last executing test programs:

1.91746937s ago: executing program 0 (id=4197):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010b00000000000000000600000020000180140002007665746831000000ab5f0000000000000800030004"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000014007910480000000000690046000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0xa3}, 0x21)
close(r0)

1.777617945s ago: executing program 2 (id=4199):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@GTPA_VERSION={0x8}]}, 0x1c}}, 0x0)

1.775353437s ago: executing program 1 (id=4200):
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6000002, 0x8032, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
recvmmsg(r2, &(0x7f0000004f00)=[{{0x0, 0x0, 0x0}, 0xfffffffa}], 0x1, 0x10022, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f00000000c0)=@ethtool_stats})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000040)={'wlan0\x00', 0x0})
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
sendto$inet6(r0, &(0x7f0000000080)="b159e21d2250fe", 0x7, 0x8000, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24, 0x3, @private1, 0x3}, 0x1c)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="8500000088000000791000000000000063000000001000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc6, &(0x7f0000000400)=""/198, 0x41100, 0x33, '\x00', 0x0, @sk_msg}, 0x94)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=@newsa={0x1a0, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@broadcast, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x96}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'digest_null\x00'}}}]}, 0x1a0}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@newpolicy={0xe0, 0x13, 0x100, 0x70bd2d, 0x25dfdbfd, {{@in=@rand_addr=0x64010100, @in6=@empty, 0x4e21, 0x1, 0x4e23, 0x2, 0x2, 0xa0, 0x20, 0x33, 0x0, 0xee01}, {0x401, 0x0, 0x9, 0x6, 0x2, 0x1, 0x7, 0xa7}, {0x9, 0x150014c5, 0x100, 0x6}, 0xfffffffa, 0x6e6bb0, 0x2, 0x0, 0x3, 0x2}, [@srcaddr={0x14, 0xd, @in=@private=0xa010101}, @policy_type={0xa}, @replay_thresh={0x8, 0xb, 0x9}]}, 0xe0}, 0x1, 0x0, 0x0, 0x44001}, 0x40000)
sendmsg$NFT_BATCH(r6, &(0x7f0000000580)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x7}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}]}, @NFT_MSG_DELTABLE={0x1c, 0x2, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x304, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x1}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x3}, @NFTA_SET_ID={0x8}, @NFTA_SET_POLICY={0x8}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x16c, 0x6, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}, @NFTA_RULE_POSITION_ID={0x8}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_USERDATA={0x4f, 0x7, 0x1, 0x0, "fb61dbd64894761539fc8f64a512c317cc382a32883b2d724b90fc58d83ecc4301dd9c3cef8ab0d85c70588f4a0f14763c0634f17a046ac8b7c3c34df18a77000dcdb7074be6e75ff77284"}, @NFTA_RULE_USERDATA={0xbd, 0x7, 0x1, 0x0, "05efcb1c418cb1d2cce18cdbce799cb610c3fb50a22c6314eaef895356353cb4d1f69d2f116060e74965b91aea9a47a9b2071369d7c547fe86908a812bb019ab150086e85112056f1691c5a92ddcdf187fcd93d60973a0ac07999dd3813568764327d7d99213b218ec85a41e916aac454c1d38813a609f75f391e771b4bf87f0bdf71b6de105adc88d4b47e92bf05c1968dd4391d208eb74ff007ce80c3b3dcb68ea94a9b2aa2a75f498680586199193f9b67d1f63d4ca9303"}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}]}, @NFT_MSG_DELOBJ={0x4c, 0x14, 0xa, 0x401, 0x0, 0x0, {0xf, 0x0, 0x8}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x324}, 0x1, 0x0, 0x0, 0x1}, 0x800)

1.613464042s ago: executing program 3 (id=4203):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x400000000010, 0x3, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00', 0x9}, 0x1c)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="64a6cf114d055da97d4e7e2e8b7df28fa9b6326b6d548999d288afa39b9a5a8d2440a95b35609e7b8b2f8895b93395d1418b160963c7a2e0df90834541d75f4b611330437e78f8441f35e80e30eafab0b571c723ae000e8f726a3c1f02e244344d57bd578a15b59a3dfd87a160cf92deb1f5a8bfc1134849936e2c3930", 0x7d)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x6c, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x44, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xff8}}, {0x20, 0x2, @in6={0xa, 0x0, 0xfffffffc, @mcast2}}}}]}]}, 0x6c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x0, 0x0, 0x0, 0x8, 0x2}]}}, 0x0, 0x26, 0x0, 0x1, 0x5}, 0x28)

1.533859024s ago: executing program 2 (id=4204):
bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0xc, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xb1}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffe4, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.533595455s ago: executing program 1 (id=4205):
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000100)=0x2c)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r2=>0x0})
r3 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000b5ce3db181591b5f64c25ac67c6269bc0000280012800c040100000000040000030003d9000008000500"/63, @ANYRES32=r2, @ANYBLOB], 0x50}}, 0x0)

1.405310544s ago: executing program 1 (id=4207):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000fb000000000230000000e500020000000000e500fcff00000000060000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8}, 0x90)

1.357744707s ago: executing program 2 (id=4208):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet(r0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='yeah\x00', 0x5)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="fc11000012000102000800000000000000040000000000000000009600000000000000000000000000000000000000000000000000000000f864e9787cc5fc3214c6b31ade"], 0x11fc}, 0x1, 0x0, 0x4000000, 0x4008000}, 0x40000)

1.356582503s ago: executing program 3 (id=4209):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000fedbdf250c00000008000300", @ANYRES32=r3], 0x28}, 0x1, 0x0, 0x0, 0x8020}, 0x200000c0)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x8, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000081}, 0x4048010) (async)
r5 = socket$netlink(0x10, 0x3, 0x10) (async)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet_tcp_TLS_TX(r6, 0x29, 0x1d, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000200)={0x28, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xbac9ee6}]}, 0x28}, 0x1, 0x0, 0x0, 0x48af2a26871d0789}, 0x8000)

1.260332473s ago: executing program 1 (id=4211):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2002, 0x0, 0x11, r3, 0x80000000)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4)
bind$inet6(r7, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x10000000}, 0x1c)
listen(r6, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='\a'], 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="620ac4ff000000007110bd000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r2}, 0x20)
sendmmsg$inet6(r2, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x1, &(0x7f0000000480), 0x14}}], 0x400, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400090000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x2e0, 0xe80, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f086dd0de0ffff00184000632b77fbac14140ce000000562079f4b4d2f87e505ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f91731dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3e0, 0x9a0, 0x9a0, 0x0, 0xb48, 0xa38, 0xc40, 0xc40, 0xc40, 0xc40, 0xc40, 0x6, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'geneve1\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8001, @ipv4=@local, 0x4e23}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@empty, @empty, 0x0, 0x0, 'pimreg1\x00', 'rose0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x440)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r9, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000540)={0x0, ""/256, 0x0, 0x0, <r10=>0x0})
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000480)=<r11=>0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r8, 0xc0c89425, &(0x7f00000010c0)={"1ac2e980de3d92f6be454c052b5a2acd", r10, r11, {0x1ff, 0x1}, {0x20002, 0x2}, 0xe, [0x2, 0x8000, 0x8, 0x3, 0x4, 0x4, 0x9619, 0xf1eb, 0x8, 0x9, 0x1000000000000000, 0x2, 0x8b63, 0xfa43, 0x0, 0xfff]})
r12 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r12, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)

1.260184741s ago: executing program 2 (id=4212):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
sendto$inet(r1, 0x0, 0xfffe, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)

1.165424712s ago: executing program 3 (id=4213):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)=@generic={&(0x7f0000000200)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000340)=ANY=[@ANYRES64=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x80080, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420000461afb9fdd672bad09dfb78c7699c74e891a0c7fffffffffffffff5000000000000000008000240000000000e00010049444c4554494d455200000009000200735c7a3200000000140000001100010000000000000000000100000a"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @remote, @dev, @remote}}}}, 0x0)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r10=>0x0})
sendto$packet(r9, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @link_local}, 0x14)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000007000000080001006e00000008000300", @ANYRES32=r11, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e310000000000000000000000140006"], 0x60}}, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000180001000101000000000000020000000000000900000000060015000400000014001680100008800c00028008000180"], 0x38}}, 0x0)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000380)=@gettaction={0x58, 0x32, 0x100, 0x70bd26, 0x25dfdc01, {}, [@action_gd=@TCA_ACT_TAB={0x44, 0x1, [{0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fffffff}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0xffffffffffffffce, 0x3, 0x10}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000004}, 0x4840)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x60}, 0x50)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000050000000060a010400000000000000000100000808000b400000000028000480240001800b0001007470726f7879000014000280080003400000000a08000140000000420900010073797a30"], 0xc4}}, 0x4008800)

1.043297383s ago: executing program 3 (id=4215):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x180, 0x4, 0x28}, 0x50)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}}, 0x0, 0x2a, 0x0, 0x0, 0x800001}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xa, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000101840000004000000000000000000000095000000000000009500000000000000950000000000000018400000feffffff050000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x9, 0x0, 0x0, 0x7ffffff, &(0x7f0000000200), 0x10}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b009548330af43f560f89210abd742061bd5a380e7ad21b47040db4f738eb1e00"/74], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2d, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x18)
syz_80211_inject_frame(&(0x7f0000000580), 0x0, 0x0)

933.253967ms ago: executing program 0 (id=4217):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffc})
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
ioctl(r0, 0x8b22, &(0x7f0000000040))
socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0xa, 0x801, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r3)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2531000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x300000c, 0x3032, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f0000000040)={0x5, 0x800007, 0x2, 0x6, 0x8, 0x8, 0x7, 0x4}, &(0x7f0000000080)={0x97, 0x8, 0x0, 0x1, 0x5, 0x4, 0x3, 0x4}, 0x0, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="8c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b000100697036677265000030000280140007002001000000000000000000000000000014000600fc020000000000000000000000000000040012000800280070cf00000c0019800500060014000000080004"], 0x8c}}, 0x0)

841.541277ms ago: executing program 4 (id=4218):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
select(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket(0x1d, 0x2, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x20014d2}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000002180)=""/4079, 0xfef}, {&(0x7f0000003180)=""/177, 0xb1}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f0000000580)=""/231, 0xe7}, {&(0x7f0000001b00)=""/214, 0xd6}, {&(0x7f00000002c0)=""/88, 0x58}, {&(0x7f0000000340)=""/261, 0x105}, {&(0x7f0000001a40)=""/152, 0x98}, {&(0x7f0000000100)=""/147, 0x93}], 0x9}, 0x81}], 0x3, 0x2140, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan1\x00'})
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00', <r6=>0x0})
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000000)={r6, 0x1, 0x6, @multicast}, 0x10)
close(r5)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES8=r3, @ANYRES16=r4, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYRESDEC=r5, @ANYRES8=0x0, @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x7, &(0x7f00000000c0)="fbffff", 0x3)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmmsg(r7, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000ec0)=""/148, 0x94}, {&(0x7f0000001340)=""/4094, 0xffe}, {&(0x7f0000000040)=""/114, 0x72}, {&(0x7f00000001c0)=""/60, 0x3c}, {&(0x7f0000000200)=""/152, 0x98}, {&(0x7f00000002c0)=""/210, 0xd2}], 0x6}, 0x1}], 0x2, 0x0, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

726.96783ms ago: executing program 4 (id=4219):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
bind$packet(r1, &(0x7f00000000c0)={0x11, 0x4, r4, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x14)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x3, {0x0, 0x0, 0x12, r4, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x16, 0x5, 0x1, 0x5, 0x0, 0xffffffff, 0x7fffffff}}, {0x4}}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300002000068000000090a010400000000fcff00000100000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000212c0011800b00010074617267657400001c0002800400030008000240000000000a0001"], 0xb0}}, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001380)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xfff3, 0xfff3}}, [@filter_kind_options=@f_basic={{0xa}, {0xffffffffffffff37, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0xf6, 0x8, 0x9}, {0x1, 0x4}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

667.261776ms ago: executing program 0 (id=4220):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r3, @ANYBLOB="ff0600bd7000000004003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd00000000006c00330080200900080211000001080211000000"], 0x90}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

557.462022ms ago: executing program 0 (id=4221):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000fb000000000040000000e500020000000000e500fcff00000000060000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8}, 0x90)

557.094334ms ago: executing program 4 (id=4222):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x108}}, 0x0)

542.514411ms ago: executing program 0 (id=4223):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280c300128c", 0x2e}], 0x1}, 0x8000)

477.924132ms ago: executing program 4 (id=4224):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f00000000c0)={0x0, 0x2, '\x00', [@jumbo={0xc2, 0x4, 0xfff}, @jumbo={0xc2, 0x4, 0x10000}, @enc_lim={0x4, 0x1, 0x3}, @pad1]}, 0x20)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='ip_vti0\x00', 0x10)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000fbdbdf25410000000e0001006eb49164657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f707300000000bafbaa90ef05008700000000000321"], 0x4c}}, 0x4004)

477.164538ms ago: executing program 0 (id=4225):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x180e0000}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0)

349.565151ms ago: executing program 4 (id=4226):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2002, 0x0, 0x11, r3, 0x80000000)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='\a'], 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="620ac4ff000000007110bd000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r2}, 0x20)
sendmmsg$inet6(r2, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x1, &(0x7f0000000480), 0x14}}], 0x400, 0x10) (fail_nth: 4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400090000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x2e0, 0xe80, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f086dd0de0ffff00184000632b77fbac14140ce000000562079f4b4d2f87e505ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f91731dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3e0, 0x9a0, 0x9a0, 0x0, 0xb48, 0xa38, 0xc40, 0xc40, 0xc40, 0xc40, 0xc40, 0x6, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'geneve1\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8001, @ipv4=@local, 0x4e23}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@empty, @empty, 0x0, 0x0, 'pimreg1\x00', 'rose0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x440)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r7, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000540)={0x0, ""/256, 0x0, 0x0, <r8=>0x0})
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000480)=<r9=>0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r6, 0xc0c89425, &(0x7f00000010c0)={"1ac2e980de3d92f6be454c052b5a2acd", r8, r9, {0x1ff, 0xffffff01}, {0x2, 0x2}, 0xe, [0x2, 0x8000, 0x8, 0x3, 0x4, 0x4, 0xffffffff, 0xf1eb, 0x8, 0x9, 0x1000000000000000, 0x2, 0x8b63, 0xfa43, 0x0, 0xfff]})
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept$alg(r10, 0x0, 0x0)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r7, 0x8983, &(0x7f0000000440)={0x1, 'veth1_to_bridge\x00', {}, 0x5})
socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)

349.177203ms ago: executing program 3 (id=4227):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b, 0x14218}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY_RESELECT={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@ipv4_delroute={0x4c, 0x19, 0x901, 0x70bd29, 0x80, {0x2, 0x18, 0x10, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_SRC={0x14, 0x3, @private0}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

314.188641ms ago: executing program 1 (id=4228):
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c076f2c6014f5d219221d80481aed108a2cb749a807133ed7a80ffe0090f000060000000a2bcb503ca00000f7f8900000020000000", 0x48}], 0x1)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x20, r2, 0xb15, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r4 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000200)={<r5=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x7c, r5})
r7 = socket(0xa, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
ioctl(r6, 0x8916, &(0x7f0000000000))
ioctl(r7, 0x8936, &(0x7f0000000000))
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r1)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r10=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r9, 0x84, 0x18, &(0x7f00000003c0)={r10, 0xcb}, 0x8)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r13=>0x0})
sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x30, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r13, 0x0, 0x96, 0x4}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r11, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, r8, 0x4, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xff}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x2004c0c1}, 0x80)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01022cbd7000fedbdf25280000000a0001007770616e3000000008002c000100000005002b000200000005002e0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4002080}, 0x4000)

253.339028ms ago: executing program 2 (id=4229):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000040)={@multicast1, @rand_addr=0x64010102, 0xffffffffffffffff, "ddc3ad9adab84a5aafd59ce4593111076f61b17cd5047d3d345445d6c7b7fccf", 0x2, 0x9, 0xbc1, 0xb}, 0x3c)
ioctl$SIOCGETVIFCNT(r1, 0x89e0, &(0x7f0000000080)={0xffffffffffffffff})
r2 = socket$phonet(0x23, 0x2, 0x1)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, r3, 0x400, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x8}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x40048)
r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000280), r0)
sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r5, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'sit0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040001}, 0x80)
getsockopt$ax25_int(r0, 0x101, 0xa, &(0x7f0000000380), &(0x7f00000003c0)=0x4)
sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, r3, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4ab3, 0x53}}}}, ["", "", ""]}, 0x20}}, 0x0)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000540), r0)
sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x40, r6, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x101}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x40}, 0x1, 0x0, 0x0, 0x4880}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000006c0)={'syztnl0\x00', &(0x7f0000000640)={'ip6_vti0\x00', <r7=>0x0, 0x2f, 0x5, 0x0, 0xbf, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, 0x8000, 0x1, 0x27, 0x6}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000800)={'syztnl0\x00', &(0x7f0000000700)={'gretap0\x00', r7, 0x20, 0x8, 0x4, 0x0, {{0x37, 0x4, 0x0, 0x5, 0xdc, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast2, @loopback, {[@timestamp_prespec={0x44, 0x2c, 0xb0, 0x3, 0x3, [{@broadcast}, {@rand_addr=0x64010101, 0x1}, {@private=0xa010101, 0x5cc}, {@multicast1, 0xfd2c1367}, {@multicast1, 0x6}]}, @timestamp_prespec={0x44, 0x54, 0x13, 0x3, 0x3, [{@loopback, 0x9}, {@multicast1, 0x7}, {@multicast1, 0x9}, {@dev={0xac, 0x14, 0x14, 0xe}}, {@local, 0x100}, {@multicast1, 0x2}, {@local, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}, {@local, 0x7}, {@dev={0xac, 0x14, 0x14, 0x13}, 0x3}]}, @timestamp_addr={0x44, 0x44, 0xf7, 0x1, 0x8, [{@private=0xa010102, 0x6}, {@loopback, 0x2}, {@multicast1, 0x6}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x83}, {@multicast1, 0x1}, {@rand_addr=0x64010100, 0x7}, {@multicast1, 0x6}, {@broadcast, 0xee7}]}, @noop]}}}}})
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r8 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$EXT4_IOC_GROUP_ADD(r8, 0x40286608, &(0x7f0000000840)={0x0, 0x6, 0x6, 0x7fff, 0x2, 0x3})
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000880)={{0x6c, @private=0xa010101, 0x4e23, 0x4, 'wrr\x00', 0x20, 0x5, 0x19}, {@broadcast, 0x4e22, 0x3, 0xfffffffe, 0xd, 0x3}}, 0x44)
r9 = socket(0x3, 0x6, 0xfffffff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}]}, 0x1c}}, 0x8000)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r1)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000a80)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x24, r10, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x2000080)
r12 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000bc0), r9)
sendmsg$TIPC_NL_MON_PEER_GET(r9, &(0x7f0000000e00)={&(0x7f0000000b80), 0xc, &(0x7f0000000dc0)={&(0x7f0000000c00)={0x1b8, r12, 0x0, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x60, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x21}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffc}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfa}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x260}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffc427}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x72fd}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xdaab}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x517}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}]}, @TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc4f0}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0x28, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0xa4}, 0x40001)
r13 = syz_genetlink_get_family_id$gtp(&(0x7f0000000e80), r0)
sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x34, r13, 0x1, 0x70bd2d, 0x3, {}, [@GTPA_TID={0xc, 0x3, 0x1}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010101}]}, 0x34}}, 0x4800)

65.558845ms ago: executing program 1 (id=4230):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffc})
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
ioctl(r0, 0x8b22, &(0x7f0000000040))
socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0xa, 0x801, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r3)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2531000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x300000c, 0x3032, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f0000000040)={0x5, 0x800007, 0x2, 0x6, 0x8, 0x8, 0x7, 0x4}, &(0x7f0000000080)={0x97, 0x8, 0x0, 0x1, 0x5, 0x4, 0x3, 0x4}, 0x0, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="8c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b000100697036677265000030000280140007002001000000000000000000000000000014000600fc020000000000000000000000000000040012000800280070cf00000c0019800500060014000000080004"], 0x8c}}, 0x0)

46.475147ms ago: executing program 2 (id=4231):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r3, @ANYBLOB="ff0600bd7000000004003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd00000000006c00330080200900080211000001080211000000"], 0x90}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.629895ms ago: executing program 3 (id=4232):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000008c0)=0x576, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x8)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x4}, 0x8)
sendto$inet6(r3, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000140)={0x0, 0x8, 0x645}, 0x3c)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000240), 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="310300000000000000000900000008000300", @ANYRES32=r7], 0x24}, 0x1, 0x0, 0x0, 0x4049000}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r8=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r8], 0x68}}, 0x0)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_ifreq(r9, 0x89f0, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

0s ago: executing program 4 (id=4233):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000fb000000000041000000e500020000000000e500fcff00000000060000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8}, 0x90)

kernel console output (not intermixed with test programs):

2e
[  281.727844][T14233] RAX: ffffffffffffffda RBX: 00007fcd525b5fa0 RCX: 00007fcd5238ebe9
[  281.727856][T14233] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003
[  281.727867][T14233] RBP: 00007fcd5312f090 R08: 0000000000000000 R09: 0000000000000000
[  281.727885][T14233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.727894][T14233] R13: 00007fcd525b6038 R14: 00007fcd525b5fa0 R15: 00007ffde70bef58
[  281.727920][T14233]  </TASK>
[  282.371074][T14238] netlink: 'syz.0.2753': attribute type 2 has an invalid length.
[  282.447961][T14237] netlink: 'syz.0.2753': attribute type 1 has an invalid length.
[  282.530508][T14240] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  282.545270][T14237] netlink: 'syz.0.2753': attribute type 4 has an invalid length.
[  282.601142][T14237] netlink: 192 bytes leftover after parsing attributes in process `syz.0.2753'.
[  282.616681][T14248] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2756'.
[  282.637791][T14249] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2757'.
[  283.019915][T14260] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  283.052776][T14260] ip6gretap0: entered promiscuous mode
[  283.059775][T14260] syz_tun: entered promiscuous mode
[  283.077982][T14260] hsr1: Slave A (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  283.129166][T14260] hsr1: Slave B (syz_tun) is not up; please bring it up to get a fully working HSR network
[  283.212821][T14281] FAULT_INJECTION: forcing a failure.
[  283.212821][T14281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.254778][T14281] CPU: 1 UID: 0 PID: 14281 Comm: syz.0.2767 Not tainted syzkaller #0 PREEMPT(full) 
[  283.254807][T14281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  283.254819][T14281] Call Trace:
[  283.254828][T14281]  <TASK>
[  283.254837][T14281]  dump_stack_lvl+0x189/0x250
[  283.254869][T14281]  ? __pfx____ratelimit+0x10/0x10
[  283.254901][T14281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.254925][T14281]  ? __pfx__printk+0x10/0x10
[  283.254954][T14281]  ? __might_fault+0xb0/0x130
[  283.254994][T14281]  should_fail_ex+0x414/0x560
[  283.255027][T14281]  _copy_from_user+0x2d/0xb0
[  283.255052][T14281]  kstrtouint_from_user+0xc4/0x170
[  283.255087][T14281]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  283.255135][T14281]  proc_fail_nth_write+0x88/0x200
[  283.255165][T14281]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  283.255195][T14281]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  283.255248][T14281]  vfs_write+0x27e/0xb30
[  283.255286][T14281]  ? __pfx_vfs_write+0x10/0x10
[  283.255314][T14281]  ? __fget_files+0x2a/0x420
[  283.255351][T14281]  ? __fget_files+0x3a0/0x420
[  283.255380][T14281]  ? __fget_files+0x2a/0x420
[  283.255419][T14281]  ksys_write+0x145/0x250
[  283.255450][T14281]  ? __pfx_ksys_write+0x10/0x10
[  283.255474][T14281]  ? rcu_is_watching+0x15/0xb0
[  283.255501][T14281]  ? do_syscall_64+0xbe/0x3b0
[  283.255524][T14281]  do_syscall_64+0xfa/0x3b0
[  283.255541][T14281]  ? lockdep_hardirqs_on+0x9c/0x150
[  283.255569][T14281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.255590][T14281]  ? clear_bhb_loop+0x60/0xb0
[  283.255616][T14281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.255634][T14281] RIP: 0033:0x7f842b58d69f
[  283.255653][T14281] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  283.255671][T14281] RSP: 002b:00007f842c324030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  283.255692][T14281] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f842b58d69f
[  283.255706][T14281] RDX: 0000000000000001 RSI: 00007f842c3240a0 RDI: 0000000000000004
[  283.255719][T14281] RBP: 00007f842c324090 R08: 0000000000000000 R09: 0000000000000000
[  283.255732][T14281] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  283.255744][T14281] R13: 00007f842b7b6038 R14: 00007f842b7b5fa0 R15: 00007fff218c26f8
[  283.255778][T14281]  </TASK>
[  283.609467][T14287] FAULT_INJECTION: forcing a failure.
[  283.609467][T14287] name failslab, interval 1, probability 0, space 0, times 0
[  283.626369][T14287] CPU: 1 UID: 0 PID: 14287 Comm: syz.4.2771 Not tainted syzkaller #0 PREEMPT(full) 
[  283.626397][T14287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  283.626410][T14287] Call Trace:
[  283.626418][T14287]  <TASK>
[  283.626427][T14287]  dump_stack_lvl+0x189/0x250
[  283.626457][T14287]  ? __pfx____ratelimit+0x10/0x10
[  283.626497][T14287]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.626522][T14287]  ? __pfx__printk+0x10/0x10
[  283.626558][T14287]  ? __pfx___might_resched+0x10/0x10
[  283.626580][T14287]  should_fail_ex+0x414/0x560
[  283.626609][T14287]  should_failslab+0xa8/0x100
[  283.626637][T14287]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  283.626666][T14287]  ? __alloc_skb+0x112/0x2d0
[  283.626690][T14287]  __alloc_skb+0x112/0x2d0
[  283.626713][T14287]  netlink_sendmsg+0x5c6/0xb30
[  283.626743][T14287]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.626766][T14287]  ? aa_sock_msg_perm+0xf1/0x1d0
[  283.626787][T14287]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  283.626808][T14287]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.626828][T14287]  __sock_sendmsg+0x219/0x270
[  283.626858][T14287]  ____sys_sendmsg+0x505/0x830
[  283.626886][T14287]  ? __pfx_____sys_sendmsg+0x10/0x10
[  283.626919][T14287]  ? import_iovec+0x74/0xa0
[  283.626946][T14287]  ___sys_sendmsg+0x21f/0x2a0
[  283.626970][T14287]  ? __pfx____sys_sendmsg+0x10/0x10
[  283.627031][T14287]  ? __fget_files+0x2a/0x420
[  283.627060][T14287]  ? __fget_files+0x3a0/0x420
[  283.627098][T14287]  __x64_sys_sendmsg+0x19b/0x260
[  283.627125][T14287]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  283.627159][T14287]  ? __pfx_ksys_write+0x10/0x10
[  283.627182][T14287]  ? rcu_is_watching+0x15/0xb0
[  283.627207][T14287]  ? do_syscall_64+0xbe/0x3b0
[  283.627230][T14287]  do_syscall_64+0xfa/0x3b0
[  283.627245][T14287]  ? lockdep_hardirqs_on+0x9c/0x150
[  283.627274][T14287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.627295][T14287]  ? clear_bhb_loop+0x60/0xb0
[  283.627319][T14287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.627339][T14287] RIP: 0033:0x7f2bddd8ebe9
[  283.627358][T14287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.627376][T14287] RSP: 002b:00007f2bdeb93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  283.627398][T14287] RAX: ffffffffffffffda RBX: 00007f2bddfb5fa0 RCX: 00007f2bddd8ebe9
[  283.627414][T14287] RDX: 0000000004000840 RSI: 0000200000000d40 RDI: 0000000000000003
[  283.627426][T14287] RBP: 00007f2bdeb93090 R08: 0000000000000000 R09: 0000000000000000
[  283.627438][T14287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.627449][T14287] R13: 00007f2bddfb6038 R14: 00007f2bddfb5fa0 R15: 00007ffdb1459ca8
[  283.627491][T14287]  </TASK>
[  284.668527][T14340] __nla_validate_parse: 9 callbacks suppressed
[  284.668545][T14340] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2785'.
[  284.727364][T14344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2786'.
[  284.891346][T14346] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2788'.
[  285.014380][T14357] FAULT_INJECTION: forcing a failure.
[  285.014380][T14357] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.061935][T14357] CPU: 1 UID: 0 PID: 14357 Comm: syz.0.2792 Not tainted syzkaller #0 PREEMPT(full) 
[  285.061962][T14357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  285.061973][T14357] Call Trace:
[  285.061980][T14357]  <TASK>
[  285.061988][T14357]  dump_stack_lvl+0x189/0x250
[  285.062025][T14357]  ? __pfx____ratelimit+0x10/0x10
[  285.062052][T14357]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.062073][T14357]  ? __pfx__printk+0x10/0x10
[  285.062111][T14357]  should_fail_ex+0x414/0x560
[  285.062141][T14357]  _copy_to_user+0x31/0xb0
[  285.062165][T14357]  simple_read_from_buffer+0xe1/0x170
[  285.062197][T14357]  proc_fail_nth_read+0x1b3/0x220
[  285.062221][T14357]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  285.062245][T14357]  ? rw_verify_area+0x2a6/0x4d0
[  285.062268][T14357]  ? __lock_acquire+0xab9/0xd20
[  285.062292][T14357]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  285.062314][T14357]  vfs_read+0x1fd/0xa30
[  285.062337][T14357]  ? fdget_pos+0x247/0x320
[  285.062357][T14357]  ? __pfx___mutex_lock+0x10/0x10
[  285.062386][T14357]  ? __pfx_vfs_read+0x10/0x10
[  285.062411][T14357]  ? __fget_files+0x2a/0x420
[  285.062441][T14357]  ? __fget_files+0x3a0/0x420
[  285.062467][T14357]  ? __fget_files+0x2a/0x420
[  285.062502][T14357]  ksys_read+0x145/0x250
[  285.062529][T14357]  ? __pfx_ksys_read+0x10/0x10
[  285.062549][T14357]  ? rcu_is_watching+0x15/0xb0
[  285.062573][T14357]  ? do_syscall_64+0xbe/0x3b0
[  285.062594][T14357]  do_syscall_64+0xfa/0x3b0
[  285.062608][T14357]  ? lockdep_hardirqs_on+0x9c/0x150
[  285.062634][T14357]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.062652][T14357]  ? clear_bhb_loop+0x60/0xb0
[  285.062676][T14357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.062694][T14357] RIP: 0033:0x7f842b58d5fc
[  285.062711][T14357] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  285.062727][T14357] RSP: 002b:00007f842c324030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  285.062746][T14357] RAX: ffffffffffffffda RBX: 00007f842b7b5fa0 RCX: 00007f842b58d5fc
[  285.062760][T14357] RDX: 000000000000000f RSI: 00007f842c3240a0 RDI: 000000000000000a
[  285.062771][T14357] RBP: 00007f842c324090 R08: 0000000000000000 R09: 0000000000000000
[  285.062782][T14357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.062793][T14357] R13: 00007f842b7b6038 R14: 00007f842b7b5fa0 R15: 00007fff218c26f8
[  285.062825][T14357]  </TASK>
[  285.379852][T14363] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2794'.
[  285.474780][T14371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2800'.
[  285.493467][T14367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2797'.
[  285.502983][T14367] openvswitch: netlink: Flow key attr not present in new flow.
[  285.755330][T14387] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  285.899010][T14394] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  285.908741][T14394] syzkaller0: entered promiscuous mode
[  285.914622][T14394] syzkaller0: entered allmulticast mode
[  285.942552][T14392] tipc: Resetting bearer <eth:syzkaller0>
[  285.970091][T14392] tipc: Disabling bearer <eth:syzkaller0>
[  285.997057][T14398] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  286.028724][T14398] syzkaller0: entered promiscuous mode
[  286.058800][T14398] syzkaller0: entered allmulticast mode
[  286.099219][T14407] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  286.112566][T14403] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  286.119858][T14396] tipc: Resetting bearer <eth:syzkaller0>
[  286.154902][T14396] tipc: Disabling bearer <eth:syzkaller0>
[  286.180048][T14403] syzkaller0: entered promiscuous mode
[  286.186332][T14403] syzkaller0: entered allmulticast mode
[  286.188727][T14411] netlink: 'syz.1.2813': attribute type 10 has an invalid length.
[  286.204087][T14403] tipc: Resetting bearer <eth:syzkaller0>
[  286.213598][T14402] tipc: Resetting bearer <eth:syzkaller0>
[  286.236899][T14402] tipc: Disabling bearer <eth:syzkaller0>
[  286.305143][T14414] netlink: 'syz.4.2814': attribute type 1 has an invalid length.
[  286.352531][T14414] bond6: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  286.414782][T14418] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2814'.
[  286.428076][T14414] veth7: entered promiscuous mode
[  286.449893][T14423] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2815'.
[  286.466876][T14414] bond6: (slave veth7): Enslaving as a backup interface with a down link
[  286.483277][T14424] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2816'.
[  286.520099][T14424] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.585547][T14424] bridge_slave_1 (unregistering): left allmulticast mode
[  286.602244][T14424] bridge_slave_1 (unregistering): left promiscuous mode
[  286.609495][T14424] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.659621][ T1005] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  286.669872][T14418] 8021q: adding VLAN 0 to HW filter on device bond6
[  286.802818][ T7641] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  286.814303][T14436] FAULT_INJECTION: forcing a failure.
[  286.814303][T14436] name failslab, interval 1, probability 0, space 0, times 0
[  286.836406][T14436] CPU: 0 UID: 0 PID: 14436 Comm: syz.4.2823 Not tainted syzkaller #0 PREEMPT(full) 
[  286.836435][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  286.836449][T14436] Call Trace:
[  286.836457][T14436]  <TASK>
[  286.836466][T14436]  dump_stack_lvl+0x189/0x250
[  286.836496][T14436]  ? __pfx____ratelimit+0x10/0x10
[  286.836527][T14436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.836552][T14436]  ? __pfx__printk+0x10/0x10
[  286.836583][T14436]  ? __lock_acquire+0xab9/0xd20
[  286.836625][T14436]  should_fail_ex+0x414/0x560
[  286.836659][T14436]  should_failslab+0xa8/0x100
[  286.836691][T14436]  kmem_cache_alloc_noprof+0x73/0x3c0
[  286.836719][T14436]  ? skb_clone+0x212/0x3a0
[  286.836748][T14436]  skb_clone+0x212/0x3a0
[  286.836775][T14436]  __netlink_deliver_tap+0x404/0x850
[  286.836822][T14436]  ? netlink_deliver_tap+0x2e/0x1b0
[  286.836855][T14436]  netlink_deliver_tap+0x19c/0x1b0
[  286.836897][T14436]  netlink_unicast+0x7fa/0x9e0
[  286.836934][T14436]  ? __pfx_netlink_unicast+0x10/0x10
[  286.836963][T14436]  ? netlink_sendmsg+0x642/0xb30
[  286.836978][T14436]  ? skb_put+0x11b/0x210
[  286.837002][T14436]  netlink_sendmsg+0x805/0xb30
[  286.837031][T14436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.837049][T14436]  ? aa_sock_msg_perm+0xf1/0x1d0
[  286.837066][T14436]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  286.837085][T14436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.837100][T14436]  __sock_sendmsg+0x219/0x270
[  286.837125][T14436]  ____sys_sendmsg+0x505/0x830
[  286.837150][T14436]  ? __pfx_____sys_sendmsg+0x10/0x10
[  286.837176][T14436]  ? import_iovec+0x74/0xa0
[  286.837198][T14436]  ___sys_sendmsg+0x21f/0x2a0
[  286.837218][T14436]  ? __pfx____sys_sendmsg+0x10/0x10
[  286.837267][T14436]  ? __fget_files+0x2a/0x420
[  286.837291][T14436]  ? __fget_files+0x3a0/0x420
[  286.837325][T14436]  __x64_sys_sendmsg+0x19b/0x260
[  286.837349][T14436]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  286.837375][T14436]  ? __pfx_ksys_write+0x10/0x10
[  286.837395][T14436]  ? rcu_is_watching+0x15/0xb0
[  286.837416][T14436]  ? do_syscall_64+0xbe/0x3b0
[  286.837435][T14436]  do_syscall_64+0xfa/0x3b0
[  286.837448][T14436]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.837471][T14436]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.837487][T14436]  ? clear_bhb_loop+0x60/0xb0
[  286.837508][T14436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.837524][T14436] RIP: 0033:0x7f2bddd8ebe9
[  286.837539][T14436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.837553][T14436] RSP: 002b:00007f2bdeb93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  286.837570][T14436] RAX: ffffffffffffffda RBX: 00007f2bddfb5fa0 RCX: 00007f2bddd8ebe9
[  286.837583][T14436] RDX: 0000000004000840 RSI: 0000200000000d40 RDI: 0000000000000003
[  286.837594][T14436] RBP: 00007f2bdeb93090 R08: 0000000000000000 R09: 0000000000000000
[  286.837604][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.837613][T14436] R13: 00007f2bddfb6038 R14: 00007f2bddfb5fa0 R15: 00007ffdb1459ca8
[  286.837640][T14436]  </TASK>
[  287.144287][   T11] block nbd0: Possible stuck request ffff888025380000: control (read@0,1024B). Runtime 150 seconds
[  287.144539][T14441] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  287.155085][   T11] block nbd0: Possible stuck request ffff8880253801c0: control (read@1024,1024B). Runtime 150 seconds
[  287.155120][   T11] block nbd0: Possible stuck request ffff888025380380: control (read@2048,1024B). Runtime 150 seconds
[  287.155149][   T11] block nbd0: Possible stuck request ffff888025380540: control (read@3072,1024B). Runtime 150 seconds
[  287.353880][T14443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2822'.
[  287.691393][T14450] syzkaller0: entered allmulticast mode
[  287.738663][T14450] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.830669][T14449] tipc: Resetting bearer <eth:syzkaller0>
[  288.825758][ T5924] tipc: Node number set to 21188982
[  289.411217][T14449] tipc: Disabling bearer <eth:syzkaller0>
[  289.867246][T14497] syzkaller1: entered promiscuous mode
[  289.893868][T14497] syzkaller1: entered allmulticast mode
[  290.007265][T14509] netlink: 'syz.0.2848': attribute type 4 has an invalid length.
[  290.043037][T14509] __nla_validate_parse: 2 callbacks suppressed
[  290.043060][T14509] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2848'.
[  290.071544][T14508] delete_channel: no stack
[  290.567346][T14536] FAULT_INJECTION: forcing a failure.
[  290.567346][T14536] name failslab, interval 1, probability 0, space 0, times 0
[  290.586536][T14536] CPU: 1 UID: 0 PID: 14536 Comm: syz.1.2860 Not tainted syzkaller #0 PREEMPT(full) 
[  290.586568][T14536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  290.586582][T14536] Call Trace:
[  290.586590][T14536]  <TASK>
[  290.586600][T14536]  dump_stack_lvl+0x189/0x250
[  290.586631][T14536]  ? __pfx____ratelimit+0x10/0x10
[  290.586662][T14536]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.586686][T14536]  ? __pfx__printk+0x10/0x10
[  290.586731][T14536]  should_fail_ex+0x414/0x560
[  290.586765][T14536]  should_failslab+0xa8/0x100
[  290.586797][T14536]  kmem_cache_alloc_noprof+0x73/0x3c0
[  290.586823][T14536]  ? skb_clone+0x212/0x3a0
[  290.586852][T14536]  skb_clone+0x212/0x3a0
[  290.586880][T14536]  __netlink_deliver_tap+0x404/0x850
[  290.586927][T14536]  ? netlink_deliver_tap+0x2e/0x1b0
[  290.586960][T14536]  netlink_deliver_tap+0x19c/0x1b0
[  290.586994][T14536]  netlink_dump+0x92b/0xe90
[  290.587037][T14536]  ? __pfx_netlink_dump+0x10/0x10
[  290.587063][T14536]  ? ip_set_dump_start+0x2b8/0x410
[  290.587109][T14536]  ? netlink_lookup+0x30/0x200
[  290.587137][T14536]  ? netlink_lookup+0x30/0x200
[  290.587164][T14536]  ? netlink_lookup+0x30/0x200
[  290.587200][T14536]  __netlink_dump_start+0x5cb/0x7e0
[  290.587252][T14536]  ip_set_dump+0x13e/0x1c0
[  290.587277][T14536]  ? __pfx_ip_set_dump+0x10/0x10
[  290.587301][T14536]  ? __pfx_ip_set_dump_start+0x10/0x10
[  290.587324][T14536]  ? __pfx_ip_set_dump_do+0x10/0x10
[  290.587348][T14536]  ? __pfx_ip_set_dump_done+0x10/0x10
[  290.587390][T14536]  nfnetlink_rcv_msg+0xb4a/0x1130
[  290.587419][T14536]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  290.587464][T14536]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  290.587496][T14536]  ? kasan_save_free_info+0x46/0x50
[  290.587586][T14536]  netlink_rcv_skb+0x205/0x470
[  290.587618][T14536]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  290.587647][T14536]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  290.587693][T14536]  ? bpf_lsm_capable+0x9/0x20
[  290.587718][T14536]  ? security_capable+0x7e/0x2e0
[  290.587756][T14536]  nfnetlink_rcv+0x26a/0x2520
[  290.587788][T14536]  ? __dev_queue_xmit+0x1d79/0x3b50
[  290.587824][T14536]  ? __dev_queue_xmit+0x27b/0x3b50
[  290.587862][T14536]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  290.587889][T14536]  ? __pfx___dev_queue_xmit+0x10/0x10
[  290.587929][T14536]  ? ref_tracker_free+0x63a/0x7d0
[  290.587960][T14536]  ? __asan_memcpy+0x40/0x70
[  290.587981][T14536]  ? __pfx_ref_tracker_free+0x10/0x10
[  290.588026][T14536]  ? skb_clone+0x246/0x3a0
[  290.588052][T14536]  ? __netlink_deliver_tap+0x807/0x850
[  290.588079][T14536]  ? netlink_deliver_tap+0x2e/0x1b0
[  290.588115][T14536]  ? netlink_deliver_tap+0x2e/0x1b0
[  290.588153][T14536]  netlink_unicast+0x82c/0x9e0
[  290.588189][T14536]  ? __pfx_netlink_unicast+0x10/0x10
[  290.588218][T14536]  ? netlink_sendmsg+0x642/0xb30
[  290.588232][T14536]  ? skb_put+0x11b/0x210
[  290.588255][T14536]  netlink_sendmsg+0x805/0xb30
[  290.588284][T14536]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.588306][T14536]  ? aa_sock_msg_perm+0xf1/0x1d0
[  290.588326][T14536]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  290.588347][T14536]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.588366][T14536]  __sock_sendmsg+0x219/0x270
[  290.588396][T14536]  ____sys_sendmsg+0x505/0x830
[  290.588424][T14536]  ? __pfx_____sys_sendmsg+0x10/0x10
[  290.588456][T14536]  ? import_iovec+0x74/0xa0
[  290.588495][T14536]  ___sys_sendmsg+0x21f/0x2a0
[  290.588520][T14536]  ? __pfx____sys_sendmsg+0x10/0x10
[  290.588584][T14536]  ? __fget_files+0x2a/0x420
[  290.588611][T14536]  ? __fget_files+0x3a0/0x420
[  290.588652][T14536]  __x64_sys_sendmsg+0x19b/0x260
[  290.588677][T14536]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  290.588708][T14536]  ? __pfx_ksys_write+0x10/0x10
[  290.588731][T14536]  ? rcu_is_watching+0x15/0xb0
[  290.588759][T14536]  ? do_syscall_64+0xbe/0x3b0
[  290.588783][T14536]  do_syscall_64+0xfa/0x3b0
[  290.588799][T14536]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.588826][T14536]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.588845][T14536]  ? clear_bhb_loop+0x60/0xb0
[  290.588868][T14536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.588886][T14536] RIP: 0033:0x7f9491b8ebe9
[  290.588903][T14536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.588919][T14536] RSP: 002b:00007f9492a72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  290.588939][T14536] RAX: ffffffffffffffda RBX: 00007f9491db5fa0 RCX: 00007f9491b8ebe9
[  290.588953][T14536] RDX: 0000000004000840 RSI: 0000200000000d40 RDI: 0000000000000003
[  290.588964][T14536] RBP: 00007f9492a72090 R08: 0000000000000000 R09: 0000000000000000
[  290.588975][T14536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.588986][T14536] R13: 00007f9491db6038 R14: 00007f9491db5fa0 R15: 00007fff5efce5a8
[  290.589017][T14536]  </TASK>
[  291.102338][T14542] netlink: 'syz.4.2862': attribute type 10 has an invalid length.
[  291.144455][T14543] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2861'.
[  291.247809][T14549] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2864'.
[  291.463752][T14559] netlink: 'syz.3.2871': attribute type 4 has an invalid length.
[  291.716837][T14577] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2878'.
[  291.876188][T14587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'.
[  291.899365][T14587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'.
[  291.915817][T14587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'.
[  291.930085][T14586] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2880'.
[  291.971384][T14590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'.
[  292.011817][T14590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'.
[  292.215064][T14608] netlink: 'syz.3.2885': attribute type 39 has an invalid length.
[  292.328317][T14608] syz_tun (unregistering): left promiscuous mode
[  293.207944][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  293.218926][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  293.227657][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  293.236032][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  293.244513][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  293.302436][T14656] lo speed is unknown, defaulting to 1000
[  293.464203][T14656] hsr0 speed is unknown, defaulting to 1000
[  293.628949][T14656] chnl_net:caif_netlink_parms(): no params data found
[  293.862213][T14656] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.882958][T14656] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.899025][T14656] bridge_slave_0: entered allmulticast mode
[  293.910964][T14656] bridge_slave_0: entered promiscuous mode
[  293.921506][T14656] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.928847][T14656] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.938898][T14656] bridge_slave_1: entered allmulticast mode
[  293.951651][T14656] bridge_slave_1: entered promiscuous mode
[  294.037471][T14672] syzkaller0: entered promiscuous mode
[  294.046765][T14672] syzkaller0: entered allmulticast mode
[  294.066630][T14656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  294.076884][T14672] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  294.094537][T14656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  294.136283][T14672] sch_tbf: burst 127 is lower than device wlan0 mtu (1514) !
[  294.211005][T14672] tipc: Resetting bearer <eth:syzkaller0>
[  294.223894][T14656] team0: Port device team_slave_0 added
[  294.235515][T14669] tipc: Resetting bearer <eth:syzkaller0>
[  294.292494][T14669] tipc: Disabling bearer <eth:syzkaller0>
[  294.322890][T14656] team0: Port device team_slave_1 added
[  294.460092][T14656] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.487655][T14656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.526258][T14656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  294.541815][T14656] batman_adv: batadv0: Adding interface: batadv_slave_1
[  294.548896][T14656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.565037][T14695] netlink: 'syz.0.2910': attribute type 1 has an invalid length.
[  294.587893][T14656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.782386][T14656] hsr_slave_0: entered promiscuous mode
[  294.809306][T14656] hsr_slave_1: entered promiscuous mode
[  295.165977][T14728] __nla_validate_parse: 9 callbacks suppressed
[  295.165999][T14728] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2920'.
[  295.273476][T14656] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.280216][ T5870] Bluetooth: hci5: command tx timeout
[  295.327343][T14733] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2923'.
[  295.371566][T14733] ieee802154 phy0 wpan0: encryption failed: -22
[  295.406933][T14737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2921'.
[  295.533147][T14656] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.787117][T14656] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.813737][T14743] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2925'.
[  296.141089][T14754] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2929'.
[  296.203054][T14656] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.391344][T14762] netlink: 'syz.2.2932': attribute type 1 has an invalid length.
[  296.507045][T14656] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  296.531007][T14656] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  296.547181][T14656] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  296.575605][T14656] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  296.878890][T14656] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.929346][T14656] 8021q: adding VLAN 0 to HW filter on device team0
[  296.938478][T14785] netlink: 'syz.2.2937': attribute type 21 has an invalid length.
[  296.953172][T14788] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2937'.
[  296.956118][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.969331][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.987960][T14785] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode broadcast(3)
[  297.004713][T14786] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2938'.
[  297.054272][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.061556][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.144717][T14794] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2941'.
[  297.313424][T14800] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2945'.
[  297.356019][ T5870] Bluetooth: hci5: command tx timeout
[  297.509416][T14804] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2946'.
[  297.677860][T14656] 8021q: adding VLAN 0 to HW filter on device batadv0
[  297.778467][T14656] veth0_vlan: entered promiscuous mode
[  297.798508][T14656] veth1_vlan: entered promiscuous mode
[  297.868237][T14656] veth0_macvtap: entered promiscuous mode
[  297.883069][T14656] veth1_macvtap: entered promiscuous mode
[  297.924116][T14656] batman_adv: batadv0: Interface activated: batadv_slave_0
[  297.941185][T14829] netlink: 'syz.1.2952': attribute type 1 has an invalid length.
[  297.952271][T14656] batman_adv: batadv0: Interface activated: batadv_slave_1
[  297.960786][T14829] netlink: 'syz.1.2952': attribute type 1 has an invalid length.
[  297.983639][ T7641] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  298.008024][ T7641] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  298.029918][ T7641] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  298.041618][ T7641] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  298.131090][ T7641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.142610][ T7641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.227217][ T7641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.257004][ T7641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  299.158442][T14872] Unknown status report in ack skb
[  299.432564][ T5870] Bluetooth: hci5: command tx timeout
[  299.456271][T14876] lo speed is unknown, defaulting to 1000
[  299.547867][T14887] nbd: illegal input index -8454144
[  299.656600][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  299.668668][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  299.677458][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  299.697650][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  299.708014][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  299.749588][T14891] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  300.139981][T14876] hsr0 speed is unknown, defaulting to 1000
[  300.139996][T14889] lo speed is unknown, defaulting to 1000
[  300.363878][T14918] __nla_validate_parse: 10 callbacks suppressed
[  300.363898][T14918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2980'.
[  300.439696][T14917] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  300.754242][T14889] hsr0 speed is unknown, defaulting to 1000
[  300.788888][T14933] FAULT_INJECTION: forcing a failure.
[  300.788888][T14933] name failslab, interval 1, probability 0, space 0, times 0
[  300.832850][T14933] CPU: 0 UID: 0 PID: 14933 Comm: syz.3.2985 Not tainted syzkaller #0 PREEMPT(full) 
[  300.832879][T14933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  300.832892][T14933] Call Trace:
[  300.832900][T14933]  <TASK>
[  300.832909][T14933]  dump_stack_lvl+0x189/0x250
[  300.832938][T14933]  ? __pfx____ratelimit+0x10/0x10
[  300.832968][T14933]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.832992][T14933]  ? __pfx__printk+0x10/0x10
[  300.833022][T14933]  ? __lock_acquire+0xab9/0xd20
[  300.833062][T14933]  should_fail_ex+0x414/0x560
[  300.833095][T14933]  should_failslab+0xa8/0x100
[  300.833126][T14933]  kmem_cache_alloc_noprof+0x73/0x3c0
[  300.833152][T14933]  ? skb_clone+0x212/0x3a0
[  300.833199][T14933]  skb_clone+0x212/0x3a0
[  300.833226][T14933]  __netlink_deliver_tap+0x404/0x850
[  300.833273][T14933]  ? netlink_deliver_tap+0x2e/0x1b0
[  300.833306][T14933]  netlink_deliver_tap+0x19c/0x1b0
[  300.833346][T14933]  netlink_unicast+0x7fa/0x9e0
[  300.833385][T14933]  ? __pfx_netlink_unicast+0x10/0x10
[  300.833416][T14933]  ? netlink_sendmsg+0x642/0xb30
[  300.833432][T14933]  ? skb_put+0x11b/0x210
[  300.833457][T14933]  netlink_sendmsg+0x805/0xb30
[  300.833487][T14933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  300.833510][T14933]  ? aa_sock_msg_perm+0xf1/0x1d0
[  300.833532][T14933]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  300.833555][T14933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  300.833575][T14933]  __sock_sendmsg+0x219/0x270
[  300.833608][T14933]  ____sys_sendmsg+0x505/0x830
[  300.833638][T14933]  ? __pfx_____sys_sendmsg+0x10/0x10
[  300.833681][T14933]  ? import_iovec+0x74/0xa0
[  300.833710][T14933]  ___sys_sendmsg+0x21f/0x2a0
[  300.833734][T14933]  ? __pfx____sys_sendmsg+0x10/0x10
[  300.833798][T14933]  ? __fget_files+0x2a/0x420
[  300.833827][T14933]  ? __fget_files+0x3a0/0x420
[  300.833869][T14933]  __x64_sys_sendmsg+0x19b/0x260
[  300.833895][T14933]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  300.833928][T14933]  ? __pfx_ksys_write+0x10/0x10
[  300.833952][T14933]  ? rcu_is_watching+0x15/0xb0
[  300.833979][T14933]  ? do_syscall_64+0xbe/0x3b0
[  300.834002][T14933]  do_syscall_64+0xfa/0x3b0
[  300.834018][T14933]  ? lockdep_hardirqs_on+0x9c/0x150
[  300.834047][T14933]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.834068][T14933]  ? clear_bhb_loop+0x60/0xb0
[  300.834093][T14933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.834113][T14933] RIP: 0033:0x7f96e158ebe9
[  300.834131][T14933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.834148][T14933] RSP: 002b:00007f96e234e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  300.834171][T14933] RAX: ffffffffffffffda RBX: 00007f96e17b5fa0 RCX: 00007f96e158ebe9
[  300.834185][T14933] RDX: 0000000000000010 RSI: 0000200000000240 RDI: 0000000000000004
[  300.834197][T14933] RBP: 00007f96e234e090 R08: 0000000000000000 R09: 0000000000000000
[  300.834209][T14933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  300.834221][T14933] R13: 00007f96e17b6038 R14: 00007f96e17b5fa0 R15: 00007ffd0bf7d0f8
[  300.834255][T14933]  </TASK>
[  301.502924][    C0] Unknown status report in ack skb
[  301.510652][   T51] Bluetooth: hci5: command tx timeout
[  301.520882][T14953] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  301.591974][T14889] chnl_net:caif_netlink_parms(): no params data found
[  301.691190][T14958] netlink: 'syz.0.2994': attribute type 10 has an invalid length.
[  301.703568][T14959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2993'.
[  301.754362][   T51] Bluetooth: hci2: command tx timeout
[  301.759326][T14962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2996'.
[  301.776070][T14959] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2993'.
[  301.825022][T14959] openvswitch: netlink: Flow key attr not present in new flow.
[  301.872820][T14962] bridge_slave_1 (unregistering): left allmulticast mode
[  301.899259][T14962] bridge_slave_1 (unregistering): left promiscuous mode
[  301.920478][T14962] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.215175][T14974] netlink: 'syz.0.3001': attribute type 29 has an invalid length.
[  302.228596][T14974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3001'.
[  302.268244][T14984] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  302.300441][T14889] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.317193][T14889] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.338901][T14889] bridge_slave_0: entered allmulticast mode
[  302.348010][T14889] bridge_slave_0: entered promiscuous mode
[  302.371629][T14889] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.385662][T14889] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.405320][T14988] netlink: 'syz.4.3007': attribute type 10 has an invalid length.
[  302.420737][T14889] bridge_slave_1: entered allmulticast mode
[  302.428357][T14889] bridge_slave_1: entered promiscuous mode
[  302.435305][T14987] netlink: 'syz.0.3005': attribute type 1 has an invalid length.
[  302.446938][T14988] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[  302.480501][T14987] netlink: 'syz.0.3005': attribute type 1 has an invalid length.
[  302.497868][T14987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3005'.
[  302.507641][T14987] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3005'.
[  302.577403][T14993] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3005'.
[  302.615162][T14993] vlan0: entered allmulticast mode
[  302.645865][T14993] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  302.679271][T14889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  302.718617][T14889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  302.811084][T14889] team0: Port device team_slave_0 added
[  302.823842][T15009] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  302.829892][T14889] team0: Port device team_slave_1 added
[  302.878940][T15012] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3013'.
[  302.905733][T15014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3014'.
[  303.053808][T15018] netlink: 'syz.2.3015': attribute type 3 has an invalid length.
[  303.078668][T14889] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.086259][T14889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.133053][T14889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.150701][T14889] batman_adv: batadv0: Adding interface: batadv_slave_1
[  303.157876][T14889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.187647][T14889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  303.358351][T14889] hsr_slave_0: entered promiscuous mode
[  303.380789][T14889] hsr_slave_1: entered promiscuous mode
[  303.402155][T14889] debugfs: 'hsr0' already exists in 'hsr'
[  303.419377][T14889] Cannot create hsr debugfs directory
[  303.777570][ T3486] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  303.794898][ T3486] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  303.803263][ T1211] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  303.840628][   T51] Bluetooth: hci2: command tx timeout
[  303.945153][T14889] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  303.950675][ T1211] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  303.956402][T14889] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.137265][T14889] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  304.147348][T14889] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.222870][T14889] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  304.257187][T14889] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.325582][T15069] syzkaller0: entered promiscuous mode
[  304.354904][T15069] syzkaller0: entered allmulticast mode
[  304.366756][T14889] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  304.385162][T14889] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.436738][T15080] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  304.449119][T15080] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  304.503637][T15080] tipc: Resetting bearer <eth:syzkaller0>
[  304.746925][T14889] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  304.782453][T14889] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  304.818029][T14889] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  304.843605][T14889] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  304.870575][ T6001] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  305.101909][T14889] 8021q: adding VLAN 0 to HW filter on device bond0
[  305.115829][T15109] FAULT_INJECTION: forcing a failure.
[  305.115829][T15109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  305.135064][T15068] tipc: Resetting bearer <eth:syzkaller0>
[  305.146791][T15109] CPU: 0 UID: 0 PID: 15109 Comm: syz.0.3048 Not tainted syzkaller #0 PREEMPT(full) 
[  305.146819][T15109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  305.146830][T15109] Call Trace:
[  305.146847][T15109]  <TASK>
[  305.146856][T15109]  dump_stack_lvl+0x189/0x250
[  305.146885][T15109]  ? __pfx____ratelimit+0x10/0x10
[  305.146915][T15109]  ? __pfx_dump_stack_lvl+0x10/0x10
[  305.146938][T15109]  ? __pfx__printk+0x10/0x10
[  305.146980][T15109]  should_fail_ex+0x414/0x560
[  305.147012][T15109]  _copy_to_user+0x31/0xb0
[  305.147038][T15109]  simple_read_from_buffer+0xe1/0x170
[  305.147073][T15109]  proc_fail_nth_read+0x1b3/0x220
[  305.147099][T15109]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  305.147126][T15109]  ? rw_verify_area+0x2a6/0x4d0
[  305.147148][T15109]  ? __lock_acquire+0xab9/0xd20
[  305.147174][T15109]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  305.147199][T15109]  vfs_read+0x1fd/0xa30
[  305.147223][T15109]  ? fdget_pos+0x247/0x320
[  305.147246][T15109]  ? __pfx___mutex_lock+0x10/0x10
[  305.147278][T15109]  ? __pfx_vfs_read+0x10/0x10
[  305.147305][T15109]  ? __fget_files+0x2a/0x420
[  305.147339][T15109]  ? __fget_files+0x3a0/0x420
[  305.147365][T15109]  ? __fget_files+0x2a/0x420
[  305.147404][T15109]  ksys_read+0x145/0x250
[  305.147425][T15109]  ? __pfx_ksys_read+0x10/0x10
[  305.147441][T15109]  ? rcu_is_watching+0x15/0xb0
[  305.147460][T15109]  ? do_syscall_64+0xbe/0x3b0
[  305.147476][T15109]  do_syscall_64+0xfa/0x3b0
[  305.147490][T15109]  ? lockdep_hardirqs_on+0x9c/0x150
[  305.147518][T15109]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.147538][T15109]  ? clear_bhb_loop+0x60/0xb0
[  305.147561][T15109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.147580][T15109] RIP: 0033:0x7f842b58d5fc
[  305.147598][T15109] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  305.147622][T15109] RSP: 002b:00007f842c324030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  305.147638][T15109] RAX: ffffffffffffffda RBX: 00007f842b7b5fa0 RCX: 00007f842b58d5fc
[  305.147649][T15109] RDX: 000000000000000f RSI: 00007f842c3240a0 RDI: 0000000000000006
[  305.147657][T15109] RBP: 00007f842c324090 R08: 0000000000000000 R09: 0000000000000000
[  305.147666][T15109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  305.147674][T15109] R13: 00007f842b7b6038 R14: 00007f842b7b5fa0 R15: 00007fff218c26f8
[  305.147697][T15109]  </TASK>
[  305.416881][T15068] tipc: Disabling bearer <eth:syzkaller0>
[  305.440894][T14889] 8021q: adding VLAN 0 to HW filter on device team0
[  305.489628][T15115] __nla_validate_parse: 7 callbacks suppressed
[  305.489652][T15115] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3049'.
[  305.592363][T15113] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3049'.
[  305.605246][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.612547][ T7651] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.622567][ T7651] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.629788][ T7651] bridge0: port 2(bridge_slave_1) entered forwarding state
[  305.646077][T15123] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  305.793103][T15128] netlink: 'syz.2.3054': attribute type 1 has an invalid length.
[  305.826883][T15128] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3054'.
[  305.833311][T15131] netlink: 'syz.0.3055': attribute type 8 has an invalid length.
[  305.857310][T15121] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3051'.
[  305.910463][ T5870] Bluetooth: hci2: command tx timeout
[  306.242666][T15150] openvswitch: netlink: IP tunnel dst address not specified
[  306.245304][T14889] 8021q: adding VLAN 0 to HW filter on device batadv0
[  306.277883][T15150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  306.285314][T15150] IPv6: NLM_F_CREATE should be set when creating new route
[  306.292612][T15150] IPv6: NLM_F_CREATE should be set when creating new route
[  306.337713][T15150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  306.439462][T14889] veth0_vlan: entered promiscuous mode
[  306.494617][T14889] veth1_vlan: entered promiscuous mode
[  306.596298][T14889] veth0_macvtap: entered promiscuous mode
[  306.642198][T15160] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3064'.
[  306.647202][T14889] veth1_macvtap: entered promiscuous mode
[  306.667603][T15160] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3064'.
[  306.747924][T14889] batman_adv: batadv0: Interface activated: batadv_slave_0
[  306.774795][T14889] batman_adv: batadv0: Interface activated: batadv_slave_1
[  306.809334][ T1005] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  306.832772][T15169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3068'.
[  306.835113][ T1005] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  306.887001][T15171] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3068'.
[  306.968342][ T1005] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.987144][ T1005] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  307.204729][ T1005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.219491][ T1005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.323200][ T3486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.364752][ T3486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.578202][T15192] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3076'.
[  307.623994][T15192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3076'.
[  307.951882][T15206] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.991023][ T5870] Bluetooth: hci2: command 0x0419 tx timeout
[  308.164154][T15206] bridge_slave_1 (unregistering): left allmulticast mode
[  308.182311][T15206] bridge_slave_1 (unregistering): left promiscuous mode
[  308.205473][T15206] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.230449][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  308.361636][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  308.377517][T15211] vlan1: entered promiscuous mode
[  308.381631][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  308.391557][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  308.401318][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  308.409196][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  308.418518][T15211] bridge0: entered promiscuous mode
[  308.745243][T15214] lo speed is unknown, defaulting to 1000
[  308.951317][T15238] netlink: 'syz.1.3089': attribute type 10 has an invalid length.
[  308.996176][T15238] team0: Device hsr_slave_0 failed to register rx_handler
[  309.313633][T15214] hsr0 speed is unknown, defaulting to 1000
[  309.402946][T15251] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  309.558092][T15258] sock: sock_timestamping_bind_phc: sock not bind to device
[  309.678480][T15268] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  309.750805][T15214] chnl_net:caif_netlink_parms(): no params data found
[  310.010016][T15286] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  310.070379][ T5870] Bluetooth: hci2: command 0x0419 tx timeout
[  310.099207][T15288] netlink: 'syz.3.3108': attribute type 1 has an invalid length.
[  310.146640][T15214] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.163497][T15214] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.173190][T15214] bridge_slave_0: entered allmulticast mode
[  310.182754][T15214] bridge_slave_0: entered promiscuous mode
[  310.194721][T15214] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.202111][T15214] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.211299][T15214] bridge_slave_1: entered allmulticast mode
[  310.219269][T15214] bridge_slave_1: entered promiscuous mode
[  310.337128][T15214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  310.363810][T15214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.372592][T15300] FAULT_INJECTION: forcing a failure.
[  310.372592][T15300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  310.413573][T15300] CPU: 0 UID: 0 PID: 15300 Comm: syz.2.3113 Not tainted syzkaller #0 PREEMPT(full) 
[  310.413603][T15300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  310.413616][T15300] Call Trace:
[  310.413624][T15300]  <TASK>
[  310.413633][T15300]  dump_stack_lvl+0x189/0x250
[  310.413663][T15300]  ? __pfx____ratelimit+0x10/0x10
[  310.413693][T15300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.413718][T15300]  ? __pfx__printk+0x10/0x10
[  310.413747][T15300]  ? __might_fault+0xb0/0x130
[  310.413788][T15300]  should_fail_ex+0x414/0x560
[  310.413821][T15300]  _copy_from_user+0x2d/0xb0
[  310.413845][T15300]  kstrtouint_from_user+0xc4/0x170
[  310.413879][T15300]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  310.413928][T15300]  proc_fail_nth_write+0x88/0x200
[  310.413952][T15300]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  310.413980][T15300]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  310.414005][T15300]  vfs_write+0x27e/0xb30
[  310.414042][T15300]  ? __pfx_vfs_write+0x10/0x10
[  310.414070][T15300]  ? __fget_files+0x2a/0x420
[  310.414105][T15300]  ? __fget_files+0x3a0/0x420
[  310.414132][T15300]  ? __fget_files+0x2a/0x420
[  310.414173][T15300]  ksys_write+0x145/0x250
[  310.414203][T15300]  ? __pfx_ksys_write+0x10/0x10
[  310.414226][T15300]  ? rcu_is_watching+0x15/0xb0
[  310.414261][T15300]  ? do_syscall_64+0xbe/0x3b0
[  310.414285][T15300]  do_syscall_64+0xfa/0x3b0
[  310.414302][T15300]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.414330][T15300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.414351][T15300]  ? clear_bhb_loop+0x60/0xb0
[  310.414375][T15300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.414395][T15300] RIP: 0033:0x7fcd5238d69f
[  310.414414][T15300] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  310.414431][T15300] RSP: 002b:00007fcd5312f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  310.414452][T15300] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcd5238d69f
[  310.414466][T15300] RDX: 0000000000000001 RSI: 00007fcd5312f0a0 RDI: 0000000000000004
[  310.414478][T15300] RBP: 00007fcd5312f090 R08: 0000000000000000 R09: 0000000000000000
[  310.414490][T15300] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  310.414502][T15300] R13: 00007fcd525b6038 R14: 00007fcd525b5fa0 R15: 00007ffde70bef58
[  310.414536][T15300]  </TASK>
[  310.680430][ T5870] Bluetooth: hci3: command tx timeout
[  310.731309][T15308] netlink: 'syz.2.3116': attribute type 10 has an invalid length.
[  310.739220][T15308] __nla_validate_parse: 14 callbacks suppressed
[  310.739238][T15308] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3116'.
[  310.774577][T15306] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not bonding slave
[  310.784706][T15306] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  310.951464][T15214] team0: Port device team_slave_0 added
[  310.957680][T15318] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  310.996782][T15214] team0: Port device team_slave_1 added
[  311.097934][T15214] batman_adv: batadv0: Adding interface: batadv_slave_0
[  311.107920][T15214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.143498][T15214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  311.162168][T15214] batman_adv: batadv0: Adding interface: batadv_slave_1
[  311.169416][T15214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.260394][T15214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  311.312608][T15335] netlink: 220 bytes leftover after parsing attributes in process `syz.0.3125'.
[  311.404017][T15347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3125'.
[  311.565331][T15352] netlink: 14544 bytes leftover after parsing attributes in process `syz.3.3129'.
[  311.637059][T15214] hsr_slave_0: entered promiscuous mode
[  311.667722][T15214] hsr_slave_1: entered promiscuous mode
[  311.695024][T15214] debugfs: 'hsr0' already exists in 'hsr'
[  311.703010][T15360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3131'.
[  311.720671][T15214] Cannot create hsr debugfs directory
[  312.308263][T15379] vlan2: entered promiscuous mode
[  312.329636][T15379] vlan2: entered allmulticast mode
[  312.335417][T15379] hsr_slave_1: entered allmulticast mode
[  312.398630][T15379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3138'.
[  312.484734][T15214] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  312.510883][T15214] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.554790][T15392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3141'.
[  312.720261][ T5870] Bluetooth: hci3: command tx timeout
[  312.841741][T15214] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  312.870483][T15214] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.043583][T15214] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  313.076465][T15214] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.221623][T15214] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  313.232948][T15214] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.451722][T15424] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3151'.
[  313.583356][T15427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3152'.
[  313.665654][T15429] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3153'.
[  313.733969][T15214] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  313.774727][T15214] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  313.852241][T15214] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  313.878979][T15214] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  314.069118][T15460] netlink: 'syz.2.3163': attribute type 10 has an invalid length.
[  314.090214][T15455] nbd4: detected capacity change from 0 to 127
[  314.099662][T15460] team0: Device hsr_slave_0 failed to register rx_handler
[  314.182202][T15214] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.183662][T15454] nbd5: detected capacity change from 0 to 127
[  314.228019][T15214] 8021q: adding VLAN 0 to HW filter on device team0
[  314.269715][ T5870] block nbd4: Receive control failed (result -32)
[  314.270322][   T51] block nbd5: Receive control failed (result -32)
[  314.295661][ T7637] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.302978][ T7637] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.369444][ T7637] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.376703][ T7637] bridge0: port 2(bridge_slave_1) entered forwarding state
[  314.773712][T15497] sctp: [Deprecated]: syz.3.3172 (pid 15497) Use of int in maxseg socket option.
[  314.773712][T15497] Use struct sctp_assoc_value instead
[  314.792157][   T51] Bluetooth: hci3: command tx timeout
[  314.908130][T15214] 8021q: adding VLAN 0 to HW filter on device batadv0
[  314.958582][T15502] netlink: 'syz.2.3173': attribute type 10 has an invalid length.
[  314.980686][T15502] team0: Device hsr_slave_0 failed to register rx_handler
[  315.166525][T15513] openvswitch: netlink: nsh attribute has 13 unknown bytes.
[  315.193531][T15513] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  315.462770][T15533] netlink: 'syz.1.3183': attribute type 10 has an invalid length.
[  315.549577][T15533] team0: Port device geneve0 added
[  315.781964][T15214] veth0_vlan: entered promiscuous mode
[  315.816179][T15214] veth1_vlan: entered promiscuous mode
[  315.873592][T15550] __nla_validate_parse: 9 callbacks suppressed
[  315.873610][T15550] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3188'.
[  316.021456][T15557] netlink: 'syz.0.3191': attribute type 27 has an invalid length.
[  316.127411][T15550] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  316.130814][T15563] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3195'.
[  316.152856][T15550] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  316.165978][T15550] bond0 (unregistering): Released all slaves
[  316.197114][T15565] netlink: 'syz.2.3193': attribute type 33 has an invalid length.
[  316.199926][T15214] veth0_macvtap: entered promiscuous mode
[  316.205760][T15565] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3193'.
[  316.294146][T15214] veth1_macvtap: entered promiscuous mode
[  316.364749][T15570] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3197'.
[  316.385380][T15571] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3197'.
[  316.404369][T15214] batman_adv: batadv0: Interface activated: batadv_slave_0
[  316.415933][T15573] netlink: 'syz.1.3198': attribute type 1 has an invalid length.
[  316.455496][T15576] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  316.475874][T15214] batman_adv: batadv0: Interface activated: batadv_slave_1
[  316.513550][T15573] bond0: (slave bridge1): making interface the new active one
[  316.522429][T15573] bond0: (slave bridge1): Enslaving as an active interface with an up link
[  316.656602][T15581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3201'.
[  316.724873][ T7651] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  316.817414][ T7651] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  316.847891][ T7651] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  316.857221][T15588] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3202'.
[  316.870616][   T51] Bluetooth: hci3: command tx timeout
[  316.929392][T15588] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[  317.022424][ T7651] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  317.082827][T15596] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  317.152082][ T1005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.159952][ T1005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.191771][   T11] block nbd0: Possible stuck request ffff888025380000: control (read@0,1024B). Runtime 180 seconds
[  317.199938][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  317.203776][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  317.224904][   T11] block nbd0: Possible stuck request ffff8880253801c0: control (read@1024,1024B). Runtime 180 seconds
[  317.236129][   T11] block nbd0: Possible stuck request ffff888025380380: control (read@2048,1024B). Runtime 180 seconds
[  317.250263][   T11] block nbd0: Possible stuck request ffff888025380540: control (read@3072,1024B). Runtime 180 seconds
[  317.299358][T15601] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3206'.
[  317.327823][ T7644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.337421][ T7644] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.382197][T15601] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3206'.
[  317.670706][T15620] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  317.730335][T15622] netlink: 'syz.3.3214': attribute type 8 has an invalid length.
[  318.327358][T15638] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3220'.
[  318.516570][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  318.526049][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  318.535454][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  318.554346][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  318.564012][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  318.613941][T15646] lo speed is unknown, defaulting to 1000
[  318.789654][T15655] openvswitch: netlink: nsh attribute has 2338 unknown bytes.
[  318.871831][T15655] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  318.966256][T15646] hsr0 speed is unknown, defaulting to 1000
[  319.177399][T15665] xt_limit: Overflow, try lower: 271964/0
[  319.296902][T15646] chnl_net:caif_netlink_parms(): no params data found
[  319.644111][T15646] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.656050][T15646] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.665269][T15646] bridge_slave_0: entered allmulticast mode
[  319.673572][T15646] bridge_slave_0: entered promiscuous mode
[  319.683074][T15646] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.690648][T15646] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.705843][T15646] bridge_slave_1: entered allmulticast mode
[  319.723837][T15646] bridge_slave_1: entered promiscuous mode
[  319.828585][T15703] netlink: 'syz.4.3233': attribute type 10 has an invalid length.
[  319.877614][T15646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  320.019807][T15703] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  320.039681][T15646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  320.068592][T15700] lo speed is unknown, defaulting to 1000
[  320.142426][T15646] team0: Port device team_slave_0 added
[  320.178354][T15646] team0: Port device team_slave_1 added
[  320.326807][T15646] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.334898][T15646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.388266][T15646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.419897][T15646] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.428268][T15646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.463065][T15646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.488196][T15700] hsr0 speed is unknown, defaulting to 1000
[  320.632289][   T51] Bluetooth: hci0: command tx timeout
[  320.698123][T15646] hsr_slave_0: entered promiscuous mode
[  320.711075][T15646] hsr_slave_1: entered promiscuous mode
[  320.717530][T15646] debugfs: 'hsr0' already exists in 'hsr'
[  320.724105][T15646] Cannot create hsr debugfs directory
[  320.897489][T15734] __nla_validate_parse: 5 callbacks suppressed
[  320.897508][T15734] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3243'.
[  321.083528][T15743] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3246'.
[  321.367892][T15753] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3249'.
[  321.549565][T15760] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3252'.
[  321.583663][T15760] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3252'.
[  321.620642][T15764] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3253'.
[  321.778147][T15771] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3255'.
[  322.001109][T15780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3259'.
[  322.065933][T15780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3259'.
[  322.101006][T15780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3259'.
[  322.101442][T15646] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  322.148156][T15646] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  322.201987][T15646] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  322.258144][T15646] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  322.458981][T15812] netlink: 'syz.1.3266': attribute type 2 has an invalid length.
[  322.619191][T15821] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.714386][   T51] Bluetooth: hci0: command tx timeout
[  322.898693][T15646] 8021q: adding VLAN 0 to HW filter on device bond0
[  322.944616][T15646] 8021q: adding VLAN 0 to HW filter on device team0
[  323.011417][ T7644] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.018850][ T7644] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.086462][ T7637] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.093741][ T7637] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.774522][ T7651] netdevsim netdevsim1 : set [0, 0] type 1 family 0 port 8472 - 0
[  323.802106][ T7651] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  323.973399][ T7651] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  324.003474][ T7651] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  324.103841][T15884] bond2: entered promiscuous mode
[  324.108968][T15884] bond2: entered allmulticast mode
[  324.114791][T15884] 8021q: adding VLAN 0 to HW filter on device bond2
[  324.257173][T15895] delete_channel: no stack
[  324.324581][T15884] bond2 (unregistering): Released all slaves
[  324.448352][T15646] 8021q: adding VLAN 0 to HW filter on device batadv0
[  324.645302][T15646] veth0_vlan: entered promiscuous mode
[  324.684943][T15646] veth1_vlan: entered promiscuous mode
[  324.790857][   T51] Bluetooth: hci0: command tx timeout
[  324.809374][T15646] veth0_macvtap: entered promiscuous mode
[  324.821584][T15646] veth1_macvtap: entered promiscuous mode
[  324.846841][T15646] batman_adv: batadv0: Interface activated: batadv_slave_0
[  324.859567][T15646] batman_adv: batadv0: Interface activated: batadv_slave_1
[  324.917817][ T7651] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.935440][ T7651] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.991198][ T7651] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  325.002481][ T7651] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  325.226840][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.257513][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.343164][ T7651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.370175][ T7651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.899994][T15955] IPVS: length: 167 != 8
[  326.326270][ T5870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  326.344048][ T5870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  326.353426][ T5870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  326.365091][ T5870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  326.375192][ T5870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  326.433011][T15962] lo speed is unknown, defaulting to 1000
[  326.490921][T15974] netlink: 'syz.4.3315': attribute type 1 has an invalid length.
[  326.795026][T15985] __nla_validate_parse: 45 callbacks suppressed
[  326.795046][T15985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3318'.
[  326.856705][T15985] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.871186][ T5870] Bluetooth: hci0: command tx timeout
[  326.946034][T15990] netlink: 'syz.0.3320': attribute type 10 has an invalid length.
[  326.956284][T15985] bridge_slave_1 (unregistering): left allmulticast mode
[  326.970017][T15985] bridge_slave_1 (unregistering): left promiscuous mode
[  326.993053][T15985] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.035735][    C0] Unknown status report in ack skb
[  327.036442][T15990] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[  327.080071][T15962] hsr0 speed is unknown, defaulting to 1000
[  327.147439][T15995] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3322'.
[  327.649489][T16022] unknown channel width for channel at 909000KHz?
[  327.693117][T16028] netlink: 'syz.4.3331': attribute type 6 has an invalid length.
[  327.771906][T15962] chnl_net:caif_netlink_parms(): no params data found
[  328.104288][T16043] IPVS: length: 157 != 24
[  328.222039][T15962] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.231791][T15962] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.239291][T15962] bridge_slave_0: entered allmulticast mode
[  328.262392][T15962] bridge_slave_0: entered promiscuous mode
[  328.291931][T15962] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.307875][T15962] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.326949][T15962] bridge_slave_1: entered allmulticast mode
[  328.343766][T15962] bridge_slave_1: entered promiscuous mode
[  328.456563][T15962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  328.472743][ T5870] Bluetooth: hci1: command tx timeout
[  328.485001][T15962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  328.578787][T16061] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3342'.
[  328.597843][T15962] team0: Port device team_slave_0 added
[  328.626740][T15962] team0: Port device team_slave_1 added
[  328.689163][T16065] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3343'.
[  328.719705][T15962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  328.727051][T15962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  328.778707][T15962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  328.797316][T15962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  328.804728][T15962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  328.846288][T16069] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3345'.
[  328.860858][T15962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  329.088926][T15962] hsr_slave_0: entered promiscuous mode
[  329.099468][T15962] hsr_slave_1: entered promiscuous mode
[  329.118961][T15962] debugfs: 'hsr0' already exists in 'hsr'
[  329.125963][T15962] Cannot create hsr debugfs directory
[  329.214703][T16084] pim6reg1: entered promiscuous mode
[  329.221802][T16084] pim6reg1: entered allmulticast mode
[  329.395678][T16096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3355'.
[  329.450765][T16096] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.516062][T16096] bridge_slave_1 (unregistering): left allmulticast mode
[  329.544310][T16096] bridge_slave_1 (unregistering): left promiscuous mode
[  329.557089][T16094] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3354'.
[  329.565387][T16096] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.729967][T15962] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  329.857431][T15962] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  329.923023][T15962] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  329.997595][T16116] netlink: 'syz.0.3361': attribute type 11 has an invalid length.
[  330.006133][T16116] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3361'.
[  330.041588][T15962] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  330.173764][T16131] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3366'.
[  330.227818][T16128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3364'.
[  330.332143][T16136] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  330.449205][T15962] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  330.491448][T15962] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  330.519766][T15962] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  330.562807][ T5870] Bluetooth: hci1: command tx timeout
[  330.575036][T15962] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  330.789644][T15962] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.845020][T15962] 8021q: adding VLAN 0 to HW filter on device team0
[  330.881910][ T7644] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.889110][ T7644] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.915478][ T7641] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.922719][ T7641] bridge0: port 2(bridge_slave_1) entered forwarding state
[  331.187862][T16172] Bluetooth: MGMT ver 1.23
[  331.217392][    C1] Unknown status report in ack skb
[  331.586569][T15962] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.719635][T15962] veth0_vlan: entered promiscuous mode
[  331.758217][T15962] veth1_vlan: entered promiscuous mode
[  331.841650][T15962] veth0_macvtap: entered promiscuous mode
[  331.878259][T15962] veth1_macvtap: entered promiscuous mode
[  331.953605][T15962] batman_adv: batadv0: Interface activated: batadv_slave_0
[  332.005120][T15962] batman_adv: batadv0: Interface activated: batadv_slave_1
[  332.046027][ T7641] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  332.214135][ T7644] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  332.251047][ T7644] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  332.284371][T16211] netlink: 'syz.1.3393': attribute type 12 has an invalid length.
[  332.351365][ T7644] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  332.444533][T16222] __nla_validate_parse: 3 callbacks suppressed
[  332.444553][T16222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3395'.
[  332.630623][ T5870] Bluetooth: hci1: command tx timeout
[  332.759560][ T7651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.800498][ T7651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.934764][T16239] IPVS: set_ctl: invalid protocol: 43 172.30.0.2:20000
[  332.994150][ T7651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  333.010335][ T7651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  333.070025][T16237] lo speed is unknown, defaulting to 1000
[  333.076051][T16235] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3398'.
[  333.121665][T16235] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3398'.
[  333.140709][T16235] hwsim0: entered promiscuous mode
[  333.187372][T16235] hwsim0: entered allmulticast mode
[  333.341930][T16248] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3307'.
[  333.361220][T16252] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3402'.
[  333.496920][T16254] netlink: 'syz.4.3402': attribute type 1 has an invalid length.
[  333.533222][T16254] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3402'.
[  333.799829][T16265] sch_fq: defrate 0 ignored.
[  333.830484][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.953676][T16277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3407'.
[  333.986704][T16279] openvswitch: netlink: Message has -1 unknown bytes.
[  334.125880][T16237] hsr0 speed is unknown, defaulting to 1000
[  334.284090][T16285] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3410'.
[  334.378914][   T30] audit: type=1804 audit(1756498766.597:4): pid=16295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3413" name="/newroot/114/cgroup.controllers" dev="tmpfs" ino=597 res=1 errno=0
[  334.430030][T16298] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3416'.
[  334.460317][   T30] audit: type=1800 audit(1756498766.597:5): pid=16295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3413" name="cgroup.controllers" dev="tmpfs" ino=597 res=0 errno=0
[  334.483380][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  334.710344][ T5870] Bluetooth: hci1: command tx timeout
[  334.781582][T16308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3418'.
[  334.827469][T16308] geneve2: entered promiscuous mode
[  335.232156][T16316] can: request_module (can-proto-5) failed.
[  335.696757][T16350] netlink: 'syz.2.3432': attribute type 1 has an invalid length.
[  335.717619][T16350] siw: device registration error -23
[  336.402992][T16381] netlink: 'syz.1.3444': attribute type 1 has an invalid length.
[  336.415815][T16382] tipc: Started in network mode
[  336.420955][T16382] tipc: Node identity ac14142f, cluster identity 4711
[  336.439021][T16382] tipc: New replicast peer: 0.0.0.0
[  336.450943][T16382] tipc: Enabled bearer <udp:syz2>, priority 10
[  336.728302][T16402] vlan2: entered promiscuous mode
[  336.989944][T16416] bond0: option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[  337.015608][T16417] netlink: 'syz.2.3455': attribute type 3 has an invalid length.
[  337.024169][T16416] bond0: option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[  337.051683][T16417] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  337.245384][T16425] netlink: 'syz.1.3459': attribute type 24 has an invalid length.
[  337.450612][ T5876] tipc: Node number set to 2886997039
[  337.818362][T16433] __nla_validate_parse: 14 callbacks suppressed
[  337.818383][T16433] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3461'.
[  337.978075][T16437] netlink: 'syz.2.3462': attribute type 10 has an invalid length.
[  338.034479][T16439] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  338.107897][T16439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3462'.
[  338.112609][T16440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3462'.
[  338.154371][T16439] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3462'.
[  338.160005][T16437] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  338.188557][T16440] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3462'.
[  338.817824][T16471] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3475'.
[  339.036534][T16481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3478'.
[  339.326575][T16503] bond0: option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[  339.414713][T16507] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'.
[  339.526546][T16516] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3490'.
[  339.590070][T16516] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.702017][T16516] bridge_slave_1 (unregistering): left allmulticast mode
[  339.709312][T16516] bridge_slave_1 (unregistering): left promiscuous mode
[  339.725979][T16516] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.123457][T16535] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3496'.
[  340.773067][T16576] pim6reg: entered allmulticast mode
[  340.797105][T16581] pim6reg: left allmulticast mode
[  341.012334][T16592] erspan0: entered promiscuous mode
[  341.017605][T16592] erspan0: entered allmulticast mode
[  341.305705][T16609] tipc: Started in network mode
[  341.326632][T16609] tipc: Node identity , cluster identity 4711
[  341.338069][T16609] tipc: Failed to obtain node identity
[  341.356429][T16609] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  341.357331][T16612] netlink: 'syz.3.3519': attribute type 1 has an invalid length.
[  341.433520][T16612] bond4: entered promiscuous mode
[  341.439869][T16612] 8021q: adding VLAN 0 to HW filter on device bond4
[  341.531688][T16617] 8021q: adding VLAN 0 to HW filter on device bond4
[  341.543894][T16617] bond4: (slave wireguard0): The slave device specified does not support setting the MAC address
[  341.560557][T16617] bond4: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  341.605250][T16617] bond4: (slave wireguard0): making interface the new active one
[  341.619065][T16617] wireguard0: entered promiscuous mode
[  341.629951][T16617] bond4: (slave wireguard0): Enslaving as an active interface with an up link
[  341.790395][T16627] block nbd6: Unsupported socket: shutdown callout must be supported.
[  342.828919][T16665] __nla_validate_parse: 12 callbacks suppressed
[  342.828942][T16665] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3536'.
[  342.876308][T16678] bond0: entered allmulticast mode
[  342.886259][T16678] bond_slave_0: entered allmulticast mode
[  342.894323][T16678] bond_slave_1: entered allmulticast mode
[  342.904035][T16678] mac80211_hwsim hwsim31 wlan1: entered allmulticast mode
[  342.992625][T16681] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3540'.
[  343.002127][T16681] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3540'.
[  343.083055][T16684] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3540'.
[  344.104128][T16710] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3550'.
[  344.186994][T16716] tipc: Started in network mode
[  344.194758][T16716] tipc: Node identity 6ae5c03a70ed, cluster identity 4711
[  344.202781][T16716] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  344.346748][T16717] syzkaller0: entered promiscuous mode
[  344.352665][T16717] syzkaller0: entered allmulticast mode
[  344.361237][T16719] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3553'.
[  344.375253][T16716] tipc: Resetting bearer <eth:syzkaller0>
[  344.389892][T16714] tipc: Resetting bearer <eth:syzkaller0>
[  344.414175][T16714] tipc: Disabling bearer <eth:syzkaller0>
[  344.845528][T16741] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3560'.
[  344.976421][T16747] openvswitch: netlink: Message has 4 unknown bytes.
[  344.993704][T16747] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  345.027440][T16744] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3562'.
[  345.125347][T16751] netlink: 'syz.1.3564': attribute type 15 has an invalid length.
[  345.176213][T16756] netlink: 'syz.2.3567': attribute type 10 has an invalid length.
[  345.199682][T16758] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  345.280555][T16756] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[  345.353853][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3569'.
[  345.367405][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  345.389890][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3569'.
[  345.438086][T16768] netlink: 'syz.2.3570': attribute type 1 has an invalid length.
[  345.485620][T16768] 8021q: adding VLAN 0 to HW filter on device bond2
[  345.510674][T16773] tipc: Invalid UDP bearer configuration
[  345.510731][T16773] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  345.662986][T16779] pim6reg1: entered promiscuous mode
[  345.668512][T16779] pim6reg1: entered allmulticast mode
[  345.717869][    C1] Unknown status report in ack skb
[  345.955966][T16791] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.048573][T16791] bridge_slave_1 (unregistering): left allmulticast mode
[  346.058484][T16793] netlink: 'syz.0.3580': attribute type 10 has an invalid length.
[  346.067108][T16791] bridge_slave_1 (unregistering): left promiscuous mode
[  346.074699][T16791] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.117435][T16793] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[  346.273450][T16800] syzkaller1: entered promiscuous mode
[  346.293097][T16800] syzkaller1: entered allmulticast mode
[  347.276569][   T11] block nbd0: Possible stuck request ffff888025380000: control (read@0,1024B). Runtime 210 seconds
[  347.288700][   T11] block nbd0: Possible stuck request ffff8880253801c0: control (read@1024,1024B). Runtime 210 seconds
[  347.300702][   T11] block nbd0: Possible stuck request ffff888025380380: control (read@2048,1024B). Runtime 210 seconds
[  347.314331][   T11] block nbd0: Possible stuck request ffff888025380540: control (read@3072,1024B). Runtime 210 seconds
[  347.402516][T16846] netlink: 'syz.3.3594': attribute type 10 has an invalid length.
[  347.410950][T16846] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[  347.876262][T16872] bond2: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  347.984382][T16876] FAULT_INJECTION: forcing a failure.
[  347.984382][T16876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.998546][T16876] CPU: 0 UID: 0 PID: 16876 Comm: syz.3.3606 Not tainted syzkaller #0 PREEMPT(full) 
[  347.998574][T16876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  347.998586][T16876] Call Trace:
[  347.998594][T16876]  <TASK>
[  347.998602][T16876]  dump_stack_lvl+0x189/0x250
[  347.998633][T16876]  ? __pfx____ratelimit+0x10/0x10
[  347.998667][T16876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.998690][T16876]  ? __pfx__printk+0x10/0x10
[  347.998718][T16876]  ? __might_fault+0xb0/0x130
[  347.998758][T16876]  should_fail_ex+0x414/0x560
[  347.998790][T16876]  _copy_from_user+0x2d/0xb0
[  347.998815][T16876]  __sys_connect+0x123/0x440
[  347.998846][T16876]  ? __fget_files+0x3a0/0x420
[  347.998877][T16876]  ? __pfx___sys_connect+0x10/0x10
[  347.998922][T16876]  ? __pfx_ksys_write+0x10/0x10
[  347.998946][T16876]  ? rcu_is_watching+0x15/0xb0
[  347.998976][T16876]  __x64_sys_connect+0x7a/0x90
[  347.999008][T16876]  do_syscall_64+0xfa/0x3b0
[  347.999026][T16876]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.999054][T16876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.999074][T16876]  ? clear_bhb_loop+0x60/0xb0
[  347.999098][T16876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.999117][T16876] RIP: 0033:0x7f96e158ebe9
[  347.999135][T16876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.999159][T16876] RSP: 002b:00007f96e234e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  347.999180][T16876] RAX: ffffffffffffffda RBX: 00007f96e17b5fa0 RCX: 00007f96e158ebe9
[  347.999195][T16876] RDX: 0000000000000010 RSI: 0000200000000640 RDI: 0000000000000005
[  347.999207][T16876] RBP: 00007f96e234e090 R08: 0000000000000000 R09: 0000000000000000
[  347.999219][T16876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.999231][T16876] R13: 00007f96e17b6038 R14: 00007f96e17b5fa0 R15: 00007ffd0bf7d0f8
[  347.999263][T16876]  </TASK>
[  348.414728][T16889] netlink: 'syz.0.3610': attribute type 10 has an invalid length.
[  348.422866][T16889] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[  348.592325][T16895] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  348.830984][T16903] netlink: 'syz.0.3615': attribute type 4 has an invalid length.
[  348.882230][T16907] netlink: 'syz.0.3615': attribute type 4 has an invalid length.
[  348.901655][T16905] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  348.983915][T16914] FAULT_INJECTION: forcing a failure.
[  348.983915][T16914] name failslab, interval 1, probability 0, space 0, times 0
[  349.013978][T16914] CPU: 1 UID: 0 PID: 16914 Comm: syz.4.3618 Not tainted syzkaller #0 PREEMPT(full) 
[  349.014009][T16914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  349.014023][T16914] Call Trace:
[  349.014031][T16914]  <TASK>
[  349.014040][T16914]  dump_stack_lvl+0x189/0x250
[  349.014069][T16914]  ? __pfx____ratelimit+0x10/0x10
[  349.014100][T16914]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.014125][T16914]  ? __pfx__printk+0x10/0x10
[  349.014161][T16914]  ? __pfx___might_resched+0x10/0x10
[  349.014186][T16914]  should_fail_ex+0x414/0x560
[  349.014220][T16914]  should_failslab+0xa8/0x100
[  349.014259][T16914]  __kmalloc_cache_noprof+0x70/0x3d0
[  349.014288][T16914]  ? virtio_transport_do_socket_init+0x57/0x2f0
[  349.014319][T16914]  virtio_transport_do_socket_init+0x57/0x2f0
[  349.014349][T16914]  vsock_assign_transport+0x5ae/0x770
[  349.014376][T16914]  ? vsock_connect+0x5a1/0xe20
[  349.014411][T16914]  vsock_connect+0x5ab/0xe20
[  349.014447][T16914]  ? aa_sk_perm+0x81e/0x950
[  349.014477][T16914]  ? __might_fault+0xb0/0x130
[  349.014504][T16914]  ? __pfx_vsock_connect+0x10/0x10
[  349.014534][T16914]  ? __pfx_aa_sk_perm+0x10/0x10
[  349.014564][T16914]  ? __pfx_autoremove_wake_function+0x10/0x10
[  349.014599][T16914]  ? bpf_lsm_socket_connect+0x9/0x20
[  349.014624][T16914]  __sys_connect+0x313/0x440
[  349.014656][T16914]  ? __fget_files+0x3a0/0x420
[  349.014687][T16914]  ? __pfx___sys_connect+0x10/0x10
[  349.014733][T16914]  ? __pfx_ksys_write+0x10/0x10
[  349.014758][T16914]  ? rcu_is_watching+0x15/0xb0
[  349.014787][T16914]  __x64_sys_connect+0x7a/0x90
[  349.014820][T16914]  do_syscall_64+0xfa/0x3b0
[  349.014837][T16914]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.014867][T16914]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.014887][T16914]  ? clear_bhb_loop+0x60/0xb0
[  349.014912][T16914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.014932][T16914] RIP: 0033:0x7fc22cf8ebe9
[  349.014951][T16914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.014968][T16914] RSP: 002b:00007fc22dd21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  349.014991][T16914] RAX: ffffffffffffffda RBX: 00007fc22d1b6090 RCX: 00007fc22cf8ebe9
[  349.015006][T16914] RDX: 0000000000000010 RSI: 0000200000000640 RDI: 0000000000000006
[  349.015018][T16914] RBP: 00007fc22dd21090 R08: 0000000000000000 R09: 0000000000000000
[  349.015031][T16914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.015043][T16914] R13: 00007fc22d1b6128 R14: 00007fc22d1b6090 R15: 00007ffc9580d958
[  349.015077][T16914]  </TASK>
[  349.427430][T16923] syzkaller0: entered promiscuous mode
[  349.434619][T16923] syzkaller0: entered allmulticast mode
[  349.472507][T16923] netlink: 'syz.3.3621': attribute type 4 has an invalid length.
[  349.632551][T16933] bridge0: port 1(bridge_slave_0) entered disabled state
[  349.709337][T16933] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  351.091135][T16964] __nla_validate_parse: 6 callbacks suppressed
[  351.091158][T16964] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3632'.
[  351.876773][    C0] Unknown status report in ack skb
[  352.182584][T16978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3636'.
[  352.224514][T16986] FAULT_INJECTION: forcing a failure.
[  352.224514][T16986] name failslab, interval 1, probability 0, space 0, times 0
[  352.265255][T16986] CPU: 1 UID: 0 PID: 16986 Comm: syz.1.3637 Not tainted syzkaller #0 PREEMPT(full) 
[  352.265287][T16986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.265300][T16986] Call Trace:
[  352.265308][T16986]  <TASK>
[  352.265317][T16986]  dump_stack_lvl+0x189/0x250
[  352.265348][T16986]  ? __pfx____ratelimit+0x10/0x10
[  352.265378][T16986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.265403][T16986]  ? __pfx__printk+0x10/0x10
[  352.265435][T16986]  ? __pfx___might_resched+0x10/0x10
[  352.265454][T16986]  ? fs_reclaim_acquire+0x7d/0x100
[  352.265512][T16986]  should_fail_ex+0x414/0x560
[  352.265546][T16986]  should_failslab+0xa8/0x100
[  352.265578][T16986]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  352.265607][T16986]  ? __alloc_skb+0x112/0x2d0
[  352.265631][T16986]  __alloc_skb+0x112/0x2d0
[  352.265655][T16986]  alloc_skb_with_frags+0xca/0x890
[  352.265685][T16986]  ? kasan_save_track+0x4f/0x80
[  352.265708][T16986]  ? kasan_save_track+0x3e/0x80
[  352.265730][T16986]  ? __kasan_kmalloc+0x93/0xb0
[  352.265754][T16986]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  352.265785][T16986]  virtio_transport_alloc_skb+0xee/0x1130
[  352.265823][T16986]  ? __lock_acquire+0xab9/0xd20
[  352.265857][T16986]  ? __pfx_virtio_transport_alloc_skb+0x10/0x10
[  352.265893][T16986]  ? __local_bh_enable_ip+0x12d/0x1c0
[  352.265914][T16986]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.265950][T16986]  virtio_transport_send_pkt_info+0x617/0xf00
[  352.266020][T16986]  virtio_transport_connect+0xa7/0x100
[  352.266047][T16986]  ? __pfx_virtio_transport_connect+0x10/0x10
[  352.266078][T16986]  ? __pfx_vsock_auto_bind+0x10/0x10
[  352.266110][T16986]  ? vsock_assign_transport+0x5ed/0x770
[  352.266144][T16986]  vsock_connect+0xb8d/0xe20
[  352.266182][T16986]  ? aa_sk_perm+0x81e/0x950
[  352.266211][T16986]  ? __might_fault+0xb0/0x130
[  352.266238][T16986]  ? __pfx_vsock_connect+0x10/0x10
[  352.266267][T16986]  ? __pfx_aa_sk_perm+0x10/0x10
[  352.266297][T16986]  ? __pfx_autoremove_wake_function+0x10/0x10
[  352.266340][T16986]  ? bpf_lsm_socket_connect+0x9/0x20
[  352.266367][T16986]  __sys_connect+0x313/0x440
[  352.266398][T16986]  ? __fget_files+0x3a0/0x420
[  352.266429][T16986]  ? __pfx___sys_connect+0x10/0x10
[  352.266474][T16986]  ? __pfx_ksys_write+0x10/0x10
[  352.266499][T16986]  ? rcu_is_watching+0x15/0xb0
[  352.266528][T16986]  __x64_sys_connect+0x7a/0x90
[  352.266560][T16986]  do_syscall_64+0xfa/0x3b0
[  352.266577][T16986]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.266605][T16986]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.266626][T16986]  ? clear_bhb_loop+0x60/0xb0
[  352.266652][T16986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.266677][T16986] RIP: 0033:0x7f085f18ebe9
[  352.266695][T16986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.266713][T16986] RSP: 002b:00007f085ff1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  352.266734][T16986] RAX: ffffffffffffffda RBX: 00007f085f3b6090 RCX: 00007f085f18ebe9
[  352.266749][T16986] RDX: 0000000000000010 RSI: 0000200000000640 RDI: 0000000000000006
[  352.266762][T16986] RBP: 00007f085ff1a090 R08: 0000000000000000 R09: 0000000000000000
[  352.266774][T16986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.266785][T16986] R13: 00007f085f3b6128 R14: 00007f085f3b6090 R15: 00007ffcd4dc46d8
[  352.266818][T16986]  </TASK>
[  352.748337][T16995] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3643'.
[  352.888357][    C0] Illegal XDP return value 16128 on prog  (id 689) dev bond0, expect packet loss!
[  353.313724][T17016] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3648'.
[  353.653710][T17040] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3655'.
[  353.683034][T17041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3657'.
[  353.863600][T17049] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3661'.
[  354.099848][T17059] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3662'.
[  354.405949][T17084] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  354.430711][T17084] tipc: Started in network mode
[  354.445906][T17084] tipc: Node identity 4ac222e8079, cluster identity 4711
[  354.463220][T17084] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  354.473634][T17086] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.3669'.
[  354.490929][T17084] tipc: Resetting bearer <eth:syzkaller0>
[  354.520831][T17083] tipc: Resetting bearer <eth:syzkaller0>
[  354.580408][T17083] tipc: Disabling bearer <eth:syzkaller0>
[  354.590870][T17086] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.3669'.
[  354.834979][T17100] FAULT_INJECTION: forcing a failure.
[  354.834979][T17100] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.857229][T17100] CPU: 1 UID: 0 PID: 17100 Comm: syz.3.3674 Not tainted syzkaller #0 PREEMPT(full) 
[  354.857259][T17100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  354.857271][T17100] Call Trace:
[  354.857279][T17100]  <TASK>
[  354.857289][T17100]  dump_stack_lvl+0x189/0x250
[  354.857318][T17100]  ? __pfx____ratelimit+0x10/0x10
[  354.857354][T17100]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.857378][T17100]  ? __pfx__printk+0x10/0x10
[  354.857419][T17100]  should_fail_ex+0x414/0x560
[  354.857451][T17100]  _copy_to_user+0x31/0xb0
[  354.857477][T17100]  simple_read_from_buffer+0xe1/0x170
[  354.857513][T17100]  proc_fail_nth_read+0x1b3/0x220
[  354.857540][T17100]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  354.857566][T17100]  ? rw_verify_area+0x2a6/0x4d0
[  354.857590][T17100]  ? __lock_acquire+0xab9/0xd20
[  354.857616][T17100]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  354.857641][T17100]  vfs_read+0x1fd/0xa30
[  354.857665][T17100]  ? fdget_pos+0x247/0x320
[  354.857688][T17100]  ? __pfx___mutex_lock+0x10/0x10
[  354.857718][T17100]  ? __pfx_vfs_read+0x10/0x10
[  354.857746][T17100]  ? __fget_files+0x2a/0x420
[  354.857780][T17100]  ? __fget_files+0x3a0/0x420
[  354.857808][T17100]  ? __fget_files+0x2a/0x420
[  354.857847][T17100]  ksys_read+0x145/0x250
[  354.857876][T17100]  ? __pfx_ksys_read+0x10/0x10
[  354.857898][T17100]  ? rcu_is_watching+0x15/0xb0
[  354.857924][T17100]  ? do_syscall_64+0xbe/0x3b0
[  354.857946][T17100]  do_syscall_64+0xfa/0x3b0
[  354.857963][T17100]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.857990][T17100]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.858010][T17100]  ? clear_bhb_loop+0x60/0xb0
[  354.858034][T17100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.858053][T17100] RIP: 0033:0x7f96e158d5fc
[  354.858071][T17100] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  354.858088][T17100] RSP: 002b:00007f96e234e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  354.858109][T17100] RAX: ffffffffffffffda RBX: 00007f96e17b5fa0 RCX: 00007f96e158d5fc
[  354.858141][T17100] RDX: 000000000000000f RSI: 00007f96e234e0a0 RDI: 0000000000000006
[  354.858154][T17100] RBP: 00007f96e234e090 R08: 0000000000000000 R09: 0000000000000000
[  354.858167][T17100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.858179][T17100] R13: 00007f96e17b6038 R14: 00007f96e17b5fa0 R15: 00007ffd0bf7d0f8
[  354.858214][T17100]  </TASK>
[  355.472037][T17132] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  355.657684][T17135] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  355.679805][ T5876] IPVS: starting estimator thread 0...
[  355.780795][T17143] IPVS: using max 27 ests per chain, 64800 per kthread
[  356.184524][T17160] vlan0: entered promiscuous mode
[  356.241093][T17160] vlan0: entered allmulticast mode
[  356.267280][T17160] veth0_vlan: entered allmulticast mode
[  356.374875][T17169] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  356.506003][T17174] team0: Port device team_slave_1 removed
[  356.523308][T17173] __nla_validate_parse: 1 callbacks suppressed
[  356.523330][T17173] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3694'.
[  356.793049][T17189] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3699'.
[  356.852323][T17194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3701'.
[  356.869223][T17197] netlink: 15610 bytes leftover after parsing attributes in process `syz.0.3702'.
[  357.031975][T17204] netlink: 'syz.0.3704': attribute type 1 has an invalid length.
[  357.043570][T17204] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3704'.
[  357.356451][T17210] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3707'.
[  357.798660][T17201] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  357.906316][    C1] Unknown status report in ack skb
[  358.056474][T17249] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  358.069969][T17245] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3721'.
[  358.893103][T17283] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3732'.
[  359.116955][T17294] netlink: 'syz.1.3735': attribute type 1 has an invalid length.
[  359.137343][T17294] netlink: 'syz.1.3735': attribute type 3 has an invalid length.
[  359.148713][T17294] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3735'.
[  359.227813][T17291] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3734'.
[  359.410041][T17306] netlink: 'syz.0.3737': attribute type 83 has an invalid length.
[  359.454537][T17307] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  359.758007][T17327] netlink: 'syz.4.3744': attribute type 10 has an invalid length.
[  359.788216][T17327] team0: Device hsr_slave_0 failed to register rx_handler
[  360.149506][T17341] syzkaller1: entered promiscuous mode
[  360.166691][T17341] syzkaller1: entered allmulticast mode
[  360.597858][T17367] netlink: 'syz.0.3758': attribute type 8 has an invalid length.
[  360.666108][T17367] netlink: 'syz.0.3758': attribute type 11 has an invalid length.
[  360.757023][T17381] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  361.068604][T17398] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  361.103774][T17398] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  361.136758][T17398] gretap1: entered promiscuous mode
[  361.155232][T17398] gretap1: entered allmulticast mode
[  361.195032][T17401] af_packet: tpacket_rcv: packet too big, clamped from 179 to 4294967272. macoff=96
[  361.333138][    C0] Unknown status report in ack skb
[  361.645719][T17423] __nla_validate_parse: 4 callbacks suppressed
[  361.645739][T17423] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3778'.
[  361.693432][T17427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3780'.
[  361.806018][T17438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3781'.
[  362.497478][T17476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3793'.
[  362.820359][T17489] netlink: 'syz.2.3799': attribute type 10 has an invalid length.
[  362.872601][T17489] veth1_macvtap: left promiscuous mode
[  363.245360][T17509] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3802'.
[  363.300284][T17509] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3802'.
[  363.620476][T17517] nbd6: detected capacity change from 0 to 127
[  363.648993][ T5870] block nbd6: Receive control failed (result -32)
[  363.895979][T17533] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3812'.
[  363.911089][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  363.992533][T17539] batadv_slave_1: entered promiscuous mode
[  364.059683][T17539] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3813'.
[  364.120717][T17538] batadv_slave_1: left promiscuous mode
[  364.143006][T17548] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3815'.
[  364.279566][T17552] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  364.411484][T17552] dvmrp0: entered allmulticast mode
[  364.417269][T17559] netlink: 'syz.0.3820': attribute type 29 has an invalid length.
[  364.439428][T17559] netlink: 'syz.0.3820': attribute type 29 has an invalid length.
[  364.467851][T17559] netlink: 500 bytes leftover after parsing attributes in process `syz.0.3820'.
[  364.489579][T17563] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  364.490384][T17559] unsupported nla_type 58
[  364.606235][T17549] dvmrp0: left allmulticast mode
[  364.684555][T17566] vlan2: entered promiscuous mode
[  364.695510][T17566] vlan2: entered allmulticast mode
[  364.701268][T17566] hsr_slave_1: entered allmulticast mode
[  364.782578][    C1] Unknown status report in ack skb
[  365.458942][T17594] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  365.479378][T17593] netlink: 'syz.0.3834': attribute type 1 has an invalid length.
[  365.545113][    C0] Unknown status report in ack skb
[  365.662130][T17606] netlink: 'syz.4.3839': attribute type 10 has an invalid length.
[  365.949281][T17624] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  366.397492][T17646] netlink: 'syz.1.3854': attribute type 10 has an invalid length.
[  366.532639][T17650] block nbd7: server does not support multiple connections per device.
[  366.543751][T17650] block nbd7: shutting down sockets
[  366.673462][T17659] __nla_validate_parse: 14 callbacks suppressed
[  366.673483][T17659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3861'.
[  366.951133][T17672] netlink: 'syz.1.3865': attribute type 5 has an invalid length.
[  367.000014][T17672] netlink: 140 bytes leftover after parsing attributes in process `syz.1.3865'.
[  367.077546][T17672] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  367.095397][ T5923] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.125675][T17681] netlink: 'syz.1.3865': attribute type 1 has an invalid length.
[  367.134659][T17681] netlink: 'syz.1.3865': attribute type 2 has an invalid length.
[  367.208625][T17680] vlan3: entered promiscuous mode
[  367.225156][T17680] vlan3: entered allmulticast mode
[  367.237443][T17680] hsr_slave_1: entered allmulticast mode
[  367.301871][T17680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3868'.
[  367.307571][T17691] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3872'.
[  367.333779][T17691] netlink: 'syz.2.3872': attribute type 20 has an invalid length.
[  367.414052][ T5923] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.523069][ T7651] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  367.523232][T17691] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3872'.
[  367.571408][ T7651] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  367.609170][ T7651] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  367.634751][ T7651] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  367.661866][T17695] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3874'.
[  368.016727][T17720] delete_channel: no stack
[  368.227479][T17733] validate_nla: 2 callbacks suppressed
[  368.227500][T17733] netlink: 'syz.2.3884': attribute type 1 has an invalid length.
[  368.244360][T17733] netlink: 'syz.2.3884': attribute type 1 has an invalid length.
[  368.273433][T17735] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  368.417360][T17741] netlink: 'syz.1.3886': attribute type 10 has an invalid length.
[  369.278135][T17793] netlink: 'syz.4.3901': attribute type 10 has an invalid length.
[  369.338622][T17797] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  369.548983][T17807] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3906'.
[  369.571077][T17807] openvswitch: netlink: Port -8 exceeds max allowable 65535
[  369.597890][T17807] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3906'.
[  369.629606][T17807] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3906'.
[  369.689828][T17807] 8021q: VLANs not supported on wg1
[  370.162985][T17836] netlink: 'syz.3.3915': attribute type 10 has an invalid length.
[  370.312035][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  370.408937][T17846] netlink: 'syz.2.3919': attribute type 1 has an invalid length.
[  370.681472][T17856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3924'.
[  370.699540][T17854] pim6reg1: entered promiscuous mode
[  370.705100][T17854] pim6reg1: entered allmulticast mode
[  371.014440][T17876] netlink: 'syz.2.3928': attribute type 10 has an invalid length.
[  371.077268][T17876] team0: Port device veth1_macvtap added
[  371.138899][T17884] netlink: 'syz.0.3930': attribute type 18 has an invalid length.
[  371.175743][ T3470] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  371.185088][T17884] netlink: 'syz.0.3930': attribute type 18 has an invalid length.
[  371.206202][ T3470] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  371.228864][T17888] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  371.255683][ T3470] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  371.283893][ T3470] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  371.426780][T17896] netlink: 'syz.0.3933': attribute type 1 has an invalid length.
[  371.969637][T17910] __nla_validate_parse: 4 callbacks suppressed
[  371.969657][T17910] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3937'.
[  372.170898][T17924] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3943'.
[  372.240034][T17929] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3944'.
[  372.521312][T17942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3947'.
[  372.739336][T17959] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  372.764039][T17959] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  372.945985][T17963] team0 (unregistering): Port device team_slave_0 removed
[  372.979435][T17963] team0 (unregistering): Port device team_slave_1 removed
[  373.172236][T17975] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3958'.
[  373.669024][T18001] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3966'.
[  373.698008][T18001] Unsupported ieee802154 address type: 0
[  373.998547][T18010] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3969'.
[  374.055090][T18014] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3971'.
[  374.055195][T18012] netlink: 'syz.0.3970': attribute type 10 has an invalid length.
[  374.236566][T18020] tap0: tun_chr_ioctl cmd 1074025677
[  374.260479][T18020] tap0: linktype set to 65534
[  374.399223][T18027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3977'.
[  374.436482][T18028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3977'.
[  374.509567][T18035] netlink: 'syz.2.3980': attribute type 1 has an invalid length.
[  374.758183][T18050] netlink: 'syz.3.3985': attribute type 10 has an invalid length.
[  375.237067][T18072] veth1_macvtap: left promiscuous mode
[  375.247018][T18072] macsec0: entered promiscuous mode
[  375.253826][T18072] macsec0: entered allmulticast mode
[  375.288046][T18072] veth1_macvtap: entered promiscuous mode
[  375.302495][T18072] veth1_macvtap: entered allmulticast mode
[  375.312067][T18072] macsec0: left promiscuous mode
[  375.321834][T18072] macsec0: left allmulticast mode
[  375.333769][T18072] veth1_macvtap: left allmulticast mode
[  375.413477][T18078] netlink: 'syz.4.3996': attribute type 10 has an invalid length.
[  375.795327][T18092] bridge_slave_0: left allmulticast mode
[  375.815330][T18092] bridge_slave_0: left promiscuous mode
[  375.832358][T18092] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.869156][T18092] bond0: (slave bond_slave_0): Releasing backup interface
[  375.880364][T18092] bond_slave_0: left allmulticast mode
[  375.912430][T18092] bond0: (slave bond_slave_1): Releasing backup interface
[  375.926237][T18092] bond_slave_1: left allmulticast mode
[  375.955053][T18092] team0: Port device team_slave_0 removed
[  375.985622][T18092] team0: Port device team_slave_1 removed
[  375.993589][T18092] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  376.001265][T18092] batman_adv: batadv0: Removing interface: batadv_slave_0
[  376.028699][T18092] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  376.036504][T18092] batman_adv: batadv0: Removing interface: batadv_slave_1
[  376.066505][T18092] bond0: (slave wlan1): Releasing backup interface
[  376.082522][T18092] mac80211_hwsim hwsim31 wlan1: left allmulticast mode
[  376.129336][T18104] bridge2: entered promiscuous mode
[  376.138994][T18104] bridge2: entered allmulticast mode
[  376.466813][T18114] Bluetooth: MGMT ver 1.23
[  377.036917][T18147] netlink: 'syz.0.4019': attribute type 4 has an invalid length.
[  377.045048][T18147] __nla_validate_parse: 14 callbacks suppressed
[  377.045063][T18147] netlink: 17 bytes leftover after parsing attributes in process `syz.0.4019'.
[  377.104538][T18147] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4019'.
[  377.118413][T18147] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4019'.
[  377.327864][T18158] netlink: 'syz.0.4021': attribute type 1 has an invalid length.
[  377.351160][   T11] block nbd0: Possible stuck request ffff888025380000: control (read@0,1024B). Runtime 240 seconds
[  377.362395][   T11] block nbd0: Possible stuck request ffff8880253801c0: control (read@1024,1024B). Runtime 240 seconds
[  377.373627][   T11] block nbd0: Possible stuck request ffff888025380380: control (read@2048,1024B). Runtime 240 seconds
[  377.388814][   T11] block nbd0: Possible stuck request ffff888025380540: control (read@3072,1024B). Runtime 240 seconds
[  377.670981][T18172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4025'.
[  377.784889][T18175] sit1: entered promiscuous mode
[  377.793965][T18175] sit1: entered allmulticast mode
[  377.917018][T18181] netlink: 'syz.2.4029': attribute type 10 has an invalid length.
[  377.925711][T18181] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  377.956899][T18179] netlink: zone id is out of range
[  377.969257][T18179] netlink: zone id is out of range
[  377.991699][T18179] netlink: zone id is out of range
[  377.997093][T18179] netlink: zone id is out of range
[  378.041609][T18179] netlink: zone id is out of range
[  378.046925][T18179] netlink: zone id is out of range
[  378.089233][T18186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4028'.
[  378.101094][T18179] netlink: zone id is out of range
[  378.115461][T18179] netlink: zone id is out of range
[  378.132855][T18186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4028'.
[  378.149267][T18188] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4031'.
[  378.174605][T18179] netlink: zone id is out of range
[  378.223936][T18179] netlink: zone id is out of range
[  378.640635][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.811669][T18215] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4036'.
[  379.061788][T18228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4042'.
[  379.907683][T18261] netlink: 64985 bytes leftover after parsing attributes in process `syz.4.4050'.
[  380.080925][T18267] tipc: Enabling of bearer <dth:sy> rejected, media not registered
[  380.121187][T18272] netlink: 'syz.0.4056': attribute type 23 has an invalid length.
[  380.314004][T18276] lo speed is unknown, defaulting to 1000
[  380.722180][T18296] syzkaller1: entered promiscuous mode
[  380.735541][T18296] syzkaller1: entered allmulticast mode
[  380.811144][T18276] hsr0 speed is unknown, defaulting to 1000
[  381.157665][ T5870] Bluetooth: hci1: link tx timeout
[  381.170673][ T5870] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  381.487386][T18332] veth0_to_bond: entered allmulticast mode
[  381.537884][T18335] netlink: 'syz.4.4075': attribute type 58 has an invalid length.
[  381.872134][T18342] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  381.915868][T18337] tipc: Disabling bearer <eth:syzkaller0>
[  382.092644][T18357] netlink: 'syz.1.4082': attribute type 1 has an invalid length.
[  382.100654][T18357] netlink: 'syz.1.4082': attribute type 10 has an invalid length.
[  382.108508][T18357] netlink: 'syz.1.4082': attribute type 4 has an invalid length.
[  382.126625][T18357] __nla_validate_parse: 3 callbacks suppressed
[  382.126644][T18357] netlink: 136 bytes leftover after parsing attributes in process `syz.1.4082'.
[  382.191835][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4084'.
[  382.304786][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4084'.
[  383.191169][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  383.616391][T18439] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4112'.
[  384.163423][T18476] sctp: [Deprecated]: syz.3.4123 (pid 18476) Use of int in maxseg socket option.
[  384.163423][T18476] Use struct sctp_assoc_value instead
[  384.251005][T18476] syzkaller0: entered promiscuous mode
[  384.256543][T18476] syzkaller0: entered allmulticast mode
[  384.292877][T18476] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4123'.
[  384.352649][T18485] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4126'.
[  384.474319][T18485] netlink: 80 bytes leftover after parsing attributes in process `syz.2.4126'.
[  384.660522][T18491] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4128'.
[  385.459571][T18530] netlink: 'syz.0.4139': attribute type 2 has an invalid length.
[  385.468269][T18530] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4139'.
[  385.724715][T18541] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4142'.
[  385.869382][T18557] gretap1: entered promiscuous mode
[  385.887452][T18557] gretap1: entered allmulticast mode
[  386.043410][T18568] netlink: 'syz.1.4147': attribute type 1 has an invalid length.
[  386.731471][T18594] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  387.329017][T18634] netlink: 'syz.4.4163': attribute type 10 has an invalid length.
[  387.375096][T18634] team0: Device hsr_slave_0 failed to register rx_handler
[  387.457165][T18639] __nla_validate_parse: 7 callbacks suppressed
[  387.457185][T18639] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4165'.
[  387.506470][T18641] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  387.516570][T18643] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4166'.
[  387.703167][T18656] pim6reg: entered allmulticast mode
[  387.905194][T18671] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4174'.
[  388.019883][T18671] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.041562][T18671] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.061159][T18671] bond0 (unregistering): Released all slaves
[  388.281282][T18678] netlink: 'syz.3.4176': attribute type 10 has an invalid length.
[  388.302815][T18678] team0: Device hsr_slave_0 failed to register rx_handler
[  388.355489][    C1] Unknown status report in ack skb
[  388.407915][T18684] net_ratelimit: 6 callbacks suppressed
[  388.407935][T18684] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  388.646751][T18701] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  388.658287][T18701] syzkaller0: entered promiscuous mode
[  388.666895][T18701] syzkaller0: entered allmulticast mode
[  388.935451][T18718] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4189'.
[  389.338584][T18725] netlink: 'syz.4.4191': attribute type 10 has an invalid length.
[  389.352163][T18725] team0: Device hsr_slave_0 failed to register rx_handler
[  389.464844][    C1] Unknown status report in ack skb
[  389.478979][T18700] tipc: Resetting bearer <eth:syzkaller0>
[  389.582694][T18700] tipc: Disabling bearer <eth:syzkaller0>
[  389.611065][T18731] tipc: Invalid UDP bearer configuration
[  389.611157][T18731] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  389.791466][T18740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4198'.
[  389.792185][T18742] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.4199'.
[  389.835932][T18742] netlink: zone id is out of range
[  389.876632][T18742] netlink: get zone limit has 8 unknown bytes
[  390.019099][T18752] tipc: Started in network mode
[  390.035808][T18752] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[  390.068606][T18752] tipc: Enabled bearer <udp:syz1>, priority 10
[  390.079553][T18756] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4205'.
[  390.234016][T18762] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4209'.
[  390.399770][T18773] netlink: 'syz.3.4213': attribute type 11 has an invalid length.
[  390.480517][T18777] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4214'.
[  390.709143][T18786] veth0_to_bridge: entered promiscuous mode
[  390.724307][T18786] veth0_to_bridge: left promiscuous mode
[  390.802195][T18784] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4217'.
[  391.038727][T18797] netlink: 'syz.0.4223': attribute type 10 has an invalid length.
[  391.192235][ T5876] tipc: Node number set to 4269801514
[  391.255332][T18806] bond0: entered allmulticast mode
[  391.269248][T18806] bond_slave_0: entered allmulticast mode
[  391.275419][T18806] bond_slave_1: entered allmulticast mode
[  391.297440][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.326096][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.351380][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.367083][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.377343][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.395310][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.404999][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.413134][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.421853][T18806] netlink: 'syz.3.4227': attribute type 3 has an invalid length.
[  391.600223][    C1] Unknown status report in ack skb
[  391.621238][    C1] ------------[ cut here ]------------
[  391.626981][    C1] WARNING: CPU: 1 PID: 18818 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730
[  391.636641][    C1] Modules linked in:
[  391.640857][    C1] CPU: 1 UID: 0 PID: 18818 Comm: syz.2.4231 Not tainted syzkaller #0 PREEMPT(full) 
[  391.650305][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  391.660472][    C1] RIP: 0010:inet_sock_destruct+0x623/0x730
[  391.666331][    C1] Code: 0f 0b 90 e9 62 fe ff ff e8 fa 4e bc f7 90 0f 0b 90 e9 95 fe ff ff e8 ec 4e bc f7 90 0f 0b 90 e9 bb fe ff ff e8 de 4e bc f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[  391.686030][    C1] RSP: 0018:ffffc90000a08b48 EFLAGS: 00010246
[  391.692265][    C1] RAX: ffffffff8a035cb2 RBX: dffffc0000000000 RCX: ffff88804cb2bc00
[  391.700318][    C1] RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000
[  391.708318][    C1] RBP: 0000000000000fff R08: ffff8880505b611f R09: 1ffff1100a0b6c23
[  391.716447][    C1] R10: dffffc0000000000 R11: ffffed100a0b6c24 R12: ffff8880505b5e80
[  391.724499][    C1] R13: dffffc0000000000 R14: ffff8880505b6104 R15: 1ffff1100a0b6bd2
[  391.732548][    C1] FS:  0000000000000000(0000) GS:ffff888125d18000(0000) knlGS:0000000000000000
[  391.741559][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  391.748177][    C1] CR2: 00002000000003c0 CR3: 0000000050294000 CR4: 00000000003526f0
[  391.756213][    C1] Call Trace:
[  391.759533][    C1]  <IRQ>
[  391.762438][    C1]  ? inet6_cleanup_sock+0x197/0x230
[  391.767683][    C1]  ? __pfx_inet6_sock_destruct+0x10/0x10
[  391.773406][    C1]  __sk_destruct+0x86/0x660
[  391.777955][    C1]  ? __pfx___sk_destruct+0x10/0x10
[  391.783150][    C1]  ? rcu_core+0xc37/0x1770
[  391.787627][    C1]  rcu_core+0xcab/0x1770
[  391.791972][    C1]  ? __pfx_rcu_core+0x10/0x10
[  391.796707][    C1]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  391.802432][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  391.808756][    C1]  handle_softirqs+0x283/0x870
[  391.813691][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  391.818501][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  391.823871][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  391.829121][    C1]  __irq_exit_rcu+0xca/0x1f0
[  391.833790][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  391.839044][    C1]  irq_exit_rcu+0x9/0x30
[  391.843377][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  391.849072][    C1]  </IRQ>
[  391.852067][    C1]  <TASK>
[  391.855033][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  391.861088][    C1] RIP: 0010:check_preemption_disabled+0x25/0x120
[  391.867487][    C1] Code: 90 90 90 90 90 55 41 57 41 56 53 48 83 ec 10 65 48 8b 05 be ae 26 07 48 89 44 24 08 65 8b 05 c6 ae 26 07 65 8b 0d bb ae 26 07 <f7> c1 ff ff ff 7f 74 23 65 48 8b 0d 9b ae 26 07 48 3b 4c 24 08 0f
[  391.887191][    C1] RSP: 0018:ffffc900104d72b0 EFLAGS: 00000282
[  391.893362][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000080000002
[  391.901408][    C1] RDX: 0000000000000000 RSI: ffffffff8be337e0 RDI: ffffffff8be337a0
[  391.909505][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff822e4617
[  391.917572][    C1] R10: dffffc0000000000 R11: fffff940002feff9 R12: 000000000005fdff
[  391.925654][    C1] R13: dffffc0000000000 R14: ffff88813fffa570 R15: 0000000000001000
[  391.933823][    C1]  ? page_table_check_clear+0x187/0x700
[  391.939478][    C1]  rcu_is_watching+0x15/0xb0
[  391.944165][    C1]  rcu_read_lock_held+0x15/0x50
[  391.949083][    C1]  page_ext_lookup+0xe7/0x180
[  391.953858][    C1]  ? page_table_check_clear+0x187/0x700
[  391.959464][    C1]  page_table_check_clear+0x278/0x700
[  391.964931][    C1]  ? vm_normal_page+0xb7/0x210
[  391.969738][    C1]  unmap_page_range+0x3445/0x4370
[  391.974901][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  391.980352][    C1]  ? mas_find+0xb0e/0xd30
[  391.984730][    C1]  ? unmap_vmas+0x144/0x580
[  391.985799][T18825] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  391.989263][    C1]  unmap_vmas+0x399/0x580
[  392.001939][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  392.006846][    C1]  exit_mmap+0x248/0xb50
[  392.011160][    C1]  ? uprobe_clear_state+0x20f/0x290
[  392.016398][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  392.021240][    C1]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  392.026936][    C1]  ? __pfx_exit_aio+0x10/0x10
[  392.031707][    C1]  ? uprobe_clear_state+0x274/0x290
[  392.036950][    C1]  __mmput+0x118/0x420
[  392.041107][    C1]  exit_mm+0x1da/0x2c0
[  392.045250][    C1]  ? __pfx_exit_mm+0x10/0x10
[  392.049883][    C1]  ? rcu_is_watching+0x15/0xb0
[  392.054724][    C1]  do_exit+0x648/0x2300
[  392.058924][    C1]  ? cgroup_freezing+0x20/0x350
[  392.063882][    C1]  ? __pfx_do_exit+0x10/0x10
[  392.068524][    C1]  ? cgroup_freezing+0x20/0x350
[  392.073490][    C1]  ? cgroup_freezing+0x20/0x350
[  392.078411][    C1]  do_group_exit+0x21c/0x2d0
[  392.083102][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.088521][    C1]  get_signal+0x1286/0x1340
[  392.093114][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  392.098762][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  392.105014][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  392.110550][    C1]  exit_to_user_mode_loop+0x75/0x110
[  392.115878][    C1]  do_syscall_64+0x2bd/0x3b0
[  392.120552][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.125806][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.132035][    C1]  ? clear_bhb_loop+0x60/0xb0
[  392.136754][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.142805][    C1] RIP: 0033:0x7fb43438ebe9
[  392.147253][    C1] Code: Unable to access opcode bytes at 0x7fb43438ebbf.
[  392.154352][    C1] RSP: 002b:00007fb4352ab0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  392.162843][    C1] RAX: 0000000000000001 RBX: 00007fb4345b5fa8 RCX: 00007fb43438ebe9
[  392.170999][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb4345b5fac
[  392.179029][    C1] RBP: 00007fb4345b5fa0 R08: 7fffffffffffffff R09: 0000000000000000
[  392.187082][    C1] R10: 0000000000000090 R11: 0000000000000246 R12: 0000000000000000
[  392.195140][    C1] R13: 00007fb4345b6038 R14: 00007ffdd5a401a0 R15: 00007ffdd5a40288
[  392.203219][    C1]  </TASK>
[  392.206265][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  392.213575][    C1] CPU: 1 UID: 0 PID: 18818 Comm: syz.2.4231 Not tainted syzkaller #0 PREEMPT(full) 
[  392.223127][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  392.233193][    C1] Call Trace:
[  392.236484][    C1]  <IRQ>
[  392.239348][    C1]  dump_stack_lvl+0x99/0x250
[  392.243949][    C1]  ? __asan_memcpy+0x40/0x70
[  392.248549][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.253751][    C1]  ? __pfx__printk+0x10/0x10
[  392.258359][    C1]  vpanic+0x281/0x750
[  392.262784][    C1]  ? __pfx__printk+0x10/0x10
[  392.267391][    C1]  ? __pfx_vpanic+0x10/0x10
[  392.271923][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  392.277152][    C1]  panic+0xb9/0xc0
[  392.280901][    C1]  ? __pfx_panic+0x10/0x10
[  392.285348][    C1]  __warn+0x31b/0x4b0
[  392.289340][    C1]  ? inet_sock_destruct+0x623/0x730
[  392.294549][    C1]  ? inet_sock_destruct+0x623/0x730
[  392.299754][    C1]  report_bug+0x2be/0x4f0
[  392.304627][    C1]  ? inet_sock_destruct+0x623/0x730
[  392.309836][    C1]  ? inet_sock_destruct+0x623/0x730
[  392.315143][    C1]  ? inet_sock_destruct+0x625/0x730
[  392.320451][    C1]  handle_bug+0x84/0x160
[  392.324714][    C1]  exc_invalid_op+0x1a/0x50
[  392.329220][    C1]  asm_exc_invalid_op+0x1a/0x20
[  392.334098][    C1] RIP: 0010:inet_sock_destruct+0x623/0x730
[  392.339915][    C1] Code: 0f 0b 90 e9 62 fe ff ff e8 fa 4e bc f7 90 0f 0b 90 e9 95 fe ff ff e8 ec 4e bc f7 90 0f 0b 90 e9 bb fe ff ff e8 de 4e bc f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[  392.359532][    C1] RSP: 0018:ffffc90000a08b48 EFLAGS: 00010246
[  392.365615][    C1] RAX: ffffffff8a035cb2 RBX: dffffc0000000000 RCX: ffff88804cb2bc00
[  392.373597][    C1] RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000
[  392.381591][    C1] RBP: 0000000000000fff R08: ffff8880505b611f R09: 1ffff1100a0b6c23
[  392.389569][    C1] R10: dffffc0000000000 R11: ffffed100a0b6c24 R12: ffff8880505b5e80
[  392.397542][    C1] R13: dffffc0000000000 R14: ffff8880505b6104 R15: 1ffff1100a0b6bd2
[  392.405540][    C1]  ? inet_sock_destruct+0x622/0x730
[  392.410759][    C1]  ? inet_sock_destruct+0x622/0x730
[  392.415965][    C1]  ? inet6_cleanup_sock+0x197/0x230
[  392.421175][    C1]  ? __pfx_inet6_sock_destruct+0x10/0x10
[  392.426810][    C1]  __sk_destruct+0x86/0x660
[  392.431420][    C1]  ? __pfx___sk_destruct+0x10/0x10
[  392.436619][    C1]  ? rcu_core+0xc37/0x1770
[  392.441061][    C1]  rcu_core+0xcab/0x1770
[  392.445341][    C1]  ? __pfx_rcu_core+0x10/0x10
[  392.450037][    C1]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  392.455779][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  392.462141][    C1]  handle_softirqs+0x283/0x870
[  392.466939][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  392.471722][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  392.477026][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  392.482256][    C1]  __irq_exit_rcu+0xca/0x1f0
[  392.486865][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  392.492088][    C1]  irq_exit_rcu+0x9/0x30
[  392.496336][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  392.501982][    C1]  </IRQ>
[  392.504917][    C1]  <TASK>
[  392.507852][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  392.513839][    C1] RIP: 0010:check_preemption_disabled+0x25/0x120
[  392.520195][    C1] Code: 90 90 90 90 90 55 41 57 41 56 53 48 83 ec 10 65 48 8b 05 be ae 26 07 48 89 44 24 08 65 8b 05 c6 ae 26 07 65 8b 0d bb ae 26 07 <f7> c1 ff ff ff 7f 74 23 65 48 8b 0d 9b ae 26 07 48 3b 4c 24 08 0f
[  392.539811][    C1] RSP: 0018:ffffc900104d72b0 EFLAGS: 00000282
[  392.545894][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000080000002
[  392.553888][    C1] RDX: 0000000000000000 RSI: ffffffff8be337e0 RDI: ffffffff8be337a0
[  392.561882][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff822e4617
[  392.569878][    C1] R10: dffffc0000000000 R11: fffff940002feff9 R12: 000000000005fdff
[  392.577864][    C1] R13: dffffc0000000000 R14: ffff88813fffa570 R15: 0000000000001000
[  392.585872][    C1]  ? page_table_check_clear+0x187/0x700
[  392.591490][    C1]  rcu_is_watching+0x15/0xb0
[  392.596110][    C1]  rcu_read_lock_held+0x15/0x50
[  392.600981][    C1]  page_ext_lookup+0xe7/0x180
[  392.605706][    C1]  ? page_table_check_clear+0x187/0x700
[  392.611273][    C1]  page_table_check_clear+0x278/0x700
[  392.616664][    C1]  ? vm_normal_page+0xb7/0x210
[  392.621445][    C1]  unmap_page_range+0x3445/0x4370
[  392.626527][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  392.631914][    C1]  ? mas_find+0xb0e/0xd30
[  392.636262][    C1]  ? unmap_vmas+0x144/0x580
[  392.640779][    C1]  unmap_vmas+0x399/0x580
[  392.645144][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  392.650037][    C1]  exit_mmap+0x248/0xb50
[  392.654319][    C1]  ? uprobe_clear_state+0x20f/0x290
[  392.659528][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  392.664307][    C1]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  392.669965][    C1]  ? __pfx_exit_aio+0x10/0x10
[  392.674674][    C1]  ? uprobe_clear_state+0x274/0x290
[  392.679932][    C1]  __mmput+0x118/0x420
[  392.684022][    C1]  exit_mm+0x1da/0x2c0
[  392.688142][    C1]  ? __pfx_exit_mm+0x10/0x10
[  392.692776][    C1]  ? rcu_is_watching+0x15/0xb0
[  392.697561][    C1]  do_exit+0x648/0x2300
[  392.701740][    C1]  ? cgroup_freezing+0x20/0x350
[  392.706710][    C1]  ? __pfx_do_exit+0x10/0x10
[  392.711354][    C1]  ? cgroup_freezing+0x20/0x350
[  392.716240][    C1]  ? cgroup_freezing+0x20/0x350
[  392.721238][    C1]  do_group_exit+0x21c/0x2d0
[  392.725840][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.731058][    C1]  get_signal+0x1286/0x1340
[  392.735582][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  392.741152][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  392.747337][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  392.752807][    C1]  exit_to_user_mode_loop+0x75/0x110
[  392.758119][    C1]  do_syscall_64+0x2bd/0x3b0
[  392.762731][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.768041][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.774216][    C1]  ? clear_bhb_loop+0x60/0xb0
[  392.778907][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.784809][    C1] RIP: 0033:0x7fb43438ebe9
[  392.789236][    C1] Code: Unable to access opcode bytes at 0x7fb43438ebbf.
[  392.796429][    C1] RSP: 002b:00007fb4352ab0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  392.804847][    C1] RAX: 0000000000000001 RBX: 00007fb4345b5fa8 RCX: 00007fb43438ebe9
[  392.812818][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb4345b5fac
[  392.820792][    C1] RBP: 00007fb4345b5fa0 R08: 7fffffffffffffff R09: 0000000000000000
[  392.828767][    C1] R10: 0000000000000090 R11: 0000000000000246 R12: 0000000000000000
[  392.836743][    C1] R13: 00007fb4345b6038 R14: 00007ffdd5a401a0 R15: 00007ffdd5a40288
[  392.844853][    C1]  </TASK>
[  392.848163][    C1] Kernel Offset: disabled
[  392.852512][    C1] Rebooting in 86400 seconds..