last executing test programs:

6.679615958s ago: executing program 1 (id=7101):
accept$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866307d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a8acc1f76340f060cc9a3acad3451c17dc9b5ca5d10a0cb1708592d1900a046f33761d50895febd9fd58cb132989766cf7c252daac259576ec218e3857e6fa97fe445d1fab51d87302a4bb28a4cfe462ee4849cc6832650188ca187d85509d8beccf9d9cf752368985804195b9fd2faf1aff8248f3981bd55cbbf514cd8365fee72cc7af053e5388ceadadb967ef735181df6a90cab13f58f6d563c9ab4ad37297aecffd8446cb2b14ec36a99af8393e3760d5970ba1debdcbccd54012c559ee2797ff962328aa6a252c0756e396ce4d52937546675203bdf1d6b120acac576523f8b1daa922188bf61536312f90dba92fb380c3c6fb5f9883a2c4dd99a1bac9b7cb25ff2ef9bd58ff97ddfdd2d4bcc371ee82245b57cd91a7fa3479cd339f54a5c422b753cd42d441ea881d46e419312db1f0cccce"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff48}, 0x48)
sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="10000000070000000401"], 0x10}, 0x331e5c6805043cda)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)
r2 = socket(0x15, 0x5, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
unshare(0x2a020400)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000233000000fe8000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x35, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x14, 0x3, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt(r2, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB="300000001c00357428bd7000fed3df2502000000", @ANYRES32=r6, @ANYBLOB="8740b210de7a84585f54f1f46fe746fccce8cf6939002203a2b107697d9ffff1be2a39b22994da1e60345efff009de02a712a97ad14e758c8e8852571b7e6857bea1f54e2e5e380e17c555e3a09f0c7d604aecc3afd0c445a42acca8faefccf130a69f2f96dbeece5abef81b84b06906e556755b61963cfe834e1217e73e6909079fa9011d734503348698e0b615b9086e1e37f221a0"], 0x30}}, 0x80c0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="200000000b141d0626bd7000fcdbdf2508000100"], 0x20}}, 0x44)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r7, 0xf507, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newlink={0x20, 0x10, 0x439, 0x0, 0x2, {0x0, 0x0, 0xe403, 0x0, 0x62a1}}, 0x20}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r8, <r9=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x10, &(0x7f00000003c0)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x4, &(0x7f0000002500)=""/4105, 0x0, 0x68}, 0x94)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000dc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0xd1}, 0x80)

6.230991499s ago: executing program 4 (id=7103):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000bc0)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}}, 0x0)

6.159530068s ago: executing program 0 (id=7104):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
r0 = socket(0x14, 0x2, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x61f0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r3=>0x0})
r4 = getpid()
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="ed4d00000000fddbdf253100000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00R\x00', @ANYRES32=r4, @ANYBLOB], 0x24}}, 0xc0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)=<r5=>0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000003c0)={{{@in6=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@loopback}}, &(0x7f00000004c0)=0xe8)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000001c0)=0x14)
sendmsg$nl_netfilter(r0, &(0x7f00000019c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001980)={&(0x7f0000001a00)=ANY=[@ANYBLOB="581400000e01050025bd7000fcdbdf25000000014700c580ab8c0ea965ac3f16ddfb05693f60d6b20a8ae459da8ef9c59b7e98bf2630ec1ee7f11a438ee67f115e1c2f218f7ccf13eb5efdd202e8b7fb234030839586c8fcc3a537000800d300", @ANYRES32=r4, @ANYBLOB="8601d9809b44bbf2d7cbabbad17d268ba6cd49b20d0e912e0a72014b70712b471e9a5d34021a755869b0056c1b5cdf0c65f494669e9edee2494708cde9314e4f16cab658f965f03bbc1b6ea57c98a3af8471b974ec4e8f66ccb9e718f398dc89db6cb8995fe5d2f41274c6cb2a08055c2005fafcc3ec6c5b20c34fc35250fc5c86ac3ed5ff4673a5f22d8f7ebf871d70ab89dd96ba40be267f1cb1a233aa4cc74bf9ff5eb91b4c081c6575a8c579c74b3fa055bb8e8c37e0c049c65f7b2b6ab7ddedeaa42db90496ce0c8386a6ebec0b978b2a1de0e55a51261a0f30227d8482948d8a6ff29f1622d32cc7f87ca7fa63040014800422aaea4e0aa3562d218638c93be91774a29461a8126e1e9ca29e78948b20050d201ee75aff3987dfdb2709b821d1a8e024369acbac75d82caea795c1987a662292a505ca8f3d15c4b837fb460be13e56ea58d50babbfffbd615a64d461feec040063000e0066006e732f6367726f7570000000040001000400458008005f00", @ANYRES32=r5, @ANYBLOB="0e0012006e732f6367726f75700000000000a111ad800400c5004c6c94081959d92d738d9874e3cd8099f9bc6766cf93f4550331dc5db7afb97d0db9dcbea8522be5396411ffc528fb355bbb7e049cfffae9c82d0829402d1291f135ce4f49c8374192d274780493bb2329b4df682d4f508edcbb178c85bbed4feeeddb681e5e28f586029fe9104671d4048d75604b1adaa814f1195298150a178fedf1987285aa9a021c4c3ba00cb9bd323030f2dc5963b1d6a22d5551a0d0c99276961244f9aadc276d5b502aff61bf522b37a314b869acc44ba27364289a46ecbf65fe1035c5d624559823658fd3df6d0fb7d4bcf5941d35ddbfb7dd9ec40dfd4354da7c3a7be9ddb183d64f30c0f09c9786203645b39a9c4712ddfb76336113f586d29dffbf18a15b5769dd3f92f7ef946e31b41790956fb4434684b360cff1ae7050041026005ffd0db9727044d1488c877760c6735bf286a427a2ccc3d636c4b4b89c89c0f96c2aae9292b8ed84a8271140a5be4169d71fee67b0afe7df850163e7b2f32301e9c766ca82215c05a7704a947feedb7f04a148fb2e4cba553caf89adacf195040690224c397bb1d85ca519dadc1a8a302b64383ed8e05a4f27fa81f5002c4243881d255883bd2ff3ca9121f46557f6c6e02a7c21e3c091ad55a27e859ec2cb10be0ff327318829f9225144dd8484553e1db47fe5bb4073bdba36e0022d926ea9721e61d27f21f5e3d25679227a6edf159fa5ab8df66fd0ba69a4cd4e115e79d0d602217852ee1cbe2c22b844db4007db9f619ef54bd7558cb77a9b5839651d20f37d239aa33b8df803e754121373679040d25654f8eef507ebf2b2bf6c433e9699e8c6021fae5e4cfad29500253191da524558211f2b2dd05129c10bfc0d2410fdcc74f2988c0d9f8f3e7e70a18fb1cb5314aca02e9421222ea2a5a64ffdf3777ffe8a10283776fb834e407ae27a40decd3ed2b41faef3b66c17c9438ebb83b87f7cf215faef6cdf0a144970e2db9460a1b012ac5a23a63f3a3c662682dab841e1bad29112fd1229c35fb90e72905a3d9669aaf6447ec4c906db0f760db577319781655587e996c55e8b007278c3a4b3a21dfa893fda721fe33315cc4eb211f4cd095270d898e335e203eaba0e775d89059cd845cdea11814e0001f18a0aad1793731e9489680c324b6f583a1d46636074cefa5e168c183f7bda3785d2040fff1760089c08938a3d1ac9ed29f3bdac63f7acde4dd5bdad1d659b2ded69037024d142dac652d343be65c1de055181c084e0ee7ae542d384cfcce7bc7545a6ab11c960ce1f11726569aeb51a056cc259e5fe23262ddcec0eacbf3707dd03a374ac097bd0646d0c329cde7d576e01d0255ad76de3a2c5e1cff1e16dfcfc6306dd7e28077a95ceb6294eb085d1e5145d5abce329b501decd524ed94c0d65ff089560ceb8b6e371f656206f1fb5eb9098e5a396d0c03e36e238bdbfdf80009fbb062dd0c8757e466fce3db105287b244479f11e4a2a3530694638d76189897cd9881b99f9c40acef6e333d392dd8675df48cbcb1259d9d4fc25c7692c7185cd8cf0d57fd5a07a7f0b70eb95f5fdb2f3b219afa5c3eefe0bd94df3e2e818ff886c8e83661825303bf17cda401de0082d71df10857037259da85ffa39011a176a6ea1b30203881e20d0cb88b721fad0e8ad37ebe320b5c60d067a515c61748648ab59f3cec52646dc3b39087f55372d0e957dc6f2619df0909adc84c69f88547c26e122274c607c2fd2815e305fde9d8b14d13092d5a7a929efd957f1562c21e208d5d9bb6e39de3854c8d59d1ac6efe03fe7639fa06dd59165acc238386343a61350641f88e5ba2ea2c242d2094f63dc341ca8dde374d0a2edaf097a172baa55dc865aabf1db3d3342930997916ffb1ad6171e8543ef088892c0ea0fe309ea3bed11e04c3068e0c26bc28352699fea49723f92f37a5ee055f22b541eabc24b6404a7e6b8f733c697ef0e2ff7cda22676e5f693203f5ef21a4d73cada410f6a13da887283a404c18daadbab69913c375ecdcf1581fc619eab390f4763efa7cdd4f8ac4e4cecbcbd599844941a498a6744f50e51a0ac12fb038a599ea4ac42a1307fb94f09cc27efc3d3594246a4a4dad63cabc110a231a24fb4a24d45edd5244336269a9160f4b91b8f59870c0b5c98e43ceed4fde19b16cb4701880ca4f7ca9354ecf0de6f05dae2c4028a4090a76514cb6e28d2032baa9cfd94a3b0ce06b269b9b344b058794287cb3b5f8e4bfc4008b099698461f3ba0b85916c56a4f76e03b037e6d73b2761fedfb32f09c4ce99832090a7b00c6f9ec2fb288162d2693ea5509f105a68f8a44f232fdc5a4726e690ddf6c531e32d6330dd27e59080571f00fe018f8de4492de9fe81465db8c785495ca65385dc7dd9bdb37144d7db1709c44ea34eea2277e1aa1c24a43d60a19a80eda852113aeac896a78c267c324812d4d278756ac5dc4eec7f6499bc84b57012108f3fbf41f2c59823cd924360bc0e4977f0adc599c152721a3d5a6f3fbdbed27b2209ba462702bf96e0b5e88191a4433d2fbc9923277751044f80dd44d1065f111bdf517b5f9675be48c829c9e4238bf5ee9675327f5b7d1d5bc4038f6b92c73be945195801a23260222cb6bb6cdf48dd8955d8be402c0ed35b2e861c94d7aeeb13d7874510b8c7aba2ec686d0875add485b03096c79d41853efa8bb2364673c2f87cf4cf399b92ff2da9f385f17cc31638a1b70d2160a6c3e7bf76007c71f6171d86d27cedd1c0aae8902a66a203725b3cf284edbd40448036c4ae76c5607b03e196c84902ccd3d5704350ffac069f27d46049440082b7a4d683f31f59bff8ca6698b4c8b8f69b5f493fdacbefc84b9a8313e3c302806f73cf37247f981adc188c72aa27386c8c8261a049160c91b67fc96ef57703819a032afbff73e8d69a528ecf68ac1f2b01aba3f42d1fe50285186025ab786b2369ce018e6dcea4ba6036b6fe38a6d5cf0f1f6ba1b2d9b4afc9edd57ba60e111d318be72f381253501b36b2873673d40b73105b67d27ee7282c9bdbf2478c1ff27dc935e27c0fd21c411bfd58b45b41639bd629eec991649fff2606a8d46d12c066cd5fbbf4f0c6f92c5d7fbd02aac72ce637303d646d6f80222efdf5c1f9deebb074d9f254f9ff26230302edfff38c803b6d01999718b56bb01b143cffc1ed52ef03b1ca8a76e53ce495ed054476a83060de8a67044a3f59bef959f37dfdf6a1f51ca6a6f7a2503824f1ed08ef609dc033e1b8a7123b895c69806777942108e288b1279e01ebb18d7f5ed1daa8e03f9a28262aa72e4786bca812c8f89445fa0baa66445f78e28ff813145820679e3d0347376044ef29dded3250e37c97f9f948e94c79dae16f97862aebf790c1cd10d0b31240d0b0c9b7978d4af34baa5eeb260fc39139aca4844639477a2c6da72394b1c5925fac61335d122fb2728b34b6be80f79b2c7e34232cdae96c2000d60f442089fa157761cf0fd7b6b2577b42d6d6004165b65af8451d6b3505853ad2b2a5975260425f5d6eadfaa9b33384c691ce057a688c4bcd5e292da998080b385c80511caca5507cf3a9521d36a41266d64ef4479d016780bc3571dc802b6f6acfb64bddacd10d9aa5c39461e471f6ada1e14069a5661dd89b05604b1730c097eddcb7f9f4779eadf250b453bf1a1fa963f63ffeaa1dc687077e870eab7cc14c3b956bf4a51f2b67aadb9296273be46a1ead76166f84c48844b905bfc28ea3d06686ca4bedc3f1ee014d05f459ed08c54fabd4dd0d3f43999f51ea1c1a5bf7c989edd1b2b7be5991a7095f996d26a5d9ca8c62b354ff2d501c9394c92eea196003c6ddeb984d0632e4ec1ab064132e11f341d008b83227cbb1eb46893de8cb504e4ae65ca93835412171b946274c125ac52f6ecc35dc513179b0c8f802688ec52a2ca42e68311eb06d5e4f34516c761ef9c34eb1d8a19516761f06d2da394fd993bc852485016fd600de636fd241254e56802a25cf01ca0cc0c9c6964ee365832ddd4f42023d7ed3434c20748716f1aeeadde069c47fee83ead6e5a1590391c8d9c3d5ca66ae6805e0c678e002297ab7ee30b1129b9dc17ca0cfcc809f179c812b518f2fbd81bf4ee4ae3a6d3657afacb2ee37f1eaeeaea27b80acd7cf02ce476077d1fe843b87ca564864b315aea0f1d5335316122fa1e889ba1eb8bad4c4e3dc12c4c3f844290a3d4ee47845c5e412a9ed1357c679bd9db80fd7114126e03fe2a65311d868fcde623f3639d5e847b7765d0d779555dcb9885ab9337395f335ee77f5002ce13e858f8bdf7a6a8d9c4583aa23405be66641dc4847bc5452428662194c48c6500265264ed6b82a557c26b093feebdadffab5f46b1369f40d14d8f3edd38a672f5e39b9bb737ac9d2aaf6513357b7cf4e0bddfc71f5b87d924f4e2e3cfa8d0e15fce12c3df41c466b696816ce0b73cbce2f243b52a2f80c7293496e390e5ee3a837673f3430b0f295c53d636cba3595db595b5345f9519df7ef9c896ae82b69889ca0f22fd46bf2efab313e9f767c1c4ac38f48dd57102fd7fbdc874127f9363d974cc31c5046f39e3ee29153293348bdcc6ec4430da706e8964b997439001ab867beebbe0331ff49eb30eab78361511c019c2f4d5b5095cdb1d0a44810c436eee783c3e8f42659186ebec1512a490059325a1823550d6583ee9f0c6196bb8e61184b2df6f9abcf836436c73321047bed1bb4516cd813a0f6a6ca7196f0a72310211b26aeb23bb60667d90861ba0867b961d8e982b375e25898d423f662c0e9edfe783b4ca54725f3b048117cedd32ea42b72013210ce559645fc259cf290753aa52f029fc1753a32c0eaca985fde60aeb4f83006cb7f945719f31bb2aebd7214af9da774b980688fa6d97a69d3acab570c8777d7d12d6f83b785f41469dc2b8450a455c0bd5939aa8ee90d3954c296f7ba381b909cef5d8f1f69332082e7b5080bb01cffb144feb594483ad06523efc85ae23e9795d333cd914ca7bcb5089dd9e658e4930071ff36be8704f85f23f4d7d7713ee1a0aefb1dfc4bd08614228d296470a9fd9c9ad34a96978d1fb85d354bffd15a05083ad2b0c347dc1b44fa6d78cb7ef387a5adfbe8ad1c287e0e86fc00c9aa76e0e125d0aa3b5551fd62e6eaa53ef064c9fd1e027e9e1c7f4637bea74f2fdbc18208fa99687913625ec5b323310952c0d7eb3a24d2bcf6902387cd7070ef9a9b1608b5824e0ab3d79d23c70dbfe76eb4a38095523e4e6a2673697e0b7df1ac0e9d2d3713b7ddd41674f6e2c2a73839c46bf31799d9ebcd53ff8735ab5aa88bf6f8b9c9cbccf3fd231c97386bce5ff96c4b408f8523cd82d5ee5518c30e635ff516504e3ced521db222fbceac8c694d12130387c2dffecfeb1d38d15360682f353ca33048fa1346c82cf295618b239b8d8f28934c3a008d9efab95ddf599829b3b7a4a2826a962f0bc620d3159c09ea905e360784bde0adfe5f7c95176f14fbcb4fd83a7aadb8516539434475e3848d936a073b3e3f68fda77b4763401d005714b9d763a1f01eaa7d1602c520c09a5dd1ba2ed87efe9e4146846341a13ee55abe99eb8c30ca9c2d8c80caaadd928c16484d52bebce928121592a68b806e97d0f1681862eeea1371618933526c0af62df8b4e4532ac400ef5103482586ee19396cd43a49addfd610694690fd705089ab2ab76ef3fb8bb6be9582faf8e61fc78f0038cbd4e79e16e93584abc72c72ac0bd3af97b8dde2c7cc8786cfa726b913e124e341720b7964f3e355fa6355a304bef0f395dcdad7e3207f1cef888d1bc43e2c2a7e86236ca433ad21e16e65eb0ab42864fba25817b2d0ff71ea0f9b707f488126326ad4150a8769b3671a6efdc7f98eccc0d7713934bc49c55c371b4d55c26f331902583a8a3983bc9ed58da58da954b153abae3888acca367338101f91f562daf5018841457b5d8b7ed0b96cbcd9e26346e674dde7c5ac9b07c7aaa73c02f729722369f73f791077789030bf5ffc9aef861be18d0692b89847dba29be5b7b001af7ebca4d8624e17b76b568f40da11570f5e1b6ad56634f113016d5fea24c2336df041063f8e5bb94907b7ce8e7b3380ce1d1335093c5c9e03b7451e1ebba901e7ab70bbb7dd417d68914e5ef3d84c18fbdb4bf747b8f36b8aa5bdfe2ffab7a9bd61a9ced4063c17555a57ec15308a6cba04a9f00400ff80f2fb40979b05bd915b84aef449d3e5f5a5a285ba7ad72dfc3532fd09d1847ffde83b5abdc33fe8e25197c7663d58c729333d197e2f25cf4060f853d61544679472ea0989d51a09225499e17abf68ef43dada20953fce678828ba9ec1942c2f4dfeefdf7cab08001500", @ANYRES32, @ANYBLOB="0000000800a300", @ANYRES32, @ANYBLOB="0800f200", @ANYRES32=r6, @ANYBLOB="0e00b2006e732f6367726f75700000006bc590f16fc23b4b176f8d54126f71ab08e189a3ee7f68985fac8662a9ba2108b1fe8368faf547aa59b2259cb9ed608c6a89360f3b7a1e7c15695541a1a3bfd924fecdca66162ad41db06232911a5878bcecc2a26650afe6e2749df7b96eadc6c94b9f05da5e7e961defcb0fd7e0b5a5ff1ad8c4e7d8877d150dd01debd2e18c754b14ac7e6939daf8a55c9bacedc71467065dfaa5f954628b488603b690c9f059f642f48f930600"], 0x1458}, 0x1, 0x0, 0x0, 0x8010}, 0x40)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="4397"], 0x34)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r8, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
setsockopt$inet6_tcp_int(r7, 0x6, 0x17, &(0x7f0000000040)=0x7, 0x4)

5.553963957s ago: executing program 4 (id=7107):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a"], 0x7c}}, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="0c000280060001"], 0x24}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000002020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r6=>0x0}) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_buf(r7, 0x6, 0xd, &(0x7f0000000180)="c6", 0x1) (async)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x25, &(0x7f0000000000)={0x200, 0x0, 0x4bb8, 0x965f, 0x8}, 0x14) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r8=>0x0})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x3f, &(0x7f0000000100)={&(0x7f0000000b40)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r9, &(0x7f0000000280)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x54, r10, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x1}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x9}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_PEER_CONN_ID={0x4, 0xa, 0x100003}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x9}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xffff}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6}]}, 0x5b}, 0x1, 0x0, 0x0, 0x2004c000}, 0x10) (async)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9885, 0x11e11}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_RESEND_IGMP={0x8, 0xf, 0x4}, @IFLA_BOND_AD_SELECT={0x5, 0x16, 0x1}]}}}]}, 0x44}}, 0x0)

5.020649844s ago: executing program 1 (id=7108):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB="44000000000101040000000000000100e000000108000200e00000010c000280050001"], 0x44}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010000304000000000019000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008001f0007000000"], 0x40}}, 0x0)

4.757137769s ago: executing program 3 (id=7111):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x4f}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x37}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa4}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000840)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0x42024, 0x4ad8d}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'batadv_slave_0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040014}, 0x4000800)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000080000000000100000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8a0f83371b0d4e668a23b0daea1ffffffbfa400000000000007040000f0ffffffb70200000800000018230000f741dff66e1018f97b3d89f4153c26d0c3bb442f4ae7e58482d5d065e7912b9a0266a4878e04e1bcdaa6bee5", @ANYRES32=r4, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0x29, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
unshare(0x400)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="1814000000000000000000000000000085000000080000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000070000008500000006000000950000000000000099c0a1035b963fcc845e29c45e0c2d8d80ff913c69cd54a422c71e38e9a2d7e03aea5dca49e52becad514871d38a257c2d0cc1ef495ee4056f9a0721189ea9fe7e4fe50d1db81d9f7596149871224cb7296d48aa810e6d14635e278d750a2c83178719b24a8ab11538d569ebdaae6a3f0b275f9f4a407918780e11b58674726af40bfcd6509a7ffc6a19"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x34, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r9=>0x0})
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r10, r9, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f00000007c0)=ANY=[@ANYBLOB="0180c200000000000000000008004500002c000000000011907800000000e000000100000e220018907804000000000000000000edff00000000ec1a44ef2596a4564861a5752005ad65c05ebe7a282d88ddb47895b28582d63dae2b38e9e6b52ba9c358e196872c6ee4a100c39d21c4efb2ec3f2a418b7025f0b14dfce654e2cecb8534c77fc800adf2cf7d3cebcfc0f665e4b2ebdb21c36c0dd59197196ea8b6dac4d98dc28528410000000000004444ef072bb5e180abfd217c8fb80d4782386af08aab5d87a76e376501b65b3cf30cc724da86ad9be8332eb4772e5d62ac21e6a2ef6e02a852b6"], 0x0)
setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f0000000000)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa, 0x0, 0xffffffff}, 0x1c)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
unshare(0x20040600)
r11 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r11, 0x8946, 0x0)

4.673258676s ago: executing program 1 (id=7112):
socket$alg(0x26, 0x5, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000140))
close(0xffffffffffffffff)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="4401000010000100fbffffbffedbdf2500000000000000000000000000000000ac1414bb000000000000000000000000000000004e230007000080a03a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ffffffff000000000000000000000000000000000000000009000000000000000600000000000000ffff00000000000008000000000000000200000002000000f8ffffffffffffff0000000000000000060000000000000000000000000000001f00000000000000ff0100000000000002000000dcffffff000000002abd7000083500000a0001fd2000000000000000480003006465666c617465000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000001000000000000000000000c0015005a07350003000000"], 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000900)=ANY=[@ANYBLOB="d40000001b000301000000000000000000000000000000000000000000000000e000000100000000000000000000000000000000000000000000000000000000a1dedffde2455c317ad273240fa119d35733b12f875f3f0e82f8fc8b13ebc2ef673525ceeef925bd838fb312adf781f93610ebd33c399f6791618292b7840226d94e38eeed5c16eb85bcd386f6732ab41c47bcf4253de32c4d87a2904285b5d716026b84dc078b06bdfe90b4866189310c9b9982ffc91f734cf2700360998e8d0d07f3e560d6945879ddebaaeb0cb3cb2def2e0fa136e5d90c94b3988f5f7a4a1186c2bf315bccab3123996620977119fa871a50", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a001000000000000000000008001f0000000000"], 0xd4}}, 0x20000040)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f00000005c0), 0x10)
setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f00000001c0)=0x7f, 0x4)
recvmmsg(r2, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0xff6}], 0x1}, 0x8000}], 0x2, 0x10002, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xd, 0x20000000ec071, 0xffffffffffffffff, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000180)=0x2, 0x4)
socket$netlink(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r3)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030080ff00000500030080ff00000500030080ff0000050003000100000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1100000000f336, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r5 = socket(0x2, 0x3, 0xff)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000240)=0x7db7, 0x4)
sendto$inet(r5, &(0x7f00000002c0)="b401fcc8cd1bb8b66f7ee68e052af9c34b7d7494", 0x14, 0x0, &(0x7f0000000040)={0x2, 0xffff, @dev}, 0x10)

4.219593355s ago: executing program 0 (id=7113):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000002e00090027bd7000000003e7040000000800180002ac0f00", @ANYRESDEC=r0], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x24048084)

4.071239652s ago: executing program 4 (id=7114):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats={0x2e}}) (async)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r2 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) (async)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, &(0x7f0000000400)) (async, rerun: 64)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e24, 0x5, @local}, 0x1c) (async, rerun: 64)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x20200, 0x0) (async, rerun: 32)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r6], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (rerun: 32)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c00000010005c884fed625fcdf100000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r6, @ANYBLOB], 0x3c}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)=@delqdisc={0x108, 0x25, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0xffe0, 0x3}, {0x0, 0x1}, {0xa, 0xfff3}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xfffffffd}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @TCA_STAB={0xd4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0xff, 0x7, 0x2, 0x1, 0x1, 0x1, 0x2}}, {0x8, 0x2, [0x5, 0x30f2]}}, {{0x1c, 0x1, {0x1, 0x5, 0x5, 0x0, 0x0, 0xa, 0xffff, 0x6}}, {0x10, 0x2, [0xe, 0x1, 0x1, 0x6, 0x7, 0xb]}}, {{0x1c, 0x1, {0x6e, 0x10, 0x9, 0x2, 0x0, 0x8, 0x4, 0x3}}, {0xa, 0x2, [0x9, 0x9, 0xd]}}, {{0x1c, 0x1, {0x2, 0xff, 0x10, 0x5, 0x1, 0x7f, 0x9, 0x7}}, {0x12, 0x2, [0x8, 0x8, 0x1000, 0x0, 0x5, 0x6, 0x7]}}, {{0x1c, 0x1, {0x1, 0x6, 0xf, 0x400, 0x0, 0x9, 0x81, 0x3}}, {0xa, 0x2, [0xa, 0x7, 0x13]}}]}]}, 0x108}, 0x1, 0x0, 0x0, 0xc010}, 0x4000840) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000100)=@assoc_value={<r8=>0x0}, &(0x7f0000000000)=0x8)
recvmsg$kcm(r3, &(0x7f0000001800)={&(0x7f0000000040)=@x25={0x9, @remote}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/125, 0x7d}, {&(0x7f0000001600)=""/248, 0xf8}], 0x3, &(0x7f0000001740)=""/167, 0xa7}, 0x20) (async, rerun: 64)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@int=0x1, 0x4) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000500)={r8, 0x4, 0x30}, &(0x7f0000000540)=0xfe54)

3.761365876s ago: executing program 2 (id=7115):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99925bd70000000001dfc0000000000000000000000000000000a01010000000020000000000000000000000000000000000a0030"], 0xb8}}, 0x40004)
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, 0x0)
recvmmsg(r0, &(0x7f00000018c0)=[{{&(0x7f0000000100)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000001600)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/3, 0x3}], 0x2}, 0x80000001}, {{&(0x7f0000001640)=@generic, 0x80, &(0x7f00000017c0)=[{&(0x7f00000001c0)=""/261, 0x105}], 0x1, &(0x7f0000001800)=""/189, 0xbd}, 0x5}], 0x2, 0x10, &(0x7f0000001940)={0x77359400})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000000100000051000000", 0xfe60)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x188}}, 0x0)

3.398847072s ago: executing program 1 (id=7116):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a38000000030a01080000ffff86dd0000020000000900010073797a30000000000c00024000000000000000010400048008000700"], 0x60}}, 0x0)

3.398369526s ago: executing program 3 (id=7117):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
connect$netlink(0xffffffffffffffff, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1, 0x200080}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000bc0)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}}, 0x0)

3.096775683s ago: executing program 4 (id=7118):
r0 = gettid()
r1 = socket(0x10, 0x803, 0x0)
getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x17, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000304f9effffffedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="a9d407000750050008001300", @ANYRES32=r0, @ANYBLOB="140003006d616373656330000000000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x4000010)

3.096135431s ago: executing program 3 (id=7119):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x5411, &(0x7f00000007c0))
unshare(0x22020600)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000090000000700000000000000", @ANYRES32, @ANYBLOB="070000001839ebfc7211227ce8e2ba00"/31, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f00000000c0)=@ethtool_sset_info={0x37, 0x8, 0x2}})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, &(0x7f00000000c0)=0xa, 0x4)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'wlan0\x00', 0x0})
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, 0x0, 0xffffffff00000000}, 0x20)

3.095010438s ago: executing program 1 (id=7120):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0xffe}, 0x10)
write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
syz_genetlink_get_family_id$ethtool(&(0x7f0000001f80), r0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$netlink(0x10, 0x3, 0x6720f15ce8555866)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newtfilter={0x6a0, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0x9, 0x7}, {}, {0xe, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0x674, 0x2, [@TCA_FW_ACT={0x65c, 0x4, [@m_ctinfo={0xc4, 0x3, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x3}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x62}]}, {0x88, 0x6, "7efa6308c97d0522da042f21650d41ea4686c1f82691b96cc9448535c9dff645132ef1acac42cdce67719ccd55eecb90363469c5d294ce244190845b4bfa7f22c60bf7c8b5267ed314678d240830a88ccad360e201452ee0e32409b3555fc89ad5cff7c649a03884a2cf8ea722662f5e14da88b76bf1a0570879823e52bf94b455a77650"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ctinfo={0x110, 0x2, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0x5, 0x9, 0x5}}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x5}, @TCA_CTINFO_ZONE={0x6, 0x4, 0xf}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x9}]}, {0xb4, 0x6, "b14b11cc9b39d78e4858ca93fb07ef1d58d68b423e54e0b4e7969dc5eeaea5ee36539316889d32b2c8bf84756402fc9f6c9c30556959565d7e5e77c81dfc719d673e0f2b73da01deae81a1dd9a73628d958af3acedce2d7923acaa1327c10a9f628d6f5c6ee149644da6a8036409265674979e3ff0d475d908286e620185e71566fe694af8e61e850ef00caae6f7fe9004a98d9e0d196e2c7b5d3712f452432140cc45a27151ff4cee229834877c1309"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ctinfo={0x174, 0x4, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x6, 0x3, 0x0, 0xbd74, 0x40}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xbc6}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x401}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x8}, @TCA_CTINFO_ACT={0x18, 0x3, {0xffffd0ec, 0x8, 0x8, 0x0, 0x4}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xa}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x7}]}, {0xe7, 0x6, "6a8cf606b6c9fb492f1b167f70994477da5d28cca610b2c037e60c8feefb756bd4505327dccb793403f4e5e84e6783ff9ab52e912cdecc44006c69a3884aec32a144407ac53cb7f050784b9b672e1d8db542c79e7467f5e17620560fa0555434974140e3ea5b1b25fad0ec142d28a3b680df2f122b4b8ae745addeb6d02e76ee630da3de962d313d7e2110e30a9175bbf5fb3cdf90279910d27b2267747b20803cb91b3d46f1de606224222855eac2f1a5eeecd931ec9443aef43996900f3b52078d2816bed20b72ad63b11a416911fba53235fe49007f7822c73ce9b7f8ad2d823f2a"}, {0xc}, {0xc, 0x8, {0x4, 0x3}}}}, @m_sample={0xec, 0xd, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x80000001, 0x6, 0x2, 0x10000, 0x3}}]}, {0xa6, 0x6, "b743e238298db8b75ac6db091f6b63c4697c0fdb586e0caa49bc8e2381adbbeeebf6111d25c55c5d5b719b09ec1bcd86d8159054b03db9457cf6c102ecc76b36124098b31952e51f792e0378944104ec4989761f98a0d724af0682958eacb817534f3b432282a2f168cac63cc13d9311840eb869a74c95cda1c3dd3ac5541695ae259621ce6eb6e58b250cbeb62f0b401f45993e4545e2c56753cd57bcee9418b887"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_nat={0x1a0, 0x18, 0x0, 0x0, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x40, 0x7, 0x4, 0x5}, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0xa, 0x7, 0x33}, @remote, @rand_addr=0x64010102, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x3, 0xffffffffffffffff, 0xe4e, 0x8}, @broadcast, @private=0xa010100, 0xffffff00}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x401, 0x10000000, 0x6, 0x2}, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}, 0xffffff00}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x382c, 0x2, 0xb, 0x5}, @loopback, @private=0xa010101, 0xff, 0x1}}]}, {0xad, 0x6, "69489d9a11f8fa68ec180baff4e6b8b2ffff1257fc1d1c6182973c8c0f3339199f6ed908b7d068ee59c2186c0139194055ee29c1559d30b6950221c09e00e53a1ca0dd12e88aec17b51dc0fea41642dc2748accc8433c726580732858f0c91cfada3fc126dc595881ab3b8f1cf95308f695b62234583c8aa4d0717fc664397abb9c1254255c06b2783c3d4bf29de882116bd49f84762b26bfb929c721f708cd7c6a26340a35429dc63"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ctinfo={0x84, 0x1a, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x5}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x3}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8}, @TCA_CTINFO_ACT={0x18, 0x3, {0x80000001, 0x9, 0xffffffffffffffff, 0xbe, 0x80000000}}]}, {0x20, 0x6, "77ab0261181f2e29bf1db6b097f8592af58e24fef8e2c57aabca74d8"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FW_INDEV={0x14, 0x3, 'dummy0\x00'}]}}]}, 0x6a0}, 0x1, 0x0, 0x0, 0x8858}, 0x20004844)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4)
sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r12, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x4, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r13 = socket$inet(0x2, 0x3, 0x1)
sendto(r13, 0x0, 0x0, 0x4c55, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={<r14=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000003c0)={r14, @in={{0x2, 0x4e24, @private=0xa010101}}}, 0x84)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000000c0)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'sed\x00', 0x1, 0x10, 0x4}, 0x2c)
socket$kcm(0xa, 0x2, 0x0)

3.053563379s ago: executing program 0 (id=7121):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000cc0)=@newtaction={0x18, 0x30, 0x871a15abc695fa3d, 0x70bd2a, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)=ANY=[@ANYBLOB="fc010000190001000000000300000000ac14141f0000000000000000000000000000000000000000000000000000000000000003000000000a0000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000020000000000000d5290f06000000000000000000000000000000000000000000000000000000000000000004000000000000ff80000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000044010500fc020000000000000000000000000000000000003200000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000033"], 0x1fc}}, 0x0)

2.706781218s ago: executing program 2 (id=7122):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f0000001a40)=""/151, &(0x7f0000001b80)=0x97)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x800, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)
shutdown(r1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000c3a0f8ff4100000095"], &(0x7f0000000000)='GPL\x00', 0xc, 0x96, &(0x7f00000015c0)=""/150}, 0x94)
recvmmsg(r1, &(0x7f0000001980)=[{{0x0, 0x20, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000100)={0x88, 0x1, '\x00', [@generic={0x0, 0x6, "3fcd12ae2d9c"}]}, 0x10)
r4 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg$can_bcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000100)=""/3, 0x3}, {&(0x7f0000000680)=""/112, 0xfffffef2}], 0x2}, 0x10150)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$igmp6(0xa, 0x3, 0x2)
sendto$inet6(r6, 0x0, 0x0, 0x8041, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xf, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000ba000000850000002c000000180000009000"/56], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x34}, 0x94)
r7 = socket$inet6(0xa, 0x3, 0x3a)
getsockopt$inet6_mreq(r7, 0x29, 0x7, 0x0, &(0x7f0000000100))
r8 = gettid()
sendmmsg$unix(r5, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000200)="c2", 0x1}], 0x1, 0x0, 0x0, 0x40044}}, {{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f00000000c0)="03b3", 0x2}], 0x1, &(0x7f0000002d80)=[@cred={{0x1c, 0x1, 0x2, {r8}}}], 0x20, 0xc060}}], 0x2, 0x4)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000000)=r8)

2.612965784s ago: executing program 0 (id=7123):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000005000000000400000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="d61d00ade5615b3710aa00"/22], 0x48) (async, rerun: 64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000200)=0x4) (async)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r2, 0x4058587a, &(0x7f0000000580)={{<r4=>r2, &(0x7f0000000240)='GPL\x00', 0x80, &(0x7f00000002c0)={@align=0x7fffffffffffffff, {0x9, 0x8, 0xfa, 0xffffffffffff0000}}, 0x2, &(0x7f0000000440)={@_ha_fsid}, &(0x7f0000000480)}, {[0xffffffe9, 0x7, 0xc8500000, 0x4]}, 0x3, 0x29, &(0x7f0000000540)=""/41})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x4, '\x00', r3, r4, 0x0, 0x5, 0x1}, 0x50) (async, rerun: 32)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000020000850000001b000000b700000000000000180100002120732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc) (async, rerun: 32)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000004c0)={r2, &(0x7f00000002c0), &(0x7f0000000840)=""/165}, 0x20) (rerun: 32)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000301050000000090050000000a0000080600124000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x5be8531507c827d3}, 0x4000040) (async)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) (async)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r7, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @multicast1}], 0x10) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @local}], 0x2c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f00000003c0)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x4e24, 0x6, @loopback, 0x80000001}], 0x2c)
sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0x29, 0x0, 0x0, 0x0, {0x0, 0x4e23, [0x0, 0x2], [], 0x0, [0x1, 0x3]}}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x20004010) (async, rerun: 64)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async, rerun: 64)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
write$tun(r9, &(0x7f0000000f00)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x11}, @x25={0x0, 0xf7, 0x12}}, 0x11) (async)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x0, 0x3fff}, 0xc) (async, rerun: 64)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r8, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4}, 0x68) (rerun: 64)

2.002705519s ago: executing program 3 (id=7124):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6720000000000036000b000fff52004507000015300000d60600000ee6ff80bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000008000000000000000a3c000000120a09000000000000000000020000030900020073797a310000000008000340000000070900010073797a3000000000080004"], 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x4040000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x60600)
r2 = socket(0xa, 0x2, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1f, 0x0, &(0x7f0000000280))
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_BURST={0x8}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb8}}, 0x0)

1.850319034s ago: executing program 0 (id=7125):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0xe}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000001100050000000000feffffff07000000", @ANYRES32=r4, @ANYBLOB="003000000000000014001a80100004800c000980"], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r2, 0x10, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x2, 0x1d}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x6}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x5000}, 0x4000000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ifreq(r7, 0x8949, &(0x7f00000001c0)={'vlan1\x00', @ifru_ivalue=0x5})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000000440)={0x0, 0xfffffffffffffff8, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYBLOB="e00200df", @ANYRES16=r6, @ANYBLOB="01002cbd7000ffdbdf250c000000b4020380c4000380180001800c000200657468746f6f6c0005000200000000002c000180040003000600020025000000040003000500020000000000040003000400030005000200000000000c000180080001000f000000400001800c000200657468746f6f6c00050002000000000004000300040003000400030004000300090002002e272a5e0000000008000100000000000400030030000180070002008c3a0000040003000a000200766c616e3100000004000300060002002a000000080001003600000004000100eb000400ad3297da4fdfda7773ef7198a5d8535f2d7875d57ac2f8cb16be5b60102a5562175f16518deeed0004e6a5fcf8f9a4203b31e111ffcbb1c16f01a1bb256f2cd6a792647557acab544e9ae7e717dee9f6456b668c058d1b139341cd950347bae6540d0a392e768dc09fbe06c914f8f8e8b3ce74063c4f76e81cc06f30078d23ce0d47003102efef07b89d43c2bc5e666e9e7f353b3e06daa527d6abf7a99e3944c216b4b7bb216af36e8644954e93729d1cd15257cbe807ee7724207d8899c5273ca46d6b1206f03e34c88c4db11aa1f188b49c3bfb3b38c3cfeeaef5324aeeab8e710857b9998200f6000400a15c0429c130da84fa78a756f65be5b2fa805ab32df5a1ceed0aab0283479cb7aacf96d47fc49e619a70c30e3ec8b683922ac58f364ad862025824c57d57c1610cca9532cce4f0bdb6c937154fb7d87632aacfc250f63c82f7fd9dbbdd4561d17c3828e54704544e6821ed8b9dc9be6be2fd5aef9d07099ecb21e18ef06bd3ca170b8c48f9b5b62a8467f3312f1e73d624055c68c33784e42ed74d31b99ea974ec31c4fc2312271cb0b0d88f7246769b773750118464de59157b2bee3c10ae82a1a49249211338f6ea5be80cf9440828ad6936de6f1dbb5556c5981f7fc034780581e6a9828e20b927c86a63cd22c8280522000004000100180003801400038010000180080001000200000004000300"], 0x2e0}, 0x1, 0x0, 0x0, 0x818}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a00010028bd7000fdffff0302102000"], 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.771149772s ago: executing program 4 (id=7126):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002000000090001"], 0x7c}}, 0x4)
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

1.542955303s ago: executing program 2 (id=7127):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000f00)={{}, 0x3, 0x858, 0x32a})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX=r0, @ANYRES64=r1, @ANYRESOCT=r1, @ANYRES64=r0, @ANYRES64=r0], 0x34}, 0x1, 0xffffff7f, 0x0, 0x404c080}, 0x90)

1.477442218s ago: executing program 4 (id=7128):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0xa, 0x3, 0x87)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a"], 0x4c}}, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r4, 0x4048587b, &(0x7f0000001a80)={{r4, &(0x7f0000000340)='GPL\x00', 0x30000, &(0x7f0000000380)={@align=0x3, {0x800, 0x8e4c, 0xcf, 0x1}}, 0x7, &(0x7f0000000400)={@_ha_fsid}, &(0x7f0000000440)=0xa271}, 0x2, &(0x7f0000001a40)=[{0x0, 0x7, &(0x7f0000000480)='batadv\x00', &(0x7f00000006c0)="a2e0ab7d46d977701ead901bb5cb74340b0631dd015b7c2af98e5032021a9de7cd500c498523cf2327faafdc904d8dddbc543a672343131c8bf872219c3dbafd569284da4de217f863db3c5884c3fc668ac39a6da55518a818c0a876d2a8206c8a24d57805f8cc87c3bfdfd72bb3b446f76e9db821263296b7664c6266fcb3881b4ce497df5f4ff9d8b1e95f0e48ab15caef8f7fcec3f20f4c18f607175220ce4aeec12806f412d6fe8e10388dd93845b78f3077bebf11a712", 0xb9, 0x28}, {0x2, 0x8, &(0x7f0000000640)='$\x00', &(0x7f0000000a40)="788589642ec8dd89d9610f4a5bae4bce928ea8214fe1c056c857feb4064f3375ed8f431cd6d85db8f60688d4d26c9b9026319f6e6683181a9317cc7ab2aff5bb1ab68aadf7ee9734b8b09d171428972228c9ac598b327913c49d768b32d31c890b583869b9fb7428fe10b5ea0fdde4a48b8d51a21cb5ba2dbe8ff1679ad90eef8844d2e12d2b935dde255af7c89e3ad9fac2e3d3f3a96a34dcc65a7bcc6ef58182838c327dfc16873f6087cf5503a71a81bc4b4409b63c8051f59e7a4406bd71d9a590dd35d96f1f100a67a696c3a4046f58d7636d4b2ecb818210d7d037e142a54faa303c84c610780241d7f34c9878cc44566d268090e40c32cf3896c4c4cfd1211e03780c5deed2be450dac913971ca153da7024ba167865cb9b1805012e612ec26709923338e5d606d68896cdc9f2e2229d755c1ef89b8bd3dbb3339deacdafe91db0809211986f7b077d96dd5e068dcc16c20b57523da7272b3b87014128305d6ac5b28968eac1424807cc550091dccf494baeb0fa83af9319f44616702dc9c3ea8bfa86f5c0e690d374112492c9d185f87aca2609f630f035b5245c934684af4e6ee91903885e910e09f9c921d7b325f1c7f0bd9d3db7ac8aa12691f3313f4dde782c3b39313d6cfeb5c5cff214d15fd14a03140f9e3ab780cfbae6cbcc517cfaa0c8eb8b9ef56fa16cf9cbea5028426d5e4f0cbbd7f16bb62fe25e24fde19a7bc6ada08ac30f0caaf97e6bd9d80bb812c4b242128de613e14d19ea0868ac01c54fa221aeb564885bfa6922611742324b449d268ea1d8ed82b289a14ef7596ad4a74b17da55c8f16bde42266f3c2218aed59e1a9b6c669cc83234ca14d65f140f035fd3f4f85e9bdcd62043ea7a02b26258d1c7e5fe5abc92bcfaf3b3d9961e8cb6c17a306aec2cd030be0f28e337c0aa52cd7c20273dae4bfe737ce64e328c6577644d6184f01261884e967f2fd15a4801867a455d5fb7542b3bb259d75b39c1818f433d8e39165d788f70eabc06596f99d3cf17123043d6ac46a4b87651ff62a3f348e1e1f3da241aa3688667fa8ebc25377c2947f4ad2c785c41d41298eb7a4d1fb780a1d06e51066a540630b2a5eb072a75b5aa1cf6a0eb5555796431098b606ba4432324507d4d875a20fdf62248aa029ee9b6d671f55f788d5cc601e5460390fe3e1ec5f65cb77c012e034cc03d4ca059689d82cc7ad81a9f13815e02403f9b6d07c750c7678155dbe6b62a399423cd664c5ab3f9b3e1e74ea5194c79bc048c1aadcc052135297ac4e6a60c2393e8d5ca15bc4ec7e013de98ccc8cc55713af4df048fa2452bd2cbd173640a494e60cec67b08bc1b5df8899fceaf7d3c2ffa8aff5516afa7cf10703c4436a6a475604289d6ed11531a939f0f9eb48ff0d56a20d98ffdb303c7f7c0e97e99fc5a7a3cd9fd3f22d2399f486746af1b1748ed954e4af487e8f2a716317e2987388ab36afabce5485e6b1f87a86d95358e912e074263a6e3071bac66ab476a5ab412439e746b427ddaa51038344326727ae0c301858e2ddf2687deef2b52ed75187f4395104cc62f7a7c263f15910f1fadb886dafd3b1c679a2db5e933e4671f3960d6f271bdeafddb3204816b5e3492c7ff8936556c2bb0d31ff42d144855e75b97ce592b0abc86a987e3cedab9bc4000e0caef00a02feebdaa96324a4dd4fee17b3b1f45904b7b2c7a8760ace0b7d278195cae44b3bed9a498f17e3c7409d161ef84f1b270edbfc34254ba043405da55235b46ea72e4b319f193c8a2c7e2d6753a53a2e65100cd9bff024b64a727a11651c1de7a3b823f3543b1ddeee66680755f4a740f8398443f3d1dd2c89b5574b0fa1c32be384b2e6eabe39ef89329ab8eee3b01c65985e736edb7f31b63cdcc4a26c646e7665d46580ebfc390caab11012715fa8dbed6227c42f02b30ff75765082bc634c90fea69dcb8290931bd1c1b588cfb140a2e5395e4b091b4ebd589828c4c142a6b4e11f5e587f8bdb9c5c3ab500a98bd53f22f222d86f6cba610e57dc91ab5f475929828d063f5fcff8ccf9004e2d7b38693da2ab2882a0c15dcf230121aad68c5d579c3283fbdd3c9396e20c1c4d1a14911e72c3687ad8ccd19d564b1de4110c603ce2e1086bcf7efada11fde91c2101003f238afa1562616f90bf3bf6654871ead0b302c7c1de1ce81b31fa64c29094f5443e5a934c4b6dad95e3bc9559d573649a47fbfe4d9e1f1cc1fc29366a5ebc85155c81794f82ae8747a99c64485bdb564738eafed588ec8a0dba16c463904426893f8fe757271a4fd5b269fecc54457236bf25236931a95a86be0103fdb71031e94d11bd533b0e38515052d3800214f795ec450aa1b462a9080caa6c5345bdf932cbc47e90b3cef21ed71b78123f09f31e497a01b78acf97e616d71026bb9c1d8893fea34554f0df086ab187191aa654c0d7c06111b695287d0893d8242c94775b32de4715673b71266ee1955292863041f182b7859f2122c8e8ee09671f2bc8f6e67ac4c736893b3adaf2c8c81cd120eeecde112c5fa0366e722a6705bad8bd660d2d8a287ebec4ba835b4713074453cee8d74c0178cf777ef7c341870c5651245d8a40b851c224f7172f847d44d1a1482f5e1531e25a816dbcd3f0072eacec13e327fd3a3a20043b241be892ddcbc655ce8331c5360d70c04b01a462cbd7edc675fc330631ccfedf47b81d46abff5b6047e8f55c4bce27d3e04e8dd5565b9aeeccca0d0dcd282075523360b34aac0b3f9aca8442317e7a132ffe2172afedd0259a9c7a2cf88a351e46a99373735c8ac4266f8143d870d290cde3714869cd8b8e2f12d97c5073edc095cd552adae17596a99b4dc2e10387abdb7f8b1127d1a92274c9f22440003f8a958a8968be68454b83ecba14973f46344b19103400760ec38a1550c1fdad7f696fa3d53d92083059a8812957550255a6c6af9851279862c692514224de5a6ccdca15b752937c83440555f610375cac36f5003bb58e4510d4c3296377a351eb4099a3393879198d9f16aaf9cb47123b462588de7937d30004b051cf8d22e393548cd06b89d6306225b27439d1154e9efaf87e127c032114b7e1b13887fad305c1604496e9b0ac92d3d9bb9f85ea5735ea9c169700f761353abf8211ab5c71442c7d1eca75b812249f4abdf5abd65300f32f5a975a93a545d7d5d3b2bc4210c222f39173736d615377d339c49def098bfa7b0220aad8c424315b182bf191e3225ec75391ba1b2aefe2ac76818ce3e7e65651b5a144f4dbf0d94a27220f156647a0e5d2323ada5546e693eb271767162a77fd47d801c219636327efa69092d628b4885bf22ae757ea545949e6e146011355abd38cc68e6c7379beca1d3c9962878729bdd85886bf240da2d455b327d9c06d6af0b8e411368f8acca0c3687a1bdccea16cabe5cd8ba1f8dc0c63385caa629b27ce6777d03754cfb0032c9ba33a45a61a8cfb574da4693405f6f31ad28c30b2a5605bc5869cc075fbc6e5d9b5fe8259f674b974ccbdc703bdf14757b8dd319f3e2171965d95e8aa8b8db42768c52258ab3c913349ff058dc0db2ffe8a69e4a2718176d9cef8402031e03781b61f7eee2debc56b46d403befbdf6a5d600c06425ce8c631a7fb407a7f16a37a0728f62cffe52914a18fa01738cb7b0a7fe8071594571aac0865e375f96d67779b44e6c0354262a2e337b01cfe65b287941a820434136d1a0c807a5f2e4b7e26e1758bb8d0353c3b3ec3a7f75678eeb47bdfa6d2a049e1d8de9582be12f3a64360a7332011402e5afc4180281bf5f8287acfc2937e39cdc37e2042344a2e214192b9683ca0ef210ae4637b6a25a62353e84f613ab6563279ac5e792c6d697e967ccdccca65de98c4ef143be720f5823cfbf134a7e2c4fde147dcb287658d8e7a3b5c21be7f99bb57c6cfcb9b1ec55ec975f7b02ac6bdb8a4645ea6e73ef9632ac1803b54f7086b278661cc29dbd16611e8ebfa1b04c4ecbcdc8c1ec3311d8ab6ceb4388351176e8e43dc8a8b3874b279dd181c2587873fccc9e75785eaeb87bd1b421afaa707da781d5bedc6afcdfb5671174f51d255fd3b7707790b252a67447ab6794957c5cd8834ec7326d5afd8520ed7cbed7e818a31172f9cf22e8877f41ab3808ca4e284cc3e257c16a93a1b0d698b1f2077e941f0645fb4a807b2869b0e93845aef6064a51b6884ab8e310f7742b60f14002da5af6767dd3a2442e2bcc67fd69af88eaeb938c05c2c00c32ca6603d2b37cb1ec2ba0b6e9f0887e46e0c58d8cfe6148eaabb6ce9c59e83c8b5db14ade7598ce7018b9f2b8f7bae4b610203bbaddaa7c214f648cd92bcee221435a6f242d0b542cdf1c446e7c7e0c1bb2c006b45e09fbe39a96a938fdcb488654384005376a4d2adbc243c771608ec9c2b4eff70b75218ca89bbdf6518611aea02170fe48c7c2de1a9706d8c1fa6d74fb165f0057d4d97c1441f7ac664ea8f77d7507108d6322df775838566e23d7929ef7b0504bbc297963bb0b746d5cd9992f7dc11c914e3bf8e8d32219b658400b1a652405b4472da9c2538146cb31dba4a2aa580a7b86e5c8a613595c7a2f6fc57e0ecce6edf594c58e4631f5f33a302f75e9c6d4276d4da678d4ebb7e7f2fa7068d4da36d3c87f969befb8b86bafe801ce8dc1b6c3e1fe24228dbbf2e1fbcb51a48948cda8838ade1f5ef0a85b521c1af495164f65420ea4bb154c1f9f0165cb8810373cca8bf5e17ad05f02e08cd730eb71d451328a58d9f81862d1af55a4302a09fb5bec310603a748befc785db67b60222ff2a47751abd2ed852b6a411c435ab925254eb94d745680b4c8757f11cf928ad501b0a322a449dc03e3e07827546469b990459fda0bc4b420e009f56fff2f707972a8c4302646013083d31b15546be39f71c702cce37abe91fe83b237f6732cd91a22daa6016033ca12f91dd850eb4e12eca0f8e3be4cf5da8bc9d52cf4e66b8b8abdd50d37d701400017dbc2b0712121cf9f75969a695a2bad217a93aa460185cc3d525c9e9de1eb0339e6d851b1b7c50665bae74976d81605aac40bc2c5d0e9390eaa5ee5d595dcc44b9f8048e65c9280feee2df937481b0ee0ab342f328be3eab87b77208131ba508a5fd3b7f578fed2b27a750390c6b4bcbaebe101e174e770f4baa21ebc9a01b6b75d13c79b9cdc0c9d2099a0105fc6b1fa4d62609ecade5231a2e62d919aef3047829ac390993e340aab87bd3bf31501af28fe7b8ca46ef0fb93cab5cd077b924198bf31b31f6785e8c950d8c103f88209e4c9b576dbe2e83889e0e67a819653f9f127320cd32c31eefc57ba4357df3160a21555c6f35ea050c3d85a16844b49afa168caec96bbd747e74f71f2e275ad5df075f12e323db31eda6e7e6d8b74e2056285ad0f6b063a146bfb1ff11e28b634148a7afc09c2418c4b828d5cd034903519898ad191b7d72fa270ec2c078bcfff7bcef631ad31b9ee4c94a5ce22ff0200da1c9c030cc1b7b3371213103ae925ff7260a145b62ec1b4b19f98914cb996b7853c868a294290f47e99c17dad425c09d377085cb2eb424fabc454b65d7f66b36018eb70d506a8dd268461fdf09dcfbd1eb2863564ea70bf62857fd59ec5c4575358298488005b21019672fe8c04f4eff8132053e3120bfd397523c6472f63c42628246f9b0030a186fe36662e4a0bd20ac0babde2d4dcd411a1a097463bbfa987f779bf7f84a4402ace9c0e3765553f1ea0973a6609639b770e9672236648c97245e0d4cda405b5ea", 0x1000, 0x20}]})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=@raw=[@jmp={0x5, 0x0, 0x7, 0x2, 0x6, 0xffffffffffffffff}, @initr0, @generic={0x5, 0xc, 0x9, 0x7f, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], &(0x7f00000000c0)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ac0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa1400040000000000000000000000ffff0a0101020c00028005000100000000003c0002802c00018014000300fc02000000000000000000000000000014000400fe8000000000000000000000000000aa0c0002800500010000000000080007400000000044000f800800034000000006080002400000000108000340000000ce08000240000000030800034058696a8c0800024000000001080001400000000008000140000000040c000680080002000000000010000d800800010064010100040003801400188008000340000000070800024000000001580004"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r6, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xdbc2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x404}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40040}, 0x4000884)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@alu={0x4, 0x0, 0xc, 0x4, 0x2, 0xfffffffffffffffe, 0xffffffffffffffeb}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94)
pselect6(0x40, &(0x7f0000000040)={0x3, 0x7, 0x200000000007fff, 0x5, 0x5, 0x6, 0x5, 0x7}, 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd120000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f0000000100)={0x0, 0x6, [@random="c98decfab47c", @local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}, @local, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}]})
recvmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0xfffffffffffffe79, &(0x7f0000000240), 0x5b}, 0xb}], 0x1, 0x10043, 0x0)

1.360374369s ago: executing program 3 (id=7129):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, 0x3c, 0x301, 0x70bd24, 0xfffffffc, {0xa}, [@typed={0x8, 0x3, 0x0, 0x0, @ipv4=@remote}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004853}, 0x20000000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001000010400000000feffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000200002c0012800b00010062726964676500001c0002800c002100e0"], 0x4c}, 0x1, 0xd, 0x0, 0x4000000}, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff024}, {0xb1, 0x0, 0x0, 0xffeff024}, {0x6, 0x0, 0x4}]}, 0x10)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xe}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010020bd70100600010007000000080009000200000008000b"], 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r9 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), r0)
ioctl$XFS_IOC_FREE_EOFBLOCKS(r1, 0x8080583a, &(0x7f0000000240)={0xc, 0x7, 0xee, 0x9, 0x7, 0x0, 0x3})
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x3d, 0x0, 0x2}, {0x4, 0x0, 0x0, 0xe4ff}, {0x4, 0xfd}, {0x0, 0x0, 0x0, 0x10000000}, {0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0xf8}, {0x9}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0xfffffffc}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r9, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@FOU_ATTR_IPPROTO={0x5, 0x3, 0x2c}, @FOU_ATTR_TYPE={0x5, 0x4, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008100}, 0x40801)

1.251398285s ago: executing program 2 (id=7130):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
connect$netlink(0xffffffffffffffff, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1, 0x200080}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000bc0)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}}, 0x0)

1.027643259s ago: executing program 2 (id=7131):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a38000000030a01080000dd86ffff0000020000000900010073797a30000000000c00024000000000000000010400048008000700"], 0x60}}, 0x0)

147.153454ms ago: executing program 2 (id=7132):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f00000000c0)=0x33, 0x8)
listen(r0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r2)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000010000000000000007005d194c7600000000000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x8, &(0x7f0000000040)=""/8, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r4 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r5=>r3, 0xffffffffffffffff, 0x2, 0x1})
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r5}, 0xc)
sendto(r4, &(0x7f0000000000), 0xfeb5, 0x0, 0x0, 0x0)
recvfrom(r1, &(0x7f00000001c0)=""/62, 0xfeb5, 0x10120, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000002bc0), 0x2a0, 0x20004840)

66.084422ms ago: executing program 0 (id=7133):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000001"], 0x6c}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
readv(r0, &(0x7f0000000380)=[{&(0x7f00000014c0)=""/4118, 0x1016}, {&(0x7f0000000280)=""/198, 0xc6}], 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x300060c1)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x44881)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000040)=[{{&(0x7f0000000500)={0x2, 0x4e63, @rand_addr=0x64010102}, 0x10, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000100)}], 0x2}}], 0x1, 0x4000040)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104, 0xa01}, [@IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}}, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r7, 0x107, 0xb, 0x0, &(0x7f0000000040))
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000280), 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x7ff, 0x3139}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff)

771.688µs ago: executing program 1 (id=7134):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000"], 0x48)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
socket$l2tp(0x2, 0x2, 0x73)
shutdown(r1, 0x0)
r2 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r2, 0x114, 0x5, 0x0, &(0x7f00000000c0))
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000000c0)={0x0, 0x10000}, &(0x7f0000000140)=0x8)
recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) (fail_nth: 37)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b7030000000800008500000072000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

0s ago: executing program 3 (id=7135):
syz_emit_ethernet(0x86, &(0x7f00000010c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x3, 0x4, 0x0, @multicast2, {0x17, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @multicast2, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@remote, 0x6e210000}]}, @timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@multicast1}, {@remote}, {@dev}, {@local}, {@empty}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@empty}]}]}}}}}}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="bc0100001900010000000000ffdbdf2500000000000000000000ffffac1414bbac1414bb0000000000000000000000004e20000bf7ff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000090000000000000080000000000000000000000000000000fcffffff00000000000000000000000004010500fc000000000000000000000000000004000000003c00000000000000000000000000000000000000000000000235000000020000080000000000000000000000fe8000000000000000000000000000bb000000003c0000000a000000ffffffff000000000000000000000000fbffffff04030000060000000008000000000000e0000002000000000000000000000000000000003300000000000000ff020000000000000000000000000001043500000002040000000000bb0a00000000000000000000000000000000000000000000000004d43200000000000000ac1414aa0000000000000000000000000400000000010800000000000000000000040000dfa769623c250db0d8c2e6b355e78a6be5c5b36b9d7b2dbeb84cc818868bd72b5674f05dc920ace206f15e0c64eb2d9e29a14eb0d0b060"], 0x1bc}, 0x1, 0x0, 0x0, 0x20006854}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050002000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a30000000004c000000060a010400000000000000000500000008000b400000000024000480200001800d00010073796e70726f7879000000000c00028008000340000000050900010073797a30"], 0xc0}, 0x1, 0x0, 0x0, 0x20020014}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000006180)={0x0, 0x0, &(0x7f0000006140)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="110026bd7000fddbdf2507002600"/26, @ANYRES32, @ANYBLOB="0c0099"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20004014)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x9c, 0x7b5, 0x2, 0x0, 0x7579e159, 0xfffffffe, 0xfffffdfc, 0xef4}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000008000000000000000fdffffff85000000ae000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018030000", @ANYRES32=0x0, @ANYBLOB="0000000000000001b705000008000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x32600)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000000514210626bd7000000000000800010000000000080008"], 0x20}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x320, 0x18c, 0x203, 0x0, 0x19030000, 0x410, 0x2e0, 0x2e0, 0x410, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x100002, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x1000b, 'syz0\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000005c0)={'gretap0\x00', &(0x7f0000000500)={'ip_vti0\x00', <r10=>0x0, 0x10, 0x80, 0x0, 0x1, {{0x26, 0x4, 0x3, 0x9, 0x98, 0x66, 0x0, 0x50, 0x29, 0x0, @rand_addr=0x64010100, @remote, {[@timestamp_prespec={0x44, 0x24, 0x99, 0x3, 0x9, [{@multicast2, 0x7}, {@dev={0xac, 0x14, 0x14, 0x30}, 0x8000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}]}, @timestamp_addr={0x44, 0xc, 0x6, 0x1, 0x1, [{@local, 0x7}]}, @lsrr={0x83, 0x1b, 0x1a, [@remote, @multicast1, @multicast1, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x13, 0x0, [{0x6, 0x9, "0cf03c029c7152"}, {0x2, 0x4, "89e6"}]}, @noop, @timestamp={0x44, 0x1c, 0x37, 0x0, 0x2, [0xf, 0x72, 0x4, 0x6d1726e4, 0x7ff, 0x9]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000880)={'tunl0\x00', &(0x7f0000000600)={'syztnl0\x00', <r11=>0x0, 0x7800, 0x10, 0x9, 0xb, {{0x10, 0x4, 0x3, 0x3, 0x40, 0x68, 0x0, 0x8, 0x29, 0x0, @remote, @rand_addr=0x64010102, {[@rr={0x7, 0x2b, 0x8a, [@dev={0xac, 0x14, 0x14, 0x37}, @private=0xa010100, @private=0xa010101, @broadcast, @multicast2, @broadcast, @empty, @loopback, @private=0xa010102, @rand_addr=0x64010102]}]}}}}})
sendmsg$ETHTOOL_MSG_COALESCE_GET(r6, &(0x7f00000009c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f00000008c0)={0x88, r9, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000000)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff75257078bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661962239c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e6fff4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be3cdda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f00000000008000000000000000000000000040000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000002900)=r12, 0x4)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000010001ffffcfffffffddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="6bf7ee5347ea62b81c0012800b00010067726574617000000c00028008000700ac141428080061003bd463a99deeab06870fdc3237a61c923459b440b970cf366facb8825f8718b808e6e3988b3e945167d6f63f99ecee3fc35fe0984477c648a2637bf513737430b2eb7016a7f163a0ee389dd94a46dec849b36b4a191daa9a6105e02658698d8d1f0593329905021f130410840d3f17a0e9e063d9eb17424c3745b7a1f0a7f3f8a58b4180e7424f6112f738a7107bda5cdf59360873078c67604350739094b0b59b7c302c7e78f0122d5e66aef72359982fb03cfc5f4e1548078b0f957de5005c", @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

kernel console output (not intermixed with test programs):

.427223][T26204] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5961'.
[  817.566302][T26207] lo speed is unknown, defaulting to 1000
[  817.615121][T26207] lo speed is unknown, defaulting to 1000
[  817.643259][T26207] lo speed is unknown, defaulting to 1000
[  817.834650][T26218] __nla_validate_parse: 2 callbacks suppressed
[  817.834670][T26218] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5970'.
[  818.053826][T26221] netlink: 'syz.4.5973': attribute type 13 has an invalid length.
[  818.061669][T26221] netlink: 'syz.4.5973': attribute type 17 has an invalid length.
[  818.136664][T26221] sit0: left promiscuous mode
[  818.297046][T26207] infiniband syz0: set down
[  818.317094][T26207] infiniband syz0: added lo
[  818.347127][T26237] netlink: 'syz.0.5975': attribute type 4 has an invalid length.
[  818.373129][T26207] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  818.376132][T26207] infiniband syz0: Couldn't open port 1
[  818.392269][T26207] smbdirect: ib_dev[syz0]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  818.407325][T26207] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  818.424440][T26207] smbdirect: ib_dev[syz0]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  818.452159][T26241] netlink: 'syz.0.5975': attribute type 4 has an invalid length.
[  818.479237][T26221] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  818.502177][T26207] RDS/IB: syz0: added
[  818.515768][T26207] smc: adding ib device syz0 with port count 1
[  818.521952][T26207] smc:    ib device syz0 port 1 has no pnetid
[  818.544691][T26221] batman_adv: batadv0: Interface activated: wlan0
[  818.669973][T18042] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  818.691354][T26254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5980'.
[  818.696823][T18042] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  818.789485][T18048] lo speed is unknown, defaulting to 1000
[  818.874333][   T10] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  818.923020][T13393] lo speed is unknown, defaulting to 1000
[  818.930159][T26207] lo speed is unknown, defaulting to 1000
[  818.958957][T26260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5981'.
[  818.970047][ T5949] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  818.980326][ T5949] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  819.122741][ T3358] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  819.130473][ T3358] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  819.413270][T26283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5993'.
[  819.454326][T18048] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  819.480999][T26207] lo speed is unknown, defaulting to 1000
[  819.631944][T26292] veth0_macvtap: left promiscuous mode
[  819.825284][T26305] netlink: 88 bytes leftover after parsing attributes in process `syz.2.6001'.
[  819.835904][T26207] lo speed is unknown, defaulting to 1000
[  819.878142][T13393] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  820.104127][T13393] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  820.290523][T26332] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6008'.
[  820.483451][T26339] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6010'.
[  820.516058][T26207] lo speed is unknown, defaulting to 1000
[  820.711767][T26352] netlink: 88 bytes leftover after parsing attributes in process `syz.2.6013'.
[  820.918047][T26364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6018'.
[  821.092928][T26207] lo speed is unknown, defaulting to 1000
[  821.196228][ T5291] veth0_macvtap: entered promiscuous mode
[  821.517500][T26390] openvswitch: netlink: EtherType 50a is less than min 600
[  821.679767][T26207] lo speed is unknown, defaulting to 1000
[  821.797222][T26400] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6027'.
[  822.222554][T26207] lo speed is unknown, defaulting to 1000
[  822.519850][T26207] lo speed is unknown, defaulting to 1000
[  822.652293][T26207] lo speed is unknown, defaulting to 1000
[  822.794650][T26207] lo speed is unknown, defaulting to 1000
[  822.960262][    C0] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  823.173588][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  824.417158][T26460] __nla_validate_parse: 1 callbacks suppressed
[  824.417177][T26460] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6040'.
[  825.008871][T26414] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  825.036652][T26464] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6042'.
[  825.196094][T26466] netlink: 'syz.3.6045': attribute type 1 has an invalid length.
[  825.231860][T26469] FAULT_INJECTION: forcing a failure.
[  825.231860][T26469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  825.257872][T26471] netlink: 14 bytes leftover after parsing attributes in process `syz.0.6043'.
[  825.277430][T26469] CPU: 0 UID: 0 PID: 26469 Comm: syz.4.6044 Not tainted syzkaller #0 PREEMPT(full) 
[  825.277452][T26469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  825.277463][T26469] Call Trace:
[  825.277471][T26469]  <TASK>
[  825.277478][T26469]  dump_stack_lvl+0xe8/0x150
[  825.277503][T26469]  should_fail_ex+0x40c/0x560
[  825.277534][T26469]  _copy_to_user+0x31/0xb0
[  825.277555][T26469]  simple_read_from_buffer+0xe1/0x170
[  825.277581][T26469]  proc_fail_nth_read+0x1bb/0x230
[  825.277608][T26469]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  825.277632][T26469]  ? rw_verify_area+0x24a/0x4c0
[  825.277655][T26469]  ? __local_bh_enable_ip+0xd0/0x130
[  825.277674][T26469]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  825.277696][T26469]  vfs_read+0x213/0xa80
[  825.277725][T26469]  ? __pfx___mutex_lock+0x10/0x10
[  825.277748][T26469]  ? __pfx_vfs_read+0x10/0x10
[  825.277775][T26469]  ? __fget_files+0x2a/0x420
[  825.277800][T26469]  ? __fget_files+0x3a2/0x420
[  825.277820][T26469]  ? __fget_files+0x2a/0x420
[  825.277849][T26469]  ksys_read+0x150/0x270
[  825.277876][T26469]  ? __pfx_ksys_read+0x10/0x10
[  825.277909][T26469]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.277929][T26469]  do_syscall_64+0x174/0x580
[  825.277948][T26469]  ? trace_irq_disable+0x3b/0x140
[  825.277973][T26469]  ? clear_bhb_loop+0x40/0x90
[  825.277994][T26469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.278012][T26469] RIP: 0033:0x7f0237b5d68e
[  825.278029][T26469] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  825.278044][T26469] RSP: 002b:00007f0238ac8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  825.278063][T26469] RAX: ffffffffffffffda RBX: 00007f0238ac96c0 RCX: 00007f0237b5d68e
[  825.278075][T26469] RDX: 000000000000000f RSI: 00007f0238ac90a0 RDI: 0000000000000005
[  825.278086][T26469] RBP: 00007f0238ac9090 R08: 0000000000000000 R09: 0000000000000000
[  825.278097][T26469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  825.278108][T26469] R13: 00007f0237e16038 R14: 00007f0237e15fa0 R15: 00007ffc7a204ca8
[  825.278140][T26469]  </TASK>
[  825.524369][T26477] gretap1: entered allmulticast mode
[  825.548299][T26477] bond1: (slave gretap1): making interface the new active one
[  825.574199][T26477] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  825.625421][T26484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6050'.
[  825.653813][T26484] batman_adv: batadv0: Removing interface: vlan2
[  825.818533][T26491] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6051'.
[  825.925502][T26491] vlan0: entered promiscuous mode
[  825.930562][T26491] bridge0: entered promiscuous mode
[  825.952989][T26486] netlink: 'syz.4.6051': attribute type 10 has an invalid length.
[  826.117057][T26486] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  826.165869][T26486] team0: Port device netdevsim1 added
[  826.211950][T26510] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6057'.
[  826.376660][T26518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6059'.
[  826.419529][T13393] IPVS: starting estimator thread 0...
[  826.425427][T26518] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  826.470662][T26525] netlink: 'syz.1.6062': attribute type 1 has an invalid length.
[  826.478592][T26525] netlink: 'syz.1.6062': attribute type 3 has an invalid length.
[  826.487155][T26525] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6062'.
[  826.502506][T26525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6062'.
[  826.514387][T26523] IPVS: using max 29 ests per chain, 69600 per kthread
[  826.578220][T26527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6063'.
[  826.610998][T26527] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  826.946482][T26547] netlink: 'syz.4.6069': attribute type 1 has an invalid length.
[  827.426596][T26565] netlink: 'syz.3.6077': attribute type 1 has an invalid length.
[  827.656138][T26570] sctp: [Deprecated]: syz.2.6080 (pid 26570) Use of struct sctp_assoc_value in delayed_ack socket option.
[  827.656138][T26570] Use struct sctp_sack_info instead
[  827.890653][T26589] tipc: Started in network mode
[  827.903368][T26591] xt_hashlimit: size too large, truncated to 1048576
[  827.925098][T26589] tipc: Node identity aefb77edf337, cluster identity 4711
[  827.969832][T26589] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  828.148711][T26601] syzkaller0: entered promiscuous mode
[  828.192286][T26601] syzkaller0: entered allmulticast mode
[  828.257541][T26589] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  828.585640][T26613] hsr0: entered promiscuous mode
[  828.644266][T26616] tipc: Resetting bearer <eth:syzkaller0>
[  828.656848][T26567] tipc: Resetting bearer <eth:syzkaller0>
[  828.681644][T26567] tipc: Disabling bearer <eth:syzkaller0>
[  828.746398][T26612] hsr0: left promiscuous mode
[  829.320157][T26650] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:20001
[  829.715593][T26670] __nla_validate_parse: 9 callbacks suppressed
[  829.715611][T26670] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6103'.
[  829.794414][T26670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6103'.
[  829.803391][T26672] netlink: 'syz.3.6103': attribute type 4 has an invalid length.
[  829.803410][T26672] netlink: 152 bytes leftover after parsing attributes in process `syz.3.6103'.
[  830.154220][T26670] 8021q: adding VLAN 0 to HW filter on device bond0
[  830.163185][T26670] bond2: (slave bond0): making interface the new active one
[  830.197377][T26670] bond2: (slave bond0): Enslaving as an active interface with an up link
[  830.209070][T26672] .`: renamed from bond0 (while UP)
[  830.328645][T26676] bond8: entered promiscuous mode
[  830.351502][T26676] 8021q: adding VLAN 0 to HW filter on device bond8
[  830.428096][T26679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6105'.
[  830.444991][    C0] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  830.474076][T26679] veth0_macvtap: left promiscuous mode
[  830.512223][T26686] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input12
[  830.531433][T26688] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6108'.
[  830.705169][T26684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6105'.
[  830.714402][T26684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6105'.
[  830.856902][T26686] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  831.096708][T26720] xt_hashlimit: size too large, truncated to 1048576
[  831.556062][T26730] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6121'.
[  831.582990][T26730] netlink: 'syz.2.6121': attribute type 5 has an invalid length.
[  831.591217][T26730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6121'.
[  831.744485][T26739] openvswitch: netlink: ct_state flags ffffffff unsupported
[  831.764612][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  831.791810][T26739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6125'.
[  832.049750][T26754] bridge0: port 1(bridge_slave_0) entered disabled state
[  832.117701][T26754] bridge_slave_0 (unregistering): left allmulticast mode
[  832.144499][T26754] bridge_slave_0 (unregistering): left promiscuous mode
[  832.161854][T26754] bridge0: port 1(bridge_slave_0) entered disabled state
[  832.811036][ T5644] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  832.822552][ T5644] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  832.835836][ T5644] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  832.941109][ T5644] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  832.951876][ T5644] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  833.722614][T26791] xfrm0 speed is unknown, defaulting to 1000
[  833.929490][T26846] netlink: set zone limit has 4 unknown bytes
[  834.294962][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  834.582588][T26791] lo speed is unknown, defaulting to 1000
[  835.185160][ T5644] Bluetooth: hci5: command tx timeout
[  835.462059][T26919] siw: device registration error -23
[  835.964467][T26942] netlink: 'syz.1.6171': attribute type 2 has an invalid length.
[  836.010756][T26943] netlink: 'syz.2.6170': attribute type 1 has an invalid length.
[  836.053143][T26943] netlink: 'syz.2.6170': attribute type 3 has an invalid length.
[  836.083035][T26943] __nla_validate_parse: 5 callbacks suppressed
[  836.083052][T26943] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6170'.
[  836.141309][T26949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6170'.
[  836.251651][T26791] bridge0: port 1(bridge_slave_0) entered blocking state
[  836.275528][T26791] bridge0: port 1(bridge_slave_0) entered disabled state
[  836.307497][T26791] bridge_slave_0: entered allmulticast mode
[  836.324570][T26791] bridge_slave_0: entered promiscuous mode
[  836.333534][T26791] bridge0: port 2(bridge_slave_1) entered blocking state
[  836.340755][T26791] bridge0: port 2(bridge_slave_1) entered disabled state
[  836.347986][T26791] bridge_slave_1: entered allmulticast mode
[  836.355622][T26791] bridge_slave_1: entered promiscuous mode
[  836.420598][T26791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  836.432851][T26791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  836.471272][T26956] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input13
[  836.561920][T26791] team0: Port device team_slave_0 added
[  836.573271][T26791] team0: Port device team_slave_1 added
[  836.644644][T26962] netlink: 'syz.2.6174': attribute type 1 has an invalid length.
[  836.698957][T26791] batman_adv: batadv0: Adding interface: batadv_slave_0
[  836.739330][T26791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  836.765224][T26791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  836.802163][T26969] netlink: 'syz.2.6175': attribute type 22 has an invalid length.
[  836.859200][T26791] batman_adv: batadv0: Adding interface: batadv_slave_1
[  836.866201][T26791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  836.893596][T26972] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  836.906151][T26791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  836.965713][T26974] 8021q: VLANs not supported on ip6gre0
[  837.081571][T26791] hsr_slave_0: entered promiscuous mode
[  837.088226][T26791] hsr_slave_1: entered promiscuous mode
[  837.094545][T26791] debugfs: 'hsr0' already exists in 'hsr'
[  837.100282][T26791] Cannot create hsr debugfs directory
[  837.145903][T26987] xt_hashlimit: size too large, truncated to 1048576
[  837.277896][ T5644] Bluetooth: hci5: command tx timeout
[  837.621279][T26998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6181'.
[  837.875029][T26791] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  837.919033][T26791] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  838.056405][T27008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6183'.
[  838.203225][T27015] netlink: 750 bytes leftover after parsing attributes in process `syz.2.6188'.
[  838.247514][T27018] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6189'.
[  838.345791][T27027] ip6t_srh: unknown srh match flags  4000
[  838.637520][T26791] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  838.658159][T26791] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.062266][T26791] team0: Port device netdevsim1 removed
[  839.084601][T26791] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  839.109515][T26791] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.192388][T27052] netlink: 164 bytes leftover after parsing attributes in process `syz.0.6198'.
[  839.201528][T27052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6198'.
[  839.219768][T27058] netlink: 164 bytes leftover after parsing attributes in process `syz.0.6198'.
[  839.228876][T27058] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6198'.
[  839.368360][ T5644] Bluetooth: hci5: command tx timeout
[  839.592915][T26791] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  839.610151][T26791] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.680950][T27080] bridge_slave_1: left allmulticast mode
[  839.686705][T27080] bridge_slave_1: left promiscuous mode
[  839.693205][T27080] bridge0: port 2(bridge_slave_1) entered disabled state
[  839.709080][T27080] bond0: (slave bond_slave_0): Releasing backup interface
[  839.720471][T27080] bond0: (slave bond_slave_1): Releasing backup interface
[  839.737015][T27080] team0: Port device team_slave_0 removed
[  839.749006][T27080] team0: Port device team_slave_1 removed
[  839.756071][T27080] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  839.763468][T27080] batman_adv: batadv0: Removing interface: batadv_slave_0
[  839.772185][T27080] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  839.780690][T27080] batman_adv: batadv0: Removing interface: batadv_slave_1
[  839.790792][T27080] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  840.007723][T27099] FAULT_INJECTION: forcing a failure.
[  840.007723][T27099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  840.025391][T27099] CPU: 1 UID: 0 PID: 27099 Comm: syz.0.6214 Not tainted syzkaller #0 PREEMPT(full) 
[  840.025413][T27099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  840.025424][T27099] Call Trace:
[  840.025432][T27099]  <TASK>
[  840.025439][T27099]  dump_stack_lvl+0xe8/0x150
[  840.025466][T27099]  should_fail_ex+0x40c/0x560
[  840.025499][T27099]  _copy_from_user+0x2d/0xb0
[  840.025521][T27099]  ___sys_sendmsg+0x1c6/0x360
[  840.025540][T27099]  ? __lock_acquire+0x683/0x2cd0
[  840.025563][T27099]  ? __pfx____sys_sendmsg+0x10/0x10
[  840.025617][T27099]  ? __fget_files+0x2a/0x420
[  840.025649][T27099]  ? __fget_files+0x3a2/0x420
[  840.025681][T27099]  __x64_sys_sendmsg+0x1bd/0x2a0
[  840.025702][T27099]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  840.025731][T27099]  ? __pfx_ksys_write+0x10/0x10
[  840.025764][T27099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.025784][T27099]  do_syscall_64+0x174/0x580
[  840.025804][T27099]  ? trace_irq_disable+0x3b/0x140
[  840.025828][T27099]  ? clear_bhb_loop+0x40/0x90
[  840.025851][T27099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.025868][T27099] RIP: 0033:0x7fb5b879ce59
[  840.025886][T27099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  840.025901][T27099] RSP: 002b:00007fb5b95cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  840.025920][T27099] RAX: ffffffffffffffda RBX: 00007fb5b8a15fa0 RCX: 00007fb5b879ce59
[  840.025933][T27099] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  840.025945][T27099] RBP: 00007fb5b95cd090 R08: 0000000000000000 R09: 0000000000000000
[  840.025956][T27099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  840.025966][T27099] R13: 00007fb5b8a16038 R14: 00007fb5b8a15fa0 R15: 00007ffcfe96ca78
[  840.025996][T27099]  </TASK>
[  840.318526][T27100] team0: Port device team_slave_0 removed
[  840.352860][T27105] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  840.365697][T27108] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  840.430170][T27105] bond0: entered promiscuous mode
[  840.435585][T27105] 8021q: adding VLAN 0 to HW filter on device bond0
[  840.491517][T27116] FAULT_INJECTION: forcing a failure.
[  840.491517][T27116] name failslab, interval 1, probability 0, space 0, times 0
[  840.504396][T27116] CPU: 1 UID: 0 PID: 27116 Comm: syz.2.6219 Not tainted syzkaller #0 PREEMPT(full) 
[  840.504419][T27116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  840.504429][T27116] Call Trace:
[  840.504437][T27116]  <TASK>
[  840.504444][T27116]  dump_stack_lvl+0xe8/0x150
[  840.504470][T27116]  should_fail_ex+0x40c/0x560
[  840.504503][T27116]  should_failslab+0xa8/0x100
[  840.504524][T27116]  __kvmalloc_node_noprof+0x16e/0x890
[  840.504550][T27116]  ? alloc_netdev_mqs+0x8b1/0x1220
[  840.504581][T27116]  alloc_netdev_mqs+0x8b1/0x1220
[  840.504611][T27116]  ? __pfx_xfrmi_dev_setup+0x10/0x10
[  840.504638][T27116]  rtnl_create_link+0x321/0xd70
[  840.504667][T27116]  rtnl_newlink_create+0x25f/0xb00
[  840.504697][T27116]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  840.504720][T27116]  ? __pfx___mutex_lock+0x10/0x10
[  840.504753][T27116]  ? ns_capable+0x89/0xe0
[  840.504776][T27116]  rtnl_newlink+0x167f/0x1bd0
[  840.504818][T27116]  ? __pfx_rtnl_newlink+0x10/0x10
[  840.504848][T27116]  ? __lock_acquire+0x683/0x2cd0
[  840.504876][T27116]  ? __lock_acquire+0x683/0x2cd0
[  840.504897][T27116]  ? arch_stack_walk+0xfb/0x150
[  840.504928][T27116]  ? unwind_next_frame+0x8f/0x2550
[  840.504958][T27116]  ? is_bpf_text_address+0x26/0x2b0
[  840.504993][T27116]  ? __lock_acquire+0x683/0x2cd0
[  840.505019][T27116]  ? kernel_text_address+0xa5/0xe0
[  840.505044][T27116]  ? __kernel_text_address+0xd/0x30
[  840.505066][T27116]  ? unwind_get_return_address+0x4d/0x90
[  840.505087][T27116]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  840.505112][T27116]  ? arch_stack_walk+0xfb/0x150
[  840.505140][T27116]  ? rtnetlink_rcv_msg+0x1c9/0xc00
[  840.505183][T27116]  ? __pfx_rtnl_newlink+0x10/0x10
[  840.505205][T27116]  rtnetlink_rcv_msg+0x802/0xc00
[  840.505229][T27116]  ? kasan_save_track+0x3e/0x80
[  840.505256][T27116]  ? rtnetlink_rcv_msg+0x1c9/0xc00
[  840.505282][T27116]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  840.505310][T27116]  ? __lock_acquire+0x683/0x2cd0
[  840.505342][T27116]  netlink_rcv_skb+0x226/0x4a0
[  840.505364][T27116]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  840.505391][T27116]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  840.505428][T27116]  ? netlink_deliver_tap+0x2e/0x1b0
[  840.505447][T27116]  ? netlink_deliver_tap+0x2e/0x1b0
[  840.505472][T27116]  netlink_unicast+0x7bb/0x940
[  840.505511][T27116]  netlink_sendmsg+0x813/0xb40
[  840.505540][T27116]  ? __pfx_netlink_sendmsg+0x10/0x10
[  840.505564][T27116]  ? aa_sock_msg_perm+0xf1/0x1b0
[  840.505596][T27116]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  840.505619][T27116]  ? __pfx_netlink_sendmsg+0x10/0x10
[  840.505641][T27116]  ____sys_sendmsg+0x9b9/0xa20
[  840.505661][T27116]  ? __might_fault+0xaf/0x130
[  840.505690][T27116]  ? __pfx_____sys_sendmsg+0x10/0x10
[  840.505719][T27116]  ? import_iovec+0x73/0xa0
[  840.505745][T27116]  ___sys_sendmsg+0x2a5/0x360
[  840.505763][T27116]  ? __lock_acquire+0x683/0x2cd0
[  840.505787][T27116]  ? __pfx____sys_sendmsg+0x10/0x10
[  840.505845][T27116]  ? __fget_files+0x2a/0x420
[  840.505866][T27116]  ? __fget_files+0x3a2/0x420
[  840.505899][T27116]  __x64_sys_sendmsg+0x1bd/0x2a0
[  840.505922][T27116]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  840.505952][T27116]  ? __pfx_ksys_write+0x10/0x10
[  840.505987][T27116]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.506007][T27116]  do_syscall_64+0x174/0x580
[  840.506027][T27116]  ? trace_irq_disable+0x3b/0x140
[  840.506052][T27116]  ? clear_bhb_loop+0x40/0x90
[  840.506075][T27116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.506093][T27116] RIP: 0033:0x7f9a6419ce59
[  840.506111][T27116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  840.506126][T27116] RSP: 002b:00007f9a65024028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  840.506145][T27116] RAX: ffffffffffffffda RBX: 00007f9a64415fa0 RCX: 00007f9a6419ce59
[  840.506158][T27116] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  840.506170][T27116] RBP: 00007f9a65024090 R08: 0000000000000000 R09: 0000000000000000
[  840.506182][T27116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  840.506193][T27116] R13: 00007f9a64416038 R14: 00007f9a64415fa0 R15: 00007ffc7d6f4208
[  840.506225][T27116]  </TASK>
[  840.976078][T26791] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  841.019710][T26791] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  841.028391][T26791] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  841.083888][T26791] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  841.092071][T26791] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  841.104004][T26791] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  841.120552][T27125] netlink: 'syz.1.6223': attribute type 1 has an invalid length.
[  841.128290][T27125] netlink: 'syz.1.6223': attribute type 3 has an invalid length.
[  841.136012][T27125] __nla_validate_parse: 3 callbacks suppressed
[  841.136025][T27125] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6223'.
[  841.158224][T26791] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  841.185792][T27125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6223'.
[  841.201358][T26791] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  841.236254][T27134] netlink: 'syz.0.6220': attribute type 13 has an invalid length.
[  841.244085][T27134] netlink: 'syz.0.6220': attribute type 17 has an invalid length.
[  841.310880][T27138] netlink: zone id is out of range
[  841.316249][T27138] netlink: zone id is out of range
[  841.321369][T27138] netlink: zone id is out of range
[  841.326493][T27138] netlink: zone id is out of range
[  841.346326][T27138] netlink: zone id is out of range
[  841.353901][T27138] netlink: zone id is out of range
[  841.361443][T27138] netlink: zone id is out of range
[  841.366728][T27138] netlink: zone id is out of range
[  841.372284][T27138] netlink: zone id is out of range
[  841.446548][ T5644] Bluetooth: hci5: command tx timeout
[  841.486262][T27142] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  841.702042][T26791] 8021q: adding VLAN 0 to HW filter on device bond0
[  841.766142][T26791] 8021q: adding VLAN 0 to HW filter on device team0
[  841.783742][T27148] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input14
[  841.809148][  T133] bridge0: port 1(bridge_slave_0) entered blocking state
[  841.816333][  T133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  841.868451][T11256] bridge0: port 2(bridge_slave_1) entered blocking state
[  841.876506][T11256] bridge0: port 2(bridge_slave_1) entered forwarding state
[  841.924187][T27160] xt_hashlimit: size too large, truncated to 1048576
[  842.155095][T27176] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  842.158163][T27148] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  842.216811][T26791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  842.812088][T27199] netlink: 'syz.1.6237': attribute type 1 has an invalid length.
[  842.881190][T27199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6237'.
[  842.971674][T27199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6237'.
[  843.011923][T26791] 8021q: adding VLAN 0 to HW filter on device batadv0
[  843.121724][T27217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6242'.
[  843.217751][T27223] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input15
[  843.451982][T27226] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6245'.
[  843.479375][T26791] veth0_vlan: entered promiscuous mode
[  843.527821][T26791] veth1_vlan: entered promiscuous mode
[  843.566609][T27240] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  843.601490][T27223] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  843.643706][T26791] veth0_macvtap: entered promiscuous mode
[  843.670976][T27242] xt_hashlimit: size too large, truncated to 1048576
[  843.671592][T26791] veth1_macvtap: entered promiscuous mode
[  843.737079][T26791] batman_adv: batadv0: Interface activated: batadv_slave_0
[  843.789050][T26791] batman_adv: batadv0: Interface activated: batadv_slave_1
[  843.904976][ T1041] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  843.914165][ T1041] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  843.951494][T27256] batadv_slave_1: entered promiscuous mode
[  843.962006][T27262] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6252'.
[  844.002427][T27256] batadv_slave_1: left promiscuous mode
[  844.018788][T11247] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  844.046716][T11247] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.307750][T27274] : entered promiscuous mode
[  844.334234][T11247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  844.362761][T11247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  844.521053][T27279] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6259'.
[  844.534876][T27282] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input16
[  844.536565][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  844.586683][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  844.695963][T27288] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6262'.
[  844.763685][T27290] netlink: 'syz.0.6261': attribute type 1 has an invalid length.
[  844.784187][T27290] netlink: 'syz.0.6261': attribute type 3 has an invalid length.
[  844.791927][T27290] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6261'.
[  844.906530][T27300] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  845.214354][T27312] netlink: 'syz.4.6265': attribute type 1 has an invalid length.
[  845.260667][    C0] net_ratelimit: 369 callbacks suppressed
[  845.260683][    C0] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  845.405308][T27322] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  845.450462][ T4946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  845.462197][ T4946] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  845.507577][ T4946] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  845.519712][ T4946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  845.527357][ T4946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  846.639921][T27363] __nla_validate_parse: 4 callbacks suppressed
[  846.639940][T27363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6277'.
[  846.656448][T27363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6277'.
[  846.715474][T27368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6278'.
[  846.764486][T27370] netlink: 'syz.0.6279': attribute type 1 has an invalid length.
[  846.772631][T27370] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6279'.
[  847.144872][T27387] netlink: 'syz.3.6283': attribute type 1 has an invalid length.
[  847.160104][T27387] netlink: 'syz.3.6283': attribute type 3 has an invalid length.
[  847.168176][T27387] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6283'.
[  847.190399][T27387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6283'.
[  847.288874][T27395] tipc: Failed to obtain node identity
[  847.294376][T27395] tipc: Enabling of bearer <ib:bond_slave_0> rejected, failed to enable media
[  847.323985][T27323] xfrm0 speed is unknown, defaulting to 1000
[  847.372366][T27400] xt_hashlimit: size too large, truncated to 1048576
[  847.551844][ T5644] Bluetooth: hci2: command tx timeout
[  847.589232][T27407] IPv6: addrconf: prefix option has invalid lifetime
[  847.600036][T27407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6287'.
[  847.609218][T27407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6287'.
[  847.948474][T27416] netlink: 'syz.1.6290': attribute type 1 has an invalid length.
[  847.956368][T27416] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6290'.
[  848.092018][T27323] lo speed is unknown, defaulting to 1000
[  848.157640][T27423] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6292'.
[  848.451359][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  848.928823][T27457] netlink: 'syz.1.6298': attribute type 1 has an invalid length.
[  849.048428][T27458] bond10: entered promiscuous mode
[  849.066936][T27458] bond10: entered allmulticast mode
[  849.072497][T27458] 8021q: adding VLAN 0 to HW filter on device bond10
[  849.275798][T27469] syzkaller0: entered promiscuous mode
[  849.294829][T27469] syzkaller0: entered allmulticast mode
[  849.575842][T27323] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.584203][T27323] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.592699][T27323] bridge_slave_0: entered allmulticast mode
[  849.602789][T27323] bridge_slave_0: entered promiscuous mode
[  849.618291][T27323] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.626814][T27323] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.633664][ T5644] Bluetooth: hci2: command tx timeout
[  849.637943][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  849.650399][T27323] bridge_slave_1: entered allmulticast mode
[  849.658141][T27323] bridge_slave_1: entered promiscuous mode
[  849.701258][T27323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  849.713605][T27323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  849.764032][T27323] team0: Port device team_slave_0 added
[  849.773382][T27323] team0: Port device team_slave_1 added
[  849.804713][T27323] batman_adv: batadv0: Adding interface: batadv_slave_0
[  849.812758][T27323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  849.844238][T27323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  849.856661][T27323] batman_adv: batadv0: Adding interface: batadv_slave_1
[  849.881660][T27323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  849.910296][T27323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  849.957301][T27485] FAULT_INJECTION: forcing a failure.
[  849.957301][T27485] name failslab, interval 1, probability 0, space 0, times 0
[  849.971809][T27485] CPU: 1 UID: 0 PID: 27485 Comm: syz.1.6303 Not tainted syzkaller #0 PREEMPT(full) 
[  849.971832][T27485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  849.971843][T27485] Call Trace:
[  849.971851][T27485]  <TASK>
[  849.971859][T27485]  dump_stack_lvl+0xe8/0x150
[  849.971893][T27485]  should_fail_ex+0x40c/0x560
[  849.971926][T27485]  should_failslab+0xa8/0x100
[  849.971947][T27485]  __kmalloc_cache_noprof+0x88/0x660
[  849.971972][T27485]  ? nfnetlink_rcv+0x1021/0x28c0
[  849.972006][T27485]  nfnetlink_rcv+0x1021/0x28c0
[  849.972030][T27485]  ? is_bpf_text_address+0x292/0x2b0
[  849.972083][T27485]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  849.972157][T27485]  ? netlink_deliver_tap+0x2e/0x1b0
[  849.972188][T27485]  ? netlink_deliver_tap+0x2e/0x1b0
[  849.972207][T27485]  ? netlink_deliver_tap+0x2e/0x1b0
[  849.972232][T27485]  netlink_unicast+0x7bb/0x940
[  849.972269][T27485]  netlink_sendmsg+0x813/0xb40
[  849.972299][T27485]  ? __pfx_netlink_sendmsg+0x10/0x10
[  849.972323][T27485]  ? aa_sock_msg_perm+0xf1/0x1b0
[  849.972348][T27485]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  849.972367][T27485]  ? __pfx_netlink_sendmsg+0x10/0x10
[  849.972387][T27485]  ____sys_sendmsg+0x9b9/0xa20
[  849.972403][T27485]  ? __might_fault+0xaf/0x130
[  849.972431][T27485]  ? __pfx_____sys_sendmsg+0x10/0x10
[  849.972459][T27485]  ? import_iovec+0x73/0xa0
[  849.972483][T27485]  ___sys_sendmsg+0x2a5/0x360
[  849.972501][T27485]  ? __lock_acquire+0x683/0x2cd0
[  849.972524][T27485]  ? __pfx____sys_sendmsg+0x10/0x10
[  849.972576][T27485]  ? __fget_files+0x2a/0x420
[  849.972597][T27485]  ? __fget_files+0x3a2/0x420
[  849.972628][T27485]  __x64_sys_sendmsg+0x1bd/0x2a0
[  849.972648][T27485]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  849.972675][T27485]  ? __pfx_ksys_write+0x10/0x10
[  849.972707][T27485]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.972727][T27485]  do_syscall_64+0x174/0x580
[  849.972745][T27485]  ? trace_irq_disable+0x3b/0x140
[  849.972769][T27485]  ? clear_bhb_loop+0x40/0x90
[  849.972791][T27485]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.972808][T27485] RIP: 0033:0x7f863079ce59
[  849.972825][T27485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  849.972840][T27485] RSP: 002b:00007f8631660028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  849.972859][T27485] RAX: ffffffffffffffda RBX: 00007f8630a15fa0 RCX: 00007f863079ce59
[  849.972876][T27485] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  849.972901][T27485] RBP: 00007f8631660090 R08: 0000000000000000 R09: 0000000000000000
[  849.972912][T27485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  849.972922][T27485] R13: 00007f8630a16038 R14: 00007f8630a15fa0 R15: 00007ffe3c8c1e98
[  849.972954][T27485]  </TASK>
[  850.258948][T27323] hsr_slave_0: entered promiscuous mode
[  850.265654][T27323] hsr_slave_1: entered promiscuous mode
[  850.271977][T27323] debugfs: 'hsr0' already exists in 'hsr'
[  850.277711][T27323] Cannot create hsr debugfs directory
[  851.037650][T27529] FAULT_INJECTION: forcing a failure.
[  851.037650][T27529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  851.092912][T27529] CPU: 0 UID: 0 PID: 27529 Comm: syz.3.6316 Not tainted syzkaller #0 PREEMPT(full) 
[  851.092938][T27529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  851.092949][T27529] Call Trace:
[  851.092957][T27529]  <TASK>
[  851.092965][T27529]  dump_stack_lvl+0xe8/0x150
[  851.092991][T27529]  should_fail_ex+0x40c/0x560
[  851.093025][T27529]  _copy_from_user+0x2d/0xb0
[  851.093051][T27529]  kstrtouint_from_user+0xd6/0x180
[  851.093081][T27529]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  851.093124][T27529]  proc_fail_nth_write+0x8e/0x210
[  851.093147][T27529]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  851.093178][T27529]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  851.093200][T27529]  vfs_write+0x296/0xba0
[  851.093234][T27529]  ? __pfx_vfs_write+0x10/0x10
[  851.093261][T27529]  ? __fget_files+0x2a/0x420
[  851.093287][T27529]  ? __fget_files+0x3a2/0x420
[  851.093316][T27529]  ? __fget_files+0x2a/0x420
[  851.093346][T27529]  ksys_write+0x150/0x270
[  851.093373][T27529]  ? __pfx_ksys_write+0x10/0x10
[  851.093397][T27529]  ? trace_csd_function_exit+0x81/0x1e0
[  851.093423][T27529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  851.093444][T27529]  do_syscall_64+0x174/0x580
[  851.093467][T27529]  ? clear_bhb_loop+0x40/0x90
[  851.093489][T27529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  851.093507][T27529] RIP: 0033:0x7f4ea9b5d68e
[  851.093524][T27529] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  851.093539][T27529] RSP: 002b:00007f4ea7df5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  851.093558][T27529] RAX: ffffffffffffffda RBX: 00007f4ea7df66c0 RCX: 00007f4ea9b5d68e
[  851.093572][T27529] RDX: 0000000000000001 RSI: 00007f4ea7df60a0 RDI: 0000000000000004
[  851.093583][T27529] RBP: 00007f4ea7df6090 R08: 0000000000000000 R09: 0000000000000000
[  851.093594][T27529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  851.093605][T27529] R13: 00007f4ea9e16038 R14: 00007f4ea9e15fa0 R15: 00007ffea01cbbe8
[  851.093638][T27529]  </TASK>
[  851.713077][ T5644] Bluetooth: hci2: command tx timeout
[  852.629605][T27595] __nla_validate_parse: 6 callbacks suppressed
[  852.629624][T27595] netlink: 56 bytes leftover after parsing attributes in process `syz.0.6326'.
[  852.923767][T27611] netlink: 'syz.0.6326': attribute type 10 has an invalid length.
[  852.956723][T27611] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  852.989055][T27611] team0: Port device netdevsim1 added
[  853.009036][T27614] netlink: 'syz.0.6326': attribute type 10 has an invalid length.
[  853.022114][T27614] team0: Port device netdevsim1 removed
[  853.034038][T27614] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  853.065112][T27614] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[  853.597337][T27500] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  853.609843][T27600] netlink: 'syz.0.6326': attribute type 1 has an invalid length.
[  853.618747][T27323] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  853.620312][T27600] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6326'.
[  853.647720][T27323] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  853.660539][T27323] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  853.697296][T27323] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  853.730830][T27323] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  853.788555][T27323] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  853.800699][ T5644] Bluetooth: hci2: command tx timeout
[  853.827198][T27323] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  853.865328][T27323] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  853.994432][T27323] 8021q: adding VLAN 0 to HW filter on device bond0
[  854.015176][T27664] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6332'.
[  854.025307][T27664] netlink: 56 bytes leftover after parsing attributes in process `syz.0.6332'.
[  854.053276][T27664] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6332'.
[  854.080235][T27323] 8021q: adding VLAN 0 to HW filter on device team0
[  854.102604][T18455] bridge0: port 1(bridge_slave_0) entered blocking state
[  854.109727][T18455] bridge0: port 1(bridge_slave_0) entered forwarding state
[  854.171890][T11256] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.179024][T11256] bridge0: port 2(bridge_slave_1) entered forwarding state
[  854.459585][T27687] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  855.103611][T27718] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6340'.
[  855.167235][T27323] 8021q: adding VLAN 0 to HW filter on device batadv0
[  855.176411][T27718] netlink: 'syz.3.6340': attribute type 1 has an invalid length.
[  855.255442][T27323] veth0_vlan: entered promiscuous mode
[  855.269569][T27323] veth1_vlan: entered promiscuous mode
[  855.348675][T27323] veth0_macvtap: entered promiscuous mode
[  855.430454][T27323] veth1_macvtap: entered promiscuous mode
[  855.468277][T27323] batman_adv: batadv0: Interface activated: batadv_slave_0
[  855.509140][T27323] batman_adv: batadv0: Interface activated: batadv_slave_1
[  855.525644][T11247] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  855.534869][T11247] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  855.543662][T11247] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  855.571162][T11247] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  855.835924][ T5644] block nbd1: Receive control failed (result -32)
[  855.844029][ T5644] block nbd1: Receive control failed (result -32)
[  856.002238][T27739] netlink: 196 bytes leftover after parsing attributes in process `syz.3.6341'.
[  856.039801][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  856.077627][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  856.194473][T27752] mac80211_hwsim hwsim110 wlan0: entered promiscuous mode
[  856.201626][T27752] mac80211_hwsim hwsim110 wlan0: entered allmulticast mode
[  856.284982][ T5951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  856.301824][ T5951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  856.524169][T27767] syzkaller1: entered promiscuous mode
[  856.553529][T27767] syzkaller1: entered allmulticast mode
[  856.648818][ T5644] Bluetooth: hci3: link tx timeout
[  856.654512][ T5644] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa
[  856.667037][ T5644] Bluetooth: hci3: link tx timeout
[  856.672162][ T5644] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  856.868210][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  856.883644][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  856.891772][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  856.936281][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  856.945987][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  857.843056][T27821] syzkaller0: entered promiscuous mode
[  857.848560][T27821] syzkaller0: entered allmulticast mode
[  858.145151][T27782] xfrm0 speed is unknown, defaulting to 1000
[  858.548441][T27782] lo speed is unknown, defaulting to 1000
[  858.548573][T27850] Cannot find del_set index 14804 as target
[  858.782896][ T5644] Bluetooth: hci3: command 0x0406 tx timeout
[  858.860828][T27858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6362'.
[  858.874146][T27859] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6362'.
[  858.886124][T27858] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  859.016787][ T4946] Bluetooth: hci1: command tx timeout
[  859.555457][T27887] sctp: [Deprecated]: syz.3.6366 (pid 27887) Use of struct sctp_assoc_value in delayed_ack socket option.
[  859.555457][T27887] Use struct sctp_sack_info instead
[  859.732447][T27782] bridge0: port 1(bridge_slave_0) entered blocking state
[  859.740536][T27782] bridge0: port 1(bridge_slave_0) entered disabled state
[  859.748342][T27782] bridge_slave_0: entered allmulticast mode
[  859.757233][T27782] bridge_slave_0: entered promiscuous mode
[  859.768326][T27782] bridge0: port 2(bridge_slave_1) entered blocking state
[  859.776306][T27782] bridge0: port 2(bridge_slave_1) entered disabled state
[  859.784065][T27782] bridge_slave_1: entered allmulticast mode
[  859.794018][T27782] bridge_slave_1: entered promiscuous mode
[  859.842073][T27782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  859.856578][T27782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  859.927672][T27782] team0: Port device team_slave_0 added
[  860.541908][T27782] team0: Port device team_slave_1 added
[  860.591006][T27782] batman_adv: batadv0: Adding interface: batadv_slave_0
[  860.598626][T27782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  860.747564][T27782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  860.890281][ T5644] Bluetooth: hci3: command 0x0406 tx timeout
[  860.951347][T27782] batman_adv: batadv0: Adding interface: batadv_slave_1
[  860.977071][T27782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  861.066089][T27782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  861.126928][ T5644] Bluetooth: hci1: command tx timeout
[  861.205143][T27782] hsr_slave_0: entered promiscuous mode
[  861.221864][T27782] hsr_slave_1: entered promiscuous mode
[  861.242514][T27782] debugfs: 'hsr0' already exists in 'hsr'
[  861.250816][T27782] Cannot create hsr debugfs directory
[  861.391892][T27938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6374'.
[  861.471907][T27938] veth3: entered promiscuous mode
[  861.754920][T27961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6378'.
[  861.769304][T27782] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.394121][T27782] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.670737][T28009] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  862.719348][T28003] xfrm0 speed is unknown, defaulting to 1000
[  863.155139][ T5644] Bluetooth: hci1: command tx timeout
[  863.204290][T27782] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.288518][T28003] lo speed is unknown, defaulting to 1000
[  863.675991][T27782] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.768445][T28046] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  864.055649][T28053] xt_hashlimit: size too large, truncated to 1048576
[  864.585554][T27782] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  864.596269][T27782] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  864.605361][T27782] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  864.620872][T27782] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  864.683953][T27782] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  864.712341][T27782] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  864.730294][T27782] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  864.753931][T27782] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  864.765969][T28074] syz_tun: entered allmulticast mode
[  864.788245][T28071] syz_tun: left allmulticast mode
[  864.804836][T28077] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.6392'.
[  864.838026][T28077] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6392'.
[  865.010685][T27782] 8021q: adding VLAN 0 to HW filter on device bond0
[  865.056576][T28088] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6394'.
[  865.230647][ T5644] Bluetooth: hci1: command tx timeout
[  865.333129][T27782] 8021q: adding VLAN 0 to HW filter on device team0
[  865.355058][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state
[  865.362270][ T5951] bridge0: port 1(bridge_slave_0) entered forwarding state
[  865.404505][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state
[  865.411685][ T5951] bridge0: port 2(bridge_slave_1) entered forwarding state
[  865.941770][T13387] IPVS: starting estimator thread 0...
[  866.034679][T28117] IPVS: using max 29 ests per chain, 69600 per kthread
[  866.050710][T27782] 8021q: adding VLAN 0 to HW filter on device batadv0
[  866.107310][T27782] veth0_vlan: entered promiscuous mode
[  866.119268][T27782] veth1_vlan: entered promiscuous mode
[  866.131973][T28126] IPVS: rr: FWM 3 0x00000003 - no destination available
[  866.148229][T27782] veth0_macvtap: entered promiscuous mode
[  866.157288][T27782] veth1_macvtap: entered promiscuous mode
[  866.202253][T27782] batman_adv: batadv0: Interface activated: batadv_slave_0
[  866.217256][T27782] batman_adv: batadv0: Interface activated: batadv_slave_1
[  866.230389][T11247] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  866.239565][T11247] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  866.249175][T11247] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  866.258440][T11247] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  868.105361][T28138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6402'.
[  868.116539][T28138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6402'.
[  868.401282][T28142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6403'.
[  868.935565][T28116] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  869.098006][T11256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  869.137333][T11256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.176909][T28155] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6408'.
[  869.253467][T28161] netlink: 51 bytes leftover after parsing attributes in process `syz.2.6411'.
[  869.304484][T28165] netlink: 'syz.2.6411': attribute type 1 has an invalid length.
[  869.325342][T11256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  869.345451][T28165] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.6411'.
[  869.356461][T11256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.365141][T28168] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6414'.
[  869.371599][T28161] netlink: 'syz.2.6411': attribute type 1 has an invalid length.
[  869.423022][T28169] netlink: 'syz.4.6412': attribute type 1 has an invalid length.
[  869.431871][T28169] netlink: 'syz.4.6412': attribute type 3 has an invalid length.
[  869.434223][T28171] netlink: 'syz.3.6413': attribute type 1 has an invalid length.
[  869.551590][T28171] 8021q: adding VLAN 0 to HW filter on device bond3
[  869.714975][T28186] netlink: 'syz.4.6416': attribute type 89 has an invalid length.
[  869.935992][T28203] __nla_validate_parse: 3 callbacks suppressed
[  869.936011][T28203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6423'.
[  869.987260][T28207] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  870.267541][T28215] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input17
[  870.617602][T28218] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  870.775430][T28243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6434'.
[  870.796832][T28244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6433'.
[  870.825684][T28244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6433'.
[  871.139484][T28265] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  871.358100][T28277] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6440'.
[  871.789732][T28291] netlink: 56 bytes leftover after parsing attributes in process `syz.2.6445'.
[  871.887347][T28259] Bluetooth: hci2: Opcode 0x0401 failed: -4
[  872.039102][T28302] Cannot find add_set index 2 as target
[  872.150475][T28310] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6446'.
[  872.246937][T28314] xt_hashlimit: size too large, truncated to 1048576
[  872.305546][T28320] sctp: [Deprecated]: syz.3.6453 (pid 28320) Use of struct sctp_assoc_value in delayed_ack socket option.
[  872.305546][T28320] Use struct sctp_sack_info instead
[  872.339996][T28320] sctp: [Deprecated]: syz.3.6453 (pid 28320) Use of struct sctp_assoc_value in delayed_ack socket option.
[  872.339996][T28320] Use struct sctp_sack_info instead
[  873.011606][T28349] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input18
[  873.150486][ T5644] Bluetooth: hci2: command 0x0401 tx timeout
[  873.377118][T28371] Cannot find del_set index 1 as target
[  873.428204][T28360] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  873.597636][T28381] netlink: 'syz.1.6469': attribute type 1 has an invalid length.
[  873.605785][T28381] netlink: 'syz.1.6469': attribute type 3 has an invalid length.
[  873.692937][T28381] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6469'.
[  873.705854][T28381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6469'.
[  873.853982][T28393] xt_hashlimit: size too large, truncated to 1048576
[  873.973061][T28399] netlink: 'syz.1.6474': attribute type 17 has an invalid length.
[  873.987646][T28399] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6474'.
[  874.875383][T28440] FAULT_INJECTION: forcing a failure.
[  874.875383][T28440] name failslab, interval 1, probability 0, space 0, times 0
[  874.974894][T28440] CPU: 1 UID: 0 PID: 28440 Comm: syz.0.6481 Not tainted syzkaller #0 PREEMPT(full) 
[  874.974919][T28440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  874.974930][T28440] Call Trace:
[  874.974937][T28440]  <TASK>
[  874.974946][T28440]  dump_stack_lvl+0xe8/0x150
[  874.974972][T28440]  should_fail_ex+0x40c/0x560
[  874.975004][T28440]  should_failslab+0xa8/0x100
[  874.975031][T28440]  kmem_cache_alloc_node_noprof+0x8f/0x680
[  874.975056][T28440]  ? __alloc_skb+0x189/0x7a0
[  874.975080][T28440]  ? __alloc_skb+0x1d7/0x7a0
[  874.975103][T28440]  ? __local_bh_enable_ip+0xd0/0x130
[  874.975126][T28440]  __alloc_skb+0x1d7/0x7a0
[  874.975156][T28440]  alloc_skb_with_frags+0xc6/0x760
[  874.975185][T28440]  sock_alloc_send_pskb+0x878/0x990
[  874.975205][T28440]  ? is_bpf_text_address+0x292/0x2b0
[  874.975229][T28440]  ? kernel_text_address+0xa5/0xe0
[  874.975263][T28440]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  874.975285][T28440]  ? do_raw_spin_lock+0x12b/0x2f0
[  874.975314][T28440]  ? __lock_acquire+0x683/0x2cd0
[  874.975338][T28440]  __ip_append_data+0x29ec/0x3cf0
[  874.975383][T28440]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  874.975429][T28440]  ? __pfx___ip_append_data+0x10/0x10
[  874.975454][T28440]  ? ipv4_mtu+0x23/0x670
[  874.975476][T28440]  ? __pfx_ipv4_mtu+0x10/0x10
[  874.975498][T28440]  ? ip_setup_cork+0x4ed/0x8f0
[  874.975524][T28440]  ip_make_skb+0x22e/0x440
[  874.975554][T28440]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  874.975580][T28440]  ? __pfx_ip_make_skb+0x10/0x10
[  874.975623][T28440]  udp_sendmsg+0x1937/0x2140
[  874.975652][T28440]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  874.975692][T28440]  ? __pfx_udp_sendmsg+0x10/0x10
[  874.975715][T28440]  ? handle_mm_fault+0xec/0x3080
[  874.975755][T28440]  ? aa_sk_perm+0x6d5/0x900
[  874.975794][T28440]  ? sock_rps_record_flow+0x19/0x350
[  874.975820][T28440]  ? inet_sendmsg+0x23e/0x320
[  874.975844][T28440]  ? __pfx_inet_sendmsg+0x10/0x10
[  874.975870][T28440]  ____sys_sendmsg+0x853/0xa20
[  874.975888][T28440]  ? irqentry_exit+0x218/0x8e0
[  874.975908][T28440]  ? trace_irq_disable+0x3b/0x140
[  874.975942][T28440]  ? __pfx_____sys_sendmsg+0x10/0x10
[  874.975971][T28440]  ? import_iovec+0x73/0xa0
[  874.975995][T28440]  ___sys_sendmsg+0x2a5/0x360
[  874.976013][T28440]  ? __lock_acquire+0x683/0x2cd0
[  874.976042][T28440]  ? __pfx____sys_sendmsg+0x10/0x10
[  874.976068][T28440]  ? kstrtouint+0x6e/0xe0
[  874.976119][T28440]  ? __fget_files+0x2a/0x420
[  874.976139][T28440]  ? __fget_files+0x3a2/0x420
[  874.976171][T28440]  __sys_sendmmsg+0x27c/0x4e0
[  874.976196][T28440]  ? __pfx___sys_sendmmsg+0x10/0x10
[  874.976214][T28440]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  874.976261][T28440]  ? ksys_write+0x242/0x270
[  874.976288][T28440]  ? __pfx_ksys_write+0x10/0x10
[  874.976319][T28440]  __x64_sys_sendmmsg+0xa0/0xc0
[  874.976338][T28440]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.976358][T28440]  do_syscall_64+0x174/0x580
[  874.976378][T28440]  ? trace_irq_disable+0x3b/0x140
[  874.976402][T28440]  ? clear_bhb_loop+0x40/0x90
[  874.976424][T28440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.976441][T28440] RIP: 0033:0x7fb5b879ce59
[  874.976458][T28440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  874.976473][T28440] RSP: 002b:00007fb5b95cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  874.976492][T28440] RAX: ffffffffffffffda RBX: 00007fb5b8a15fa0 RCX: 00007fb5b879ce59
[  874.976506][T28440] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[  874.976518][T28440] RBP: 00007fb5b95cd090 R08: 0000000000000000 R09: 0000000000000000
[  874.976529][T28440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.976540][T28440] R13: 00007fb5b8a16038 R14: 00007fb5b8a15fa0 R15: 00007ffcfe96ca78
[  874.976571][T28440]  </TASK>
[  875.280981][    C0] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  875.667887][T28455] netlink: 'syz.0.6485': attribute type 1 has an invalid length.
[  875.676751][T28455] netlink: 'syz.0.6485': attribute type 3 has an invalid length.
[  875.684887][T28455] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6485'.
[  875.696778][T28455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6485'.
[  875.866225][T28459] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6486'.
[  875.881085][T28459] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6486'.
[  875.927964][T28463] geneve2: entered promiscuous mode
[  875.936998][T11256] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 44413 - 0
[  875.946296][T11256] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 44413 - 0
[  875.972053][T11256] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 44413 - 0
[  875.996002][T11256] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 44413 - 0
[  876.009599][T28464] xfrm0 speed is unknown, defaulting to 1000
[  876.156327][T28468] xt_hashlimit: size too large, truncated to 1048576
[  876.545448][T28464] lo speed is unknown, defaulting to 1000
[  876.554622][T28474] xfrm0 speed is unknown, defaulting to 1000
[  876.947380][T28484] xt_hashlimit: size too large, truncated to 1048576
[  876.980491][T28475] dvmrp0: entered allmulticast mode
[  877.322570][T28474] lo speed is unknown, defaulting to 1000
[  877.698007][T28495] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6496'.
[  877.879656][T28497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6497'.
[  878.136502][T28505] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6500'.
[  878.157161][T28507] FAULT_INJECTION: forcing a failure.
[  878.157161][T28507] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  878.196335][T28507] CPU: 1 UID: 0 PID: 28507 Comm: syz.4.6499 Not tainted syzkaller #0 PREEMPT(full) 
[  878.196355][T28507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  878.196365][T28507] Call Trace:
[  878.196374][T28507]  <TASK>
[  878.196381][T28507]  dump_stack_lvl+0xe8/0x150
[  878.196406][T28507]  should_fail_ex+0x40c/0x560
[  878.196438][T28507]  _copy_from_user+0x2d/0xb0
[  878.196459][T28507]  __sys_bpf+0x229/0x950
[  878.196488][T28507]  ? __pfx___sys_bpf+0x10/0x10
[  878.196528][T28507]  ? ksys_write+0x242/0x270
[  878.196555][T28507]  ? __pfx_ksys_write+0x10/0x10
[  878.196585][T28507]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.196605][T28507]  __x64_sys_bpf+0x7c/0x90
[  878.196630][T28507]  do_syscall_64+0x174/0x580
[  878.196650][T28507]  ? trace_irq_disable+0x3b/0x140
[  878.196676][T28507]  ? clear_bhb_loop+0x40/0x90
[  878.196698][T28507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.196718][T28507] RIP: 0033:0x7f1548d9ce59
[  878.196735][T28507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  878.196749][T28507] RSP: 002b:00007f1549c56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  878.196769][T28507] RAX: ffffffffffffffda RBX: 00007f1549015fa0 RCX: 00007f1548d9ce59
[  878.196781][T28507] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  878.196793][T28507] RBP: 00007f1549c56090 R08: 0000000000000000 R09: 0000000000000000
[  878.196805][T28507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  878.196815][T28507] R13: 00007f1549016038 R14: 00007f1549015fa0 R15: 00007fff2322e2f8
[  878.196846][T28507]  </TASK>
[  878.475201][T28513] FAULT_INJECTION: forcing a failure.
[  878.475201][T28513] name failslab, interval 1, probability 0, space 0, times 0
[  878.488274][T28513] CPU: 1 UID: 0 PID: 28513 Comm: syz.4.6501 Not tainted syzkaller #0 PREEMPT(full) 
[  878.488296][T28513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  878.488307][T28513] Call Trace:
[  878.488315][T28513]  <TASK>
[  878.488322][T28513]  dump_stack_lvl+0xe8/0x150
[  878.488349][T28513]  should_fail_ex+0x40c/0x560
[  878.488382][T28513]  should_failslab+0xa8/0x100
[  878.488401][T28513]  kmem_cache_alloc_node_noprof+0x8f/0x680
[  878.488427][T28513]  ? __alloc_skb+0x189/0x7a0
[  878.488452][T28513]  ? __alloc_skb+0x1d7/0x7a0
[  878.488476][T28513]  ? __local_bh_enable_ip+0xd0/0x130
[  878.488500][T28513]  __alloc_skb+0x1d7/0x7a0
[  878.488530][T28513]  netlink_sendmsg+0x5d4/0xb40
[  878.488559][T28513]  ? __pfx_netlink_sendmsg+0x10/0x10
[  878.488583][T28513]  ? aa_sock_msg_perm+0xf1/0x1b0
[  878.488610][T28513]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  878.488633][T28513]  ? __pfx_netlink_sendmsg+0x10/0x10
[  878.488655][T28513]  ____sys_sendmsg+0x9b9/0xa20
[  878.488675][T28513]  ? __might_fault+0xaf/0x130
[  878.488703][T28513]  ? __pfx_____sys_sendmsg+0x10/0x10
[  878.488731][T28513]  ? import_iovec+0x73/0xa0
[  878.488755][T28513]  ___sys_sendmsg+0x2a5/0x360
[  878.488774][T28513]  ? __lock_acquire+0x683/0x2cd0
[  878.488797][T28513]  ? __pfx____sys_sendmsg+0x10/0x10
[  878.488851][T28513]  ? __fget_files+0x2a/0x420
[  878.488873][T28513]  ? __fget_files+0x3a2/0x420
[  878.488904][T28513]  __x64_sys_sendmsg+0x1bd/0x2a0
[  878.488926][T28513]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  878.488956][T28513]  ? __pfx_ksys_write+0x10/0x10
[  878.488990][T28513]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.489009][T28513]  do_syscall_64+0x174/0x580
[  878.489029][T28513]  ? trace_irq_disable+0x3b/0x140
[  878.489058][T28513]  ? clear_bhb_loop+0x40/0x90
[  878.489080][T28513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.489098][T28513] RIP: 0033:0x7f1548d9ce59
[  878.489116][T28513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  878.489132][T28513] RSP: 002b:00007f1549c56028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  878.489151][T28513] RAX: ffffffffffffffda RBX: 00007f1549015fa0 RCX: 00007f1548d9ce59
[  878.489165][T28513] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[  878.489176][T28513] RBP: 00007f1549c56090 R08: 0000000000000000 R09: 0000000000000000
[  878.489188][T28513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  878.489199][T28513] R13: 00007f1549016038 R14: 00007f1549015fa0 R15: 00007fff2322e2f8
[  878.489230][T28513]  </TASK>
[  878.934623][T28508] vlan2: entered allmulticast mode
[  878.941751][T28508] bridge1: entered allmulticast mode
[  879.076752][T28515] syzkaller0: entered promiscuous mode
[  879.092871][T28515] syzkaller0: entered allmulticast mode
[  879.811185][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  880.059561][T28527] netlink: 'syz.4.6504': attribute type 1 has an invalid length.
[  880.134340][T28528] openvswitch: netlink: EtherType 50a is less than min 600
[  881.863821][T28527] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  882.067600][T28537] netlink: 34 bytes leftover after parsing attributes in process `syz.2.6508'.
[  882.191147][T28544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6510'.
[  883.626152][T28590] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input19
[  883.968841][T28592] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  884.072154][T28614] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6528'.
[  884.329522][T28621] syzkaller0: entered promiscuous mode
[  884.369818][T28621] syzkaller0: entered allmulticast mode
[  886.108150][T28658] FAULT_INJECTION: forcing a failure.
[  886.108150][T28658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  886.171607][T28658] CPU: 0 UID: 0 PID: 28658 Comm: syz.1.6539 Not tainted syzkaller #0 PREEMPT(full) 
[  886.171652][T28658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  886.171676][T28658] Call Trace:
[  886.171698][T28658]  <TASK>
[  886.171706][T28658]  dump_stack_lvl+0xe8/0x150
[  886.171732][T28658]  should_fail_ex+0x40c/0x560
[  886.171765][T28658]  _copy_from_iter+0x1d3/0x1660
[  886.171787][T28658]  ? rcu_is_watching+0x15/0xb0
[  886.171813][T28658]  ? __pfx__copy_from_iter+0x10/0x10
[  886.171828][T28658]  ? kmem_cache_alloc_node_noprof+0x3ca/0x680
[  886.171861][T28658]  ? netlink_sendmsg+0x650/0xb40
[  886.171881][T28658]  ? skb_put+0x112/0x210
[  886.171902][T28658]  netlink_sendmsg+0x6c0/0xb40
[  886.171931][T28658]  ? __pfx_netlink_sendmsg+0x10/0x10
[  886.171954][T28658]  ? aa_sock_msg_perm+0xf1/0x1b0
[  886.171981][T28658]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  886.172002][T28658]  ? __pfx_netlink_sendmsg+0x10/0x10
[  886.172023][T28658]  ____sys_sendmsg+0x9b9/0xa20
[  886.172043][T28658]  ? __might_fault+0xaf/0x130
[  886.172071][T28658]  ? __pfx_____sys_sendmsg+0x10/0x10
[  886.172100][T28658]  ? import_iovec+0x73/0xa0
[  886.172123][T28658]  ___sys_sendmsg+0x2a5/0x360
[  886.172142][T28658]  ? __lock_acquire+0x683/0x2cd0
[  886.172165][T28658]  ? __pfx____sys_sendmsg+0x10/0x10
[  886.172218][T28658]  ? __fget_files+0x2a/0x420
[  886.172239][T28658]  ? __fget_files+0x3a2/0x420
[  886.172270][T28658]  __x64_sys_sendmsg+0x1bd/0x2a0
[  886.172292][T28658]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  886.172321][T28658]  ? __pfx_ksys_write+0x10/0x10
[  886.172355][T28658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.172374][T28658]  do_syscall_64+0x174/0x580
[  886.172397][T28658]  ? clear_bhb_loop+0x40/0x90
[  886.172419][T28658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.172436][T28658] RIP: 0033:0x7fe33b39ce59
[  886.172453][T28658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  886.172468][T28658] RSP: 002b:00007fe33c334028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  886.172488][T28658] RAX: ffffffffffffffda RBX: 00007fe33b615fa0 RCX: 00007fe33b39ce59
[  886.172501][T28658] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[  886.172513][T28658] RBP: 00007fe33c334090 R08: 0000000000000000 R09: 0000000000000000
[  886.172524][T28658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  886.172536][T28658] R13: 00007fe33b616038 R14: 00007fe33b615fa0 R15: 00007ffcfe8d6e08
[  886.172566][T28658]  </TASK>
[  886.717710][T28664] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6541'.
[  887.527540][T28667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6542'.
[  888.367770][T28691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6548'.
[  888.701882][T28701] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6550'.
[  888.887941][T28710] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input20
[  888.981970][T28713] gretap0: entered promiscuous mode
[  888.987372][T28713] vlan3: entered promiscuous mode
[  889.421443][T28710] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  889.529153][T28732] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6557'.
[  889.598081][T28737] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input21
[  890.036171][T28743] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  892.309214][T28766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6562'.
[  892.377411][T28771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6564'.
[  892.536313][T28783] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6567'.
[  892.586319][T28780] netdevsim netdevsim3 netdevsim0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  892.603544][T28780] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  892.704706][T28788] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input22
[  893.130771][T28781] netlink: 200 bytes leftover after parsing attributes in process `syz.2.6567'.
[  893.142867][T28784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6567'.
[  893.224315][T28808] syzkaller0: entered promiscuous mode
[  893.229810][T28808] syzkaller0: entered allmulticast mode
[  893.270176][T28801] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  895.954879][T28834] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6579'.
[  896.584925][T28838] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6579'.
[  898.524001][T28846] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6583'.
[  898.756996][T28858] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6587'.
[  899.088846][T28871] syzkaller0: entered promiscuous mode
[  899.094349][T28871] syzkaller0: entered allmulticast mode
[  899.262669][T28879] netlink: 'syz.4.6593': attribute type 2 has an invalid length.
[  899.280392][T28879] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6593'.
[  899.290357][T28883] xt_check_table_hooks: 55 callbacks suppressed
[  899.290372][T28883] x_tables: duplicate underflow at hook 1
[  899.335841][T13392] bridge0: entered promiscuous mode
[  899.645195][T28890] netlink: 47 bytes leftover after parsing attributes in process `syz.4.6593'.
[  900.181970][T28921] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6601'.
[  900.739680][T28926] bridge0: port 2(bridge_slave_1) entered disabled state
[  900.747307][T28926] bridge0: port 1(bridge_slave_0) entered disabled state
[  901.226958][T28926] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  901.269898][T28926] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  902.109274][  T133] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  902.133344][  T133] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  902.178472][  T133] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  902.198710][  T133] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  902.226017][T28970] syzkaller0: entered promiscuous mode
[  902.231508][T28970] syzkaller0: entered allmulticast mode
[  902.451889][T28992] syzkaller0: entered promiscuous mode
[  902.457498][T28992] syzkaller0: entered allmulticast mode
[  902.466868][T28992] tipc: Started in network mode
[  902.472768][T28992] tipc: Node identity fa4f75e1048b, cluster identity 4711
[  902.480787][T28992] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  902.518915][T28992] tipc: Resetting bearer <eth:syzkaller0>
[  902.560173][T28992] tipc: Disabling bearer <eth:syzkaller0>
[  902.856547][T29002] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6621'.
[  903.177209][T29016] syzkaller0: entered promiscuous mode
[  903.183312][T29016] syzkaller0: entered allmulticast mode
[  903.303930][   T29] audit: type=1800 audit(1781619838.972:15): pid=29022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6628" name="memory.events" dev="tmpfs" ino=308 res=0 errno=0
[  903.326683][T29026] netlink: 'syz.2.6628': attribute type 2 has an invalid length.
[  903.365344][T29029] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6629'.
[  903.374356][T29029] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6629'.
[  903.484280][T29037] IPVS: rr: FWM 3 0x00000003 - no destination available
[  903.751042][ T5644] Bluetooth: hci1: link tx timeout
[  903.756805][ T5644] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  903.862331][T29057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6637'.
[  904.165453][T29063] netlink: 'syz.0.6639': attribute type 1 has an invalid length.
[  904.173441][T29063] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6639'.
[  905.801915][ T5644] Bluetooth: hci1: command 0x0406 tx timeout
[  906.210619][T29019] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  906.704363][T29077] FAULT_INJECTION: forcing a failure.
[  906.704363][T29077] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  906.719296][T29084] netlink: 'syz.1.6649': attribute type 15 has an invalid length.
[  906.724022][T29077] CPU: 0 UID: 0 PID: 29077 Comm: syz.3.6648 Not tainted syzkaller #0 PREEMPT(full) 
[  906.724045][T29077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  906.724056][T29077] Call Trace:
[  906.724064][T29077]  <TASK>
[  906.724072][T29077]  dump_stack_lvl+0xe8/0x150
[  906.724098][T29077]  should_fail_ex+0x40c/0x560
[  906.724129][T29077]  _copy_from_user+0x2d/0xb0
[  906.724151][T29077]  __copy_msghdr+0x382/0x580
[  906.724181][T29077]  ___sys_sendmsg+0x213/0x360
[  906.724199][T29077]  ? __lock_acquire+0x683/0x2cd0
[  906.724222][T29077]  ? __pfx____sys_sendmsg+0x10/0x10
[  906.724273][T29077]  ? __fget_files+0x2a/0x420
[  906.724294][T29077]  ? __fget_files+0x3a2/0x420
[  906.724324][T29077]  __x64_sys_sendmsg+0x1bd/0x2a0
[  906.724345][T29077]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  906.724373][T29077]  ? __pfx_ksys_write+0x10/0x10
[  906.724406][T29077]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.724425][T29077]  do_syscall_64+0x174/0x580
[  906.724445][T29077]  ? trace_irq_disable+0x3b/0x140
[  906.724469][T29077]  ? clear_bhb_loop+0x40/0x90
[  906.724490][T29077]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.724508][T29077] RIP: 0033:0x7f4ea9b9ce59
[  906.724525][T29077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  906.724539][T29077] RSP: 002b:00007f4ea7df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  906.724558][T29077] RAX: ffffffffffffffda RBX: 00007f4ea9e15fa0 RCX: 00007f4ea9b9ce59
[  906.724571][T29077] RDX: 0000000000000004 RSI: 00002000000001c0 RDI: 000000000000000a
[  906.724582][T29077] RBP: 00007f4ea7df6090 R08: 0000000000000000 R09: 0000000000000000
[  906.724593][T29077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.724604][T29077] R13: 00007f4ea9e16038 R14: 00007f4ea9e15fa0 R15: 00007ffea01cbbe8
[  906.724633][T29077]  </TASK>
[  906.943996][T29084] netlink: 666 bytes leftover after parsing attributes in process `syz.1.6649'.
[  907.104578][T29098] netlink: 'syz.0.6651': attribute type 4 has an invalid length.
[  907.111016][T29094] netlink: 'syz.3.6653': attribute type 1 has an invalid length.
[  907.146239][T29098] netlink: 'syz.0.6651': attribute type 8 has an invalid length.
[  907.153979][T29098] netlink: 212 bytes leftover after parsing attributes in process `syz.0.6651'.
[  907.164746][T29102] netlink: 'syz.4.6654': attribute type 1 has an invalid length.
[  907.659337][T29112] syzkaller1: entered promiscuous mode
[  907.664839][T29112] syzkaller1: entered allmulticast mode
[  908.093231][T29126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6663'.
[  908.102211][T29126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6663'.
[  908.831502][T29150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6671'.
[  908.966868][T29156] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6674'.
[  909.236835][T29166] netlink: 'syz.2.6678': attribute type 3 has an invalid length.
[  909.270740][T29166] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  909.383904][T29170] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6679'.
[  909.585150][T29177] netlink: 'syz.1.6679': attribute type 4 has an invalid length.
[  909.987344][T29203] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6685'.
[  910.057391][T29203] netlink: 1 bytes leftover after parsing attributes in process `syz.2.6685'.
[  910.173435][T29206] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  910.677344][T29224] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  910.711715][T29224] syzkaller0: entered promiscuous mode
[  910.724038][T29224] syzkaller0: entered allmulticast mode
[  910.775450][T29231] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6694'.
[  910.826905][T29233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6693'.
[  910.853618][T29231] netlink: 'syz.4.6694': attribute type 1 has an invalid length.
[  911.027533][T29231] 8021q: adding VLAN 0 to HW filter on device bond1
[  911.058214][T29245] netlink: 120 bytes leftover after parsing attributes in process `syz.1.6698'.
[  911.201425][T29241] netlink: 'syz.2.6695': attribute type 1 has an invalid length.
[  911.220345][T29241] netlink: 936 bytes leftover after parsing attributes in process `syz.2.6695'.
[  911.475057][T29264] mac80211_hwsim hwsim107 wlan0: entered promiscuous mode
[  911.483122][T29264] mac80211_hwsim hwsim107 wlan0: entered allmulticast mode
[  912.441438][T29294] xt_hashlimit: size too large, truncated to 1048576
[  912.825337][T29294] netlink: 'syz.2.6709': attribute type 1 has an invalid length.
[  913.996580][T29347] netlink: 'syz.1.6724': attribute type 1 has an invalid length.
[  914.332604][T29356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6726'.
[  914.676380][T29361] veth0_to_team: entered promiscuous mode
[  914.715210][T29361] erspan0: entered promiscuous mode
[  915.554832][T29416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6744'.
[  915.591994][T29418] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6744'.
[  915.713828][T29416] bond4: option broadcast_neighbor: invalid value (30)
[  915.734282][T29416] bond4 (unregistering): Released all slaves
[  915.775168][T29413] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6743'.
[  916.413176][T29455] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6752'.
[  916.658380][T29468] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6752'.
[  918.936055][T29485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6760'.
[  919.178911][T29497] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6762'.
[  919.463765][T29513] IPVS: rr: FWM 3 0x00000003 - no destination available
[  922.150408][T29498] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  922.687539][T29553] xt_NFQUEUE: number of total queues is 0
[  922.886173][T29571] FAULT_INJECTION: forcing a failure.
[  922.886173][T29571] name failslab, interval 1, probability 0, space 0, times 0
[  922.929057][T29571] CPU: 1 UID: 0 PID: 29571 Comm: syz.3.6786 Not tainted syzkaller #0 PREEMPT(full) 
[  922.929083][T29571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  922.929094][T29571] Call Trace:
[  922.929102][T29571]  <TASK>
[  922.929110][T29571]  dump_stack_lvl+0xe8/0x150
[  922.929137][T29571]  should_fail_ex+0x40c/0x560
[  922.929170][T29571]  should_failslab+0xa8/0x100
[  922.929191][T29571]  kmem_cache_alloc_node_noprof+0x8f/0x680
[  922.929215][T29571]  ? __alloc_skb+0x189/0x7a0
[  922.929241][T29571]  ? __alloc_skb+0x1d7/0x7a0
[  922.929263][T29571]  ? __local_bh_enable_ip+0xd0/0x130
[  922.929286][T29571]  __alloc_skb+0x1d7/0x7a0
[  922.929314][T29571]  netlink_sendmsg+0x5d4/0xb40
[  922.929344][T29571]  ? __pfx_netlink_sendmsg+0x10/0x10
[  922.929368][T29571]  ? aa_sock_msg_perm+0xf1/0x1b0
[  922.929395][T29571]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  922.929417][T29571]  ? __pfx_netlink_sendmsg+0x10/0x10
[  922.929438][T29571]  ____sys_sendmsg+0x9b9/0xa20
[  922.929456][T29571]  ? __might_fault+0xaf/0x130
[  922.929485][T29571]  ? __pfx_____sys_sendmsg+0x10/0x10
[  922.929513][T29571]  ? import_iovec+0x73/0xa0
[  922.929537][T29571]  ___sys_sendmsg+0x2a5/0x360
[  922.929555][T29571]  ? __lock_acquire+0x683/0x2cd0
[  922.929579][T29571]  ? __pfx____sys_sendmsg+0x10/0x10
[  922.929633][T29571]  ? __fget_files+0x2a/0x420
[  922.929654][T29571]  ? __fget_files+0x3a2/0x420
[  922.929685][T29571]  __x64_sys_sendmsg+0x1bd/0x2a0
[  922.929707][T29571]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  922.929736][T29571]  ? __pfx_ksys_write+0x10/0x10
[  922.929767][T29571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  922.929787][T29571]  do_syscall_64+0x174/0x580
[  922.929808][T29571]  ? trace_irq_disable+0x3b/0x140
[  922.929835][T29571]  ? clear_bhb_loop+0x40/0x90
[  922.929858][T29571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  922.929875][T29571] RIP: 0033:0x7f4ea9b9ce59
[  922.929892][T29571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  922.929907][T29571] RSP: 002b:00007f4ea7df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  922.929926][T29571] RAX: ffffffffffffffda RBX: 00007f4ea9e15fa0 RCX: 00007f4ea9b9ce59
[  922.929939][T29571] RDX: 0000000004000010 RSI: 00002000000001c0 RDI: 0000000000000004
[  922.929958][T29571] RBP: 00007f4ea7df6090 R08: 0000000000000000 R09: 0000000000000000
[  922.929970][T29571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  922.929979][T29571] R13: 00007f4ea9e16038 R14: 00007f4ea9e15fa0 R15: 00007ffea01cbbe8
[  922.930009][T29571]  </TASK>
[  923.293296][T29585] netlink: 'syz.2.6787': attribute type 1 has an invalid length.
[  923.319705][T29585] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6787'.
[  923.389670][T11256] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20002 - 0
[  923.398514][T11256] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20002 - 0
[  923.470573][T11256] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20002 - 0
[  923.479374][T11256] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20002 - 0
[  923.625523][T29600] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6792'.
[  924.024752][T29621] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6797'.
[  924.037027][T29622] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6794'.
[  924.161953][T29626] : renamed from veth0_to_bond
[  924.313278][T29635] xt_CT: You must specify a L4 protocol and not use inversions on it
[  924.316282][T29635] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  924.332349][T29635] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  924.340064][T29635] netlink: 228 bytes leftover after parsing attributes in process `syz.4.6803'.
[  924.411255][T29637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6802'.
[  924.438513][T29637] netlink: 'syz.2.6802': attribute type 25 has an invalid length.
[  924.462125][T29637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6802'.
[  924.516030][ T5951] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  924.525831][T29637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6802'.
[  924.537854][ T5951] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  924.551420][T29637] netlink: 'syz.2.6802': attribute type 25 has an invalid length.
[  924.559245][T29637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6802'.
[  924.560768][ T5951] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  924.588305][ T5951] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  924.798977][T29656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6810'.
[  924.955992][T29663] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input23
[  925.164138][T29663] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  925.798846][T29683] team_slave_1: Caught tx_queue_len zero misconfig
[  926.077610][T29706] syzkaller0: entered promiscuous mode
[  926.083780][T29706] syzkaller0: entered allmulticast mode
[  926.095389][T29706] 0: reclassify loop, rule prio 0, protocol 800
[  926.159071][T29708] IPVS: rr: FWM 3 0x00000003 - no destination available
[  926.289714][T29713] netlink: 'syz.4.6825': attribute type 30 has an invalid length.
[  926.369544][T29715] netlink: 'syz.0.6824': attribute type 4 has an invalid length.
[  927.126070][T29734] netlink: 'syz.2.6829': attribute type 1 has an invalid length.
[  927.155243][T29734] 8021q: adding VLAN 0 to HW filter on device bond2
[  927.187246][T29734] bond2: (slave veth3): Enslaving as an active interface with a down link
[  927.223211][T29734] bond2: (slave veth5): Enslaving as an active interface with a down link
[  927.252553][T29734] bond2: (slave bridge2): Enslaving as an active interface with a down link
[  927.378946][T29740] netlink: 'syz.2.6831': attribute type 1 has an invalid length.
[  929.038103][T29702] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  929.363809][T29755] __nla_validate_parse: 4 callbacks suppressed
[  929.363826][T29755] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6837'.
[  929.543927][T29772] netlink: 'syz.3.6840': attribute type 1 has an invalid length.
[  929.551483][T29765] xfrm0 speed is unknown, defaulting to 1000
[  929.557835][T29772] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6840'.
[  929.783264][T29777] dvmrp0: left allmulticast mode
[  929.806905][T29781] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6843'.
[  929.822218][T29781] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6843'.
[  929.832277][T29763] xfrm0 speed is unknown, defaulting to 1000
[  929.835224][T29765] lo speed is unknown, defaulting to 1000
[  929.936773][T13391] IPVS: starting estimator thread 0...
[  930.070564][T29788] IPVS: using max 28 ests per chain, 67200 per kthread
[  930.079999][T29793] IPVS: rr: FWM 3 0x00000003 - no destination available
[  930.155293][T29763] lo speed is unknown, defaulting to 1000
[  931.651240][T29821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6850'.
[  932.929566][T29786] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  932.951758][T29821] netlink: 240 bytes leftover after parsing attributes in process `syz.4.6850'.
[  933.221729][T29824] netlink: 'syz.3.6851': attribute type 21 has an invalid length.
[  933.253719][T29824] netlink: 'syz.3.6851': attribute type 22 has an invalid length.
[  933.295885][T29824] netlink: 'syz.3.6851': attribute type 23 has an invalid length.
[  933.321312][T29824] netlink: 'syz.3.6851': attribute type 25 has an invalid length.
[  933.327722][T29827] siw: device registration error -23
[  933.329904][T29824] netlink: 'syz.3.6851': attribute type 26 has an invalid length.
[  933.347598][T29824] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6851'.
[  933.523683][T29839] netlink: 'syz.2.6858': attribute type 13 has an invalid length.
[  933.565366][T29839] gretap0: refused to change device tx_queue_len
[  933.574813][T29839] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  933.620487][T29850] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6861'.
[  933.720177][   T10] IPVS: starting estimator thread 0...
[  933.861200][T29858] IPVS: using max 31 ests per chain, 74400 per kthread
[  934.261525][T29893] netlink: 22 bytes leftover after parsing attributes in process `syz.4.6871'.
[  936.670699][    C0] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[  936.705550][T29857] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  936.926724][T29899] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input24
[  936.934745][T29902] FAULT_INJECTION: forcing a failure.
[  936.934745][T29902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  936.952165][T29902] CPU: 0 UID: 0 PID: 29902 Comm: syz.3.6874 Not tainted syzkaller #0 PREEMPT(full) 
[  936.952187][T29902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  936.952198][T29902] Call Trace:
[  936.952205][T29902]  <TASK>
[  936.952213][T29902]  dump_stack_lvl+0xe8/0x150
[  936.952238][T29902]  should_fail_ex+0x40c/0x560
[  936.952271][T29902]  _copy_from_user+0x2d/0xb0
[  936.952293][T29902]  ___sys_recvmsg+0x173/0x590
[  936.952319][T29902]  ? __pfx____sys_recvmsg+0x10/0x10
[  936.952344][T29902]  ? __fget_files+0x2a/0x420
[  936.952395][T29902]  do_recvmmsg+0x329/0x810
[  936.952432][T29902]  ? __pfx_do_recvmmsg+0x10/0x10
[  936.952463][T29902]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  936.952501][T29902]  __x64_sys_recvmmsg+0x198/0x250
[  936.952524][T29902]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  936.952543][T29902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.952570][T29902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.952588][T29902]  do_syscall_64+0x174/0x580
[  936.952609][T29902]  ? clear_bhb_loop+0x40/0x90
[  936.952629][T29902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.952646][T29902] RIP: 0033:0x7f4ea9b9ce59
[  936.952662][T29902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  936.952677][T29902] RSP: 002b:00007f4ea7df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  936.952696][T29902] RAX: ffffffffffffffda RBX: 00007f4ea9e15fa0 RCX: 00007f4ea9b9ce59
[  936.952710][T29902] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  936.952722][T29902] RBP: 00007f4ea7df6090 R08: 0000000000000000 R09: 0000000000000000
[  936.952733][T29902] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  936.952744][T29902] R13: 00007f4ea9e16038 R14: 00007f4ea9e15fa0 R15: 00007ffea01cbbe8
[  936.952775][T29902]  </TASK>
[  937.250710][T29910] netlink: 'syz.1.6876': attribute type 10 has an invalid length.
[  937.298368][T29910] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  937.347218][T29910] team0: Port device netdevsim1 added
[  937.385629][T29910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6876'.
[  937.456328][T29907] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  937.517456][T29910] vlan2: entered promiscuous mode
[  937.527182][T29910] bridge0: entered promiscuous mode
[  937.570361][T29913] xfrm0 speed is unknown, defaulting to 1000
[  937.622600][T29910] netlink: 212344 bytes leftover after parsing attributes in process `syz.1.6876'.
[  937.858658][T29933] syz_tun: entered allmulticast mode
[  937.866455][T29931] syz_tun: left allmulticast mode
[  937.885491][T29936] sctp: [Deprecated]: syz.2.6884 (pid 29936) Use of struct sctp_assoc_value in delayed_ack socket option.
[  937.885491][T29936] Use struct sctp_sack_info instead
[  937.926111][T29936] sctp: [Deprecated]: syz.2.6884 (pid 29936) Use of struct sctp_assoc_value in delayed_ack socket option.
[  937.926111][T29936] Use struct sctp_sack_info instead
[  937.989352][T29913] lo speed is unknown, defaulting to 1000
[  938.304365][T29942] netlink: 220 bytes leftover after parsing attributes in process `syz.0.6886'.
[  938.314268][T29942] netlink: 'syz.0.6886': attribute type 2 has an invalid length.
[  938.351359][T29944] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input25
[  938.538673][T29944] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  939.040603][T29954] xfrm0 speed is unknown, defaulting to 1000
[  939.137003][T29961] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6892'.
[  939.228950][    C1] vcan0: j1939_tp_rxtimer: 0xffff888059c00800: rx timeout, send abort
[  939.241435][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880599ccc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  939.288386][T29966] netlink: 124 bytes leftover after parsing attributes in process `syz.1.6893'.
[  939.300847][T29966] netlink: 124 bytes leftover after parsing attributes in process `syz.1.6893'.
[  939.318665][T29954] lo speed is unknown, defaulting to 1000
[  939.321595][T29966] netlink: 124 bytes leftover after parsing attributes in process `syz.1.6893'.
[  939.351972][T29966] netlink: 124 bytes leftover after parsing attributes in process `syz.1.6893'.
[  939.739486][    C1] vcan0: j1939_tp_rxtimer: 0xffff888059c00800: abort rx timeout. Force session deactivation
[  939.930994][T29976] FAULT_INJECTION: forcing a failure.
[  939.930994][T29976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  939.944054][T29976] CPU: 0 UID: 0 PID: 29976 Comm: syz.2.6896 Not tainted syzkaller #0 PREEMPT(full) 
[  939.944076][T29976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  939.944087][T29976] Call Trace:
[  939.944095][T29976]  <TASK>
[  939.944103][T29976]  dump_stack_lvl+0xe8/0x150
[  939.944129][T29976]  should_fail_ex+0x40c/0x560
[  939.944162][T29976]  _copy_from_user+0x2d/0xb0
[  939.944183][T29976]  ___sys_recvmsg+0x173/0x590
[  939.944208][T29976]  ? __pfx____sys_recvmsg+0x10/0x10
[  939.944231][T29976]  ? __fget_files+0x2a/0x420
[  939.944284][T29976]  do_recvmmsg+0x329/0x810
[  939.944313][T29976]  ? __pfx_do_recvmmsg+0x10/0x10
[  939.944345][T29976]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  939.944385][T29976]  __x64_sys_recvmmsg+0x198/0x250
[  939.944409][T29976]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  939.944438][T29976]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  939.944458][T29976]  do_syscall_64+0x174/0x580
[  939.944479][T29976]  ? trace_irq_disable+0x3b/0x140
[  939.944504][T29976]  ? clear_bhb_loop+0x40/0x90
[  939.944527][T29976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  939.944545][T29976] RIP: 0033:0x7f433159ce59
[  939.944562][T29976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  939.944577][T29976] RSP: 002b:00007f43324b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  939.944596][T29976] RAX: ffffffffffffffda RBX: 00007f4331815fa0 RCX: 00007f433159ce59
[  939.944610][T29976] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  939.944622][T29976] RBP: 00007f43324b2090 R08: 0000000000000000 R09: 0000000000000000
[  939.944634][T29976] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  939.944645][T29976] R13: 00007f4331816038 R14: 00007f4331815fa0 R15: 00007ffcdfa39478
[  939.944677][T29976]  </TASK>
[  940.235948][T29979] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6897'.
[  940.303458][T29979] Bluetooth: MGMT ver 1.23
[  940.392919][T29980] netlink: 300 bytes leftover after parsing attributes in process `syz.4.6897'.
[  941.829670][T30005] xfrm0 speed is unknown, defaulting to 1000
[  941.852129][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  941.864488][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  942.738007][T30049] netlink: 180 bytes leftover after parsing attributes in process `syz.3.6915'.
[  942.862958][T30005] lo speed is unknown, defaulting to 1000
[  943.433012][T30071] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6923'.
[  944.278459][T30093] syzkaller0: entered promiscuous mode
[  944.300649][T30093] syzkaller0: entered allmulticast mode
[  944.634154][T30108] openvswitch: netlink: Missing valid actions attribute.
[  944.641231][T30108] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  945.308079][T30124] netlink: 'syz.0.6939': attribute type 1 has an invalid length.
[  945.315836][T30124] netlink: 'syz.0.6939': attribute type 3 has an invalid length.
[  945.445069][T30128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6939'.
[  945.451857][T30124] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6939'.
[  946.339829][T30138] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6945'.
[  946.419583][T30142] sch_tbf: burst 0 is lower than device tunl0 mtu (1480) !
[  946.513322][T30142] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  946.724382][T30154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6951'.
[  946.881109][T30165] IPVS: rr: FWM 3 0x00000003 - no destination available
[  946.974778][T30167] netlink: 'syz.0.6954': attribute type 1 has an invalid length.
[  947.004429][T30167] netlink: 'syz.0.6954': attribute type 3 has an invalid length.
[  947.030026][T30167] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6954'.
[  947.080424][T30167] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6954'.
[  948.092291][T30203] netlink: 'syz.3.6965': attribute type 1 has an invalid length.
[  948.100184][T30203] netlink: 'syz.3.6965': attribute type 3 has an invalid length.
[  948.107933][T30203] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6965'.
[  948.122284][T30203] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6965'.
[  949.645958][T30147] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  949.958886][T30229] FAULT_INJECTION: forcing a failure.
[  949.958886][T30229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  950.009772][T30229] CPU: 1 UID: 0 PID: 30229 Comm: syz.0.6976 Not tainted syzkaller #0 PREEMPT(full) 
[  950.009796][T30229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  950.009806][T30229] Call Trace:
[  950.009813][T30229]  <TASK>
[  950.009821][T30229]  dump_stack_lvl+0xe8/0x150
[  950.009848][T30229]  should_fail_ex+0x40c/0x560
[  950.009883][T30229]  _copy_from_user+0x2d/0xb0
[  950.009905][T30229]  ___sys_recvmsg+0x173/0x590
[  950.009932][T30229]  ? __pfx____sys_recvmsg+0x10/0x10
[  950.009956][T30229]  ? __fget_files+0x2a/0x420
[  950.010008][T30229]  do_recvmmsg+0x329/0x810
[  950.010036][T30229]  ? __pfx_do_recvmmsg+0x10/0x10
[  950.010069][T30229]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  950.010107][T30229]  __x64_sys_recvmmsg+0x198/0x250
[  950.010130][T30229]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  950.010159][T30229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.010179][T30229]  do_syscall_64+0x174/0x580
[  950.010198][T30229]  ? trace_irq_disable+0x3b/0x140
[  950.010221][T30229]  ? clear_bhb_loop+0x40/0x90
[  950.010240][T30229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.010256][T30229] RIP: 0033:0x7fb5b879ce59
[  950.010272][T30229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  950.010286][T30229] RSP: 002b:00007fb5b95cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  950.010304][T30229] RAX: ffffffffffffffda RBX: 00007fb5b8a15fa0 RCX: 00007fb5b879ce59
[  950.010316][T30229] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  950.010328][T30229] RBP: 00007fb5b95cd090 R08: 0000000000000000 R09: 0000000000000000
[  950.010339][T30229] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  950.010350][T30229] R13: 00007fb5b8a16038 R14: 00007fb5b8a15fa0 R15: 00007ffcfe96ca78
[  950.010379][T30229]  </TASK>
[  950.742142][T30282] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6995'.
[  950.871876][T30291] can: request_module (can-proto-0) failed.
[  950.908256][T30291] netlink: 'syz.3.6994': attribute type 1 has an invalid length.
[  950.944998][T30291] batman_adv: batadv0: Adding interface: dummy0
[  950.951271][T30291] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  950.976872][T30291] batman_adv: batadv0: Interface activated: dummy0
[  951.051917][T30291] batadv0: mtu less than device minimum
[  951.058863][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.070198][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.081226][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.092362][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.114556][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.125769][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.130314][T30303] netlink: 'syz.1.6999': attribute type 1 has an invalid length.
[  951.137377][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.155646][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.166919][T30291] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  951.201261][T30302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6999'.
[  951.210373][T30302] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6999'.
[  951.223694][T30302] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6999'.
[  951.240661][T30303] 8021q: adding VLAN 0 to HW filter on device bond1
[  951.262979][T30302] bond1: (slave veth0_to_bond): making interface the new active one
[  951.272162][T30302] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  951.303991][T30302] bond1: entered promiscuous mode
[  951.309133][T30302] veth0_to_bond: entered promiscuous mode
[  951.315300][T30302] bond1: entered allmulticast mode
[  951.320435][T30302] veth0_to_bond: entered allmulticast mode
[  951.361299][T30302] macvlan2: entered promiscuous mode
[  951.366607][T30302] macvlan2: entered allmulticast mode
[  951.375127][T30302] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  951.383970][T30302] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of veth0_to_bond
[  953.381925][T30250] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  953.612424][T30325] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7007'.
[  953.763215][T30332] netlink: 'syz.0.7006': attribute type 1 has an invalid length.
[  953.788025][T30332] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7006'.
[  954.151653][ T5644] Bluetooth: hci0: command 0x0419 tx timeout
[  954.325512][T30348] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7015'.
[  954.518596][T30352] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7016'.
[  954.569531][T30352] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7016'.
[  955.124451][T30370] netlink: 'syz.0.7024': attribute type 32 has an invalid length.
[  955.175492][T30370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7024'.
[  955.355707][T30370] bond1: option coupled_control: invalid value (12)
[  955.412387][T30379] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7024'.
[  955.718357][T30370] bond1 (unregistering): Released all slaves
[  955.801387][T30387] netlink: 'syz.3.7030': attribute type 1 has an invalid length.
[  955.859150][T30388] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.7030'.
[  955.896823][T30378] IPv6: sit1: Disabled Multicast RS
[  956.045581][T30393] x_tables: duplicate underflow at hook 1
[  956.083595][T30387] 8021q: adding VLAN 0 to HW filter on device bond4
[  956.131674][T30394] bond4: down delay (1) is not a multiple of miimon (100), value rounded to 0 ms
[  956.182238][T30394] bond4: option ad_user_port_key: mode dependency failed, not supported in mode balance-alb(6)
[  956.312503][T30396] bond4: (slave ip6gretap1): making interface the new active one
[  956.365901][T30396] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link
[  956.670470][T30405] syzkaller0: entered promiscuous mode
[  956.701961][T30405] syzkaller0: entered allmulticast mode
[  957.141609][T30420] tipc: Failed to remove unknown binding: 66,0,0/0:3887419886/3887419888
[  957.196225][T30420] tipc: Failed to remove unknown binding: 66,0,0/0:3887419886/3887419887
[  957.221893][T30423] netlink: 'syz.1.7043': attribute type 1 has an invalid length.
[  957.256139][T30420] tipc: Failed to remove unknown binding: 66,0,0/0:3887419886/3887419888
[  957.278084][T30423] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7043'.
[  957.336154][T30420] tipc: Failed to remove unknown binding: 66,0,0/0:3887419886/3887419887
[  957.353778][T30426] netlink: 'syz.2.7045': attribute type 1 has an invalid length.
[  957.403782][T30426] netlink: 'syz.2.7045': attribute type 3 has an invalid length.
[  957.492604][T30430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7045'.
[  957.621556][T30436] Bluetooth: MGMT ver 1.23
[  957.841154][T30441] netlink: 'syz.0.7051': attribute type 1 has an invalid length.
[  958.198781][T30451] netlink: 'syz.1.7056': attribute type 11 has an invalid length.
[  959.168450][T30484] netlink: 'syz.2.7066': attribute type 4 has an invalid length.
[  959.282869][T30486] netlink: 'syz.2.7066': attribute type 4 has an invalid length.
[  959.376708][T30488] FAULT_INJECTION: forcing a failure.
[  959.376708][T30488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  959.453140][T30488] CPU: 1 UID: 0 PID: 30488 Comm: syz.0.7068 Not tainted syzkaller #0 PREEMPT(full) 
[  959.453166][T30488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  959.453181][T30488] Call Trace:
[  959.453189][T30488]  <TASK>
[  959.453197][T30488]  dump_stack_lvl+0xe8/0x150
[  959.453224][T30488]  should_fail_ex+0x40c/0x560
[  959.453266][T30488]  _copy_from_user+0x2d/0xb0
[  959.453288][T30488]  ___sys_recvmsg+0x173/0x590
[  959.453315][T30488]  ? __pfx____sys_recvmsg+0x10/0x10
[  959.453340][T30488]  ? __fget_files+0x2a/0x420
[  959.453392][T30488]  do_recvmmsg+0x329/0x810
[  959.453421][T30488]  ? __pfx_do_recvmmsg+0x10/0x10
[  959.453453][T30488]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  959.453493][T30488]  __x64_sys_recvmmsg+0x198/0x250
[  959.453517][T30488]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  959.453547][T30488]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.453566][T30488]  do_syscall_64+0x174/0x580
[  959.453586][T30488]  ? trace_irq_disable+0x3b/0x140
[  959.453611][T30488]  ? clear_bhb_loop+0x40/0x90
[  959.453633][T30488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.453650][T30488] RIP: 0033:0x7fb5b879ce59
[  959.453668][T30488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  959.453683][T30488] RSP: 002b:00007fb5b95cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  959.453702][T30488] RAX: ffffffffffffffda RBX: 00007fb5b8a15fa0 RCX: 00007fb5b879ce59
[  959.453716][T30488] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  959.453728][T30488] RBP: 00007fb5b95cd090 R08: 0000000000000000 R09: 0000000000000000
[  959.453739][T30488] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  959.453750][T30488] R13: 00007fb5b8a16038 R14: 00007fb5b8a15fa0 R15: 00007ffcfe96ca78
[  959.453780][T30488]  </TASK>
[  959.959220][T30509] net_ratelimit: 12 callbacks suppressed
[  959.959239][T30509] openvswitch: netlink: IPv4 tun info is not correct
[  960.310378][T30513] syzkaller0: entered promiscuous mode
[  960.322175][T30513] syzkaller0: entered allmulticast mode
[  960.343857][T30513] TC_ACT_REPEAT abuse ?
[  960.673994][T30500] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  960.855256][T30519] __nla_validate_parse: 3 callbacks suppressed
[  960.855273][T30519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7078'.
[  960.909709][T30521] netlink: 'syz.4.7078': attribute type 1 has an invalid length.
[  960.924245][T30521] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7078'.
[  960.940180][T30521] netlink: 'syz.4.7078': attribute type 2 has an invalid length.
[  961.039386][T30519] team0: Port device team_slave_0 removed
[  961.333065][T30530] FAULT_INJECTION: forcing a failure.
[  961.333065][T30530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  961.360310][T30530] CPU: 1 UID: 0 PID: 30530 Comm: syz.1.7082 Not tainted syzkaller #0 PREEMPT(full) 
[  961.360335][T30530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  961.360346][T30530] Call Trace:
[  961.360354][T30530]  <TASK>
[  961.360362][T30530]  dump_stack_lvl+0xe8/0x150
[  961.360389][T30530]  should_fail_ex+0x40c/0x560
[  961.360420][T30530]  _copy_from_user+0x2d/0xb0
[  961.360446][T30530]  ___sys_recvmsg+0x173/0x590
[  961.360473][T30530]  ? __pfx____sys_recvmsg+0x10/0x10
[  961.360497][T30530]  ? __fget_files+0x2a/0x420
[  961.360549][T30530]  do_recvmmsg+0x329/0x810
[  961.360578][T30530]  ? __pfx_do_recvmmsg+0x10/0x10
[  961.360618][T30530]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  961.360657][T30530]  __x64_sys_recvmmsg+0x198/0x250
[  961.360682][T30530]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  961.360710][T30530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  961.360730][T30530]  do_syscall_64+0x174/0x580
[  961.360749][T30530]  ? trace_irq_disable+0x3b/0x140
[  961.360774][T30530]  ? clear_bhb_loop+0x40/0x90
[  961.360796][T30530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  961.360815][T30530] RIP: 0033:0x7fe33b39ce59
[  961.360832][T30530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  961.360847][T30530] RSP: 002b:00007fe33c334028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  961.360868][T30530] RAX: ffffffffffffffda RBX: 00007fe33b615fa0 RCX: 00007fe33b39ce59
[  961.360882][T30530] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  961.360894][T30530] RBP: 00007fe33c334090 R08: 0000000000000000 R09: 0000000000000000
[  961.360905][T30530] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  961.360917][T30530] R13: 00007fe33b616038 R14: 00007fe33b615fa0 R15: 00007ffcfe8d6e08
[  961.360948][T30530]  </TASK>
[  962.218135][T30553] netlink: 'syz.3.7085': attribute type 1 has an invalid length.
[  962.265235][T30552] netlink: 'syz.3.7085': attribute type 1 has an invalid length.
[  962.834178][T30573] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  963.015251][T30575] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7089'.
[  963.072630][T30582] x_tables: duplicate underflow at hook 1
[  963.301127][T30575] xfrm0 speed is unknown, defaulting to 1000
[  963.398948][T30591] FAULT_INJECTION: forcing a failure.
[  963.398948][T30591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  963.505994][T30591] CPU: 1 UID: 0 PID: 30591 Comm: syz.4.7094 Not tainted syzkaller #0 PREEMPT(full) 
[  963.506019][T30591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  963.506030][T30591] Call Trace:
[  963.506037][T30591]  <TASK>
[  963.506046][T30591]  dump_stack_lvl+0xe8/0x150
[  963.506073][T30591]  should_fail_ex+0x40c/0x560
[  963.506105][T30591]  _copy_from_user+0x2d/0xb0
[  963.506127][T30591]  ___sys_recvmsg+0x173/0x590
[  963.506154][T30591]  ? __pfx____sys_recvmsg+0x10/0x10
[  963.506179][T30591]  ? __fget_files+0x2a/0x420
[  963.506231][T30591]  do_recvmmsg+0x329/0x810
[  963.506260][T30591]  ? __pfx_do_recvmmsg+0x10/0x10
[  963.506292][T30591]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  963.506332][T30591]  __x64_sys_recvmmsg+0x198/0x250
[  963.506356][T30591]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  963.506385][T30591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.506405][T30591]  do_syscall_64+0x174/0x580
[  963.506425][T30591]  ? trace_irq_disable+0x3b/0x140
[  963.506451][T30591]  ? clear_bhb_loop+0x40/0x90
[  963.506473][T30591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.506491][T30591] RIP: 0033:0x7f1548d9ce59
[  963.506509][T30591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  963.506525][T30591] RSP: 002b:00007f1549c56028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  963.506545][T30591] RAX: ffffffffffffffda RBX: 00007f1549015fa0 RCX: 00007f1548d9ce59
[  963.506558][T30591] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  963.506571][T30591] RBP: 00007f1549c56090 R08: 0000000000000000 R09: 0000000000000000
[  963.506582][T30591] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  963.506593][T30591] R13: 00007f1549016038 R14: 00007f1549015fa0 R15: 00007fff2322e2f8
[  963.506626][T30591]  </TASK>
[  963.899584][T30575] lo speed is unknown, defaulting to 1000
[  964.850684][T30603] veth0_to_team: entered promiscuous mode
[  964.906054][T30603] erspan0: entered promiscuous mode
[  964.966802][T30603] debugfs: 'hsr1' already exists in 'hsr'
[  964.999244][T30603] Cannot create hsr debugfs directory
[  966.016708][T30632] netlink: 'syz.1.7101': attribute type 1 has an invalid length.
[  966.105647][T30632] netlink: 'syz.1.7101': attribute type 3 has an invalid length.
[  966.191263][T30640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7101'.
[  966.287440][T30632] netlink: 224 bytes leftover after parsing attributes in process `syz.1.7101'.
[  966.344588][T30644] FAULT_INJECTION: forcing a failure.
[  966.344588][T30644] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  966.476889][T30644] CPU: 1 UID: 0 PID: 30644 Comm: syz.3.7105 Not tainted syzkaller #0 PREEMPT(full) 
[  966.476914][T30644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  966.476924][T30644] Call Trace:
[  966.476932][T30644]  <TASK>
[  966.476941][T30644]  dump_stack_lvl+0xe8/0x150
[  966.476968][T30644]  should_fail_ex+0x40c/0x560
[  966.477000][T30644]  _copy_from_user+0x2d/0xb0
[  966.477023][T30644]  ___sys_recvmsg+0x173/0x590
[  966.477051][T30644]  ? __pfx____sys_recvmsg+0x10/0x10
[  966.477076][T30644]  ? __fget_files+0x2a/0x420
[  966.477128][T30644]  do_recvmmsg+0x329/0x810
[  966.477157][T30644]  ? __pfx_do_recvmmsg+0x10/0x10
[  966.477192][T30644]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  966.477238][T30644]  __x64_sys_recvmmsg+0x198/0x250
[  966.477262][T30644]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  966.477292][T30644]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  966.477312][T30644]  do_syscall_64+0x174/0x580
[  966.477332][T30644]  ? trace_irq_disable+0x3b/0x140
[  966.477357][T30644]  ? clear_bhb_loop+0x40/0x90
[  966.477380][T30644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  966.477398][T30644] RIP: 0033:0x7f4ea9b9ce59
[  966.477415][T30644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  966.477430][T30644] RSP: 002b:00007f4ea7df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  966.477450][T30644] RAX: ffffffffffffffda RBX: 00007f4ea9e15fa0 RCX: 00007f4ea9b9ce59
[  966.477464][T30644] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  966.477477][T30644] RBP: 00007f4ea7df6090 R08: 0000000000000000 R09: 0000000000000000
[  966.477489][T30644] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  966.477500][T30644] R13: 00007f4ea9e16038 R14: 00007f4ea9e15fa0 R15: 00007ffea01cbbe8
[  966.477531][T30644]  </TASK>
[  966.937905][T30653] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7108'.
[  967.149073][    C0] sched: DL replenish lagged too much
[  967.304579][T30666] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7112'.
[  967.494581][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  967.641716][T30672] TCP: TCP_TX_DELAY enabled
[  967.888955][T30676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7113'.
[  967.931079][T30679] netlink: 'syz.4.7114': attribute type 1 has an invalid length.
[  968.445532][T30679] 8021q: adding VLAN 0 to HW filter on device bond3
[  969.485296][   T50] Bluetooth: hci2: command 0x0401 tx timeout
[  969.593779][ T4946] Bluetooth: hci5: command 0x0406 tx timeout
[  970.243089][T30733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7124'.
[  970.684591][T30749] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7129'.
[  970.791201][T30754] netlink: 76 bytes leftover after parsing attributes in process `syz.4.7128'.
[  970.856796][T30754] netlink: 84 bytes leftover after parsing attributes in process `syz.4.7128'.
[  970.869048][T30751] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7129'.
[  971.995034][T30769] FAULT_INJECTION: forcing a failure.
[  971.995034][T30769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  977.652860][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  989.220115][T30769] CPU: 1 UID: 0 PID: 30769 Comm: syz.1.7134 Not tainted syzkaller #0 PREEMPT(full) 
[  989.220143][T30769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  989.220155][T30769] Call Trace:
[  989.220163][T30769]  <TASK>
[  989.220172][T30769]  dump_stack_lvl+0xe8/0x150
[  989.220199][T30769]  should_fail_ex+0x40c/0x560
[  989.220231][T30769]  _copy_from_user+0x2d/0xb0
[  989.220253][T30769]  ___sys_recvmsg+0x173/0x590
[  989.220280][T30769]  ? __pfx____sys_recvmsg+0x10/0x10
[  989.220305][T30769]  ? __fget_files+0x2a/0x420
[  989.220356][T30769]  do_recvmmsg+0x329/0x810
[  989.220386][T30769]  ? __pfx_do_recvmmsg+0x10/0x10
[  989.220418][T30769]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  989.220457][T30769]  __x64_sys_recvmmsg+0x198/0x250
[  989.220480][T30769]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  989.220509][T30769]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  989.220537][T30769]  do_syscall_64+0x174/0x580
[  989.220557][T30769]  ? trace_irq_disable+0x3b/0x140
[  989.220582][T30769]  ? clear_bhb_loop+0x40/0x90
[  989.220605][T30769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  989.220623][T30769] RIP: 0033:0x7fe33b39ce59
[  989.220642][T30769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  989.220657][T30769] RSP: 002b:00007fe33c334028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  989.220677][T30769] RAX: ffffffffffffffda RBX: 00007fe33b615fa0 RCX: 00007fe33b39ce59
[  989.220690][T30769] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004
[  989.220703][T30769] RBP: 00007fe33c334090 R08: 0000000000000000 R09: 0000000000000000
[  989.220715][T30769] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  989.220726][T30769] R13: 00007fe33b616038 R14: 00007fe33b615fa0 R15: 00007ffcfe8d6e08
[  989.220757][T30769]  </TASK>
[ 1054.458043][    C0] batman_adv: batadv1: adding TT local entry aa:aa:aa:aa:aa:1b to non-existent VLAN 3
[ 1069.836026][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1085.196330][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1151.735687][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1159.812967][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1159.819938][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P30771/1:b..l
[ 1159.828434][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=140141, q=1274014 ncpus=2)
[ 1159.836595][    C0] task:dhcpcd-run-hook state:R  running task     stack:23496 pid:30771 tgid:30771 ppid:5291   task_flags:0x400000 flags:0x00080000
[ 1159.851106][    C0] Call Trace:
[ 1159.854395][    C0]  <TASK>
[ 1159.857333][    C0]  __schedule+0x1840/0x57a0
[ 1159.861879][    C0]  ? __lock_acquire+0x683/0x2cd0
[ 1159.866831][    C0]  ? __pfx___schedule+0x10/0x10
[ 1159.871691][    C0]  ? __lock_acquire+0x683/0x2cd0
[ 1159.876645][    C0]  preempt_schedule_irq+0x4d/0xa0
[ 1159.881679][    C0]  irqentry_exit+0x14f/0x8e0
[ 1159.886278][    C0]  ? trace_irq_disable+0x3b/0x140
[ 1159.891320][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1159.897301][    C0] RIP: 0010:lock_acquire+0x221/0x350
[ 1159.902590][    C0] Code: ff ff ff e8 b1 60 04 0a f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 ab ab 96 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 10 5c 07 0a cc 48 8d 3d 38 18 92
[ 1159.922194][    C0] RSP: 0018:ffffc9000ce86b80 EFLAGS: 00000282
[ 1159.928260][    C0] RAX: 63f7009242a38000 RBX: 0000000000000000 RCX: 0000000000000046
[ 1159.936234][    C0] RDX: 00000000ceaf96dd RSI: ffffffff8e2213c9 RDI: ffffffff8c2886a0
[ 1159.944206][    C0] RBP: ffffffff81769f7f R08: ffffffff81769f7f R09: 0000000000000000
[ 1159.952180][    C0] R10: 0000000000000000 R11: ffffffff8e958780 R12: 0000000000000002
[ 1159.960150][    C0] R13: ffffffff8e958780 R14: 0000000000000000 R15: 0000000000000246
[ 1159.968130][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1159.973252][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1159.978377][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1159.984017][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1159.989139][    C0]  unwind_next_frame+0xac/0x2550
[ 1159.994085][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1159.999205][    C0]  ? qlist_free_all+0x99/0x100
[ 1160.003985][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1160.009105][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1160.015266][    C0]  arch_stack_walk+0x11b/0x150
[ 1160.020044][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1160.025693][    C0]  stack_trace_save+0xa9/0x100
[ 1160.030470][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1160.035855][    C0]  ? stack_depot_save_flags+0x33/0x800
[ 1160.041327][    C0]  save_stack+0x122/0x230
[ 1160.045669][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1160.050528][    C0]  ? __free_frozen_pages+0xc0d/0xd20
[ 1160.055822][    C0]  ? __slab_free+0x274/0x2c0
[ 1160.060418][    C0]  ? qlist_free_all+0x99/0x100
[ 1160.065194][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1160.070858][    C0]  __reset_page_owner+0x71/0x1f0
[ 1160.075813][    C0]  __free_frozen_pages+0xc0d/0xd20
[ 1160.080936][    C0]  ? __free_slab+0x172/0x280
[ 1160.085535][    C0]  __slab_free+0x274/0x2c0
[ 1160.089970][    C0]  qlist_free_all+0x99/0x100
[ 1160.094570][    C0]  ? mas_alloc_nodes+0x291/0x350
[ 1160.099512][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1160.104983][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1160.109849][    C0]  kmem_cache_alloc_noprof+0x2b8/0x650
[ 1160.115316][    C0]  ? mas_alloc_nodes+0x291/0x350
[ 1160.120258][    C0]  ? kmem_cache_alloc_noprof+0x156/0x650
[ 1160.125906][    C0]  mas_alloc_nodes+0x291/0x350
[ 1160.130679][    C0]  mas_preallocate+0x2cf/0x630
[ 1160.135452][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1160.140228][    C0]  ? __pfx_mas_preallocate+0x10/0x10
[ 1160.145528][    C0]  ? anon_vma_name+0x61/0x210
[ 1160.150217][    C0]  ? __mas_set_range+0x11a/0x3a0
[ 1160.155162][    C0]  __split_vma+0x318/0xa50
[ 1160.159581][    C0]  ? mas_next_node+0xbd1/0xe50
[ 1160.164367][    C0]  ? __pfx___split_vma+0x10/0x10
[ 1160.169331][    C0]  vms_gather_munmap_vmas+0x322/0x1370
[ 1160.174809][    C0]  ? mtree_range_walk+0x707/0x8b0
[ 1160.179844][    C0]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[ 1160.185750][    C0]  ? mas_find+0xa23/0xcf0
[ 1160.190097][    C0]  mmap_region+0x909/0x2340
[ 1160.194615][    C0]  ? is_bpf_text_address+0x292/0x2b0
[ 1160.199912][    C0]  ? __pfx_mmap_region+0x10/0x10
[ 1160.204865][    C0]  ? __mutex_trylock_common+0x15f/0x270
[ 1160.210419][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1160.216321][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1160.221100][    C0]  ? process_measurement+0x139d/0x1c10
[ 1160.226633][    C0]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[ 1160.233235][    C0]  ? mm_get_unmapped_area_vmflags+0xd9/0x110
[ 1160.239219][    C0]  ? cap_mmap_addr+0xaf/0x100
[ 1160.243906][    C0]  ? bpf_lsm_mmap_addr+0x9/0x50
[ 1160.248771][    C0]  ? shmem_mapping+0xd/0x50
[ 1160.253282][    C0]  ? memfd_check_seals_mmap+0xc5/0x200
[ 1160.258753][    C0]  do_mmap+0xc3b/0x10c0
[ 1160.262937][    C0]  ? __pfx_do_mmap+0x10/0x10
[ 1160.267530][    C0]  ? down_write_killable+0x180/0x240
[ 1160.272830][    C0]  ? __pfx_down_write_killable+0x10/0x10
[ 1160.278481][    C0]  ? apparmor_mmap_file+0x2da/0x3e0
[ 1160.283701][    C0]  vm_mmap_pgoff+0x272/0x4e0
[ 1160.288306][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1160.293428][    C0]  ? __fget_files+0x2a/0x420
[ 1160.298034][    C0]  ? __fget_files+0x3a2/0x420
[ 1160.302715][    C0]  ? __fget_files+0x2a/0x420
[ 1160.307316][    C0]  ksys_mmap_pgoff+0x4dc/0x760
[ 1160.312093][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1160.318163][    C0]  do_syscall_64+0x174/0x580
[ 1160.322759][    C0]  ? trace_irq_disable+0x3b/0x140
[ 1160.327809][    C0]  ? clear_bhb_loop+0x40/0x90
[ 1160.332492][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1160.338389][    C0] RIP: 0033:0x7fdf92bc2242
[ 1160.342820][    C0] RSP: 002b:00007fff49ee2fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 1160.351233][    C0] RAX: ffffffffffffffda RBX: 00007fdf928ce000 RCX: 00007fdf92bc2242
[ 1160.359206][    C0] RDX: 0000000000000005 RSI: 0000000000008000 RDI: 00007fdf928ce000
[ 1160.367176][    C0] RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000003000
[ 1160.375149][    C0] R10: 0000000000000812 R11: 0000000000000206 R12: 00007fff49ee3028
[ 1160.383121][    C0] R13: 00007fdf92b97580 R14: 00007fff49ee3450 R15: 00000fffe93dc5fe
[ 1160.391111][    C0]  </TASK>
[ 1160.394141][    C0] rcu: rcu_preempt kthread starved for 480 jiffies! g140141 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1160.405245][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1160.415213][    C0] rcu: RCU grace-period kthread stack dump:
[ 1160.421098][    C0] task:rcu_preempt     state:R  running task     stack:27688 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1160.434593][    C0] Call Trace:
[ 1160.437868][    C0]  <TASK>
[ 1160.440803][    C0]  __schedule+0x1840/0x57a0
[ 1160.445313][    C0]  ? __lock_acquire+0x683/0x2cd0
[ 1160.450280][    C0]  ? __pfx___schedule+0x10/0x10
[ 1160.455145][    C0]  ? schedule+0x90/0x360
[ 1160.459394][    C0]  schedule+0x164/0x360
[ 1160.463556][    C0]  schedule_timeout+0x152/0x2c0
[ 1160.468418][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1160.473801][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1160.479101][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1160.484914][    C0]  ? prepare_to_swait_event+0x322/0x350
[ 1160.490474][    C0]  rcu_gp_fqs_loop+0x30c/0x11f0
[ 1160.495340][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1160.501498][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1160.506785][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1160.512000][    C0]  rcu_gp_kthread+0x9e/0x2b0
[ 1160.516598][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1160.521796][    C0]  ? __kthread_parkme+0x71/0x1f0
[ 1160.526739][    C0]  ? __kthread_parkme+0x196/0x1f0
[ 1160.531785][    C0]  kthread+0x389/0x470
[ 1160.535861][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1160.541062][    C0]  ? __pfx_kthread+0x10/0x10
[ 1160.545662][    C0]  ret_from_fork+0x514/0xb70
[ 1160.550261][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1160.555378][    C0]  ? __switch_to+0xc89/0x1420
[ 1160.560073][    C0]  ? __pfx_kthread+0x10/0x10
[ 1160.564674][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1160.569460][    C0]  </TASK>
[ 1160.572476][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1160.578809][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1160.584016][    C1] NMI backtrace for cpu 1
[ 1160.584032][    C1] CPU: 1 UID: 0 PID: 30722 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[ 1160.584049][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1160.584059][    C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
[ 1160.584081][    C1] RIP: 0010:__kasan_check_byte+0x0/0x40
[ 1160.584105][    C1] Code: e8 75 2f 00 00 48 89 df 4c 89 f6 5b 41 5c 41 5e 41 5f e9 43 fa ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <0f> 1f 40 d6 41 56 53 48 89 f3 49 89 fe e8 3e 15 00 00 84 c0 75 16
[ 1160.584119][    C1] RSP: 0018:ffffc90000a077d8 EFLAGS: 00000202
[ 1160.584132][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000080000102
[ 1160.584143][    C1] RDX: 0000000000000000 RSI: ffffffff81769f9c RDI: ffffffff8e958780
[ 1160.584154][    C1] RBP: ffffffff81769f7f R08: 0000000000000000 R09: 0000000000000000
[ 1160.584164][    C1] R10: ffffc90000a07978 R11: ffffffff81b071b0 R12: 0000000000000002
[ 1160.584175][    C1] R13: ffffffff8e958780 R14: 0000000000000000 R15: 0000000000000000
[ 1160.584186][    C1] FS:  0000000000000000(0000) GS:ffff8881253a1000(0000) knlGS:0000000000000000
[ 1160.584199][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1160.584210][    C1] CR2: 0000001b31623ffc CR3: 000000000e746000 CR4: 00000000003526f0
[ 1160.584224][    C1] Call Trace:
[ 1160.584231][    C1]  <IRQ>
[ 1160.584237][    C1]  lock_acquire+0x84/0x350
[ 1160.584264][    C1]  ? unwind_next_frame+0x8f/0x2550
[ 1160.584281][    C1]  ? hmac+0x204/0x3b0
[ 1160.584300][    C1]  ? unwind_next_frame+0x8f/0x2550
[ 1160.584317][    C1]  unwind_next_frame+0xac/0x2550
[ 1160.584334][    C1]  ? unwind_next_frame+0x8f/0x2550
[ 1160.584353][    C1]  ? blake2s_final+0x10f/0x260
[ 1160.584371][    C1]  ? unwind_next_frame+0x8f/0x2550
[ 1160.584390][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1160.584412][    C1]  arch_stack_walk+0x11b/0x150
[ 1160.584433][    C1]  ? hmac+0x204/0x3b0
[ 1160.584454][    C1]  stack_trace_save+0xa9/0x100
[ 1160.584474][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1160.584495][    C1]  ? unwind_next_frame+0x1baf/0x2550
[ 1160.584516][    C1]  ? ret_from_fork_asm+0x1a/0x30
[ 1160.584534][    C1]  kasan_save_track+0x3e/0x80
[ 1160.584552][    C1]  ? kasan_save_track+0x3e/0x80
[ 1160.584571][    C1]  ? __kasan_kmalloc+0x93/0xb0
[ 1160.584590][    C1]  ? __kmalloc_cache_noprof+0x318/0x660
[ 1160.584609][    C1]  ? ref_tracker_alloc+0x15b/0x4b0
[ 1160.584624][    C1]  ? dst_init+0xbe/0x470
[ 1160.584641][    C1]  ? dst_alloc+0x12a/0x170
[ 1160.584657][    C1]  ? ip_route_output_key_hash_rcu+0x14ac/0x2720
[ 1160.584679][    C1]  ? ip_route_output_key_hash+0x18d/0x2a0
[ 1160.584699][    C1]  ? ip_route_output_flow+0x2a/0x150
[ 1160.584716][    C1]  ? ip_route_me_harder+0x762/0xfe0
[ 1160.584735][    C1]  ? synproxy_send_tcp+0x347/0x670
[ 1160.584757][    C1]  ? synproxy_send_client_synack+0x89b/0xde0
[ 1160.584775][    C1]  ? nft_synproxy_eval_v4+0x37b/0x530
[ 1160.584794][    C1]  ? nft_synproxy_do_eval+0x335/0x550
[ 1160.584812][    C1]  ? nft_do_chain+0x48d/0x1b10
[ 1160.584831][    C1]  ? nft_do_chain_inet+0x360/0x4b0
[ 1160.584851][    C1]  ? nf_hook_slow+0xc5/0x220
[ 1160.584867][    C1]  ? NF_HOOK+0x21f/0x3c0
[ 1160.584886][    C1]  ? NF_HOOK+0x336/0x3c0
[ 1160.584901][    C1]  ? process_backlog+0xa34/0x1860
[ 1160.584921][    C1]  ? __napi_poll+0xaa/0x330
[ 1160.584938][    C1]  ? net_rx_action+0x61d/0xf50
[ 1160.584957][    C1]  ? handle_softirqs+0x225/0x840
[ 1160.584971][    C1]  ? do_softirq+0x76/0xd0
[ 1160.584984][    C1]  ? __local_bh_enable_ip+0xf8/0x130
[ 1160.584998][    C1]  ? blake2s_compress+0xfa/0x1c00
[ 1160.585015][    C1]  ? blake2s_final+0x10f/0x260
[ 1160.585032][    C1]  ? hmac+0x204/0x3b0
[ 1160.585068][    C1]  __kasan_kmalloc+0x93/0xb0
[ 1160.585088][    C1]  __kmalloc_cache_noprof+0x318/0x660
[ 1160.585108][    C1]  ? process_scheduled_works+0xa8e/0x14e0
[ 1160.585123][    C1]  ? ref_tracker_alloc+0x15b/0x4b0
[ 1160.585137][    C1]  ? __kmalloc_cache_noprof+0x157/0x660
[ 1160.585160][    C1]  ref_tracker_alloc+0x15b/0x4b0
[ 1160.585177][    C1]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1160.585197][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1160.585215][    C1]  ? trace_kmem_cache_alloc+0x29/0xe0
[ 1160.585237][    C1]  dst_init+0xbe/0x470
[ 1160.585257][    C1]  ? dst_alloc+0x112/0x170
[ 1160.585276][    C1]  dst_alloc+0x12a/0x170
[ 1160.585296][    C1]  ip_route_output_key_hash_rcu+0x14ac/0x2720
[ 1160.585321][    C1]  ? ip_route_output_key_hash+0xd8/0x2a0
[ 1160.585343][    C1]  ip_route_output_key_hash+0x18d/0x2a0
[ 1160.585365][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1160.585388][    C1]  ? lock_acquire+0x106/0x350
[ 1160.585408][    C1]  ip_route_output_flow+0x2a/0x150
[ 1160.585426][    C1]  ? ip_route_me_harder+0x74b/0xfe0
[ 1160.585447][    C1]  ip_route_me_harder+0x762/0xfe0
[ 1160.585466][    C1]  ? ret_from_fork_asm+0x1a/0x30
[ 1160.585488][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[ 1160.585516][    C1]  ? __cookie_v4_init_sequence+0x273/0x510
[ 1160.585538][    C1]  synproxy_send_tcp+0x347/0x670
[ 1160.585558][    C1]  synproxy_send_client_synack+0x89b/0xde0
[ 1160.585584][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[ 1160.585603][    C1]  ? nft_log_destroy+0x58/0x120
[ 1160.585619][    C1]  ? synproxy_pernet+0x45/0x270
[ 1160.585641][    C1]  nft_synproxy_eval_v4+0x37b/0x530
[ 1160.585664][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[ 1160.585686][    C1]  ? nf_ip_checksum+0x13c/0x510
[ 1160.585708][    C1]  nft_synproxy_do_eval+0x335/0x550
[ 1160.585729][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[ 1160.585750][    C1]  ? __ip_vs_conn_in_get+0xa6/0x10f0
[ 1160.585773][    C1]  ? __pfx___ip_vs_conn_in_get+0x10/0x10
[ 1160.585797][    C1]  nft_do_chain+0x48d/0x1b10
[ 1160.585825][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[ 1160.585848][    C1]  ? __pfx_ip_vs_fill_iph_skb_off+0x10/0x10
[ 1160.585881][    C1]  nft_do_chain_inet+0x360/0x4b0
[ 1160.585902][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[ 1160.585927][    C1]  ? nf_nat_ipv4_local_in+0x21f/0x720
[ 1160.585945][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[ 1160.585966][    C1]  nf_hook_slow+0xc5/0x220
[ 1160.585986][    C1]  NF_HOOK+0x21f/0x3c0
[ 1160.586003][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1160.586019][    C1]  ? NF_HOOK+0x9e/0x3c0
[ 1160.586035][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 1160.586052][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1160.586073][    C1]  ? ip_local_deliver+0x113/0x190
[ 1160.586090][    C1]  NF_HOOK+0x336/0x3c0
[ 1160.586108][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1160.586124][    C1]  ? NF_HOOK+0x9e/0x3c0
[ 1160.586139][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 1160.586157][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1160.586173][    C1]  ? ip_rcv_core+0x88d/0xd50
[ 1160.586191][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 1160.586207][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 1160.586224][    C1]  process_backlog+0xa34/0x1860
[ 1160.586246][    C1]  ? process_backlog+0x3c3/0x1860
[ 1160.586278][    C1]  __napi_poll+0xaa/0x330
[ 1160.586298][    C1]  net_rx_action+0x61d/0xf50
[ 1160.586324][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 1160.586359][    C1]  handle_softirqs+0x225/0x840
[ 1160.586375][    C1]  ? do_softirq+0x76/0xd0
[ 1160.586392][    C1]  ? kernel_fpu_end+0x62/0x80
[ 1160.586410][    C1]  do_softirq+0x76/0xd0
[ 1160.586423][    C1]  </IRQ>
[ 1160.586429][    C1]  <TASK>
[ 1160.586435][    C1]  __local_bh_enable_ip+0xf8/0x130
[ 1160.586451][    C1]  blake2s_compress+0xfa/0x1c00
[ 1160.586469][    C1]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1160.586489][    C1]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1160.586508][    C1]  ? sit_tunnel_xmit+0xc29/0x1c60
[ 1160.586531][    C1]  ? __asan_memset+0x22/0x50
[ 1160.586550][    C1]  ? kernel_fpu_begin_mask+0x2b8/0x380
[ 1160.586569][    C1]  ? __pfx_blake2s_compress+0x10/0x10
[ 1160.586588][    C1]  ? kernel_fpu_end+0x62/0x80
[ 1160.586608][    C1]  ? __local_bh_enable_ip+0xd0/0x130
[ 1160.586623][    C1]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1160.586639][    C1]  ? kernel_fpu_end+0x62/0x80
[ 1160.586656][    C1]  ? __local_bh_enable_ip+0xd0/0x130
[ 1160.586671][    C1]  ? blake2s_compress+0x1b4d/0x1c00
[ 1160.586694][    C1]  blake2s_final+0x10f/0x260
[ 1160.586714][    C1]  hmac+0x204/0x3b0
[ 1160.586735][    C1]  ? __pfx_hmac+0x10/0x10
[ 1160.586760][    C1]  ? curve25519_generate_public+0x2fed/0x3050
[ 1160.586789][    C1]  ? __asan_memset+0x22/0x50
[ 1160.586810][    C1]  message_ephemeral+0x255/0x310
[ 1160.586831][    C1]  ? __pfx_message_ephemeral+0x10/0x10
[ 1160.586867][    C1]  ? down_read+0x270/0x2e0
[ 1160.586887][    C1]  wg_noise_handshake_create_initiation+0x24f/0x810
[ 1160.586911][    C1]  ? __pfx_wg_noise_handshake_create_initiation+0x10/0x10
[ 1160.586934][    C1]  ? __lock_acquire+0x683/0x2cd0
[ 1160.586961][    C1]  ? ktime_get_coarse_with_offset+0x8a/0x150
[ 1160.586987][    C1]  ? ktime_get_coarse_with_offset+0x8a/0x150
[ 1160.587011][    C1]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1160.587027][    C1]  ? ktime_get_coarse_with_offset+0x8a/0x150
[ 1160.587049][    C1]  ? ktime_get_coarse_with_offset+0x102/0x150
[ 1160.587072][    C1]  wg_packet_handshake_send_worker+0x18c/0x370
[ 1160.587090][    C1]  ? __pfx_wg_packet_handshake_send_worker+0x10/0x10
[ 1160.587106][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1160.587137][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1160.587155][    C1]  ? process_scheduled_works+0xa20/0x14e0
[ 1160.587169][    C1]  process_scheduled_works+0xa8e/0x14e0
[ 1160.587199][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1160.587217][    C1]  ? assign_work+0x3cf/0x5d0
[ 1160.587234][    C1]  worker_thread+0xa47/0xfb0
[ 1160.587262][    C1]  ? __kthread_parkme+0x71/0x1f0
[ 1160.587284][    C1]  kthread+0x389/0x470
[ 1160.587302][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1160.587316][    C1]  ? __pfx_kthread+0x10/0x10
[ 1160.587338][    C1]  ret_from_fork+0x514/0xb70
[ 1160.587355][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1160.587370][    C1]  ? __switch_to+0xc89/0x1420
[ 1160.587396][    C1]  ? __pfx_kthread+0x10/0x10
[ 1160.587415][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1160.587440][    C1]  </TASK>