last executing test programs:

5m56.776091504s ago: executing program 4 (id=4485):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
unshare(0x22020600)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff018}, {0x80000006, 0x8, 0xb, 0x20000}]}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000004000000000000000000bd5b7e165576ccf3000018200000", @ANYRES32=r3, @ANYBLOB="0000000002000000c3000200000000009500000000000000"], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x200000800000)
r4 = socket$inet6(0xa, 0x802, 0x88)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000180)={0x0, 0xaa, "b0ab7c815b4446d8c8daf085511c6ed7ede158164d7cd76751c957573819b76ed18d153eb5e2c259724e929c99b390a14fbc5e60ec2e06d4be635a6075e85c69c0a416b231a2b2c6608e0c5263953589d9f36cbbea3cd2d94968944d8a56d657531c7b00b123fa9c8808fe93645e450b2a43802cf6ba1bf103212adf7e76489534affadf921da0812053bb4616bf0d485382b38d6944f77fade96f1818842edb572c0904061599d279c5"}, &(0x7f0000000100)=0xb2)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000240)={'wg2\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r6, 0x1, 0x0, 0x0, {0x23}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x20}}, 0x0)
r9 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000140)=[@in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, @in={0x2, 0x4e20, @broadcast}], 0x3c)
setsockopt$inet6_udp_int(r4, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
recvmsg$qrtr(r1, &(0x7f00000008c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000800)=[{&(0x7f0000000300)=""/142, 0x8e}, {&(0x7f0000000600)=""/231, 0xe7}, {&(0x7f0000000400)=""/64, 0x40}, {&(0x7f0000000700)=""/161, 0xa1}, {&(0x7f0000000440)=""/117, 0x75}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000000540)}, {&(0x7f0000000580)=""/62, 0x3e}, {&(0x7f00000007c0)=""/55, 0x37}], 0x9, 0x0, 0x0, 0x2020}, 0x38, 0x40000120)

5m56.532300133s ago: executing program 4 (id=4489):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000200)={0x58, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x45, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x3}, @typed={0x14, 0x3, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bda"]}]}, 0x58}], 0x1}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0xf000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r3)
sendmsg$NLBL_CALIPSO_C_REMOVE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r4, 0x8, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x1170, 0x1170, 0x1398, 0x0, 0x1170, 0x1398, 0x1398, 0x1398, 0x1398, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)

5m56.407299679s ago: executing program 4 (id=4490):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
socket$netlink(0x10, 0x3, 0x5)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
r2 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r2, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x4e24, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1c5100502611ea00000000000800a30000", @ANYRES32=0x0, @ANYBLOB="ac141411e00000010000000020000000000000000000000007000000440d09000008ea6e1900000000000000"], 0x40}, 0x20002880)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})
recvmmsg(r0, &(0x7f0000006fc0)=[{{0x0, 0x0, 0xfffffffffffffffc, 0x0, &(0x7f0000000340)=""/85, 0xb0}, 0x10001}], 0x1, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

5m55.925634036s ago: executing program 4 (id=4496):
r0 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r0, &(0x7f0000000700)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x8}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x20020095)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000000))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$inet(0x2, 0x3, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000020008000400", @ANYRES32=r4, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10)

5m55.788809822s ago: executing program 4 (id=4500):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa08000600060000008fcdc9adb39aef5c78beaa04775162c286499d168d39920670015377def5d408aedecd98e68f37c082b2070bd0d6e390be37d2a524ff6ebaed765a22d9b38e8e8babe8cdcade3ab50c0fc83ef82b4ea810247a22f1ae7899fcff7fcd6790194adc80bb780f9b50903fecb945f5e5ca2b9315e8ac20ab4805ba532718ccb3dbdc99afaf59cbb6c2da862e2152268745e19d94f24f71f78f8ce5aae3fd933b4c4921be96ba0f22db87b3d652f8777c361c0c7ffb7f3e72314f8239fc59559abd8e5bf5d6186c3166"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r6, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4)
close(r6)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x83}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r7, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
r9 = socket(0xa, 0x2, 0x0)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c)
bind$inet6(r8, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x5}}, 0x1c)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r10, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r10, &(0x7f0000000280)="6d87", 0x2, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvmsg(r10, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x3)

5m54.248470117s ago: executing program 4 (id=4506):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@bridge_dellink={0x20, 0x11, 0x1}, 0x20}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f5, &(0x7f00000001c0)={'gretap0\x00', 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000400004803c0001800b00010065787468647200002c000280080007400000000c0500020000000000080003405700004a080006"], 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
r3 = socket$inet6(0xa, 0x3, 0x2f)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x403, 0x70bd2a, 0x0, {0x0, 0x0, 0x74}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}, @IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x1}]}}}]}, 0x44}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x4}, @in6=@loopback, 0x0, 0x0, 0x4, 0x0, 0x2}, {0x0, 0x7ff, 0x913d, 0x0, 0x0, 0xf42, 0x8}, {0x0, 0x0, 0x0, 0xfffefffffffffffe}, 0x0, 0x0, 0x1, 0x0, 0x4}, {{@in=@empty, 0x4d4, 0x33}, 0x0, @in6=@private1, 0x3502, 0x0, 0x2, 0x4, 0x0, 0x0, 0x1}}, 0xe8)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b4000000640102000f10000000000000630000ff000000009500000000000000840c5f789c2c93e9a797bd6b13fa0ece2f93e67492de49d02300f986af6e5b0b846df1ad6016d2"], &(0x7f0000000080)='GPL\x00', 0x2, 0x1bc, &(0x7f0000000300)=""/198, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x28)

5m53.90881743s ago: executing program 32 (id=4506):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@bridge_dellink={0x20, 0x11, 0x1}, 0x20}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f5, &(0x7f00000001c0)={'gretap0\x00', 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000400004803c0001800b00010065787468647200002c000280080007400000000c0500020000000000080003405700004a080006"], 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
r3 = socket$inet6(0xa, 0x3, 0x2f)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x403, 0x70bd2a, 0x0, {0x0, 0x0, 0x74}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}, @IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x1}]}}}]}, 0x44}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x4}, @in6=@loopback, 0x0, 0x0, 0x4, 0x0, 0x2}, {0x0, 0x7ff, 0x913d, 0x0, 0x0, 0xf42, 0x8}, {0x0, 0x0, 0x0, 0xfffefffffffffffe}, 0x0, 0x0, 0x1, 0x0, 0x4}, {{@in=@empty, 0x4d4, 0x33}, 0x0, @in6=@private1, 0x3502, 0x0, 0x2, 0x4, 0x0, 0x0, 0x1}}, 0xe8)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b4000000640102000f10000000000000630000ff000000009500000000000000840c5f789c2c93e9a797bd6b13fa0ece2f93e67492de49d02300f986af6e5b0b846df1ad6016d2"], &(0x7f0000000080)='GPL\x00', 0x2, 0x1bc, &(0x7f0000000300)=""/198, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x28)

2m12.015797258s ago: executing program 2 (id=4804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x40000], 'veth1_to_bridge\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x33}, [0x0, 0x0, 0xffffff00], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x400, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

1m51.54018506s ago: executing program 2 (id=4804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x40000], 'veth1_to_bridge\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x33}, [0x0, 0x0, 0xffffff00], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x400, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

1m30.432350469s ago: executing program 2 (id=4804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x40000], 'veth1_to_bridge\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x33}, [0x0, 0x0, 0xffffff00], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x400, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

1m18.007477591s ago: executing program 2 (id=4804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x40000], 'veth1_to_bridge\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x33}, [0x0, 0x0, 0xffffff00], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x400, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

1m0.241135432s ago: executing program 2 (id=4804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x40000], 'veth1_to_bridge\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x33}, [0x0, 0x0, 0xffffff00], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x400, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

49.490194113s ago: executing program 2 (id=4804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x40000], 'veth1_to_bridge\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x33}, [0x0, 0x0, 0xffffff00], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x400, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

4.86842423s ago: executing program 5 (id=6979):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffff7c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (async)
r1 = socket$can_j1939(0x1d, 0x2, 0x7) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0909000000000000000001"], 0x68}}, 0x0) (async)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c00018006000600060600000800028004007280080007"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x15c, 0x0, 0x601, 0x70bd2c, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7fff}, {0x6, 0x11, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x800}, {0x6, 0x11, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x10001}, {0x6, 0x11, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x94}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x726}, {0x6, 0x11, 0x24ad}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3ff}, {0x6, 0x11, 0x100}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x7}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async)
r5 = accept4(r2, &(0x7f0000000480)=@can, &(0x7f00000003c0)=0x80, 0x80800)
sendmsg$nl_generic(r5, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000360020002cbd7000fedbdf25b4000000090000002e213a5d0000000008007e80040015a00900eb025449504300000000"], 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x4000000) (async)
ioctl$int_out(r1, 0x4, &(0x7f0000000380)) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r6, 0x2, {0x2, 0x0, 0x4}, 0x2}, 0x18) (async, rerun: 64)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async, rerun: 64)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r7, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) (async, rerun: 64)
r8 = socket$vsock_stream(0x28, 0x1, 0x0) (rerun: 64)
bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r9}, 0x10) (async)
r10 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000240)="6848b2796acd812dce3d01d190a3cab1e8ce", 0x12}], 0x2}, 0x0) (async)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048081)

4.783540229s ago: executing program 5 (id=6980):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}, 0x8103}, {{0x0, 0x0, 0x0}, 0x10600}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/180, 0xb4}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/214, 0xd6}], 0x3}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000940)=""/134, 0x86}, {&(0x7f0000000840)=""/240, 0xf0}, {&(0x7f0000005080)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/4108, 0x100c}, {&(0x7f0000000480)=""/90, 0x5a}], 0x5}, 0xb0}, {{0x0, 0x0, 0x0}, 0x4}], 0x8, 0x20, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x100000005, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r1, 0x0, 0x0, 0x0)
unshare(0x44000080)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
write$cgroup_devices(r2, 0x0, 0xffdd)
socket$inet_sctp(0x2, 0x1, 0x84)

4.47968607s ago: executing program 0 (id=6981):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009009f00000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)

2.920094199s ago: executing program 0 (id=6984):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x220c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0xfffffff8)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x6, 0xb, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r5, @ANYBLOB="00000000fd00"/15, @ANYRES32=0x0, @ANYRESOCT=r0], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r9, <r10=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r8}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r9, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'gretap0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x40, 0x20, 0x4, 0x10000, {{0x8, 0x4, 0x2, 0x19, 0x20, 0x67, 0x0, 0x5, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x11}, @remote, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x7, 0x7, [@local]}]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r10, 0xfffffffffffffea9, &(0x7f0000000380)}, 0x10)

2.860713671s ago: executing program 3 (id=6985):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$sock_int(r1, 0x1, 0xa, &(0x7f0000000080)=0x4, 0x4)
ioctl$sock_SIOCINQ(r1, 0x541b, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001e000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="000002000a0005"], 0x28}}, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000001500)=""/17, &(0x7f0000000080)=0x11)
unshare(0x26020480)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r8=>0x0})
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, &(0x7f0000000500)={<r9=>0x0, @in={{0x2, 0x4e23, @remote}}, [0x3, 0x5, 0xf, 0x44d, 0x8, 0xfff, 0x1000, 0x6c8, 0xc, 0x65, 0xe2a, 0xdbd, 0x8, 0xdf47, 0x6]}, &(0x7f0000000280)=0x100)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r11=>0x0})
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a8020000", @ANYRES16=r12, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r11, @ANYBLOB="08005700ba0200008402330080200900ffffffffffff0802110000005050505050505f08"], 0x2a8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x30, 0x0, 0x0, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x8000, 0x18}}}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x51}, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f00000002c0)={r9, 0x400}, &(0x7f0000000300)=0x8)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x20000010)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xd0, &(0x7f0000000340)=""/208, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r13=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="03032dbd7000000000000600000008000300", @ANYRES32=r13, @ANYBLOB="5aff903e4d718ab5a34ffe5e5528b070967d5b6de8c1e845415c3af24653b684189a311008869c376bb8af12c4033e9c562a0ae291b8106aa47a05ef61730921232f7ac29c12d31a61ebde77166a445c482073b9a54563b8"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2.757371986s ago: executing program 0 (id=6987):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0xe00000, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
socket$tipc(0x1e, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000000)=""/184, 0xb8}, {&(0x7f0000002b80)=""/4120, 0x1018}, {&(0x7f0000000280)=""/84, 0x54}, {&(0x7f0000000340)=""/216, 0xd8}, {&(0x7f0000000840)=""/241, 0xf1}, {&(0x7f0000000b80)=""/218, 0xda}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0xb0}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x8}], 0x9, 0x20, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001970000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r0], 0x24}}, 0x0)

2.624567426s ago: executing program 1 (id=6988):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8, 0x11000000}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268)

2.557616993s ago: executing program 1 (id=6989):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000240)={'filter\x00', 0xb001, 0x4, 0x3a8, 0x20, 0x1d0, 0x0, 0x2c0, 0x2c0, 0x2c0, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1d0}}, {{@uncond, 0xc0, 0xe8, 0x0, {0x0, 0x1e03}}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x46e, 0xfffc}}}, {{@uncond, 0xc0, 0xf0, 0x0, {0x1e01}}, @unspec=@CONNMARK={0x30}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x3f8)

2.517317089s ago: executing program 0 (id=6990):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x4)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x2000007, 0x12, r2, 0x12574000)
write$cgroup_int(r3, &(0x7f0000000040), 0xfea0)
sendmsg$inet(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f40800036806", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000200)={0x0, 'veth1_to_batadv\x00', {0x2}, 0x4})
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r4)
sendmsg$netlink(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002d002100000000000000000004"], 0x1c}], 0x1}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40040, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001, 0x81}, 0x8)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000000}, 0x10000}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.388405211s ago: executing program 1 (id=6991):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000003, 0x12, r0, 0x0)
r2 = socket(0x10, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000004140)=[{0x7b, 0x0, &(0x7f0000000880)=[{&(0x7f0000000580)="1e12643e36a1ac4cc6e0e4a418d12de0252aa8f2a392833aa6446635661a18dd1a2b86227ddff373c9d530f1b840a7d92c1ca76213b4c041455bc2d366947f4c0ff8a41a642cec34299020493f705da6883cf119f2e925d0f8c5114b53b3aa67093ce5cd22569af7daa183baefb86a26304e2625f2db30dc88f2deca7e7947a56937f37a2c2c9490eb03de8d9293326f66e3389c41c05e9acc432da9db68d1bdd094ac68b179dc4cf9d02d868afb351d31f4bfb160859778b898463e71f760db31eaf3da287857234cb45eed3813da6b296bb9dd26c9", 0xd6}, {&(0x7f0000000900)="e9cb9a5307a26d913fc8c82929ff17e52811211c6ba5b229ecbe905ac217948050c25bc961ec7b4681d51c69f841c134a294b4c5b09bbde7c91e9b9401537939a10c8822eb9b5679a155a1241cfd12e99c77eafc6dece1fdac822633e33ab0b3bf5b708d3ef37268f364f3036cbc5d1b7d770558580c29240e0443cdbaab727e870000000000000000000000000000000094b67fdefd96b293e001fdff87a9f8ee92cb67797788732718450cddba312437d2835823387a9ec71ede1b7dfa3ed83361f6f0f0f50156dd2aaf903f449a41c695dcafa2cd1ad0e6aee1dcbd2b48f23fbf332b79683a18d4f02ee9618687f878fedcc68c6a427178678ae1ce5bdc34eb3e0201f6d7f88774748a7163b780f52542ab9070c927ac2ad4ec49edb31ae6d673ead024c8a792dd18f22a1235ebd22dfc9531bf4f293c48fae990166d20b3174221576b4a3c1fe56d29d82e65bc1355d329bab3def611e6f0bc696048f5c6c9febe53bdee4a980c575299475fa64a8a8d1eec52ded107b0421af9c44269566b8872d9e740b4aae1f862d63a2e918eaf2fc152cf041c5d5048906e95d7ea79a4994ef095bb72ee0762f5b442e49a5bd3eecf788d3b1893a42a18c37fe8d18857cc8c741ac07dc078800a759d13364018bec373b09c575d649419597e8a40baaada", 0x1e2}, {&(0x7f0000002c80)="32864c4b72317d6cbbad9614148065ab426f3555561641b84f40d8a6e3dd25b6472fd30000000067d09499304f90ef0ab4623a79e1f5111a85559f5e951c14e5d79d1dbe805685ac551fdec1b177c72709248a5ae16b40bc43f6ba17474b298619eb1cfcd1b2d1d0e505deef3e467e2149c12824f0313b2f24d847f69cf83bc00ab4551ec4543a5cba173ed822ba98e004ea9139f7fed4c3f5d74c04b4aa62e619ad5769cfbecd842410d42391445a87dd9ab8129abe693c3fc21040fa2fc85d92471c03ee0e1acc0c64c10c0a21497ebabdd68f4e1bcfddaaab741cfed38e6fb1a586bd83c513372a0e0861211f67388881b3fa1f2295fecc75d3c57ea559f1c53832544ed2a8d5507451b6e4bc6835180fa077d294ae5d602e776b450638a5521c9b51fdb929f67890863369b744b936943fcb4af7db535404be2a5198d060685aea766bfbe8fa40564e6470e070c78f3ea759a3075d1ced207facf512c9a3cdbe5553ef4cdffd6475f1e1cdccd91254b8280b5c8c72fc8ebfa48b2345d3a392c784eacb2c06b43906110f05a9449315221b85f9a85e108b78aa595b6d90e44bf31c5947f4df415ca9e646dc475d88817e7d6e6148c324cc78e4321b3a53f90c9583d0ff00d95bcbb63844cc234ae91e2b3eb5236de6c34edf7591f53e2cc4df599def5b2dec08939f2e0b79ece2aaf5d5e517d346697c18bab7965145ae74d106c7458c1cb2d3aaeff6c4d3625eee2ecfb9d521f90c4cfaf9c0929710e137c7b6937698c4858eb5f0bd96b2d6ac04ab6f0fef4e1e4f232aa7180360389fbf6a7131286c9100ca7aafc822a6b2d4d5668be1a24ddc8a198b20ba3489dc620e00a917a9f0c784abf0c1c0ac5dc5c6638a1ac811d2a16433ca16b4af92fea64171bdd78d758e3209016da7f8522e1d3aa8372baa41af86054050d85bd317c8c286cdd14eb8a07cfdf13965a2501585d82f757a354563f1b1f42d7acb4bba379bcf00a0c630896db45508a8090a6331eff247558d84551f9db00613f25b0bfb6da4b60b42a0b4a6dec122a36a694143e16f4140b69cb396bbc66024531c4d0f73ef505dc2b28c59033b82f7f6586186a9a49a645a8ca920a0e2c4bc0229946e680f784d7493f7895b67c9d6723d0c2ddf0b5525451c1f820854c828e7a5ba37cd2412a7980401186e45bfa6e47834fe1d64c462f7609ee64e9c23851897f869b991cec0fab1ed535dae3a7e1a620048a715384f69c58b1881651ab8383de3f9301bced4ffa5116cae2aa56908b45028f8d9411d3fe75f049e04ea68e84ea0928d1b18ffbae9e8092953b92c1ea8cd980d2eec4e637d0d79fc054e5652c2d0c27aeaf91847f49ab6e0fdd32bde413d9b0468a813f47f5895c941c80436c8afee5434c5ebe855093feacab6bb4cf96c1a0116e9492065bb3a9f86207cffd8fa258ed48c9b87ab7bf5f265aca6009b7ad591f26cbebe0b76b0257c20b41231ab5b923e276a645b6605ec561b088926737e8c944e2e70e179bad73adc5bccb16ad10c39a8458172092715a783d4a1d388652ca3092a7adfda7e3129fd56f72a27a8d0242c09ef131372903e93e7587bf6e697884ba3e1f3be3a4d5676cc152b4438105ea8afe82e4b1acd7222b06a0ee9e8a49f2bbd221df435975642a9ca41530f93690a6a89d1e72a7e4dcd0d0f9a2276f818fcba4d967402944a0eedb6fb0adc98b645963e2a02b86abec5fbb31889344d95b30aebe958ce80f6b182bddde87e0dc13f358882b2629737e9c05764e6e9978c60702c97db0f803ba2128f64c22fa1cee73702c1e1b92bd9ebc2cc145dd255034ec2e0eb9c2de91fdf78f2bad215a58d9332ee48792a062d2429bf75629b4dda94b5efba7a03b5f26a0e649422e02242a091ce2488577cf9de47c40df44b404e7a5ee23409c4ed76ccd6f1eee3fb547c01ccdd0738deb9b320f4af59b1d04d6a8886959933b35555fa9510ece95ff610d5bf37d97d19a1172de80a215824436683eecb07b0536f969a0a562445b70cb746c42f2436637b57fc2722fe40717357cc01ca28b836c7a2d2e5a50704dc07c7d9f66c3bead1b0cec82950b643b2f1d106ae5cca42841e8476fd389611b9501b6ab2b0fd5607f92660ba370d05e0584fdf7f1de886506681a0d10ff8f77404af8b1a5915a005623a67c1bb5cfccf5d8e1d4ab50f3bdebe79303e849dd7d7bd4e1c96b67ba17c2abc4abeb93056d77e4da587b247de426ccf325bf26e64b7d013c57c0af9f964ce6caeb608d0af23f60b8cc1f68a5f28de9c75dd1fbe338320cce901095e29fb2a991ccc716bc474eec03bbfd853b75e5ad96832255bb5440f74d5ede2fb9e1f0a705e83bc846a76f4443e46a0b09454547e72f99a74f2655eebab0460d52ec6fbf26b3bdede8a725b16e2c1a309a3678c78aef45249a710959f60bc15de9a48745a892a609bee9b65526bbaea2a753827269ade5495ef54109a80eedda7e510f64035e10c227fb6587bd98cd0a432ed5e3cd02afb8b1c994a63b968500412059d338faf6c326ef08d016ad9b1cd17344f71281dbdc5399485a2245b74b7c8a59c8374e3570ed1246d7059077f0f492273dc3f089ba2ae6399bd832e0a64a9757a55908ac0d858fb433083f214e5087aa0717e3d1acaff50f2de438f82d7438b02ca5e42f27c9188876e8fcaeca68b131b09110f874481690681f32a08517dbe8c7e0327a888f6031ea42ac5a75cff5412747fc218de648db994d50c6b2808104e32c537068fc033b4d84a8d3969991c3cc7c95c2ac1dadeef5ce3bfc8dce85c1bac6c5d4d031af47b1e26f6554991f09d6ef09a174afbe5ac3a12a29467431750540fa500adb932ba94884cf58dfa54a6904a8b0652da8c6d9f4008b10607ad455a63f2293bfc90f016658490083bd9a7701934b7700e75b766f7d6149c9fc803189a78d401782b668c518025b73ce6291381ad7a69c82140d7230905d5174249d4967615a18207b2783da01691b510f71a269f82b74d5cabce4bdd07b4ea6bb40732399a17995dde0f28f89ebdb602043209e3dfc9544ed7a40545458e23b5cf66c8cb3fde1bffb7ac09a671e693e98ebfd9f5960c3fc716e42034bea1c1cec0c12b8793c7025b994555cb96ca50e7adc40fe5f63a13e0009eda53eb6365c4b559943bc8ee35c89e2a1cbb12803a423683df92b802472a69510b08f2f3699c60fcf2ac1e81c0ef29ea80b25329bc9895c24eaa1af313181d6699e9212453f64711cc286990c536a24f60e412546e9426f34eb63cd04c923051d37b622b51af34319b7ad0a60c73c82221e20189d5c7ef9ef6ef0ec35589c6e67a2f270ac732265ef58ecff91f209d1964f3ae37c3757e19ff9101323acd6a6be18da42997534486ca93d1f0a8da5e15a7fdab1fe93adcdd25efffd3ac1e00036b9db066625386791560f2b1eec2bf31ab85558eb196910e6e636eee41b5bd3ada140a1a5b0d3f1e4999ceee0882f799d6351ac71b613f3ffe46519317f539dcd4d7a3da5552b20b07016288c29a4e8f68c7fa777680cec7681b7f49583c4a9255250c903fc7c13aaa881bae0566ce9316b365f2477c10e0be0a8b830f7983fff7ebdb5b3a0bca5bfa5439da26c7f067f4d253bb4090bd116ef6ea436eb493850f29c0fab1894193509cb956c4c7b0574728c4f31bef1e24cbb2c5cb8bb8aedbc4b64a45a1251bff43f69cc8f60f1e4f3370bc225f6ec371eafbe1aa858dc0de2216fab6e508d0e20c28cdfec32ae3d0f07296e0033ec35dbb8203e0665f4156ecbc9a4ae7ec527756faf178ff12ab52839054ec4c8c6608278fc9bad32e9ae23bb15b6cd1fb6a28858304f1f5f42dfadaf1a6c02a532866bdcb511b4bb3514377dee90532d0697279985deaf0f60562d4739559dc5a84bbefe7cbb7d69a3f54d5ad561d2c46e79693a8f99b490fe85438c60ba079cd869a2f41945b751c4befc8d55426c0083d3c6751d18edfa8bfd9cb8eb62c43e7d0da41f18f4cba2766cabbe036b95105e9514c36e4200c0ddfaf4121aafb3de80c2125089f01802d18bc603a1c2e8f7ceb11d1ea3485bb2fc22cf63421d894174abef4e62db4a32f8d17df06dd36e76aa95eeaafe01476b73854941018a7808f9a538ba6e028dd21c2356b684b0cfc1f9848f81990f37cb64b529de88f37705fd88b280f542e826238ed466f11d68a496664be4602c5f82581ab9b1c1f73eb5c96f788e9db7148ffd6e9e81fe24f156ab987b63ebe60600e887f1a3d136edaf3f98fbbf9f6a9c9f94022fdd33f0fad8f62786c0909f0f9700085d9f7ad63d49a1ce299b97a95cbebda2b3c07b3be5555f901973b500749c36943e167aeb9ebcf34fe2f9dde6db62124e39c7087ff473c82b8e5e984198494b06f680b7ff5f3d7dca37951e709b7ce92b657ac394dbe526dcc803d5c569f34d54db1e9c3fe22b7a941b7a5684ec12f6fc52c64aaa05caa1b5c6e43ff3eb49b1b69731911a892e2bfe3381177d07b6a8a8c10d5a0d6b8ef858496fa5b73aeec4a832f1df28c9f4cbb529ebde1404ac4df1045b9d7ae5b3c119d56b3c8030947188233e7942dd5ce40032cb45620142b953dcefb8be3e4d55778a10d769b4f6b15d1a0ce27b232219287857969a13050801f5f1e7cd7cc9575fc70215937ffb5b5da6ce4bf9286038953f16b1bb4437d0155712684146bfc29e69c6ce81478069c35980e031ee6dad9fdf28d307e0224b40f030cbad61fa99a851a7b502fb02d000ee8ce40f171c0d4dfa3d5e0897b590745c9b0332157a9d1793140552177c290c038456604b1e2bfa75b4fec265d8d7ce8d384f321e352fa6767ca4c45abd8fbe0ed2bb6499852f83e9c2dc1b33d8a04c3ebec6ce8dcc4fbedeb4debbe178029d195b700e183d3d34e2ff338dd9b374ac0458fcc892804266aa4a2083b23ef0df57f6c05ffaec5555a541eebfafdaafefb3ed535c3bf2c26452312686c32975ff889101d7c977e2c2ab30cc8ccd84d80294ee6a20c727f29e31e823554bc12a0813aebda23d1ca698ba1156de5587ca21e08ee55ec36a5209d0cc450dc9a38a3fc4a7eba4adced684899f33013d9c4299d71919a6f7002f3b1cf77de31134ff084547a5e1888a061903cb0ed908d8ba3cf4c177a94c91c38557f10241a29f14ffde128deee80d43941e8acc6dafa7bdee13d76a83b9ecdc55861d5e5b71137b8b9ef87424876dd5392a3b8d29608141bdc489be4a219cc5128db7a9a77d5626da03373ecb4245f7de1d76f667053c8ef92dd15acf3b95f774c9f17fcf0ab2deda16d7fdd8adc96d0a7a701f9a870f83cbfde426a28b657060c00bc6dac296c702a60e976926dda89948922501c074d01d3119ab9b05e5661643b2add443663d990ffeebd5afbf804bfde7af6e3400796cf9e2c7879708c1d07488256b8a9388ce8d7df9cb12848427750d5c75a23b2bad6e3deab90181cf194fdef14443f6f02f798fd747f45c77a95bf46132e9c292090537c2c90391b28e709a5521ee10eab03edc8ef472a3f15a877d84724cfdfccbce2a1bb65f20a272bac03610a58fbd15008c28a1437c7b361c54aea5ebdad6d50c7f3a5292250da461fd336d4babd241ee80272034bb3526ba32caa4ba5d570556f74645e75f93e20b7b7f9e2c95b0eb8d744195dd67806d29c8b3d5a7d2815c12560a0c1ddd6fd3871f446a4806bd929ea958c037bae95a239c170ab372e305b16ccd1535769c874e274e1689c301f978a127c3c8332a491577408797c81241f20492b45d10b617a3924abc17a312c80aac4ed16b2", 0x1016}, {&(0x7f0000000340)="3fc5e77126347c5363a734cbbe0da25bde4f8e6689b841faf183aa43e7015a430f4446a4a1c6", 0x26}, {&(0x7f0000000740)="c09850de3a09e6fe6eab9917f59bd0413daa5a7b2da0fe5ba2a6c9fd768bab9b832cb3f243b525ec4adc216cc7b5e15d73db163a9deb97535a52c01fdd173ace819843e1a231fa162a7983d9a37cfeaead32c1cb250b2eca84e017f70d63c3605e8c703563973b1b8309d17cc8", 0x6d}, {&(0x7f0000000800)="68a9179e3069a0f0448a4fb99b4821c5cf38a5d0ccd6711cd339460da4cf64cf0281f6b2d54a9fe448e535318bc2fdac3706369bfa7e44a85464b4a76a22929ffd56547b30c80aaa", 0x48}, {&(0x7f0000000400)="120f0edb57a7cde17d45d1e82e94e1a6c0d3d294b434a00f3667e41789dad54847f356bc", 0x24}], 0x7, 0x0, 0x0, 0x4808}], 0x1, 0x0)

2.355198533s ago: executing program 3 (id=6992):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @local}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x97ffffff)
recvfrom$inet(r2, 0x0, 0x0, 0x2043, 0x0, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x3, 0x0, 0x0, {0xa, 0x4e22, 0x5, @private1, 0xab}}}, 0x32)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x8, 0x1, 0x1, 0x2, 0xc}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)

2.296761238s ago: executing program 5 (id=6993):
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000000), 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000010000000ff0100"/20, @ANYRES32, @ANYBLOB="080200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xc, &(0x7f0000000c80)=ANY=[@ANYBLOB="180000000100008000000000080000001811008a", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000500), 0x800)
bind$tipc(r2, &(0x7f0000000540)=@nameseq={0x1e, 0x1, 0x2, {0x40, 0x1, 0x3}}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x2000, 0x0, 0x3f8, 0x0, 0x1, 0x1}, 0x9c)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)={0x9c, r5, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000}, 0x4c0d0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@ipv6_newnexthop={0x20, 0x68, 0x1, 0xffffffff, 0x25dfdbff, {}, [@NHA_FDB={0x4}, @NHA_GROUP={0x4}]}, 0x20}}, 0x0)
openat$cgroup_ro(r3, &(0x7f00000003c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000001740)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @loopback}, 0x10)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r8, 0x89fb, &(0x7f0000000180)={'sit0\x00', 0x0})
ioctl$sock_rose_SIOCRSCLRRT(r7, 0x89e4)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000400)=0x9, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x12, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000008408000000000000180000000000000000000000000000059500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001c00)={0xffffffffffffffff}, 0x4)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r11, 0x1, 0x70bd25, 0x0, {{}, {}, {0x14, 0x19, {0x80000000, 0x4000001, 0x1, 0x5}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20044803}, 0x20000000)
ioctl$sock_FIOGETOWN(r9, 0x8903, &(0x7f0000001f40))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

2.148632514s ago: executing program 0 (id=6994):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union={0x1000000, 0x0, 0x0, 0x5, 0x1}]}}, 0x0, 0x26, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)

2.087797462s ago: executing program 0 (id=6995):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x280, 0x0, 0x11, 0x148, 0x0, 0x10, 0x418, 0x2a8, 0x2a8, 0x418, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0xc8, 0x130, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x11, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0xfffc, 0x0, 0x0, 'syz0\x00', 'syz1\x00', {0x9}}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 'veth1_to_hsr\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x2e0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x26, 0xffffffffffffffff, 0x0, 0x0, {0xf}}, 0x14}}, 0x4000010)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000740)='devices.deny\x00', 0x2, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000080))
sendmsg$netlink(r3, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
gettid()
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xa0}, 0x4004881)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000940), 0x0)
r4 = getgid()
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x400c0)
r5 = getpid()
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, 0x0, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000900)={0x0, 0x0, <r6=>0x0}, &(0x7f0000000940)=0xc)
r7 = socket$isdn(0x22, 0x3, 0x22)
sendmsg$netlink(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000440)={0x284, 0x25, 0x800, 0x70bd26, 0x25dfdbfd, "", [@generic="2ef350dc151207bf8172c0b442dc25ccc1237822f896fea677c5d59f3e86fe76ca84d9fccd687beec7938a1696f1c60c95b8dcbebc4118a780d7cf927c6382482c404768fb343a688dae098cb16b954295ef324fd550ef1e7310dcf2644d70bffca319f22c216ef6ed8e76b280523f2d6e40b07db018324aaf2ce16f79c04d19bb03621c01ee26afdaa2dcaed6efed99d2aa33f60234be75553ff1136e4f950add57f0b6c8ee19395cdce8e0e918322e1c8cb774", @typed={0x8, 0x6a, 0x0, 0x0, @ipv4=@loopback}, @generic="2a9554dde15a6c4860d875e4fefdec9d8829e9707e15bf3fb16209245e57d19975f38c8c7242574dd186ef0dd9fff7a4148887f1e582303c944b81e9cdeb032fc5e367dae141f5f88ab3802f174991789b3737911439c173c158f3087d3b8674718848cfb0", @typed={0x8, 0x65, 0x0, 0x0, @uid}, @typed={0x8, 0x48, 0x0, 0x0, @ipv4=@local}, @typed={0x6a, 0xa6, 0x0, 0x0, @binary="9f3681857a6d7a1556edcabc320f247812403423b7b7dbfc68f7b89ac11b93db9ed2987857dbfec842065118f57c026140411f59dc544fed4f6f7db3232755f6067f64a5e8db576b7455450c6a42260a3dd5c8bdfbef6acdd70a45f8068a23e1257c5908804c"}, @typed={0x8, 0xe, 0x0, 0x0, @u32=0xe}, @nested={0xcc, 0x9f, 0x0, 0x1, [@nested={0x4, 0xff}, @nested={0x4, 0x85}, @typed={0x8, 0x86, 0x0, 0x0, @u32=0x4}, @typed={0x8, 0x123, 0x0, 0x0, @u32=0x3}, @typed={0xad, 0x14e, 0x0, 0x0, @binary="498121170a43fb47fe2562a298584eadd51100bbac9491503a5125ad2876e2ad672eb70e23b161fe0bb1dd1edd3ed32d7af71e27c75e34d90b56e2fde1f3e616cd20f8b29aefbb62802dfcf53c3d28c2aea37d106b218c1bc26afbb80e9b43971a31f11f33c9c4fc82ce30b2e19f7157af563598f3a6491ad6e39459ff4b8e81888754118eb77afe780a648ebd978cf5b2b37a39ca76df85313770b7b2e606e0eebbe91d5d60bb6681"}]}]}, 0x284}], 0x1, &(0x7f0000000980)=[@rights={{0x30, 0x1, 0x1, [r1, r0, r1, r1, 0xffffffffffffffff, r1, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, r1, r0, r2]}}, @rights={{0x20, 0x1, 0x1, [r0, r0, r0, r1]}}, @rights={{0x38, 0x1, 0x1, [r0, r0, r0, r1, r0, r0, r0, r0, r1, r1]}}, @rights={{0x18, 0x1, 0x1, [r0, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r4}}}, @cred={{0x1c, 0x1, 0x2, {r5, 0x0, r6}}}, @rights={{0x24, 0x1, 0x1, [r0, r1, r7, r0, r1]}}, @rights={{0x18, 0x1, 0x1, [r0, r0]}}], 0x140, 0x40040}, 0x4000844)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @empty=0xe0000001}, {0x0, 0x17c1, 0x8}}}}}, 0x0)
close(r8)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x36)

2.026216126s ago: executing program 5 (id=6996):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x4, 0x3}}, 0x10)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb9040a1d080006007c02e8fe55a10a0015000900142603600e1208000f4f1b000401a8001600200005400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)

1.878762693s ago: executing program 5 (id=6997):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x220c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0xfffffff8)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x6, 0xb, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r5, @ANYBLOB="00000000fd00"/15, @ANYRES32=0x0, @ANYRESOCT=r0], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r9, <r10=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r8}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r9, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'gretap0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x40, 0x20, 0x4, 0x10000, {{0x8, 0x4, 0x2, 0x19, 0x20, 0x67, 0x0, 0x5, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x11}, @remote, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x7, 0x7, [@local]}]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r10, 0xfffffffffffffea9, &(0x7f0000000380)}, 0x10)

1.77951201s ago: executing program 5 (id=6998):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = accept4$x25(0xffffffffffffffff, &(0x7f0000000040)={0x9, @remote}, &(0x7f0000000080)=0x12, 0x800)
setsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000100)=0x1, 0x4)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b000000000000000000000000000000000000000000000000000000000004", 0x3e1c, 0x0, 0x0, 0x100}, 0x3c)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000180)={@private=0xa010102, @multicast2, 0x0, "941621a61c5815f4678d8fd403f2f30229a88d74d71fd55708016d20fd419884", 0x0, 0x1}, 0x3c)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000200)={@multicast2, @multicast2=0xe0000300, 0x0, "ff00000058b274e6d844167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r5, 0x0, 0xd4, &(0x7f0000000240)=0xb, 0x4)
accept4(r0, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r6], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)

1.516864153s ago: executing program 1 (id=6999):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000440)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff00003506000002000000170600000ee5e50cbf250000000000001f650000000000007507000002000000170700004c0001000f75000000000000bf54000000000000070400000400f9ff2d3501000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c45402000000a2d23da04d1ffc187fa1a2ba7ba030c7267c2de00435fd233cc0f0d9b2c3127c46b0f408398d09ee4dc258d726eae098804ce25df627a64ac7efde50fd7f1dd5b17ed764c33b06598bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d47dc570a385a459ef8e6ada84e987cc0000f6991078a21788cab9d53ad890206ab56506ab08b294c09ea4536e0b9bb0627a03a1eb9cbe6958812a98abad49f42a6fb2b69c0880548c39f13f4cca63a87ad7ff8d1006cc6d95e406deb61b9c7ac3f35f1fdb27e70900001fd13d4a22fc90e5f7300c53f2b6e7e001058dc04b434e379fd5526b52990b04b183c21e6b974a4bf85567348c6c6a4404d987f71d81fe988ddc82dac01bbb43e006203a31b02f9519ffb29cd3508d7da829712c98381a672db9fa6a8eb38d784c913a804557c4577a22acb7b73c4aa0e07998734fdfbb0d262ef88b3b8cd1a8518dd8326f6367ed938a05c108cf2639e8799fd7cb018f08453fa863f8fb8178569d26a0a48e4498f88d15abbb22d955a162ac1fd3710c1255fbe3c6d1e84152c81ec0192e54d13dc5beebe3de27967e5d1aa8a6139056e3fb738d0ca46b0a1c63a29002e5b12314390ca075ecb43e0c6cd5af64c8b676316b9bff845ea0b20562f53c5b34314411bf3d4af06bdc3def9f2791d6d076ca72e319e6a9e1098bab878a9f1274a61ddee47abb54d8cf901e78bdb85f47ef37dd0daeb6403820ee8414042904917ea1b80a0000000000004c84018fd19fb3581ca1ff9fb5758d76929ec0502802869c51511c2c9dc56ead1449c038e4d2382d6ef61a7d9399cb"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1, 0x10, &(0x7f0000000000), 0xffffffffffffffa6, 0x0, 0xffffffffffffffff, 0x60, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
preadv(r1, &(0x7f0000000100), 0x2b, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x15}, 0x20008000) (async)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x15}, 0x20008000)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, 0x0}], 0x1, 0x0) (async)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, 0x0}], 0x1, 0x0)

1.392324014s ago: executing program 3 (id=7000):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
unshare(0x22020600)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff018}, {0x80000006, 0x8, 0xb, 0x20000}]}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000004000000000000000000bd5b7e165576ccf3000018200000", @ANYRES32=r3, @ANYBLOB="0000000002000000c3000200000000009500000000000000"], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x4100000000000000)
r4 = socket$inet6(0xa, 0x802, 0x88)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000180)={0x0, 0xaa, "b0ab7c815b4446d8c8daf085511c6ed7ede158164d7cd76751c957573819b76ed18d153eb5e2c259724e929c99b390a14fbc5e60ec2e06d4be635a6075e85c69c0a416b231a2b2c6608e0c5263953589d9f36cbbea3cd2d94968944d8a56d657531c7b00b123fa9c8808fe93645e450b2a43802cf6ba1bf103212adf7e76489534affadf921da0812053bb4616bf0d485382b38d6944f77fade96f1818842edb572c0904061599d279c5"}, &(0x7f0000000100)=0xb2)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000240)={'wg2\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r6, 0x1, 0x0, 0x0, {0x23}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x20}}, 0x0)
r9 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000140)=[@in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, @in={0x2, 0x4e20, @broadcast}], 0x3c)
setsockopt$inet6_udp_int(r4, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
recvmsg$qrtr(r1, &(0x7f00000008c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000800)=[{&(0x7f0000000300)=""/142, 0x8e}, {&(0x7f0000000600)=""/231, 0xe7}, {&(0x7f0000000400)=""/64, 0x40}, {&(0x7f0000000700)=""/161, 0xa1}, {&(0x7f0000000440)=""/117, 0x75}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000000540)}, {&(0x7f0000000580)=""/62, 0x3e}, {&(0x7f00000007c0)=""/55, 0x37}], 0x9, 0x0, 0x0, 0x2020}, 0x38, 0x40000120)

1.283946109s ago: executing program 1 (id=7001):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x2000}], 0x400000000000172, 0x4001c00)

1.262342968s ago: executing program 3 (id=7002):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0xffc3}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x7, 0x9, 0x0, 0x0, 0x5c}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x6, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.148341107s ago: executing program 1 (id=7003):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r0, 0xffffffffffffffff, 0x14, 0x0, 0x4000, @void, @value}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x2000000000000096, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ff0700000000000000010000180a0000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4dc, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r2, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x4008101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000240)=""/182, 0xb6}, {&(0x7f00000004c0)=""/262, 0x106}, {&(0x7f0000000040)=""/43, 0x2b}, {&(0x7f0000000440)=""/73, 0x49}, {&(0x7f0000000600)=""/4112, 0x1010}, {&(0x7f0000000340)=""/219, 0xdb}], 0x215}, 0x80000000}], 0x4, 0x0, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [0x6, 0x0, 0x1000, 0x4, 0xa863, 0x8001], 0x1, &(0x7f0000000000)=[{}, {}, {}, {}], 0x0, [{}]}, 0x88)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0xd8, 0x1403, 0x2, 0x70bd2b, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'geneve1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pim6reg1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8044}, 0x240000d1)
socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r1, &(0x7f0000000000), 0x0, 0xc094)

1.133223883s ago: executing program 3 (id=7004):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000040017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

0s ago: executing program 3 (id=7005):
sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="f2435f", 0x3, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
r2 = socket(0x11, 0x2, 0x0)
setsockopt(r2, 0x107, 0x1, &(0x7f00000001c0)="010000000200060000071a80010061cc", 0x10)
close(r2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r3)
tee(r1, r0, 0x2, 0xd)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2, &(0x7f0000000040)=0xa5c, 0x4)

kernel console output (not intermixed with test programs):

h an up link
[  706.987087][T22923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.060982][T22923] team0: Port device team_slave_0 added
[  707.082602][T22923] team0: Port device team_slave_1 added
[  707.145510][T22923] batman_adv: batadv0: Adding interface: batadv_slave_0
[  707.152699][T22923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  707.179254][T22923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  707.240471][T23046] syzkaller0: entered promiscuous mode
[  707.248402][T23046] syzkaller0: entered allmulticast mode
[  707.257078][T22923] batman_adv: batadv0: Adding interface: batadv_slave_1
[  707.266770][T22923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  707.294777][T22923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  707.626889][T23051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6072'.
[  707.641954][T23051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6072'.
[  708.070853][T23055] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  709.207193][T22923] hsr_slave_0: entered promiscuous mode
[  709.214557][T22923] hsr_slave_1: entered promiscuous mode
[  709.225938][T22923] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  709.239547][T22923] Cannot create hsr debugfs directory
[  709.276767][T23068] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6076'.
[  709.419677][T23063] netlink: 'syz.3.6076': attribute type 10 has an invalid length.
[  709.653748][T23076] 8021q: VLANs not supported on ip6gre0
[  710.032572][T23099] netlink: 'syz.3.6089': attribute type 21 has an invalid length.
[  710.057587][T23096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6087'.
[  710.118129][T23090] syzkaller0: entered promiscuous mode
[  710.123864][T23090] syzkaller0: entered allmulticast mode
[  710.130697][T23106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6087'.
[  710.161340][T23096] veth0_virt_wifi: entered promiscuous mode
[  710.191259][T23096] veth0_virt_wifi: entered allmulticast mode
[  710.396126][T23114] FAULT_INJECTION: forcing a failure.
[  710.396126][T23114] name failslab, interval 1, probability 0, space 0, times 0
[  710.409716][T23114] CPU: 0 UID: 0 PID: 23114 Comm: syz.3.6090 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  710.409747][T23114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  710.409760][T23114] Call Trace:
[  710.409769][T23114]  <TASK>
[  710.409778][T23114]  dump_stack_lvl+0x189/0x250
[  710.409817][T23114]  ? __pfx____ratelimit+0x10/0x10
[  710.409852][T23114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.409896][T23114]  ? __pfx__printk+0x10/0x10
[  710.409925][T23114]  should_fail_ex+0x414/0x560
[  710.409949][T23114]  should_failslab+0xa8/0x100
[  710.409968][T23114]  __kmalloc_cache_noprof+0x70/0x3d0
[  710.409983][T23114]  ? sctp_add_bind_addr+0x8c/0x370
[  710.410004][T23114]  sctp_add_bind_addr+0x8c/0x370
[  710.410023][T23114]  sctp_copy_local_addr_list+0x30b/0x4e0
[  710.410043][T23114]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  710.410059][T23114]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  710.410077][T23114]  ? sctp_v6_is_any+0x64/0x80
[  710.410096][T23114]  ? sctp_copy_one_addr+0x93/0x360
[  710.410115][T23114]  sctp_bind_addr_copy+0xb3/0x3c0
[  710.410132][T23114]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  710.410161][T23114]  sctp_connect_new_asoc+0x2e0/0x690
[  710.410184][T23114]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  710.410204][T23114]  ? __local_bh_enable_ip+0x12d/0x1c0
[  710.410233][T23114]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  710.410254][T23114]  ? security_sctp_bind_connect+0x7e/0x2e0
[  710.410274][T23114]  sctp_sendmsg+0x155c/0x2810
[  710.410303][T23114]  ? __pfx_sctp_sendmsg+0x10/0x10
[  710.410326][T23114]  ? aa_sk_perm+0x81e/0x950
[  710.410348][T23114]  ? __pfx_aa_sk_perm+0x10/0x10
[  710.410368][T23114]  ? sock_rps_record_flow+0x19/0x410
[  710.410387][T23114]  ? inet_sendmsg+0x2f4/0x370
[  710.410405][T23114]  __sock_sendmsg+0x19c/0x270
[  710.410424][T23114]  __sys_sendto+0x3bd/0x520
[  710.410446][T23114]  ? __pfx___sys_sendto+0x10/0x10
[  710.410464][T23114]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  710.410490][T23114]  ? __fget_files+0x3a0/0x420
[  710.410516][T23114]  ? ksys_write+0x22a/0x250
[  710.410532][T23114]  ? __pfx_ksys_write+0x10/0x10
[  710.410545][T23114]  ? rcu_is_watching+0x15/0xb0
[  710.410573][T23114]  __x64_sys_sendto+0xde/0x100
[  710.410595][T23114]  do_syscall_64+0xfa/0x3b0
[  710.410610][T23114]  ? lockdep_hardirqs_on+0x9c/0x150
[  710.410633][T23114]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.410648][T23114]  ? clear_bhb_loop+0x60/0xb0
[  710.410668][T23114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.410683][T23114] RIP: 0033:0x7f339558e929
[  710.410697][T23114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  710.410712][T23114] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  710.410728][T23114] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  710.410740][T23114] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003
[  710.410751][T23114] RBP: 00007f339632e090 R08: 000020000005ffe4 R09: 000000000000001c
[  710.410762][T23114] R10: 00000000000000f5 R11: 0000000000000246 R12: 0000000000000002
[  710.410771][T23114] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  710.410796][T23114]  </TASK>
[  712.440798][T22923] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  712.462399][T22923] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  712.503323][T22923] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  712.527058][T22923] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  712.609817][T23137] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6098'.
[  712.737382][T23137] 8021q: adding VLAN 0 to HW filter on device bond2
[  712.808580][T23144] bond2: (slave veth3): Enslaving as an active interface with an up link
[  712.828178][T23148] xt_hashlimit: size too large, truncated to 1048576
[  712.845091][T23148] xt_hashlimit: overflow, try lower: 3/0
[  712.927172][T22923] 8021q: adding VLAN 0 to HW filter on device bond0
[  713.002981][T22923] 8021q: adding VLAN 0 to HW filter on device team0
[  713.041213][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state
[  713.048423][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state
[  713.118668][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state
[  713.125877][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  713.301798][T23170] netlink: 212400 bytes leftover after parsing attributes in process `syz.5.6108'.
[  713.681609][T23190] netlink: 'syz.1.6112': attribute type 1 has an invalid length.
[  713.808726][T22923] 8021q: adding VLAN 0 to HW filter on device batadv0
[  713.980927][T22923] veth0_vlan: entered promiscuous mode
[  714.026163][T22923] veth1_vlan: entered promiscuous mode
[  714.131333][T23206] bond0: option tlb_dynamic_lb: invalid value (9)
[  714.157186][T23209] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6116'.
[  714.169346][T22923] veth0_macvtap: entered promiscuous mode
[  714.211315][T22923] veth1_macvtap: entered promiscuous mode
[  714.281147][T22923] batman_adv: batadv0: Interface activated: batadv_slave_0
[  714.328423][T22923] batman_adv: batadv0: Interface activated: batadv_slave_1
[  714.376969][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  714.409165][   T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  714.457567][T23219] 8021q: VLANs not supported on ip6gre0
[  714.494125][   T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  714.516171][   T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  714.679325][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.708986][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  714.808934][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.857697][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  715.002587][T23239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6131'.
[  715.205795][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057d68800: rx timeout, send abort
[  715.417694][T23257] 8021q: VLANs not supported on ip6gre0
[  715.703040][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057d68c00: rx timeout, send abort
[  715.715504][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057d68800: abort rx timeout. Force session deactivation
[  715.997740][ T1111] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.211347][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057d68c00: abort rx timeout. Force session deactivation
[  716.428729][ T1111] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.629791][ T1111] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.725962][T12834] syz_tun (unregistering): left promiscuous mode
[  716.731083][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  716.742585][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  716.753242][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  716.765427][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  716.779580][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  716.794877][ T1111] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.945266][ T1111] bridge_slave_1: left allmulticast mode
[  716.950960][ T1111] bridge_slave_1: left promiscuous mode
[  716.957098][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.967224][ T1111] bridge_slave_0: left allmulticast mode
[  716.972885][ T1111] bridge_slave_0: left promiscuous mode
[  716.979030][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.331168][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  717.342325][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  717.352880][ T1111] bond0 (unregistering): Released all slaves
[  717.497820][T23279] chnl_net:caif_netlink_parms(): no params data found
[  717.622401][ T1111] hsr_slave_0: left promiscuous mode
[  717.630560][ T1111] hsr_slave_1: left promiscuous mode
[  717.637215][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  717.646323][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0
[  717.655107][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  717.662533][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1
[  717.682012][ T1111] veth1_macvtap: left promiscuous mode
[  717.689605][ T1111] veth0_macvtap: left promiscuous mode
[  717.695574][ T1111] veth1_vlan: left promiscuous mode
[  717.700899][ T1111] veth0_vlan: left promiscuous mode
[  718.060230][T23292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6145'.
[  718.077495][T23292] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6145'.
[  718.090726][T23294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6144'.
[  718.099960][T23294] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6144'.
[  718.352241][T23303] netlink: zone id is out of range
[  718.359166][T23303] netlink: zone id is out of range
[  718.395737][T23303] netlink: zone id is out of range
[  718.482860][T23303] netlink: zone id is out of range
[  718.488381][T23303] netlink: zone id is out of range
[  718.504011][T23303] netlink: zone id is out of range
[  718.513462][T23303] netlink: zone id is out of range
[  718.539146][T23303] netlink: zone id is out of range
[  718.565893][T23303] netlink: zone id is out of range
[  718.580264][T23303] netlink: zone id is out of range
[  718.585557][T23310] xt_hashlimit: size too large, truncated to 1048576
[  718.585822][T23310] xt_hashlimit: max too large, truncated to 1048576
[  718.747691][ T1111] team0 (unregistering): Port device team_slave_1 removed
[  718.810487][ T5845] Bluetooth: hci0: command tx timeout
[  718.867965][ T1111] team0 (unregistering): Port device team_slave_0 removed
[  718.934618][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  718.968335][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  718.981085][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  718.995909][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  719.018738][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  719.248351][T23319] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6150'.
[  719.257449][T23319] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6150'.
[  719.569785][T23279] bridge0: port 1(bridge_slave_0) entered blocking state
[  719.583963][T23279] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.591224][T23279] bridge_slave_0: entered allmulticast mode
[  719.610610][T23279] bridge_slave_0: entered promiscuous mode
[  719.620530][T23279] bridge0: port 2(bridge_slave_1) entered blocking state
[  719.629762][T23279] bridge0: port 2(bridge_slave_1) entered disabled state
[  719.639189][T23279] bridge_slave_1: entered allmulticast mode
[  719.661080][T23279] bridge_slave_1: entered promiscuous mode
[  719.809881][T23279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  719.862646][T23328] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6152'.
[  719.891699][T23279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  720.225238][T23279] team0: Port device team_slave_0 added
[  720.246080][T23279] team0: Port device team_slave_1 added
[  720.455129][T23345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6158'.
[  720.482256][T23279] batman_adv: batadv0: Adding interface: batadv_slave_0
[  720.508804][T23279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.527729][T23345] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6158'.
[  720.544894][T23279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.644372][T23279] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.651485][T23279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.686385][T23279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  720.861294][T23353] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6160'.
[  720.894112][ T5845] Bluetooth: hci0: command tx timeout
[  720.939767][T23279] hsr_slave_0: entered promiscuous mode
[  720.959152][T23279] hsr_slave_1: entered promiscuous mode
[  720.974344][T23279] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  720.996794][T23279] Cannot create hsr debugfs directory
[  721.047917][ T5845] Bluetooth: hci4: command tx timeout
[  721.253578][T23359] geneve0: entered allmulticast mode
[  721.359650][T23366] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6164'.
[  721.489359][T23314] chnl_net:caif_netlink_parms(): no params data found
[  721.657603][T23371] 8021q: VLANs not supported on ip6gre0
[  721.816246][T23279] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.857239][T23379] bridge_slave_0: left allmulticast mode
[  721.863594][T23379] bridge_slave_0: left promiscuous mode
[  721.870540][T23379] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.903303][T23379] bridge_slave_1: left allmulticast mode
[  721.908986][T23379] bridge_slave_1: left promiscuous mode
[  721.931144][T23379] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.008086][T23379] bond0: (slave bond_slave_0): Releasing backup interface
[  722.031157][T23387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6169'.
[  722.035067][T23379] bond0: (slave bond_slave_1): Releasing backup interface
[  722.084691][T23385] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6168'.
[  722.104850][T23379] team0: Port device team_slave_0 removed
[  722.126037][T23379] team0: Port device team_slave_1 removed
[  722.149769][T23379] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  722.159081][T23379] batman_adv: batadv0: Removing interface: batadv_slave_0
[  722.170026][T23379] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  722.178627][T23379] batman_adv: batadv0: Removing interface: batadv_slave_1
[  722.261819][T23385] vlan0: entered promiscuous mode
[  722.280965][T23385] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6168'.
[  722.340721][T23314] bridge0: port 1(bridge_slave_0) entered blocking state
[  722.349794][T23314] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.373455][T23314] bridge_slave_0: entered allmulticast mode
[  722.380822][T23314] bridge_slave_0: entered promiscuous mode
[  722.400759][T23279] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.435941][T23314] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.444156][T23314] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.451367][T23314] bridge_slave_1: entered allmulticast mode
[  722.459559][T23314] bridge_slave_1: entered promiscuous mode
[  722.491519][T23279] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.801348][T23405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6174'.
[  722.839044][T23407] netlink: 'syz.1.6175': attribute type 33 has an invalid length.
[  722.847442][T23407] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6175'.
[  722.893421][T23408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6175'.
[  722.967156][ T5845] Bluetooth: hci0: command tx timeout
[  723.125594][ T5845] Bluetooth: hci4: command tx timeout
[  724.359162][T23314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  724.371226][T23279] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.498452][T23314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  724.614445][T23314] team0: Port device team_slave_0 added
[  724.649877][T23314] team0: Port device team_slave_1 added
[  724.776859][T23416] syzkaller0: entered promiscuous mode
[  724.782374][T23416] syzkaller0: entered allmulticast mode
[  724.790498][T23314] batman_adv: batadv0: Adding interface: batadv_slave_0
[  724.798363][T23314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  724.826347][T23314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  724.844469][T23416] FAULT_INJECTION: forcing a failure.
[  724.844469][T23416] name failslab, interval 1, probability 0, space 0, times 0
[  724.869474][T23416] CPU: 1 UID: 0 PID: 23416 Comm: syz.3.6179 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  724.869509][T23416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  724.869523][T23416] Call Trace:
[  724.869533][T23416]  <TASK>
[  724.869542][T23416]  dump_stack_lvl+0x189/0x250
[  724.869600][T23416]  ? __pfx____ratelimit+0x10/0x10
[  724.869635][T23416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.869668][T23416]  ? __pfx__printk+0x10/0x10
[  724.869700][T23416]  ? __pfx___might_resched+0x10/0x10
[  724.869732][T23416]  ? fs_reclaim_acquire+0x7d/0x100
[  724.869764][T23416]  should_fail_ex+0x414/0x560
[  724.869797][T23416]  should_failslab+0xa8/0x100
[  724.869823][T23416]  __kmalloc_noprof+0xcb/0x4f0
[  724.869849][T23416]  ? kfree+0x4d/0x440
[  724.869879][T23416]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  724.869917][T23416]  tomoyo_realpath_from_path+0xe3/0x5d0
[  724.869951][T23416]  ? tomoyo_domain+0xd9/0x130
[  724.869989][T23416]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  724.870015][T23416]  tomoyo_path_number_perm+0x1e8/0x5a0
[  724.870044][T23416]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  724.870090][T23416]  ? __lock_acquire+0xab9/0xd20
[  724.870145][T23416]  ? __fget_files+0x2a/0x420
[  724.870172][T23416]  ? __fget_files+0x2a/0x420
[  724.870195][T23416]  ? __fget_files+0x3a0/0x420
[  724.870217][T23416]  ? __fget_files+0x2a/0x420
[  724.870246][T23416]  security_file_ioctl+0xcb/0x2d0
[  724.870273][T23416]  __se_sys_ioctl+0x47/0x170
[  724.870308][T23416]  do_syscall_64+0xfa/0x3b0
[  724.870329][T23416]  ? lockdep_hardirqs_on+0x9c/0x150
[  724.870362][T23416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.870384][T23416]  ? clear_bhb_loop+0x60/0xb0
[  724.870411][T23416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.870432][T23416] RIP: 0033:0x7f339558e929
[  724.870452][T23416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.870471][T23416] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  724.870494][T23416] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  724.870511][T23416] RDX: 0000200000002280 RSI: 0000000000008943 RDI: 0000000000000004
[  724.870525][T23416] RBP: 00007f339632e090 R08: 0000000000000000 R09: 0000000000000000
[  724.870539][T23416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  724.870552][T23416] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  724.870586][T23416]  </TASK>
[  724.870596][T23416] ERROR: Out of memory at tomoyo_realpath_from_path.
[  725.073500][ T5845] Bluetooth: hci0: command tx timeout
[  725.084664][T23314] batman_adv: batadv0: Adding interface: batadv_slave_1
[  725.151345][T23314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  725.182929][T23427] netlink: 'syz.1.6181': attribute type 11 has an invalid length.
[  725.198082][T23314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  725.209847][T23279] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  725.217353][ T5845] Bluetooth: hci4: command tx timeout
[  725.318239][T23279] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  725.384900][T23279] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  725.407791][T23428] 8021q: adding VLAN 0 to HW filter on device bond0
[  727.289347][ T5845] Bluetooth: hci4: command tx timeout
[  727.347721][T23279] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  727.484756][T23466] __nla_validate_parse: 2 callbacks suppressed
[  727.484779][T23466] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6187'.
[  727.541983][T23314] hsr_slave_0: entered promiscuous mode
[  727.555879][T23314] hsr_slave_1: entered promiscuous mode
[  727.562634][T23314] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  727.571373][T23314] Cannot create hsr debugfs directory
[  727.849569][T23480] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6189'.
[  729.888648][T23505] FAULT_INJECTION: forcing a failure.
[  729.888648][T23505] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  729.931646][T23505] CPU: 1 UID: 0 PID: 23505 Comm: syz.3.6190 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  729.931684][T23505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  729.931697][T23505] Call Trace:
[  729.931707][T23505]  <TASK>
[  729.931717][T23505]  dump_stack_lvl+0x189/0x250
[  729.931756][T23505]  ? __pfx____ratelimit+0x10/0x10
[  729.931790][T23505]  ? __pfx_dump_stack_lvl+0x10/0x10
[  729.931824][T23505]  ? __pfx__printk+0x10/0x10
[  729.931847][T23505]  ? __might_fault+0xb0/0x130
[  729.931881][T23505]  should_fail_ex+0x414/0x560
[  729.931914][T23505]  _copy_from_iter+0x1db/0x16f0
[  729.931952][T23505]  ? rcu_is_watching+0x15/0xb0
[  729.931987][T23505]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  729.932011][T23505]  ? __pfx__copy_from_iter+0x10/0x10
[  729.932046][T23505]  ? __build_skb_around+0x257/0x3e0
[  729.932079][T23505]  ? netlink_sendmsg+0x642/0xb30
[  729.932103][T23505]  ? skb_put+0x11b/0x210
[  729.932136][T23505]  netlink_sendmsg+0x6b2/0xb30
[  729.932173][T23505]  ? __pfx_netlink_sendmsg+0x10/0x10
[  729.932205][T23505]  ? aa_sock_msg_perm+0x94/0x160
[  729.932236][T23505]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  729.932265][T23505]  ? __pfx_netlink_sendmsg+0x10/0x10
[  729.932293][T23505]  __sock_sendmsg+0x219/0x270
[  729.932319][T23505]  ____sys_sendmsg+0x505/0x830
[  729.932357][T23505]  ? __pfx_____sys_sendmsg+0x10/0x10
[  729.932399][T23505]  ? import_iovec+0x74/0xa0
[  729.932426][T23505]  ___sys_sendmsg+0x21f/0x2a0
[  729.932460][T23505]  ? __pfx____sys_sendmsg+0x10/0x10
[  729.932539][T23505]  ? __fget_files+0x2a/0x420
[  729.932562][T23505]  ? __fget_files+0x3a0/0x420
[  729.932599][T23505]  __x64_sys_sendmsg+0x19b/0x260
[  729.932634][T23505]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  729.932676][T23505]  ? __pfx_ksys_write+0x10/0x10
[  729.932694][T23505]  ? rcu_is_watching+0x15/0xb0
[  729.932733][T23505]  ? do_syscall_64+0xbe/0x3b0
[  729.932758][T23505]  do_syscall_64+0xfa/0x3b0
[  729.932779][T23505]  ? lockdep_hardirqs_on+0x9c/0x150
[  729.932811][T23505]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.932834][T23505]  ? clear_bhb_loop+0x60/0xb0
[  729.932860][T23505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.932881][T23505] RIP: 0033:0x7f339558e929
[  729.932901][T23505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  729.932921][T23505] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  729.932944][T23505] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  729.932961][T23505] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  729.932975][T23505] RBP: 00007f339632e090 R08: 0000000000000000 R09: 0000000000000000
[  729.932990][T23505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.933003][T23505] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  729.933038][T23505]  </TASK>
[  730.239137][T23508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6191'.
[  730.372173][T23510] dvmrp1: entered allmulticast mode
[  730.387970][T23510] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6192'.
[  730.447914][T23510] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6192'.
[  730.522649][T23279] 8021q: adding VLAN 0 to HW filter on device bond0
[  730.620538][T23279] 8021q: adding VLAN 0 to HW filter on device team0
[  730.675830][  T176] bridge0: port 1(bridge_slave_0) entered blocking state
[  730.683174][  T176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  730.700303][  T176] bridge0: port 2(bridge_slave_1) entered blocking state
[  730.707550][  T176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  730.889633][T23279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  730.976608][T23534] Bluetooth: MGMT ver 1.23
[  731.022541][T23314] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  731.168454][T23314] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  731.202348][T23314] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  731.228294][T23314] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  731.424029][T23314] 8021q: adding VLAN 0 to HW filter on device bond0
[  731.491599][T23314] 8021q: adding VLAN 0 to HW filter on device team0
[  731.519410][T19061] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.526684][T19061] bridge0: port 1(bridge_slave_0) entered forwarding state
[  731.565803][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.573005][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  731.780463][T23279] 8021q: adding VLAN 0 to HW filter on device batadv0
[  731.972499][T23279] veth0_vlan: entered promiscuous mode
[  732.035594][T23279] veth1_vlan: entered promiscuous mode
[  732.050173][T23563] netlink: 184 bytes leftover after parsing attributes in process `syz.5.6202'.
[  732.082873][T23563] xt_socket: unknown flags 0xd0
[  732.201218][T23279] veth0_macvtap: entered promiscuous mode
[  732.254414][T23279] veth1_macvtap: entered promiscuous mode
[  732.315730][T23279] batman_adv: batadv0: Interface activated: batadv_slave_0
[  732.356664][T23279] batman_adv: batadv0: Interface activated: batadv_slave_1
[  732.440402][ T1111] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  732.470799][ T1111] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  732.490302][ T1111] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  732.500238][ T1111] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  732.597465][T23314] 8021q: adding VLAN 0 to HW filter on device batadv0
[  732.686912][T23574] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6208'.
[  732.808165][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  732.849060][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  732.893606][T13071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  732.901477][T13071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  732.951596][T23314] veth0_vlan: entered promiscuous mode
[  732.982789][T23314] veth1_vlan: entered promiscuous mode
[  733.119073][T23314] veth0_macvtap: entered promiscuous mode
[  733.139652][T23314] veth1_macvtap: entered promiscuous mode
[  733.181277][T23586] netlink: 596 bytes leftover after parsing attributes in process `syz.0.6143'.
[  733.195767][T23314] batman_adv: batadv0: Interface activated: batadv_slave_0
[  733.275381][T23314] batman_adv: batadv0: Interface activated: batadv_slave_1
[  733.400151][T13071] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  733.441449][T13071] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  733.464793][T13071] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  733.494699][T13071] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  733.765590][ T1111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  733.809370][ T1111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  734.013371][T23607] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  734.061855][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  734.081762][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  734.360270][T23618] syzkaller1: entered promiscuous mode
[  734.373612][T23618] syzkaller1: entered allmulticast mode
[  734.747954][T23624] syzkaller0: entered promiscuous mode
[  734.753822][T23624] syzkaller0: entered allmulticast mode
[  734.765288][T23632] netlink: 248 bytes leftover after parsing attributes in process `syz.5.6227'.
[  736.003492][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  736.728037][T23644] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6230'.
[  737.014610][T23652] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6232'.
[  737.126568][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.282557][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.371410][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.430468][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.560363][   T49] bridge_slave_1: left allmulticast mode
[  737.566365][   T49] bridge_slave_1: left promiscuous mode
[  737.572076][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  737.582552][   T49] bridge_slave_0: left allmulticast mode
[  737.588479][   T49] bridge_slave_0: left promiscuous mode
[  737.595928][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  737.943734][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  737.955740][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  737.967587][   T49] bond0 (unregistering): Released all slaves
[  738.212614][   T49] hsr_slave_0: left promiscuous mode
[  738.220301][   T49] hsr_slave_1: left promiscuous mode
[  738.226541][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  738.234276][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  738.242248][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  738.252774][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  738.276756][   T49] veth1_macvtap: left promiscuous mode
[  738.282329][   T49] veth0_macvtap: left promiscuous mode
[  738.288426][   T49] veth1_vlan: left promiscuous mode
[  738.293913][   T49] veth0_vlan: left promiscuous mode
[  738.763057][   T49] team0 (unregistering): Port device team_slave_1 removed
[  738.807010][   T49] team0 (unregistering): Port device team_slave_0 removed
[  738.967512][T23670] netlink: 'syz.3.6238': attribute type 1 has an invalid length.
[  738.983501][T23670] netlink: 228 bytes leftover after parsing attributes in process `syz.3.6238'.
[  739.159808][T23677] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6238'.
[  739.255102][T23682] netlink: 248 bytes leftover after parsing attributes in process `syz.1.6240'.
[  739.449236][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  739.459881][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  739.469147][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  739.482863][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  739.491993][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  740.015925][T23672] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  740.309499][T23706] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6245'.
[  740.440867][T23712] bridge4: port 1(ip6gretap1) entered blocking state
[  740.451623][T23712] bridge4: port 1(ip6gretap1) entered disabled state
[  740.468483][T23712] ip6gretap1: entered allmulticast mode
[  740.510855][T23712] ip6gretap1: entered promiscuous mode
[  740.599387][T23712] veth7: entered promiscuous mode
[  740.605066][T23712] bridge4: port 2(veth7) entered blocking state
[  740.611602][T23712] bridge4: port 2(veth7) entered disabled state
[  740.619490][T23712] veth7: entered allmulticast mode
[  740.673017][T23712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6245'.
[  740.690601][T23712] net_ratelimit: 27 callbacks suppressed
[  740.690619][T23712] openvswitch: netlink: nsh attr 12 is out of range max 3
[  740.704668][T23712] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  740.737782][T23686] chnl_net:caif_netlink_parms(): no params data found
[  741.015409][T23686] bridge0: port 1(bridge_slave_0) entered blocking state
[  741.034718][T23686] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.048581][T23686] bridge_slave_0: entered allmulticast mode
[  741.061406][T23686] bridge_slave_0: entered promiscuous mode
[  741.085076][T23686] bridge0: port 2(bridge_slave_1) entered blocking state
[  741.092454][T23686] bridge0: port 2(bridge_slave_1) entered disabled state
[  741.100337][T23686] bridge_slave_1: entered allmulticast mode
[  741.109129][T23686] bridge_slave_1: entered promiscuous mode
[  741.187350][T23686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  741.238637][T23686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  741.330852][T23686] team0: Port device team_slave_0 added
[  741.353278][T23686] team0: Port device team_slave_1 added
[  741.447063][T23686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  741.460310][T23686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  741.491085][T23686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  741.523588][ T5845] Bluetooth: hci4: command tx timeout
[  741.624804][T23686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  741.631803][T23686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  741.697078][T23686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  741.960108][T23762] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6266'.
[  741.988621][T23686] hsr_slave_0: entered promiscuous mode
[  742.011028][T23762] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6266'.
[  742.021867][T23686] hsr_slave_1: entered promiscuous mode
[  742.041297][T23686] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  742.077067][T23686] Cannot create hsr debugfs directory
[  742.185114][T23770] : entered promiscuous mode
[  742.857581][T23784] syzkaller0: entered allmulticast mode
[  742.894702][T23790] syzkaller0 (unregistering): left allmulticast mode
[  743.007207][T23801] netlink: 'syz.1.6279': attribute type 3 has an invalid length.
[  743.218853][T23805] syzkaller0: entered promiscuous mode
[  743.231630][T23805] syzkaller0: entered allmulticast mode
[  743.607605][ T5845] Bluetooth: hci4: command tx timeout
[  743.815337][T23834] netlink: 11 bytes leftover after parsing attributes in process `syz.1.6290'.
[  745.684028][ T5845] Bluetooth: hci4: command tx timeout
[  745.728770][T23686] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  745.791245][T23686] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  745.820981][T23686] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  745.841325][T23857] netlink: 'syz.3.6297': attribute type 32 has an invalid length.
[  745.878418][T23686] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  746.127282][T23871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6302'.
[  746.142004][T23686] 8021q: adding VLAN 0 to HW filter on device bond0
[  746.172933][T23873] netlink: 'syz.0.6301': attribute type 5 has an invalid length.
[  746.220250][T23686] 8021q: adding VLAN 0 to HW filter on device team0
[  746.264432][T23873] openvswitch: netlink: Key type 30 is not supported
[  746.311770][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.319072][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  746.362563][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.369845][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.467683][T23890] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6304'.
[  746.637094][T23686] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  746.702334][T23898] netlink: 'syz.1.6308': attribute type 10 has an invalid length.
[  746.774421][T23898] 8021q: adding VLAN 0 to HW filter on device batadv0
[  746.814960][T23898] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  747.145873][T23686] 8021q: adding VLAN 0 to HW filter on device batadv0
[  747.330587][T23686] veth0_vlan: entered promiscuous mode
[  747.354291][T23921] 8021q: VLANs not supported on ip6gre0
[  747.386692][T23686] veth1_vlan: entered promiscuous mode
[  747.404637][T23926] FAULT_INJECTION: forcing a failure.
[  747.404637][T23926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.427481][T23926] CPU: 1 UID: 0 PID: 23926 Comm: syz.3.6319 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  747.427511][T23926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  747.427524][T23926] Call Trace:
[  747.427533][T23926]  <TASK>
[  747.427542][T23926]  dump_stack_lvl+0x189/0x250
[  747.427605][T23926]  ? __pfx____ratelimit+0x10/0x10
[  747.427640][T23926]  ? __pfx_dump_stack_lvl+0x10/0x10
[  747.427674][T23926]  ? __pfx__printk+0x10/0x10
[  747.427698][T23926]  ? __might_fault+0xb0/0x130
[  747.427734][T23926]  should_fail_ex+0x414/0x560
[  747.427766][T23926]  _copy_from_iter+0x1db/0x16f0
[  747.427802][T23926]  ? rcu_is_watching+0x15/0xb0
[  747.427837][T23926]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  747.427861][T23926]  ? __pfx__copy_from_iter+0x10/0x10
[  747.427903][T23926]  ? __build_skb_around+0x257/0x3e0
[  747.427935][T23926]  ? netlink_sendmsg+0x642/0xb30
[  747.427960][T23926]  ? skb_put+0x11b/0x210
[  747.427992][T23926]  netlink_sendmsg+0x6b2/0xb30
[  747.428030][T23926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  747.428061][T23926]  ? aa_sock_msg_perm+0x94/0x160
[  747.428091][T23926]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  747.428119][T23926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  747.428146][T23926]  __sock_sendmsg+0x219/0x270
[  747.428172][T23926]  ____sys_sendmsg+0x505/0x830
[  747.428209][T23926]  ? __pfx_____sys_sendmsg+0x10/0x10
[  747.428247][T23926]  ? import_iovec+0x74/0xa0
[  747.428272][T23926]  ___sys_sendmsg+0x21f/0x2a0
[  747.428304][T23926]  ? __pfx____sys_sendmsg+0x10/0x10
[  747.428373][T23926]  ? __fget_files+0x2a/0x420
[  747.428396][T23926]  ? __fget_files+0x3a0/0x420
[  747.428429][T23926]  __x64_sys_sendmsg+0x19b/0x260
[  747.428462][T23926]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  747.428504][T23926]  ? __pfx_ksys_write+0x10/0x10
[  747.428522][T23926]  ? rcu_is_watching+0x15/0xb0
[  747.428561][T23926]  ? do_syscall_64+0xbe/0x3b0
[  747.428587][T23926]  do_syscall_64+0xfa/0x3b0
[  747.428606][T23926]  ? lockdep_hardirqs_on+0x9c/0x150
[  747.428640][T23926]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.428662][T23926]  ? clear_bhb_loop+0x60/0xb0
[  747.428688][T23926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.428709][T23926] RIP: 0033:0x7f339558e929
[  747.428728][T23926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.428759][T23926] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  747.428780][T23926] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  747.428794][T23926] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000004
[  747.428807][T23926] RBP: 00007f339632e090 R08: 0000000000000000 R09: 0000000000000000
[  747.428820][T23926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.428832][T23926] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  747.428864][T23926]  </TASK>
[  747.468521][T23686] veth0_macvtap: entered promiscuous mode
[  747.764064][ T5845] Bluetooth: hci4: command tx timeout
[  747.916858][T23928] bond2: (slave veth3): Releasing backup interface
[  748.082778][T23686] veth1_macvtap: entered promiscuous mode
[  748.157493][T23686] batman_adv: batadv0: Interface activated: batadv_slave_0
[  748.188087][T23957] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6328'.
[  748.206167][T23686] batman_adv: batadv0: Interface activated: batadv_slave_1
[  748.214440][T23957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6328'.
[  748.231007][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  748.251333][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  748.316099][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  748.332556][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  748.362798][T23962] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6330'.
[  748.671898][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.690639][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.743933][T23978] netlink: 52 bytes leftover after parsing attributes in process `syz.5.6334'.
[  748.863208][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.879306][T23986] syzkaller1: left promiscuous mode
[  748.889945][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.899074][T23987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6338'.
[  748.913823][T23986] syzkaller1: left allmulticast mode
[  749.201896][T23996] netlink: 'syz.1.6341': attribute type 1 has an invalid length.
[  749.218671][T23996] netlink: 'syz.1.6341': attribute type 4 has an invalid length.
[  749.227805][T23996] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.6341'.
[  749.488397][   T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.621005][   T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.892103][   T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.970415][   T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.149053][   T61] bridge_slave_1: left allmulticast mode
[  750.154910][   T61] bridge_slave_1: left promiscuous mode
[  750.160665][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.171459][   T61] bridge_slave_0: left allmulticast mode
[  750.177644][   T61] bridge_slave_0: left promiscuous mode
[  750.183515][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.530849][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  750.542621][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  750.557751][   T61] bond0 (unregistering): Released all slaves
[  750.794861][   T61] hsr_slave_0: left promiscuous mode
[  750.800943][   T61] hsr_slave_1: left promiscuous mode
[  750.808614][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  750.817006][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  750.825905][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  750.836877][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  750.859725][   T61] veth1_macvtap: left promiscuous mode
[  750.865804][   T61] veth0_macvtap: left promiscuous mode
[  750.871440][   T61] veth1_vlan: left promiscuous mode
[  750.877352][   T61] veth0_vlan: left promiscuous mode
[  751.123652][ T5847] Bluetooth: hci1: command 0x0405 tx timeout
[  751.705503][   T61] team0 (unregistering): Port device team_slave_1 removed
[  751.880010][   T61] team0 (unregistering): Port device team_slave_0 removed
[  752.190486][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  752.202188][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  752.228498][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  752.264312][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  752.273960][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  752.812465][T24010] 8021q: VLANs not supported on ip6gre0
[  753.085532][T24053] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6359'.
[  753.302984][T24027] chnl_net:caif_netlink_parms(): no params data found
[  753.766526][T24027] bridge0: port 1(bridge_slave_0) entered blocking state
[  753.798547][T24027] bridge0: port 1(bridge_slave_0) entered disabled state
[  753.800747][T24076] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6365'.
[  753.811338][T24027] bridge_slave_0: entered allmulticast mode
[  753.828982][T24027] bridge_slave_0: entered promiscuous mode
[  753.842784][T24027] bridge0: port 2(bridge_slave_1) entered blocking state
[  753.863546][T24027] bridge0: port 2(bridge_slave_1) entered disabled state
[  753.870906][T24027] bridge_slave_1: entered allmulticast mode
[  753.896883][T24027] bridge_slave_1: entered promiscuous mode
[  754.062273][T24027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  754.096942][T24027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  754.179442][T24088] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  754.212920][T24089] 8021q: VLANs not supported on ip6gre0
[  754.258302][T24027] team0: Port device team_slave_0 added
[  754.323539][ T5845] Bluetooth: hci4: command tx timeout
[  754.385977][T24098] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6371'.
[  754.445534][T24027] team0: Port device team_slave_1 added
[  754.472154][T24100] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6370'.
[  754.615902][T24027] batman_adv: batadv0: Adding interface: batadv_slave_0
[  754.622996][T24027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.654993][T24027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  754.745798][T24027] batman_adv: batadv0: Adding interface: batadv_slave_1
[  754.758056][T24027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.818832][T24027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  754.994946][T24121] netlink: 'syz.0.6378': attribute type 31 has an invalid length.
[  755.071793][T24121] netlink: 'syz.0.6378': attribute type 26 has an invalid length.
[  755.088664][T24127] smc: net device bond0 applied user defined pnetid SYZ2
[  755.097350][T24130] smc: net device bond0 erased user defined pnetid SYZ2
[  755.107540][T24113] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6375'.
[  755.126976][T24027] hsr_slave_0: entered promiscuous mode
[  755.146979][T24027] hsr_slave_1: entered promiscuous mode
[  755.157434][T24027] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  755.165410][T24027] Cannot create hsr debugfs directory
[  755.459820][T24139] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6382'.
[  755.483426][T24139] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6382'.
[  755.941008][T24160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6388'.
[  755.972236][T24153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6387'.
[  756.045430][T24162] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6388'.
[  756.241897][T24171] block nbd0: not configured, cannot reconfigure
[  756.404188][ T5845] Bluetooth: hci4: command tx timeout
[  756.465408][T24179] FAULT_INJECTION: forcing a failure.
[  756.465408][T24179] name failslab, interval 1, probability 0, space 0, times 0
[  756.488560][T24027] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  756.496317][T24179] CPU: 0 UID: 0 PID: 24179 Comm: syz.0.6395 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  756.496348][T24179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  756.496363][T24179] Call Trace:
[  756.496372][T24179]  <TASK>
[  756.496382][T24179]  dump_stack_lvl+0x189/0x250
[  756.496421][T24179]  ? __pfx____ratelimit+0x10/0x10
[  756.496456][T24179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  756.496490][T24179]  ? __pfx__printk+0x10/0x10
[  756.496522][T24179]  ? ref_tracker_alloc+0x318/0x460
[  756.496554][T24179]  should_fail_ex+0x414/0x560
[  756.496588][T24179]  should_failslab+0xa8/0x100
[  756.496614][T24179]  kmem_cache_alloc_noprof+0x73/0x3c0
[  756.496649][T24179]  ? skb_clone+0x212/0x3a0
[  756.496688][T24179]  skb_clone+0x212/0x3a0
[  756.496725][T24179]  __netlink_deliver_tap+0x404/0x850
[  756.496765][T24179]  ? netlink_deliver_tap+0x2e/0x1b0
[  756.496799][T24179]  netlink_deliver_tap+0x19c/0x1b0
[  756.496827][T24179]  netlink_unicast+0x72f/0x8d0
[  756.496863][T24179]  netlink_sendmsg+0x805/0xb30
[  756.496901][T24179]  ? __pfx_netlink_sendmsg+0x10/0x10
[  756.496932][T24179]  ? aa_sock_msg_perm+0x94/0x160
[  756.496963][T24179]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  756.496991][T24179]  ? __pfx_netlink_sendmsg+0x10/0x10
[  756.497026][T24179]  __sock_sendmsg+0x219/0x270
[  756.497053][T24179]  ____sys_sendmsg+0x505/0x830
[  756.497091][T24179]  ? __pfx_____sys_sendmsg+0x10/0x10
[  756.497133][T24179]  ? import_iovec+0x74/0xa0
[  756.497159][T24179]  ___sys_sendmsg+0x21f/0x2a0
[  756.497192][T24179]  ? __pfx____sys_sendmsg+0x10/0x10
[  756.497266][T24179]  ? __fget_files+0x2a/0x420
[  756.497290][T24179]  ? __fget_files+0x3a0/0x420
[  756.497326][T24179]  __x64_sys_sendmsg+0x19b/0x260
[  756.497361][T24179]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  756.497404][T24179]  ? __pfx_ksys_write+0x10/0x10
[  756.497421][T24179]  ? rcu_is_watching+0x15/0xb0
[  756.497461][T24179]  ? do_syscall_64+0xbe/0x3b0
[  756.497488][T24179]  do_syscall_64+0xfa/0x3b0
[  756.497507][T24179]  ? lockdep_hardirqs_on+0x9c/0x150
[  756.497540][T24179]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.497563][T24179]  ? clear_bhb_loop+0x60/0xb0
[  756.497590][T24179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.497612][T24179] RIP: 0033:0x7f2d28b8e929
[  756.497631][T24179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  756.497650][T24179] RSP: 002b:00007f2d299a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  756.497674][T24179] RAX: ffffffffffffffda RBX: 00007f2d28db5fa0 RCX: 00007f2d28b8e929
[  756.497690][T24179] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  756.497704][T24179] RBP: 00007f2d299a1090 R08: 0000000000000000 R09: 0000000000000000
[  756.497718][T24179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  756.497732][T24179] R13: 0000000000000000 R14: 00007f2d28db5fa0 R15: 00007ffc013ab608
[  756.497766][T24179]  </TASK>
[  756.558105][T24027] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  756.878324][T24027] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  756.921045][T24027] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  757.021215][T24188] syzkaller0: entered promiscuous mode
[  757.027340][T24188] syzkaller0: entered allmulticast mode
[  757.079734][T24200] netlink: 'syz.0.6402': attribute type 3 has an invalid length.
[  758.483990][ T5845] Bluetooth: hci4: command tx timeout
[  759.356608][T24237] netlink: 'syz.1.6410': attribute type 4 has an invalid length.
[  759.374898][T24237] __nla_validate_parse: 10 callbacks suppressed
[  759.374922][T24237] netlink: 17 bytes leftover after parsing attributes in process `syz.1.6410'.
[  760.526075][   T36] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  760.564924][ T5845] Bluetooth: hci4: command tx timeout
[  760.574115][   T36] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  760.723643][   T36] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  760.743378][   T61] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  760.893724][T24277] syzkaller0: entered promiscuous mode
[  760.899254][T24277] syzkaller0: entered allmulticast mode
[  761.209450][T24295] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6425'.
[  761.254349][T24297] netlink: 'syz.0.6426': attribute type 4 has an invalid length.
[  761.262299][T24297] netlink: 17 bytes leftover after parsing attributes in process `syz.0.6426'.
[  761.591097][T24308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6429'.
[  764.623496][T24308] vlan0: entered promiscuous mode
[  764.629220][T24308] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6429'.
[  764.671693][T24027] 8021q: adding VLAN 0 to HW filter on device bond0
[  764.731602][T24027] 8021q: adding VLAN 0 to HW filter on device team0
[  764.772140][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.779400][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  764.839204][T13071] bridge0: port 2(bridge_slave_1) entered blocking state
[  764.846446][T13071] bridge0: port 2(bridge_slave_1) entered forwarding state
[  765.256454][T24338] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6437'.
[  765.401089][T24344] bridge0: port 1(veth0_to_bridge) entered blocking state
[  765.409774][T24344] bridge0: port 1(veth0_to_bridge) entered disabled state
[  765.426363][T24344] veth0_to_bridge: entered allmulticast mode
[  765.440364][T24344] veth0_to_bridge: entered promiscuous mode
[  765.538931][T24344] netlink: 'syz.5.6441': attribute type 10 has an invalid length.
[  765.540144][T24027] 8021q: adding VLAN 0 to HW filter on device batadv0
[  765.678059][T24027] veth0_vlan: entered promiscuous mode
[  765.714787][T24027] veth1_vlan: entered promiscuous mode
[  765.832094][T24027] veth0_macvtap: entered promiscuous mode
[  765.855646][T24027] veth1_macvtap: entered promiscuous mode
[  765.920529][T24027] batman_adv: batadv0: Interface activated: batadv_slave_0
[  765.962366][T24364] netlink: 11 bytes leftover after parsing attributes in process `syz.0.6449'.
[  765.966125][T24027] batman_adv: batadv0: Interface activated: batadv_slave_1
[  765.997751][T24363] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6448'.
[  766.048212][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  766.081605][   T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  766.202456][   T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  766.212931][   T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  766.287716][T24371] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6452'.
[  766.427999][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  766.461238][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  766.466330][T24374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6453'.
[  766.522696][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  766.541629][T24362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6447'.
[  766.551389][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  766.587529][T24362] IPVS: set_ctl: invalid protocol: 98 172.20.20.52:20004
[  767.332606][T24401] netlink: 'syz.0.6461': attribute type 4 has an invalid length.
[  767.340746][T24401] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6461'.
[  767.437715][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  767.574645][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  767.791622][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  767.957402][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.218973][   T49] bridge_slave_1: left allmulticast mode
[  768.224987][   T49] bridge_slave_1: left promiscuous mode
[  768.230739][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.240259][   T49] bridge_slave_0: left allmulticast mode
[  768.252419][   T49] bridge_slave_0: left promiscuous mode
[  768.258509][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.600952][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  768.612471][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  768.625705][   T49] bond0 (unregistering): Released all slaves
[  768.895949][   T49] hsr_slave_0: left promiscuous mode
[  768.901956][   T49] hsr_slave_1: left promiscuous mode
[  768.908449][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  768.915966][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  768.925856][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  768.934332][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  768.958269][   T49] veth1_macvtap: left promiscuous mode
[  768.964446][   T49] veth0_macvtap: left promiscuous mode
[  768.970056][   T49] veth1_vlan: left promiscuous mode
[  768.975612][   T49] veth0_vlan: left promiscuous mode
[  769.487633][T24409] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6463'.
[  769.521308][T24412] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  769.730882][T24419] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6466'.
[  769.750721][   T49] team0 (unregistering): Port device team_slave_1 removed
[  769.863602][T24425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6467'.
[  769.922954][T24427] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6468'.
[  769.956857][   T49] team0 (unregistering): Port device team_slave_0 removed
[  770.121691][T24433] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6468'.
[  770.186670][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  770.198914][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  770.208360][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  770.216858][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  770.234201][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  770.939764][T24434] chnl_net:caif_netlink_parms(): no params data found
[  771.028103][T24447] bridge0: port 1(veth0_to_bridge) entered blocking state
[  771.035456][T24447] bridge0: port 1(veth0_to_bridge) entered forwarding state
[  771.082095][T24454] netlink: 'syz.0.6475': attribute type 4 has an invalid length.
[  771.117949][T24447] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  771.185106][T24448] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  771.212891][T24460] FAULT_INJECTION: forcing a failure.
[  771.212891][T24460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  771.239356][T24460] CPU: 0 UID: 0 PID: 24460 Comm: syz.0.6478 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  771.239389][T24460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  771.239403][T24460] Call Trace:
[  771.239412][T24460]  <TASK>
[  771.239421][T24460]  dump_stack_lvl+0x189/0x250
[  771.239478][T24460]  ? __pfx____ratelimit+0x10/0x10
[  771.239514][T24460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  771.239547][T24460]  ? __pfx__printk+0x10/0x10
[  771.239572][T24460]  ? __might_fault+0xb0/0x130
[  771.239605][T24460]  should_fail_ex+0x414/0x560
[  771.239639][T24460]  _copy_from_user+0x2d/0xb0
[  771.239662][T24460]  __sys_bpf+0x1ed/0x860
[  771.239694][T24460]  ? __pfx___sys_bpf+0x10/0x10
[  771.239739][T24460]  ? ksys_write+0x22a/0x250
[  771.239762][T24460]  ? __pfx_ksys_write+0x10/0x10
[  771.239780][T24460]  ? rcu_is_watching+0x15/0xb0
[  771.239822][T24460]  __x64_sys_bpf+0x7c/0x90
[  771.239851][T24460]  do_syscall_64+0xfa/0x3b0
[  771.239871][T24460]  ? lockdep_hardirqs_on+0x9c/0x150
[  771.239905][T24460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.239927][T24460]  ? clear_bhb_loop+0x60/0xb0
[  771.239953][T24460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.239974][T24460] RIP: 0033:0x7f2d28b8e929
[  771.239994][T24460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  771.240013][T24460] RSP: 002b:00007f2d299a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  771.240037][T24460] RAX: ffffffffffffffda RBX: 00007f2d28db5fa0 RCX: 00007f2d28b8e929
[  771.240054][T24460] RDX: 0000000000000020 RSI: 0000200000000780 RDI: 0000000000000002
[  771.240067][T24460] RBP: 00007f2d299a1090 R08: 0000000000000000 R09: 0000000000000000
[  771.240082][T24460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  771.240095][T24460] R13: 0000000000000000 R14: 00007f2d28db5fa0 R15: 00007ffc013ab608
[  771.240129][T24460]  </TASK>
[  771.277390][T24462] xt_cluster: node mask cannot exceed total number of nodes
[  771.529563][T24467] netlink: 'syz.0.6480': attribute type 11 has an invalid length.
[  771.574668][T24467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6480'.
[  771.968223][T24434] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.000868][T24434] bridge0: port 1(bridge_slave_0) entered disabled state
[  772.025551][T24434] bridge_slave_0: entered allmulticast mode
[  772.041044][T24434] bridge_slave_0: entered promiscuous mode
[  772.059652][T24434] bridge0: port 2(bridge_slave_1) entered blocking state
[  772.078296][T24434] bridge0: port 2(bridge_slave_1) entered disabled state
[  772.094084][T24434] bridge_slave_1: entered allmulticast mode
[  772.111337][T24434] bridge_slave_1: entered promiscuous mode
[  772.252579][T24434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  772.316207][T24434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  772.333204][ T5847] Bluetooth: hci4: command tx timeout
[  772.426607][T24505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6488'.
[  772.442826][T24434] team0: Port device team_slave_0 added
[  772.454404][T24434] team0: Port device team_slave_1 added
[  772.588039][T24434] batman_adv: batadv0: Adding interface: batadv_slave_0
[  772.610853][T24434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  772.639888][T24516] FAULT_INJECTION: forcing a failure.
[  772.639888][T24516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  772.647798][T24434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  772.663358][T24516] CPU: 0 UID: 0 PID: 24516 Comm: syz.3.6494 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  772.663396][T24516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  772.663413][T24516] Call Trace:
[  772.663423][T24516]  <TASK>
[  772.663434][T24516]  dump_stack_lvl+0x189/0x250
[  772.663480][T24516]  ? __pfx____ratelimit+0x10/0x10
[  772.663518][T24516]  ? __pfx_dump_stack_lvl+0x10/0x10
[  772.663551][T24516]  ? __pfx__printk+0x10/0x10
[  772.663581][T24516]  ? __might_fault+0xb0/0x130
[  772.663613][T24516]  should_fail_ex+0x414/0x560
[  772.663647][T24516]  _copy_from_iter+0x1db/0x16f0
[  772.663683][T24516]  ? rcu_is_watching+0x15/0xb0
[  772.663718][T24516]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  772.663742][T24516]  ? __pfx__copy_from_iter+0x10/0x10
[  772.663776][T24516]  ? __build_skb_around+0x257/0x3e0
[  772.663808][T24516]  ? netlink_sendmsg+0x642/0xb30
[  772.663833][T24516]  ? skb_put+0x11b/0x210
[  772.663865][T24516]  netlink_sendmsg+0x6b2/0xb30
[  772.663901][T24516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  772.663932][T24516]  ? aa_sock_msg_perm+0x94/0x160
[  772.663962][T24516]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  772.663990][T24516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  772.664018][T24516]  __sock_sendmsg+0x219/0x270
[  772.664044][T24516]  ____sys_sendmsg+0x505/0x830
[  772.664082][T24516]  ? __pfx_____sys_sendmsg+0x10/0x10
[  772.664122][T24516]  ? import_iovec+0x74/0xa0
[  772.664148][T24516]  ___sys_sendmsg+0x21f/0x2a0
[  772.664180][T24516]  ? __pfx____sys_sendmsg+0x10/0x10
[  772.664248][T24516]  ? __fget_files+0x2a/0x420
[  772.664272][T24516]  ? __fget_files+0x3a0/0x420
[  772.664311][T24516]  __x64_sys_sendmsg+0x19b/0x260
[  772.664346][T24516]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  772.664388][T24516]  ? __pfx_ksys_write+0x10/0x10
[  772.664407][T24516]  ? rcu_is_watching+0x15/0xb0
[  772.664445][T24516]  ? do_syscall_64+0xbe/0x3b0
[  772.664470][T24516]  do_syscall_64+0xfa/0x3b0
[  772.664490][T24516]  ? lockdep_hardirqs_on+0x9c/0x150
[  772.664522][T24516]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.664545][T24516]  ? clear_bhb_loop+0x60/0xb0
[  772.664581][T24516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.664601][T24516] RIP: 0033:0x7f339558e929
[  772.664621][T24516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  772.664642][T24516] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  772.664670][T24516] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  772.664690][T24516] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000003
[  772.664707][T24516] RBP: 00007f339632e090 R08: 0000000000000000 R09: 0000000000000000
[  772.664724][T24516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  772.664740][T24516] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  772.664778][T24516]  </TASK>
[  773.027604][T24523] bond0: entered promiscuous mode
[  773.048400][T24523] batadv_slave_0: entered promiscuous mode
[  773.080806][T24523] debugfs: Directory 'hsr2' with parent 'hsr' already present!
[  773.111179][T24527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6498'.
[  773.119729][T24523] Cannot create hsr debugfs directory
[  773.122007][T24527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6498'.
[  773.131714][T24523] hsr2: entered promiscuous mode
[  773.142113][T24434] batman_adv: batadv0: Adding interface: batadv_slave_1
[  773.159450][T24434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  773.213754][T24529] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6497'.
[  773.228434][T24434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  773.346673][T24535] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6500'.
[  773.470045][T24434] hsr_slave_0: entered promiscuous mode
[  773.484842][T24434] hsr_slave_1: entered promiscuous mode
[  773.501354][T24434] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  773.511220][T24434] Cannot create hsr debugfs directory
[  773.646368][T24541] netlink: 'syz.1.6502': attribute type 1 has an invalid length.
[  774.407742][ T5847] Bluetooth: hci4: command tx timeout
[  774.422780][T24583] netlink: 'syz.0.6515': attribute type 11 has an invalid length.
[  774.730666][T24434] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  774.761699][T24434] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  774.796278][T24434] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  774.858909][T24434] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  774.963580][T24611] __nla_validate_parse: 4 callbacks suppressed
[  774.963602][T24611] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6523'.
[  775.149741][T24434] 8021q: adding VLAN 0 to HW filter on device bond0
[  775.236108][T24434] 8021q: adding VLAN 0 to HW filter on device team0
[  775.259378][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  775.266576][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  775.310539][T24623] netlink: 104 bytes leftover after parsing attributes in process `syz.5.6526'.
[  775.311528][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state
[  775.326946][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  775.804312][T24642] ip6gretap1: left allmulticast mode
[  775.809681][T24642] ip6gretap1: left promiscuous mode
[  775.877540][T24642] bridge4: port 1(ip6gretap1) entered disabled state
[  775.885127][T24653] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6530'.
[  775.897484][T24642] veth7: left allmulticast mode
[  775.902626][T24642] bridge4: port 2(veth7) entered disabled state
[  775.971752][T24646] team0: Unable to change to the same mode the team is in
[  776.281735][T24434] 8021q: adding VLAN 0 to HW filter on device batadv0
[  776.397672][T24673] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6538'.
[  776.437752][T24434] veth0_vlan: entered promiscuous mode
[  776.481422][T24434] veth1_vlan: entered promiscuous mode
[  776.487933][ T5847] Bluetooth: hci4: command tx timeout
[  776.524016][T24434] veth0_macvtap: entered promiscuous mode
[  776.542439][T24434] veth1_macvtap: entered promiscuous mode
[  776.598869][T24434] batman_adv: batadv0: Interface activated: batadv_slave_0
[  776.625885][T24434] batman_adv: batadv0: Interface activated: batadv_slave_1
[  776.652695][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  776.677424][   T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  776.708801][   T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  776.717767][T24679] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  776.735147][   T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  776.840051][ T1119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.868907][ T1119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  776.946643][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.982347][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  777.224790][T24697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6546'.
[  777.291837][T24702] xt_TCPMSS: Only works on TCP SYN packets
[  777.351025][T24705] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6549'.
[  777.629107][T24719] netlink: 'syz.5.6554': attribute type 10 has an invalid length.
[  777.638346][T24719] team0: Device 
0!
 is up. Set it down before adding it as a team port
[  777.959691][  T176] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  778.652321][  T176] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  778.872538][  T176] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  778.972160][  T176] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  779.097720][  T176] bridge_slave_1: left allmulticast mode
[  779.103506][  T176] bridge_slave_1: left promiscuous mode
[  779.109198][  T176] bridge0: port 2(bridge_slave_1) entered disabled state
[  779.119658][  T176] bridge_slave_0: left allmulticast mode
[  779.125785][  T176] bridge_slave_0: left promiscuous mode
[  779.131508][  T176] bridge0: port 1(bridge_slave_0) entered disabled state
[  779.449346][  T176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  779.460221][  T176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  779.470844][  T176] bond0 (unregistering): Released all slaves
[  779.723758][  T176] hsr_slave_0: left promiscuous mode
[  779.729687][  T176] hsr_slave_1: left promiscuous mode
[  779.735927][  T176] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  779.745765][  T176] batman_adv: batadv0: Removing interface: batadv_slave_0
[  779.754145][  T176] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  779.761556][  T176] batman_adv: batadv0: Removing interface: batadv_slave_1
[  779.788025][  T176] veth1_macvtap: left promiscuous mode
[  779.793760][  T176] veth0_macvtap: left promiscuous mode
[  779.799354][  T176] veth1_vlan: left promiscuous mode
[  779.804961][  T176] veth0_vlan: left promiscuous mode
[  780.237476][  T176] team0 (unregistering): Port device team_slave_1 removed
[  780.276850][  T176] team0 (unregistering): Port device team_slave_0 removed
[  780.889486][T24750] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6561'.
[  780.926685][T24741] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6560'.
[  780.953372][T24752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6561'.
[  781.480142][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  781.490297][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  781.506383][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  781.522303][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  781.530909][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  781.913755][T24781] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6570'.
[  782.007353][T24781] 8021q: adding VLAN 0 to HW filter on device bond2
[  782.039355][T24788] bond2: (slave veth9): Enslaving as an active interface with an up link
[  782.056242][T24791] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6572'.
[  782.140182][T24766] chnl_net:caif_netlink_parms(): no params data found
[  782.411066][T24766] bridge0: port 1(bridge_slave_0) entered blocking state
[  782.423054][T24807] netlink: 'syz.5.6575': attribute type 1 has an invalid length.
[  782.438655][T24766] bridge0: port 1(bridge_slave_0) entered disabled state
[  782.448958][T24766] bridge_slave_0: entered allmulticast mode
[  782.458241][T24766] bridge_slave_0: entered promiscuous mode
[  782.465856][T24807] netlink: 224 bytes leftover after parsing attributes in process `syz.5.6575'.
[  782.467185][T24766] bridge0: port 2(bridge_slave_1) entered blocking state
[  782.482654][T24766] bridge0: port 2(bridge_slave_1) entered disabled state
[  782.490170][T24766] bridge_slave_1: entered allmulticast mode
[  782.538620][T24766] bridge_slave_1: entered promiscuous mode
[  782.696416][T24766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  782.710270][T24766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  782.795759][T24766] team0: Port device team_slave_0 added
[  782.806867][T24766] team0: Port device team_slave_1 added
[  782.879323][T24766] batman_adv: batadv0: Adding interface: batadv_slave_0
[  782.887591][T24766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  782.964848][T24766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  782.987502][T24766] batman_adv: batadv0: Adding interface: batadv_slave_1
[  783.003721][T24766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  783.080804][T24766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  783.111737][T24828] bridge_slave_0: left allmulticast mode
[  783.118017][T24828] bridge_slave_0: left promiscuous mode
[  783.124739][T24828] bridge0: port 1(bridge_slave_0) entered disabled state
[  783.136678][T24828] bridge_slave_1: left allmulticast mode
[  783.142340][T24828] bridge_slave_1: left promiscuous mode
[  783.151421][T24828] bridge0: port 2(bridge_slave_1) entered disabled state
[  783.169219][T24828] bond0: (slave bond_slave_0): Releasing backup interface
[  783.194302][T24828] bond0: (slave bond_slave_1): Releasing backup interface
[  783.279049][T24828] team0: Port device team_slave_0 removed
[  783.320158][T24828] team0: Port device team_slave_1 removed
[  783.339211][T24828] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  783.349794][T24828] batman_adv: batadv0: Removing interface: batadv_slave_0
[  783.360022][T24828] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  783.368869][T24828] batman_adv: batadv0: Removing interface: batadv_slave_1
[  783.553141][   T30] audit: type=1107 audit(1750363025.071:5): pid=24836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1'
[  783.580441][T24766] hsr_slave_0: entered promiscuous mode
[  783.594349][T24766] hsr_slave_1: entered promiscuous mode
[  783.603642][T24766] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  783.604204][ T5847] Bluetooth: hci4: command tx timeout
[  783.623442][T24766] Cannot create hsr debugfs directory
[  783.656381][T24843] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6590'.
[  783.852765][T24852] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6593'.
[  784.026320][T24852] ipvlan2: entered promiscuous mode
[  784.052332][T24852] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  784.068106][T24852] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  784.863799][T24874] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6597'.
[  785.437648][T24766] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  785.467071][T24766] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  785.508115][T24766] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  785.542440][T24766] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  785.683665][ T5847] Bluetooth: hci4: command tx timeout
[  785.721324][T24766] 8021q: adding VLAN 0 to HW filter on device bond0
[  785.754102][T24766] 8021q: adding VLAN 0 to HW filter on device team0
[  785.780169][  T176] bridge0: port 1(bridge_slave_0) entered blocking state
[  785.787418][  T176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  785.798818][T24915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6609'.
[  785.803401][  T176] bridge0: port 2(bridge_slave_1) entered blocking state
[  785.814899][  T176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  785.836978][T24915] vlan0: entered promiscuous mode
[  785.976760][T24920] nft_compat: unsupported protocol 0
[  785.989881][T24920] vcan0: tx drop: invalid da for name 0xfffffffffffffffd
[  786.200646][T24766] 8021q: adding VLAN 0 to HW filter on device batadv0
[  786.296318][T24766] veth0_vlan: entered promiscuous mode
[  786.319576][T24766] veth1_vlan: entered promiscuous mode
[  786.400346][T24766] veth0_macvtap: entered promiscuous mode
[  786.432318][T24766] veth1_macvtap: entered promiscuous mode
[  786.522557][T24766] batman_adv: batadv0: Interface activated: batadv_slave_0
[  786.559600][T24766] batman_adv: batadv0: Interface activated: batadv_slave_1
[  786.588629][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  786.595137][T24939] __nla_validate_parse: 1 callbacks suppressed
[  786.595158][T24939] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6616'.
[  786.620437][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  786.630226][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  786.642787][T24939] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6616'.
[  786.654217][T24937] netlink: 'syz.1.6615': attribute type 2 has an invalid length.
[  786.661966][T24937] netlink: 'syz.1.6615': attribute type 8 has an invalid length.
[  786.671640][T24937] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6615'.
[  786.692465][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  786.728229][T24939] erspan0: entered promiscuous mode
[  786.735512][T24939] gretap0: entered promiscuous mode
[  786.741593][T24939] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  786.750295][T24939] Cannot create hsr debugfs directory
[  786.756015][T24939] hsr1: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network
[  786.898600][T19061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  786.915539][T19061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  786.949366][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  786.966651][T24949] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6618'.
[  786.968490][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  786.976402][T24949] tipc: Started in network mode
[  786.992226][T24949] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  787.001768][T24949] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[  787.011502][T24949] tipc: Enabled bearer <udp:syz1>, priority 10
[  787.311950][T24955] can: request_module (can-proto-3) failed.
[  787.521113][T24968] netlink: 'syz.3.6626': attribute type 4 has an invalid length.
[  787.763481][ T5845] Bluetooth: hci4: command tx timeout
[  787.859001][T24983] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6629'.
[  787.968058][T24990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6631'.
[  787.989363][T24990] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6631'.
[  788.123363][ T7129] tipc: Node number set to 1
[  788.266583][T25006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6638'.
[  788.659588][T25026] macvlan0: entered allmulticast mode
[  788.665306][T25026] bond0: entered allmulticast mode
[  788.671048][T25026] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  788.692881][T25026] bond0: left allmulticast mode
[  788.767261][T25028] tipc: Enabled bearer <udp:syz0>, priority 10
[  788.784756][T25032] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  789.001973][T25041] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6650'.
[  789.002041][T25040] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6650'.
[  789.047751][T25040] netlink: 'syz.5.6650': attribute type 58 has an invalid length.
[  789.772355][T25083] netlink: 'syz.1.6664': attribute type 32 has an invalid length.
[  790.297171][T25099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  790.731221][T25109] FAULT_INJECTION: forcing a failure.
[  790.731221][T25109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  790.754973][T25109] CPU: 0 UID: 0 PID: 25109 Comm: syz.0.6672 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  790.755003][T25109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  790.755018][T25109] Call Trace:
[  790.755027][T25109]  <TASK>
[  790.755037][T25109]  dump_stack_lvl+0x189/0x250
[  790.755075][T25109]  ? __pfx____ratelimit+0x10/0x10
[  790.755114][T25109]  ? __pfx_dump_stack_lvl+0x10/0x10
[  790.755146][T25109]  ? __pfx__printk+0x10/0x10
[  790.755170][T25109]  ? __might_fault+0xb0/0x130
[  790.755202][T25109]  should_fail_ex+0x414/0x560
[  790.755234][T25109]  _copy_from_iter+0x1db/0x16f0
[  790.755278][T25109]  ? __pfx__copy_from_iter+0x10/0x10
[  790.755310][T25109]  ? __build_skb_around+0x257/0x3e0
[  790.755341][T25109]  ? netlink_sendmsg+0x642/0xb30
[  790.755373][T25109]  ? skb_put+0x11b/0x210
[  790.755404][T25109]  netlink_sendmsg+0x6b2/0xb30
[  790.755440][T25109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  790.755470][T25109]  ? aa_sock_msg_perm+0x94/0x160
[  790.755499][T25109]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  790.755525][T25109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  790.755551][T25109]  __sock_sendmsg+0x219/0x270
[  790.755577][T25109]  ____sys_sendmsg+0x505/0x830
[  790.755613][T25109]  ? __pfx_____sys_sendmsg+0x10/0x10
[  790.755652][T25109]  ? import_iovec+0x74/0xa0
[  790.755677][T25109]  ___sys_sendmsg+0x21f/0x2a0
[  790.755709][T25109]  ? __pfx____sys_sendmsg+0x10/0x10
[  790.755783][T25109]  ? __fget_files+0x2a/0x420
[  790.755806][T25109]  ? __fget_files+0x3a0/0x420
[  790.755841][T25109]  __x64_sys_sendmsg+0x19b/0x260
[  790.755873][T25109]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  790.755914][T25109]  ? __pfx_ksys_write+0x10/0x10
[  790.755940][T25109]  ? do_syscall_64+0xbe/0x3b0
[  790.755970][T25109]  do_syscall_64+0xfa/0x3b0
[  790.755989][T25109]  ? lockdep_hardirqs_on+0x9c/0x150
[  790.756021][T25109]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.756042][T25109]  ? clear_bhb_loop+0x60/0xb0
[  790.756067][T25109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.756088][T25109] RIP: 0033:0x7f2d28b8e929
[  790.756107][T25109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  790.756126][T25109] RSP: 002b:00007f2d299a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  790.756148][T25109] RAX: ffffffffffffffda RBX: 00007f2d28db5fa0 RCX: 00007f2d28b8e929
[  790.756164][T25109] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  790.756178][T25109] RBP: 00007f2d299a1090 R08: 0000000000000000 R09: 0000000000000000
[  790.756191][T25109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  790.756203][T25109] R13: 0000000000000000 R14: 00007f2d28db5fa0 R15: 00007ffc013ab608
[  790.756236][T25109]  </TASK>
[  790.771888][T25112] netlink: 'syz.3.6673': attribute type 1 has an invalid length.
[  790.834630][T25111] bridge5: entered promiscuous mode
[  791.048943][T25111] bridge5: entered allmulticast mode
[  792.264852][T25142] vlan0: left promiscuous mode
[  792.419903][   T49] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  792.442753][   T49] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  792.452591][   T49] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  792.613784][   T49] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  792.676343][T25172] __nla_validate_parse: 5 callbacks suppressed
[  792.676365][T25172] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6695'.
[  792.813830][T25178] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  793.315955][T25207] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6708'.
[  793.351030][T25207] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6708'.
[  793.501170][T25214] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6711'.
[  793.535131][T25214] syzkaller0: entered promiscuous mode
[  793.540662][T25214] syzkaller0: entered allmulticast mode
[  793.662301][T25218] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  793.876643][T25226] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input8
[  793.903638][T25228] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6718'.
[  793.914260][T25228] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6718'.
[  794.370085][T25251] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6726'.
[  794.372618][T25254] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6727'.
[  794.392289][T25251] netem: unknown loss type 13
[  794.404827][T25251] netem: change failed
[  794.415651][T25256] openvswitch: netlink: Tunnel attr 226 out of range max 16
[  794.588346][T25264] syzkaller1: entered promiscuous mode
[  794.596325][T25264] syzkaller1: entered allmulticast mode
[  794.612701][T25265] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6732'.
[  794.638109][T25267] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6733'.
[  794.729911][T25270] syzkaller1: entered promiscuous mode
[  794.736808][T25270] syzkaller1: entered allmulticast mode
[  795.175783][T25288] mac80211_hwsim hwsim58 wlan0: entered promiscuous mode
[  795.186553][T25288] mac80211_hwsim hwsim58 wlan0: left promiscuous mode
[  795.664971][T25304] netlink: 'syz.1.6747': attribute type 10 has an invalid length.
[  795.695163][T25306] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input9
[  795.699252][T25304] syz_tun: entered promiscuous mode
[  795.722897][T25304] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  796.064800][T25327] FAULT_INJECTION: forcing a failure.
[  796.064800][T25327] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  796.083329][T25327] CPU: 0 UID: 0 PID: 25327 Comm: syz.1.6755 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  796.083359][T25327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  796.083373][T25327] Call Trace:
[  796.083382][T25327]  <TASK>
[  796.083392][T25327]  dump_stack_lvl+0x189/0x250
[  796.083432][T25327]  ? __pfx____ratelimit+0x10/0x10
[  796.083465][T25327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  796.083498][T25327]  ? __pfx__printk+0x10/0x10
[  796.083522][T25327]  ? __might_fault+0xb0/0x130
[  796.083553][T25327]  should_fail_ex+0x414/0x560
[  796.083586][T25327]  _copy_from_user+0x2d/0xb0
[  796.083609][T25327]  ___sys_sendmsg+0x158/0x2a0
[  796.083642][T25327]  ? __pfx____sys_sendmsg+0x10/0x10
[  796.083709][T25327]  ? __fget_files+0x2a/0x420
[  796.083746][T25327]  ? __fget_files+0x3a0/0x420
[  796.083781][T25327]  __x64_sys_sendmsg+0x19b/0x260
[  796.083814][T25327]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  796.083874][T25327]  ? __pfx_ksys_write+0x10/0x10
[  796.083899][T25327]  ? do_syscall_64+0xbe/0x3b0
[  796.083924][T25327]  do_syscall_64+0xfa/0x3b0
[  796.083945][T25327]  ? lockdep_hardirqs_on+0x9c/0x150
[  796.083978][T25327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.083999][T25327]  ? clear_bhb_loop+0x60/0xb0
[  796.084027][T25327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.084047][T25327] RIP: 0033:0x7f3bac38e929
[  796.084079][T25327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  796.084097][T25327] RSP: 002b:00007f3bad217038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  796.084119][T25327] RAX: ffffffffffffffda RBX: 00007f3bac5b5fa0 RCX: 00007f3bac38e929
[  796.084135][T25327] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005
[  796.084148][T25327] RBP: 00007f3bad217090 R08: 0000000000000000 R09: 0000000000000000
[  796.084161][T25327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  796.084174][T25327] R13: 0000000000000000 R14: 00007f3bac5b5fa0 R15: 00007ffc7fb3c728
[  796.084206][T25327]  </TASK>
[  796.638074][T25344] xt_socket: unknown flags 0xd0
[  796.820232][   T30] audit: type=1107 audit(1750363038.341:6): pid=25354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='¼X<'
[  798.301192][T25385] __nla_validate_parse: 12 callbacks suppressed
[  798.301215][T25385] netlink: 520 bytes leftover after parsing attributes in process `syz.0.6777'.
[  799.178306][T25396] netlink: 'syz.0.6782': attribute type 31 has an invalid length.
[  799.215214][T25396] netlink: 'syz.0.6782': attribute type 26 has an invalid length.
[  799.404739][T25403] netlink: 120 bytes leftover after parsing attributes in process `syz.1.6785'.
[  799.431236][T25403] netlink: 'syz.1.6785': attribute type 1 has an invalid length.
[  799.452225][T25393] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  799.612069][T25413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6789'.
[  799.628923][T25414] 8021q: adding VLAN 0 to HW filter on device bond1
[  799.708614][T25418] netlink: 'syz.0.6790': attribute type 3 has an invalid length.
[  800.272690][T25437] hsr0: entered promiscuous mode
[  800.278460][T25437] macvtap1: entered promiscuous mode
[  800.284793][T25437] macvtap1: entered allmulticast mode
[  800.290213][T25437] hsr0: entered allmulticast mode
[  800.295459][T25437] hsr_slave_0: entered allmulticast mode
[  800.301336][T25437] hsr_slave_1: entered allmulticast mode
[  800.311592][T25437] hsr0: left allmulticast mode
[  800.318474][T25437] hsr_slave_0: left allmulticast mode
[  800.324300][T25437] hsr_slave_1: left allmulticast mode
[  800.692945][T25448] netlink: 'syz.5.6802': attribute type 10 has an invalid length.
[  801.173714][   T30] audit: type=1800 audit(1750363042.691:7): pid=25469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6808" name="memory.events" dev="tmpfs" ino=4122 res=0 errno=0
[  801.367205][T25468] syzkaller0: entered promiscuous mode
[  801.388290][T25468] syzkaller0: entered allmulticast mode
[  801.487414][T25481] FAULT_INJECTION: forcing a failure.
[  801.487414][T25481] name failslab, interval 1, probability 0, space 0, times 0
[  801.523277][T25481] CPU: 1 UID: 0 PID: 25481 Comm: syz.0.6812 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  801.523310][T25481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  801.523325][T25481] Call Trace:
[  801.523333][T25481]  <TASK>
[  801.523343][T25481]  dump_stack_lvl+0x189/0x250
[  801.523382][T25481]  ? __pfx____ratelimit+0x10/0x10
[  801.523415][T25481]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.523448][T25481]  ? __pfx__printk+0x10/0x10
[  801.523474][T25481]  ? __pfx___might_resched+0x10/0x10
[  801.523507][T25481]  ? fs_reclaim_acquire+0x7d/0x100
[  801.523538][T25481]  should_fail_ex+0x414/0x560
[  801.523572][T25481]  should_failslab+0xa8/0x100
[  801.523596][T25481]  __kmalloc_cache_noprof+0x70/0x3d0
[  801.523617][T25481]  ? hash_ipmark_create+0x387/0x1080
[  801.523643][T25481]  hash_ipmark_create+0x387/0x1080
[  801.523674][T25481]  ? __nla_parse+0x40/0x60
[  801.523722][T25481]  ? __pfx_hash_ipmark_create+0x10/0x10
[  801.523747][T25481]  ip_set_create+0xa97/0x1940
[  801.523780][T25481]  ? ip_set_create+0x4a2/0x1940
[  801.523826][T25481]  ? __pfx_ip_set_create+0x10/0x10
[  801.523905][T25481]  nfnetlink_rcv_msg+0xb4a/0x1130
[  801.523944][T25481]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  801.524011][T25481]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  801.524040][T25481]  ? __lock_acquire+0xab9/0xd20
[  801.524110][T25481]  ? __lock_acquire+0xab9/0xd20
[  801.524159][T25481]  netlink_rcv_skb+0x205/0x470
[  801.524188][T25481]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  801.524229][T25481]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  801.524269][T25481]  ? bpf_lsm_capable+0x9/0x20
[  801.524288][T25481]  ? security_capable+0x7e/0x2e0
[  801.524324][T25481]  nfnetlink_rcv+0x26a/0x2520
[  801.524360][T25481]  ? unwind_get_return_address+0x4d/0x90
[  801.524392][T25481]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  801.524418][T25481]  ? arch_stack_walk+0xfc/0x150
[  801.524456][T25481]  ? stack_trace_save+0x9c/0xe0
[  801.524483][T25481]  ? stack_depot_save_flags+0x40/0x900
[  801.524517][T25481]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  801.524554][T25481]  ? kasan_save_track+0x4f/0x80
[  801.524584][T25481]  ? kasan_save_track+0x3e/0x80
[  801.524624][T25481]  ? __lock_acquire+0xab9/0xd20
[  801.524685][T25481]  ? __lock_acquire+0xab9/0xd20
[  801.524741][T25481]  ? netlink_deliver_tap+0x2e/0x1b0
[  801.524776][T25481]  ? netlink_deliver_tap+0x2e/0x1b0
[  801.524800][T25481]  ? netlink_deliver_tap+0x2e/0x1b0
[  801.524832][T25481]  netlink_unicast+0x758/0x8d0
[  801.524869][T25481]  netlink_sendmsg+0x805/0xb30
[  801.524908][T25481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  801.524938][T25481]  ? aa_sock_msg_perm+0x94/0x160
[  801.524975][T25481]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  801.525003][T25481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  801.525031][T25481]  __sock_sendmsg+0x219/0x270
[  801.525059][T25481]  ____sys_sendmsg+0x505/0x830
[  801.525096][T25481]  ? __pfx_____sys_sendmsg+0x10/0x10
[  801.525138][T25481]  ? import_iovec+0x74/0xa0
[  801.525165][T25481]  ___sys_sendmsg+0x21f/0x2a0
[  801.525198][T25481]  ? __pfx____sys_sendmsg+0x10/0x10
[  801.525275][T25481]  ? __fget_files+0x2a/0x420
[  801.525298][T25481]  ? __fget_files+0x3a0/0x420
[  801.525336][T25481]  __x64_sys_sendmsg+0x19b/0x260
[  801.525369][T25481]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  801.525413][T25481]  ? __pfx_ksys_write+0x10/0x10
[  801.525440][T25481]  ? do_syscall_64+0xbe/0x3b0
[  801.525467][T25481]  do_syscall_64+0xfa/0x3b0
[  801.525486][T25481]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.525518][T25481]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.525540][T25481]  ? clear_bhb_loop+0x60/0xb0
[  801.525567][T25481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.525588][T25481] RIP: 0033:0x7f2d28b8e929
[  801.525608][T25481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  801.525628][T25481] RSP: 002b:00007f2d299a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  801.525651][T25481] RAX: ffffffffffffffda RBX: 00007f2d28db5fa0 RCX: 00007f2d28b8e929
[  801.525667][T25481] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  801.525681][T25481] RBP: 00007f2d299a1090 R08: 0000000000000000 R09: 0000000000000000
[  801.525694][T25481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  801.525707][T25481] R13: 0000000000000000 R14: 00007f2d28db5fa0 R15: 00007ffc013ab608
[  801.525745][T25481]  </TASK>
[  802.600867][T25501] FAULT_INJECTION: forcing a failure.
[  802.600867][T25501] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  802.620404][T25501] CPU: 0 UID: 0 PID: 25501 Comm: syz.3.6820 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  802.620435][T25501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  802.620448][T25501] Call Trace:
[  802.620457][T25501]  <TASK>
[  802.620467][T25501]  dump_stack_lvl+0x189/0x250
[  802.620503][T25501]  ? __pfx____ratelimit+0x10/0x10
[  802.620535][T25501]  ? __pfx_dump_stack_lvl+0x10/0x10
[  802.620567][T25501]  ? __pfx__printk+0x10/0x10
[  802.620589][T25501]  ? __might_fault+0xb0/0x130
[  802.620622][T25501]  should_fail_ex+0x414/0x560
[  802.620654][T25501]  _copy_from_user+0x2d/0xb0
[  802.620675][T25501]  ____sys_sendmsg+0x2fe/0x830
[  802.620714][T25501]  ? __pfx_____sys_sendmsg+0x10/0x10
[  802.620753][T25501]  ? import_iovec+0x74/0xa0
[  802.620777][T25501]  ___sys_sendmsg+0x21f/0x2a0
[  802.620808][T25501]  ? __pfx____sys_sendmsg+0x10/0x10
[  802.620881][T25501]  ? __fget_files+0x2a/0x420
[  802.620902][T25501]  ? __fget_files+0x3a0/0x420
[  802.620947][T25501]  __x64_sys_sendmsg+0x19b/0x260
[  802.620980][T25501]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  802.621020][T25501]  ? __pfx_ksys_write+0x10/0x10
[  802.621054][T25501]  ? rcu_is_watching+0x15/0xb0
[  802.621093][T25501]  ? do_syscall_64+0xbe/0x3b0
[  802.621120][T25501]  do_syscall_64+0xfa/0x3b0
[  802.621138][T25501]  ? lockdep_hardirqs_on+0x9c/0x150
[  802.621170][T25501]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.621190][T25501]  ? clear_bhb_loop+0x60/0xb0
[  802.621217][T25501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.621237][T25501] RIP: 0033:0x7f339558e929
[  802.621256][T25501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.621274][T25501] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  802.621296][T25501] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  802.621312][T25501] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  802.621326][T25501] RBP: 00007f339632e090 R08: 0000000000000000 R09: 0000000000000000
[  802.621339][T25501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  802.621351][T25501] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  802.621387][T25501]  </TASK>
[  803.446892][T25517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6826'.
[  804.174939][T25517] ipvlan2: entered promiscuous mode
[  804.256802][T25518] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  804.273586][T25518] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  804.295495][T25518] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  804.312060][T25519] mac80211_hwsim hwsim29 wlan1: entered allmulticast mode
[  804.331986][T25527] openvswitch: netlink: Message has 4 unknown bytes.
[  804.339058][T25527] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  804.349030][T25527] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6829'.
[  804.695338][T25546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6837'.
[  804.899810][T25559] netlink: 'syz.5.6841': attribute type 1 has an invalid length.
[  804.940352][T25559] 8021q: adding VLAN 0 to HW filter on device bond3
[  804.977848][T25557] netlink: 'syz.1.6842': attribute type 7 has an invalid length.
[  804.980303][T25559] bond3: (slave geneve2): making interface the new active one
[  804.995993][T25565] netlink: 'syz.3.6839': attribute type 2 has an invalid length.
[  805.002562][T25559] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  805.021463][T25557] : entered promiscuous mode
[  805.060382][T25568] netlink: 56 bytes leftover after parsing attributes in process `syz.0.6844'.
[  805.072628][T25559] bond3: entered promiscuous mode
[  805.081026][T25559] geneve2: entered promiscuous mode
[  805.816722][T25586] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6849'.
[  805.830496][T25586] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6849'.
[  805.845054][T25586] erspan0: entered promiscuous mode
[  805.851700][T25586] gretap0: entered promiscuous mode
[  805.912105][T25588] netlink: 11 bytes leftover after parsing attributes in process `syz.5.6850'.
[  805.990648][T25149] IPVS: starting estimator thread 0...
[  806.058740][T25598] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  806.071347][T25598] team0: Device ipvlan2 is already an upper device of the team interface
[  806.084046][T25596] IPVS: using max 24 ests per chain, 57600 per kthread
[  806.137262][T25599] netlink: 'syz.5.6853': attribute type 29 has an invalid length.
[  806.681213][T25628] FAULT_INJECTION: forcing a failure.
[  806.681213][T25628] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  806.700345][T25628] CPU: 1 UID: 0 PID: 25628 Comm: syz.3.6865 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  806.700375][T25628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  806.700388][T25628] Call Trace:
[  806.700397][T25628]  <TASK>
[  806.700406][T25628]  dump_stack_lvl+0x189/0x250
[  806.700446][T25628]  ? __pfx____ratelimit+0x10/0x10
[  806.700480][T25628]  ? __pfx_dump_stack_lvl+0x10/0x10
[  806.700515][T25628]  ? __pfx__printk+0x10/0x10
[  806.700539][T25628]  ? __might_fault+0xb0/0x130
[  806.700572][T25628]  should_fail_ex+0x414/0x560
[  806.700605][T25628]  _copy_from_iter+0x1db/0x16f0
[  806.700641][T25628]  ? rcu_is_watching+0x15/0xb0
[  806.700675][T25628]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  806.700699][T25628]  ? __pfx__copy_from_iter+0x10/0x10
[  806.700732][T25628]  ? __build_skb_around+0x257/0x3e0
[  806.700763][T25628]  ? netlink_sendmsg+0x642/0xb30
[  806.700787][T25628]  ? skb_put+0x11b/0x210
[  806.700820][T25628]  netlink_sendmsg+0x6b2/0xb30
[  806.700857][T25628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  806.700888][T25628]  ? aa_sock_msg_perm+0x94/0x160
[  806.700918][T25628]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  806.700947][T25628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  806.700974][T25628]  __sock_sendmsg+0x219/0x270
[  806.701001][T25628]  ____sys_sendmsg+0x505/0x830
[  806.701039][T25628]  ? __pfx_____sys_sendmsg+0x10/0x10
[  806.701079][T25628]  ? import_iovec+0x74/0xa0
[  806.701105][T25628]  ___sys_sendmsg+0x21f/0x2a0
[  806.701139][T25628]  ? __pfx____sys_sendmsg+0x10/0x10
[  806.701210][T25628]  ? __fget_files+0x2a/0x420
[  806.701231][T25628]  ? __fget_files+0x3a0/0x420
[  806.701268][T25628]  __x64_sys_sendmsg+0x19b/0x260
[  806.701310][T25628]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  806.701353][T25628]  ? __pfx_ksys_write+0x10/0x10
[  806.701371][T25628]  ? rcu_is_watching+0x15/0xb0
[  806.701410][T25628]  ? do_syscall_64+0xbe/0x3b0
[  806.701436][T25628]  do_syscall_64+0xfa/0x3b0
[  806.701457][T25628]  ? lockdep_hardirqs_on+0x9c/0x150
[  806.701490][T25628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.701512][T25628]  ? clear_bhb_loop+0x60/0xb0
[  806.701539][T25628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.701562][T25628] RIP: 0033:0x7f339558e929
[  806.701582][T25628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  806.701602][T25628] RSP: 002b:00007f339632e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  806.701626][T25628] RAX: ffffffffffffffda RBX: 00007f33957b5fa0 RCX: 00007f339558e929
[  806.701643][T25628] RDX: 00000000200040c0 RSI: 00002000000004c0 RDI: 0000000000000003
[  806.701658][T25628] RBP: 00007f339632e090 R08: 0000000000000000 R09: 0000000000000000
[  806.701672][T25628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  806.701685][T25628] R13: 0000000000000000 R14: 00007f33957b5fa0 R15: 00007ffee7718118
[  806.701720][T25628]  </TASK>
[  806.986928][   T49] wlan1: Trigger new scan to find an IBSS to join
[  807.012704][T25629] syzkaller0: entered promiscuous mode
[  807.019558][T25629] syzkaller0: entered allmulticast mode
[  807.244138][T25622] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6863'.
[  807.253799][T25622] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[  807.262066][T25622] tipc: Enabled bearer <udp:syz1>, priority 10
[  807.364405][T25643] netlink: 'syz.3.6872': attribute type 4 has an invalid length.
[  807.372195][T25643] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6872'.
[  807.842095][ T5845] Bluetooth: hci1: link tx timeout
[  807.854859][ T5845] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  808.007590][T25663] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6876'.
[  809.439488][T25679] __nla_validate_parse: 1 callbacks suppressed
[  809.439510][T25679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6878'.
[  809.657917][T25683] syzkaller0: entered promiscuous mode
[  809.682587][T25683] syzkaller0: entered allmulticast mode
[  809.695616][T25691] netlink: 'syz.5.6883': attribute type 10 has an invalid length.
[  809.725227][T25693] FAULT_INJECTION: forcing a failure.
[  809.725227][T25693] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  809.740094][T25693] CPU: 0 UID: 0 PID: 25693 Comm: syz.0.6885 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  809.740137][T25693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  809.740151][T25693] Call Trace:
[  809.740160][T25693]  <TASK>
[  809.740169][T25693]  dump_stack_lvl+0x189/0x250
[  809.740205][T25693]  ? __pfx____ratelimit+0x10/0x10
[  809.740237][T25693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  809.740268][T25693]  ? __pfx__printk+0x10/0x10
[  809.740304][T25693]  should_fail_ex+0x414/0x560
[  809.740334][T25693]  _copy_from_user+0x2d/0xb0
[  809.740354][T25693]  ___bpf_copy_key+0xa5/0x110
[  809.740386][T25693]  map_update_elem+0x200/0x750
[  809.740417][T25693]  ? bpf_lsm_bpf+0x9/0x20
[  809.740450][T25693]  __sys_bpf+0x6a9/0x860
[  809.740477][T25693]  ? __pfx___sys_bpf+0x10/0x10
[  809.740517][T25693]  ? ksys_write+0x22a/0x250
[  809.740538][T25693]  ? __pfx_ksys_write+0x10/0x10
[  809.740565][T25693]  __x64_sys_bpf+0x7c/0x90
[  809.740589][T25693]  do_syscall_64+0xfa/0x3b0
[  809.740608][T25693]  ? lockdep_hardirqs_on+0x9c/0x150
[  809.740638][T25693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  809.740658][T25693]  ? clear_bhb_loop+0x60/0xb0
[  809.740683][T25693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  809.740702][T25693] RIP: 0033:0x7f2d28b8e929
[  809.740720][T25693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  809.740737][T25693] RSP: 002b:00007f2d299a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  809.740758][T25693] RAX: ffffffffffffffda RBX: 00007f2d28db5fa0 RCX: 00007f2d28b8e929
[  809.740774][T25693] RDX: 0000000000000020 RSI: 0000200000000780 RDI: 0000000000000002
[  809.740786][T25693] RBP: 00007f2d299a1090 R08: 0000000000000000 R09: 0000000000000000
[  809.740799][T25693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  809.740811][T25693] R13: 0000000000000000 R14: 00007f2d28db5fa0 R15: 00007ffc013ab608
[  809.740842][T25693]  </TASK>
[  809.938851][   T49] wlan1: Trigger new scan to find an IBSS to join
[  809.940620][T25683] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6881'.
[  809.950176][T20553] Bluetooth: hci1: command 0x0405 tx timeout
[  810.025005][T25691] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6883'.
[  811.785747][T25709] syzkaller1: left promiscuous mode
[  811.791075][T25709] syzkaller1: left allmulticast mode
[  811.971545][T25721] syzkaller1: entered promiscuous mode
[  811.982878][T25721] syzkaller1: entered allmulticast mode
[  811.999201][T25723] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6896'.
[  812.272044][T25735] netlink: 'syz.1.6904': attribute type 3 has an invalid length.
[  812.292268][T25735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6904'.
[  812.343936][T25740] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6903'.
[  812.353479][T25740] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6903'.
[  812.376272][T25740] ip6gretap0: entered promiscuous mode
[  812.391566][T25740] syz_tun: entered promiscuous mode
[  812.419758][T25740] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  812.443298][T25740] Cannot create hsr debugfs directory
[  812.449519][T25740] hsr1: Slave A (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  812.460495][T25740] hsr1: Slave B (syz_tun) is not up; please bring it up to get a fully working HSR network
[  812.610790][T25751] xt_hashlimit: size too large, truncated to 1048576
[  812.704280][T25755] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6907'.
[  812.760136][T25760] FAULT_INJECTION: forcing a failure.
[  812.760136][T25760] name failslab, interval 1, probability 0, space 0, times 0
[  812.803757][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  812.817852][T25760] CPU: 1 UID: 0 PID: 25760 Comm: syz.5.6909 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  812.817887][T25760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  812.817902][T25760] Call Trace:
[  812.817913][T25760]  <TASK>
[  812.817923][T25760]  dump_stack_lvl+0x189/0x250
[  812.817975][T25760]  ? __pfx____ratelimit+0x10/0x10
[  812.818008][T25760]  ? __pfx_dump_stack_lvl+0x10/0x10
[  812.818042][T25760]  ? __pfx__printk+0x10/0x10
[  812.818072][T25760]  ? __pfx___might_resched+0x10/0x10
[  812.818121][T25760]  should_fail_ex+0x414/0x560
[  812.818152][T25760]  should_failslab+0xa8/0x100
[  812.818175][T25760]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  812.818196][T25760]  ? __alloc_skb+0x112/0x2d0
[  812.818226][T25760]  __alloc_skb+0x112/0x2d0
[  812.818255][T25760]  netlink_dump+0x22b/0xe20
[  812.818281][T25760]  ? __netlink_lookup+0xbd/0x810
[  812.818313][T25760]  ? __pfx_netlink_dump+0x10/0x10
[  812.818348][T25760]  ? netlink_lookup+0x30/0x200
[  812.818370][T25760]  ? netlink_lookup+0x30/0x200
[  812.818389][T25760]  ? netlink_lookup+0x30/0x200
[  812.818417][T25760]  __netlink_dump_start+0x5cb/0x7e0
[  812.818449][T25760]  rtnetlink_rcv_msg+0x9eb/0xb70
[  812.818474][T25760]  ? __pfx_tc_dump_tclass+0x10/0x10
[  812.818493][T25760]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  812.818515][T25760]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  812.818537][T25760]  ? ref_tracker_free+0x63a/0x7d0
[  812.818562][T25760]  ? __pfx_rtnl_dumpit+0x10/0x10
[  812.818584][T25760]  ? __pfx_tc_dump_tclass+0x10/0x10
[  812.818615][T25760]  netlink_rcv_skb+0x205/0x470
[  812.818640][T25760]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  812.818666][T25760]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  812.818703][T25760]  ? netlink_deliver_tap+0x2e/0x1b0
[  812.818732][T25760]  ? netlink_deliver_tap+0x2e/0x1b0
[  812.818762][T25760]  netlink_unicast+0x758/0x8d0
[  812.818795][T25760]  netlink_sendmsg+0x805/0xb30
[  812.818829][T25760]  ? __pfx_netlink_sendmsg+0x10/0x10
[  812.818857][T25760]  ? aa_sock_msg_perm+0x94/0x160
[  812.818890][T25760]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  812.818915][T25760]  ? __pfx_netlink_sendmsg+0x10/0x10
[  812.818940][T25760]  __sock_sendmsg+0x219/0x270
[  812.818963][T25760]  ____sys_sendmsg+0x505/0x830
[  812.818996][T25760]  ? __pfx_____sys_sendmsg+0x10/0x10
[  812.819034][T25760]  ? import_iovec+0x74/0xa0
[  812.819058][T25760]  ___sys_sendmsg+0x21f/0x2a0
[  812.819090][T25760]  ? __pfx____sys_sendmsg+0x10/0x10
[  812.819156][T25760]  ? __fget_files+0x2a/0x420
[  812.819177][T25760]  ? __fget_files+0x3a0/0x420
[  812.819210][T25760]  __x64_sys_sendmsg+0x19b/0x260
[  812.819241][T25760]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  812.819280][T25760]  ? __pfx_ksys_write+0x10/0x10
[  812.819296][T25760]  ? rcu_is_watching+0x15/0xb0
[  812.819332][T25760]  ? do_syscall_64+0xbe/0x3b0
[  812.819355][T25760]  do_syscall_64+0xfa/0x3b0
[  812.819373][T25760]  ? lockdep_hardirqs_on+0x9c/0x150
[  812.819403][T25760]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.819422][T25760]  ? clear_bhb_loop+0x60/0xb0
[  812.819447][T25760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.819466][T25760] RIP: 0033:0x7ffa6178e929
[  812.819484][T25760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  812.819502][T25760] RSP: 002b:00007ffa626b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  812.819524][T25760] RAX: ffffffffffffffda RBX: 00007ffa619b5fa0 RCX: 00007ffa6178e929
[  812.819539][T25760] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000003
[  812.819552][T25760] RBP: 00007ffa626b1090 R08: 0000000000000000 R09: 0000000000000000
[  812.819565][T25760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  812.819577][T25760] R13: 0000000000000000 R14: 00007ffa619b5fa0 R15: 00007ffe6cc6bac8
[  812.819608][T25760]  </TASK>
[  813.208556][T25762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6911'.
[  813.490236][T25779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6914'.
[  814.104526][T25809] bridge0: port 1(veth0_to_bridge) entered blocking state
[  814.121977][T25809] bridge0: port 1(veth0_to_bridge) entered disabled state
[  814.142326][T25809] veth0_to_bridge: entered allmulticast mode
[  814.189887][T25809] veth0_to_bridge: entered promiscuous mode
[  814.247190][T25816] netlink: 'syz.5.6928': attribute type 1 has an invalid length.
[  814.283204][T25809] netlink: 'syz.1.6925': attribute type 10 has an invalid length.
[  814.364429][T25809] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  814.497644][T25825] __nla_validate_parse: 4 callbacks suppressed
[  814.497665][T25825] netlink: 184 bytes leftover after parsing attributes in process `syz.5.6932'.
[  814.532742][T25827] netlink: 112 bytes leftover after parsing attributes in process `syz.0.6933'.
[  814.564391][T25825] xt_socket: unknown flags 0xd0
[  814.679865][T25827] syzkaller0: entered promiscuous mode
[  814.702381][T25827] syzkaller0: entered allmulticast mode
[  814.719719][T25839] netlink: 596 bytes leftover after parsing attributes in process `syz.1.6937'.
[  814.759403][T25827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6933'.
[  814.813063][T25844] xt_hashlimit: overflow, try lower: 5/0
[  815.826229][T25854] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6940'.
[  818.603469][T25881] netlink: 'syz.3.6949': attribute type 10 has an invalid length.
[  818.624050][T25881] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6949'.
[  818.661983][T25881] batman_adv: batadv0: Adding interface: virt_wifi0
[  818.691328][T25881] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560.
[  818.719352][T25881] batman_adv: batadv0: Interface activated: virt_wifi0
[  818.897320][T25900] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6952'.
[  819.010111][T25900] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6952'.
[  819.534412][T25917] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6958'.
[  819.558256][T25917] block nbd0: not configured, cannot reconfigure
[  819.897557][T25932] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3
[  821.287007][T25931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6963'.
[  821.502774][T25950] FAULT_INJECTION: forcing a failure.
[  821.502774][T25950] name failslab, interval 1, probability 0, space 0, times 0
[  821.516161][T25948] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6966'.
[  821.526609][T25950] CPU: 1 UID: 0 PID: 25950 Comm: syz.0.6968 Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  821.526638][T25950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  821.526652][T25950] Call Trace:
[  821.526661][T25950]  <TASK>
[  821.526671][T25950]  dump_stack_lvl+0x189/0x250
[  821.526709][T25950]  ? __pfx____ratelimit+0x10/0x10
[  821.526747][T25950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  821.526798][T25950]  ? __pfx__printk+0x10/0x10
[  821.526840][T25950]  should_fail_ex+0x414/0x560
[  821.526874][T25950]  should_failslab+0xa8/0x100
[  821.526899][T25950]  __kmalloc_cache_noprof+0x70/0x3d0
[  821.526921][T25950]  ? sctp_add_bind_addr+0x8c/0x370
[  821.526950][T25950]  sctp_add_bind_addr+0x8c/0x370
[  821.526978][T25950]  sctp_copy_local_addr_list+0x30b/0x4e0
[  821.527007][T25950]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  821.527031][T25950]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  821.527058][T25950]  ? sctp_v6_is_any+0x64/0x80
[  821.527085][T25950]  ? sctp_copy_one_addr+0x93/0x360
[  821.527112][T25950]  sctp_bind_addr_copy+0x189/0x3c0
[  821.527144][T25950]  sctp_connect_new_asoc+0x2e0/0x690
[  821.527178][T25950]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  821.527205][T25950]  ? __local_bh_enable_ip+0x12d/0x1c0
[  821.527253][T25950]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  821.527283][T25950]  ? security_sctp_bind_connect+0x7e/0x2e0
[  821.527311][T25950]  sctp_sendmsg+0x155c/0x2810
[  821.527354][T25950]  ? __pfx_sctp_sendmsg+0x10/0x10
[  821.527386][T25950]  ? aa_sk_perm+0x81e/0x950
[  821.527418][T25950]  ? __pfx_aa_sk_perm+0x10/0x10
[  821.527447][T25950]  ? sock_rps_record_flow+0x19/0x410
[  821.527473][T25950]  ? inet_sendmsg+0x2f4/0x370
[  821.527500][T25950]  __sock_sendmsg+0x19c/0x270
[  821.527527][T25950]  __sys_sendto+0x3bd/0x520
[  821.527558][T25950]  ? __pfx___sys_sendto+0x10/0x10
[  821.527582][T25950]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  821.527624][T25950]  ? __fget_files+0x3a0/0x420
[  821.527662][T25950]  ? ksys_write+0x22a/0x250
[  821.527685][T25950]  ? __pfx_ksys_write+0x10/0x10
[  821.527702][T25950]  ? rcu_is_watching+0x15/0xb0
[  821.527742][T25950]  __x64_sys_sendto+0xde/0x100
[  821.527774][T25950]  do_syscall_64+0xfa/0x3b0
[  821.527795][T25950]  ? lockdep_hardirqs_on+0x9c/0x150
[  821.527827][T25950]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.527849][T25950]  ? clear_bhb_loop+0x60/0xb0
[  821.527876][T25950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.527897][T25950] RIP: 0033:0x7f2d28b8e929
[  821.527917][T25950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  821.527937][T25950] RSP: 002b:00007f2d299a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  821.527960][T25950] RAX: ffffffffffffffda RBX: 00007f2d28db5fa0 RCX: 00007f2d28b8e929
[  821.527989][T25950] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003
[  821.528002][T25950] RBP: 00007f2d299a1090 R08: 000020000005ffe4 R09: 000000000000001c
[  821.528017][T25950] R10: 00000000000000f5 R11: 0000000000000246 R12: 0000000000000002
[  821.528029][T25950] R13: 0000000000000000 R14: 00007f2d28db5fa0 R15: 00007ffc013ab608
[  821.528063][T25950]  </TASK>
[  822.519979][T25982] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6979'.
[  823.218998][T25995] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6982'.
[  823.237258][T25995] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6982'.
[  823.314359][T25998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6983'.
[  824.763490][T26004] netlink: 'syz.3.6985': attribute type 5 has an invalid length.
[  824.896254][T26015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6990'.
[  825.135952][T26024] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  825.156961][T26024] batman_adv: batadv0: Removing interface: virt_wifi0
[  825.218943][T26024] bond2: (slave veth9): Releasing backup interface
[  825.367729][T26036] netlink: 'syz.5.6996': attribute type 21 has an invalid length.
[  827.318285][T26047] syz_tun: entered allmulticast mode
[  827.354496][    C1] ------------[ cut here ]------------
[  827.360439][    C1] WARNING: CPU: 1 PID: 14103 at net/ipv4/ipmr.c:2302 ip_mr_output+0xbb1/0xe70
[  827.369418][    C1] Modules linked in:
[  827.373604][    C1] CPU: 1 UID: 0 PID: 14103 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  827.385898][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  827.396009][    C1] RIP: 0010:ip_mr_output+0xbb1/0xe70
[  827.401352][    C1] Code: df e9 63 f6 ff ff e8 fe 71 c6 f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 3a 11 4c ff e9 45 f6 ff ff e8 e0 71 c6 f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 d2 71 c6 f7 90 0f 0b 90 42 80 3c 2b 00
[  827.421042][    C1] RSP: 0018:ffffc90000a08900 EFLAGS: 00010246
[  827.427183][    C1] RAX: ffffffff89f9ed10 RBX: ffff88805a7293c0 RCX: ffff8880268c5a00
[  827.435237][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  827.443259][    C1] RBP: ffffc90000a08a10 R08: ffff8880268c5a00 R09: 0000000000000004
[  827.451256][    C1] R10: 0000000000000003 R11: ffffffff89f9e160 R12: 0000000000000010
[  827.459285][    C1] R13: dffffc0000000000 R14: ffff888078a17000 R15: 0000000000000000
[  827.467312][    C1] FS:  000055555c6b0500(0000) GS:ffff888125d52000(0000) knlGS:0000000000000000
[  827.476299][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  827.482925][    C1] CR2: 00007f339577e2d8 CR3: 00000000750dc000 CR4: 00000000003526f0
[  827.490950][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  827.498966][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  827.506961][    C1] Call Trace:
[  827.510243][    C1]  <IRQ>
[  827.513130][    C1]  ? __pfx_dst_output+0x10/0x10
[  827.518033][    C1]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  827.523479][    C1]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  827.529588][    C1]  ? __pfx_ip_mr_output+0x10/0x10
[  827.534696][    C1]  ? skb_dst+0x4f/0xd0
[  827.538810][    C1]  ? dst_output+0x177/0x1c0
[  827.543421][    C1]  igmp_send_report+0x89e/0xdb0
[  827.548323][    C1]  ? __pfx_igmp_send_report+0x10/0x10
[  827.553790][    C1]  ? igmp_start_timer+0x211/0x2b0
[  827.558873][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  827.564186][    C1]  igmp_timer_expire+0x204/0x510
[  827.569175][    C1]  call_timer_fn+0x17e/0x5f0
[  827.573852][    C1]  ? __pfx_igmp_timer_expire+0x10/0x10
[  827.579354][    C1]  ? call_timer_fn+0xbe/0x5f0
[  827.584152][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  827.589300][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  827.594557][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  827.599833][    C1]  ? __pfx_igmp_timer_expire+0x10/0x10
[  827.605360][    C1]  __run_timer_base+0x61a/0x860
[  827.610252][    C1]  ? ktime_get+0x3e/0x1f0
[  827.614659][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  827.620069][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  827.626393][    C1]  run_timer_softirq+0xb7/0x180
[  827.631292][    C1]  handle_softirqs+0x286/0x870
[  827.636109][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  827.640915][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  827.646275][    C1]  __irq_exit_rcu+0xca/0x1f0
[  827.650903][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  827.656158][    C1]  irq_exit_rcu+0x9/0x30
[  827.660436][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  827.666134][    C1]  </IRQ>
[  827.669089][    C1]  <TASK>
[  827.672032][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  827.678062][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70
[  827.684196][    C1] Code: 8b 3d 44 35 fa 0b 48 89 de 5b e9 f3 b0 58 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 e0 9c 92 65 8b 15 28 81 dc 10 81 e2 00 01 ff 00
[  827.703876][    C1] RSP: 0018:ffffc9000447fc60 EFLAGS: 00000297
[  827.710067][    C1] RAX: ffffffff899463d9 RBX: ffffffff8f600260 RCX: ffffffff8b67712d
[  827.718117][    C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000447fbe0
[  827.726139][    C1] RBP: ffffffff8f600298 R08: ffffc9000447fbe7 R09: 1ffff9200088ff7c
[  827.734165][    C1] R10: dffffc0000000000 R11: fffff5200088ff7d R12: 0000000000000041
[  827.742163][    C1] R13: dffffc0000000000 R14: 1ffffffff1ec0053 R15: 0000000000000044
[  827.750202][    C1]  ? nf_getsockopt+0x239/0x290
[  827.755028][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  827.760691][    C1]  nf_getsockopt+0x239/0x290
[  827.765366][    C1]  ip_getsockopt+0x1c4/0x220
[  827.769987][    C1]  ? __pfx_ip_getsockopt+0x10/0x10
[  827.775156][    C1]  ? sock_common_getsockopt+0x2d/0xb0
[  827.780558][    C1]  do_sock_getsockopt+0x35d/0x650
[  827.785653][    C1]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  827.791229][    C1]  ? __pfx_do_syscall_64+0x10/0x10
[  827.796387][    C1]  ? fd_install+0x97/0x540
[  827.800836][    C1]  __x64_sys_getsockopt+0x1a5/0x250
[  827.806091][    C1]  ? __pfx_do_syscall_64+0x10/0x10
[  827.811233][    C1]  ? __pfx_do_syscall_64+0x10/0x10
[  827.816413][    C1]  do_syscall_64+0xfa/0x3b0
[  827.820938][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  827.826196][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.832312][    C1]  ? clear_bhb_loop+0x60/0xb0
[  827.837046][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.843172][    C1] RIP: 0033:0x7f339559066a
[  827.847612][    C1] Code: ff c3 66 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb b8 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7
[  827.867268][    C1] RSP: 002b:00007ffee7717da8 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
[  827.875752][    C1] RAX: ffffffffffffffda RBX: 00007ffee7717e30 RCX: 00007f339559066a
[  827.883795][    C1] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
[  827.891794][    C1] RBP: 0000000000000003 R08: 00007ffee7717dcc R09: 0079746972756365
[  827.899838][    C1] R10: 00007ffee7717e30 R11: 0000000000000216 R12: 00007f3395783940
[  827.907857][    C1] R13: 00007ffee7717dcc R14: 0000000000000000 R15: 00007f3395784000
[  827.915889][    C1]  </TASK>
[  827.918929][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  827.926213][    C1] CPU: 1 UID: 0 PID: 14103 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-00482-gafc783fa0aab #0 PREEMPT(full) 
[  827.938468][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  827.948519][    C1] Call Trace:
[  827.951818][    C1]  <IRQ>
[  827.954667][    C1]  dump_stack_lvl+0x99/0x250
[  827.959289][    C1]  ? __asan_memcpy+0x40/0x70
[  827.963904][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  827.969135][    C1]  ? __pfx__printk+0x10/0x10
[  827.973758][    C1]  panic+0x2db/0x790
[  827.977692][    C1]  ? __pfx_panic+0x10/0x10
[  827.982138][    C1]  ? show_trace_log_lvl+0x4fb/0x550
[  827.987387][    C1]  __warn+0x31b/0x4b0
[  827.991379][    C1]  ? ip_mr_output+0xbb1/0xe70
[  827.996097][    C1]  ? ip_mr_output+0xbb1/0xe70
[  828.000782][    C1]  report_bug+0x2be/0x4f0
[  828.005138][    C1]  ? ip_mr_output+0xbb1/0xe70
[  828.009829][    C1]  ? ip_mr_output+0xbb1/0xe70
[  828.014522][    C1]  ? ip_mr_output+0xbb3/0xe70
[  828.019259][    C1]  handle_bug+0x84/0x160
[  828.023511][    C1]  exc_invalid_op+0x1a/0x50
[  828.028036][    C1]  asm_exc_invalid_op+0x1a/0x20
[  828.032883][    C1] RIP: 0010:ip_mr_output+0xbb1/0xe70
[  828.038178][    C1] Code: df e9 63 f6 ff ff e8 fe 71 c6 f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 3a 11 4c ff e9 45 f6 ff ff e8 e0 71 c6 f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 d2 71 c6 f7 90 0f 0b 90 42 80 3c 2b 00
[  828.057789][    C1] RSP: 0018:ffffc90000a08900 EFLAGS: 00010246
[  828.063866][    C1] RAX: ffffffff89f9ed10 RBX: ffff88805a7293c0 RCX: ffff8880268c5a00
[  828.071845][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  828.079828][    C1] RBP: ffffc90000a08a10 R08: ffff8880268c5a00 R09: 0000000000000004
[  828.087813][    C1] R10: 0000000000000003 R11: ffffffff89f9e160 R12: 0000000000000010
[  828.095799][    C1] R13: dffffc0000000000 R14: ffff888078a17000 R15: 0000000000000000
[  828.103785][    C1]  ? __pfx_ip_mr_output+0x10/0x10
[  828.108869][    C1]  ? ip_mr_output+0xbb0/0xe70
[  828.113572][    C1]  ? __pfx_dst_output+0x10/0x10
[  828.118440][    C1]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  828.123840][    C1]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  828.129922][    C1]  ? __pfx_ip_mr_output+0x10/0x10
[  828.134966][    C1]  ? skb_dst+0x4f/0xd0
[  828.139048][    C1]  ? dst_output+0x177/0x1c0
[  828.143571][    C1]  igmp_send_report+0x89e/0xdb0
[  828.148461][    C1]  ? __pfx_igmp_send_report+0x10/0x10
[  828.153863][    C1]  ? igmp_start_timer+0x211/0x2b0
[  828.158901][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  828.164105][    C1]  igmp_timer_expire+0x204/0x510
[  828.169228][    C1]  call_timer_fn+0x17e/0x5f0
[  828.173827][    C1]  ? __pfx_igmp_timer_expire+0x10/0x10
[  828.179292][    C1]  ? call_timer_fn+0xbe/0x5f0
[  828.183971][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  828.189098][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  828.194302][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  828.199507][    C1]  ? __pfx_igmp_timer_expire+0x10/0x10
[  828.204976][    C1]  __run_timer_base+0x61a/0x860
[  828.209839][    C1]  ? ktime_get+0x3e/0x1f0
[  828.214182][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  828.219557][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  828.225818][    C1]  run_timer_softirq+0xb7/0x180
[  828.230680][    C1]  handle_softirqs+0x286/0x870
[  828.235456][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  828.240229][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  828.245532][    C1]  __irq_exit_rcu+0xca/0x1f0
[  828.250134][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  828.255350][    C1]  irq_exit_rcu+0x9/0x30
[  828.259606][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  828.265280][    C1]  </IRQ>
[  828.268298][    C1]  <TASK>
[  828.271227][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  828.277211][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70
[  828.283285][    C1] Code: 8b 3d 44 35 fa 0b 48 89 de 5b e9 f3 b0 58 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 e0 9c 92 65 8b 15 28 81 dc 10 81 e2 00 01 ff 00
[  828.302893][    C1] RSP: 0018:ffffc9000447fc60 EFLAGS: 00000297
[  828.308971][    C1] RAX: ffffffff899463d9 RBX: ffffffff8f600260 RCX: ffffffff8b67712d
[  828.316944][    C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000447fbe0
[  828.324935][    C1] RBP: ffffffff8f600298 R08: ffffc9000447fbe7 R09: 1ffff9200088ff7c
[  828.332912][    C1] R10: dffffc0000000000 R11: fffff5200088ff7d R12: 0000000000000041
[  828.340882][    C1] R13: dffffc0000000000 R14: 1ffffffff1ec0053 R15: 0000000000000044
[  828.348865][    C1]  ? nf_getsockopt+0x239/0x290
[  828.353656][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  828.359297][    C1]  nf_getsockopt+0x239/0x290
[  828.363912][    C1]  ip_getsockopt+0x1c4/0x220
[  828.368534][    C1]  ? __pfx_ip_getsockopt+0x10/0x10
[  828.373657][    C1]  ? sock_common_getsockopt+0x2d/0xb0
[  828.379041][    C1]  do_sock_getsockopt+0x35d/0x650
[  828.384078][    C1]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  828.389645][    C1]  ? __pfx_do_syscall_64+0x10/0x10
[  828.394752][    C1]  ? fd_install+0x97/0x540
[  828.399183][    C1]  __x64_sys_getsockopt+0x1a5/0x250
[  828.404404][    C1]  ? __pfx_do_syscall_64+0x10/0x10
[  828.409518][    C1]  ? __pfx_do_syscall_64+0x10/0x10
[  828.414635][    C1]  do_syscall_64+0xfa/0x3b0
[  828.419137][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  828.424356][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  828.430441][    C1]  ? clear_bhb_loop+0x60/0xb0
[  828.435133][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  828.441031][    C1] RIP: 0033:0x7f339559066a
[  828.445458][    C1] Code: ff c3 66 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb b8 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7
[  828.465065][    C1] RSP: 002b:00007ffee7717da8 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
[  828.473491][    C1] RAX: ffffffffffffffda RBX: 00007ffee7717e30 RCX: 00007f339559066a
[  828.481470][    C1] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
[  828.489452][    C1] RBP: 0000000000000003 R08: 00007ffee7717dcc R09: 0079746972756365
[  828.497431][    C1] R10: 00007ffee7717e30 R11: 0000000000000216 R12: 00007f3395783940
[  828.505405][    C1] R13: 00007ffee7717dcc R14: 0000000000000000 R15: 00007f3395784000
[  828.513393][    C1]  </TASK>
[  828.516798][    C1] Kernel Offset: disabled
[  828.521124][    C1] Rebooting in 86400 seconds..