last executing test programs:

10.124330565s ago: executing program 1 (id=3114):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x487740f02d6e8c68, 0x0)

10.001806974s ago: executing program 1 (id=3117):
write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @val={0x1, 0x80, 0xc4, 0x3, 0x0, 0xfff8}, @ipv4=@gre={{0x1f, 0x4, 0x0, 0x5, 0x1b9, 0x68, 0x0, 0xb2, 0x2f, 0x0, @local, @multicast1, {[@generic={0x44, 0xe, "c639b2620fe53e05ab0b3fde"}, @timestamp_addr={0x44, 0x24, 0xde, 0x1, 0x9, [{@broadcast, 0xb}, {@local, 0x1}, {@loopback, 0x1}, {@loopback, 0xffffffc7}]}, @rr={0x7, 0xb, 0xa9, [@loopback, @empty]}, @end, @rr={0x7, 0x1b, 0x0, [@initdev={0xac, 0x1e, 0x80, 0x0}, @loopback, @broadcast, @loopback, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_prespec={0x44, 0xc, 0x4a, 0x3, 0x8, [{@multicast1, 0x5}]}, @noop, @end]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x88, 0x2, [], "e68f2b4af6a4d3d94a2dcb29e547e0ab91f079d047a6c5174d115750832a631c262480146f50ed67d9e92dff86900b1ccf6534a9acbb3c971a52b78aeb60c39b74f11b52128bb2e2508b641938a9f78f690dfbda8691f40b6843addf4383974f1dc5bbfc87a514a5fba3b9092133da9c8bdc48b91eca3c665d744688c55657ce568dc1724af80f2f"}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [], "8eaf78aa504efece0c55696bd7ba9804da18e36de37ec3807e9c68820c8c5df7dad942124fd936b228"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x5, 0xdb], "af732a49a349ce963d98a28cdecb7c703f1079f3a54cdf3102fc0fd9be34cfdc76a4fba6a5f4faa8ec89b50f"}, {0x8, 0x88be, 0x1, {{0x8, 0x1, 0xc, 0x0, 0x0, 0x1, 0x1, 0x4}, 0x1, {0x30}}}, {0x8, 0x22eb, 0x3, {{0x0, 0x2, 0xb, 0x0, 0x1, 0x0, 0x6, 0x3}, 0x2, {0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x3, "dd20fe5ecc3315841239c2e3a74f77025dae64bd4dab5bd5"}}}}, 0x1c3)
r0 = socket$inet(0x2, 0x6, 0x5)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000200)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000400)={{r1}, r2, 0x12, @unused=[0x8, 0x5, 0xfffffffffffffffe, 0x9a6], @devid})
r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000001400)='io.pressure\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000001440)={<r4=>0x0, 0x7fffffffffffffff, 0x3, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000001840)={r4, "a27d564a9a993db9017b9a9892a03a00"})
r5 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000002840))
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0xf503, 0x0)
r6 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000002880), &(0x7f00000028c0)=0xe, 0x80800)
connect$bt_l2cap(r6, &(0x7f0000002900)={0x1f, 0x8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6, 0x1}, 0xe)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r7, 0x111, 0x4, 0x1, 0x4)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000002940)={0x3, 0x1000, 0x9, 0x6}, 0x10)
socketpair(0x2b, 0x5, 0x5, &(0x7f0000002980)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000002a00)={r5, 0xffffffffffffffff, 0xef, 0x26, &(0x7f00000029c0)="c67b2c435bc7cb03f5bd602328f84ea1757d2b2e2af0797e45e0099f941b0b9f3481d7260a9f", 0x1c, 0x80, 0x0, 0x0, 0x0, 0x3, 0x8, 'syz0\x00'})
r10 = accept4$inet(r8, &(0x7f0000002b80)={0x2, 0x0, @remote}, &(0x7f0000002bc0)=0x10, 0x800)
recvfrom(r0, &(0x7f0000002ac0)=""/177, 0xb1, 0x40000100, &(0x7f0000002c00)=@pppol2tpin6={0x18, 0x1, {0x0, r10, 0x0, 0x3, 0x4, 0x2, {0xa, 0x4e22, 0x10001, @loopback, 0xd7c}}}, 0x80)
accept(r0, &(0x7f0000002c80)=@qipcrtr, &(0x7f0000002d00)=0x80)
close(r10)
ioctl$sock_rose_SIOCDELRT(r8, 0x890c, &(0x7f0000002d40)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x5, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x7, [@null, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast]})
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r10, 0x80489439, &(0x7f0000002dc0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002e40))
r11 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000002e80), 0x4)
ioctl$VFAT_IOCTL_READDIR_BOTH(r11, 0x82307201, &(0x7f0000002ec0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r12 = syz_genetlink_get_family_id$wireguard(&(0x7f0000003140), r9)
sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f0000003340)={&(0x7f0000003100), 0xc, &(0x7f0000003300)={&(0x7f0000003280)={0x7c, r12, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x80000000}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0xffffffc0}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFINDEX={0x8}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4008800}, 0x404000c)

9.762256853s ago: executing program 1 (id=3119):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYRES64], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x20008008)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)=r2}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x80, <r5=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x18, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @ringbuf_query, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x58, &(0x7f0000000300)=""/88, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, r2, 0x8, &(0x7f0000000380)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x3, 0xc, 0x5, 0xc18}, 0x10, r5, r2, 0x3, 0x0, &(0x7f0000000440)=[{0x4, 0x5, 0x10}, {0x4, 0x3, 0xc, 0xb}, {0x3, 0x1001, 0xb, 0x1}], 0x10, 0x8}, 0x94)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r2, &(0x7f0000001b80)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001b40)={&(0x7f0000001a80)={0xbc, 0x4, 0x8, 0x201, 0x0, 0x0, {0x1, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_REQUEST={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_CLOSING={0x8, 0x6, 0x1, 0x0, 0xc}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_ESTABLISHED={0x8, 0x3, 0x1, 0x0, 0x45}, @CTA_TIMEOUT_TCP_LAST_ACK={0x8, 0x6, 0x1, 0x0, 0x80}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0xffff}, @CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_TCP_ESTABLISHED={0x8, 0x3, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_ESTABLISHED={0x8, 0x3, 0x1, 0x0, 0xfffffff1}, @CTA_TIMEOUT_TCP_SYN_SENT={0x8, 0x1, 0x1, 0x0, 0xfff}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8}, @CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0xfffffff7}, @CTA_TIMEOUT_TCP_SYN_SENT={0x8, 0x1, 0x1, 0x0, 0x2e}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0xfffffffe}, @CTA_TIMEOUT_TCP_UNACK={0x8}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x888e}]}, 0xbc}, 0x1, 0x0, 0x0, 0x2000c800}, 0x20000090)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'bond0\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, r10, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}]}, 0x34}}, 0x240008c0)
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0xa, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001840)={r2, 0x20, &(0x7f0000001800)={&(0x7f0000001740)=""/72, 0x48, <r11=>0x0, &(0x7f00000017c0)=""/18, 0x12}}, 0x10)
r12 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_genetlink_get_family_id$fou(0x0, r12)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001880)={r2, <r13=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0x0, 0x5, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x415ef3dd, 0x0, 0x0, 0x0, 0x9374}, [@map_idx_val={0x18, 0x6, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffff4}]}, &(0x7f0000000680)='GPL\x00', 0x9, 0x1000, &(0x7f00000006c0)=""/4096, 0x40f00, 0x58, '\x00', r8, @fallback=0x35, 0xffffffffffffffff, 0x8, &(0x7f00000016c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001700)={0x3, 0x2, 0x400, 0xe}, 0x10, r11, 0xffffffffffffffff, 0x1, &(0x7f00000018c0)=[r4, r4, r2, r12, r13], &(0x7f0000001900)=[{0x0, 0x3, 0xb, 0xa}], 0x10, 0xfffffffc}, 0x94)
getsockname$ax25(r2, &(0x7f0000000240)={{0x3, @null}, [@default, @null, @null, @null, @default, @default, @bcast, @default]}, &(0x7f00000002c0)=0x48)
setsockopt$packet_int(r3, 0x107, 0xe, &(0x7f0000000580)=0x8, 0x4)
bpf$ITER_CREATE(0x21, &(0x7f0000001a00)={r2}, 0x8)

9.428547707s ago: executing program 1 (id=3126):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x480, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
socket(0x27, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
r3 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

8.959577856s ago: executing program 1 (id=3134):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
socket$unix(0x1, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10)
syz_emit_ethernet(0x7a, &(0x7f0000000380)={@link_local, @remote, @void, {@ipv4={0x800, @icmp={{0x14, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010106, @local, {[@timestamp_addr={0x44, 0x3c, 0x4d, 0x1, 0x5, [{@loopback, 0x5}, {@empty, 0xff}, {@remote, 0x10}, {@empty, 0x9}, {@loopback, 0x5}, {@private=0xa010101, 0xfed}, {@loopback, 0x6}]}]}}, @redirect={0x8, 0x0, 0x0, @dev, {0x5, 0x4, 0x0, 0x0, 0x1, 0x64, 0xff, 0x0, 0x89, 0xfffc, @remote, @remote}}}}}}, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r1, 0x0, 0x4040140)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x4048001}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)

8.587287034s ago: executing program 1 (id=3135):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
tee(r1, r0, 0x0, 0x7) (async, rerun: 64)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) (rerun: 64)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000680))
sendmsg$kcm(r1, &(0x7f0000000880)={&(0x7f0000000380)=@qipcrtr={0x2a, 0x1fffffff8, 0x3fff}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000006c0)="1cea7b7c033f5956ca29ae5959becfb9d3a543661b418f17f68f5ea4861f78036f221f9a1b59f0162e3e1f21081c9b7b181360c7d166068fbc1b36feda4570a6ce71702930e84aa5c14be5b03a8ececed29da21f4e018435c32330e00e3c2a2c375d30b419665cd66d7102466687f57ae39e03d7209833b062bd7729568d5c120d250be230d740bf185e1f56fa8fd218ed823d13", 0x94}, {&(0x7f0000000780)="afc46c0cfdf33a2c001976d6f90d34fa1c15d9a49239246ef135e304ad44b69bddc9a64ea706d4c78eea0000b5d03b71050c026fd4d5de21222f2e35ec8658e394fd8890767f2e93d324ba3fec4a3821e46dc69f02871d40f8026edc3393860a5831b1ef731c58f3fb58cb46ee8737d1ff6fdb2b7693996d897cb17c5204de83fec216785bc6bee5422c36fc6e8935d7530339015cbf927470f7f4efd14c42b7e071fde80c17e28b7af1941fbce0faacda35faf5e67f6c0f0a5c7f80cb997bbfe712f74f7fcde1405383429194dcadc59870341bb049cbc980a971c39a1af5e39c431fda1deefd24452bd2feb96698", 0xef}, {&(0x7f0000000580)="ccdd5041b645d55d7c523cf801cb13542d12d41e23a16e40c5b5aa", 0x1b}], 0x3}, 0x4000005) (async)
syz_80211_inject_frame(0x0, 0x0, 0x54) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)={0x18, 0x52, 0x1, 0x0, 0x0, {0x2, 0x3}, [@typed={0x4, 0x1, 0x0, 0x0, @binary}]}, 0x18}}, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x76}}, &(0x7f0000000480)='GPL\x00'}, 0x90) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_INGRESS={0x8}]}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0) (async, rerun: 64)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca25415}, 0x4008840) (async, rerun: 64)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020001000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async, rerun: 64)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) (async, rerun: 64)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000140)={'ip6gre0\x00', <r6=>0x0, 0x4, 0x4, 0x10, 0xfffffffc, 0x1c, @ipv4={'\x00', '\xff\xff', @broadcast}, @dev={0xfe, 0x80, '\x00', 0x37}, 0x10, 0x8, 0xf, 0x80000001}}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000001c0)={'wg2\x00', <r7=>0x0})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={<r8=>0x0, @multicast1, @initdev}, &(0x7f0000000240)=0xc)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x210}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00082cbd7000fbdbdf251100245c6dd920290f0000440001801400020073797a6b676c6c6572300000000029370800030000bed29c1acc5de21e3a75dd531f6463c55f7388b16e40a88619af3c2b172a4598ab590736cbdcb2f9a8096e5badceaed4991abca7f9", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="14000200627269646765300000000000000000000c00018008000100", @ANYRES32=r8, @ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x40004841}, 0x4000000)

5.693567098s ago: executing program 0 (id=3168):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2000)

5.645174246s ago: executing program 0 (id=3169):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000900)=ANY=[@ANYBLOB='4\x00\x00@', @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf25050000001800018014000200776c616e3100000000000000000000000800090003000000"], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4044040)

5.541441193s ago: executing program 0 (id=3170):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x22, &(0x7f0000000080)={@local, @random="8fa2608d7a99", @void, {@ipv4={0x88a2, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @broadcast}}}}}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r2)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000100)={0x14, r3, 0xba87317d461c07c9, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', <r4=>0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @private}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000280)={'syztnl1\x00', r4, 0x1, 0x7800, 0x8, 0x9, {{0x5, 0x4, 0x1, 0x6, 0x14, 0x66, 0x0, 0x1, 0x4, 0x0, @multicast2, @remote}}}})

4.558768824s ago: executing program 0 (id=3173):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000040000006a0a00fe000000008500000087000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d339707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf90a70f2bdf4000200000000b0c2c125080963f63223b7b80197aa3161f45346b100000000000000000089070000009876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13a0100000082c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72705edfa2cddb01f44c850e4ea450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e8894680600000000000000db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534c88d443ac8b3685135dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6faa21b0f5a0fdb6487c51ef12c27b30255bc4f8813be88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387c7acb9bbd1da497611ceda25049e48ddacccbb58dddaf9a3510d65383829a51e0f416661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7ea6a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f0f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459500f024f9b75885cd79ba32776e4a511c8a4ad922b00000000000000a9241220dfbf7d02ef507ec6fc7f5d37d835f7bed71283c431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477e268326af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d136ecc87185f2437c4fce146d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8ea5c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae0000000000007c012779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5fe535ead8857acf0166dbd9f30a9b9c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53d2f64ec521f6fa1cd02843a5e16074d86c9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c005da21073c6d9680d4e547cb727addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cf4eba7ceda6ff8a0c8b18c5e9e2f505e833217557abb257d61af8e8c473a7585436730db75da167481ab8921fe051b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a1167b948247c33abc765a6ba695c3cea5e32a4d1ae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000ff267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfea4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f0000b2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a805e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d04d3fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d01005a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303d000000000000000000000000000000b17fedd6b6501a47d0e5b510f4a4fab5a62d5fa7e8ead851b01dbfdfe5823c2600"/3432], &(0x7f0000000340)='GPL\x00'}, 0x48)
r0 = socket(0x10, 0x3, 0xfbfffff8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
socket$inet_tcp(0x2, 0x1, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000e20000001801000020786c2500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x5, 0xb, &(0x7f0000000540)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRES16, @ANYRES32=0x0, @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x4c, 0x1402, 0x8, 0x70bd26, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004051}, 0x40004)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000fbfbdf25270000000e0001006e655f64657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xfffffffffffffcae, 0x8002, [@TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24004002}, 0x2000400c)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r6, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000000140)=@req={0x28, &(0x7f0000000100)={'lo\x00', @ifru_settings={0x4, 0xffffff79, @te1=&(0x7f0000000040)={0x4, 0x7ff, 0xfff, 0x5}}}})

3.941360398s ago: executing program 0 (id=3177):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x439, 0x3, 0x25dfdbfe, {0x0, 0x0, 0xe403}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_LP_INTERVAL={0x8, 0x13, 0x1d}]}}}]}, 0x3c}}, 0x81)

3.725377325s ago: executing program 0 (id=3180):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0xe}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRES32=r2, @ANYRES64=r2], 0x20)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000540500000e0002006e657464657673696d0000000f0002"], 0x34}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x200000d0)

2.032713779s ago: executing program 4 (id=3194):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
socket$unix(0x1, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000001540)=ANY=[@ANYBLOB="1c0008000203600014"], 0xfb5)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
syz_emit_ethernet(0x7a, &(0x7f0000000380)=ANY=[@ANYBLOB="a8f343ab8881a12ceb68c90180c2000000aaaaaaaaaabb08004400006c00000000000190780a010106ac1414aa443c4d517f0000010000000500000000000000ffac1414bb0000001000000000000000097f000001000000050a01010100000fed7f0000010000000608009078ac14140045000001006400ff00"], 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r4, 0x0, 0x4040140)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x4048001}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x100000011, @multicast2, 0x0, 0x0, 'sh\x00', 0x3, 0x1000, 0x55}, 0x2c)

1.755718977s ago: executing program 2 (id=3197):
r0 = socket(0x23, 0x4, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081)
recvmsg(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x142)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28}, @TCA_TBF_PTAB={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}]}}]}, 0x45c}}, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000b40)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r6, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000fcdbdf25974aa03208000300", @ANYRES32=r8, @ANYBLOB="0a000600ffffffffffff0000050074000000000006001401010400000600ed00e3"], 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x44, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x10001}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x4c}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0xf6}, @TCA_FQ_CODEL_ECN={0x8}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x1}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x4}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xd2}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0xa}]}}]}, 0x78}}, 0x0)
sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)="1c4465de85ff44510160209994914861f1ba2661dc3ee2e1371c18927423d2407131c2fc32632a0bc8d9845049532b92f0f1258359992e6b7373ddbddbd7c9e053ddb9976eb8396bd95fb5f239869b7e077591727f0cd1d7d9ececdcfbe2429d70c37edd269548beb3abda4e60d89f39c7030b115018e8fb8042d6a15f587d4ce954df60f9c72da8", 0x88}], 0x1}, 0x4008800)

1.377201733s ago: executing program 4 (id=3200):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0xffffffffffffffff, 0xfffffff7, 0x8}, 0xc)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xaa, 0xaa, 0x3, [@type_tag={0x6, 0x0, 0x0, 0x12, 0x3}, @const={0x6, 0x0, 0x0, 0xa, 0x2}, @typedef={0x3, 0x0, 0x0, 0x8, 0x4}, @type_tag={0x0, 0x0, 0x0, 0x12, 0x3}, @enum64={0xf, 0x1, 0x0, 0x13, 0x1, 0xb853dd50ed822646, [{0x6, 0x6, 0x7}]}, @const={0x6, 0x0, 0x0, 0xa, 0x4}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x4, 0x8}}, @datasec={0xf, 0x4, 0x0, 0xf, 0x2, [{0x1, 0x7, 0x4}, {0x5, 0x60, 0x100}, {0x2, 0x8001, 0xa01}, {0x2, 0x100, 0x7}], "b9b0"}]}, {0x0, [0x5f]}}, &(0x7f0000000480)=""/252, 0xc7, 0xfc, 0x1, 0x80000000, 0x10000}, 0x28)
r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r4, &(0x7f0000000080)={0x1a, 0x0, 0x2, 0x0, 0x20}, 0x10)
listen(r4, 0x0)
listen(r4, 0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x0, 0x2, 0x200, 0x2050, r2, 0x80000000, '\x00', 0x0, r3, 0x3, 0x4, 0x5, 0x4}, 0x50)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20)
sendto$inet(r1, &(0x7f0000000440)="217aae43", 0x4, 0x4048845, &(0x7f00000001c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x10)
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x2d, 0x9, 0x70bd27, 0x0, {0xb}}, 0x14}}, 0x4000080)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x7}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}}, 0x0)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0xa, &(0x7f0000000640)=[{0x6, 0xad, 0x5, 0xffffffff}, {0x5, 0x3, 0xd7, 0x1000000}, {0xfff7, 0xa, 0x6, 0xe}, {0x8001, 0x8, 0x7, 0x9}, {0xffff, 0x2, 0x5, 0x7}, {0x9, 0x2, 0x3, 0x6}, {0x2, 0x6, 0xf8, 0x1}, {0x1, 0x1, 0x10, 0x6}, {0x9, 0x1, 0x2, 0x3}, {0x6, 0x2, 0x9, 0xffc00000}]})
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
write$tun(r0, &(0x7f0000000200)={@val, @void, @eth={@random="438b120adf80", @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @val={@val={0x88a8, 0x5, 0x1, 0x1}, {0x8100, 0x6, 0x0, 0x6}}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0x14, 0xe4, 0x0, 0x8, 0x11, 0x0, @multicast1, @loopback}}}}}}, 0x2e)

1.007681212s ago: executing program 3 (id=3203):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x5452, &(0x7f00000000c0)) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000001e000100000000000000000007"], 0x28}}, 0x0)

922.993493ms ago: executing program 4 (id=3204):
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl2\x00', <r0=>0x0, 0x7d, 0x4d, 0xf, 0x5, 0x40, @mcast1, @mcast1, 0x7, 0x22, 0x5, 0x4}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) (async)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (async)
recvmmsg(r1, 0x0, 0x0, 0x40000000, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) (async)
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866307d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a8acc1f76340f060cc9a3acad3451c17dc9b5ca5d10a0cb1708592d1900a046f33761d50895febd9fd58cb132989766cf7c252daac259576ec218e3857e6fa97fe445d1fab51d87302a4bb28a4cfe462ee4849cc6832650188ca187d85509d8beccf9d9cf752368985804195b9fd2faf1aff8248f3981bd55cbbf514cd8365fee72cc7af053e5388ceadadb967ef735181df6a90cab13f58f6d563c9ab4ad37297aecffd8446cb2b14ec36a99af8393e3760d5970ba1debdcbccd54012c559ee2797ff962328aa6a252c0756e396ce4d52937546675203bdf1d6b120acac576523f8b1daa922188bf61536312f90dba92fb380c3c6fb5f9883a2c4dd99a1bac9b7cb25ff2ef9bd58ff97ddfdd2d4bcc371ee82245b57cd91a7fa3479cd339f54a5c422b753cd42d441ea881d46e419312db1f0cccce"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff48}, 0x48)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="100000000700000004"], 0x10}, 0x331e5c6805043cda) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@newlink={0x54, 0x10, 0x503, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000003}, @IFLA_MACSEC_SCI={0xc, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x54}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b70200000a000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bce5a6f087ae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddf"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x94)

797.396568ms ago: executing program 2 (id=3205):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x37}], {0x95, 0x0, 0x700}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61103400000000006113380000000000bfa00000000000000700000008ffffffd50301001874004095000600000000006916000000000000bf67000000000000360607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d2aca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c437dc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc28206c812439ab129ae818837ee15620789c524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418df19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c747664e9f7478f8200"/1582], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, <r1=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xf, &(0x7f00000002c0)=@ringbuf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, r0}, 0x90)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r1, 0x4)

796.426378ms ago: executing program 3 (id=3206):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x22, &(0x7f0000000080)={@local, @random="8fa2608d7a99", @void, {@ipv4={0x88a2, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @broadcast}}}}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000100)={0x14, 0x0, 0xba87317d461c07c9, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0)

687.956909ms ago: executing program 2 (id=3207):
r0 = socket$inet(0x2b, 0x801, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4002, &(0x7f0000000000)=@framed={{}, [@ldst]}, &(0x7f0000000100)='GPL\x00', 0x4, 0xd2, &(0x7f00000002c0)=""/210}, 0x90)
socket$netlink(0x10, 0x3, 0x4)
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x894b, &(0x7f0000000000))

626.406615ms ago: executing program 3 (id=3208):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
socket$unix(0x1, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10)
syz_emit_ethernet(0x7a, &(0x7f0000000380)={@link_local, @remote, @void, {@ipv4={0x800, @icmp={{0x14, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010106, @local, {[@timestamp_addr={0x44, 0x3c, 0x4d, 0x1, 0x5, [{@loopback, 0x5}, {@empty, 0xff}, {@remote, 0x10}, {@empty, 0x9}, {@loopback, 0x5}, {@private=0xa010101, 0xfed}, {@loopback, 0x6}]}]}}, @redirect={0x8, 0x0, 0x0, @dev, {0x5, 0x4, 0x0, 0x0, 0x1, 0x64, 0xff, 0x0, 0x89, 0xfffc, @remote, @remote}}}}}}, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xb00)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r1, 0x0, 0x4040140)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x4048001}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x100000011, @multicast2, 0x0, 0x0, 'sh\x00', 0x3, 0x1000, 0x55}, 0x2c)

521.04015ms ago: executing program 4 (id=3209):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
socket$unix(0x1, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10)
syz_emit_ethernet(0x7a, &(0x7f0000000380)={@link_local, @remote, @void, {@ipv4={0x800, @icmp={{0x14, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010106, @local, {[@timestamp_addr={0x44, 0x3c, 0x4d, 0x1, 0x5, [{@loopback, 0x5}, {@empty, 0xff}, {@remote, 0x10}, {@empty, 0x9}, {@loopback, 0x5}, {@private=0xa010101, 0xfed}, {@loopback, 0x6}]}]}}, @redirect={0x8, 0x0, 0x0, @dev, {0x5, 0x4, 0x0, 0x0, 0x1, 0x64, 0xff, 0x0, 0x89, 0xfffc, @remote, @remote}}}}}}, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r2, 0x0, 0x0, 0x40000000, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000280)=@newlink={0x50, 0x10, 0x503, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000003}, @IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x10}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r1, 0x0, 0x4040140)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x4048001}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x100000011, @multicast2, 0x0, 0x0, 'sh\x00', 0x3, 0x1000, 0x55}, 0x2c)

492.922512ms ago: executing program 2 (id=3210):
r0 = socket$inet6(0xa, 0x6, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@remote, 0x0, 0x1, 0x3, 0x2, 0x2, 0xfff9}, 0x20)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r1, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e23, 0x41d, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x33}}, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0x1}}], 0x18}, 0x80) (async)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'dvmrp1\x00', &(0x7f0000000080)=@ethtool_pauseparam={0x12, 0x4, 0x401, 0xfffffffd}}) (async)
r2 = socket$inet(0x2, 0x1, 0x6)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000100))

462.052865ms ago: executing program 3 (id=3211):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000040)=0x1, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20081}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa8, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0x11, 0xa8, @random="11a3909cab1656804eeba514f8"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=@setlink={0x30, 0x13, 0xb23, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x35400, 0xa}, [@IFLA_NET_NS_FD={0x8}, @IFLA_TARGET_NETNSID={0x8, 0x2e, 0x2}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_WDS_PEER(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x40, r3, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa, 0x6, @random="30698a64f839"}]}, 0x40}}, 0x40844)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)={0x4c, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x20, 0x24, [{0x60}, {0xf, 0x1}, {0x4, 0x1}, {0x9}, {0xb}, {0x9, 0x1}, {0x16}, {0x18}, {0x36}, {0x1}, {0x16, 0x1}, {0xb}, {0x2}, {0x16}, {0x388c98b9d201a1dd, 0x1}, {0x16, 0x1}, {0xc, 0x1}, {0x4, 0x1}, {0xc}, {0xb, 0x1}, {0xc}, {0x2}, {0x24}, {0x1, 0x1}, {0x36}, {0x18}, {0x24, 0x1}, {0x6c}]}]}, 0x4c}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="63c995f53a04b21161d8c25b0657e11426456d904ecda40414793fee829968054d2e831ae82ac55d11914c555554a60b7f5ec77bcdd538499b6997f3a4f51adfe42d12dd5c40a238bfc0ab48536a3efaa49b213fafb1f694e181e0281acb4d3bb668c9f1271d18089a8ba549b4b45a805a386f499c375e6d4ba89422f9d53d8edbe9fb93a0cba0c97afb94be623e863437af2eec36eccf699a58e97aeea5d43a6fa277e694bbdc0dbe6c082301d818aa59cfba29bc7894855ed511249e8f48c67e496583273f7a5543420299b8c3d5fe73", @ANYRES16=r3, @ANYBLOB="110428bd7000fedbdf250e0000000c00990004000000210000006e0080007e150c0607080211000001060000006b02000006000000825101070501010000ffffffffffffc40a00000f00000000000000050008021100000000000000000802110000010200000005ffffffffffff08000000050802110000010800000000080211000001000000000000"], 0x90}}, 0x40000)
mmap(&(0x7f0000601000/0x3000)=nil, 0x3000, 0x2800007, 0x8032, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) (async)
socket$rds(0x15, 0x5, 0x0) (async)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000040)=0x1, 0x4) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20081}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa8, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0x11, 0xa8, @random="11a3909cab1656804eeba514f8"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x40000) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=@setlink={0x30, 0x13, 0xb23, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x35400, 0xa}, [@IFLA_NET_NS_FD={0x8}, @IFLA_TARGET_NETNSID={0x8, 0x2e, 0x2}]}, 0x30}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_WDS_PEER(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x40, r3, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa, 0x6, @random="30698a64f839"}]}, 0x40}}, 0x40844) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)={0x4c, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x20, 0x24, [{0x60}, {0xf, 0x1}, {0x4, 0x1}, {0x9}, {0xb}, {0x9, 0x1}, {0x16}, {0x18}, {0x36}, {0x1}, {0x16, 0x1}, {0xb}, {0x2}, {0x16}, {0x388c98b9d201a1dd, 0x1}, {0x16, 0x1}, {0xc, 0x1}, {0x4, 0x1}, {0xc}, {0xb, 0x1}, {0xc}, {0x2}, {0x24}, {0x1, 0x1}, {0x36}, {0x18}, {0x24, 0x1}, {0x6c}]}]}, 0x4c}}, 0x0) (async)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="63c995f53a04b21161d8c25b0657e11426456d904ecda40414793fee829968054d2e831ae82ac55d11914c555554a60b7f5ec77bcdd538499b6997f3a4f51adfe42d12dd5c40a238bfc0ab48536a3efaa49b213fafb1f694e181e0281acb4d3bb668c9f1271d18089a8ba549b4b45a805a386f499c375e6d4ba89422f9d53d8edbe9fb93a0cba0c97afb94be623e863437af2eec36eccf699a58e97aeea5d43a6fa277e694bbdc0dbe6c082301d818aa59cfba29bc7894855ed511249e8f48c67e496583273f7a5543420299b8c3d5fe73", @ANYRES16=r3, @ANYBLOB="110428bd7000fedbdf250e0000000c00990004000000210000006e0080007e150c0607080211000001060000006b02000006000000825101070501010000ffffffffffffc40a00000f00000000000000050008021100000000000000000802110000010200000005ffffffffffff08000000050802110000010800000000080211000001000000000000"], 0x90}}, 0x40000) (async)
mmap(&(0x7f0000601000/0x3000)=nil, 0x3000, 0x2800007, 0x8032, 0xffffffffffffffff, 0x0) (async)

221.371001ms ago: executing program 4 (id=3212):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001"], 0x122}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00'})
syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0x3}, {0x6}, {0x4, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040080}, 0x40004)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008fd0003000000040004001c000180180010"], 0x34}}, 0x84)

220.121618ms ago: executing program 3 (id=3221):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = socket$isdn(0x22, 0x2, 0x1)
close(r2)
r3 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000c40), 0x12)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r6}, 0x18)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r8=>0x0})
sendto$packet(r4, &(0x7f0000000240)="09000000e70014000000d97bfbf788a83baa88a80000000000008100000088a8", 0x20, 0x200000c4, &(0x7f00000001c0)={0x11, 0x88a8, r8, 0x1, 0xc, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, 0x14)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
ioctl$SIOCAX25GETINFOOLD(r10, 0x89e9, 0xfffffffffffffffd)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r11)
sendmsg$NL802154_CMD_SET_PAN_ID(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r12, @ANYBLOB="01002cbd70ffdbdf05000000000000000001000000010000003365835a4eeccc2a1e4af663f0bc6863f44f8c50ec10185d5a03dcde211e83360f81df0c013cb1548d468d3d2a7007ef5bafe847cb0115c8fe40e61a23a5e41211be640039791be37d95af89a26babbc8c4ee8920483e4d32e76710effa430ddb51bfda7592b42bc63427138dc96c1c06445c7b032304ef64aea619684d94c34aa6a2916847b494dd81175"], 0x20}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)
r13 = openat$cgroup_ro(r9, &(0x7f0000000340)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r13, &(0x7f0000000200)=0x1, 0x12)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r14 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r15 = openat$cgroup_procs(r14, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0)
epoll_create1(0x80000)
write$cgroup_pid(r15, &(0x7f0000000380), 0x12)

178.022132ms ago: executing program 2 (id=3213):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0x8, 0xffff}, {0x8, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x40000)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0xffff}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @ipv4={'\x00', '\xff\xff', @loopback}}]}}]}, 0x48}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

78.874562ms ago: executing program 2 (id=3214):
r0 = socket(0x10, 0x3, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x5, 0x1, 0x1, 0x80000000}, 0x4, r3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) (async)
r4 = accept$netrom(r0, &(0x7f0000000000)={{0x3, @rose}, [@default, @remote, @null, @rose, @null, @bcast, @bcast, @bcast]}, &(0x7f0000000080)=0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000003c0)={&(0x7f0000000000)=""/5, 0xe000, 0x1000, 0x6, 0x1}, 0x20) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000008c0)={'ip6gre0\x00', <r7=>0x0}) (async, rerun: 64)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) (async, rerun: 32)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (rerun: 32)
bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r7, 0x600}, 0x10) (async)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f00000000c0))
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xd23, 0x0, 0x25dfdbff}, 0x18}}, 0x0)

77.574136ms ago: executing program 4 (id=3215):
unshare(0x22020600)
syz_emit_ethernet(0x46, &(0x7f00000005c0)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local}, "a815a23da43974ff"}}}}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000340)={@remote, @empty, @rand_addr=0x64010102}, 0xc)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e22, @multicast2}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockname$packet(r3, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0)
sendmmsg(r2, &(0x7f0000000180), 0x400008a, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r5 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000140))
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x14, 0x3, 0x3, 0x201, 0x0, 0x0, {0x7}}, 0x14}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE={0x8, 0x2, @private}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x50}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000004800030000000000000000000a000000", @ANYRES32=r8, @ANYBLOB="000000001400010000000000000000000000000000800000080002"], 0x38}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00')
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x67, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r10}]}, 0x3c}}, 0x0)

0s ago: executing program 3 (id=3216):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
preadv(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/56, 0x38}], 0x1, 0x8, 0x0)

kernel console output (not intermixed with test programs):

 0, times 0
[  255.263573][T13808] CPU: 1 UID: 0 PID: 13808 Comm: syz.1.2436 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  255.263605][T13808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  255.263616][T13808] Call Trace:
[  255.263625][T13808]  <TASK>
[  255.263633][T13808]  dump_stack_lvl+0x189/0x250
[  255.263665][T13808]  ? __pfx____ratelimit+0x10/0x10
[  255.263689][T13808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  255.263704][T13808]  ? __pfx__printk+0x10/0x10
[  255.263725][T13808]  ? __pfx___might_resched+0x10/0x10
[  255.263749][T13808]  ? fs_reclaim_acquire+0x7d/0x100
[  255.263772][T13808]  should_fail_ex+0x414/0x560
[  255.263803][T13808]  should_failslab+0xa8/0x100
[  255.263821][T13808]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  255.263847][T13808]  ? __request_module+0x2d1/0x5e0
[  255.263875][T13808]  kstrdup+0x42/0x100
[  255.263896][T13808]  __request_module+0x2d1/0x5e0
[  255.263919][T13808]  ? aa_get_newest_label+0xf7/0x5d0
[  255.263945][T13808]  ? __pfx___request_module+0x10/0x10
[  255.263971][T13808]  ? rcu_is_watching+0x15/0xb0
[  255.264005][T13808]  ? security_capable+0x7e/0x2e0
[  255.264033][T13808]  ? dev_load+0x21/0x1f0
[  255.264057][T13808]  dev_load+0x190/0x1f0
[  255.264081][T13808]  dev_ioctl+0x837/0x1150
[  255.264109][T13808]  sock_ioctl+0x719/0x790
[  255.264134][T13808]  ? __pfx_sock_ioctl+0x10/0x10
[  255.264158][T13808]  ? __fget_files+0x3a0/0x420
[  255.264173][T13808]  ? __fget_files+0x2a/0x420
[  255.264193][T13808]  ? bpf_lsm_file_ioctl+0x9/0x20
[  255.264215][T13808]  ? __pfx_sock_ioctl+0x10/0x10
[  255.264234][T13808]  __se_sys_ioctl+0xf9/0x170
[  255.264260][T13808]  do_syscall_64+0xfa/0x3b0
[  255.264284][T13808]  ? lockdep_hardirqs_on+0x9c/0x150
[  255.264307][T13808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.264324][T13808]  ? clear_bhb_loop+0x60/0xb0
[  255.264346][T13808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.264362][T13808] RIP: 0033:0x7f01b6f8ebe9
[  255.264380][T13808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.264395][T13808] RSP: 002b:00007f01b7ed0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  255.264417][T13808] RAX: ffffffffffffffda RBX: 00007f01b71b5fa0 RCX: 00007f01b6f8ebe9
[  255.264431][T13808] RDX: 0000200000000240 RSI: 00000000000089f8 RDI: 0000000000000003
[  255.264443][T13808] RBP: 00007f01b7ed0090 R08: 0000000000000000 R09: 0000000000000000
[  255.264454][T13808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  255.264465][T13808] R13: 00007f01b71b6038 R14: 00007f01b71b5fa0 R15: 00007fff009a9e48
[  255.264495][T13808]  </TASK>
[  255.735633][T13832] openvswitch: netlink: Missing key (keys=40, expected=100)
[  255.789605][T13834] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  255.941868][T13842] __nla_validate_parse: 3 callbacks suppressed
[  255.941888][T13842] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2445'.
[  256.063777][T13852] team0: Port device dummy0 removed
[  256.081977][T13852] veth0_to_bridge: left allmulticast mode
[  256.115051][T13852] veth0_to_bridge: left promiscuous mode
[  256.134342][T13852] bridge0: port 3(veth0_to_bridge) entered disabled state
[  256.159187][T13852] bridge_slave_0: left allmulticast mode
[  256.170341][T13852] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.217960][T13852] bridge_slave_1: left allmulticast mode
[  256.226187][T13852] bridge_slave_1: left promiscuous mode
[  256.235750][T13864] FAULT_INJECTION: forcing a failure.
[  256.235750][T13864] name failslab, interval 1, probability 0, space 0, times 0
[  256.253822][T13852] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.278576][T13864] CPU: 1 UID: 0 PID: 13864 Comm: syz.4.2452 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  256.278607][T13864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  256.278618][T13864] Call Trace:
[  256.278626][T13864]  <TASK>
[  256.278635][T13864]  dump_stack_lvl+0x189/0x250
[  256.278661][T13864]  ? __pfx____ratelimit+0x10/0x10
[  256.278686][T13864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.278704][T13864]  ? __pfx__printk+0x10/0x10
[  256.278731][T13864]  ? __pfx___might_resched+0x10/0x10
[  256.278761][T13864]  should_fail_ex+0x414/0x560
[  256.278792][T13864]  should_failslab+0xa8/0x100
[  256.278812][T13864]  __kmalloc_cache_noprof+0x70/0x3d0
[  256.278837][T13864]  ? call_usermodehelper_setup+0x8e/0x270
[  256.278859][T13864]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  256.278889][T13864]  call_usermodehelper_setup+0x8e/0x270
[  256.278911][T13864]  ? __pfx_free_modprobe_argv+0x10/0x10
[  256.278937][T13864]  __request_module+0x39f/0x5e0
[  256.278963][T13864]  ? aa_get_newest_label+0xf7/0x5d0
[  256.278989][T13864]  ? __pfx___request_module+0x10/0x10
[  256.279016][T13864]  ? rcu_is_watching+0x15/0xb0
[  256.279050][T13864]  ? security_capable+0x7e/0x2e0
[  256.279077][T13864]  ? dev_load+0x21/0x1f0
[  256.279100][T13864]  dev_load+0x190/0x1f0
[  256.279124][T13864]  dev_ioctl+0x837/0x1150
[  256.279152][T13864]  sock_ioctl+0x719/0x790
[  256.279178][T13864]  ? __pfx_sock_ioctl+0x10/0x10
[  256.279200][T13864]  ? __fget_files+0x3a0/0x420
[  256.279216][T13864]  ? __fget_files+0x2a/0x420
[  256.279236][T13864]  ? bpf_lsm_file_ioctl+0x9/0x20
[  256.279259][T13864]  ? __pfx_sock_ioctl+0x10/0x10
[  256.279279][T13864]  __se_sys_ioctl+0xf9/0x170
[  256.279305][T13864]  do_syscall_64+0xfa/0x3b0
[  256.279337][T13864]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.279359][T13864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.279377][T13864]  ? clear_bhb_loop+0x60/0xb0
[  256.279399][T13864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.279416][T13864] RIP: 0033:0x7f6e3eb8ebe9
[  256.279434][T13864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.279450][T13864] RSP: 002b:00007f6e3fa68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  256.279473][T13864] RAX: ffffffffffffffda RBX: 00007f6e3edb5fa0 RCX: 00007f6e3eb8ebe9
[  256.279487][T13864] RDX: 0000200000000240 RSI: 00000000000089f8 RDI: 0000000000000003
[  256.279498][T13864] RBP: 00007f6e3fa68090 R08: 0000000000000000 R09: 0000000000000000
[  256.279509][T13864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.279519][T13864] R13: 00007f6e3edb6038 R14: 00007f6e3edb5fa0 R15: 00007ffdb2777418
[  256.279549][T13864]  </TASK>
[  256.592147][T13873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2454'.
[  256.602511][T13852] bond4: (slave veth0_to_bond): Releasing active interface
[  256.617496][T13852] bond0: (slave bond_slave_0): Releasing backup interface
[  256.628724][T13852] bond0: (slave bond_slave_1): Releasing backup interface
[  256.639340][T13852] team0: Port device team_slave_0 removed
[  256.647894][T13852] team0: Port device team_slave_1 removed
[  256.655240][T13852] batman_adv: batadv0: Removing interface: batadv_slave_0
[  256.663700][T13852] batman_adv: batadv0: Removing interface: batadv_slave_1
[  256.673417][T13852] bond0: (slave geneve1): Releasing backup interface
[  256.682881][T13852] team0: Port device macvlan2 removed
[  256.688906][T13869] netlink: 'syz.1.2453': attribute type 26 has an invalid length.
[  256.690075][T13858] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  256.706041][T13858] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  256.717444][T13858] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  257.026647][T13896] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  257.127655][T13903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2460'.
[  257.256459][T13906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2463'.
[  257.361681][T13912] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2466'.
[  257.374671][T13912] netlink: 10 bytes leftover after parsing attributes in process `syz.4.2466'.
[  257.403170][T13910] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2465'.
[  257.418090][T13910] bridge0: port 1(veth0_to_bridge) entered blocking state
[  257.453961][T13910] bridge0: port 1(veth0_to_bridge) entered disabled state
[  257.470548][T13910] veth0_to_bridge: entered allmulticast mode
[  257.505858][T13910] veth0_to_bridge: entered promiscuous mode
[  257.513897][T13914] FAULT_INJECTION: forcing a failure.
[  257.513897][T13914] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.547571][T13914] CPU: 0 UID: 0 PID: 13914 Comm: syz.2.2467 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  257.547603][T13914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  257.547618][T13914] Call Trace:
[  257.547627][T13914]  <TASK>
[  257.547635][T13914]  dump_stack_lvl+0x189/0x250
[  257.547662][T13914]  ? __pfx____ratelimit+0x10/0x10
[  257.547690][T13914]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.547708][T13914]  ? __pfx__printk+0x10/0x10
[  257.547743][T13914]  should_fail_ex+0x414/0x560
[  257.547776][T13914]  _copy_to_user+0x31/0xb0
[  257.547803][T13914]  simple_read_from_buffer+0xe1/0x170
[  257.547835][T13914]  proc_fail_nth_read+0x1b3/0x220
[  257.547861][T13914]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.547885][T13914]  ? rw_verify_area+0x258/0x650
[  257.547909][T13914]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.547930][T13914]  vfs_read+0x1fd/0x980
[  257.547952][T13914]  ? fdget_pos+0x247/0x320
[  257.547973][T13914]  ? __pfx___mutex_lock+0x10/0x10
[  257.548001][T13914]  ? __pfx_vfs_read+0x10/0x10
[  257.548023][T13914]  ? __fget_files+0x2a/0x420
[  257.548045][T13914]  ? __fget_files+0x3a0/0x420
[  257.548060][T13914]  ? __fget_files+0x2a/0x420
[  257.548086][T13914]  ksys_read+0x145/0x250
[  257.548112][T13914]  ? __pfx_ksys_read+0x10/0x10
[  257.548132][T13914]  ? rcu_is_watching+0x15/0xb0
[  257.548162][T13914]  ? do_syscall_64+0xbe/0x3b0
[  257.548243][T13914]  do_syscall_64+0xfa/0x3b0
[  257.548258][T13914]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.548274][T13914]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.548291][T13914]  ? clear_bhb_loop+0x60/0xb0
[  257.548312][T13914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.548328][T13914] RIP: 0033:0x7f2a18d8d5fc
[  257.548346][T13914] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  257.548360][T13914] RSP: 002b:00007f2a19b20030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  257.548383][T13914] RAX: ffffffffffffffda RBX: 00007f2a18fb5fa0 RCX: 00007f2a18d8d5fc
[  257.548395][T13914] RDX: 000000000000000f RSI: 00007f2a19b200a0 RDI: 0000000000000004
[  257.548406][T13914] RBP: 00007f2a19b20090 R08: 0000000000000000 R09: 0000000000000000
[  257.548417][T13914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.548427][T13914] R13: 00007f2a18fb6038 R14: 00007f2a18fb5fa0 R15: 00007ffc552028b8
[  257.548457][T13914]  </TASK>
[  257.901650][T13927] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2472'.
[  257.945804][T13927] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2472'.
[  258.014256][T13941] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  258.030382][T13941] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2472'.
[  258.333558][ T5891] block nbd64: NBD_DISCONNECT
[  258.647664][ T5891] udevd[5891]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  258.795605][T13979] netlink: 'syz.1.2481': attribute type 15 has an invalid length.
[  258.834168][T13979] netlink: 'syz.1.2481': attribute type 15 has an invalid length.
[  259.816895][T14013] tc_dump_action: action bad kind
[  260.034131][T14018] 8021q: adding VLAN 0 to HW filter on device bond5
[  260.096597][T14037] syz_tun: entered promiscuous mode
[  260.110953][T14037] syz_tun: entered allmulticast mode
[  260.186832][T14025] 8021q: adding VLAN 0 to HW filter on device bond5
[  260.211447][T14025] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  260.274876][T14025] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  260.522184][T14055] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  261.022658][T14088] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  261.092268][T14096] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  261.143219][T14093] bridge0: port 1(veth0_to_bridge) entered blocking state
[  261.155803][T14093] bridge0: port 1(veth0_to_bridge) entered disabled state
[  261.176982][T14093] veth0_to_bridge: entered allmulticast mode
[  261.223157][T14093] veth0_to_bridge: entered promiscuous mode
[  261.915116][T14142] __nla_validate_parse: 9 callbacks suppressed
[  261.915134][T14142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2532'.
[  262.133428][T14162] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2538'.
[  262.149702][T14162] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2538'.
[  264.708065][T14205] netlink: 'syz.4.2552': attribute type 1 has an invalid length.
[  264.798861][T14211] bond7: (slave bridge3): making interface the new active one
[  264.843726][T14211] bond7: (slave bridge3): Enslaving as an active interface with an up link
[  265.363287][T14245] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  265.657292][T14260] netlink: 'syz.3.2570': attribute type 1 has an invalid length.
[  265.716979][T14266] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2569'.
[  265.747969][T14266] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2569'.
[  265.750028][T14270] netlink: 'syz.2.2569': attribute type 33 has an invalid length.
[  265.996413][T14282] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2575'.
[  266.002841][T14283] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2576'.
[  266.330029][T14300] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2583'.
[  266.462439][T14303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2585'.
[  266.503562][T14303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2585'.
[  266.794970][T14311] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  266.835240][T14311] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  266.851673][T14311] gretap1: entered promiscuous mode
[  266.866805][T14311] gretap1: entered allmulticast mode
[  266.902475][T14322] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  266.998505][T14314] syzkaller0: entered promiscuous mode
[  267.007551][T14314] syzkaller0: entered allmulticast mode
[  267.025265][T14314] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  267.085407][T14314] tipc: Resetting bearer <eth:syzkaller0>
[  267.113403][T14313] tipc: Resetting bearer <eth:syzkaller0>
[  267.161786][T14313] tipc: Disabling bearer <eth:syzkaller0>
[  267.201492][T14335] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2593'.
[  267.222837][T14337] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2593'.
[  267.234806][T14333] netlink: 'syz.0.2592': attribute type 29 has an invalid length.
[  267.254363][T14333] netlink: 'syz.0.2592': attribute type 29 has an invalid length.
[  267.306948][T14336] netlink: 500 bytes leftover after parsing attributes in process `syz.0.2592'.
[  267.325272][T14333] netlink: 'syz.0.2592': attribute type 10 has an invalid length.
[  267.336309][T14333] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2592'.
[  267.345981][T14333] netlink: 'syz.0.2592': attribute type 13 has an invalid length.
[  267.555867][T14355] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2599'.
[  267.578478][T14333] 8021q: adding VLAN 0 to HW filter on device bond0
[  267.603499][T14333] 8021q: adding VLAN 0 to HW filter on device team0
[  267.644684][T14333] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  267.676400][ T7536] lo speed is unknown, defaulting to 1000
[  267.690403][ T7536] syz0: Port: 1 Link ACTIVE
[  267.723895][ T7533] lo speed is unknown, defaulting to 1000
[  267.862787][T14370] IPVS: Error connecting to the multicast addr
[  267.879630][T14370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2603'.
[  267.971968][T14370] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  267.993457][T14370] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  268.002453][T14370] gretap1: entered promiscuous mode
[  268.007950][T14370] gretap1: entered allmulticast mode
[  268.120266][T14385] FAULT_INJECTION: forcing a failure.
[  268.120266][T14385] name failslab, interval 1, probability 0, space 0, times 0
[  268.125200][T14384] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2606'.
[  268.144763][T14385] CPU: 1 UID: 0 PID: 14385 Comm: syz.0.2609 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  268.144793][T14385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  268.144805][T14385] Call Trace:
[  268.144813][T14385]  <TASK>
[  268.144821][T14385]  dump_stack_lvl+0x189/0x250
[  268.144848][T14385]  ? __pfx____ratelimit+0x10/0x10
[  268.144874][T14385]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.144893][T14385]  ? __pfx__printk+0x10/0x10
[  268.144917][T14385]  ? __pfx___might_resched+0x10/0x10
[  268.144943][T14385]  ? fs_reclaim_acquire+0x7d/0x100
[  268.144968][T14385]  should_fail_ex+0x414/0x560
[  268.145001][T14385]  should_failslab+0xa8/0x100
[  268.145021][T14385]  __kmalloc_noprof+0xcb/0x4f0
[  268.145046][T14385]  ? tomoyo_encode+0x28b/0x550
[  268.145075][T14385]  tomoyo_encode+0x28b/0x550
[  268.145106][T14385]  tomoyo_realpath_from_path+0x58d/0x5d0
[  268.145131][T14385]  ? tomoyo_domain+0xd9/0x130
[  268.145161][T14385]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  268.145182][T14385]  tomoyo_path_number_perm+0x1e8/0x5a0
[  268.145207][T14385]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  268.145248][T14385]  ? __lock_acquire+0xab9/0xd20
[  268.145296][T14385]  ? __fget_files+0x2a/0x420
[  268.145317][T14385]  ? __fget_files+0x2a/0x420
[  268.145333][T14385]  ? __fget_files+0x3a0/0x420
[  268.145348][T14385]  ? __fget_files+0x2a/0x420
[  268.145376][T14385]  security_file_ioctl+0xcb/0x2d0
[  268.145400][T14385]  __se_sys_ioctl+0x47/0x170
[  268.145426][T14385]  do_syscall_64+0xfa/0x3b0
[  268.145450][T14385]  ? lockdep_hardirqs_on+0x9c/0x150
[  268.145473][T14385]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.145492][T14385]  ? clear_bhb_loop+0x60/0xb0
[  268.145514][T14385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.145532][T14385] RIP: 0033:0x7f216478ebe9
[  268.145549][T14385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.145566][T14385] RSP: 002b:00007f21629f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.145590][T14385] RAX: ffffffffffffffda RBX: 00007f21649b5fa0 RCX: 00007f216478ebe9
[  268.145603][T14385] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  268.145615][T14385] RBP: 00007f21629f6090 R08: 0000000000000000 R09: 0000000000000000
[  268.145627][T14385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.145637][T14385] R13: 00007f21649b6038 R14: 00007f21649b5fa0 R15: 00007ffefe9d1b78
[  268.145669][T14385]  </TASK>
[  268.145693][T14385] ERROR: Out of memory at tomoyo_realpath_from_path.
[  268.475629][T14395] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2612'.
[  268.993276][T14423] FAULT_INJECTION: forcing a failure.
[  268.993276][T14423] name failslab, interval 1, probability 0, space 0, times 0
[  269.036016][T14423] CPU: 0 UID: 0 PID: 14423 Comm: syz.4.2619 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  269.036049][T14423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  269.036061][T14423] Call Trace:
[  269.036069][T14423]  <TASK>
[  269.036077][T14423]  dump_stack_lvl+0x189/0x250
[  269.036105][T14423]  ? __pfx____ratelimit+0x10/0x10
[  269.036130][T14423]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.036148][T14423]  ? __pfx__printk+0x10/0x10
[  269.036177][T14423]  ? __pfx___might_resched+0x10/0x10
[  269.036207][T14423]  should_fail_ex+0x414/0x560
[  269.036240][T14423]  ? hash_ipport_create+0x78d/0x1410
[  269.036264][T14423]  should_failslab+0xa8/0x100
[  269.036283][T14423]  __kvmalloc_node_noprof+0x161/0x5f0
[  269.036320][T14423]  ? hash_ipport_create+0x78d/0x1410
[  269.036341][T14423]  ? hash_ipport_create+0x6d5/0x1410
[  269.036369][T14423]  hash_ipport_create+0x78d/0x1410
[  269.036391][T14423]  ? __lock_acquire+0xab9/0xd20
[  269.036440][T14423]  ? __pfx_hash_ipport_create+0x10/0x10
[  269.036471][T14423]  ? ip_set_create+0x4a2/0x1940
[  269.036489][T14423]  ? __pfx_hash_ipport_create+0x10/0x10
[  269.036513][T14423]  ip_set_create+0xa97/0x1940
[  269.036533][T14423]  ? ip_set_create+0x4a2/0x1940
[  269.036566][T14423]  ? __pfx_ip_set_create+0x10/0x10
[  269.036626][T14423]  nfnetlink_rcv_msg+0xb4d/0x1130
[  269.036652][T14423]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  269.036694][T14423]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  269.036749][T14423]  ? is_bpf_text_address+0x26/0x2b0
[  269.036799][T14423]  netlink_rcv_skb+0x205/0x470
[  269.036826][T14423]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  269.036850][T14423]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  269.036882][T14423]  ? bpf_lsm_capable+0x9/0x20
[  269.036905][T14423]  ? security_capable+0x7e/0x2e0
[  269.036935][T14423]  nfnetlink_rcv+0x26a/0x2520
[  269.036956][T14423]  ? is_bpf_text_address+0x26/0x2b0
[  269.036982][T14423]  ? kernel_text_address+0xa5/0xe0
[  269.037004][T14423]  ? __kernel_text_address+0xd/0x40
[  269.037023][T14423]  ? unwind_get_return_address+0x4d/0x90
[  269.037039][T14423]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  269.037059][T14423]  ? arch_stack_walk+0xfc/0x150
[  269.037094][T14423]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  269.037115][T14423]  ? stack_depot_save_flags+0x40/0x900
[  269.037140][T14423]  ? __lock_acquire+0xab9/0xd20
[  269.037189][T14423]  ? __lock_acquire+0xab9/0xd20
[  269.037223][T14423]  ? netlink_deliver_tap+0x2e/0x1b0
[  269.037254][T14423]  ? netlink_deliver_tap+0x2e/0x1b0
[  269.037286][T14423]  netlink_unicast+0x82f/0x9e0
[  269.037324][T14423]  ? __pfx_netlink_unicast+0x10/0x10
[  269.037347][T14423]  ? netlink_sendmsg+0x642/0xb30
[  269.037369][T14423]  ? skb_put+0x11b/0x210
[  269.037391][T14423]  netlink_sendmsg+0x805/0xb30
[  269.037425][T14423]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.037453][T14423]  ? aa_sock_msg_perm+0x94/0x160
[  269.037478][T14423]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  269.037498][T14423]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.037524][T14423]  __sock_sendmsg+0x219/0x270
[  269.037549][T14423]  ____sys_sendmsg+0x505/0x830
[  269.037576][T14423]  ? __pfx_____sys_sendmsg+0x10/0x10
[  269.037604][T14423]  ? import_iovec+0x74/0xa0
[  269.037632][T14423]  ___sys_sendmsg+0x21f/0x2a0
[  269.037652][T14423]  ? __pfx____sys_sendmsg+0x10/0x10
[  269.037711][T14423]  ? __fget_files+0x2a/0x420
[  269.037727][T14423]  ? __fget_files+0x3a0/0x420
[  269.037755][T14423]  __x64_sys_sendmsg+0x19b/0x260
[  269.037777][T14423]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  269.037804][T14423]  ? __pfx_ksys_write+0x10/0x10
[  269.037825][T14423]  ? rcu_is_watching+0x15/0xb0
[  269.037856][T14423]  ? do_syscall_64+0xbe/0x3b0
[  269.037882][T14423]  do_syscall_64+0xfa/0x3b0
[  269.037903][T14423]  ? lockdep_hardirqs_on+0x9c/0x150
[  269.037924][T14423]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.037940][T14423]  ? clear_bhb_loop+0x60/0xb0
[  269.037960][T14423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.037975][T14423] RIP: 0033:0x7f6e3eb8ebe9
[  269.037994][T14423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.038010][T14423] RSP: 002b:00007f6e3fa68038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  269.038032][T14423] RAX: ffffffffffffffda RBX: 00007f6e3edb5fa0 RCX: 00007f6e3eb8ebe9
[  269.038045][T14423] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  269.038055][T14423] RBP: 00007f6e3fa68090 R08: 0000000000000000 R09: 0000000000000000
[  269.038066][T14423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.038077][T14423] R13: 00007f6e3edb6038 R14: 00007f6e3edb5fa0 R15: 00007ffdb2777418
[  269.038105][T14423]  </TASK>
[  269.609818][T14432] FAULT_INJECTION: forcing a failure.
[  269.609818][T14432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  269.625002][T14432] CPU: 0 UID: 0 PID: 14432 Comm: syz.3.2622 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  269.625033][T14432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  269.625044][T14432] Call Trace:
[  269.625052][T14432]  <TASK>
[  269.625060][T14432]  dump_stack_lvl+0x189/0x250
[  269.625087][T14432]  ? __pfx____ratelimit+0x10/0x10
[  269.625110][T14432]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.625128][T14432]  ? __pfx__printk+0x10/0x10
[  269.625148][T14432]  ? __might_fault+0xb0/0x130
[  269.625182][T14432]  should_fail_ex+0x414/0x560
[  269.625212][T14432]  _copy_from_user+0x2d/0xb0
[  269.625236][T14432]  nr_rt_ioctl+0x74f/0xd50
[  269.625275][T14432]  ? kasan_quarantine_put+0xdd/0x220
[  269.625299][T14432]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  269.625325][T14432]  ? apparmor_capable+0x137/0x1b0
[  269.625349][T14432]  ? capable+0x89/0xe0
[  269.625373][T14432]  ? nr_ioctl+0x1b1/0x3b0
[  269.625390][T14432]  sock_do_ioctl+0xd9/0x300
[  269.625412][T14432]  ? __pfx_sock_do_ioctl+0x10/0x10
[  269.625427][T14432]  ? __lock_acquire+0xab9/0xd20
[  269.625463][T14432]  sock_ioctl+0x576/0x790
[  269.625483][T14432]  ? __pfx_sock_ioctl+0x10/0x10
[  269.625503][T14432]  ? __fget_files+0x2a/0x420
[  269.625517][T14432]  ? __fget_files+0x3a0/0x420
[  269.625531][T14432]  ? __fget_files+0x2a/0x420
[  269.625551][T14432]  ? bpf_lsm_file_ioctl+0x9/0x20
[  269.625575][T14432]  ? __pfx_sock_ioctl+0x10/0x10
[  269.625595][T14432]  __se_sys_ioctl+0xf9/0x170
[  269.625619][T14432]  do_syscall_64+0xfa/0x3b0
[  269.625643][T14432]  ? lockdep_hardirqs_on+0x9c/0x150
[  269.625665][T14432]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.625683][T14432]  ? clear_bhb_loop+0x60/0xb0
[  269.625704][T14432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.625719][T14432] RIP: 0033:0x7f8fcbb8ebe9
[  269.625737][T14432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.625752][T14432] RSP: 002b:00007f8fcca33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  269.625774][T14432] RAX: ffffffffffffffda RBX: 00007f8fcbdb5fa0 RCX: 00007f8fcbb8ebe9
[  269.625787][T14432] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  269.625799][T14432] RBP: 00007f8fcca33090 R08: 0000000000000000 R09: 0000000000000000
[  269.625809][T14432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.625819][T14432] R13: 00007f8fcbdb6038 R14: 00007f8fcbdb5fa0 R15: 00007ffce757cc28
[  269.625848][T14432]  </TASK>
[  270.270505][T14463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2627'.
[  270.283833][T14461] netlink: 'syz.0.2630': attribute type 1 has an invalid length.
[  270.298055][T14461] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2630'.
[  270.339528][T14466] netlink: 'syz.3.2632': attribute type 5 has an invalid length.
[  270.545267][T14480] FAULT_INJECTION: forcing a failure.
[  270.545267][T14480] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.581979][T14481] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  270.587515][T14480] CPU: 0 UID: 0 PID: 14480 Comm: syz.0.2636 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  270.587547][T14480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  270.587558][T14480] Call Trace:
[  270.587566][T14480]  <TASK>
[  270.587574][T14480]  dump_stack_lvl+0x189/0x250
[  270.587601][T14480]  ? __pfx____ratelimit+0x10/0x10
[  270.587627][T14480]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.587645][T14480]  ? __pfx__printk+0x10/0x10
[  270.587679][T14480]  should_fail_ex+0x414/0x560
[  270.587712][T14480]  _copy_to_user+0x31/0xb0
[  270.587737][T14480]  simple_read_from_buffer+0xe1/0x170
[  270.587770][T14480]  proc_fail_nth_read+0x1b3/0x220
[  270.587795][T14480]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  270.587819][T14480]  ? rw_verify_area+0x258/0x650
[  270.587850][T14480]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  270.587872][T14480]  vfs_read+0x1fd/0x980
[  270.587894][T14480]  ? fdget_pos+0x247/0x320
[  270.587915][T14480]  ? __pfx___mutex_lock+0x10/0x10
[  270.587941][T14480]  ? __pfx_vfs_read+0x10/0x10
[  270.587965][T14480]  ? __fget_files+0x2a/0x420
[  270.587987][T14480]  ? __fget_files+0x3a0/0x420
[  270.588002][T14480]  ? __fget_files+0x2a/0x420
[  270.588028][T14480]  ksys_read+0x145/0x250
[  270.588048][T14480]  ? __fget_files+0x3a0/0x420
[  270.588066][T14480]  ? __pfx_ksys_read+0x10/0x10
[  270.588094][T14480]  ? do_syscall_64+0xbe/0x3b0
[  270.588120][T14480]  do_syscall_64+0xfa/0x3b0
[  270.588142][T14480]  ? lockdep_hardirqs_on+0x9c/0x150
[  270.588167][T14480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.588185][T14480]  ? clear_bhb_loop+0x60/0xb0
[  270.588206][T14480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.588222][T14480] RIP: 0033:0x7f216478d5fc
[  270.588239][T14480] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  270.588254][T14480] RSP: 002b:00007f21629f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  270.588277][T14480] RAX: ffffffffffffffda RBX: 00007f21649b5fa0 RCX: 00007f216478d5fc
[  270.588290][T14480] RDX: 000000000000000f RSI: 00007f21629f60a0 RDI: 0000000000000003
[  270.588301][T14480] RBP: 00007f21629f6090 R08: 0000000000000000 R09: 0000000000000000
[  270.588312][T14480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.588321][T14480] R13: 00007f21649b6038 R14: 00007f21649b5fa0 R15: 00007ffefe9d1b78
[  270.588352][T14480]  </TASK>
[  271.224698][T14511] FAULT_INJECTION: forcing a failure.
[  271.224698][T14511] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  271.263344][T14511] CPU: 1 UID: 0 PID: 14511 Comm: syz.3.2643 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  271.263377][T14511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  271.263389][T14511] Call Trace:
[  271.263397][T14511]  <TASK>
[  271.263406][T14511]  dump_stack_lvl+0x189/0x250
[  271.263433][T14511]  ? __pfx____ratelimit+0x10/0x10
[  271.263460][T14511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.263478][T14511]  ? __pfx__printk+0x10/0x10
[  271.263514][T14511]  should_fail_ex+0x414/0x560
[  271.263547][T14511]  _copy_to_user+0x31/0xb0
[  271.263574][T14511]  simple_read_from_buffer+0xe1/0x170
[  271.263606][T14511]  proc_fail_nth_read+0x1b3/0x220
[  271.263631][T14511]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  271.263655][T14511]  ? rw_verify_area+0x258/0x650
[  271.263678][T14511]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  271.263700][T14511]  vfs_read+0x1fd/0x980
[  271.263722][T14511]  ? fdget_pos+0x247/0x320
[  271.263744][T14511]  ? __pfx___mutex_lock+0x10/0x10
[  271.263770][T14511]  ? __pfx_vfs_read+0x10/0x10
[  271.263801][T14511]  ? __fget_files+0x2a/0x420
[  271.263822][T14511]  ? __fget_files+0x3a0/0x420
[  271.263838][T14511]  ? __fget_files+0x2a/0x420
[  271.263865][T14511]  ksys_read+0x145/0x250
[  271.263891][T14511]  ? __pfx_ksys_read+0x10/0x10
[  271.263910][T14511]  ? rcu_is_watching+0x15/0xb0
[  271.263943][T14511]  ? do_syscall_64+0xbe/0x3b0
[  271.263971][T14511]  do_syscall_64+0xfa/0x3b0
[  271.263993][T14511]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.264015][T14511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.264032][T14511]  ? clear_bhb_loop+0x60/0xb0
[  271.264062][T14511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.264078][T14511] RIP: 0033:0x7f8fcbb8d5fc
[  271.264096][T14511] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  271.264111][T14511] RSP: 002b:00007f8fcca33030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  271.264134][T14511] RAX: ffffffffffffffda RBX: 00007f8fcbdb5fa0 RCX: 00007f8fcbb8d5fc
[  271.264146][T14511] RDX: 000000000000000f RSI: 00007f8fcca330a0 RDI: 0000000000000004
[  271.264158][T14511] RBP: 00007f8fcca33090 R08: 0000000000000000 R09: 0000000000000000
[  271.264169][T14511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.264180][T14511] R13: 00007f8fcbdb6038 R14: 00007f8fcbdb5fa0 R15: 00007ffce757cc28
[  271.264211][T14511]  </TASK>
[  271.737910][T14525] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  271.865061][T14536] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  272.057189][T14545] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  272.080075][T14543] netlink: 'syz.2.2654': attribute type 2 has an invalid length.
[  272.126617][T14548] syz_tun: left promiscuous mode
[  272.135215][T14548] syz_tun: left allmulticast mode
[  272.344673][T14561] __nla_validate_parse: 7 callbacks suppressed
[  272.344690][T14561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2662'.
[  272.390369][T14561] netlink: 'syz.1.2662': attribute type 5 has an invalid length.
[  272.399558][T14561] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2662'.
[  272.468170][T14561] geneve3: entered promiscuous mode
[  272.480951][T14561] geneve3: entered allmulticast mode
[  272.504624][T12071] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[  272.518037][T12071] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[  272.545140][T12071] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[  272.573208][T12071] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0
[  272.695142][T14588] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2670'.
[  273.364313][T14619] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  276.960986][T14622] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma?
[  277.135052][T14634] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2688'.
[  277.280033][T14649] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2693'.
[  277.309389][T14634] veth0_macvtap: left allmulticast mode
[  277.315214][T14650] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2692'.
[  277.352030][ T7531] lo speed is unknown, defaulting to 1000
[  277.357823][ T7531] syz0: Port: 1 Link DOWN
[  277.454476][ T7531] lo speed is unknown, defaulting to 1000
[  277.487313][T14657] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  277.548854][T14662] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2698'.
[  277.614988][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2698'.
[  277.912639][T14684] netlink: 'syz.2.2704': attribute type 3 has an invalid length.
[  277.922493][T14687] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  277.944603][T14684] netlink: 'syz.2.2704': attribute type 3 has an invalid length.
[  277.963755][T14689] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2707'.
[  278.106634][T14697] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2711'.
[  278.269640][T14704] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  278.525240][T14719] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.2718'.
[  278.565459][T14719] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2718'.
[  278.609381][T14724] (unnamed net_device) (uninitialized): peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms
[  278.724959][T14724] bond6: entered promiscuous mode
[  278.730278][T14724] bond6: entered allmulticast mode
[  278.736203][T14724] 8021q: adding VLAN 0 to HW filter on device bond6
[  278.810139][T14734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2722'.
[  278.887402][T14742] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2724'.
[  279.007554][T14746] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  279.060299][T14750] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2728'.
[  279.070294][T14750] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2728'.
[  279.118528][T14750] netlink: 'syz.1.2728': attribute type 21 has an invalid length.
[  279.247196][T14758] netlink: 'syz.1.2732': attribute type 1 has an invalid length.
[  279.280631][T14758] netlink: 'syz.1.2732': attribute type 10 has an invalid length.
[  279.346463][T14767] netlink: 'syz.0.2735': attribute type 2 has an invalid length.
[  279.393493][T14767] netlink: 'syz.0.2735': attribute type 2 has an invalid length.
[  279.754206][T14785] netlink: 'syz.3.2741': attribute type 1 has an invalid length.
[  279.921223][T14795] netlink: 'syz.4.2742': attribute type 1 has an invalid length.
[  279.931279][T14795] nbd: error processing sock list
[  279.936365][T14795] block nbd0: shutting down sockets
[  279.950678][T14800] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  280.459485][T14828] batadv_slave_1: entered promiscuous mode
[  280.670626][T14827] batadv_slave_1: left promiscuous mode
[  281.390883][T14851] netlink: 'syz.4.2764': attribute type 83 has an invalid length.
[  281.646244][T14868] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  281.907151][T14878] can: request_module (can-proto-0) failed.
[  282.296066][T14902] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.336211][T14904] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  282.569576][T14912] __nla_validate_parse: 10 callbacks suppressed
[  282.569600][T14912] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2785'.
[  282.939235][T14943] xt_socket: unknown flags 0xe4
[  282.953652][T14942] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2793'.
[  282.965754][T14942] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2793'.
[  282.979094][T14943] 
: renamed from bridge_slave_0
[  283.016533][T14945] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2795'.
[  283.061571][T14945] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  283.086495][T14950] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  283.118331][T14954] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  283.284667][T14968] validate_nla: 3 callbacks suppressed
[  283.284689][T14968] netlink: 'syz.0.2805': attribute type 2 has an invalid length.
[  283.313762][T14968] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2805'.
[  284.376799][T14986] netlink: 'syz.2.2810': attribute type 29 has an invalid length.
[  284.388520][T14989] netlink: 'syz.2.2810': attribute type 29 has an invalid length.
[  284.390870][T14987] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2809'.
[  284.458721][T14994] mac80211_hwsim hwsim15 wlan1: entered allmulticast mode
[  284.464211][T14995] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  284.469497][T14994] openvswitch: netlink: Unknown key attributes 2
[  284.487963][T14996] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2809'.
[  284.594528][T15000] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  284.738524][T15010] FAULT_INJECTION: forcing a failure.
[  284.738524][T15010] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.766810][T15010] CPU: 1 UID: 0 PID: 15010 Comm: syz.2.2819 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  284.766841][T15010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  284.766853][T15010] Call Trace:
[  284.766861][T15010]  <TASK>
[  284.766869][T15010]  dump_stack_lvl+0x189/0x250
[  284.766896][T15010]  ? __pfx____ratelimit+0x10/0x10
[  284.766922][T15010]  ? __pfx_dump_stack_lvl+0x10/0x10
[  284.766940][T15010]  ? __pfx__printk+0x10/0x10
[  284.766961][T15010]  ? __might_fault+0xb0/0x130
[  284.766993][T15010]  should_fail_ex+0x414/0x560
[  284.767022][T15010]  _copy_from_iter+0x1db/0x16f0
[  284.767048][T15010]  ? rcu_is_watching+0x15/0xb0
[  284.767074][T15010]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  284.767101][T15010]  ? __pfx__copy_from_iter+0x10/0x10
[  284.767124][T15010]  ? __build_skb_around+0x257/0x3e0
[  284.767150][T15010]  ? netlink_sendmsg+0x642/0xb30
[  284.767172][T15010]  ? skb_put+0x11b/0x210
[  284.767191][T15010]  netlink_sendmsg+0x6b2/0xb30
[  284.767221][T15010]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.767245][T15010]  ? aa_sock_msg_perm+0x94/0x160
[  284.767268][T15010]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  284.767285][T15010]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.767309][T15010]  __sock_sendmsg+0x219/0x270
[  284.767334][T15010]  ____sys_sendmsg+0x505/0x830
[  284.767359][T15010]  ? __pfx_____sys_sendmsg+0x10/0x10
[  284.767386][T15010]  ? import_iovec+0x74/0xa0
[  284.767411][T15010]  ___sys_sendmsg+0x21f/0x2a0
[  284.767431][T15010]  ? __pfx____sys_sendmsg+0x10/0x10
[  284.767480][T15010]  ? __fget_files+0x2a/0x420
[  284.767496][T15010]  ? __fget_files+0x3a0/0x420
[  284.767519][T15010]  __x64_sys_sendmsg+0x19b/0x260
[  284.767537][T15010]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  284.767560][T15010]  ? __pfx_ksys_write+0x10/0x10
[  284.767579][T15010]  ? rcu_is_watching+0x15/0xb0
[  284.767607][T15010]  ? do_syscall_64+0xbe/0x3b0
[  284.767636][T15010]  do_syscall_64+0xfa/0x3b0
[  284.767657][T15010]  ? lockdep_hardirqs_on+0x9c/0x150
[  284.767678][T15010]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.767693][T15010]  ? clear_bhb_loop+0x60/0xb0
[  284.767711][T15010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.767735][T15010] RIP: 0033:0x7f2a18d8ebe9
[  284.767753][T15010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.767768][T15010] RSP: 002b:00007f2a19b20038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  284.767790][T15010] RAX: ffffffffffffffda RBX: 00007f2a18fb5fa0 RCX: 00007f2a18d8ebe9
[  284.767804][T15010] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003
[  284.767815][T15010] RBP: 00007f2a19b20090 R08: 0000000000000000 R09: 0000000000000000
[  284.767826][T15010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.767835][T15010] R13: 00007f2a18fb6038 R14: 00007f2a18fb5fa0 R15: 00007ffc552028b8
[  284.767864][T15010]  </TASK>
[  284.872730][T15019] IPVS: ip_vs_add_dest(): server weight less than zero
[  285.094754][T15021] netlink: 'syz.2.2823': attribute type 2 has an invalid length.
[  285.119458][T15025] IPVS: wrr: UDP 224.0.0.2:65535 - no destination available
[  285.330446][T15045] openvswitch: netlink: Actions may not be safe on all matching packets
[  285.385478][T15050] FAULT_INJECTION: forcing a failure.
[  285.385478][T15050] name failslab, interval 1, probability 0, space 0, times 0
[  285.402046][T15050] CPU: 0 UID: 0 PID: 15050 Comm: syz.0.2832 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  285.402079][T15050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  285.402090][T15050] Call Trace:
[  285.402098][T15050]  <TASK>
[  285.402106][T15050]  dump_stack_lvl+0x189/0x250
[  285.402133][T15050]  ? __pfx____ratelimit+0x10/0x10
[  285.402159][T15050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.402178][T15050]  ? __pfx__printk+0x10/0x10
[  285.402203][T15050]  ? __pfx___might_resched+0x10/0x10
[  285.402229][T15050]  ? fs_reclaim_acquire+0x7d/0x100
[  285.402254][T15050]  should_fail_ex+0x414/0x560
[  285.402287][T15050]  should_failslab+0xa8/0x100
[  285.402306][T15050]  __kmalloc_noprof+0xcb/0x4f0
[  285.402330][T15050]  ? tomoyo_encode+0x28b/0x550
[  285.402361][T15050]  tomoyo_encode+0x28b/0x550
[  285.402391][T15050]  tomoyo_realpath_from_path+0x58d/0x5d0
[  285.402416][T15050]  ? tomoyo_domain+0xd9/0x130
[  285.402454][T15050]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  285.402474][T15050]  tomoyo_path_number_perm+0x1e8/0x5a0
[  285.402497][T15050]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  285.402536][T15050]  ? __lock_acquire+0xab9/0xd20
[  285.402583][T15050]  ? __fget_files+0x2a/0x420
[  285.402605][T15050]  ? __fget_files+0x2a/0x420
[  285.402620][T15050]  ? __fget_files+0x3a0/0x420
[  285.402634][T15050]  ? __fget_files+0x2a/0x420
[  285.402655][T15050]  security_file_ioctl+0xcb/0x2d0
[  285.402676][T15050]  __se_sys_ioctl+0x47/0x170
[  285.402702][T15050]  do_syscall_64+0xfa/0x3b0
[  285.402725][T15050]  ? lockdep_hardirqs_on+0x9c/0x150
[  285.402748][T15050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.402766][T15050]  ? clear_bhb_loop+0x60/0xb0
[  285.402787][T15050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.402804][T15050] RIP: 0033:0x7f216478ebe9
[  285.402822][T15050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.402837][T15050] RSP: 002b:00007f21629f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  285.402861][T15050] RAX: ffffffffffffffda RBX: 00007f21649b5fa0 RCX: 00007f216478ebe9
[  285.402875][T15050] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  285.402887][T15050] RBP: 00007f21629f6090 R08: 0000000000000000 R09: 0000000000000000
[  285.402898][T15050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.402907][T15050] R13: 00007f21649b6038 R14: 00007f21649b5fa0 R15: 00007ffefe9d1b78
[  285.402935][T15050]  </TASK>
[  285.402956][T15050] ERROR: Out of memory at tomoyo_realpath_from_path.
[  285.549332][T15053] FAULT_INJECTION: forcing a failure.
[  285.549332][T15053] name failslab, interval 1, probability 0, space 0, times 0
[  285.680245][T15053] CPU: 0 UID: 0 PID: 15053 Comm: syz.3.2834 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  285.680275][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  285.680286][T15053] Call Trace:
[  285.680295][T15053]  <TASK>
[  285.680303][T15053]  dump_stack_lvl+0x189/0x250
[  285.680330][T15053]  ? __pfx____ratelimit+0x10/0x10
[  285.680357][T15053]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.680374][T15053]  ? __pfx__printk+0x10/0x10
[  285.680470][T15053]  ? __pfx___might_resched+0x10/0x10
[  285.680493][T15053]  ? fs_reclaim_acquire+0x7d/0x100
[  285.680518][T15053]  should_fail_ex+0x414/0x560
[  285.680548][T15053]  should_failslab+0xa8/0x100
[  285.680567][T15053]  __kmalloc_noprof+0xcb/0x4f0
[  285.680590][T15053]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  285.680619][T15053]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  285.680655][T15053]  genl_family_rcv_msg_doit+0xb8/0x300
[  285.680683][T15053]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  285.680707][T15053]  ? rcu_is_watching+0x15/0xb0
[  285.680737][T15053]  ? apparmor_capable+0x137/0x1b0
[  285.680759][T15053]  ? bpf_lsm_capable+0x9/0x20
[  285.680788][T15053]  ? security_capable+0x7e/0x2e0
[  285.680822][T15053]  genl_rcv_msg+0x60e/0x790
[  285.680849][T15053]  ? __pfx_genl_rcv_msg+0x10/0x10
[  285.680868][T15053]  ? __pfx_mptcp_pm_nl_set_flags_doit+0x10/0x10
[  285.680905][T15053]  netlink_rcv_skb+0x205/0x470
[  285.680927][T15053]  ? __lock_acquire+0xab9/0xd20
[  285.680953][T15053]  ? __pfx_genl_rcv_msg+0x10/0x10
[  285.680974][T15053]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  285.681023][T15053]  ? down_read+0x1ad/0x2e0
[  285.681046][T15053]  genl_rcv+0x28/0x40
[  285.681064][T15053]  netlink_unicast+0x82f/0x9e0
[  285.681098][T15053]  ? __pfx_netlink_unicast+0x10/0x10
[  285.681125][T15053]  ? netlink_sendmsg+0x642/0xb30
[  285.681147][T15053]  ? skb_put+0x11b/0x210
[  285.681169][T15053]  netlink_sendmsg+0x805/0xb30
[  285.681204][T15053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.681232][T15053]  ? aa_sock_msg_perm+0x94/0x160
[  285.681257][T15053]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  285.681278][T15053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.681304][T15053]  __sock_sendmsg+0x219/0x270
[  285.681331][T15053]  ____sys_sendmsg+0x505/0x830
[  285.681357][T15053]  ? __pfx_____sys_sendmsg+0x10/0x10
[  285.681386][T15053]  ? import_iovec+0x74/0xa0
[  285.681416][T15053]  ___sys_sendmsg+0x21f/0x2a0
[  285.681438][T15053]  ? __pfx____sys_sendmsg+0x10/0x10
[  285.681501][T15053]  ? __fget_files+0x2a/0x420
[  285.681521][T15053]  ? __fget_files+0x3a0/0x420
[  285.681550][T15053]  __x64_sys_sendmsg+0x19b/0x260
[  285.681575][T15053]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  285.681606][T15053]  ? __pfx_ksys_write+0x10/0x10
[  285.681629][T15053]  ? rcu_is_watching+0x15/0xb0
[  285.681669][T15053]  ? do_syscall_64+0xbe/0x3b0
[  285.681698][T15053]  do_syscall_64+0xfa/0x3b0
[  285.681721][T15053]  ? lockdep_hardirqs_on+0x9c/0x150
[  285.681746][T15053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.681764][T15053]  ? clear_bhb_loop+0x60/0xb0
[  285.681788][T15053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.681806][T15053] RIP: 0033:0x7f8fcbb8ebe9
[  285.681827][T15053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.681844][T15053] RSP: 002b:00007f8fcca33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  285.681868][T15053] RAX: ffffffffffffffda RBX: 00007f8fcbdb5fa0 RCX: 00007f8fcbb8ebe9
[  285.681882][T15053] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003
[  285.681894][T15053] RBP: 00007f8fcca33090 R08: 0000000000000000 R09: 0000000000000000
[  285.681905][T15053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.681916][T15053] R13: 00007f8fcbdb6038 R14: 00007f8fcbdb5fa0 R15: 00007ffce757cc28
[  285.681951][T15053]  </TASK>
[  286.116141][T15059] netlink: 'syz.1.2836': attribute type 1 has an invalid length.
[  286.125050][T15059] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2836'.
[  286.331166][T15080] netlink: 'syz.1.2842': attribute type 1 has an invalid length.
[  286.485843][T15100] FAULT_INJECTION: forcing a failure.
[  286.485843][T15100] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.508564][T15100] CPU: 0 UID: 0 PID: 15100 Comm: syz.3.2845 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  286.508595][T15100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  286.508607][T15100] Call Trace:
[  286.508614][T15100]  <TASK>
[  286.508622][T15100]  dump_stack_lvl+0x189/0x250
[  286.508646][T15100]  ? __pfx____ratelimit+0x10/0x10
[  286.508672][T15100]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.508689][T15100]  ? __pfx__printk+0x10/0x10
[  286.508708][T15100]  ? __might_fault+0xb0/0x130
[  286.508746][T15100]  should_fail_ex+0x414/0x560
[  286.508778][T15100]  _copy_from_user+0x2d/0xb0
[  286.508801][T15100]  rfcomm_dev_ioctl+0x251/0x1d20
[  286.508830][T15100]  ? kasan_quarantine_put+0xdd/0x220
[  286.508855][T15100]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  286.508883][T15100]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  286.508904][T15100]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  286.508931][T15100]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  286.508961][T15100]  sock_do_ioctl+0xd9/0x300
[  286.508987][T15100]  ? __pfx_sock_do_ioctl+0x10/0x10
[  286.509003][T15100]  ? __lock_acquire+0xab9/0xd20
[  286.509040][T15100]  sock_ioctl+0x576/0x790
[  286.509060][T15100]  ? __pfx_sock_ioctl+0x10/0x10
[  286.509078][T15100]  ? __fget_files+0x2a/0x420
[  286.509094][T15100]  ? __fget_files+0x3a0/0x420
[  286.509110][T15100]  ? __fget_files+0x2a/0x420
[  286.509129][T15100]  ? bpf_lsm_file_ioctl+0x9/0x20
[  286.509151][T15100]  ? __pfx_sock_ioctl+0x10/0x10
[  286.509170][T15100]  __se_sys_ioctl+0xf9/0x170
[  286.509193][T15100]  do_syscall_64+0xfa/0x3b0
[  286.509214][T15100]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.509234][T15100]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.509248][T15100]  ? clear_bhb_loop+0x60/0xb0
[  286.509265][T15100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.509279][T15100] RIP: 0033:0x7f8fcbb8ebe9
[  286.509294][T15100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.509307][T15100] RSP: 002b:00007f8fcca33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  286.509326][T15100] RAX: ffffffffffffffda RBX: 00007f8fcbdb5fa0 RCX: 00007f8fcbb8ebe9
[  286.509337][T15100] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  286.509347][T15100] RBP: 00007f8fcca33090 R08: 0000000000000000 R09: 0000000000000000
[  286.509356][T15100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.509365][T15100] R13: 00007f8fcbdb6038 R14: 00007f8fcbdb5fa0 R15: 00007ffce757cc28
[  286.509397][T15100]  </TASK>
[  286.765309][T15101] netlink: 'syz.4.2846': attribute type 1 has an invalid length.
[  286.916171][T15102] bond8: (slave gretap2): making interface the new active one
[  286.934838][T15102] bond8: (slave gretap2): Enslaving as an active interface with an up link
[  286.969599][T15107] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  286.988508][T15107] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  286.997160][T15107] gretap1: entered promiscuous mode
[  287.003302][T15107] gretap1: entered allmulticast mode
[  287.010971][T15114] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2851'.
[  287.028844][T15114] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2851'.
[  287.038230][T15114] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check.
[  287.116200][T15117] netlink: 'syz.1.2853': attribute type 7 has an invalid length.
[  287.145104][T15117] netlink: 'syz.1.2853': attribute type 8 has an invalid length.
[  287.336772][T15143] FAULT_INJECTION: forcing a failure.
[  287.336772][T15143] name failslab, interval 1, probability 0, space 0, times 0
[  287.356758][T15143] CPU: 1 UID: 0 PID: 15143 Comm: syz.1.2859 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  287.356788][T15143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  287.356800][T15143] Call Trace:
[  287.356808][T15143]  <TASK>
[  287.356816][T15143]  dump_stack_lvl+0x189/0x250
[  287.356840][T15143]  ? __pfx____ratelimit+0x10/0x10
[  287.356867][T15143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.356885][T15143]  ? __pfx__printk+0x10/0x10
[  287.356914][T15143]  ? __pfx___might_resched+0x10/0x10
[  287.356938][T15143]  ? fs_reclaim_acquire+0x7d/0x100
[  287.356965][T15143]  should_fail_ex+0x414/0x560
[  287.356999][T15143]  should_failslab+0xa8/0x100
[  287.357018][T15143]  __kmalloc_cache_noprof+0x70/0x3d0
[  287.357043][T15143]  ? rfcomm_dlc_alloc+0x75/0x410
[  287.357070][T15143]  rfcomm_dlc_alloc+0x75/0x410
[  287.357093][T15143]  rfcomm_dev_ioctl+0xd95/0x1d20
[  287.357122][T15143]  ? kasan_quarantine_put+0xdd/0x220
[  287.357150][T15143]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  287.357179][T15143]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  287.357203][T15143]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  287.357233][T15143]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  287.357265][T15143]  sock_do_ioctl+0xd9/0x300
[  287.357298][T15143]  ? __pfx_sock_do_ioctl+0x10/0x10
[  287.357317][T15143]  ? __lock_acquire+0xab9/0xd20
[  287.357360][T15143]  sock_ioctl+0x576/0x790
[  287.357384][T15143]  ? __pfx_sock_ioctl+0x10/0x10
[  287.357405][T15143]  ? __fget_files+0x2a/0x420
[  287.357422][T15143]  ? __fget_files+0x3a0/0x420
[  287.357444][T15143]  ? __fget_files+0x2a/0x420
[  287.357465][T15143]  ? bpf_lsm_file_ioctl+0x9/0x20
[  287.357488][T15143]  ? __pfx_sock_ioctl+0x10/0x10
[  287.357509][T15143]  __se_sys_ioctl+0xf9/0x170
[  287.357535][T15143]  do_syscall_64+0xfa/0x3b0
[  287.357558][T15143]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.357581][T15143]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.357599][T15143]  ? clear_bhb_loop+0x60/0xb0
[  287.357622][T15143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.357639][T15143] RIP: 0033:0x7f01b6f8ebe9
[  287.357656][T15143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.357672][T15143] RSP: 002b:00007f01b7ed0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  287.357693][T15143] RAX: ffffffffffffffda RBX: 00007f01b71b5fa0 RCX: 00007f01b6f8ebe9
[  287.357707][T15143] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  287.357719][T15143] RBP: 00007f01b7ed0090 R08: 0000000000000000 R09: 0000000000000000
[  287.357730][T15143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.357741][T15143] R13: 00007f01b71b6038 R14: 00007f01b71b5fa0 R15: 00007fff009a9e48
[  287.357773][T15143]  </TASK>
[  287.692717][T15145] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  287.834605][T15158] __nla_validate_parse: 2 callbacks suppressed
[  287.834624][T15158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2864'.
[  287.923432][T15156] netlink: 'syz.3.2865': attribute type 1 has an invalid length.
[  287.958408][T15158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2864'.
[  287.968964][T15169] netlink: 344 bytes leftover after parsing attributes in process `syz.1.2871'.
[  288.012534][T15178] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2864'.
[  288.081280][T15172] bond6: (slave bridge6): making interface the new active one
[  288.090159][T15172] bond6: (slave bridge6): Enslaving as an active interface with an up link
[  288.103449][T15158] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52)
[  288.203890][T15181] FAULT_INJECTION: forcing a failure.
[  288.203890][T15181] name failslab, interval 1, probability 0, space 0, times 0
[  288.216993][T15181] CPU: 1 UID: 0 PID: 15181 Comm: syz.3.2874 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  288.217024][T15181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  288.217035][T15181] Call Trace:
[  288.217044][T15181]  <TASK>
[  288.217052][T15181]  dump_stack_lvl+0x189/0x250
[  288.217079][T15181]  ? __pfx____ratelimit+0x10/0x10
[  288.217105][T15181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.217122][T15181]  ? __pfx__printk+0x10/0x10
[  288.217151][T15181]  ? __pfx___might_resched+0x10/0x10
[  288.217175][T15181]  ? fs_reclaim_acquire+0x7d/0x100
[  288.217201][T15181]  should_fail_ex+0x414/0x560
[  288.217233][T15181]  should_failslab+0xa8/0x100
[  288.217253][T15181]  __kmalloc_cache_noprof+0x70/0x3d0
[  288.217278][T15181]  ? rfcomm_dev_ioctl+0xa7a/0x1d20
[  288.217309][T15181]  rfcomm_dev_ioctl+0xa7a/0x1d20
[  288.217337][T15181]  ? kasan_quarantine_put+0xdd/0x220
[  288.217370][T15181]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  288.217398][T15181]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  288.217421][T15181]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  288.217446][T15181]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  288.217473][T15181]  sock_do_ioctl+0xd9/0x300
[  288.217498][T15181]  ? __pfx_sock_do_ioctl+0x10/0x10
[  288.217515][T15181]  ? __lock_acquire+0xab9/0xd20
[  288.217549][T15181]  sock_ioctl+0x576/0x790
[  288.217569][T15181]  ? __pfx_sock_ioctl+0x10/0x10
[  288.217587][T15181]  ? __fget_files+0x2a/0x420
[  288.217602][T15181]  ? __fget_files+0x3a0/0x420
[  288.217617][T15181]  ? __fget_files+0x2a/0x420
[  288.217637][T15181]  ? bpf_lsm_file_ioctl+0x9/0x20
[  288.217658][T15181]  ? __pfx_sock_ioctl+0x10/0x10
[  288.217679][T15181]  __se_sys_ioctl+0xf9/0x170
[  288.217703][T15181]  do_syscall_64+0xfa/0x3b0
[  288.217724][T15181]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.217745][T15181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.217759][T15181]  ? clear_bhb_loop+0x60/0xb0
[  288.217778][T15181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.217793][T15181] RIP: 0033:0x7f8fcbb8ebe9
[  288.217810][T15181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.217824][T15181] RSP: 002b:00007f8fcca33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.217846][T15181] RAX: ffffffffffffffda RBX: 00007f8fcbdb5fa0 RCX: 00007f8fcbb8ebe9
[  288.217860][T15181] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  288.217872][T15181] RBP: 00007f8fcca33090 R08: 0000000000000000 R09: 0000000000000000
[  288.217883][T15181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.217894][T15181] R13: 00007f8fcbdb6038 R14: 00007f8fcbdb5fa0 R15: 00007ffce757cc28
[  288.217925][T15181]  </TASK>
[  288.622416][T15189] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2875'.
[  288.629387][T15196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2878'.
[  288.646278][T15189] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2875'.
[  288.648892][T15197] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2879'.
[  288.667500][T15189] validate_nla: 1 callbacks suppressed
[  288.667524][T15189] netlink: 'syz.4.2875': attribute type 7 has an invalid length.
[  288.683534][T15198] netlink: 'syz.1.2879': attribute type 1 has an invalid length.
[  288.692028][T15198] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2879'.
[  288.758452][T15204] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  288.959684][T15219] FAULT_INJECTION: forcing a failure.
[  288.959684][T15219] name failslab, interval 1, probability 0, space 0, times 0
[  288.992616][T15219] CPU: 0 UID: 0 PID: 15219 Comm: syz.0.2887 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  288.992649][T15219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  288.992661][T15219] Call Trace:
[  288.992670][T15219]  <TASK>
[  288.992678][T15219]  dump_stack_lvl+0x189/0x250
[  288.992705][T15219]  ? __pfx____ratelimit+0x10/0x10
[  288.992730][T15219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.992749][T15219]  ? __pfx__printk+0x10/0x10
[  288.992777][T15219]  ? __pfx___might_resched+0x10/0x10
[  288.992801][T15219]  ? fs_reclaim_acquire+0x7d/0x100
[  288.992827][T15219]  should_fail_ex+0x414/0x560
[  288.992860][T15219]  should_failslab+0xa8/0x100
[  288.992880][T15219]  __kmalloc_cache_noprof+0x70/0x3d0
[  288.992906][T15219]  ? tty_register_device_attr+0x2d2/0x8f0
[  288.992933][T15219]  tty_register_device_attr+0x2d2/0x8f0
[  288.992961][T15219]  ? __pfx_tty_register_device_attr+0x10/0x10
[  288.992994][T15219]  ? tty_port_register_device+0x5a/0x100
[  288.993019][T15219]  rfcomm_dev_ioctl+0x176d/0x1d20
[  288.993056][T15219]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  288.993085][T15219]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  288.993107][T15219]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  288.993148][T15219]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  288.993177][T15219]  sock_do_ioctl+0xd9/0x300
[  288.993203][T15219]  ? __pfx_sock_do_ioctl+0x10/0x10
[  288.993220][T15219]  ? __lock_acquire+0xab9/0xd20
[  288.993261][T15219]  sock_ioctl+0x576/0x790
[  288.993285][T15219]  ? __pfx_sock_ioctl+0x10/0x10
[  288.993313][T15219]  ? __fget_files+0x2a/0x420
[  288.993329][T15219]  ? __fget_files+0x3a0/0x420
[  288.993345][T15219]  ? __fget_files+0x2a/0x420
[  288.993365][T15219]  ? bpf_lsm_file_ioctl+0x9/0x20
[  288.993388][T15219]  ? __pfx_sock_ioctl+0x10/0x10
[  288.993407][T15219]  __se_sys_ioctl+0xf9/0x170
[  288.993431][T15219]  do_syscall_64+0xfa/0x3b0
[  288.993456][T15219]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.993479][T15219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.993497][T15219]  ? clear_bhb_loop+0x60/0xb0
[  288.993520][T15219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.993537][T15219] RIP: 0033:0x7f216478ebe9
[  288.993555][T15219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.993571][T15219] RSP: 002b:00007f21629f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.993594][T15219] RAX: ffffffffffffffda RBX: 00007f21649b5fa0 RCX: 00007f216478ebe9
[  288.993607][T15219] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  288.993619][T15219] RBP: 00007f21629f6090 R08: 0000000000000000 R09: 0000000000000000
[  288.993630][T15219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.993641][T15219] R13: 00007f21649b6038 R14: 00007f21649b5fa0 R15: 00007ffefe9d1b78
[  288.993673][T15219]  </TASK>
[  288.997969][T15223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2885'.
[  289.539031][T15229] veth0_virt_wifi: renamed from veth0_vlan
[  289.753160][T15257] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  289.821547][T15263] FAULT_INJECTION: forcing a failure.
[  289.821547][T15263] name failslab, interval 1, probability 0, space 0, times 0
[  289.870874][T15263] CPU: 0 UID: 0 PID: 15263 Comm: syz.1.2901 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  289.870905][T15263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  289.870916][T15263] Call Trace:
[  289.870923][T15263]  <TASK>
[  289.870931][T15263]  dump_stack_lvl+0x189/0x250
[  289.870958][T15263]  ? __pfx____ratelimit+0x10/0x10
[  289.870983][T15263]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.871000][T15263]  ? __pfx__printk+0x10/0x10
[  289.871023][T15263]  ? __pfx___might_resched+0x10/0x10
[  289.871053][T15263]  ? fs_reclaim_acquire+0x7d/0x100
[  289.871075][T15263]  should_fail_ex+0x414/0x560
[  289.871104][T15263]  should_failslab+0xa8/0x100
[  289.871121][T15263]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  289.871146][T15263]  ? kobject_set_name_vargs+0x61/0x110
[  289.871173][T15263]  kstrdup+0x42/0x100
[  289.871193][T15263]  kobject_set_name_vargs+0x61/0x110
[  289.871219][T15263]  dev_set_name+0xd4/0x120
[  289.871242][T15263]  ? __pfx_dev_set_name+0x10/0x10
[  289.871267][T15263]  ? __kasan_kmalloc+0x93/0xb0
[  289.871292][T15263]  ? tty_register_device_attr+0x2d2/0x8f0
[  289.871318][T15263]  tty_register_device_attr+0x38f/0x8f0
[  289.871348][T15263]  ? __pfx_tty_register_device_attr+0x10/0x10
[  289.871382][T15263]  ? tty_port_register_device+0x5a/0x100
[  289.871407][T15263]  rfcomm_dev_ioctl+0x176d/0x1d20
[  289.871445][T15263]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  289.871471][T15263]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  289.871494][T15263]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  289.871518][T15263]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  289.871544][T15263]  sock_do_ioctl+0xd9/0x300
[  289.871569][T15263]  ? __pfx_sock_do_ioctl+0x10/0x10
[  289.871584][T15263]  ? __lock_acquire+0xab9/0xd20
[  289.871622][T15263]  sock_ioctl+0x576/0x790
[  289.871644][T15263]  ? __pfx_sock_ioctl+0x10/0x10
[  289.871664][T15263]  ? __fget_files+0x2a/0x420
[  289.871678][T15263]  ? __fget_files+0x3a0/0x420
[  289.871692][T15263]  ? __fget_files+0x2a/0x420
[  289.871711][T15263]  ? bpf_lsm_file_ioctl+0x9/0x20
[  289.871732][T15263]  ? __pfx_sock_ioctl+0x10/0x10
[  289.871750][T15263]  __se_sys_ioctl+0xf9/0x170
[  289.871778][T15263]  do_syscall_64+0xfa/0x3b0
[  289.871801][T15263]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.871823][T15263]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.871840][T15263]  ? clear_bhb_loop+0x60/0xb0
[  289.871861][T15263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.871876][T15263] RIP: 0033:0x7f01b6f8ebe9
[  289.871893][T15263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.871907][T15263] RSP: 002b:00007f01b7ed0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  289.871928][T15263] RAX: ffffffffffffffda RBX: 00007f01b71b5fa0 RCX: 00007f01b6f8ebe9
[  289.871939][T15263] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  289.871950][T15263] RBP: 00007f01b7ed0090 R08: 0000000000000000 R09: 0000000000000000
[  289.871961][T15263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.871970][T15263] R13: 00007f01b71b6038 R14: 00007f01b71b5fa0 R15: 00007fff009a9e48
[  289.872001][T15263]  </TASK>
[  290.422782][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  290.434495][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  290.444555][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  290.457018][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  290.466396][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  290.562459][T15283] FAULT_INJECTION: forcing a failure.
[  290.562459][T15283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.578755][T15283] CPU: 1 UID: 0 PID: 15283 Comm: syz.1.2907 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  290.578784][T15283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  290.578795][T15283] Call Trace:
[  290.578803][T15283]  <TASK>
[  290.578811][T15283]  dump_stack_lvl+0x189/0x250
[  290.578836][T15283]  ? __pfx____ratelimit+0x10/0x10
[  290.578862][T15283]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.578881][T15283]  ? __pfx__printk+0x10/0x10
[  290.578934][T15283]  should_fail_ex+0x414/0x560
[  290.578967][T15283]  _copy_to_user+0x31/0xb0
[  290.578994][T15283]  simple_read_from_buffer+0xe1/0x170
[  290.579027][T15283]  proc_fail_nth_read+0x1b3/0x220
[  290.579053][T15283]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.579078][T15283]  ? rw_verify_area+0x258/0x650
[  290.579102][T15283]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.579124][T15283]  vfs_read+0x1fd/0x980
[  290.579146][T15283]  ? fdget_pos+0x247/0x320
[  290.579169][T15283]  ? __pfx___mutex_lock+0x10/0x10
[  290.579195][T15283]  ? __pfx_vfs_read+0x10/0x10
[  290.579220][T15283]  ? __fget_files+0x2a/0x420
[  290.579242][T15283]  ? __fget_files+0x3a0/0x420
[  290.579258][T15283]  ? __fget_files+0x2a/0x420
[  290.579291][T15283]  ksys_read+0x145/0x250
[  290.579317][T15283]  ? __pfx_ksys_read+0x10/0x10
[  290.579337][T15283]  ? rcu_is_watching+0x15/0xb0
[  290.579369][T15283]  ? do_syscall_64+0xbe/0x3b0
[  290.579398][T15283]  do_syscall_64+0xfa/0x3b0
[  290.579420][T15283]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.579443][T15283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.579461][T15283]  ? clear_bhb_loop+0x60/0xb0
[  290.579484][T15283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.579501][T15283] RIP: 0033:0x7f01b6f8d5fc
[  290.579518][T15283] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  290.579533][T15283] RSP: 002b:00007f01b7ed0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  290.579555][T15283] RAX: ffffffffffffffda RBX: 00007f01b71b5fa0 RCX: 00007f01b6f8d5fc
[  290.579568][T15283] RDX: 000000000000000f RSI: 00007f01b7ed00a0 RDI: 0000000000000004
[  290.579579][T15283] RBP: 00007f01b7ed0090 R08: 0000000000000000 R09: 0000000000000000
[  290.579589][T15283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.579600][T15283] R13: 00007f01b71b6038 R14: 00007f01b71b5fa0 R15: 00007fff009a9e48
[  290.579631][T15283]  </TASK>
[  290.863859][T15287] bond0: Error: Cannot enslave bond to itself.
[  290.906066][T15272]  speed is unknown, defaulting to 1000
[  290.919627][T15272] lo speed is unknown, defaulting to 1000
[  290.924239][T15291] smc: net device bond0 applied user defined pnetid SYZ2
[  290.952905][T15293] IPVS: set_ctl: invalid protocol: 135 172.20.20.49:20003
[  290.963692][T15291] smc: net device bond0 erased user defined pnetid SYZ2
[  291.203620][T15305] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  291.583107][T12071] veth0_to_bridge: left allmulticast mode
[  291.609928][T12071] veth0_to_bridge: left promiscuous mode
[  291.623395][T12071] bridge0: port 1(veth0_to_bridge) entered disabled state
[  291.709805][T15328] netlink: 'syz.4.2918': attribute type 4 has an invalid length.
[  292.203347][T12071] bond6 (unregistering): (slave bridge6): Releasing active interface
[  292.349509][T12071] bond0 (unregistering): Released all slaves
[  292.364835][T12071] bond1 (unregistering): Released all slaves
[  292.384401][T12071] bond2 (unregistering): Released all slaves
[  292.405743][T12071] bond3 (unregistering): Released all slaves
[  292.525498][T12071] bond4 (unregistering): Released all slaves
[  292.539334][T12071] bond5 (unregistering): Released all slaves
[  292.552002][ T5858] Bluetooth: hci3: command tx timeout
[  292.554976][T12071] bond6 (unregistering): Released all slaves
[  292.903602][T15343] FAULT_INJECTION: forcing a failure.
[  292.903602][T15343] name failslab, interval 1, probability 0, space 0, times 0
[  292.943648][T15343] CPU: 1 UID: 0 PID: 15343 Comm: syz.4.2926 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  292.943679][T15343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  292.943690][T15343] Call Trace:
[  292.943698][T15343]  <TASK>
[  292.943707][T15343]  dump_stack_lvl+0x189/0x250
[  292.943732][T15343]  ? __pfx____ratelimit+0x10/0x10
[  292.943758][T15343]  ? __pfx_dump_stack_lvl+0x10/0x10
[  292.943777][T15343]  ? __pfx__printk+0x10/0x10
[  292.943802][T15343]  ? __pfx___might_resched+0x10/0x10
[  292.943827][T15343]  ? fs_reclaim_acquire+0x7d/0x100
[  292.943852][T15343]  should_fail_ex+0x414/0x560
[  292.943885][T15343]  should_failslab+0xa8/0x100
[  292.943904][T15343]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  292.943942][T15343]  ? __kernfs_new_node+0x9c/0x7e0
[  292.943962][T15343]  ? is_bpf_text_address+0x292/0x2b0
[  292.943992][T15343]  kstrdup+0x42/0x100
[  292.944015][T15343]  __kernfs_new_node+0x9c/0x7e0
[  292.944036][T15343]  ? __lock_acquire+0xab9/0xd20
[  292.944067][T15343]  ? __pfx___kernfs_new_node+0x10/0x10
[  292.944089][T15343]  ? kernfs_root+0x1c/0x230
[  292.944116][T15343]  ? kernfs_root+0x1c/0x230
[  292.944134][T15343]  ? kernfs_root+0x1c/0x230
[  292.944151][T15343]  ? kernfs_root+0x1c/0x230
[  292.944176][T15343]  kernfs_new_node+0x102/0x210
[  292.944202][T15343]  kernfs_create_dir_ns+0x44/0x130
[  292.944228][T15343]  sysfs_create_dir_ns+0x123/0x280
[  292.944253][T15343]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  292.944275][T15343]  ? do_raw_spin_unlock+0x122/0x240
[  292.944299][T15343]  kobject_add_internal+0x59f/0xb40
[  292.944326][T15343]  kobject_add+0x155/0x220
[  292.944358][T15343]  ? __pfx_kobject_add+0x10/0x10
[  292.944382][T15343]  ? do_raw_spin_unlock+0x122/0x240
[  292.944406][T15343]  ? get_device_parent+0x366/0x3a0
[  292.944433][T15343]  device_add+0x408/0xb50
[  292.944459][T15343]  tty_register_device_attr+0x3fe/0x8f0
[  292.944488][T15343]  ? __pfx_tty_register_device_attr+0x10/0x10
[  292.944522][T15343]  ? tty_port_register_device+0x5a/0x100
[  292.944547][T15343]  rfcomm_dev_ioctl+0x176d/0x1d20
[  292.944586][T15343]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  292.944614][T15343]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  292.944638][T15343]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  292.944668][T15343]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  292.944699][T15343]  sock_do_ioctl+0xd9/0x300
[  292.944725][T15343]  ? __pfx_sock_do_ioctl+0x10/0x10
[  292.944743][T15343]  ? __lock_acquire+0xab9/0xd20
[  292.944784][T15343]  sock_ioctl+0x576/0x790
[  292.944807][T15343]  ? __pfx_sock_ioctl+0x10/0x10
[  292.944829][T15343]  ? __fget_files+0x2a/0x420
[  292.944845][T15343]  ? __fget_files+0x3a0/0x420
[  292.944861][T15343]  ? __fget_files+0x2a/0x420
[  292.944881][T15343]  ? bpf_lsm_file_ioctl+0x9/0x20
[  292.944904][T15343]  ? __pfx_sock_ioctl+0x10/0x10
[  292.944928][T15343]  __se_sys_ioctl+0xf9/0x170
[  292.944953][T15343]  do_syscall_64+0xfa/0x3b0
[  292.944976][T15343]  ? lockdep_hardirqs_on+0x9c/0x150
[  292.944999][T15343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.945016][T15343]  ? clear_bhb_loop+0x60/0xb0
[  292.945037][T15343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.945054][T15343] RIP: 0033:0x7f6e3eb8ebe9
[  292.945072][T15343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  292.945088][T15343] RSP: 002b:00007f6e3fa68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  292.945111][T15343] RAX: ffffffffffffffda RBX: 00007f6e3edb5fa0 RCX: 00007f6e3eb8ebe9
[  292.945124][T15343] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  292.945136][T15343] RBP: 00007f6e3fa68090 R08: 0000000000000000 R09: 0000000000000000
[  292.945146][T15343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  292.945157][T15343] R13: 00007f6e3edb6038 R14: 00007f6e3edb5fa0 R15: 00007ffdb2777418
[  292.945188][T15343]  </TASK>
[  292.945200][T15343] kobject: kobject_add_internal failed for rfcomm12 (error: -12 parent: tty)
[  292.946249][T12071] tipc: Left network mode
[  293.035795][T15272] chnl_net:caif_netlink_parms(): no params data found
[  293.108233][T15353] netlink: 'syz.1.2925': attribute type 1 has an invalid length.
[  293.231345][T15356] __nla_validate_parse: 6 callbacks suppressed
[  293.231365][T15356] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2925'.
[  293.636594][T15272] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.644119][T15272] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.661533][T15272] bridge_slave_0: entered allmulticast mode
[  293.669713][T15272] bridge_slave_0: entered promiscuous mode
[  293.732433][T15272] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.739881][T15272] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.747734][T15272] bridge_slave_1: entered allmulticast mode
[  293.757666][T15272] bridge_slave_1: entered promiscuous mode
[  293.807528][T15377] geneve4: entered promiscuous mode
[  293.813339][T15377] geneve4: entered allmulticast mode
[  293.880105][T15383] ip6gre1: entered allmulticast mode
[  293.948529][ T2952] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 19999 - 0
[  294.059389][T15272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  294.089209][ T2952] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 19999 - 0
[  294.103492][ T2952] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 19999 - 0
[  294.133317][T15272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  294.136441][T15403] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  294.316624][T12071] hsr_slave_0: left promiscuous mode
[  294.328986][T12071] hsr_slave_1: left promiscuous mode
[  294.641068][ T5858] Bluetooth: hci3: command tx timeout
[  295.194477][T15413] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2942'.
[  295.465441][T15272] team0: Port device team_slave_0 added
[  295.513730][T15272] team0: Port device team_slave_1 added
[  295.658085][T15272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  295.665615][T15272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.699535][T15272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.716751][T15272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.739501][T15272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.749029][T15424] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2947'.
[  295.767777][T15272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  295.791874][T15422] FAULT_INJECTION: forcing a failure.
[  295.791874][T15422] name failslab, interval 1, probability 0, space 0, times 0
[  295.797136][T15426] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2945'.
[  295.810947][T15422] CPU: 0 UID: 0 PID: 15422 Comm: syz.2.2946 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  295.810978][T15422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  295.810988][T15422] Call Trace:
[  295.810996][T15422]  <TASK>
[  295.811004][T15422]  dump_stack_lvl+0x189/0x250
[  295.811030][T15422]  ? __pfx____ratelimit+0x10/0x10
[  295.811057][T15422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.811075][T15422]  ? __pfx__printk+0x10/0x10
[  295.811103][T15422]  ? __pfx___might_resched+0x10/0x10
[  295.811128][T15422]  ? fs_reclaim_acquire+0x7d/0x100
[  295.811154][T15422]  should_fail_ex+0x414/0x560
[  295.811187][T15422]  should_failslab+0xa8/0x100
[  295.811207][T15422]  kmem_cache_alloc_noprof+0x73/0x3c0
[  295.811232][T15422]  ? __kernfs_new_node+0xd7/0x7e0
[  295.811260][T15422]  __kernfs_new_node+0xd7/0x7e0
[  295.811278][T15422]  ? __lock_acquire+0xab9/0xd20
[  295.811312][T15422]  ? __pfx___kernfs_new_node+0x10/0x10
[  295.811333][T15422]  ? kernfs_root+0x1c/0x230
[  295.811359][T15422]  ? kernfs_root+0x1c/0x230
[  295.811377][T15422]  ? kernfs_root+0x1c/0x230
[  295.811394][T15422]  ? kernfs_root+0x1c/0x230
[  295.811418][T15422]  kernfs_new_node+0x102/0x210
[  295.811443][T15422]  __kernfs_create_file+0x4b/0x2e0
[  295.811470][T15422]  sysfs_add_file_mode_ns+0x238/0x300
[  295.811496][T15422]  sysfs_create_file_ns+0x128/0x1a0
[  295.811513][T15422]  ? __pfx___up_read+0x10/0x10
[  295.811538][T15422]  ? __pfx_sysfs_create_file_ns+0x10/0x10
[  295.811560][T15422]  ? __dev_fwnode+0x50/0x80
[  295.811580][T15422]  ? device_create_file+0xf4/0x1c0
[  295.811602][T15422]  device_add+0x440/0xb50
[  295.811627][T15422]  tty_register_device_attr+0x3fe/0x8f0
[  295.811657][T15422]  ? __pfx_tty_register_device_attr+0x10/0x10
[  295.811689][T15422]  ? tty_port_register_device+0x5a/0x100
[  295.811714][T15422]  rfcomm_dev_ioctl+0x176d/0x1d20
[  295.811752][T15422]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  295.811784][T15422]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  295.811807][T15422]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  295.811837][T15422]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  295.811868][T15422]  sock_do_ioctl+0xd9/0x300
[  295.811895][T15422]  ? __pfx_sock_do_ioctl+0x10/0x10
[  295.811912][T15422]  ? __lock_acquire+0xab9/0xd20
[  295.811950][T15422]  sock_ioctl+0x576/0x790
[  295.811973][T15422]  ? __pfx_sock_ioctl+0x10/0x10
[  295.811993][T15422]  ? __fget_files+0x2a/0x420
[  295.812009][T15422]  ? __fget_files+0x3a0/0x420
[  295.812024][T15422]  ? __fget_files+0x2a/0x420
[  295.812044][T15422]  ? bpf_lsm_file_ioctl+0x9/0x20
[  295.812066][T15422]  ? __pfx_sock_ioctl+0x10/0x10
[  295.812086][T15422]  __se_sys_ioctl+0xf9/0x170
[  295.812110][T15422]  do_syscall_64+0xfa/0x3b0
[  295.812133][T15422]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.812156][T15422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.812173][T15422]  ? clear_bhb_loop+0x60/0xb0
[  295.812195][T15422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.812211][T15422] RIP: 0033:0x7f2a18d8ebe9
[  295.812227][T15422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.812242][T15422] RSP: 002b:00007f2a19b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  295.812267][T15422] RAX: ffffffffffffffda RBX: 00007f2a18fb5fa0 RCX: 00007f2a18d8ebe9
[  295.812280][T15422] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  295.812292][T15422] RBP: 00007f2a19b20090 R08: 0000000000000000 R09: 0000000000000000
[  295.812303][T15422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  295.812313][T15422] R13: 00007f2a18fb6038 R14: 00007f2a18fb5fa0 R15: 00007ffc552028b8
[  295.812344][T15422]  </TASK>
[  296.224543][T15379] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  296.320860][T15272] hsr_slave_0: entered promiscuous mode
[  296.328104][T15272] hsr_slave_1: entered promiscuous mode
[  296.342398][T15272] debugfs: 'hsr0' already exists in 'hsr'
[  296.348619][T15272] Cannot create hsr debugfs directory
[  296.378455][T12071] IPVS: stop unused estimator thread 0...
[  296.415077][T15379] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  296.582708][T15379] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  296.642652][T15448] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  296.724487][ T5858] Bluetooth: hci3: command tx timeout
[  296.820461][ T1313] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 19999 - 0
[  296.896446][ T1313] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 19999 - 0
[  296.969116][ T1002] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 19999 - 0
[  297.024992][   T13] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 19999 - 0
[  297.204263][T15478] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2962'.
[  297.356807][T15489] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2965'.
[  297.423071][T15489] xfrm2: entered promiscuous mode
[  297.428169][T15489] xfrm2: entered allmulticast mode
[  297.458107][T15489] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2965'.
[  297.763610][T15272] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  297.778611][T15272] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  297.803846][T15272] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  297.819160][T15272] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  298.297338][T15524] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2975'.
[  298.647843][T15536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2976'.
[  298.699565][T15536] hsr_slave_0 (unregistering): left promiscuous mode
[  298.801749][ T5858] Bluetooth: hci3: command tx timeout
[  298.829104][T15272] 8021q: adding VLAN 0 to HW filter on device bond0
[  298.905896][T15272] 8021q: adding VLAN 0 to HW filter on device team0
[  298.957055][ T2952] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.964148][T15522] delete_channel: no stack
[  298.964503][ T2952] bridge0: port 1(bridge_slave_0) entered forwarding state
[  298.979838][T15554] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2983'.
[  299.012517][ T2952] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.019736][ T2952] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.191368][T15570] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  299.319865][T15581] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2989'.
[  299.457526][T15588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2990'.
[  299.525190][T15272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.607471][T15272] veth0_vlan: entered promiscuous mode
[  299.635205][T15272] veth1_vlan: entered promiscuous mode
[  299.677476][T15272] veth0_macvtap: entered promiscuous mode
[  299.688060][T15272] veth1_macvtap: entered promiscuous mode
[  299.707215][T15272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  299.729382][T15272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  299.746115][ T1002] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  299.760561][ T1002] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  299.773773][ T1002] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  299.783778][ T1002] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  299.835085][T15568] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2987'.
[  299.952293][ T1313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  299.982634][ T1313] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.109894][ T1313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.136418][ T1313] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.191572][T15616] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  300.210726][T15609] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  300.237387][T15607] syzkaller0: entered promiscuous mode
[  300.243957][T15607] syzkaller0: entered allmulticast mode
[  300.258865][T15609] netlink: 'syz.1.2997': attribute type 21 has an invalid length.
[  300.267904][T15616] netlink: 'syz.1.2997': attribute type 21 has an invalid length.
[  300.285714][T15609] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2997'.
[  300.321860][T15616] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2997'.
[  300.385657][T15622] netlink: 'syz.4.2999': attribute type 7 has an invalid length.
[  302.001748][T15609] netlink: 'syz.1.2997': attribute type 4 has an invalid length.
[  302.009554][T15609] netlink: 'syz.1.2997': attribute type 5 has an invalid length.
[  302.018554][T15609] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2997'.
[  302.028041][T15616] netlink: 'syz.1.2997': attribute type 4 has an invalid length.
[  302.037102][T15616] netlink: 'syz.1.2997': attribute type 5 has an invalid length.
[  302.045907][T15616] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2997'.
[  302.069143][T15622] : entered promiscuous mode
[  302.460700][ T5858] Bluetooth: hci4: link tx timeout
[  302.468049][ T5858] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  302.615138][T15655] IPVS: set_ctl: invalid protocol: 2 172.20.20.11:20001
[  302.684924][T15655] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  303.082969][T15655] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue
[  303.129944][T15655] gretap2: entered promiscuous mode
[  303.151054][T15655] gretap2: entered allmulticast mode
[  303.152001][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  303.172511][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  303.204753][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  303.216741][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  303.232547][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  303.302792][T15674] netlink: 'syz.4.3014': attribute type 1 has an invalid length.
[  303.311801][T15674] __nla_validate_parse: 2 callbacks suppressed
[  303.311823][T15674] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3014'.
[  303.398154][T15667]  speed is unknown, defaulting to 1000
[  303.425186][T15674] netlink: 'syz.4.3014': attribute type 1 has an invalid length.
[  303.431672][T15667] lo speed is unknown, defaulting to 1000
[  303.475278][T15674] netlink: 'syz.4.3014': attribute type 2 has an invalid length.
[  303.524174][T15683] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3018'.
[  303.575472][T15687] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3018'.
[  304.015025][T15706] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  304.264876][T15731] syz.4.3028 (15731) used obsolete PPPIOCDETACH ioctl
[  304.286022][T15734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3029'.
[  304.396707][T15741] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3030'.
[  304.551385][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  304.878660][T15667] chnl_net:caif_netlink_parms(): no params data found
[  305.014587][T15771] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[  305.217671][T15786] IPv6: sit1: Disabled Multicast RS
[  305.219990][T15788] netlink: 75 bytes leftover after parsing attributes in process `syz.4.3043'.
[  305.233761][T15786] sit1: entered allmulticast mode
[  305.271386][ T5851] Bluetooth: hci5: command tx timeout
[  305.278890][T15667] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.279729][T15790] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3044'.
[  305.296746][T15667] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.306470][T15667] bridge_slave_0: entered allmulticast mode
[  305.314466][T15667] bridge_slave_0: entered promiscuous mode
[  305.344813][T15667] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.353598][T15667] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.364086][T15667] bridge_slave_1: entered allmulticast mode
[  305.374022][T15667] bridge_slave_1: entered promiscuous mode
[  305.480459][T15798] delete_channel: no stack
[  305.498120][T15796] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3047'.
[  305.500698][T15667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  305.541287][T15796] validate_nla: 1 callbacks suppressed
[  305.541330][T15796] netlink: 'syz.1.3047': attribute type 1 has an invalid length.
[  305.562496][T15667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  305.585081][T15796] netlink: 'syz.1.3047': attribute type 1 has an invalid length.
[  305.619937][T15796] netlink: 'syz.1.3047': attribute type 2 has an invalid length.
[  305.641892][T15796] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3047'.
[  305.721560][T15807] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3051'.
[  305.740453][T15667] team0: Port device team_slave_0 added
[  305.756362][T15667] team0: Port device team_slave_1 added
[  305.819521][T15667] batman_adv: batadv0: Adding interface: batadv_slave_0
[  305.827438][T15667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.857018][T15667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  305.877403][   T13] bond0: left allmulticast mode
[  305.882855][   T13] bond_slave_0: left allmulticast mode
[  305.888382][   T13] geneve1: left allmulticast mode
[  305.894006][   T13] bond0: left promiscuous mode
[  305.898832][   T13] bond_slave_0: left promiscuous mode
[  305.904538][   T13] geneve1: left promiscuous mode
[  305.910480][   T13] bridge0: port 2(bond0) entered disabled state
[  305.923138][   T13] veth0_to_bridge: left allmulticast mode
[  305.929069][   T13] veth0_to_bridge: left promiscuous mode
[  305.935310][   T13] bridge0: port 1(veth0_to_bridge) entered disabled state
[  306.294466][   T13] bond0 (unregistering): (slave geneve1): Releasing backup interface
[  306.748399][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  306.776249][   T13] bond0 (unregistering): Released all slaves
[  306.941348][   T13] bond1 (unregistering): Released all slaves
[  306.957572][   T13] bond2 (unregistering): Released all slaves
[  307.082469][   T13] bond3 (unregistering): Released all slaves
[  307.098569][   T13] bond4 (unregistering): Released all slaves
[  307.221314][   T13] bond5 (unregistering): Released all slaves
[  307.236695][T15667] batman_adv: batadv0: Adding interface: batadv_slave_1
[  307.243899][T15667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.274533][T15667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  307.309404][T15824] netlink: 'syz.3.3053': attribute type 1 has an invalid length.
[  307.354241][ T5851] Bluetooth: hci5: command tx timeout
[  307.361837][   T13] tipc: Left network mode
[  307.495900][T15667] hsr_slave_0: entered promiscuous mode
[  307.506796][T15667] hsr_slave_1: entered promiscuous mode
[  307.514024][T15667] debugfs: 'hsr0' already exists in 'hsr'
[  307.519790][T15667] Cannot create hsr debugfs directory
[  307.526184][T15842] netlink: 'syz.3.3061': attribute type 3 has an invalid length.
[  307.939814][T15863] bond0: entered promiscuous mode
[  307.952655][T15863] bond_slave_0: entered promiscuous mode
[  307.974006][T15863] bond_slave_1: entered promiscuous mode
[  308.030992][T15866] netlink: 'syz.4.3071': attribute type 7 has an invalid length.
[  308.339378][   T13] hsr_slave_0: left promiscuous mode
[  308.370414][   T13] hsr_slave_1: left promiscuous mode
[  309.083254][   T13] team0 (unregistering): Port device team_slave_1 removed
[  309.136336][   T13] team0 (unregistering): Port device team_slave_0 removed
[  309.431213][ T5851] Bluetooth: hci5: command tx timeout
[  309.495707][ T9833] smc: removing ib device syz0
[  309.502267][T15874] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  309.555921][T15885] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  309.672207][T15897] vxcan1: entered allmulticast mode
[  310.249940][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888058619c00: rx timeout, send abort
[  310.253765][T15923] IPVS: wrr: UDP 224.0.0.2:65535 - no destination available
[  310.263330][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888058619c00: 0x0ff02: (3) A timeout occurred and this is the connection abort to close the session.
[  310.330071][T15925] __nla_validate_parse: 1 callbacks suppressed
[  310.330097][T15925] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3085'.
[  310.641456][T15667] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  310.687255][T15941] netlink: 'syz.1.3091': attribute type 1 has an invalid length.
[  310.705270][T15667] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  310.769721][T15667] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  310.787399][T15947] netlink: 'syz.4.3092': attribute type 19 has an invalid length.
[  310.827101][T15667] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  310.858444][T15950] FAULT_INJECTION: forcing a failure.
[  310.858444][T15950] name failslab, interval 1, probability 0, space 0, times 0
[  310.890352][T15950] CPU: 1 UID: 0 PID: 15950 Comm: syz.2.3093 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  310.890389][T15950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  310.890400][T15950] Call Trace:
[  310.890407][T15950]  <TASK>
[  310.890416][T15950]  dump_stack_lvl+0x189/0x250
[  310.890441][T15950]  ? __pfx____ratelimit+0x10/0x10
[  310.890466][T15950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.890485][T15950]  ? __pfx__printk+0x10/0x10
[  310.890513][T15950]  ? __pfx___might_resched+0x10/0x10
[  310.890536][T15950]  ? fs_reclaim_acquire+0x7d/0x100
[  310.890561][T15950]  should_fail_ex+0x414/0x560
[  310.890593][T15950]  should_failslab+0xa8/0x100
[  310.890612][T15950]  kmem_cache_alloc_noprof+0x73/0x3c0
[  310.890635][T15950]  ? __kernfs_new_node+0xd7/0x7e0
[  310.890661][T15950]  __kernfs_new_node+0xd7/0x7e0
[  310.890681][T15950]  ? __lock_acquire+0xab9/0xd20
[  310.890713][T15950]  ? __pfx___kernfs_new_node+0x10/0x10
[  310.890734][T15950]  ? kernfs_root+0x1c/0x230
[  310.890760][T15950]  ? kernfs_root+0x1c/0x230
[  310.890781][T15950]  ? kernfs_root+0x1c/0x230
[  310.890796][T15950]  ? kernfs_root+0x1c/0x230
[  310.890820][T15950]  kernfs_new_node+0x102/0x210
[  310.890847][T15950]  kernfs_create_link+0xa7/0x200
[  310.890875][T15950]  sysfs_do_create_link_sd+0x83/0x110
[  310.890898][T15950]  device_create_sys_dev_entry+0x11a/0x180
[  310.890920][T15950]  ? __pfx_device_create_sys_dev_entry+0x10/0x10
[  310.890943][T15950]  ? device_pm_add+0x67/0x320
[  310.890968][T15950]  ? device_create_file+0xf4/0x1c0
[  310.890991][T15950]  device_add+0x733/0xb50
[  310.891017][T15950]  tty_register_device_attr+0x3fe/0x8f0
[  310.891047][T15950]  ? __pfx_tty_register_device_attr+0x10/0x10
[  310.891082][T15950]  ? tty_port_register_device+0x5a/0x100
[  310.891107][T15950]  rfcomm_dev_ioctl+0x176d/0x1d20
[  310.891145][T15950]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  310.891174][T15950]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  310.891196][T15950]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  310.891227][T15950]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  310.891257][T15950]  sock_do_ioctl+0xd9/0x300
[  310.891282][T15950]  ? __pfx_sock_do_ioctl+0x10/0x10
[  310.891301][T15950]  ? __lock_acquire+0xab9/0xd20
[  310.891339][T15950]  sock_ioctl+0x576/0x790
[  310.891369][T15950]  ? __pfx_sock_ioctl+0x10/0x10
[  310.891390][T15950]  ? __fget_files+0x2a/0x420
[  310.891406][T15950]  ? __fget_files+0x3a0/0x420
[  310.891421][T15950]  ? __fget_files+0x2a/0x420
[  310.891442][T15950]  ? bpf_lsm_file_ioctl+0x9/0x20
[  310.891463][T15950]  ? __pfx_sock_ioctl+0x10/0x10
[  310.891484][T15950]  __se_sys_ioctl+0xf9/0x170
[  310.891508][T15950]  do_syscall_64+0xfa/0x3b0
[  310.891531][T15950]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.891553][T15950]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.891570][T15950]  ? clear_bhb_loop+0x60/0xb0
[  310.891592][T15950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.891609][T15950] RIP: 0033:0x7f2a18d8ebe9
[  310.891626][T15950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.891641][T15950] RSP: 002b:00007f2a19b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  310.891661][T15950] RAX: ffffffffffffffda RBX: 00007f2a18fb5fa0 RCX: 00007f2a18d8ebe9
[  310.891673][T15950] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  310.891684][T15950] RBP: 00007f2a19b20090 R08: 0000000000000000 R09: 0000000000000000
[  310.891695][T15950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  310.891705][T15950] R13: 00007f2a18fb6038 R14: 00007f2a18fb5fa0 R15: 00007ffc552028b8
[  310.891734][T15950]  </TASK>
[  311.521761][ T5851] Bluetooth: hci5: command tx timeout
[  311.552782][T15968] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  311.559931][ T5965] IPVS: starting estimator thread 0...
[  311.617054][T15667] 8021q: adding VLAN 0 to HW filter on device bond0
[  311.652583][T15667] 8021q: adding VLAN 0 to HW filter on device team0
[  311.709712][ T1313] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.711048][T15975] IPVS: using max 28 ests per chain, 67200 per kthread
[  311.717015][ T1313] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.814890][ T1313] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.822175][ T1313] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.859622][T15982] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3100'.
[  312.182097][T15990] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.3104'.
[  312.256496][ T1002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.276779][ T1002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.314445][T15996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  312.364895][T16000] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3105'.
[  312.428601][T16000] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.436466][T16000] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.538512][T16000] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.554805][T16000] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  312.681282][ T1002] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.700904][ T1002] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  312.728740][   T13] IPVS: stop unused estimator thread 0...
[  312.745042][ T1002] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.767744][ T1002] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  312.791107][ T1002] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.800075][ T1002] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  312.821940][ T1002] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.839956][T16006] FAULT_INJECTION: forcing a failure.
[  312.839956][T16006] name failslab, interval 1, probability 0, space 0, times 0
[  312.846892][ T1002] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  312.858163][T16006] CPU: 1 UID: 0 PID: 16006 Comm: syz.3.3106 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  312.858193][T16006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  312.858203][T16006] Call Trace:
[  312.858212][T16006]  <TASK>
[  312.858219][T16006]  dump_stack_lvl+0x189/0x250
[  312.858244][T16006]  ? __pfx____ratelimit+0x10/0x10
[  312.858268][T16006]  ? __pfx_dump_stack_lvl+0x10/0x10
[  312.858286][T16006]  ? __pfx__printk+0x10/0x10
[  312.858313][T16006]  ? __pfx___might_resched+0x10/0x10
[  312.858342][T16006]  should_fail_ex+0x414/0x560
[  312.858372][T16006]  should_failslab+0xa8/0x100
[  312.858391][T16006]  __kmalloc_noprof+0xcb/0x4f0
[  312.858414][T16006]  ? kobj_map+0x76/0x590
[  312.858441][T16006]  kobj_map+0x76/0x590
[  312.858461][T16006]  ? __pfx_exact_match+0x10/0x10
[  312.858476][T16006]  ? __pfx_exact_lock+0x10/0x10
[  312.858499][T16006]  cdev_add+0x8c/0x160
[  312.858517][T16006]  tty_register_device_attr+0x71a/0x8f0
[  312.858546][T16006]  ? __pfx_tty_register_device_attr+0x10/0x10
[  312.858578][T16006]  ? tty_port_register_device+0x5a/0x100
[  312.858602][T16006]  rfcomm_dev_ioctl+0x176d/0x1d20
[  312.858638][T16006]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  312.858665][T16006]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  312.858687][T16006]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  312.858716][T16006]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  312.858745][T16006]  sock_do_ioctl+0xd9/0x300
[  312.858768][T16006]  ? __pfx_sock_do_ioctl+0x10/0x10
[  312.858787][T16006]  ? __lock_acquire+0xab9/0xd20
[  312.858826][T16006]  sock_ioctl+0x576/0x790
[  312.858849][T16006]  ? __pfx_sock_ioctl+0x10/0x10
[  312.858869][T16006]  ? __fget_files+0x2a/0x420
[  312.858884][T16006]  ? __fget_files+0x3a0/0x420
[  312.858900][T16006]  ? __fget_files+0x2a/0x420
[  312.858919][T16006]  ? bpf_lsm_file_ioctl+0x9/0x20
[  312.858941][T16006]  ? __pfx_sock_ioctl+0x10/0x10
[  312.858960][T16006]  __se_sys_ioctl+0xf9/0x170
[  312.858984][T16006]  do_syscall_64+0xfa/0x3b0
[  312.859007][T16006]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.859029][T16006]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.859046][T16006]  ? clear_bhb_loop+0x60/0xb0
[  312.859067][T16006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.859084][T16006] RIP: 0033:0x7f1c1a38ebe9
[  312.859104][T16006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.859124][T16006] RSP: 002b:00007f1c1b271038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  312.859145][T16006] RAX: ffffffffffffffda RBX: 00007f1c1a5b5fa0 RCX: 00007f1c1a38ebe9
[  312.859159][T16006] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  312.859171][T16006] RBP: 00007f1c1b271090 R08: 0000000000000000 R09: 0000000000000000
[  312.859182][T16006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  312.859192][T16006] R13: 00007f1c1a5b6038 R14: 00007f1c1a5b5fa0 R15: 00007ffd0142c558
[  312.859222][T16006]  </TASK>
[  312.964443][T16010] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  313.077303][T15667] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.148406][T16012] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  313.244484][T16015] netlink: 'syz.2.3111': attribute type 75 has an invalid length.
[  313.279487][T15667] veth0_vlan: entered promiscuous mode
[  313.305303][T15667] veth1_vlan: entered promiscuous mode
[  313.366680][T16020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3112'.
[  313.474315][T15667] veth0_macvtap: entered promiscuous mode
[  313.517704][T15667] veth1_macvtap: entered promiscuous mode
[  313.538972][T16030] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3116'.
[  313.588075][   T13] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.720523][   T13] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.769091][T15667] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.797708][   T13] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.813385][   T13] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.847471][T15667] batman_adv: batadv0: Interface activated: batadv_slave_1
[  313.884220][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.897600][T16044] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  313.906120][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.938643][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.962118][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.150251][T16055] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3127'.
[  314.233728][T16055] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  314.255976][T16065] openvswitch: netlink: Flow actions attr not present in new flow.
[  314.276020][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.284626][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.357672][ T1002] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 19999 - 0
[  314.373564][ T1002] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 19999 - 0
[  314.397713][T16070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3130'.
[  314.423102][ T1002] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 19999 - 0
[  314.446348][T16070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3130'.
[  314.470741][T16077] FAULT_INJECTION: forcing a failure.
[  314.470741][T16077] name failslab, interval 1, probability 0, space 0, times 0
[  314.480245][ T1313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.494669][ T1002] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 19999 - 0
[  314.512617][ T1002] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  314.522115][ T1313] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.534397][T16077] CPU: 1 UID: 0 PID: 16077 Comm: syz.4.3132 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  314.534429][T16077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  314.534440][T16077] Call Trace:
[  314.534448][T16077]  <TASK>
[  314.534455][T16077]  dump_stack_lvl+0x189/0x250
[  314.534483][T16077]  ? __pfx____ratelimit+0x10/0x10
[  314.534509][T16077]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.534527][T16077]  ? __pfx__printk+0x10/0x10
[  314.534552][T16077]  ? __pfx___might_resched+0x10/0x10
[  314.534576][T16077]  ? fs_reclaim_acquire+0x7d/0x100
[  314.534599][T16077]  should_fail_ex+0x414/0x560
[  314.534629][T16077]  should_failslab+0xa8/0x100
[  314.534648][T16077]  __kmalloc_noprof+0xcb/0x4f0
[  314.534671][T16077]  ? kobject_get_path+0xc5/0x2d0
[  314.534697][T16077]  kobject_get_path+0xc5/0x2d0
[  314.534724][T16077]  kobject_uevent_env+0x292/0x8c0
[  314.534742][T16077]  ? kobject_get+0x88/0x120
[  314.534769][T16077]  tty_register_device_attr+0x541/0x8f0
[  314.534795][T16077]  ? __pfx_tty_register_device_attr+0x10/0x10
[  314.534824][T16077]  ? tty_port_register_device+0x5a/0x100
[  314.534856][T16077]  rfcomm_dev_ioctl+0x176d/0x1d20
[  314.534891][T16077]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  314.534917][T16077]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  314.534940][T16077]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  314.534966][T16077]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  314.534995][T16077]  sock_do_ioctl+0xd9/0x300
[  314.535021][T16077]  ? __pfx_sock_do_ioctl+0x10/0x10
[  314.535039][T16077]  ? __lock_acquire+0xab9/0xd20
[  314.535078][T16077]  sock_ioctl+0x576/0x790
[  314.535101][T16077]  ? __pfx_sock_ioctl+0x10/0x10
[  314.535121][T16077]  ? __fget_files+0x2a/0x420
[  314.535137][T16077]  ? __fget_files+0x3a0/0x420
[  314.535153][T16077]  ? __fget_files+0x2a/0x420
[  314.535171][T16077]  ? bpf_lsm_file_ioctl+0x9/0x20
[  314.535193][T16077]  ? __pfx_sock_ioctl+0x10/0x10
[  314.535212][T16077]  __se_sys_ioctl+0xf9/0x170
[  314.535234][T16077]  do_syscall_64+0xfa/0x3b0
[  314.535257][T16077]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.535279][T16077]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.535296][T16077]  ? clear_bhb_loop+0x60/0xb0
[  314.535317][T16077]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.535334][T16077] RIP: 0033:0x7f6e3eb8ebe9
[  314.535350][T16077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.535366][T16077] RSP: 002b:00007f6e3fa68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  314.535388][T16077] RAX: ffffffffffffffda RBX: 00007f6e3edb5fa0 RCX: 00007f6e3eb8ebe9
[  314.535401][T16077] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  314.535412][T16077] RBP: 00007f6e3fa68090 R08: 0000000000000000 R09: 0000000000000000
[  314.535424][T16077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  314.535435][T16077] R13: 00007f6e3edb6038 R14: 00007f6e3edb5fa0 R15: 00007ffdb2777418
[  314.535465][T16077]  </TASK>
[  314.858562][T16081] IPVS: wrr: UDP 224.0.0.2:65535 - no destination available
[  314.862986][ T1313] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  314.877079][ T1313] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  314.899178][ T1313] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  314.999752][T16090] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3136'.
[  315.011456][T16083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  315.386996][T16106] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3139'.
[  315.394672][T16100] netlink: 'syz.3.3139': attribute type 5 has an invalid length.
[  315.466402][T16115] netlink: 'syz.4.3142': attribute type 8 has an invalid length.
[  315.755189][ T7528] IPVS: starting estimator thread 0...
[  315.755370][T16124] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  315.850911][T16129] IPVS: using max 29 ests per chain, 69600 per kthread
[  316.015531][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  316.028069][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  316.044159][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  316.062537][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  316.080553][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  316.207079][T12071] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.245555][T16149] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.245559][T16150] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.269797][T16152] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3152'.
[  316.300646][T16148] team0: No ports can be present during mode change
[  316.380664][T12071] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.395414][T16161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3154'.
[  316.420417][T16161] Bluetooth: MGMT ver 1.23
[  316.597184][T16173] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  316.666495][T16177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3160'.
[  316.700516][T12071] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.726197][T16179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3160'.
[  316.875727][T12071] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  317.175786][T16174] 8021q: adding VLAN 0 to HW filter on device bond0
[  317.204174][T16174] 8021q: adding VLAN 0 to HW filter on device team0
[  317.225764][T16174] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  317.497230][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3161'.
[  317.768108][T16215] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3166'.
[  318.139167][T12071] tipc: Disabling bearer <ib:gre0>
[  318.157215][ T5848] Bluetooth: hci0: command tx timeout
[  318.354555][T12071] bond0 (unregistering): Released all slaves
[  318.471205][T12071] bond1 (unregistering): Released all slaves
[  318.588341][T12071] bond2 (unregistering): Released all slaves
[  318.697576][T12071] bond3 (unregistering): Released all slaves
[  318.806315][T12071] bond4 (unregistering): Released all slaves
[  318.967898][T16231] FAULT_INJECTION: forcing a failure.
[  318.967898][T16231] name failslab, interval 1, probability 0, space 0, times 0
[  318.996016][T16231] CPU: 1 UID: 0 PID: 16231 Comm: syz.2.3171 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  318.996051][T16231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  318.996062][T16231] Call Trace:
[  318.996070][T16231]  <TASK>
[  318.996078][T16231]  dump_stack_lvl+0x189/0x250
[  318.996103][T16231]  ? __pfx____ratelimit+0x10/0x10
[  318.996135][T16231]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.996173][T16231]  ? __pfx__printk+0x10/0x10
[  318.996199][T16231]  ? __pfx___might_resched+0x10/0x10
[  318.996223][T16231]  ? fs_reclaim_acquire+0x7d/0x100
[  318.996246][T16231]  should_fail_ex+0x414/0x560
[  318.996356][T16231]  should_failslab+0xa8/0x100
[  318.996377][T16231]  __kmalloc_noprof+0xcb/0x4f0
[  318.996401][T16231]  ? kobject_get_path+0xc5/0x2d0
[  318.996429][T16231]  kobject_get_path+0xc5/0x2d0
[  318.996458][T16231]  kobject_uevent_env+0x292/0x8c0
[  318.996477][T16231]  ? kobject_get+0x88/0x120
[  318.996509][T16231]  tty_register_device_attr+0x541/0x8f0
[  318.996537][T16231]  ? __pfx_tty_register_device_attr+0x10/0x10
[  318.996565][T16231]  ? tty_port_register_device+0x5a/0x100
[  318.996592][T16231]  rfcomm_dev_ioctl+0x176d/0x1d20
[  318.996630][T16231]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  318.996658][T16231]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  318.996682][T16231]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  318.996713][T16231]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  318.996749][T16231]  sock_do_ioctl+0xd9/0x300
[  318.996779][T16231]  ? __pfx_sock_do_ioctl+0x10/0x10
[  318.996796][T16231]  ? __lock_acquire+0xab9/0xd20
[  318.996833][T16231]  sock_ioctl+0x576/0x790
[  318.996854][T16231]  ? __pfx_sock_ioctl+0x10/0x10
[  318.996873][T16231]  ? __fget_files+0x2a/0x420
[  318.996888][T16231]  ? __fget_files+0x3a0/0x420
[  318.996902][T16231]  ? __fget_files+0x2a/0x420
[  318.996919][T16231]  ? bpf_lsm_file_ioctl+0x9/0x20
[  318.996941][T16231]  ? __pfx_sock_ioctl+0x10/0x10
[  318.996957][T16231]  __se_sys_ioctl+0xf9/0x170
[  318.996979][T16231]  do_syscall_64+0xfa/0x3b0
[  318.997003][T16231]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.997025][T16231]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.997041][T16231]  ? clear_bhb_loop+0x60/0xb0
[  318.997063][T16231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.997078][T16231] RIP: 0033:0x7f2a18d8ebe9
[  318.997094][T16231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.997109][T16231] RSP: 002b:00007f2a19b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  318.997131][T16231] RAX: ffffffffffffffda RBX: 00007f2a18fb5fa0 RCX: 00007f2a18d8ebe9
[  318.997143][T16231] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  318.997155][T16231] RBP: 00007f2a19b20090 R08: 0000000000000000 R09: 0000000000000000
[  318.997165][T16231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  318.997174][T16231] R13: 00007f2a18fb6038 R14: 00007f2a18fb5fa0 R15: 00007ffc552028b8
[  318.997201][T16231]  </TASK>
[  319.007297][T16140] chnl_net:caif_netlink_parms(): no params data found
[  319.351782][T12071] tipc: Left network mode
[  319.356866][T16233] netlink: 'syz.0.3173': attribute type 83 has an invalid length.
[  319.969846][T16140] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.980166][T16140] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.992857][T16140] bridge_slave_0: entered allmulticast mode
[  320.002621][T16140] bridge_slave_0: entered promiscuous mode
[  320.016670][T16261] vxcan1 speed is unknown, defaulting to 1000
[  320.040524][T16267] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  320.046540][T16140] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.064683][T16140] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.101166][T16140] bridge_slave_1: entered allmulticast mode
[  320.109139][T16140] bridge_slave_1: entered promiscuous mode
[  320.176902][T16261] vxcan1 speed is unknown, defaulting to 1000
[  320.231349][ T5848] Bluetooth: hci0: command tx timeout
[  320.267854][T16261] vxcan1 speed is unknown, defaulting to 1000
[  320.285614][T16140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  320.329087][T16279] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  320.375459][T16140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  320.482513][T12071] hsr_slave_0: left promiscuous mode
[  320.497853][T12071] hsr_slave_1: left promiscuous mode
[  320.728233][T16292] netlink: 'syz.2.3193': attribute type 10 has an invalid length.
[  320.756029][T16261] infiniband syz2: set active
[  320.764720][T16261] infiniband syz2: added vxcan1
[  320.775777][T16261] syz2: rxe_create_cq: returned err = -12
[  320.781796][T16261] infiniband syz2: Couldn't create ib_mad CQ
[  320.789779][T16261] infiniband syz2: Couldn't open port 1
[  320.858500][T16261] RDS/IB: syz2: added
[  320.863442][T16261] smc: adding ib device syz2 with port count 1
[  320.869961][T16261] smc:    ib device syz2 port 1 has pnetid 
[  321.437461][T16290] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  321.473751][    T9] vxcan1 speed is unknown, defaulting to 1000
[  321.490033][T16140] team0: Port device team_slave_0 added
[  321.524819][T16140] team0: Port device team_slave_1 added
[  321.534845][ T5965] vxcan1 speed is unknown, defaulting to 1000
[  321.628456][T16303] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  321.645330][T16303] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  321.654013][T16261] vxcan1 speed is unknown, defaulting to 1000
[  321.674345][T16140] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.697990][T16140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.734102][T16140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.799225][T16140] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.817495][T16140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.863915][T16140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.891556][T16314] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  321.899896][T16313] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  322.005787][T16316] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3199'.
[  322.016518][T16316] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3199'.
[  322.026857][T16316] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3199'.
[  322.113064][T16140] hsr_slave_0: entered promiscuous mode
[  322.127990][T16140] hsr_slave_1: entered promiscuous mode
[  322.137008][T16140] debugfs: 'hsr0' already exists in 'hsr'
[  322.143807][T16140] Cannot create hsr debugfs directory
[  322.172205][T12071] IPVS: stop unused estimator thread 0...
[  322.299954][T16261] vxcan1 speed is unknown, defaulting to 1000
[  322.311413][ T5848] Bluetooth: hci0: command tx timeout
[  322.582309][T16326] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3203'.
[  322.957806][T16261] vxcan1 speed is unknown, defaulting to 1000
[  322.968273][T16340] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  323.335683][T16358] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  323.385040][T16360] syz.3.3221 uses old SIOCAX25GETINFO
[  323.483677][T16140] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  323.516560][T16140] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  323.547209][T16140] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  323.548496][T16364] ==================================================================
[  323.562093][T16364] BUG: KASAN: slab-use-after-free in __xfrm_state_insert+0x8af/0x1450
[  323.570358][T16364] Read of size 1 at addr ffff88807b9520f0 by task syz.4.3215/16364
[  323.578364][T16364] 
[  323.580693][T16364] CPU: 0 UID: 0 PID: 16364 Comm: syz.4.3215 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  323.580718][T16364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  323.580731][T16364] Call Trace:
[  323.580739][T16364]  <TASK>
[  323.580747][T16364]  dump_stack_lvl+0x189/0x250
[  323.580770][T16364]  ? __kasan_check_byte+0x12/0x40
[  323.580795][T16364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.580809][T16364]  ? lock_release+0x4b/0x3e0
[  323.580832][T16364]  ? __virt_addr_valid+0x4a5/0x5c0
[  323.580854][T16364]  print_report+0xca/0x240
[  323.580877][T16364]  ? __xfrm_state_insert+0x8af/0x1450
[  323.580893][T16364]  kasan_report+0x118/0x150
[  323.580919][T16364]  ? __xfrm_state_insert+0x8af/0x1450
[  323.580940][T16364]  __xfrm_state_insert+0x8af/0x1450
[  323.580962][T16364]  ? xfrm_state_insert+0x44/0x60
[  323.580980][T16364]  xfrm_state_insert+0x54/0x60
[  323.580998][T16364]  ipcomp6_init_state+0x655/0x900
[  323.581019][T16364]  __xfrm_init_state+0xa73/0x13f0
[  323.581038][T16364]  ? __xfrm_init_state+0x7ef/0x13f0
[  323.581060][T16364]  xfrm_init_state+0x18/0xa0
[  323.581078][T16364]  pfkey_add+0x1d38/0x2e00
[  323.581110][T16364]  ? __pfx_pfkey_add+0x10/0x10
[  323.581125][T16364]  ? kmem_cache_free+0x18f/0x400
[  323.581156][T16364]  pfkey_sendmsg+0xbfb/0x1090
[  323.581177][T16364]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  323.581198][T16364]  ? rcu_is_watching+0x15/0xb0
[  323.581229][T16364]  ? aa_sock_msg_perm+0x94/0x160
[  323.581251][T16364]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  323.581268][T16364]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  323.581290][T16364]  __sock_sendmsg+0x219/0x270
[  323.581313][T16364]  ____sys_sendmsg+0x52d/0x830
[  323.581333][T16364]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.581355][T16364]  ? import_iovec+0x74/0xa0
[  323.581378][T16364]  ___sys_sendmsg+0x21f/0x2a0
[  323.581397][T16364]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.581417][T16364]  ? __pfx_futex_wake_mark+0x10/0x10
[  323.581452][T16364]  ? __pfx_futex_wait+0x10/0x10
[  323.581478][T16364]  __sys_sendmmsg+0x227/0x430
[  323.581499][T16364]  ? __pfx___sys_sendmmsg+0x10/0x10
[  323.581515][T16364]  ? do_futex+0x333/0x420
[  323.581538][T16364]  ? fdget+0x149/0x1e0
[  323.581564][T16364]  ? rcu_is_watching+0x15/0xb0
[  323.581591][T16364]  __x64_sys_sendmmsg+0xa0/0xc0
[  323.581609][T16364]  do_syscall_64+0xfa/0x3b0
[  323.581633][T16364]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.581655][T16364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.581673][T16364]  ? clear_bhb_loop+0x60/0xb0
[  323.581693][T16364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.581710][T16364] RIP: 0033:0x7f6e3eb8ebe9
[  323.581728][T16364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.581745][T16364] RSP: 002b:00007f6e3fa68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  323.581767][T16364] RAX: ffffffffffffffda RBX: 00007f6e3edb5fa0 RCX: 00007f6e3eb8ebe9
[  323.581780][T16364] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000005
[  323.581793][T16364] RBP: 00007f6e3ec11e19 R08: 0000000000000000 R09: 0000000000000000
[  323.581806][T16364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  323.581817][T16364] R13: 00007f6e3edb6038 R14: 00007f6e3edb5fa0 R15: 00007ffdb2777418
[  323.581837][T16364]  </TASK>
[  323.581843][T16364] 
[  323.906023][T16364] Allocated by task 14788:
[  323.910426][T16364]  kasan_save_track+0x3e/0x80
[  323.915111][T16364]  __kasan_slab_alloc+0x6c/0x80
[  323.919970][T16364]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  323.925770][T16364]  xfrm_state_alloc+0x24/0x2f0
[  323.930620][T16364]  __find_acq_core+0x8a7/0x1c00
[  323.935454][T16364]  xfrm_find_acq+0x78/0xa0
[  323.939862][T16364]  xfrm_alloc_userspi+0x6b3/0xc90
[  323.944879][T16364]  xfrm_user_rcv_msg+0x7a3/0xab0
[  323.949866][T16364]  netlink_rcv_skb+0x205/0x470
[  323.954651][T16364]  xfrm_netlink_rcv+0x79/0x90
[  323.959422][T16364]  netlink_unicast+0x82f/0x9e0
[  323.964362][T16364]  netlink_sendmsg+0x805/0xb30
[  323.969122][T16364]  __sock_sendmsg+0x219/0x270
[  323.973802][T16364]  ____sys_sendmsg+0x505/0x830
[  323.978655][T16364]  ___sys_sendmsg+0x21f/0x2a0
[  323.983409][T16364]  __x64_sys_sendmsg+0x19b/0x260
[  323.988794][T16364]  do_syscall_64+0xfa/0x3b0
[  323.993341][T16364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.999242][T16364] 
[  324.001566][T16364] Freed by task 7536:
[  324.005534][T16364]  kasan_save_track+0x3e/0x80
[  324.010321][T16364]  kasan_save_free_info+0x46/0x50
[  324.015444][T16364]  __kasan_slab_free+0x62/0x70
[  324.020209][T16364]  kmem_cache_free+0x18f/0x400
[  324.025000][T16364]  xfrm_state_gc_task+0x518/0x6a0
[  324.030033][T16364]  process_scheduled_works+0xae1/0x17b0
[  324.035581][T16364]  worker_thread+0x8a0/0xda0
[  324.041832][T16364]  kthread+0x70e/0x8a0
[  324.045888][T16364]  ret_from_fork+0x3fc/0x770
[  324.050478][T16364]  ret_from_fork_asm+0x1a/0x30
[  324.055334][T16364] 
[  324.057645][T16364] The buggy address belongs to the object at ffff88807b951dc0
[  324.057645][T16364]  which belongs to the cache xfrm_state of size 928
[  324.071612][T16364] The buggy address is located 816 bytes inside of
[  324.071612][T16364]  freed 928-byte region [ffff88807b951dc0, ffff88807b952160)
[  324.085685][T16364] 
[  324.088005][T16364] The buggy address belongs to the physical page:
[  324.094596][T16364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b951100 pfn:0x7b950
[  324.104649][T16364] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  324.113161][T16364] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  324.120794][T16364] page_type: f5(slab)
[  324.124922][T16364] raw: 00fff00000000040 ffff88801b78e3c0 dead000000000122 0000000000000000
[  324.133510][T16364] raw: ffff88807b951100 00000000800f0008 00000000f5000000 0000000000000000
[  324.142175][T16364] head: 00fff00000000040 ffff88801b78e3c0 dead000000000122 0000000000000000
[  324.150840][T16364] head: ffff88807b951100 00000000800f0008 00000000f5000000 0000000000000000
[  324.159639][T16364] head: 00fff00000000002 ffffea0001ee5401 00000000ffffffff 00000000ffffffff
[  324.168500][T16364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  324.177270][T16364] page dumped because: kasan: bad access detected
[  324.183871][T16364] page_owner tracks the page as allocated
[  324.189662][T16364] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6306, tgid 6305 (syz.1.107), ts 91192575489, free_ts 91139450436
[  324.208765][T16364]  post_alloc_hook+0x240/0x2a0
[  324.213550][T16364]  get_page_from_freelist+0x21e4/0x22c0
[  324.219098][T16364]  __alloc_frozen_pages_noprof+0x181/0x370
[  324.224904][T16364]  alloc_pages_mpol+0x232/0x4a0
[  324.229896][T16364]  allocate_slab+0x8a/0x3b0
[  324.234477][T16364]  ___slab_alloc+0xbfc/0x1480
[  324.239152][T16364]  kmem_cache_alloc_noprof+0x283/0x3c0
[  324.244783][T16364]  xfrm_state_alloc+0x24/0x2f0
[  324.249539][T16364]  xfrm_add_sa+0x17d1/0x4070
[  324.254119][T16364]  xfrm_user_rcv_msg+0x7a3/0xab0
[  324.259216][T16364]  netlink_rcv_skb+0x205/0x470
[  324.263981][T16364]  xfrm_netlink_rcv+0x79/0x90
[  324.268763][T16364]  netlink_unicast+0x82f/0x9e0
[  324.273709][T16364]  netlink_sendmsg+0x805/0xb30
[  324.278470][T16364]  __sock_sendmsg+0x219/0x270
[  324.283254][T16364]  ____sys_sendmsg+0x505/0x830
[  324.288020][T16364] page last free pid 6307 tgid 6304 stack trace:
[  324.294344][T16364]  __free_frozen_pages+0xc71/0xe70
[  324.299635][T16364]  __slab_free+0x326/0x400
[  324.304143][T16364]  qlist_free_all+0x97/0x140
[  324.308736][T16364]  kasan_quarantine_reduce+0x148/0x160
[  324.314192][T16364]  __kasan_slab_alloc+0x22/0x80
[  324.319036][T16364]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  324.324751][T16364]  alloc_empty_file+0x55/0x1d0
[  324.329499][T16364]  alloc_file_pseudo+0x13d/0x210
[  324.334428][T16364]  anon_inode_getfile+0xc5/0x1a0
[  324.339437][T16364]  bpf_link_prime+0xfc/0x220
[  324.344170][T16364]  bpf_raw_tp_link_attach+0x49a/0x6c0
[  324.349523][T16364]  bpf_raw_tracepoint_open+0x1b2/0x220
[  324.355151][T16364]  __sys_bpf+0x75a/0x870
[  324.359479][T16364]  __x64_sys_bpf+0x7c/0x90
[  324.363884][T16364]  do_syscall_64+0xfa/0x3b0
[  324.368379][T16364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.374482][T16364] 
[  324.376817][T16364] Memory state around the buggy address:
[  324.382436][T16364]  ffff88807b951f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  324.390485][T16364]  ffff88807b952000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  324.398543][T16364] >ffff88807b952080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  324.406596][T16364]                                                              ^
[  324.414410][T16364]  ffff88807b952100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  324.422575][T16364]  ffff88807b952180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  324.430811][T16364] ==================================================================
[  324.439160][T16364] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  324.446367][T16364] CPU: 0 UID: 0 PID: 16364 Comm: syz.4.3215 Not tainted 6.16.0-syzkaller-06620-gae633388cae3 #0 PREEMPT(full) 
[  324.458095][T16364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  324.468172][T16364] Call Trace:
[  324.471465][T16364]  <TASK>
[  324.474412][T16364]  dump_stack_lvl+0x99/0x250
[  324.479062][T16364]  ? __asan_memcpy+0x40/0x70
[  324.483676][T16364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.488990][T16364]  ? __pfx__printk+0x10/0x10
[  324.493782][T16364]  panic+0x2db/0x790
[  324.497706][T16364]  ? __pfx_panic+0x10/0x10
[  324.502139][T16364]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  324.508404][T16364]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  324.514566][T16364]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  324.521018][T16364]  ? print_memory_metadata+0x314/0x400
[  324.526513][T16364]  ? __xfrm_state_insert+0x8af/0x1450
[  324.531915][T16364]  check_panic_on_warn+0x89/0xb0
[  324.536878][T16364]  ? __xfrm_state_insert+0x8af/0x1450
[  324.542353][T16364]  end_report+0x78/0x160
[  324.546625][T16364]  kasan_report+0x129/0x150
[  324.551211][T16364]  ? __xfrm_state_insert+0x8af/0x1450
[  324.556698][T16364]  __xfrm_state_insert+0x8af/0x1450
[  324.562202][T16364]  ? xfrm_state_insert+0x44/0x60
[  324.567172][T16364]  xfrm_state_insert+0x54/0x60
[  324.572050][T16364]  ipcomp6_init_state+0x655/0x900
[  324.577293][T16364]  __xfrm_init_state+0xa73/0x13f0
[  324.582476][T16364]  ? __xfrm_init_state+0x7ef/0x13f0
[  324.587700][T16364]  xfrm_init_state+0x18/0xa0
[  324.592404][T16364]  pfkey_add+0x1d38/0x2e00
[  324.596905][T16364]  ? __pfx_pfkey_add+0x10/0x10
[  324.601693][T16364]  ? kmem_cache_free+0x18f/0x400
[  324.606673][T16364]  pfkey_sendmsg+0xbfb/0x1090
[  324.611570][T16364]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  324.616811][T16364]  ? rcu_is_watching+0x15/0xb0
[  324.621630][T16364]  ? aa_sock_msg_perm+0x94/0x160
[  324.626598][T16364]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  324.631909][T16364]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  324.637393][T16364]  __sock_sendmsg+0x219/0x270
[  324.642101][T16364]  ____sys_sendmsg+0x52d/0x830
[  324.646975][T16364]  ? __pfx_____sys_sendmsg+0x10/0x10
[  324.652384][T16364]  ? import_iovec+0x74/0xa0
[  324.656922][T16364]  ___sys_sendmsg+0x21f/0x2a0
[  324.661662][T16364]  ? __pfx____sys_sendmsg+0x10/0x10
[  324.666889][T16364]  ? __pfx_futex_wake_mark+0x10/0x10
[  324.672202][T16364]  ? __pfx_futex_wait+0x10/0x10
[  324.677072][T16364]  __sys_sendmmsg+0x227/0x430
[  324.681854][T16364]  ? __pfx___sys_sendmmsg+0x10/0x10
[  324.687072][T16364]  ? do_futex+0x333/0x420
[  324.691576][T16364]  ? fdget+0x149/0x1e0
[  324.695738][T16364]  ? rcu_is_watching+0x15/0xb0
[  324.700508][T16364]  __x64_sys_sendmmsg+0xa0/0xc0
[  324.705553][T16364]  do_syscall_64+0xfa/0x3b0
[  324.710050][T16364]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.715271][T16364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.721339][T16364]  ? clear_bhb_loop+0x60/0xb0
[  324.726024][T16364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.731936][T16364] RIP: 0033:0x7f6e3eb8ebe9
[  324.736345][T16364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.756123][T16364] RSP: 002b:00007f6e3fa68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  324.764719][T16364] RAX: ffffffffffffffda RBX: 00007f6e3edb5fa0 RCX: 00007f6e3eb8ebe9
[  324.772729][T16364] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000005
[  324.780712][T16364] RBP: 00007f6e3ec11e19 R08: 0000000000000000 R09: 0000000000000000
[  324.788784][T16364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  324.796764][T16364] R13: 00007f6e3edb6038 R14: 00007f6e3edb5fa0 R15: 00007ffdb2777418
[  324.804748][T16364]  </TASK>
[  324.808113][T16364] Kernel Offset: disabled
[  324.812439][T16364] Rebooting in 86400 seconds..