa/0x3b0
[  462.199870][T15131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.199894][T15131]  alloc_pages_mpol+0x232/0x4a0
[  462.199929][T15131]  vma_alloc_folio_noprof+0xe4/0x200
[  462.199963][T15131]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  462.200008][T15131]  folio_prealloc+0x30/0x180
[  462.200064][T15131]  do_wp_page+0x1231/0x5800
[  462.200119][T15131]  ? __pfx_do_wp_page+0x10/0x10
[  462.200142][T15131]  ? do_raw_spin_lock+0x121/0x290
[  462.200168][T15131]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  462.200204][T15131]  __handle_mm_fault+0x1144/0x5620
[  462.200263][T15131]  ? __pfx___handle_mm_fault+0x10/0x10
[  462.200316][T15131]  ? find_vma+0xe7/0x160
[  462.200343][T15131]  ? __pfx_find_vma+0x10/0x10
[  462.200374][T15131]  handle_mm_fault+0x40a/0x8e0
[  462.200424][T15131]  do_user_addr_fault+0x764/0x1390
[  462.200473][T15131]  exc_page_fault+0x76/0xf0
[  462.200505][T15131]  asm_exc_page_fault+0x26/0x30
[  462.200524][T15131] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  462.200555][T15131] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca e9 51 45 03 00 90 90 90 90 90 90 90 90 90 90
[  462.200573][T15131] RSP: 0018:ffffc9000b1d78b8 EFLAGS: 00050202
[  462.200594][T15131] RAX: 0000000000000008 RBX: 0000000000000008 RCX: 0000200000001170
[  462.200608][T15131] RDX: ffff88802f211e00 RSI: 0000000000000002 RDI: 00000000ffffffff
[  462.200623][T15131] RBP: ffffc9000b1d7a30 R08: ffffffff8fa07af7 R09: 1ffffffff1f40f5e
[  462.200638][T15131] R10: dffffc0000000000 R11: fffffbfff1f40f5f R12: 0000000000000002
[  462.200651][T15131] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000200000001140
[  462.200686][T15131]  ____sys_recvmsg+0x2ab/0x460
[  462.200719][T15131]  ? __pfx_____sys_recvmsg+0x10/0x10
[  462.200759][T15131]  ? import_iovec+0x74/0xa0
[  462.200792][T15131]  ___sys_recvmsg+0x1b5/0x510
[  462.200821][T15131]  ? __pfx____sys_recvmsg+0x10/0x10
[  462.200875][T15131]  ? __fget_files+0x3a0/0x420
[  462.200909][T15131]  do_recvmmsg+0x307/0x770
[  462.200942][T15131]  ? __pfx_do_recvmmsg+0x10/0x10
[  462.200980][T15131]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  462.201032][T15131]  __x64_sys_recvmmsg+0x190/0x240
[  462.201059][T15131]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  462.201078][T15131]  ? rcu_is_watching+0x15/0xb0
[  462.201116][T15131]  ? do_syscall_64+0xbe/0x3b0
[  462.201148][T15131]  do_syscall_64+0xfa/0x3b0
[  462.201173][T15131]  ? lockdep_hardirqs_on+0x9c/0x150
[  462.201200][T15131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.201220][T15131]  ? clear_bhb_loop+0x60/0xb0
[  462.201245][T15131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.201263][T15131] RIP: 0033:0x7fb4b8f8eb69
[  462.201281][T15131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.201298][T15131] RSP: 002b:00007fb4b9e7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  462.201319][T15131] RAX: ffffffffffffffda RBX: 00007fb4b91b5fa0 RCX: 00007fb4b8f8eb69
[  462.201332][T15131] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  462.201344][T15131] RBP: 00007fb4b9e7f090 R08: 0000000000000000 R09: 0000000000000000
[  462.201356][T15131] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  462.201368][T15131] R13: 0000000000000000 R14: 00007fb4b91b5fa0 R15: 00007ffe32a214e8
[  462.201402][T15131]  </TASK>
[  462.928689][ T5852] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  462.949651][ T5852] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  462.960057][ T5852] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  462.972719][T15144] __nla_validate_parse: 1 callbacks suppressed
[  462.972744][T15144] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2815'.
[  463.009618][ T5852] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  463.018831][ T5852] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  463.358048][T15149] Set syz1 is full, maxelem 65536 reached
[  463.388817][T15148] geneve4: left promiscuous mode
[  463.413236][T15148] geneve4: left allmulticast mode
[  463.578301][T15146] vlan4: entered promiscuous mode
[  463.660241][ T1014] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 59007 - 0
[  463.684695][ T1014] netdevsim netdevsim4 eth0: unset [1, 1] type 2 family 0 port 36506 - 0
[  463.718856][ T1014] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 59007 - 0
[  463.745031][ T1014] netdevsim netdevsim4 eth1: unset [1, 1] type 2 family 0 port 36506 - 0
[  463.767485][ T1014] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 59007 - 0
[  463.815385][ T1014] netdevsim netdevsim4 eth2: unset [1, 1] type 2 family 0 port 36506 - 0
[  463.856822][ T1014] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 59007 - 0
[  463.906884][ T1014] netdevsim netdevsim4 eth3: unset [1, 1] type 2 family 0 port 36506 - 0
[  463.977077][T15141] lo speed is unknown, defaulting to 1000
[  464.049721][T15159] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2822'.
[  464.288904][T15166] vlan4: entered promiscuous mode
[  464.635311][T15174] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2826'.
[  464.659652][T15176] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2827'.
[  464.773153][T15141] lo speed is unknown, defaulting to 1000
[  465.129699][ T5852] Bluetooth: hci5: command tx timeout
[  465.269006][T15190] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2833'.
[  465.473729][T15141] chnl_net:caif_netlink_parms(): no params data found
[  465.548527][T15193] vlan4: entered promiscuous mode
[  466.057880][T15141] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.069470][T15141] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.077207][T15141] bridge_slave_0: entered allmulticast mode
[  466.102161][T15141] bridge_slave_0: entered promiscuous mode
[  466.110107][T15215] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2839'.
[  466.127674][T15141] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.155569][T15141] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.184413][T15141] bridge_slave_1: entered allmulticast mode
[  466.212443][T15141] bridge_slave_1: entered promiscuous mode
[  466.368372][T15141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  466.441841][T15141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  466.500722][T15223] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2843'.
[  466.627337][T15141] team0: Port device team_slave_0 added
[  466.653899][T15141] team0: Port device team_slave_1 added
[  466.892878][T15141] batman_adv: batadv0: Adding interface: batadv_slave_0
[  466.914434][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.994026][T15141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  467.033503][T15141] batman_adv: batadv0: Adding interface: batadv_slave_1
[  467.050630][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  467.107623][T15141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  467.209556][ T5852] Bluetooth: hci5: command tx timeout
[  467.322614][T15141] hsr_slave_0: entered promiscuous mode
[  467.343044][T15141] hsr_slave_1: entered promiscuous mode
[  467.360870][T15141] debugfs: 'hsr0' already exists in 'hsr'
[  467.366991][T15141] Cannot create hsr debugfs directory
[  468.473060][T15141] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  468.544675][T15257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2853'.
[  468.734185][T15141] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  468.983800][T15141] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.299552][ T5852] Bluetooth: hci5: command tx timeout
[  471.370186][ T5852] Bluetooth: hci5: command tx timeout
[  471.940830][T15141] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.187314][T15295] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2866'.
[  472.614270][T15309] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2871'.
[  472.706052][T15141] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  472.739663][T15141] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  472.827772][T15141] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  472.888897][T15141] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  473.046957][T15316] wg2: entered promiscuous mode
[  473.075991][T15316] wg2: entered allmulticast mode
[  473.485524][T15141] 8021q: adding VLAN 0 to HW filter on device bond0
[  473.562983][T15141] 8021q: adding VLAN 0 to HW filter on device team0
[  473.593485][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  473.601098][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  473.621703][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  473.629444][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  474.014271][T15339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  474.220855][T15344] lo speed is unknown, defaulting to 1000
[  474.430823][T15351] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2881'.
[  474.474830][T15351] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2881'.
[  474.520988][T15141] 8021q: adding VLAN 0 to HW filter on device batadv0
[  474.542824][T15355] veth1_macvtap: left promiscuous mode
[  474.549115][T15355] macsec0: entered promiscuous mode
[  474.713499][T15358] sch_tbf: burst 19869 is lower than device lo mtu (11337746) !
[  474.768316][T15362] FAULT_INJECTION: forcing a failure.
[  474.768316][T15362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.827000][T15357] sch_tbf: burst 19869 is lower than device lo mtu (11337746) !
[  474.829447][T15362] CPU: 0 UID: 0 PID: 15362 Comm: syz.1.2884 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  474.829477][T15362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  474.829489][T15362] Call Trace:
[  474.829497][T15362]  <TASK>
[  474.829506][T15362]  dump_stack_lvl+0x189/0x250
[  474.829535][T15362]  ? __pfx____ratelimit+0x10/0x10
[  474.829563][T15362]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.829582][T15362]  ? __pfx__printk+0x10/0x10
[  474.829604][T15362]  ? __might_fault+0xb0/0x130
[  474.829642][T15362]  should_fail_ex+0x414/0x560
[  474.829677][T15362]  _copy_from_iter+0x1db/0x16f0
[  474.829706][T15362]  ? rcu_is_watching+0x15/0xb0
[  474.829735][T15362]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  474.829764][T15362]  ? __pfx__copy_from_iter+0x10/0x10
[  474.829788][T15362]  ? __build_skb_around+0x257/0x3e0
[  474.829819][T15362]  ? netlink_sendmsg+0x642/0xb30
[  474.829844][T15362]  ? skb_put+0x11b/0x210
[  474.829865][T15362]  netlink_sendmsg+0x6b2/0xb30
[  474.829901][T15362]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.829931][T15362]  ? aa_sock_msg_perm+0x94/0x160
[  474.829956][T15362]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  474.829978][T15362]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.830005][T15362]  __sock_sendmsg+0x219/0x270
[  474.830032][T15362]  ____sys_sendmsg+0x505/0x830
[  474.830057][T15362]  ? __pfx_____sys_sendmsg+0x10/0x10
[  474.830086][T15362]  ? import_iovec+0x74/0xa0
[  474.830113][T15362]  ___sys_sendmsg+0x21f/0x2a0
[  474.830135][T15362]  ? __pfx____sys_sendmsg+0x10/0x10
[  474.830191][T15362]  ? __fget_files+0x2a/0x420
[  474.830208][T15362]  ? __fget_files+0x3a0/0x420
[  474.830236][T15362]  __x64_sys_sendmsg+0x19b/0x260
[  474.830258][T15362]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  474.830287][T15362]  ? __pfx_ksys_write+0x10/0x10
[  474.830310][T15362]  ? rcu_is_watching+0x15/0xb0
[  474.830370][T15362]  ? do_syscall_64+0xbe/0x3b0
[  474.830412][T15362]  do_syscall_64+0xfa/0x3b0
[  474.830435][T15362]  ? lockdep_hardirqs_on+0x9c/0x150
[  474.830459][T15362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.830477][T15362]  ? clear_bhb_loop+0x60/0xb0
[  474.830499][T15362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.830516][T15362] RIP: 0033:0x7fb4b8f8eb69
[  474.830533][T15362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.830549][T15362] RSP: 002b:00007fb4b9e7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  474.830571][T15362] RAX: ffffffffffffffda RBX: 00007fb4b91b5fa0 RCX: 00007fb4b8f8eb69
[  474.830585][T15362] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000003
[  474.830596][T15362] RBP: 00007fb4b9e7f090 R08: 0000000000000000 R09: 0000000000000000
[  474.830607][T15362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.830618][T15362] R13: 0000000000000000 R14: 00007fb4b91b5fa0 R15: 00007ffe32a214e8
[  474.830647][T15362]  </TASK>
[  474.952599][T15366] netlink: 'syz.1.2885': attribute type 39 has an invalid length.
[  475.061517][T15141] veth0_vlan: entered promiscuous mode
[  475.209525][T15344] lo speed is unknown, defaulting to 1000
[  475.286185][T15368] batman_adv: batadv0: Adding interface: vxlan0
[  475.299316][T15368] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  475.328906][T15368] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active
[  475.399099][T15141] veth1_vlan: entered promiscuous mode
[  475.413856][T15374] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2888'.
[  475.437038][T15372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2887'.
[  476.031045][T15141] veth0_macvtap: entered promiscuous mode
[  476.070857][T15141] veth1_macvtap: entered promiscuous mode
[  476.145959][T15141] batman_adv: batadv0: Interface activated: batadv_slave_0
[  476.196752][T15141] batman_adv: batadv0: Interface activated: batadv_slave_1
[  476.250301][ T1014] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  476.300636][ T1014] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  476.365318][T15394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  476.389413][ T1014] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  476.411202][T15396] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2893'.
[  476.465905][ T1014] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  476.497112][T15396] batadv1: entered promiscuous mode
[  476.517383][T15396] batadv1: entered allmulticast mode
[  476.601119][T15399] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2893'.
[  476.745548][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  476.756688][T15405] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2895'.
[  476.765642][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  476.800468][T15405] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2895'.
[  476.878862][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  476.901143][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  476.968199][T15409] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2897'.
[  477.146048][T15417] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2807'.
[  477.161795][T15417] netlink: 'syz.3.2807': attribute type 19 has an invalid length.
[  477.440238][T15421] netlink: 'syz.1.2902': attribute type 2 has an invalid length.
[  477.469681][T15421] netlink: 'syz.1.2902': attribute type 1 has an invalid length.
[  478.264385][T15449] batadv0: entered promiscuous mode
[  478.285369][T15449] vlan2: entered promiscuous mode
[  478.371660][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  478.397781][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  478.429775][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  478.442206][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  478.450731][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  478.562289][T15460] FAULT_INJECTION: forcing a failure.
[  478.562289][T15460] name failslab, interval 1, probability 0, space 0, times 0
[  478.583251][T15460] CPU: 0 UID: 0 PID: 15460 Comm: syz.1.2910 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  478.583284][T15460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  478.583296][T15460] Call Trace:
[  478.583303][T15460]  <TASK>
[  478.583313][T15460]  dump_stack_lvl+0x189/0x250
[  478.583342][T15460]  ? __pfx____ratelimit+0x10/0x10
[  478.583370][T15460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.583391][T15460]  ? __pfx__printk+0x10/0x10
[  478.583431][T15460]  ? __pfx___might_resched+0x10/0x10
[  478.583459][T15460]  ? fs_reclaim_acquire+0x7d/0x100
[  478.583486][T15460]  should_fail_ex+0x414/0x560
[  478.583521][T15460]  should_failslab+0xa8/0x100
[  478.583543][T15460]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  478.583573][T15460]  ? scm_fp_dup+0x5e/0x3c0
[  478.583603][T15460]  kmemdup_noprof+0x2b/0x70
[  478.583628][T15460]  scm_fp_dup+0x5e/0x3c0
[  478.583650][T15460]  ? unix_stream_read_actor+0x77/0xb0
[  478.583676][T15460]  unix_stream_read_generic+0xb3f/0x2480
[  478.583739][T15460]  ? __pfx_unix_stream_read_generic+0x10/0x10
[  478.583763][T15460]  ? __pfx___up_read+0x10/0x10
[  478.583786][T15460]  ? do_user_addr_fault+0xbc1/0x1390
[  478.583822][T15460]  ? do_user_addr_fault+0xc8a/0x1390
[  478.583859][T15460]  unix_stream_recvmsg+0x15d/0x1b0
[  478.583881][T15460]  ? irqentry_exit+0x74/0x90
[  478.583911][T15460]  ? __pfx_unix_stream_recvmsg+0x10/0x10
[  478.583933][T15460]  ? __pfx_unix_stream_read_actor+0x10/0x10
[  478.583965][T15460]  ? __pfx_unix_stream_recvmsg+0x10/0x10
[  478.583989][T15460]  sock_recvmsg_nosec+0x186/0x1c0
[  478.584018][T15460]  ____sys_recvmsg+0x3aa/0x460
[  478.584049][T15460]  ? __pfx_____sys_recvmsg+0x10/0x10
[  478.584086][T15460]  ? import_iovec+0x74/0xa0
[  478.584117][T15460]  ___sys_recvmsg+0x1b5/0x510
[  478.584145][T15460]  ? __pfx____sys_recvmsg+0x10/0x10
[  478.584203][T15460]  ? __might_fault+0xb0/0x130
[  478.584238][T15460]  do_recvmmsg+0x307/0x770
[  478.584270][T15460]  ? __pfx_do_recvmmsg+0x10/0x10
[  478.584306][T15460]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  478.584356][T15460]  __x64_sys_recvmmsg+0x190/0x240
[  478.584381][T15460]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  478.584474][T15460]  ? rcu_is_watching+0x15/0xb0
[  478.584513][T15460]  ? do_syscall_64+0xbe/0x3b0
[  478.584547][T15460]  do_syscall_64+0xfa/0x3b0
[  478.584571][T15460]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.584597][T15460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.584618][T15460]  ? clear_bhb_loop+0x60/0xb0
[  478.584643][T15460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.584661][T15460] RIP: 0033:0x7fb4b8f8eb69
[  478.584681][T15460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.584699][T15460] RSP: 002b:00007fb4b9e7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  478.584724][T15460] RAX: ffffffffffffffda RBX: 00007fb4b91b5fa0 RCX: 00007fb4b8f8eb69
[  478.584740][T15460] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  478.584753][T15460] RBP: 00007fb4b9e7f090 R08: 0000000000000000 R09: 0000000000000000
[  478.584766][T15460] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  478.584778][T15460] R13: 0000000000000000 R14: 00007fb4b91b5fa0 R15: 00007ffe32a214e8
[  478.584813][T15460]  </TASK>
[  479.085303][T15456] vlan2: entered promiscuous mode
[  479.220477][T15453] lo speed is unknown, defaulting to 1000
[  479.543492][T15476] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4)
[  479.753750][T15453] lo speed is unknown, defaulting to 1000
[  479.761523][T15483] wg1 speed is unknown, defaulting to 1000
[  479.778723][T15483] wg1 speed is unknown, defaulting to 1000
[  479.800273][T15483] wg1 speed is unknown, defaulting to 1000
[  480.256726][T15483] infiniband syz1: set down
[  480.266056][T15483] infiniband syz1: added wg1
[  480.273127][ T5901] wg1 speed is unknown, defaulting to 1000
[  480.322885][T15453] chnl_net:caif_netlink_parms(): no params data found
[  480.344660][T15483] RDS/IB: syz1: added
[  480.350127][T15483] smc: adding ib device syz1 with port count 1
[  480.357010][T15483] smc:    ib device syz1 port 1 has pnetid 
[  480.376205][T15499] __nla_validate_parse: 5 callbacks suppressed
[  480.376232][T15499] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2922'.
[  480.386382][T15483] wg1 speed is unknown, defaulting to 1000
[  480.445432][ T9068] wg1 speed is unknown, defaulting to 1000
[  480.569898][ T5852] Bluetooth: hci1: command tx timeout
[  480.591879][T15502] FAULT_INJECTION: forcing a failure.
[  480.591879][T15502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.649517][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  480.657553][T15502] CPU: 0 UID: 0 PID: 15502 Comm: syz.1.2923 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  480.657588][T15502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  480.657599][T15502] Call Trace:
[  480.657608][T15502]  <TASK>
[  480.657617][T15502]  dump_stack_lvl+0x189/0x250
[  480.657654][T15502]  ? __pfx____ratelimit+0x10/0x10
[  480.657681][T15502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.657700][T15502]  ? __pfx__printk+0x10/0x10
[  480.657722][T15502]  ? __might_fault+0xb0/0x130
[  480.657760][T15502]  should_fail_ex+0x414/0x560
[  480.657795][T15502]  _copy_from_user+0x2d/0xb0
[  480.657823][T15502]  ___sys_recvmsg+0x12e/0x510
[  480.657850][T15502]  ? __pfx____sys_recvmsg+0x10/0x10
[  480.657902][T15502]  ? __might_fault+0xb0/0x130
[  480.657932][T15502]  do_recvmmsg+0x307/0x770
[  480.657961][T15502]  ? __pfx_do_recvmmsg+0x10/0x10
[  480.657993][T15502]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  480.658038][T15502]  __x64_sys_recvmmsg+0x190/0x240
[  480.658061][T15502]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  480.658079][T15502]  ? rcu_is_watching+0x15/0xb0
[  480.658113][T15502]  ? do_syscall_64+0xbe/0x3b0
[  480.658143][T15502]  do_syscall_64+0xfa/0x3b0
[  480.658168][T15502]  ? lockdep_hardirqs_on+0x9c/0x150
[  480.658192][T15502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.658210][T15502]  ? clear_bhb_loop+0x60/0xb0
[  480.658232][T15502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.658249][T15502] RIP: 0033:0x7fb4b8f8eb69
[  480.658268][T15502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.658292][T15502] RSP: 002b:00007fb4b9e7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  480.658313][T15502] RAX: ffffffffffffffda RBX: 00007fb4b91b5fa0 RCX: 00007fb4b8f8eb69
[  480.658326][T15502] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  480.658338][T15502] RBP: 00007fb4b9e7f090 R08: 0000000000000000 R09: 0000000000000000
[  480.658348][T15502] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  480.658359][T15502] R13: 0000000000000000 R14: 00007fb4b91b5fa0 R15: 00007ffe32a214e8
[  480.658389][T15502]  </TASK>
[  480.850056][T15505] netlink: 'syz.3.2924': attribute type 2 has an invalid length.
[  481.129063][T15483] wg1 speed is unknown, defaulting to 1000
[  481.419644][T15453] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.462587][T15453] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.500267][T15453] bridge_slave_0: entered allmulticast mode
[  481.550265][T15453] bridge_slave_0: entered promiscuous mode
[  481.572092][T15453] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.595163][T15453] bridge0: port 2(bridge_slave_1) entered disabled state
[  481.605242][T15453] bridge_slave_1: entered allmulticast mode
[  481.626176][T15453] bridge_slave_1: entered promiscuous mode
[  481.731073][T15520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2928'.
[  481.886079][T15453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  481.935875][T15453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  481.970105][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  482.113131][T15483] wg1 speed is unknown, defaulting to 1000
[  482.131527][T15453] team0: Port device team_slave_0 added
[  482.171989][T15453] team0: Port device team_slave_1 added
[  482.228842][T15526] netlink: 'syz.1.2931': attribute type 10 has an invalid length.
[  482.256900][T15526] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2931'.
[  482.321102][T15528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2931'.
[  482.321523][T15453] batman_adv: batadv0: Adding interface: batadv_slave_0
[  482.354615][T15529] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2932'.
[  482.369284][T15453] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  482.429344][T15453] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  482.467442][T15526] netlink: 'syz.1.2931': attribute type 3 has an invalid length.
[  482.508504][T15526] netlink: 220 bytes leftover after parsing attributes in process `syz.1.2931'.
[  482.520742][T15453] batman_adv: batadv0: Adding interface: batadv_slave_1
[  482.542857][T15453] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  482.649370][ T5852] Bluetooth: hci1: command tx timeout
[  482.651296][T15453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  482.968204][T15541] netlink: 'syz.1.2935': attribute type 1 has an invalid length.
[  482.978943][T15453] hsr_slave_0: entered promiscuous mode
[  482.986926][T15453] hsr_slave_1: entered promiscuous mode
[  482.994027][T15541] netlink: 236 bytes leftover after parsing attributes in process `syz.1.2935'.
[  483.006869][T15453] debugfs: 'hsr0' already exists in 'hsr'
[  483.018409][T15453] Cannot create hsr debugfs directory
[  483.019021][T15542] netlink: 'syz.1.2935': attribute type 1 has an invalid length.
[  483.049824][T15542] netlink: 236 bytes leftover after parsing attributes in process `syz.1.2935'.
[  483.057176][T15538] lo speed is unknown, defaulting to 1000
[  483.060645][T15483] wg1 speed is unknown, defaulting to 1000
[  483.388008][T15538] lo speed is unknown, defaulting to 1000
[  483.974310][T15538] wg1 speed is unknown, defaulting to 1000
[  484.452437][T15453] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  484.477192][T15453] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  484.522217][T15453] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  484.533849][T15556] FAULT_INJECTION: forcing a failure.
[  484.533849][T15556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  484.539000][T15453] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  484.585372][T15483] wg1 speed is unknown, defaulting to 1000
[  484.598603][T15556] CPU: 1 UID: 0 PID: 15556 Comm: syz.1.2939 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  484.598640][T15556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  484.598653][T15556] Call Trace:
[  484.598663][T15556]  <TASK>
[  484.598673][T15556]  dump_stack_lvl+0x189/0x250
[  484.598705][T15556]  ? __pfx____ratelimit+0x10/0x10
[  484.598735][T15556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.598756][T15556]  ? __pfx__printk+0x10/0x10
[  484.598783][T15556]  ? __might_fault+0xb0/0x130
[  484.598827][T15556]  should_fail_ex+0x414/0x560
[  484.598865][T15556]  _copy_from_user+0x2d/0xb0
[  484.598893][T15556]  __sys_bpf+0x1ed/0x870
[  484.598923][T15556]  ? __pfx___sys_bpf+0x10/0x10
[  484.598964][T15556]  ? ksys_write+0x22a/0x250
[  484.598996][T15556]  ? __pfx_ksys_write+0x10/0x10
[  484.599020][T15556]  ? rcu_is_watching+0x15/0xb0
[  484.599060][T15556]  __x64_sys_bpf+0x7c/0x90
[  484.599087][T15556]  do_syscall_64+0xfa/0x3b0
[  484.599126][T15556]  ? lockdep_hardirqs_on+0x9c/0x150
[  484.599159][T15556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.599177][T15556]  ? clear_bhb_loop+0x60/0xb0
[  484.599202][T15556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.599220][T15556] RIP: 0033:0x7fb4b8f8eb69
[  484.599238][T15556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  484.599254][T15556] RSP: 002b:00007fb4b9e7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  484.599277][T15556] RAX: ffffffffffffffda RBX: 00007fb4b91b5fa0 RCX: 00007fb4b8f8eb69
[  484.599291][T15556] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  484.599304][T15556] RBP: 00007fb4b9e7f090 R08: 0000000000000000 R09: 0000000000000000
[  484.599317][T15556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  484.599329][T15556] R13: 0000000000000000 R14: 00007fb4b91b5fa0 R15: 00007ffe32a214e8
[  484.599362][T15556]  </TASK>
[  484.821938][ T5852] Bluetooth: hci1: command tx timeout
[  485.147673][T15564] lo speed is unknown, defaulting to 1000
[  485.264581][T15483] wg1 speed is unknown, defaulting to 1000
[  485.347004][T15453] 8021q: adding VLAN 0 to HW filter on device bond0
[  485.422594][T15453] 8021q: adding VLAN 0 to HW filter on device team0
[  485.497115][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.506018][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  485.584642][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.592085][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  485.986001][T15483] wg1 speed is unknown, defaulting to 1000
[  486.089544][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  486.333471][T15453] 8021q: adding VLAN 0 to HW filter on device batadv0
[  486.482435][T15453] veth0_vlan: entered promiscuous mode
[  486.502699][T15453] veth1_vlan: entered promiscuous mode
[  486.585963][T15483] wg1 speed is unknown, defaulting to 1000
[  486.608327][T15453] veth0_macvtap: entered promiscuous mode
[  486.622684][T15453] veth1_macvtap: entered promiscuous mode
[  486.665318][T15453] batman_adv: batadv0: Interface activated: batadv_slave_0
[  486.701539][T15453] batman_adv: batadv0: Interface activated: batadv_slave_1
[  486.756195][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  486.785739][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  486.821161][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  486.850014][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  486.889441][ T5852] Bluetooth: hci1: command tx timeout
[  487.117055][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.149377][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.234856][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.265352][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.316321][T15564] lo speed is unknown, defaulting to 1000
[  489.144321][T15609] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2950'.
[  489.426996][T15616] netlink: 'syz.2.2952': attribute type 11 has an invalid length.
[  489.568114][T15618] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2953'.
[  490.330405][T15632] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2959'.
[  490.533057][T15638] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2963'.
[  490.565465][T15640] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2962'.
[  490.666443][T15642] netlink: 'syz.1.2962': attribute type 6 has an invalid length.
[  490.741314][T15646] netlink: 196 bytes leftover after parsing attributes in process `syz.4.2964'.
[  491.266423][T15655] lo speed is unknown, defaulting to 1000
[  492.186752][T15655] lo speed is unknown, defaulting to 1000
[  492.203417][T15655] wg1 speed is unknown, defaulting to 1000
[  492.280430][T15663] FAULT_INJECTION: forcing a failure.
[  492.280430][T15663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  492.326991][T15663] CPU: 0 UID: 0 PID: 15663 Comm: syz.2.2971 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  492.327030][T15663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  492.327043][T15663] Call Trace:
[  492.327054][T15663]  <TASK>
[  492.327063][T15663]  dump_stack_lvl+0x189/0x250
[  492.327096][T15663]  ? __pfx____ratelimit+0x10/0x10
[  492.327126][T15663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  492.327147][T15663]  ? __pfx__printk+0x10/0x10
[  492.327172][T15663]  ? __might_fault+0xb0/0x130
[  492.327215][T15663]  should_fail_ex+0x414/0x560
[  492.327264][T15663]  core_sys_select+0x724/0xa20
[  492.327310][T15663]  ? __pfx_core_sys_select+0x10/0x10
[  492.327369][T15663]  ? __pfx_set_user_sigmask+0x10/0x10
[  492.327415][T15663]  __se_sys_pselect6+0x27a/0x300
[  492.327453][T15663]  ? __pfx___se_sys_pselect6+0x10/0x10
[  492.327482][T15663]  ? __pfx_ksys_write+0x10/0x10
[  492.327507][T15663]  ? rcu_is_watching+0x15/0xb0
[  492.327544][T15663]  ? __x64_sys_pselect6+0x21/0xf0
[  492.327577][T15663]  do_syscall_64+0xfa/0x3b0
[  492.327604][T15663]  ? lockdep_hardirqs_on+0x9c/0x150
[  492.327629][T15663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.327649][T15663]  ? clear_bhb_loop+0x60/0xb0
[  492.327675][T15663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.327694][T15663] RIP: 0033:0x7fbb2b58eb69
[  492.327715][T15663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.327733][T15663] RSP: 002b:00007fbb293f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  492.327757][T15663] RAX: ffffffffffffffda RBX: 00007fbb2b7b5fa0 RCX: 00007fbb2b58eb69
[  492.327772][T15663] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  492.327785][T15663] RBP: 00007fbb293f6090 R08: 0000000000000000 R09: 0000000000000000
[  492.327798][T15663] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  492.327811][T15663] R13: 0000000000000000 R14: 00007fbb2b7b5fa0 R15: 00007ffcf458bd98
[  492.327845][T15663]  </TASK>
[  492.332308][T15661] netlink: 'syz.3.2969': attribute type 6 has an invalid length.
[  492.383737][T15679] vlan4: entered promiscuous mode
[  492.741058][T15687] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2979'.
[  493.029955][T15696] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  493.149428][T15698] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2984'.
[  493.277269][T15700] vlan4: entered promiscuous mode
[  493.354628][T15707] vlan4: entered promiscuous mode
[  493.728794][T15718] vlan2: entered promiscuous mode
[  493.768852][T15718] bond0: entered promiscuous mode
[  493.783080][T15718] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode
[  493.813158][T15723] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2991'.
[  493.830372][T15718] vlan2: entered allmulticast mode
[  493.853539][T15718] bond0: entered allmulticast mode
[  493.856627][T15723] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2991'.
[  493.879572][T15718] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  493.887305][T15718] batadv0: entered allmulticast mode
[  494.111526][T15728] FAULT_INJECTION: forcing a failure.
[  494.111526][T15728] name failslab, interval 1, probability 0, space 0, times 0
[  494.129596][T15728] CPU: 1 UID: 0 PID: 15728 Comm: syz.0.2995 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  494.129630][T15728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  494.129642][T15728] Call Trace:
[  494.129651][T15728]  <TASK>
[  494.129660][T15728]  dump_stack_lvl+0x189/0x250
[  494.129688][T15728]  ? __pfx____ratelimit+0x10/0x10
[  494.129715][T15728]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.129736][T15728]  ? __pfx__printk+0x10/0x10
[  494.129768][T15728]  ? __pfx___might_resched+0x10/0x10
[  494.129795][T15728]  ? fs_reclaim_acquire+0x7d/0x100
[  494.129826][T15728]  should_fail_ex+0x414/0x560
[  494.129862][T15728]  should_failslab+0xa8/0x100
[  494.129883][T15728]  __kmalloc_cache_noprof+0x70/0x3d0
[  494.129910][T15728]  ? __xdp_reg_mem_model+0x1d8/0x5a0
[  494.129945][T15728]  __xdp_reg_mem_model+0x1d8/0x5a0
[  494.129972][T15728]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[  494.129995][T15728]  ? page_pool_create_percpu+0x800/0xbe0
[  494.130026][T15728]  xdp_reg_mem_model+0x22/0x40
[  494.130045][T15728]  bpf_test_run_xdp_live+0x215/0x1b10
[  494.130079][T15728]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  494.130115][T15728]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  494.130155][T15728]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  494.130182][T15728]  ? bpf_dispatcher_xdp+0x800/0x1000
[  494.130202][T15728]  ? bpf_dispatcher_xdp+0x800/0x1000
[  494.130271][T15728]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  494.130310][T15728]  ? _copy_from_user+0x94/0xb0
[  494.130337][T15728]  ? bpf_test_init+0x133/0x170
[  494.130361][T15728]  ? xdp_convert_md_to_buff+0x5b/0x330
[  494.130387][T15728]  bpf_prog_test_run_xdp+0x713/0x1000
[  494.130436][T15728]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  494.130470][T15728]  ? __fget_files+0x2a/0x420
[  494.130496][T15728]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  494.130527][T15728]  bpf_prog_test_run+0x2c4/0x340
[  494.130560][T15728]  __sys_bpf+0x581/0x870
[  494.130590][T15728]  ? __pfx___sys_bpf+0x10/0x10
[  494.130633][T15728]  ? ksys_write+0x22a/0x250
[  494.130664][T15728]  ? __pfx_ksys_write+0x10/0x10
[  494.130688][T15728]  ? rcu_is_watching+0x15/0xb0
[  494.130737][T15728]  __x64_sys_bpf+0x7c/0x90
[  494.130762][T15728]  do_syscall_64+0xfa/0x3b0
[  494.130788][T15728]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.130813][T15728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.130832][T15728]  ? clear_bhb_loop+0x60/0xb0
[  494.130856][T15728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.130874][T15728] RIP: 0033:0x7fa297d8eb69
[  494.130892][T15728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.130909][T15728] RSP: 002b:00007fa298b0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  494.130943][T15728] RAX: ffffffffffffffda RBX: 00007fa297fb5fa0 RCX: 00007fa297d8eb69
[  494.130957][T15728] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  494.130969][T15728] RBP: 00007fa298b0f090 R08: 0000000000000000 R09: 0000000000000000
[  494.130981][T15728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  494.130991][T15728] R13: 0000000000000000 R14: 00007fa297fb5fa0 R15: 00007ffcf6eb1078
[  494.131021][T15728]  </TASK>
[  494.729480][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  494.950237][T15744] vlan3: entered promiscuous mode
[  495.162694][T15752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.365579][T15754] FAULT_INJECTION: forcing a failure.
[  495.365579][T15754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  495.389660][T15754] CPU: 1 UID: 0 PID: 15754 Comm: syz.0.3003 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  495.389695][T15754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  495.389708][T15754] Call Trace:
[  495.389717][T15754]  <TASK>
[  495.389727][T15754]  dump_stack_lvl+0x189/0x250
[  495.389756][T15754]  ? __pfx____ratelimit+0x10/0x10
[  495.389786][T15754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  495.389806][T15754]  ? __pfx__printk+0x10/0x10
[  495.389832][T15754]  ? __might_fault+0xb0/0x130
[  495.389876][T15754]  should_fail_ex+0x414/0x560
[  495.389911][T15754]  _copy_from_user+0x2d/0xb0
[  495.389971][T15754]  ___sys_recvmsg+0x12e/0x510
[  495.390002][T15754]  ? __pfx____sys_recvmsg+0x10/0x10
[  495.390061][T15754]  ? __might_fault+0xb0/0x130
[  495.390095][T15754]  do_recvmmsg+0x307/0x770
[  495.390129][T15754]  ? __pfx_do_recvmmsg+0x10/0x10
[  495.390165][T15754]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  495.390218][T15754]  __x64_sys_recvmmsg+0x190/0x240
[  495.390244][T15754]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  495.390265][T15754]  ? rcu_is_watching+0x15/0xb0
[  495.390302][T15754]  ? do_syscall_64+0xbe/0x3b0
[  495.390333][T15754]  do_syscall_64+0xfa/0x3b0
[  495.390356][T15754]  ? lockdep_hardirqs_on+0x9c/0x150
[  495.390389][T15754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.390410][T15754]  ? clear_bhb_loop+0x60/0xb0
[  495.390437][T15754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.390456][T15754] RIP: 0033:0x7fa297d8eb69
[  495.390477][T15754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  495.390496][T15754] RSP: 002b:00007fa298b0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  495.390520][T15754] RAX: ffffffffffffffda RBX: 00007fa297fb5fa0 RCX: 00007fa297d8eb69
[  495.390534][T15754] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  495.390547][T15754] RBP: 00007fa298b0f090 R08: 0000000000000000 R09: 0000000000000000
[  495.390560][T15754] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  495.390572][T15754] R13: 0000000000000000 R14: 00007fa297fb5fa0 R15: 00007ffcf6eb1078
[  495.390607][T15754]  </TASK>
[  495.939438][T15766] __nla_validate_parse: 1 callbacks suppressed
[  495.939465][T15766] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3007'.
[  495.967645][T15758] 8021q: VLANs not supported on caif0
[  496.069937][T15770] netlink: 209840 bytes leftover after parsing attributes in process `syz.4.3008'.
[  496.170951][T15770] lo speed is unknown, defaulting to 1000
[  496.450330][T15770] lo speed is unknown, defaulting to 1000
[  496.460284][T15770] wg1 speed is unknown, defaulting to 1000
[  496.589870][T15779] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3021'.
[  497.330033][T15798] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3015'.
[  497.342298][T15798] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3015'.
[  497.351028][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  497.379962][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  497.390192][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  497.413807][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  497.424045][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  497.539691][T15788] syzkaller0: entered promiscuous mode
[  497.545937][T15788] syzkaller0: entered allmulticast mode
[  497.666349][T15783] netlink: 'syz.3.3012': attribute type 2 has an invalid length.
[  497.685883][T15783] netlink: 'syz.3.3012': attribute type 1 has an invalid length.
[  497.773713][T15805] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3017'.
[  497.834637][T15791] lo speed is unknown, defaulting to 1000
[  498.147585][T15811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  498.357170][T15791] lo speed is unknown, defaulting to 1000
[  498.371590][T15791] wg1 speed is unknown, defaulting to 1000
[  498.606425][T15818] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3022'.
[  498.761326][T15820] smc: net device bond0 applied user defined pnetid SYZ2
[  498.783449][T15820] smc: ib device syz1 ibport 1 applied user defined pnetid SYZ2
[  498.807512][T15797] lo speed is unknown, defaulting to 1000
[  499.529785][ T5858] Bluetooth: hci4: command tx timeout
[  499.913622][T15797] lo speed is unknown, defaulting to 1000
[  500.007013][T15797] wg1 speed is unknown, defaulting to 1000
[  500.449050][T15841] vlan2: entered promiscuous mode
[  500.592257][T15847] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3032'.
[  500.803735][T15854] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3035'.
[  500.950387][T15857] FAULT_INJECTION: forcing a failure.
[  500.950387][T15857] name failslab, interval 1, probability 0, space 0, times 0
[  500.995612][T15857] CPU: 0 UID: 0 PID: 15857 Comm: syz.2.3037 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  500.995648][T15857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  500.995661][T15857] Call Trace:
[  500.995670][T15857]  <TASK>
[  500.995680][T15857]  dump_stack_lvl+0x189/0x250
[  500.995710][T15857]  ? __pfx____ratelimit+0x10/0x10
[  500.995739][T15857]  ? __pfx_dump_stack_lvl+0x10/0x10
[  500.995761][T15857]  ? __pfx__printk+0x10/0x10
[  500.995788][T15857]  ? __lock_acquire+0xab9/0xd20
[  500.995828][T15857]  should_fail_ex+0x414/0x560
[  500.995867][T15857]  should_failslab+0xa8/0x100
[  500.995890][T15857]  kmem_cache_alloc_noprof+0x73/0x3c0
[  500.995919][T15857]  ? skb_clone+0x212/0x3a0
[  500.995946][T15857]  skb_clone+0x212/0x3a0
[  500.995973][T15857]  __netlink_deliver_tap+0x404/0x850
[  500.996019][T15857]  ? netlink_deliver_tap+0x2e/0x1b0
[  500.996050][T15857]  netlink_deliver_tap+0x19c/0x1b0
[  500.996081][T15857]  netlink_unicast+0x7fa/0x9e0
[  500.996119][T15857]  ? __pfx_netlink_unicast+0x10/0x10
[  500.996149][T15857]  ? netlink_sendmsg+0x642/0xb30
[  500.996175][T15857]  ? skb_put+0x11b/0x210
[  500.996210][T15857]  netlink_sendmsg+0x805/0xb30
[  500.996250][T15857]  ? __pfx_netlink_sendmsg+0x10/0x10
[  500.996285][T15857]  ? aa_sock_msg_perm+0x94/0x160
[  500.996314][T15857]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  500.996338][T15857]  ? __pfx_netlink_sendmsg+0x10/0x10
[  500.996368][T15857]  __sock_sendmsg+0x219/0x270
[  500.996400][T15857]  ____sys_sendmsg+0x505/0x830
[  500.996430][T15857]  ? __pfx_____sys_sendmsg+0x10/0x10
[  500.996463][T15857]  ? import_iovec+0x74/0xa0
[  500.996495][T15857]  ___sys_sendmsg+0x21f/0x2a0
[  500.996520][T15857]  ? __pfx____sys_sendmsg+0x10/0x10
[  500.996600][T15857]  ? __fget_files+0x2a/0x420
[  500.996619][T15857]  ? __fget_files+0x3a0/0x420
[  500.996652][T15857]  __x64_sys_sendmsg+0x19b/0x260
[  500.996677][T15857]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  500.996712][T15857]  ? __pfx_ksys_write+0x10/0x10
[  500.996737][T15857]  ? rcu_is_watching+0x15/0xb0
[  500.996774][T15857]  ? do_syscall_64+0xbe/0x3b0
[  500.996806][T15857]  do_syscall_64+0xfa/0x3b0
[  500.996833][T15857]  ? lockdep_hardirqs_on+0x9c/0x150
[  500.996860][T15857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.996881][T15857]  ? clear_bhb_loop+0x60/0xb0
[  500.996906][T15857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.996925][T15857] RIP: 0033:0x7fbb2b58eb69
[  500.996945][T15857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  500.996962][T15857] RSP: 002b:00007fbb293f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  500.996994][T15857] RAX: ffffffffffffffda RBX: 00007fbb2b7b5fa0 RCX: 00007fbb2b58eb69
[  500.997009][T15857] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  500.997022][T15857] RBP: 00007fbb293f6090 R08: 0000000000000000 R09: 0000000000000000
[  500.997035][T15857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.997047][T15857] R13: 0000000000000000 R14: 00007fbb2b7b5fa0 R15: 00007ffcf458bd98
[  500.997083][T15857]  </TASK>
[  501.619777][ T5858] Bluetooth: hci4: command tx timeout
[  501.706851][T15870] batadv0: entered promiscuous mode
[  501.716920][T15870] vlan2: entered promiscuous mode
[  501.804772][T15797] chnl_net:caif_netlink_parms(): no params data found
[  502.028102][T15882] bridge0: entered promiscuous mode
[  502.057969][T15890] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3046'.
[  502.063098][T15882] vlan2: entered promiscuous mode
[  502.138812][T15892] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3047'.
[  502.218333][T15797] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.231855][T15797] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.241381][T15797] bridge_slave_0: entered allmulticast mode
[  502.250395][T15797] bridge_slave_0: entered promiscuous mode
[  502.289667][T15797] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.309437][T15797] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.321967][T15797] bridge_slave_1: entered allmulticast mode
[  502.340837][T15797] bridge_slave_1: entered promiscuous mode
[  502.439285][T15899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.474557][T15901] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3051'.
[  502.510013][T15903] IPVS: stopping backup sync thread 15906 ...
[  502.516848][T15906] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  502.533519][T15797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.562507][T15797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.578797][T15905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.589925][T15903] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3053'.
[  502.715855][T15797] team0: Port device team_slave_0 added
[  502.738482][T15797] team0: Port device team_slave_1 added
[  502.849629][T15797] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.867782][T15797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.870068][T15915] FAULT_INJECTION: forcing a failure.
[  502.870068][T15915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  502.906484][T15797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.911168][T15915] CPU: 1 UID: 0 PID: 15915 Comm: syz.0.3057 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  502.911195][T15915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  502.911207][T15915] Call Trace:
[  502.911214][T15915]  <TASK>
[  502.911223][T15915]  dump_stack_lvl+0x189/0x250
[  502.911251][T15915]  ? __pfx____ratelimit+0x10/0x10
[  502.911277][T15915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  502.911296][T15915]  ? __pfx__printk+0x10/0x10
[  502.911320][T15915]  ? __might_fault+0xb0/0x130
[  502.911358][T15915]  should_fail_ex+0x414/0x560
[  502.911392][T15915]  _copy_from_user+0x2d/0xb0
[  502.911418][T15915]  ___sys_recvmsg+0x12e/0x510
[  502.911445][T15915]  ? __pfx____sys_recvmsg+0x10/0x10
[  502.911498][T15915]  ? __might_fault+0xb0/0x130
[  502.911527][T15915]  do_recvmmsg+0x307/0x770
[  502.911555][T15915]  ? __pfx_do_recvmmsg+0x10/0x10
[  502.911588][T15915]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  502.911634][T15915]  __x64_sys_recvmmsg+0x190/0x240
[  502.911657][T15915]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  502.911674][T15915]  ? rcu_is_watching+0x15/0xb0
[  502.911707][T15915]  ? do_syscall_64+0xbe/0x3b0
[  502.911736][T15915]  do_syscall_64+0xfa/0x3b0
[  502.911760][T15915]  ? lockdep_hardirqs_on+0x9c/0x150
[  502.911783][T15915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.911801][T15915]  ? clear_bhb_loop+0x60/0xb0
[  502.911823][T15915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.911839][T15915] RIP: 0033:0x7fa297d8eb69
[  502.911857][T15915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.911872][T15915] RSP: 002b:00007fa298b0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  502.911893][T15915] RAX: ffffffffffffffda RBX: 00007fa297fb5fa0 RCX: 00007fa297d8eb69
[  502.911906][T15915] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  502.911917][T15915] RBP: 00007fa298b0f090 R08: 0000000000000000 R09: 0000000000000000
[  502.911928][T15915] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  502.911939][T15915] R13: 0000000000000000 R14: 00007fa297fb5fa0 R15: 00007ffcf6eb1078
[  502.911969][T15915]  </TASK>
[  502.968811][T15918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3055'.
[  502.996685][T15797] batman_adv: batadv0: Adding interface: batadv_slave_1
[  503.196658][T15797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  503.228051][T15797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  503.228709][T15920] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3059'.
[  503.285060][T15920] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3059'.
[  503.531108][T15931] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3062'.
[  503.533153][T15925] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3061'.
[  503.614518][T15928] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3061'.
[  503.675802][T15797] hsr_slave_0: entered promiscuous mode
[  503.698473][T15797] hsr_slave_1: entered promiscuous mode
[  503.712281][T15797] debugfs: 'hsr0' already exists in 'hsr'
[  503.718283][T15797] Cannot create hsr debugfs directory
[  503.719494][ T5858] Bluetooth: hci4: command tx timeout
[  504.025662][T15950] netlink: 'syz.2.3066': attribute type 1 has an invalid length.
[  504.165771][T15950] 8021q: adding VLAN 0 to HW filter on device bond1
[  504.213140][T15947] bond1: (slave ip6erspan0): making interface the new active one
[  504.224809][T15947] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  504.694296][T15797] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.816714][T15969] vlan4: entered promiscuous mode
[  504.866817][T15947] lo speed is unknown, defaulting to 1000
[  504.995041][T15797] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.267736][T15797] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.489365][T15797] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.571032][T15947] lo speed is unknown, defaulting to 1000
[  505.706690][T15947] wg1 speed is unknown, defaulting to 1000
[  505.729814][T15993] lo speed is unknown, defaulting to 1000
[  505.762658][T15998] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  505.778181][ T5858] Bluetooth: hci4: command tx timeout
[  505.925250][T15797] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  505.970211][T15797] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  506.006948][T15797] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  506.051059][T15797] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  506.470665][T15993] lo speed is unknown, defaulting to 1000
[  506.492336][T15993] wg1 speed is unknown, defaulting to 1000
[  506.507322][T15797] 8021q: adding VLAN 0 to HW filter on device bond0
[  506.635633][T15797] 8021q: adding VLAN 0 to HW filter on device team0
[  506.670887][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  506.679045][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  506.838285][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  506.845638][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  507.110587][T16019] tap0: tun_chr_ioctl cmd 1074025677
[  507.127248][T16019] tap0: linktype set to 825
[  507.198070][T16024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  507.624557][T15797] 8021q: adding VLAN 0 to HW filter on device batadv0
[  507.923743][T16034] __nla_validate_parse: 4 callbacks suppressed
[  507.923771][T16034] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3095'.
[  508.264322][T15797] veth0_vlan: entered promiscuous mode
[  508.338903][T15797] veth1_vlan: entered promiscuous mode
[  508.513468][T15797] veth0_macvtap: entered promiscuous mode
[  508.556283][T15797] veth1_macvtap: entered promiscuous mode
[  508.614871][T16047] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3100'.
[  508.688357][T15797] batman_adv: batadv0: Interface activated: batadv_slave_0
[  508.708771][T16042] netlink: 'syz.0.3099': attribute type 10 has an invalid length.
[  508.793179][T16042] team0: Port device dummy0 added
[  508.817383][T15797] batman_adv: batadv0: Interface activated: batadv_slave_1
[  508.881779][ T1014] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  508.923567][ T1014] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  509.087559][ T3482] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  509.159004][ T3482] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  509.565038][ T1014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.589628][ T1014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.825582][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.873550][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  510.225903][T16081] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3111'.
[  510.322306][T16083] batadv0: entered promiscuous mode
[  510.327992][T16083] vlan2: entered promiscuous mode
[  510.614365][T16093] vlan4: entered promiscuous mode
[  511.128947][T16106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  511.488332][T16110] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3122'.
[  511.665289][T16112] lo speed is unknown, defaulting to 1000
[  511.959413][T16121] netlink: 'syz.4.3126': attribute type 2 has an invalid length.
[  512.010229][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  512.280330][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  512.293980][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  512.306110][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  512.326063][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  512.340386][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  512.631355][T16112] lo speed is unknown, defaulting to 1000
[  512.641320][T16125] lo speed is unknown, defaulting to 1000
[  512.669754][T16112] wg1 speed is unknown, defaulting to 1000
[  512.851420][T16131] 
[  512.854114][T16131] ======================================================
[  512.861931][T16131] WARNING: possible circular locking dependency detected
[  512.869919][T16131] 6.16.0-syzkaller-06574-gd9104cec3e8f #0 Not tainted
[  512.877072][T16131] ------------------------------------------------------
[  512.884409][T16131] syz.4.3129/16131 is trying to acquire lock:
[  512.890645][T16131] ffff888142ff71d8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0xf0/0x320
[  512.900510][T16131] 
[  512.900510][T16131] but task is already holding lock:
[  512.908180][T16131] ffff888142ff6c98 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[  512.918726][T16131] 
[  512.918726][T16131] which lock already depends on the new lock.
[  512.918726][T16131] 
[  512.930208][T16131] 
[  512.930208][T16131] the existing dependency chain (in reverse order) is:
[  512.939384][T16131] 
[  512.939384][T16131] -> #3 (&q->q_usage_counter(io)#50){++++}-{0:0}:
[  512.948579][T16131]        lock_acquire+0x120/0x360
[  512.953863][T16131]        blk_alloc_queue+0x538/0x620
[  512.960655][T16131]        __blk_mq_alloc_disk+0x15c/0x340
[  512.967810][T16131]        nbd_dev_add+0x46c/0xae0
[  512.973558][T16131]        nbd_init+0x168/0x1f0
[  512.978531][T16131]        do_one_initcall+0x233/0x820
[  512.984354][T16131]        do_initcall_level+0x104/0x190
[  512.990647][T16131]        do_initcalls+0x59/0xa0
[  512.996035][T16131]        kernel_init_freeable+0x334/0x4a0
[  513.002387][T16131]        kernel_init+0x1d/0x1d0
[  513.008421][T16131]        ret_from_fork+0x3fc/0x770
[  513.014338][T16131]        ret_from_fork_asm+0x1a/0x30
[  513.020217][T16131] 
[  513.020217][T16131] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  513.028170][T16131]        lock_acquire+0x120/0x360
[  513.033609][T16131]        fs_reclaim_acquire+0x72/0x100
[  513.039671][T16131]        prepare_alloc_pages+0x153/0x610
[  513.046543][T16131]        __alloc_frozen_pages_noprof+0x123/0x370
[  513.053392][T16131]        __alloc_pages_noprof+0xa/0x30
[  513.059313][T16131]        pcpu_populate_chunk+0x182/0xb30
[  513.065282][T16131]        pcpu_alloc_noprof+0xcbf/0x16b0
[  513.071397][T16131]        bpf_map_alloc_percpu+0xbc/0x1b0
[  513.077380][T16131]        prealloc_init+0x225/0x630
[  513.083602][T16131]        htab_map_alloc+0x6ce/0xc70
[  513.090685][T16131]        map_create+0xaa3/0x1310
[  513.096236][T16131]        __sys_bpf+0x60f/0x870
[  513.101676][T16131]        __x64_sys_bpf+0x7c/0x90
[  513.107438][T16131]        do_syscall_64+0xfa/0x3b0
[  513.113149][T16131]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.120029][T16131] 
[  513.120029][T16131] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  513.128253][T16131]        lock_acquire+0x120/0x360
[  513.133948][T16131]        __mutex_lock+0x187/0x1340
[  513.139905][T16131]        pcpu_alloc_noprof+0x286/0x16b0
[  513.146753][T16131]        sbitmap_init_node+0x1e1/0x630
[  513.152721][T16131]        sbitmap_queue_init_node+0x41/0x660
[  513.159801][T16131]        blk_mq_init_tags+0x110/0x280
[  513.165550][T16131]        blk_mq_alloc_map_and_rqs+0xbd/0x9f0
[  513.172240][T16131]        blk_mq_init_sched+0x28a/0x710
[  513.178150][T16131]        elevator_switch+0x19c/0x5f0
[  513.184827][T16131]        elevator_change+0x21b/0x320
[  513.191644][T16131]        elevator_set_default+0x186/0x260
[  513.198425][T16131]        blk_register_queue+0x35d/0x400
[  513.204909][T16131]        __add_disk+0x677/0xd50
[  513.210784][T16131]        add_disk_fwnode+0xfc/0x480
[  513.217706][T16131]        nbd_dev_add+0x717/0xae0
[  513.224762][T16131]        nbd_init+0x168/0x1f0
[  513.230725][T16131]        do_one_initcall+0x233/0x820
[  513.237812][T16131]        do_initcall_level+0x104/0x190
[  513.246189][T16131]        do_initcalls+0x59/0xa0
[  513.251797][T16131]        kernel_init_freeable+0x334/0x4a0
[  513.257916][T16131]        kernel_init+0x1d/0x1d0
[  513.263235][T16131]        ret_from_fork+0x3fc/0x770
[  513.269190][T16131]        ret_from_fork_asm+0x1a/0x30
[  513.276260][T16131] 
[  513.276260][T16131] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  513.286301][T16131]        validate_chain+0xb9b/0x2140
[  513.292761][T16131]        __lock_acquire+0xab9/0xd20
[  513.298363][T16131]        lock_acquire+0x120/0x360
[  513.304068][T16131]        __mutex_lock+0x187/0x1340
[  513.309411][T16131]        elevator_change+0xf0/0x320
[  513.314848][T16131]        elevator_set_none+0x42/0xb0
[  513.320592][T16131]        blk_mq_update_nr_hw_queues+0x68f/0x1890
[  513.327221][T16131]        nbd_start_device+0x17f/0xb10
[  513.332637][T16131]        nbd_genl_connect+0x135b/0x18f0
[  513.338558][T16131]        genl_family_rcv_msg_doit+0x215/0x300
[  513.344818][T16131]        genl_rcv_msg+0x60e/0x790
[  513.350591][T16131]        netlink_rcv_skb+0x205/0x470
[  513.356243][T16131]        genl_rcv+0x28/0x40
[  513.361651][T16131]        netlink_unicast+0x82c/0x9e0
[  513.367498][T16131]        netlink_sendmsg+0x805/0xb30
[  513.373615][T16131]        __sock_sendmsg+0x219/0x270
[  513.379729][T16131]        ____sys_sendmsg+0x505/0x830
[  513.386035][T16131]        ___sys_sendmsg+0x21f/0x2a0
[  513.391687][T16131]        __x64_sys_sendmsg+0x19b/0x260
[  513.397347][T16131]        do_syscall_64+0xfa/0x3b0
[  513.403263][T16131]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.410213][T16131] 
[  513.410213][T16131] other info that might help us debug this:
[  513.410213][T16131] 
[  513.421323][T16131] Chain exists of:
[  513.421323][T16131]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#50
[  513.421323][T16131] 
[  513.435833][T16131]  Possible unsafe locking scenario:
[  513.435833][T16131] 
[  513.444028][T16131]        CPU0                    CPU1
[  513.450226][T16131]        ----                    ----
[  513.456138][T16131]   lock(&q->q_usage_counter(io)#50);
[  513.463184][T16131]                                lock(fs_reclaim);
[  513.469895][T16131]                                lock(&q->q_usage_counter(io)#50);
[  513.479613][T16131]   lock(&q->elevator_lock);
[  513.484642][T16131] 
[  513.484642][T16131]  *** DEADLOCK ***
[  513.484642][T16131] 
[  513.493665][T16131] 6 locks held by syz.4.3129/16131:
[  513.499313][T16131]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  513.508950][T16131]  #1: ffffffff8f56e208 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  513.519566][T16131]  #2: ffff8880253c7188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa6/0x1890
[  513.531959][T16131]  #3: ffff8880253c70d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb9/0x1890
[  513.544012][T16131]  #4: ffff888142ff6c98 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[  513.555561][T16131]  #5: ffff888142ff6cd0 (&q->q_usage_counter(queue)#2){+.+.}-{0:0}, at: nbd_start_device+0x17f/0xb10
[  513.566839][T16131] 
[  513.566839][T16131] stack backtrace:
[  513.573192][T16131] CPU: 0 UID: 0 PID: 16131 Comm: syz.4.3129 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  513.573217][T16131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  513.573228][T16131] Call Trace:
[  513.573238][T16131]  <TASK>
[  513.573247][T16131]  dump_stack_lvl+0x189/0x250
[  513.573272][T16131]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.573288][T16131]  ? __pfx__printk+0x10/0x10
[  513.573309][T16131]  ? print_lock_name+0xde/0x100
[  513.573329][T16131]  print_circular_bug+0x2ee/0x310
[  513.573348][T16131]  check_noncircular+0x134/0x160
[  513.573367][T16131]  validate_chain+0xb9b/0x2140
[  513.573391][T16131]  __lock_acquire+0xab9/0xd20
[  513.573417][T16131]  ? elevator_change+0xf0/0x320
[  513.573433][T16131]  lock_acquire+0x120/0x360
[  513.573455][T16131]  ? elevator_change+0xf0/0x320
[  513.573477][T16131]  __mutex_lock+0x187/0x1340
[  513.573502][T16131]  ? elevator_change+0xf0/0x320
[  513.573520][T16131]  ? xa_find_after+0xae/0x430
[  513.573538][T16131]  ? xa_find_after+0x402/0x430
[  513.573553][T16131]  ? elevator_change+0xf0/0x320
[  513.573568][T16131]  ? xa_find_after+0xae/0x430
[  513.573585][T16131]  ? __pfx___mutex_lock+0x10/0x10
[  513.573626][T16131]  ? __pfx_blk_mq_cancel_work_sync+0x10/0x10
[  513.573648][T16131]  ? __blk_freeze_queue_start+0x275/0x380
[  513.573674][T16131]  elevator_change+0xf0/0x320
[  513.573690][T16131]  ? elevator_set_none+0x37/0xb0
[  513.573708][T16131]  elevator_set_none+0x42/0xb0
[  513.573726][T16131]  blk_mq_update_nr_hw_queues+0x68f/0x1890
[  513.573753][T16131]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  513.573778][T16131]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[  513.573802][T16131]  ? sysfs_add_file_mode_ns+0x259/0x300
[  513.573822][T16131]  nbd_start_device+0x17f/0xb10
[  513.573840][T16131]  ? device_create_file+0xf4/0x1c0
[  513.573860][T16131]  nbd_genl_connect+0x135b/0x18f0
[  513.573880][T16131]  ? __pfx_nbd_genl_connect+0x10/0x10
[  513.573900][T16131]  ? __nla_parse+0x40/0x60
[  513.573920][T16131]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  513.573943][T16131]  genl_family_rcv_msg_doit+0x215/0x300
[  513.573965][T16131]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  513.573989][T16131]  ? stack_trace_save+0x9c/0xe0
[  513.574010][T16131]  genl_rcv_msg+0x60e/0x790
[  513.574030][T16131]  ? __pfx_genl_rcv_msg+0x10/0x10
[  513.574047][T16131]  ? __pfx_nbd_genl_connect+0x10/0x10
[  513.574067][T16131]  netlink_rcv_skb+0x205/0x470
[  513.574090][T16131]  ? __lock_acquire+0xab9/0xd20
[  513.574112][T16131]  ? __pfx_genl_rcv_msg+0x10/0x10
[  513.574130][T16131]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  513.574169][T16131]  ? down_read+0x1ad/0x2e0
[  513.574184][T16131]  genl_rcv+0x28/0x40
[  513.574200][T16131]  netlink_unicast+0x82c/0x9e0
[  513.574224][T16131]  ? __pfx_netlink_unicast+0x10/0x10
[  513.574246][T16131]  ? netlink_sendmsg+0x642/0xb30
[  513.574268][T16131]  ? skb_put+0x11b/0x210
[  513.574285][T16131]  netlink_sendmsg+0x805/0xb30
[  513.574313][T16131]  ? __pfx_netlink_sendmsg+0x10/0x10
[  513.574338][T16131]  ? aa_sock_msg_perm+0x94/0x160
[  513.574360][T16131]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  513.574380][T16131]  ? __pfx_netlink_sendmsg+0x10/0x10
[  513.574404][T16131]  __sock_sendmsg+0x219/0x270
[  513.574427][T16131]  ____sys_sendmsg+0x505/0x830
[  513.574446][T16131]  ? __pfx_____sys_sendmsg+0x10/0x10
[  513.574465][T16131]  ? import_iovec+0x74/0xa0
[  513.574489][T16131]  ___sys_sendmsg+0x21f/0x2a0
[  513.574506][T16131]  ? __pfx____sys_sendmsg+0x10/0x10
[  513.574534][T16131]  ? __fget_files+0x2a/0x420
[  513.574550][T16131]  ? __fget_files+0x3a0/0x420
[  513.574569][T16131]  __x64_sys_sendmsg+0x19b/0x260
[  513.574586][T16131]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  513.574606][T16131]  ? rcu_is_watching+0x15/0xb0
[  513.574633][T16131]  ? do_syscall_64+0xbe/0x3b0
[  513.574657][T16131]  do_syscall_64+0xfa/0x3b0
[  513.574680][T16131]  ? lockdep_hardirqs_on+0x9c/0x150
[  513.574703][T16131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.574719][T16131]  ? clear_bhb_loop+0x60/0xb0
[  513.574737][T16131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.574753][T16131] RIP: 0033:0x7f530338eb69
[  513.574769][T16131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.574784][T16131] RSP: 002b:00007f5304178038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  513.574803][T16131] RAX: ffffffffffffffda RBX: 00007f53035b5fa0 RCX: 00007f530338eb69
[  513.574816][T16131] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
[  513.574828][T16131] RBP: 00007f5303411df1 R08: 0000000000000000 R09: 0000000000000000
[  513.574838][T16131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  513.574849][T16131] R13: 0000000000000000 R14: 00007f53035b5fa0 R15: 00007ffee34e0cd8
[  513.574866][T16131]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  514.306072][T16125] lo speed is unknown, defaulting to 1000
[  514.313601][T16125] wg1 speed is unknown, defaulting to 1000
[  514.409429][ T5858] Bluetooth: hci0: command tx timeout
[  514.475083][ T5858] block nbd1: Receive control failed (result -32)
[  514.482824][ T5858] block nbd1: Receive control failed (result -107)
[  514.489354][ T5852] block nbd1: Receive control failed (result -32)
[  514.605802][ T5852] block nbd1: Receive control failed (result -32)
[  514.684365][T16131] nbd1: detected capacity change from 0 to 127
[  514.996954][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.115298][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.265385][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.342618][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.542779][   T13] bridge_slave_1: left allmulticast mode
[  515.548865][   T13] bridge_slave_1: left promiscuous mode
[  515.558022][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.572908][   T13] bridge_slave_0: left allmulticast mode
[  515.580159][   T13] bridge_slave_0: left promiscuous mode
[  515.586735][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.647046][   T13] bond1 (unregistering): (slave ip6erspan0): Releasing active interface
[  515.760019][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  515.772638][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  515.783758][   T13] bond0 (unregistering): Released all slaves
[  515.797076][   T13] bond1 (unregistering): Released all slaves
[  516.090165][   T13] hsr_slave_0: left promiscuous mode
[  516.096749][   T13] hsr_slave_1: left promiscuous mode
[  516.103802][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  516.111982][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  516.120767][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  516.128576][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  516.142241][   T13] veth1_macvtap: left promiscuous mode
[  516.148282][   T13] veth0_macvtap: left promiscuous mode
[  516.154858][   T13] veth1_vlan: left promiscuous mode
[  516.161056][   T13] veth0_vlan: left promiscuous mode
[  516.342154][   T13] team0 (unregistering): Port device team_slave_1 removed
[  516.376806][   T13] team0 (unregistering): Port device team_slave_0 removed
[  516.748005][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.803991][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.866084][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.906607][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.963187][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.013887][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.085652][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.136547][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.208597][   T13] bridge_slave_1: left allmulticast mode
[  517.215550][   T13] bridge_slave_1: left promiscuous mode
[  517.222347][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.233455][   T13] bridge_slave_0: left allmulticast mode
[  517.239449][   T13] bridge_slave_0: left promiscuous mode
[  517.245997][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.256186][   T13] bridge_slave_1: left allmulticast mode
[  517.263082][   T13] bridge_slave_1: left promiscuous mode
[  517.271295][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.281642][   T13] bridge_slave_0: left allmulticast mode
[  517.287682][   T13] bridge_slave_0: left promiscuous mode
[  517.294290][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.726991][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  517.737506][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  517.747464][   T13] bond0 (unregistering): Released all slaves
[  517.825044][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  517.836817][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  517.846815][   T13] bond0 (unregistering): Released all slaves
[  518.387654][   T13] hsr_slave_0: left promiscuous mode
[  518.394884][   T13] hsr_slave_1: left promiscuous mode
[  518.405344][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  518.414410][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  518.423245][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  518.431255][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.449676][   T13] hsr_slave_0: left promiscuous mode
[  518.456025][   T13] hsr_slave_1: left promiscuous mode
[  518.464053][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  518.473402][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  518.482830][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  518.491031][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.506429][   T13] veth1_macvtap: left promiscuous mode
[  518.513645][   T13] veth0_macvtap: left promiscuous mode
[  518.519648][   T13] veth1_vlan: left promiscuous mode
[  518.525453][   T13] veth0_vlan: left promiscuous mode
[  518.532155][   T13] veth1_macvtap: left promiscuous mode
[  518.538226][   T13] veth0_macvtap: left promiscuous mode
[  518.544484][   T13] veth1_vlan: left promiscuous mode
[  518.550031][   T13] veth0_vlan: left promiscuous mode
[  519.068824][   T13] team0 (unregistering): Port device team_slave_1 removed
[  519.118327][   T13] team0 (unregistering): Port device team_slave_0 removed
[  519.711897][   T13] team0 (unregistering): Port device team_slave_1 removed
[  519.747256][   T13] team0 (unregistering): Port device team_slave_0 removed