last executing test programs:

21.359470721s ago: executing program 1 (id=323):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a", 0xce}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbe", 0x75}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50ae", 0xd7}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

20.821441829s ago: executing program 0 (id=325):
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB='..'])
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x30, r0, 0x0) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
unshare(0x2c020400) (async)
openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x6, 0x4)

20.551434858s ago: executing program 1 (id=326):
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r0, &(0x7f0000000e40)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x400, @loopback={0xff00000000000000}, 0x101}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000000)="8000102e7577d401", 0x8}], 0x1, &(0x7f0000000e80)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x80}}], 0x18}}], 0x1, 0x4000880) (fail_nth: 5)

20.476328851s ago: executing program 0 (id=328):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="ff", 0x1, 0x4840, &(0x7f0000000140)={0x11, 0x80f3, r2, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)

20.150590689s ago: executing program 0 (id=331):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000040)=@ctrl_frame=@ba={{}, {0xa}, @broadcast, @device_a, @multi={{0x1, 0x1, 0x1, 0x0, 0x3}, [{0x0, 0xa, {0x5, 0x7}, "9472f39981c6984a"}, {0x0, 0x8, {0x0, 0xd77}, "767dde865d75b03f"}, {0x0, 0x3, {0x2, 0x81}, "a1aced3cd53d5c6c"}], {0x0, 0xb, {0x7, 0x6}, "dfad7641cd44757c"}}}, 0x42)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x1080}, 0x0)

19.715449001s ago: executing program 1 (id=333):
socket$netlink(0x10, 0x3, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000bf03000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, 0x0})
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000fd"], 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000897ce5e729ff6b552edae2876f731635ae16df636f7924ca6b935b40fc33983515dac6d43dabc8d4bc2ba7f75ec1cfd82b0b00000000004fd759b7b99d1f526dd929fa4c7d227ecbb104d7b3ecbc7dd7920ab8194d0d0cc9a80b8f443c97e3"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r3)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="6416", @ANYRES32=r1, @ANYRESOCT=r2], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r5 = socket(0x400000000010, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0x8000f28, 0x0)
splice(r5, 0x0, r5, 0x0, 0x77, 0xe)
sendmsg$can_bcm(r0, &(0x7f0000000580)={&(0x7f00000002c0), 0x10, &(0x7f0000000380)={&(0x7f0000000500)={0x3c240ecaa4799fd3, 0x100, 0xffffffff, {0x0, 0xea60}, {0x0, 0xea60}, {0x3}, 0x1, @canfd={{0x0, 0x0, 0x0, 0x1}, 0x22, 0x2, 0x0, 0x0, "63d4eb208ba89eb76aefbdf93d2182e136412d954574a9e20ef133b54a08136f62a6113090f4142bf6d42d77f0aa712f821cb64f19f7abf9ee00cba6826f100b"}}, 0x80}, 0x1, 0x0, 0x0, 0x8001}, 0x8880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000340)='jbd2_submit_inode_data\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000100000000000000000004"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYRESOCT=r5, @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x200000000000000f, &(0x7f0000001500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc41c06d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73bb6615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed56e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893a03000000000000001d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300f824371049da6dc7139ae029ebb83e34d60dcbb32663f76a796320f01cf507afcb80e7d643114208ef6604ea7f65ef5d55aa868e270659fbac535ea72e89067c42a1a1f782b5ba9bf1afd0dc3d23d68923e0a7cef7c47a3651f5028409ebf1f58b2229e19be2c2f71e1cafdd74ce8e745a154d126d02689d529c73a109ff2c01179e631468000000000000000000000000000000a05e8d25c4a9a4b627d9e72513d4ecb80a352fdcc935ad4f7b3ee726a77b80ed849cbbf9a07019bf660842709fad2ae64ed6e9f6a700541c279474f3a24d0d6c32274adea81ecbb823038f548ea939fa70bacc609493669a1996538a1dbb0adccf78bb2b5cf6ba07d23c8aa3e0e50c1c2e0ceb293a00480b4e309f49d9fb1ef363e99fa9bbe0e9c1d5b791b625a9d336374682af23cd403d2146d1ea537ccdb3bf37cb50682f", @ANYRESHEX], &(0x7f0000000300)='GPL\x00', 0x5, 0xb5, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x10, 0xffb}, 0x94)
socket$inet6(0xa, 0x5, 0x0)
socket$inet6(0xa, 0x5, 0x0)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="0207040b020000002bd67000fcdbdf25"], 0x10}}, 0x80)

18.960963119s ago: executing program 3 (id=340):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
writev(r0, &(0x7f0000000740)=[{&(0x7f0000000280)="581a17919cc77431510e7fc4ed9fb860505f1495ff92f16a44f8a13d58751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c2", 0x3f}], 0x1)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r4=>0x0})
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP_VS_SO_SET_DELDEST(r6, 0x11e, 0x488, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x7fffffff, 0x7, 0x4, 0x1000000, 0x800, 0x8, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x1, 0x8, 0x3f9a, 0x0, 0x8000000010001, 0x3}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(r1)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
ppoll(&(0x7f0000000100)=[{0xffffffffffffffff, 0x2600}, {r0, 0x20}, {0xffffffffffffffff, 0x8001}], 0x3, &(0x7f0000000180), 0x0, 0x0)

18.788007878s ago: executing program 0 (id=342):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000a00)={'wlan0\x00'})

18.583678052s ago: executing program 0 (id=344):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a", 0xce}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbe", 0x75}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50ae", 0xd7}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

17.820495663s ago: executing program 0 (id=350):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000002880), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002900)={&(0x7f00000028c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1000000006}]}, 0x28}, 0x1, 0x200000000000000, 0x0, 0x48002}, 0x804)

17.763665296s ago: executing program 3 (id=351):
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd", 0x5}], 0x1, 0x0, 0x0, 0x11000000}, 0x40)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)={0x40, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}]}]}, 0x40}}, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x8)

17.547478801s ago: executing program 2 (id=352):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f00000001c0)=0x2f, 0x4)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f00000001c0)=@hci={0x1f, 0x1, 0x31}, 0x80, &(0x7f0000000180)=[{&(0x7f0000001300)="b8b28225ea772f0daee8c7c9", 0xc}, {&(0x7f0000000100)='<o', 0x2}], 0x2}, 0x24008955)

17.535770714s ago: executing program 3 (id=353):
socket$netlink(0x10, 0x3, 0x10) (async)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1e00000000000000fe7f000007"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r2, 0xfffffffc)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xc6da5938055fa6fd, 0x28}, [@IFLA_LINK={0x8, 0x5, r6}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xc6da5938055fa6fd, 0x28}, [@IFLA_LINK={0x8, 0x5, r6}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) (async)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
r8 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r9 = socket(0x29, 0x2, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r10, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x44080) (async)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r10, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x44080)
setsockopt$PNPIPE_ENCAP(r9, 0x113, 0x1, &(0x7f0000000040), 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000380)={@private1={0xfc, 0x1, '\x00', 0x1}, @private1, @mcast2, 0x9, 0xb, 0x4, 0x100, 0x7}) (async)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000380)={@private1={0xfc, 0x1, '\x00', 0x1}, @private1, @mcast2, 0x9, 0xb, 0x4, 0x100, 0x7})
r12 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000240)={'team0\x00', <r13=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r12, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r13, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
splice(r8, &(0x7f0000000100)=0x77d8, r3, &(0x7f0000000140)=0x2, 0x4, 0x1) (async)
splice(r8, &(0x7f0000000100)=0x77d8, r3, &(0x7f0000000140)=0x2, 0x4, 0x1)

17.363558379s ago: executing program 2 (id=354):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x8, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

17.347318356s ago: executing program 3 (id=355):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x6)
syz_emit_ethernet(0x3a, &(0x7f0000000540)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0xffff, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}]}}}}}}}, 0x0) (fail_nth: 5)

17.233363418s ago: executing program 3 (id=356):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0x406f413, 0x1000000000000000)

17.107768328s ago: executing program 2 (id=357):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f00000049c0)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xb, @empty, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000440)=[@tclass={{0x14, 0x29, 0x43, 0xfe}}, @dstopts_2292={{0x18}}, @flowinfo={{0x14, 0x29, 0xb, 0xc5}}, @hoplimit={{0x60, 0x29, 0x34, 0x1}}], 0x60}}], 0x1, 0x20004000)

17.105807559s ago: executing program 3 (id=358):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x5c, 0x5c, 0x4, [@int={0xc, 0x0, 0x0, 0x1, 0x0, 0x67, 0x0, 0x16, 0x2}, @ptr={0x6, 0x0, 0x0, 0x2, 0x2}, @typedef={0x2, 0x0, 0x0, 0x8, 0x2}, @struct={0x8, 0x1, 0x0, 0x4, 0x0, 0x4, [{0xd, 0x2}]}, @float={0xe, 0x0, 0x0, 0x10, 0x8}, @var={0x10, 0x0, 0x0, 0xe, 0x3, 0x2}]}, {0x0, [0x61, 0x5f]}}, &(0x7f0000000300)=""/28, 0x78, 0x1c, 0x1, 0x2}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x80000}, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r2, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}, {{&(0x7f0000000500)={0xa, 0x4e22, 0x0, @remote, 0x40}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000006c0)}], 0x1}}], 0x2, 0x24000045)
shutdown(r2, 0x1)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0xc)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r4, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xfff1}, {}, {0xe, 0xd}}, [@TCA_RATE={0x12}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0xa, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000003000000000000000000000085100000feff", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000095000000000000003eb3ea73d2baf85116411b992fc4589bbadb864f359774e31d3707059e0f39cea868f6890caab9d999434de37758f41aa249c41a8363fe3abbac5a38a6f6213f0de40cb2f07654a9926ec285ce8ea30fb9049510b3eb94fa1675fc0a81168c3f867434e250beb3ce76a7034a6256023412090314a41b15a7c60747a48d6728b3e981dbcdcf4e5a0e231ec01631182f3366804dd8dcdbcc4b31e5c3820cb7c9526d29138a"], &(0x7f0000000680)='GPL\x00', 0x9, 0x11, &(0x7f00000007c0)=""/17, 0x40f00, 0x53, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a40)={0x5, 0x9, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r5, r5, 0xffffffffffffffff], &(0x7f0000000dc0)=[{0x5, 0x5, 0x9, 0x1}, {0x5, 0x4, 0x4, 0x7}, {0x3, 0x4, 0x0, 0x4}], 0x10, 0x5}, 0x94)
bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={r7, 0xffffffffffffffff, 0x24}, 0xc)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="0800d90700000000000000bd5656", 0xe)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a80)={0x58, r9, 0x5, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x2}]}, 0x58}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0), &(0x7f0000000980)=ANY=[@ANYBLOB="5000000008021100fb020802110000000000010005002e42690f69e09fd3f0942d31e34e9ed45cbe51259e15e41db316c9098a530501a91a8f56081e000000000000"], 0x26)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000b40)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110049d74043a9323266e082e6d57e7618d253bf176632b77a23ac3a6068b81910681f737527a4fe2f9d7f2166a9dde21556d31d4ced7700"/99], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f0000000240)=@broadcast, &(0x7f0000000500)=ANY=[], 0x28)

17.028064682s ago: executing program 2 (id=359):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1206"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x20, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x4010744d, &(0x7f0000000180))
r4 = socket$netlink(0x10, 0x3, 0x14)
r5 = getpid()
r6 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
getsockopt$llc_int(r7, 0x10c, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f0000000300)=r1}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000580)={'tunl0\x00', &(0x7f0000000500)={'tunl0\x00', <r9=>0x0, 0x20, 0x20, 0x2, 0x200, {{0x17, 0x4, 0x0, 0x5, 0x5c, 0x67, 0x0, 0xf, 0x2f, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x2b, 0xc, [@multicast2, @rand_addr=0x64010100, @private=0xa010102, @broadcast, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @dev={0xac, 0x14, 0x14, 0xc}, @rand_addr=0x64010100, @remote]}, @generic={0x88, 0x2}, @generic={0x94, 0x4, "be9d"}, @timestamp={0x44, 0x10, 0x30, 0x0, 0x3, [0x2, 0x9, 0x6]}]}}}}})
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@ptr={0x1, 0x0, 0x0, 0x2, 0x3}]}, {0x0, [0x30, 0x2e, 0x2e, 0x0]}}, &(0x7f0000000600)=""/219, 0x2a, 0xdb, 0x0, 0xff, 0x10000}, 0x28)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001940)=@bpf_lsm={0x1d, 0x27, &(0x7f0000000380)=@raw=[@exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800}, @jmp={0x5, 0x1, 0x6, 0x2, 0x3, 0xfffffffffffffff3, 0xfffffffffffffffc}, @ringbuf_query, @btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9058}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x4}], &(0x7f00000004c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x10, '\x00', r9, 0x1b, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740)={0x2, 0xd, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000780), &(0x7f00000007c0)=[{0x1, 0x2, 0xa, 0x9}], 0x10, 0x79cd}, 0x94)
sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x0, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
writev(r11, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000130003474cbb65e1c3e4ffff06000d00010000000700000025000000040016000c0014000000001f000006060400180000008cdb25", 0x39}], 0x1)
ioctl$sock_SIOCSPGRP(r4, 0x8902, &(0x7f0000000040)=r5)
getsockopt$sock_buf(r11, 0x1, 0x0, &(0x7f0000000940)=""/4096, &(0x7f0000000240)=0x1000)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
pipe(&(0x7f0000002180))
r12 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
sendmsg$nl_route(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r13, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x280608c0}, 0x0)

16.636914528s ago: executing program 1 (id=361):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r2, 0x27, 0xe, 0x0, &(0x7f0000000080)="f8ad48cc02cb29dcc8007f5b88a8", 0x0, 0x4, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x1e)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x3, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000080)={0x5, 0x10, 0xb, 0x8, 0x8, 0xd85, 0x1, 0x1, r4}, &(0x7f0000000340)=0x20)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3}, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x14, 0xa, 0x1, 0x0, [{@dev}, {@multicast2}]}]}}, @timestamp}}}}, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300030f00000700bd7000fcdbdf25010009000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000000070c0000000005000500000000000a00000000000000000000000000000000000000000000010700000000000000"], 0x78}, 0x1, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x10}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

16.051489932s ago: executing program 2 (id=363):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)

15.919916755s ago: executing program 4 (id=364):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0))
r6 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r7], 0x5c}}, 0x40)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'vxcan1\x00'}}, 0x1e)

15.682843773s ago: executing program 4 (id=365):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x4, 0x7, 0x0, 0x40}, 0xc)
r3 = accept(r1, &(0x7f0000000140)=@nfc_llcp, &(0x7f00000001c0)=0x80)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x40, 0x5d, 0x2, 0x190b87f7}, {0x6, 0x0, 0x6, 0x1}]}, 0x10)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000140)="24000000010006", 0x7)
bind$bt_hci(r3, &(0x7f0000000240)={0x1f, 0x2}, 0x6)
listen(r2, 0x8)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
socket(0x15, 0x5, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000700)="a6ec5de4b4baeefed0f4453de731f7750c429e4e5af6c346f1093d0b3d2eef018352c4a0e168e564845fab86e5751673d7bf3357dc9ee67faede7ba65bb7708761bc897d628ce6f22e8bb5457c938712e3799fa651636e882311c66c11e30d40b5af2d9895ebac74283def32de5fdd88a224fe52f8c8c8901ab2b0193f8bc6cba7a25c1d61047ffb15234dc8c04c6217046f141b0f40d64740ec99d5755754a13e9843ddd8e975dc4989513b033e15b0528d6d768670a2a54987d5231494406867", 0xc1}], 0x1}}], 0x1, 0x44810)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x810, 0xffffffffffffffff, 0x0)
write$cgroup_devices(r6, &(0x7f00000006c0)=ANY=[], 0xffdd)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000300)={'syztnl0\x00', &(0x7f0000000440)={'ip6gre0\x00', <r8=>0x0, 0x29, 0x10, 0x63, 0x10000, 0x1a, @mcast1, @dev={0xfe, 0x80, '\x00', 0x27}, 0x10, 0x8000, 0x8, 0xac}})
sendmsg$nl_route(r5, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=@mpls_getroute={0x48, 0x1a, 0x8, 0x70bd29, 0x25dfdbfe, {0x1c, 0x14, 0x80, 0x4, 0x0, 0x3, 0xc8, 0xb, 0x200}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0xab}, @RTA_DST={0x8, 0x1, {0x101}}, @RTA_VIA={0x14, 0x12, {0x18, "1dd2509e4fec402d2e20c679c9b3"}}, @RTA_OIF={0x8, 0x4, r8}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040010}, 0x2400c094)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "7f"}]}], {0x14}}, 0x70}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000008c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000f00)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647309d209558b1965ef7ea4576ec0e289b73c2089310271d0a67d88a312f4cb0194c4f28ec3c2fe269311d0cec1fe0efef17d376d183b08e392b6cb58e930e1f959dd4528ec95350fc86e5297e6d59af036b132df17833881238ba8692842a8da4d5b4a37c94915331143d9128a197495433c2f550b4455a9ae03b937305e192e861ca3a60f9b3a14288e3daeb6936593485388a4aaab39b3843ee2960d9c8728eafb904333e7b78a270480e8dd89bc4cf0b791013cff43bf314e11a44d5f9c4fdad8a2fcdb04f76de29a50a0428148f4bc3eff1e84d25ea95dabddfba6162860a3c3389ee366450b6bcf1409f920caf1be5702af0402e2cef4896d9544a26ebfab694d7a47eca55bd2f62e7d7eb1f6061f7e441df5ab31344f02179764822036ef706133ea1a6380e042f074b2b0ddcc578cb8a668a846b9d5792f8d434f8ec7b562594587c49e8e6b3450e545fc070644bd06a36106cdb63f9e8ad7ae5", 0x237}], 0x1}}], 0x2, 0x4)

15.682480966s ago: executing program 1 (id=366):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x8, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x7, 0x7, 0x19}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000084}, 0x44884)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000080}, 0x0)
unshare(0x22020400)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_mreqn(r2, 0x0, 0x53, 0x0, &(0x7f0000000040)=0xf)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x25dfdffd, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x7, 0xf47c34376c57618a}}]}}]}, 0x3c}}, 0x20004811)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

15.586937368s ago: executing program 1 (id=367):
r0 = socket(0x2, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x30, 0x5, 0x1, 0xfffff034}, {0x6, 0x1, 0x6, 0x6}]}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4e24, 0x5, 0x4e23, 0x0, 0xa, 0x0, 0x80}, {0x3, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2}, {0xcb2d, 0x6, 0x20053e5, 0x20}, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x6c}, 0x2, @in6=@remote, 0x1502, 0x4, 0x2, 0x0, 0x0, 0x7}}, 0xe8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000009b80)=ANY=[@ANYBLOB="3c0000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000100003800c00008008000340bc"], 0x3c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r6 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x15, 0x0, &(0x7f0000000300))
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYRES32=r2, @ANYRES64=r6], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)
socket(0x2, 0xa, 0x300) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x30, 0x5, 0x1, 0xfffff034}, {0x6, 0x1, 0x6, 0x6}]}, 0x10) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4e24, 0x5, 0x4e23, 0x0, 0xa, 0x0, 0x80}, {0x3, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2}, {0xcb2d, 0x6, 0x20053e5, 0x20}, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x6c}, 0x2, @in6=@remote, 0x1502, 0x4, 0x2, 0x0, 0x0, 0x7}}, 0xe8) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000009b80)=ANY=[@ANYBLOB="3c0000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000100003800c00008008000340bc"], 0x3c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) (async)
socket$alg(0x26, 0x5, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0) (async)
bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) (async)
accept4(r4, 0x0, 0x0, 0x0) (async)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x15, 0x0, &(0x7f0000000300)) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYRES32=r2, @ANYRES64=r6], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840) (async)

15.538119495s ago: executing program 4 (id=368):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000012010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000380003803400008028000180230001"], 0xf0}, 0x1, 0x0, 0x0, 0x80}, 0x0)

15.395673347s ago: executing program 4 (id=369):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000008c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000f00)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647309d209558b1965ef7ea4576ec0e289b73c2089310271d0a67d88a312f4cb0194c4f28ec3c2fe269311d0cec1fe0efef17d376d183b08e392b6cb58e930e1f959dd4528ec95350fc86e5297e6d59af036b132df17833881238ba8692842a8da4d5b4a37c94915331143d9128a197495433c2f550b4455a9ae03b937305e192e861ca3a60f9b3a14288e3daeb6936593485388a4aaab39b3843ee2960d9c8728eafb904333e7b78a270480e8dd89bc4cf0b791013cff43bf314e11a44d5f9c4fdad8a2fcdb04f76de29a50a0428148f4bc3eff1e84d25ea95dabddfba6162860a3c3389ee366450b6bcf1409f920caf1be5702af0402e2cef4896d9544a26ebfab694d7a47eca55bd2f62e7d7eb1f6061f7e441df5ab31344f02179764822036ef706133ea1a6380e042f074b2b0ddcc578cb8a668a846b9d5792f8d434f8ec7b562594587c49e8e6b3450e545fc070644bd06a36106cdb63f9e8ad7ae5", 0x237}], 0x1}}], 0x2, 0x4)
shutdown(r0, 0x1)

15.358017378s ago: executing program 4 (id=370):
r0 = socket$netlink(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002080)=@updpolicy={0xc0, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xc0}}, 0x20004800)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b00000000000007000000000000000000000000c9", 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2)

15.299297842s ago: executing program 4 (id=371):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x25, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0x3}, @jmp={0x5, 0x0, 0x7, 0x7, 0x5, 0xffffffffffffffc0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7085}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x7}, @ldst={0x0, 0x3, 0x4, 0x4, 0xa, 0x80, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0xc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ldst={0x3, 0x2, 0x4, 0xb, 0x7, 0xfffffffffffffff0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='GPL\x00', 0x2, 0xaa, &(0x7f0000000440)=""/170, 0x81e00, 0x48, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x3, 0x1, 0x8001, 0x80}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x3, 0x3, 0x8, 0xa}, {0x3, 0x3, 0x0, 0x6}, {0x3, 0x1, 0x4, 0x7}, {0x1, 0x4, 0x1, 0x1}, {0x3, 0x4, 0xd, 0xc}, {0x5, 0x5, 0xc, 0x1}, {0x0, 0x2, 0x8, 0x5}, {0x2, 0x3, 0xe, 0x1}, {0x4, 0x5}], 0x10, 0x3ff}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000800)={r1, r0}, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000001080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd70000000000001000000040008801400020077673000000000e4ffffffffffffff000800050001000000240003000000000000000000000000000000000000000000000000000000000000000000060006"], 0x60}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r5, 0x29, 0x1a, &(0x7f0000000280)=0x80000001, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0xecf9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x2c)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0300001a"], 0x34c}}, 0x44)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r9, &(0x7f00000003c0)='pids.events\x00', 0x0, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="75bd7dd91cea14b00d0400"/20, @ANYRES32=0x0, @ANYBLOB="03000000c31006002000128008000100736974001400028008000300ac14140006000e0040000000"], 0x40}}, 0x0)

15.135376853s ago: executing program 2 (id=372):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1)
sendmsg$IEEE802154_START_REQ(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x12}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x7f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_BCN_ORD={0x5}, @IEEE802154_ATTR_BAT_EXT={0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x18000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r6}, @IFLA_HSR_SLAVE1={0x8, 0x1, r3}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4)

2.599042483s ago: executing program 32 (id=350):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000002880), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002900)={&(0x7f00000028c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1000000006}]}, 0x28}, 0x1, 0x200000000000000, 0x0, 0x48002}, 0x804)

1.574574834s ago: executing program 33 (id=358):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x5c, 0x5c, 0x4, [@int={0xc, 0x0, 0x0, 0x1, 0x0, 0x67, 0x0, 0x16, 0x2}, @ptr={0x6, 0x0, 0x0, 0x2, 0x2}, @typedef={0x2, 0x0, 0x0, 0x8, 0x2}, @struct={0x8, 0x1, 0x0, 0x4, 0x0, 0x4, [{0xd, 0x2}]}, @float={0xe, 0x0, 0x0, 0x10, 0x8}, @var={0x10, 0x0, 0x0, 0xe, 0x3, 0x2}]}, {0x0, [0x61, 0x5f]}}, &(0x7f0000000300)=""/28, 0x78, 0x1c, 0x1, 0x2}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x80000}, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r2, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}, {{&(0x7f0000000500)={0xa, 0x4e22, 0x0, @remote, 0x40}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000006c0)}], 0x1}}], 0x2, 0x24000045)
shutdown(r2, 0x1)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0xc)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r4, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xfff1}, {}, {0xe, 0xd}}, [@TCA_RATE={0x12}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0xa, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000003000000000000000000000085100000feff", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000095000000000000003eb3ea73d2baf85116411b992fc4589bbadb864f359774e31d3707059e0f39cea868f6890caab9d999434de37758f41aa249c41a8363fe3abbac5a38a6f6213f0de40cb2f07654a9926ec285ce8ea30fb9049510b3eb94fa1675fc0a81168c3f867434e250beb3ce76a7034a6256023412090314a41b15a7c60747a48d6728b3e981dbcdcf4e5a0e231ec01631182f3366804dd8dcdbcc4b31e5c3820cb7c9526d29138a"], &(0x7f0000000680)='GPL\x00', 0x9, 0x11, &(0x7f00000007c0)=""/17, 0x40f00, 0x53, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000a40)={0x5, 0x9, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r5, r5, 0xffffffffffffffff], &(0x7f0000000dc0)=[{0x5, 0x5, 0x9, 0x1}, {0x5, 0x4, 0x4, 0x7}, {0x3, 0x4, 0x0, 0x4}], 0x10, 0x5}, 0x94)
bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={r7, 0xffffffffffffffff, 0x24}, 0xc)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="0800d90700000000000000bd5656", 0xe)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a80)={0x58, r9, 0x5, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x2}]}, 0x58}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0), &(0x7f0000000980)=ANY=[@ANYBLOB="5000000008021100fb020802110000000000010005002e42690f69e09fd3f0942d31e34e9ed45cbe51259e15e41db316c9098a530501a91a8f56081e000000000000"], 0x26)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000b40)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110049d74043a9323266e082e6d57e7618d253bf176632b77a23ac3a6068b81910681f737527a4fe2f9d7f2166a9dde21556d31d4ced7700"/99], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f0000000240)=@broadcast, &(0x7f0000000500)=ANY=[], 0x28)

102.997238ms ago: executing program 34 (id=367):
r0 = socket(0x2, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x30, 0x5, 0x1, 0xfffff034}, {0x6, 0x1, 0x6, 0x6}]}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4e24, 0x5, 0x4e23, 0x0, 0xa, 0x0, 0x80}, {0x3, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2}, {0xcb2d, 0x6, 0x20053e5, 0x20}, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x6c}, 0x2, @in6=@remote, 0x1502, 0x4, 0x2, 0x0, 0x0, 0x7}}, 0xe8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000009b80)=ANY=[@ANYBLOB="3c0000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000100003800c00008008000340bc"], 0x3c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r6 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x15, 0x0, &(0x7f0000000300))
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYRES32=r2, @ANYRES64=r6], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)
socket(0x2, 0xa, 0x300) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x30, 0x5, 0x1, 0xfffff034}, {0x6, 0x1, 0x6, 0x6}]}, 0x10) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4e24, 0x5, 0x4e23, 0x0, 0xa, 0x0, 0x80}, {0x3, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2}, {0xcb2d, 0x6, 0x20053e5, 0x20}, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x6c}, 0x2, @in6=@remote, 0x1502, 0x4, 0x2, 0x0, 0x0, 0x7}}, 0xe8) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000009b80)=ANY=[@ANYBLOB="3c0000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000100003800c00008008000340bc"], 0x3c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) (async)
socket$alg(0x26, 0x5, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0) (async)
bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) (async)
accept4(r4, 0x0, 0x0, 0x0) (async)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x15, 0x0, &(0x7f0000000300)) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYRES32=r2, @ANYRES64=r6], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840) (async)

61.798137ms ago: executing program 35 (id=372):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1)
sendmsg$IEEE802154_START_REQ(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x12}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x7f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_BCN_ORD={0x5}, @IEEE802154_ATTR_BAT_EXT={0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x18000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r6}, @IFLA_HSR_SLAVE1={0x8, 0x1, r3}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4)

0s ago: executing program 36 (id=371):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x25, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0x3}, @jmp={0x5, 0x0, 0x7, 0x7, 0x5, 0xffffffffffffffc0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7085}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x7}, @ldst={0x0, 0x3, 0x4, 0x4, 0xa, 0x80, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0xc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ldst={0x3, 0x2, 0x4, 0xb, 0x7, 0xfffffffffffffff0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='GPL\x00', 0x2, 0xaa, &(0x7f0000000440)=""/170, 0x81e00, 0x48, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x3, 0x1, 0x8001, 0x80}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x3, 0x3, 0x8, 0xa}, {0x3, 0x3, 0x0, 0x6}, {0x3, 0x1, 0x4, 0x7}, {0x1, 0x4, 0x1, 0x1}, {0x3, 0x4, 0xd, 0xc}, {0x5, 0x5, 0xc, 0x1}, {0x0, 0x2, 0x8, 0x5}, {0x2, 0x3, 0xe, 0x1}, {0x4, 0x5}], 0x10, 0x3ff}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000800)={r1, r0}, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000001080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd70000000000001000000040008801400020077673000000000e4ffffffffffffff000800050001000000240003000000000000000000000000000000000000000000000000000000000000000000060006"], 0x60}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r5, 0x29, 0x1a, &(0x7f0000000280)=0x80000001, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0xecf9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x2c)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0300001a"], 0x34c}}, 0x44)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r9, &(0x7f00000003c0)='pids.events\x00', 0x0, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="75bd7dd91cea14b00d0400"/20, @ANYRES32=0x0, @ANYBLOB="03000000c31006002000128008000100736974001400028008000300ac14140006000e0040000000"], 0x40}}, 0x0)

kernel console output (not intermixed with test programs):

v_msg+0x10/0x10
[  117.384341][ T6535]  ? __pfx_nbd_genl_connect+0x10/0x10
[  117.384387][ T6535]  netlink_rcv_skb+0x208/0x470
[  117.384408][ T6535]  ? __lock_acquire+0xab9/0xd20
[  117.384431][ T6535]  ? __pfx_genl_rcv_msg+0x10/0x10
[  117.384462][ T6535]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  117.384508][ T6535]  ? down_read+0x1ad/0x2e0
[  117.384539][ T6535]  genl_rcv+0x28/0x40
[  117.384566][ T6535]  netlink_unicast+0x82f/0x9e0
[  117.384612][ T6535]  ? __pfx_netlink_unicast+0x10/0x10
[  117.384649][ T6535]  ? netlink_sendmsg+0x642/0xb30
[  117.384670][ T6535]  ? skb_put+0x11b/0x210
[  117.384699][ T6535]  netlink_sendmsg+0x805/0xb30
[  117.384739][ T6535]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.384767][ T6535]  ? aa_sock_msg_perm+0x94/0x160
[  117.384793][ T6535]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  117.384817][ T6535]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.384842][ T6535]  __sock_sendmsg+0x21c/0x270
[  117.384880][ T6535]  ____sys_sendmsg+0x505/0x830
[  117.384922][ T6535]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.384961][ T6535]  ? import_iovec+0x74/0xa0
[  117.384997][ T6535]  ___sys_sendmsg+0x21f/0x2a0
[  117.385028][ T6535]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.385100][ T6535]  ? __fget_files+0x2a/0x420
[  117.385118][ T6535]  ? __fget_files+0x3a0/0x420
[  117.385151][ T6535]  __x64_sys_sendmsg+0x19b/0x260
[  117.385184][ T6535]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.385224][ T6535]  ? __pfx_ksys_write+0x10/0x10
[  117.385251][ T6535]  ? rcu_is_watching+0x15/0xb0
[  117.385283][ T6535]  ? do_syscall_64+0xbe/0x3b0
[  117.385313][ T6535]  do_syscall_64+0xfa/0x3b0
[  117.385337][ T6535]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.385361][ T6535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.385382][ T6535]  ? clear_bhb_loop+0x60/0xb0
[  117.385408][ T6535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.385427][ T6535] RIP: 0033:0x7f2f6a98e9a9
[  117.385446][ T6535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.385463][ T6535] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.385485][ T6535] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  117.385501][ T6535] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
[  117.385515][ T6535] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  117.385527][ T6535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  117.385538][ T6535] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  117.385572][ T6535]  </TASK>
[  117.812162][   T51] block nbd1: Receive control failed (result -32)
[  117.894552][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.173'.
[  118.080629][ T6567] FAULT_INJECTION: forcing a failure.
[  118.080629][ T6567] name failslab, interval 1, probability 0, space 0, times 0
[  118.121758][ T6567] CPU: 1 UID: 0 PID: 6567 Comm: syz.4.179 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  118.121789][ T6567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.121802][ T6567] Call Trace:
[  118.121810][ T6567]  <TASK>
[  118.121819][ T6567]  dump_stack_lvl+0x189/0x250
[  118.121852][ T6567]  ? __pfx____ratelimit+0x10/0x10
[  118.121877][ T6567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.121903][ T6567]  ? __pfx__printk+0x10/0x10
[  118.121939][ T6567]  ? __pfx___might_resched+0x10/0x10
[  118.121964][ T6567]  ? fs_reclaim_acquire+0x7d/0x100
[  118.121989][ T6567]  should_fail_ex+0x414/0x560
[  118.122017][ T6567]  should_failslab+0xa8/0x100
[  118.122064][ T6567]  __kmalloc_cache_noprof+0x70/0x3d0
[  118.122095][ T6567]  ? __request_module+0x2b5/0x5e0
[  118.122123][ T6567]  __request_module+0x2b5/0x5e0
[  118.122147][ T6567]  ? aa_get_newest_label+0xf7/0x5d0
[  118.122173][ T6567]  ? __pfx___request_module+0x10/0x10
[  118.122201][ T6567]  ? rcu_is_watching+0x15/0xb0
[  118.122236][ T6567]  ? security_capable+0x7e/0x2e0
[  118.122263][ T6567]  ? dev_load+0x21/0x1f0
[  118.122283][ T6567]  dev_load+0x190/0x1f0
[  118.122306][ T6567]  dev_ioctl+0x79f/0x1150
[  118.122332][ T6567]  sock_do_ioctl+0x22c/0x300
[  118.122384][ T6567]  ? __pfx_sock_do_ioctl+0x10/0x10
[  118.122414][ T6567]  ? __lock_acquire+0xab9/0xd20
[  118.122455][ T6567]  sock_ioctl+0x576/0x790
[  118.122488][ T6567]  ? __pfx_sock_ioctl+0x10/0x10
[  118.122520][ T6567]  ? __fget_files+0x2a/0x420
[  118.122538][ T6567]  ? __fget_files+0x3a0/0x420
[  118.122556][ T6567]  ? __fget_files+0x2a/0x420
[  118.122578][ T6567]  ? bpf_lsm_file_ioctl+0x9/0x20
[  118.122605][ T6567]  ? __pfx_sock_ioctl+0x10/0x10
[  118.122635][ T6567]  __se_sys_ioctl+0xfc/0x170
[  118.122664][ T6567]  do_syscall_64+0xfa/0x3b0
[  118.122688][ T6567]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.122711][ T6567]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.122733][ T6567]  ? clear_bhb_loop+0x60/0xb0
[  118.122759][ T6567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.122780][ T6567] RIP: 0033:0x7ff9c798e9a9
[  118.122799][ T6567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.122816][ T6567] RSP: 002b:00007ff9c8885038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  118.122838][ T6567] RAX: ffffffffffffffda RBX: 00007ff9c7bb5fa0 RCX: 00007ff9c798e9a9
[  118.122852][ T6567] RDX: 0000200000000380 RSI: 0000000000008949 RDI: 0000000000000004
[  118.122865][ T6567] RBP: 00007ff9c8885090 R08: 0000000000000000 R09: 0000000000000000
[  118.122878][ T6567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.122890][ T6567] R13: 0000000000000000 R14: 00007ff9c7bb5fa0 R15: 00007ffe84170128
[  118.122924][ T6567]  </TASK>
[  118.496157][ T6573] tipc: Enabling of bearer <eth:syzkaller0—> rejected, failed to enable media
[  118.573349][ T6577] IPv6: Can't replace route, no match found
[  118.684791][ T6573] netem: incorrect gi model size
[  118.690409][ T6573] netem: change failed
[  118.815297][ T6583] FAULT_INJECTION: forcing a failure.
[  118.815297][ T6583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.875980][ T6583] CPU: 1 UID: 0 PID: 6583 Comm: syz.2.183 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  118.876011][ T6583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.876023][ T6583] Call Trace:
[  118.876032][ T6583]  <TASK>
[  118.876041][ T6583]  dump_stack_lvl+0x189/0x250
[  118.876073][ T6583]  ? __pfx____ratelimit+0x10/0x10
[  118.876096][ T6583]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.876122][ T6583]  ? __pfx__printk+0x10/0x10
[  118.876151][ T6583]  ? __might_fault+0xb0/0x130
[  118.876192][ T6583]  should_fail_ex+0x414/0x560
[  118.876220][ T6583]  _copy_from_user+0x2d/0xb0
[  118.876252][ T6583]  kstrtouint_from_user+0xc4/0x170
[  118.876280][ T6583]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  118.876324][ T6583]  proc_fail_nth_write+0x88/0x240
[  118.876345][ T6583]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  118.876372][ T6583]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  118.876395][ T6583]  vfs_write+0x27e/0xa90
[  118.876433][ T6583]  ? __pfx_vfs_write+0x10/0x10
[  118.876463][ T6583]  ? __fget_files+0x2a/0x420
[  118.876487][ T6583]  ? __fget_files+0x3a0/0x420
[  118.876503][ T6583]  ? __fget_files+0x2a/0x420
[  118.876532][ T6583]  ksys_write+0x145/0x250
[  118.876563][ T6583]  ? __pfx_ksys_write+0x10/0x10
[  118.876587][ T6583]  ? rcu_is_watching+0x15/0xb0
[  118.876618][ T6583]  ? do_syscall_64+0xbe/0x3b0
[  118.876647][ T6583]  do_syscall_64+0xfa/0x3b0
[  118.876670][ T6583]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.876693][ T6583]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.876721][ T6583]  ? clear_bhb_loop+0x60/0xb0
[  118.876746][ T6583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.876767][ T6583] RIP: 0033:0x7f506ef8d45f
[  118.876786][ T6583] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.876803][ T6583] RSP: 002b:00007f506fe32030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.876825][ T6583] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f506ef8d45f
[  118.876839][ T6583] RDX: 0000000000000001 RSI: 00007f506fe320a0 RDI: 0000000000000004
[  118.876852][ T6583] RBP: 00007f506fe32090 R08: 0000000000000000 R09: 0000000000000000
[  118.876864][ T6583] R10: 0000000004040040 R11: 0000000000000293 R12: 0000000000000001
[  118.876877][ T6583] R13: 0000000000000000 R14: 00007f506f1b5fa0 R15: 00007ffcba681468
[  118.876910][ T6583]  </TASK>
[  119.170426][ T6587] FAULT_INJECTION: forcing a failure.
[  119.170426][ T6587] name failslab, interval 1, probability 0, space 0, times 0
[  119.183432][ T6587] CPU: 0 UID: 0 PID: 6587 Comm: syz.4.182 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  119.183462][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  119.183475][ T6587] Call Trace:
[  119.183483][ T6587]  <TASK>
[  119.183492][ T6587]  dump_stack_lvl+0x189/0x250
[  119.183525][ T6587]  ? __pfx____ratelimit+0x10/0x10
[  119.183550][ T6587]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.183576][ T6587]  ? __pfx__printk+0x10/0x10
[  119.183611][ T6587]  ? __rt6_find_exception_rcu+0x127/0x4c0
[  119.183652][ T6587]  should_fail_ex+0x414/0x560
[  119.183680][ T6587]  should_failslab+0xa8/0x100
[  119.183712][ T6587]  ? __pfx_ip6_dst_gc+0x10/0x10
[  119.183744][ T6587]  kmem_cache_alloc_noprof+0x73/0x3c0
[  119.183774][ T6587]  ? dst_alloc+0x105/0x170
[  119.183804][ T6587]  ? __pfx_ip6_dst_gc+0x10/0x10
[  119.183839][ T6587]  dst_alloc+0x105/0x170
[  119.183873][ T6587]  ip6_pol_route+0xa21/0x1180
[  119.183894][ T6587]  ? ip6_pol_route+0x162/0x1180
[  119.183928][ T6587]  ? __pfx_ip6_pol_route+0x10/0x10
[  119.183962][ T6587]  ? ip6t_do_table+0x1376/0x1560
[  119.183993][ T6587]  fib6_rule_lookup+0x52f/0x6f0
[  119.184018][ T6587]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  119.184040][ T6587]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  119.184077][ T6587]  ? ip6t_do_table+0x1db/0x1560
[  119.184115][ T6587]  ip6_route_input+0x6ce/0xa50
[  119.184145][ T6587]  ? __pfx_ip6_route_input+0x10/0x10
[  119.184181][ T6587]  ? nf_nat_ipv6_in+0x1fc/0x2b0
[  119.184232][ T6587]  ? ip6_rcv_finish_core+0x222/0x420
[  119.184265][ T6587]  ip6_rcv_finish+0x141/0x2e0
[  119.184296][ T6587]  NF_HOOK+0x30c/0x3a0
[  119.184322][ T6587]  ? skb_orphan+0x4f/0xd0
[  119.184352][ T6587]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  119.184379][ T6587]  ? NF_HOOK+0x9a/0x3a0
[  119.184405][ T6587]  ? __pfx_NF_HOOK+0x10/0x10
[  119.184436][ T6587]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  119.184477][ T6587]  __netif_receive_skb+0xd3/0x380
[  119.184518][ T6587]  ? netif_receive_skb+0x115/0x790
[  119.184550][ T6587]  netif_receive_skb+0x1cb/0x790
[  119.184583][ T6587]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  119.184610][ T6587]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.184649][ T6587]  ? tun_rx_batched+0x160/0x730
[  119.184684][ T6587]  tun_rx_batched+0x1b9/0x730
[  119.184715][ T6587]  ? __lock_acquire+0xab9/0xd20
[  119.184742][ T6587]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.184778][ T6587]  ? tun_get_user+0x266c/0x3e20
[  119.184826][ T6587]  tun_get_user+0x2aa2/0x3e20
[  119.184866][ T6587]  ? tun_get_user+0x6f6/0x3e20
[  119.184899][ T6587]  ? tun_get_user+0x266c/0x3e20
[  119.184943][ T6587]  ? __pfx_tun_get_user+0x10/0x10
[  119.184976][ T6587]  ? aa_file_perm+0x11f/0xed0
[  119.185002][ T6587]  ? aa_file_perm+0x3e7/0xed0
[  119.185042][ T6587]  ? ref_tracker_alloc+0x318/0x460
[  119.185064][ T6587]  ? __lock_acquire+0xab9/0xd20
[  119.185088][ T6587]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.185120][ T6587]  ? tun_get+0x1c/0x2f0
[  119.185157][ T6587]  ? tun_get+0x1c/0x2f0
[  119.185187][ T6587]  ? tun_get+0x1c/0x2f0
[  119.185223][ T6587]  tun_chr_write_iter+0x113/0x200
[  119.185258][ T6587]  vfs_write+0x54b/0xa90
[  119.185293][ T6587]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.185325][ T6587]  ? __pfx_vfs_write+0x10/0x10
[  119.185367][ T6587]  ? __fget_files+0x2a/0x420
[  119.185397][ T6587]  ksys_write+0x145/0x250
[  119.185429][ T6587]  ? __pfx_ksys_write+0x10/0x10
[  119.185465][ T6587]  ? do_syscall_64+0xbe/0x3b0
[  119.185495][ T6587]  do_syscall_64+0xfa/0x3b0
[  119.185519][ T6587]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.185543][ T6587]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.185564][ T6587]  ? clear_bhb_loop+0x60/0xb0
[  119.185591][ T6587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.185612][ T6587] RIP: 0033:0x7ff9c798d45f
[  119.185631][ T6587] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.185648][ T6587] RSP: 002b:00007ff9c8864000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.185670][ T6587] RAX: ffffffffffffffda RBX: 00007ff9c7bb6080 RCX: 00007ff9c798d45f
[  119.185686][ T6587] RDX: 000000000000003e RSI: 0000200000000400 RDI: 00000000000000c8
[  119.185699][ T6587] RBP: 00007ff9c8864090 R08: 0000000000000000 R09: 0000000000000000
[  119.185712][ T6587] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[  119.185724][ T6587] R13: 0000000000000001 R14: 00007ff9c7bb6080 R15: 00007ffe84170128
[  119.185759][ T6587]  </TASK>
[  119.888703][ T6593] __nla_validate_parse: 1 callbacks suppressed
[  119.888733][ T6593] netlink: 17 bytes leftover after parsing attributes in process `syz.2.187'.
[  120.107941][ T6604] FAULT_INJECTION: forcing a failure.
[  120.107941][ T6604] name failslab, interval 1, probability 0, space 0, times 0
[  120.186974][ T6604] CPU: 1 UID: 0 PID: 6604 Comm: syz.1.189 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  120.187005][ T6604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.187022][ T6604] Call Trace:
[  120.187030][ T6604]  <TASK>
[  120.187040][ T6604]  dump_stack_lvl+0x189/0x250
[  120.187082][ T6604]  ? __pfx____ratelimit+0x10/0x10
[  120.187106][ T6604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.187131][ T6604]  ? __pfx__printk+0x10/0x10
[  120.187163][ T6604]  ? __pfx___might_resched+0x10/0x10
[  120.187188][ T6604]  ? fs_reclaim_acquire+0x7d/0x100
[  120.187213][ T6604]  should_fail_ex+0x414/0x560
[  120.187241][ T6604]  should_failslab+0xa8/0x100
[  120.187274][ T6604]  __kmalloc_noprof+0xcb/0x4f0
[  120.187302][ T6604]  ? ip_options_get+0x51/0x4c0
[  120.187334][ T6604]  ip_options_get+0x51/0x4c0
[  120.187369][ T6604]  ip_cmsg_send+0x591/0xa70
[  120.187416][ T6604]  raw_sendmsg+0x53a/0x18b0
[  120.187462][ T6604]  ? __pfx_raw_sendmsg+0x10/0x10
[  120.187512][ T6604]  ? aa_sk_perm+0x81e/0x950
[  120.187560][ T6604]  ? __pfx_aa_sk_perm+0x10/0x10
[  120.187578][ T6604]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  120.187615][ T6604]  ? sock_rps_record_flow+0x19/0x410
[  120.187650][ T6604]  ? inet_sendmsg+0x2f4/0x370
[  120.187680][ T6604]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  120.187706][ T6604]  __sock_sendmsg+0x19c/0x270
[  120.187743][ T6604]  ____sys_sendmsg+0x505/0x830
[  120.187776][ T6604]  ? __pfx_____sys_sendmsg+0x10/0x10
[  120.187813][ T6604]  ? import_iovec+0x74/0xa0
[  120.187846][ T6604]  ___sys_sendmsg+0x21f/0x2a0
[  120.187876][ T6604]  ? __pfx____sys_sendmsg+0x10/0x10
[  120.187942][ T6604]  ? __fget_files+0x2a/0x420
[  120.187960][ T6604]  ? __fget_files+0x3a0/0x420
[  120.187995][ T6604]  __x64_sys_sendmsg+0x19b/0x260
[  120.188026][ T6604]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  120.188064][ T6604]  ? __pfx_ksys_write+0x10/0x10
[  120.188089][ T6604]  ? rcu_is_watching+0x15/0xb0
[  120.188120][ T6604]  ? do_syscall_64+0xbe/0x3b0
[  120.188149][ T6604]  do_syscall_64+0xfa/0x3b0
[  120.188172][ T6604]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.188194][ T6604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.188215][ T6604]  ? clear_bhb_loop+0x60/0xb0
[  120.188241][ T6604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.188261][ T6604] RIP: 0033:0x7f7f60d8e9a9
[  120.188285][ T6604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.188302][ T6604] RSP: 002b:00007f7f61b3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  120.188332][ T6604] RAX: ffffffffffffffda RBX: 00007f7f60fb5fa0 RCX: 00007f7f60d8e9a9
[  120.188347][ T6604] RDX: 00000000200040c4 RSI: 0000200000001640 RDI: 0000000000000003
[  120.188360][ T6604] RBP: 00007f7f61b3e090 R08: 0000000000000000 R09: 0000000000000000
[  120.188373][ T6604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.188385][ T6604] R13: 0000000000000000 R14: 00007f7f60fb5fa0 R15: 00007ffd9c6fcfe8
[  120.188417][ T6604]  </TASK>
[  120.188851][ T6607] netlink: 28 bytes leftover after parsing attributes in process `syz.0.192'.
[  120.401255][ T6617] netlink: 'syz.2.195': attribute type 2 has an invalid length.
[  120.516502][ T6607] tipc: Enabling of bearer <eth:syzkaller0
> rejected, failed to enable media
[  120.584422][ T6617] k›*·]‘: entered promiscuous mode
[  120.672331][ T6621] netlink: 'syz.3.196': attribute type 1 has an invalid length.
[  120.697107][ T6621] netlink: 'syz.3.196': attribute type 1 has an invalid length.
[  120.740304][ T6621] netlink: 216 bytes leftover after parsing attributes in process `syz.3.196'.
[  120.849772][ T6627] FAULT_INJECTION: forcing a failure.
[  120.849772][ T6627] name failslab, interval 1, probability 0, space 0, times 0
[  120.868149][ T6627] CPU: 1 UID: 0 PID: 6627 Comm: syz.2.199 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  120.868179][ T6627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.868192][ T6627] Call Trace:
[  120.868200][ T6627]  <TASK>
[  120.868209][ T6627]  dump_stack_lvl+0x189/0x250
[  120.868241][ T6627]  ? __pfx____ratelimit+0x10/0x10
[  120.868267][ T6627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.868293][ T6627]  ? __pfx__printk+0x10/0x10
[  120.868326][ T6627]  ? __pfx___might_resched+0x10/0x10
[  120.868352][ T6627]  ? fs_reclaim_acquire+0x7d/0x100
[  120.868377][ T6627]  should_fail_ex+0x414/0x560
[  120.868405][ T6627]  should_failslab+0xa8/0x100
[  120.868440][ T6627]  __kmalloc_noprof+0xcb/0x4f0
[  120.868468][ T6627]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  120.868506][ T6627]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  120.868547][ T6627]  genl_family_rcv_msg_doit+0xb8/0x300
[  120.868596][ T6627]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  120.868628][ T6627]  ? rcu_is_watching+0x15/0xb0
[  120.868657][ T6627]  ? apparmor_capable+0x137/0x1b0
[  120.868688][ T6627]  ? bpf_lsm_capable+0x9/0x20
[  120.868716][ T6627]  ? security_capable+0x7e/0x2e0
[  120.868745][ T6627]  genl_rcv_msg+0x60e/0x790
[  120.868782][ T6627]  ? __pfx_genl_rcv_msg+0x10/0x10
[  120.868810][ T6627]  ? __pfx_fou_nl_add_doit+0x10/0x10
[  120.868837][ T6627]  ? __asan_memcpy+0x40/0x70
[  120.868861][ T6627]  ? __pfx_ref_tracker_free+0x10/0x10
[  120.868895][ T6627]  netlink_rcv_skb+0x208/0x470
[  120.868916][ T6627]  ? __lock_acquire+0xab9/0xd20
[  120.868938][ T6627]  ? __pfx_genl_rcv_msg+0x10/0x10
[  120.868970][ T6627]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  120.869016][ T6627]  ? down_read+0x1ad/0x2e0
[  120.869047][ T6627]  genl_rcv+0x28/0x40
[  120.869073][ T6627]  netlink_unicast+0x82f/0x9e0
[  120.869117][ T6627]  ? __pfx_netlink_unicast+0x10/0x10
[  120.869155][ T6627]  ? netlink_sendmsg+0x642/0xb30
[  120.869176][ T6627]  ? skb_put+0x11b/0x210
[  120.869206][ T6627]  netlink_sendmsg+0x805/0xb30
[  120.869241][ T6627]  ? __pfx_netlink_sendmsg+0x10/0x10
[  120.869269][ T6627]  ? aa_sock_msg_perm+0x94/0x160
[  120.869295][ T6627]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  120.869317][ T6627]  ? __pfx_netlink_sendmsg+0x10/0x10
[  120.869342][ T6627]  __sock_sendmsg+0x21c/0x270
[  120.869379][ T6627]  ____sys_sendmsg+0x505/0x830
[  120.869412][ T6627]  ? __pfx_____sys_sendmsg+0x10/0x10
[  120.869452][ T6627]  ? import_iovec+0x74/0xa0
[  120.869487][ T6627]  ___sys_sendmsg+0x21f/0x2a0
[  120.869516][ T6627]  ? __pfx____sys_sendmsg+0x10/0x10
[  120.869596][ T6627]  ? __fget_files+0x2a/0x420
[  120.869615][ T6627]  ? __fget_files+0x3a0/0x420
[  120.869646][ T6627]  __x64_sys_sendmsg+0x19b/0x260
[  120.869678][ T6627]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  120.869719][ T6627]  ? __pfx_ksys_write+0x10/0x10
[  120.869745][ T6627]  ? rcu_is_watching+0x15/0xb0
[  120.869776][ T6627]  ? do_syscall_64+0xbe/0x3b0
[  120.869806][ T6627]  do_syscall_64+0xfa/0x3b0
[  120.869830][ T6627]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.869853][ T6627]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.869874][ T6627]  ? clear_bhb_loop+0x60/0xb0
[  120.869899][ T6627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.869918][ T6627] RIP: 0033:0x7f506ef8e9a9
[  120.869936][ T6627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.869952][ T6627] RSP: 002b:00007f506fe32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  120.869975][ T6627] RAX: ffffffffffffffda RBX: 00007f506f1b5fa0 RCX: 00007f506ef8e9a9
[  120.869990][ T6627] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000008
[  120.870003][ T6627] RBP: 00007f506fe32090 R08: 0000000000000000 R09: 0000000000000000
[  120.870016][ T6627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.870028][ T6627] R13: 0000000000000000 R14: 00007f506f1b5fa0 R15: 00007ffcba681468
[  120.870062][ T6627]  </TASK>
[  121.308126][ T6629] syzkaller1: entered promiscuous mode
[  121.313692][ T6629] syzkaller1: entered allmulticast mode
[  121.514719][ T6633] tipc: Started in network mode
[  121.542917][ T6633] tipc: Node identity ea4cf2f00355, cluster identity 4711
[  121.555208][ T6633] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.563811][ T6633] syzkaller0: entered promiscuous mode
[  121.569415][ T6633] syzkaller0: entered allmulticast mode
[  121.647109][ T6612] lo speed is unknown, defaulting to 1000
[  121.668214][ T6633] tipc: Resetting bearer <eth:syzkaller0>
[  121.715688][ T6640] ip6gretap0: entered promiscuous mode
[  121.722988][ T6643] FAULT_INJECTION: forcing a failure.
[  121.722988][ T6643] name failslab, interval 1, probability 0, space 0, times 0
[  121.735699][ T6643] CPU: 1 UID: 0 PID: 6643 Comm: syz.3.206 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  121.735729][ T6643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  121.735742][ T6643] Call Trace:
[  121.735750][ T6643]  <TASK>
[  121.735759][ T6643]  dump_stack_lvl+0x189/0x250
[  121.735791][ T6643]  ? __pfx____ratelimit+0x10/0x10
[  121.735815][ T6643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.735841][ T6643]  ? __pfx__printk+0x10/0x10
[  121.735878][ T6643]  ? __rt6_find_exception_rcu+0x127/0x4c0
[  121.735919][ T6643]  should_fail_ex+0x414/0x560
[  121.735947][ T6643]  should_failslab+0xa8/0x100
[  121.735980][ T6643]  ? __pfx_ip6_dst_gc+0x10/0x10
[  121.736011][ T6643]  kmem_cache_alloc_noprof+0x73/0x3c0
[  121.736040][ T6643]  ? dst_alloc+0x105/0x170
[  121.736070][ T6643]  ? __pfx_ip6_dst_gc+0x10/0x10
[  121.736103][ T6643]  dst_alloc+0x105/0x170
[  121.736138][ T6643]  ip6_pol_route+0xa21/0x1180
[  121.736159][ T6643]  ? ip6_pol_route+0x162/0x1180
[  121.736185][ T6643]  ? __pfx_ip6_pol_route+0x10/0x10
[  121.736206][ T6643]  ? __lock_acquire+0xab9/0xd20
[  121.736234][ T6643]  ? inet6_ehashfn+0xb3/0x570
[  121.736258][ T6643]  ? ip6t_do_table+0x1376/0x1560
[  121.736287][ T6643]  fib6_rule_lookup+0x52f/0x6f0
[  121.736311][ T6643]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  121.736333][ T6643]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  121.736365][ T6643]  ? __inet6_lookup_established+0xb95/0xc30
[  121.736405][ T6643]  ip6_route_input+0x6ce/0xa50
[  121.736436][ T6643]  ? __pfx_ip6_route_input+0x10/0x10
[  121.736492][ T6643]  ? ip6_rcv_finish_core+0x222/0x420
[  121.736524][ T6643]  ip6_rcv_finish+0x141/0x2e0
[  121.736556][ T6643]  NF_HOOK+0x30c/0x3a0
[  121.736581][ T6643]  ? skb_orphan+0x4f/0xd0
[  121.736611][ T6643]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  121.736644][ T6643]  ? NF_HOOK+0x9a/0x3a0
[  121.736670][ T6643]  ? __pfx_NF_HOOK+0x10/0x10
[  121.736702][ T6643]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  121.736743][ T6643]  __netif_receive_skb+0xd3/0x380
[  121.736785][ T6643]  ? netif_receive_skb+0x115/0x790
[  121.736816][ T6643]  netif_receive_skb+0x1cb/0x790
[  121.736849][ T6643]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  121.736875][ T6643]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.736914][ T6643]  ? tun_rx_batched+0x160/0x730
[  121.736948][ T6643]  tun_rx_batched+0x1b9/0x730
[  121.736978][ T6643]  ? __lock_acquire+0xab9/0xd20
[  121.737005][ T6643]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.737040][ T6643]  ? tun_get_user+0x266c/0x3e20
[  121.737087][ T6643]  tun_get_user+0x2aa2/0x3e20
[  121.737127][ T6643]  ? tun_get_user+0x6f6/0x3e20
[  121.737160][ T6643]  ? tun_get_user+0x266c/0x3e20
[  121.737198][ T6643]  ? __pfx_tun_get_user+0x10/0x10
[  121.737231][ T6643]  ? aa_file_perm+0x11f/0xed0
[  121.737255][ T6643]  ? aa_file_perm+0x3e7/0xed0
[  121.737296][ T6643]  ? ref_tracker_alloc+0x318/0x460
[  121.737317][ T6643]  ? __lock_acquire+0xab9/0xd20
[  121.737341][ T6643]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.737372][ T6643]  ? tun_get+0x1c/0x2f0
[  121.737410][ T6643]  ? tun_get+0x1c/0x2f0
[  121.737439][ T6643]  ? tun_get+0x1c/0x2f0
[  121.737476][ T6643]  tun_chr_write_iter+0x113/0x200
[  121.737510][ T6643]  vfs_write+0x54b/0xa90
[  121.737544][ T6643]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.737577][ T6643]  ? __pfx_vfs_write+0x10/0x10
[  121.737618][ T6643]  ? __fget_files+0x2a/0x420
[  121.737654][ T6643]  ksys_write+0x145/0x250
[  121.737686][ T6643]  ? __pfx_ksys_write+0x10/0x10
[  121.737710][ T6643]  ? rcu_is_watching+0x15/0xb0
[  121.737743][ T6643]  ? do_syscall_64+0xbe/0x3b0
[  121.737772][ T6643]  do_syscall_64+0xfa/0x3b0
[  121.737795][ T6643]  ? lockdep_hardirqs_on+0x9c/0x150
[  121.737818][ T6643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.737839][ T6643]  ? clear_bhb_loop+0x60/0xb0
[  121.737867][ T6643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.737887][ T6643] RIP: 0033:0x7f2f6a98d45f
[  121.737908][ T6643] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.737925][ T6643] RSP: 002b:00007f2f6b8b0000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.737948][ T6643] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98d45f
[  121.737963][ T6643] RDX: 0000000000000083 RSI: 0000200000000540 RDI: 00000000000000c8
[  121.737975][ T6643] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  121.737988][ T6643] R10: 0000000000000083 R11: 0000000000000293 R12: 0000000000000001
[  121.738000][ T6643] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  121.738034][ T6643]  </TASK>
[  121.766209][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.1.207'.
[  121.774925][ T6640] vlan2: entered promiscuous mode
[  122.283107][ T6632] tipc: Resetting bearer <eth:syzkaller0>
[  122.297005][ T6632] tipc: Disabling bearer <eth:syzkaller0>
[  122.351714][ T6650] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  122.420538][ T6650] tipc: Started in network mode
[  122.436920][ T6650] tipc: Node identity ceaea8de6771, cluster identity 4711
[  122.444620][ T6650] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.507276][ T6651] syzkaller0: entered promiscuous mode
[  122.512832][ T6651] syzkaller0: entered allmulticast mode
[  122.591946][ T6650] tipc: Resetting bearer <eth:syzkaller0>
[  122.613622][ T6649] tipc: Resetting bearer <eth:syzkaller0>
[  122.649627][ T6649] tipc: Disabling bearer <eth:syzkaller0>
[  122.748829][ T6656] FAULT_INJECTION: forcing a failure.
[  122.748829][ T6656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.774358][ T6656] CPU: 0 UID: 0 PID: 6656 Comm: syz.0.211 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  122.774390][ T6656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  122.774402][ T6656] Call Trace:
[  122.774412][ T6656]  <TASK>
[  122.774421][ T6656]  dump_stack_lvl+0x189/0x250
[  122.774453][ T6656]  ? __pfx____ratelimit+0x10/0x10
[  122.774478][ T6656]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.774504][ T6656]  ? __pfx__printk+0x10/0x10
[  122.774548][ T6656]  should_fail_ex+0x414/0x560
[  122.774586][ T6656]  _copy_to_user+0x31/0xb0
[  122.774620][ T6656]  simple_read_from_buffer+0xe1/0x170
[  122.774657][ T6656]  proc_fail_nth_read+0x1df/0x250
[  122.774682][ T6656]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  122.774707][ T6656]  ? rw_verify_area+0x258/0x650
[  122.774734][ T6656]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  122.774757][ T6656]  vfs_read+0x200/0x980
[  122.774791][ T6656]  ? __pfx___mutex_lock+0x10/0x10
[  122.774817][ T6656]  ? __pfx_vfs_read+0x10/0x10
[  122.774846][ T6656]  ? __fget_files+0x2a/0x420
[  122.774870][ T6656]  ? __fget_files+0x3a0/0x420
[  122.774887][ T6656]  ? __fget_files+0x2a/0x420
[  122.774916][ T6656]  ksys_read+0x145/0x250
[  122.774948][ T6656]  ? __pfx_ksys_read+0x10/0x10
[  122.774973][ T6656]  ? rcu_is_watching+0x15/0xb0
[  122.775004][ T6656]  ? do_syscall_64+0xbe/0x3b0
[  122.775034][ T6656]  do_syscall_64+0xfa/0x3b0
[  122.775058][ T6656]  ? lockdep_hardirqs_on+0x9c/0x150
[  122.775081][ T6656]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.775102][ T6656]  ? clear_bhb_loop+0x60/0xb0
[  122.775129][ T6656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.775150][ T6656] RIP: 0033:0x7f2111d8d3bc
[  122.775168][ T6656] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  122.775186][ T6656] RSP: 002b:00007f2112c14030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  122.775208][ T6656] RAX: ffffffffffffffda RBX: 00007f2111fb5fa0 RCX: 00007f2111d8d3bc
[  122.775223][ T6656] RDX: 000000000000000f RSI: 00007f2112c140a0 RDI: 0000000000000004
[  122.775236][ T6656] RBP: 00007f2112c14090 R08: 0000000000000000 R09: 0000000000000000
[  122.775249][ T6656] R10: 0000000000010102 R11: 0000000000000246 R12: 0000000000000001
[  122.775262][ T6656] R13: 0000000000000000 R14: 00007f2111fb5fa0 R15: 00007ffc91c8d3c8
[  122.775295][ T6656]  </TASK>
[  123.220051][ T6672] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  123.284947][ T6680] FAULT_INJECTION: forcing a failure.
[  123.284947][ T6680] name failslab, interval 1, probability 0, space 0, times 0
[  123.298573][ T6680] CPU: 0 UID: 0 PID: 6680 Comm: syz.2.219 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  123.298603][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  123.298616][ T6680] Call Trace:
[  123.298624][ T6680]  <TASK>
[  123.298634][ T6680]  dump_stack_lvl+0x189/0x250
[  123.298667][ T6680]  ? __pfx____ratelimit+0x10/0x10
[  123.298693][ T6680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.298718][ T6680]  ? __pfx__printk+0x10/0x10
[  123.298755][ T6680]  ? __pfx___might_resched+0x10/0x10
[  123.298786][ T6680]  should_fail_ex+0x414/0x560
[  123.298815][ T6680]  should_failslab+0xa8/0x100
[  123.298850][ T6680]  __kmalloc_cache_noprof+0x70/0x3d0
[  123.298881][ T6680]  ? ovs_nla_get_identifier+0x72/0xd0
[  123.298915][ T6680]  ovs_nla_get_identifier+0x72/0xd0
[  123.298947][ T6680]  ovs_flow_cmd_new+0x436/0xd80
[  123.298969][ T6680]  ? __dev_queue_xmit+0x1af1/0x3b50
[  123.299009][ T6680]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  123.299099][ T6680]  ? __nla_parse+0x40/0x60
[  123.299130][ T6680]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  123.299171][ T6680]  genl_family_rcv_msg_doit+0x212/0x300
[  123.299210][ T6680]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  123.299264][ T6680]  ? bpf_lsm_capable+0x9/0x20
[  123.299292][ T6680]  ? security_capable+0x7e/0x2e0
[  123.299323][ T6680]  genl_rcv_msg+0x60e/0x790
[  123.299360][ T6680]  ? __pfx_genl_rcv_msg+0x10/0x10
[  123.299388][ T6680]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  123.299415][ T6680]  ? __asan_memcpy+0x40/0x70
[  123.299439][ T6680]  ? __pfx_ref_tracker_free+0x10/0x10
[  123.299473][ T6680]  netlink_rcv_skb+0x208/0x470
[  123.299493][ T6680]  ? __lock_acquire+0xab9/0xd20
[  123.299516][ T6680]  ? __pfx_genl_rcv_msg+0x10/0x10
[  123.299547][ T6680]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  123.299592][ T6680]  ? down_read+0x1ad/0x2e0
[  123.299623][ T6680]  genl_rcv+0x28/0x40
[  123.299649][ T6680]  netlink_unicast+0x82f/0x9e0
[  123.299693][ T6680]  ? __pfx_netlink_unicast+0x10/0x10
[  123.299729][ T6680]  ? netlink_sendmsg+0x642/0xb30
[  123.299750][ T6680]  ? skb_put+0x11b/0x210
[  123.299780][ T6680]  netlink_sendmsg+0x805/0xb30
[  123.299814][ T6680]  ? __pfx_netlink_sendmsg+0x10/0x10
[  123.299841][ T6680]  ? aa_sock_msg_perm+0x94/0x160
[  123.299867][ T6680]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  123.299890][ T6680]  ? __pfx_netlink_sendmsg+0x10/0x10
[  123.299913][ T6680]  __sock_sendmsg+0x21c/0x270
[  123.299946][ T6680]  ____sys_sendmsg+0x505/0x830
[  123.299979][ T6680]  ? __pfx_____sys_sendmsg+0x10/0x10
[  123.300015][ T6680]  ? import_iovec+0x74/0xa0
[  123.300050][ T6680]  ___sys_sendmsg+0x21f/0x2a0
[  123.300077][ T6680]  ? __pfx____sys_sendmsg+0x10/0x10
[  123.300143][ T6680]  ? __fget_files+0x2a/0x420
[  123.300161][ T6680]  ? __fget_files+0x3a0/0x420
[  123.300190][ T6680]  __x64_sys_sendmsg+0x19b/0x260
[  123.300220][ T6680]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  123.300267][ T6680]  ? __pfx_ksys_write+0x10/0x10
[  123.300293][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.300326][ T6680]  ? do_syscall_64+0xbe/0x3b0
[  123.300356][ T6680]  do_syscall_64+0xfa/0x3b0
[  123.300379][ T6680]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.300403][ T6680]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.300424][ T6680]  ? clear_bhb_loop+0x60/0xb0
[  123.300451][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.300472][ T6680] RIP: 0033:0x7f506ef8e9a9
[  123.300491][ T6680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.300510][ T6680] RSP: 002b:00007f506fe32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  123.300533][ T6680] RAX: ffffffffffffffda RBX: 00007f506f1b5fa0 RCX: 00007f506ef8e9a9
[  123.300563][ T6680] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  123.300576][ T6680] RBP: 00007f506fe32090 R08: 0000000000000000 R09: 0000000000000000
[  123.300589][ T6680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  123.300601][ T6680] R13: 0000000000000000 R14: 00007f506f1b5fa0 R15: 00007ffcba681468
[  123.300635][ T6680]  </TASK>
[  124.479583][ T6704] macsec1: entered promiscuous mode
[  124.508279][ T6709] netlink: 20 bytes leftover after parsing attributes in process `syz.2.229'.
[  124.533448][ T6704] macsec1: entered allmulticast mode
[  124.700064][ T6713] bridge_slave_0: left allmulticast mode
[  124.705796][ T6713] bridge_slave_0: left promiscuous mode
[  124.769201][ T6713] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.802091][ T6724] netlink: 268 bytes leftover after parsing attributes in process `syz.2.230'.
[  124.894344][ T6713] bridge_slave_1: left allmulticast mode
[  124.985648][ T6713] bridge_slave_1: left promiscuous mode
[  124.995769][ T6713] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.025208][ T6729] netlink: 12 bytes leftover after parsing attributes in process `syz.1.227'.
[  125.272380][   T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  125.362388][ T6713] bond0: (slave bond_slave_0): Releasing backup interface
[  125.402629][ T6713] bond0: (slave bond_slave_1): Releasing backup interface
[  125.431323][ T6745] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  125.437985][ T6745] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  125.625613][ T6713] team0: Port device team_slave_0 removed
[  125.670598][ T6713] team0: Port device team_slave_1 removed
[  125.708058][ T6713] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.715528][ T6713] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.778572][ T6713] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.799022][ T6713] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.861519][ T6713] team0: Port device vlan0 removed
[  125.904947][ T6713] team0: Port device bridge1 removed
[  126.180165][ T6743] tipc: New replicast peer: 255.255.255.255
[  126.198017][ T6743] tipc: Enabled bearer <udp:syz2>, priority 10
[  126.220625][ T6753] netlink: 'syz.4.237': attribute type 3 has an invalid length.
[  126.246528][ T6753] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.237'.
[  126.460618][ T6761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.241'.
[  126.482559][ T6761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.241'.
[  126.525007][ T6761] bridge0: port 3(vlan2) entered blocking state
[  126.532075][ T6761] bridge0: port 3(vlan2) entered disabled state
[  126.538890][ T6761] vlan2: entered allmulticast mode
[  126.544252][ T6761] bridge0: entered allmulticast mode
[  126.564175][ T6761] vlan2: left allmulticast mode
[  126.588310][ T6761] bridge0: left allmulticast mode
[  127.052582][   T30] audit: type=1800 audit(1753436489.489:4): pid=6784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.249" name="x000000000000000700000000000000000000007" dev="tmpfs" ino=217 res=0 errno=0
[  127.108404][ T6792] openvswitch: netlink: Missing key (keys=40, expected=80)
[  127.327754][   T43] tipc: Node number set to 2850007262
[  127.744460][ T6814] netlink: 'syz.4.256': attribute type 9 has an invalid length.
[  127.758384][ T6814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.256'.
[  127.783589][ T6816] netlink: 8 bytes leftover after parsing attributes in process `syz.0.257'.
[  127.798309][ T6816] netlink: 8 bytes leftover after parsing attributes in process `syz.0.257'.
[  128.119806][ T6822] netlink: 56 bytes leftover after parsing attributes in process `syz.2.259'.
[  128.272085][ T6831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.262'.
[  129.260559][ T6812] bond0: entered promiscuous mode
[  129.268871][ T6812] bond0: left promiscuous mode
[  129.285661][ T6814] macvlan3: entered promiscuous mode
[  129.294360][ T6814] macvlan3: entered allmulticast mode
[  129.304707][ T6817] (unnamed net_device) (uninitialized): option ad_select: invalid value (34)
[  129.326635][ T6802] lo speed is unknown, defaulting to 1000
[  129.504277][ T6839] openvswitch: netlink: Message has 4 unknown bytes.
[  129.524893][ T6839] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  129.657540][ T6841] netlink: 'syz.0.264': attribute type 1 has an invalid length.
[  129.717388][ T6842] netlink: 'syz.4.266': attribute type 10 has an invalid length.
[  129.732914][ T6842] netlink: 40 bytes leftover after parsing attributes in process `syz.4.266'.
[  129.964616][ T6853] FAULT_INJECTION: forcing a failure.
[  129.964616][ T6853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.035573][ T6853] CPU: 0 UID: 0 PID: 6853 Comm: syz.1.269 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  130.035625][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  130.035638][ T6853] Call Trace:
[  130.035647][ T6853]  <TASK>
[  130.035657][ T6853]  dump_stack_lvl+0x189/0x250
[  130.035690][ T6853]  ? __pfx____ratelimit+0x10/0x10
[  130.035715][ T6853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.035741][ T6853]  ? __pfx__printk+0x10/0x10
[  130.035770][ T6853]  ? __might_fault+0xb0/0x130
[  130.035813][ T6853]  should_fail_ex+0x414/0x560
[  130.035841][ T6853]  _copy_from_user+0x2d/0xb0
[  130.035877][ T6853]  ___sys_sendmsg+0x158/0x2a0
[  130.035907][ T6853]  ? __pfx____sys_sendmsg+0x10/0x10
[  130.035971][ T6853]  ? __fget_files+0x2a/0x420
[  130.035989][ T6853]  ? __fget_files+0x3a0/0x420
[  130.036019][ T6853]  __x64_sys_sendmsg+0x19b/0x260
[  130.036047][ T6853]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  130.036084][ T6853]  ? __pfx_ksys_write+0x10/0x10
[  130.036119][ T6853]  ? do_syscall_64+0xbe/0x3b0
[  130.036143][ T6853]  do_syscall_64+0xfa/0x3b0
[  130.036162][ T6853]  ? lockdep_hardirqs_on+0x9c/0x150
[  130.036184][ T6853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.036205][ T6853]  ? clear_bhb_loop+0x60/0xb0
[  130.036231][ T6853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.036251][ T6853] RIP: 0033:0x7f7f60d8e9a9
[  130.036268][ T6853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.036282][ T6853] RSP: 002b:00007f7f61b1d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  130.036301][ T6853] RAX: ffffffffffffffda RBX: 00007f7f60fb6080 RCX: 00007f7f60d8e9a9
[  130.036314][ T6853] RDX: 0000000000004000 RSI: 0000200000006040 RDI: 0000000000000003
[  130.036325][ T6853] RBP: 00007f7f61b1d090 R08: 0000000000000000 R09: 0000000000000000
[  130.036335][ T6853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.036345][ T6853] R13: 0000000000000001 R14: 00007f7f60fb6080 R15: 00007ffd9c6fcfe8
[  130.036371][ T6853]  </TASK>
[  130.271249][ T6842] team0: Port device geneve0 added
[  130.292084][ T6847] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  130.324467][ T6842] syz.4.266 (6842) used greatest stack depth: 19928 bytes left
[  130.860459][ T6870] FAULT_INJECTION: forcing a failure.
[  130.860459][ T6870] name failslab, interval 1, probability 0, space 0, times 0
[  130.883565][ T6867] block nbd2: not configured, cannot reconfigure
[  130.894561][ T6868] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  130.897216][ T6870] CPU: 1 UID: 0 PID: 6870 Comm: syz.4.274 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  130.897250][ T6870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  130.897264][ T6870] Call Trace:
[  130.897274][ T6870]  <TASK>
[  130.897284][ T6870]  dump_stack_lvl+0x189/0x250
[  130.897320][ T6870]  ? __pfx____ratelimit+0x10/0x10
[  130.897349][ T6870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.897377][ T6870]  ? __pfx__printk+0x10/0x10
[  130.897417][ T6870]  ? __pfx___might_resched+0x10/0x10
[  130.897453][ T6870]  should_fail_ex+0x414/0x560
[  130.897486][ T6870]  should_failslab+0xa8/0x100
[  130.897527][ T6870]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  130.897563][ T6870]  ? __alloc_skb+0x112/0x2d0
[  130.897598][ T6870]  __alloc_skb+0x112/0x2d0
[  130.897629][ T6870]  netlink_sendmsg+0x5c6/0xb30
[  130.897667][ T6870]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.897699][ T6870]  ? aa_sock_msg_perm+0x94/0x160
[  130.897728][ T6870]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  130.897753][ T6870]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.897781][ T6870]  __sock_sendmsg+0x21c/0x270
[  130.897829][ T6870]  ____sys_sendmsg+0x505/0x830
[  130.897869][ T6870]  ? __pfx_____sys_sendmsg+0x10/0x10
[  130.897910][ T6870]  ? import_iovec+0x74/0xa0
[  130.897951][ T6870]  ___sys_sendmsg+0x21f/0x2a0
[  130.897983][ T6870]  ? __pfx____sys_sendmsg+0x10/0x10
[  130.898060][ T6870]  ? __fget_files+0x2a/0x420
[  130.898080][ T6870]  ? __fget_files+0x3a0/0x420
[  130.898114][ T6870]  __x64_sys_sendmsg+0x19b/0x260
[  130.898149][ T6870]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  130.898193][ T6870]  ? __pfx_ksys_write+0x10/0x10
[  130.898222][ T6870]  ? rcu_is_watching+0x15/0xb0
[  130.898257][ T6870]  ? do_syscall_64+0xbe/0x3b0
[  130.898292][ T6870]  do_syscall_64+0xfa/0x3b0
[  130.898318][ T6870]  ? lockdep_hardirqs_on+0x9c/0x150
[  130.898343][ T6870]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.898368][ T6870]  ? clear_bhb_loop+0x60/0xb0
[  130.898397][ T6870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.898419][ T6870] RIP: 0033:0x7ff9c798e9a9
[  130.898442][ T6870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.898461][ T6870] RSP: 002b:00007ff9c8885038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  130.898487][ T6870] RAX: ffffffffffffffda RBX: 00007ff9c7bb5fa0 RCX: 00007ff9c798e9a9
[  130.898505][ T6870] RDX: 0000000000004804 RSI: 0000200000000300 RDI: 0000000000000003
[  130.898519][ T6870] RBP: 00007ff9c8885090 R08: 0000000000000000 R09: 0000000000000000
[  130.898534][ T6870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.898547][ T6870] R13: 0000000000000000 R14: 00007ff9c7bb5fa0 R15: 00007ffe84170128
[  130.898584][ T6870]  </TASK>
[  130.961230][ T6869] tipc: Started in network mode
[  131.188851][ T6869] tipc: Node identity f2298121269b, cluster identity 4711
[  131.209117][ T6869] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  131.220196][ T6874] syzkaller0: entered promiscuous mode
[  131.228971][ T6874] syzkaller0: entered allmulticast mode
[  131.316760][ T6869] __nla_validate_parse: 2 callbacks suppressed
[  131.316780][ T6869] netlink: 56 bytes leftover after parsing attributes in process `syz.1.276'.
[  131.480931][ T6838] lo speed is unknown, defaulting to 1000
[  131.511442][ T6869] tipc: Resetting bearer <eth:syzkaller0>
[  131.569458][ T6865] tipc: Resetting bearer <eth:syzkaller0>
[  131.608289][ T6865] tipc: Disabling bearer <eth:syzkaller0>
[  131.629324][ T6889] netlink: 12 bytes leftover after parsing attributes in process `syz.3.282'.
[  131.678732][ T6889] FAULT_INJECTION: forcing a failure.
[  131.678732][ T6889] name failslab, interval 1, probability 0, space 0, times 0
[  131.701761][ T6889] CPU: 0 UID: 0 PID: 6889 Comm: syz.3.282 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  131.701793][ T6889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  131.701806][ T6889] Call Trace:
[  131.701815][ T6889]  <TASK>
[  131.701824][ T6889]  dump_stack_lvl+0x189/0x250
[  131.701856][ T6889]  ? __pfx____ratelimit+0x10/0x10
[  131.701881][ T6889]  ? __pfx_dump_stack_lvl+0x10/0x10
[  131.701907][ T6889]  ? __pfx__printk+0x10/0x10
[  131.701945][ T6889]  ? __pfx___might_resched+0x10/0x10
[  131.701969][ T6889]  ? fs_reclaim_acquire+0x7d/0x100
[  131.701996][ T6889]  should_fail_ex+0x414/0x560
[  131.702024][ T6889]  ? alloc_netdev_mqs+0xa3/0x1170
[  131.702053][ T6889]  should_failslab+0xa8/0x100
[  131.702087][ T6889]  __kvmalloc_node_noprof+0x161/0x5f0
[  131.702120][ T6889]  ? alloc_netdev_mqs+0xa3/0x1170
[  131.702148][ T6889]  ? snprintf+0xda/0x120
[  131.702185][ T6889]  alloc_netdev_mqs+0xa3/0x1170
[  131.702214][ T6889]  ? __pfx_vlan_setup+0x10/0x10
[  131.702248][ T6889]  rtnl_create_link+0x31f/0xd10
[  131.702288][ T6889]  rtnl_newlink_create+0x25c/0xb00
[  131.702321][ T6889]  ? __mutex_lock+0x51b/0xe80
[  131.702352][ T6889]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  131.702381][ T6889]  ? rtnl_newlink+0x8db/0x1c70
[  131.702407][ T6889]  ? __pfx___mutex_lock+0x10/0x10
[  131.702444][ T6889]  ? ns_capable+0x8a/0xf0
[  131.702473][ T6889]  rtnl_newlink+0x16d6/0x1c70
[  131.702498][ T6889]  ? netlink_sendmsg+0x805/0xb30
[  131.702535][ T6889]  ? __pfx_rtnl_newlink+0x10/0x10
[  131.702584][ T6889]  ? kasan_quarantine_put+0xdd/0x220
[  131.702612][ T6889]  ? lockdep_hardirqs_on+0x9c/0x150
[  131.702641][ T6889]  ? nlmon_xmit+0xb0/0x100
[  131.702671][ T6889]  ? kmem_cache_free+0x18f/0x400
[  131.702710][ T6889]  ? __local_bh_enable_ip+0x12d/0x1c0
[  131.702742][ T6889]  ? lockdep_hardirqs_on+0x9c/0x150
[  131.702768][ T6889]  ? __local_bh_enable_ip+0x12d/0x1c0
[  131.702792][ T6889]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  131.702822][ T6889]  ? __dev_queue_xmit+0x27b/0x3b50
[  131.702868][ T6889]  ? __lock_acquire+0xab9/0xd20
[  131.702921][ T6889]  ? __pfx_rtnl_newlink+0x10/0x10
[  131.702944][ T6889]  rtnetlink_rcv_msg+0x7cf/0xb70
[  131.702972][ T6889]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  131.702994][ T6889]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  131.703014][ T6889]  ? ref_tracker_free+0x63a/0x7d0
[  131.703039][ T6889]  ? __asan_memcpy+0x40/0x70
[  131.703064][ T6889]  ? __pfx_ref_tracker_free+0x10/0x10
[  131.703086][ T6889]  ? __skb_clone+0x63/0x7a0
[  131.703126][ T6889]  netlink_rcv_skb+0x208/0x470
[  131.703150][ T6889]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  131.703176][ T6889]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  131.703213][ T6889]  ? netlink_deliver_tap+0x2e/0x1b0
[  131.703246][ T6889]  netlink_unicast+0x82f/0x9e0
[  131.703291][ T6889]  ? __pfx_netlink_unicast+0x10/0x10
[  131.703327][ T6889]  ? netlink_sendmsg+0x642/0xb30
[  131.703349][ T6889]  ? skb_put+0x11b/0x210
[  131.703378][ T6889]  netlink_sendmsg+0x805/0xb30
[  131.703414][ T6889]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.703441][ T6889]  ? aa_sock_msg_perm+0x94/0x160
[  131.703467][ T6889]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  131.703489][ T6889]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.703515][ T6889]  __sock_sendmsg+0x21c/0x270
[  131.703552][ T6889]  ____sys_sendmsg+0x505/0x830
[  131.703588][ T6889]  ? __pfx_____sys_sendmsg+0x10/0x10
[  131.703627][ T6889]  ? import_iovec+0x74/0xa0
[  131.703662][ T6889]  ___sys_sendmsg+0x21f/0x2a0
[  131.703693][ T6889]  ? __pfx____sys_sendmsg+0x10/0x10
[  131.703771][ T6889]  ? __fget_files+0x2a/0x420
[  131.703790][ T6889]  ? __fget_files+0x3a0/0x420
[  131.703821][ T6889]  __x64_sys_sendmsg+0x19b/0x260
[  131.703852][ T6889]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  131.703891][ T6889]  ? __pfx_ksys_write+0x10/0x10
[  131.703918][ T6889]  ? rcu_is_watching+0x15/0xb0
[  131.703947][ T6889]  ? do_syscall_64+0xbe/0x3b0
[  131.703977][ T6889]  do_syscall_64+0xfa/0x3b0
[  131.703999][ T6889]  ? lockdep_hardirqs_on+0x9c/0x150
[  131.704022][ T6889]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.704043][ T6889]  ? clear_bhb_loop+0x60/0xb0
[  131.704069][ T6889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.704089][ T6889] RIP: 0033:0x7f2f6a98e9a9
[  131.704107][ T6889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.704124][ T6889] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  131.704146][ T6889] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  131.704161][ T6889] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000015
[  131.704173][ T6889] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  131.704186][ T6889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.704197][ T6889] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  131.704229][ T6889]  </TASK>
[  132.462861][ T6892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.283'.
[  132.665745][ T6898] netlink: 'syz.3.286': attribute type 10 has an invalid length.
[  132.685549][ T6898] netlink: 2 bytes leftover after parsing attributes in process `syz.3.286'.
[  132.706483][ T6898] team0: entered promiscuous mode
[  132.719809][ T6898] team_slave_0: entered promiscuous mode
[  132.736367][ T6898] team_slave_1: entered promiscuous mode
[  132.748896][ T6898] bridge0: port 3(team0) entered blocking state
[  132.768226][ T6898] bridge0: port 3(team0) entered disabled state
[  132.785064][ T6898] team0: entered allmulticast mode
[  132.792457][ T6898] team_slave_0: entered allmulticast mode
[  132.800887][ T6898] team_slave_1: entered allmulticast mode
[  132.817735][ T6898] bridge0: port 3(team0) entered blocking state
[  132.824865][ T6898] bridge0: port 3(team0) entered forwarding state
[  132.960987][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.969072][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.168757][ T6911] FAULT_INJECTION: forcing a failure.
[  133.168757][ T6911] name failslab, interval 1, probability 0, space 0, times 0
[  133.196424][ T6907] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  133.209841][ T6907] netlink: 8 bytes leftover after parsing attributes in process `syz.1.289'.
[  133.218992][ T6907] tipc: Enabled bearer <eth:vlan0>, priority 18
[  133.246079][ T6911] CPU: 1 UID: 0 PID: 6911 Comm: syz.3.290 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  133.246110][ T6911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  133.246122][ T6911] Call Trace:
[  133.246131][ T6911]  <TASK>
[  133.246140][ T6911]  dump_stack_lvl+0x189/0x250
[  133.246173][ T6911]  ? __pfx____ratelimit+0x10/0x10
[  133.246197][ T6911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.246222][ T6911]  ? __pfx__printk+0x10/0x10
[  133.246258][ T6911]  ? __pfx___might_resched+0x10/0x10
[  133.246313][ T6911]  ? fs_reclaim_acquire+0x7d/0x100
[  133.246347][ T6911]  should_fail_ex+0x414/0x560
[  133.246375][ T6911]  should_failslab+0xa8/0x100
[  133.246409][ T6911]  __kmalloc_cache_noprof+0x70/0x3d0
[  133.246438][ T6911]  ? dev_ethtool+0x126/0x19b0
[  133.246471][ T6911]  dev_ethtool+0x126/0x19b0
[  133.246501][ T6911]  ? __lock_acquire+0xab9/0xd20
[  133.246529][ T6911]  ? __pfx_dev_ethtool+0x10/0x10
[  133.246568][ T6911]  ? dev_load+0x21/0x1f0
[  133.246592][ T6911]  ? dev_load+0x21/0x1f0
[  133.246615][ T6911]  dev_ioctl+0x392/0x1150
[  133.246641][ T6911]  sock_do_ioctl+0x22c/0x300
[  133.246677][ T6911]  ? __pfx_sock_do_ioctl+0x10/0x10
[  133.246706][ T6911]  ? __lock_acquire+0xab9/0xd20
[  133.246744][ T6911]  sock_ioctl+0x576/0x790
[  133.246778][ T6911]  ? __pfx_sock_ioctl+0x10/0x10
[  133.246810][ T6911]  ? __fget_files+0x2a/0x420
[  133.246827][ T6911]  ? __fget_files+0x3a0/0x420
[  133.246845][ T6911]  ? __fget_files+0x2a/0x420
[  133.246867][ T6911]  ? bpf_lsm_file_ioctl+0x9/0x20
[  133.246893][ T6911]  ? __pfx_sock_ioctl+0x10/0x10
[  133.246924][ T6911]  __se_sys_ioctl+0xfc/0x170
[  133.246954][ T6911]  do_syscall_64+0xfa/0x3b0
[  133.246978][ T6911]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.247000][ T6911]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.247021][ T6911]  ? clear_bhb_loop+0x60/0xb0
[  133.247047][ T6911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.247072][ T6911] RIP: 0033:0x7f2f6a98e9a9
[  133.247090][ T6911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.247107][ T6911] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  133.247130][ T6911] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  133.247145][ T6911] RDX: 00002000000003c0 RSI: 0000000000008946 RDI: 0000000000000003
[  133.247158][ T6911] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  133.247171][ T6911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.247183][ T6911] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  133.247215][ T6911]  </TASK>
[  133.572914][ T6915] FAULT_INJECTION: forcing a failure.
[  133.572914][ T6915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.595646][ T6885] lo speed is unknown, defaulting to 1000
[  133.602976][ T6915] CPU: 1 UID: 0 PID: 6915 Comm: syz.3.291 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  133.603005][ T6915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  133.603017][ T6915] Call Trace:
[  133.603025][ T6915]  <TASK>
[  133.603033][ T6915]  dump_stack_lvl+0x189/0x250
[  133.603063][ T6915]  ? __pfx____ratelimit+0x10/0x10
[  133.603082][ T6915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.603103][ T6915]  ? __pfx__printk+0x10/0x10
[  133.603127][ T6915]  ? __might_fault+0xb0/0x130
[  133.603162][ T6915]  should_fail_ex+0x414/0x560
[  133.603187][ T6915]  _copy_from_iter+0x3f5/0x16f0
[  133.603221][ T6915]  ? __pfx__copy_from_iter+0x10/0x10
[  133.603252][ T6915]  ? dev_getfirstbyhwtype+0x24/0x280
[  133.603284][ T6915]  ? dev_getfirstbyhwtype+0x24/0x280
[  133.603313][ T6915]  ? dev_getfirstbyhwtype+0x24/0x280
[  133.603341][ T6915]  memcpy_from_msg+0x2f/0x90
[  133.603367][ T6915]  dgram_sendmsg+0x6ba/0xd80
[  133.603398][ T6915]  ? __pfx_dgram_sendmsg+0x10/0x10
[  133.603424][ T6915]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  133.603455][ T6915]  ? __lock_acquire+0xab9/0xd20
[  133.603473][ T6915]  ? aa_sock_msg_perm+0x94/0x160
[  133.603494][ T6915]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  133.603529][ T6915]  ? __pfx_ieee802154_sock_sendmsg+0x10/0x10
[  133.603561][ T6915]  __sock_sendmsg+0x21c/0x270
[  133.603595][ T6915]  ____sys_sendmsg+0x505/0x830
[  133.603626][ T6915]  ? __pfx_____sys_sendmsg+0x10/0x10
[  133.603661][ T6915]  ? import_iovec+0x74/0xa0
[  133.603693][ T6915]  ___sys_sendmsg+0x21f/0x2a0
[  133.603721][ T6915]  ? __pfx____sys_sendmsg+0x10/0x10
[  133.603785][ T6915]  ? __fget_files+0x2a/0x420
[  133.603801][ T6915]  ? __fget_files+0x3a0/0x420
[  133.603830][ T6915]  __x64_sys_sendmsg+0x19b/0x260
[  133.603861][ T6915]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  133.603895][ T6915]  ? __pfx_ksys_write+0x10/0x10
[  133.603919][ T6915]  ? rcu_is_watching+0x15/0xb0
[  133.603949][ T6915]  ? do_syscall_64+0xbe/0x3b0
[  133.603981][ T6915]  do_syscall_64+0xfa/0x3b0
[  133.604004][ T6915]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.604026][ T6915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.604048][ T6915]  ? clear_bhb_loop+0x60/0xb0
[  133.604074][ T6915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.604094][ T6915] RIP: 0033:0x7f2f6a98e9a9
[  133.604112][ T6915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.604130][ T6915] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  133.604152][ T6915] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  133.604167][ T6915] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  133.604180][ T6915] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  133.604193][ T6915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.604205][ T6915] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  133.604237][ T6915]  </TASK>
[  133.610769][   T55] block nbd0: Possible stuck request ffff88802520e000: control (read@0,1024B). Runtime 30 seconds
[  133.981139][ T6879] lo speed is unknown, defaulting to 1000
[  134.345617][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.298'.
[  134.354694][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.298'.
[  134.372577][ T6933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.298'.
[  134.384514][ T5910] tipc: Node number set to 3568468257
[  134.658080][ T6938] FAULT_INJECTION: forcing a failure.
[  134.658080][ T6938] name failslab, interval 1, probability 0, space 0, times 0
[  134.691129][ T6938] CPU: 1 UID: 0 PID: 6938 Comm: syz.3.299 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  134.691198][ T6938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  134.691211][ T6938] Call Trace:
[  134.691219][ T6938]  <TASK>
[  134.691228][ T6938]  dump_stack_lvl+0x189/0x250
[  134.691260][ T6938]  ? __pfx____ratelimit+0x10/0x10
[  134.691284][ T6938]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.691310][ T6938]  ? __pfx__printk+0x10/0x10
[  134.691343][ T6938]  ? __pfx___might_resched+0x10/0x10
[  134.691368][ T6938]  ? fs_reclaim_acquire+0x7d/0x100
[  134.691394][ T6938]  should_fail_ex+0x414/0x560
[  134.691424][ T6938]  should_failslab+0xa8/0x100
[  134.691458][ T6938]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  134.691489][ T6938]  ? __request_module+0x2d1/0x5e0
[  134.691517][ T6938]  kstrdup+0x42/0x100
[  134.691541][ T6938]  __request_module+0x2d1/0x5e0
[  134.691563][ T6938]  ? aa_get_newest_label+0xf7/0x5d0
[  134.691588][ T6938]  ? __pfx___request_module+0x10/0x10
[  134.691616][ T6938]  ? rcu_is_watching+0x15/0xb0
[  134.691650][ T6938]  ? security_capable+0x7e/0x2e0
[  134.691678][ T6938]  ? dev_load+0x21/0x1f0
[  134.691697][ T6938]  dev_load+0x190/0x1f0
[  134.691720][ T6938]  dev_ioctl+0x79f/0x1150
[  134.691746][ T6938]  sock_do_ioctl+0x22c/0x300
[  134.691783][ T6938]  ? __pfx_sock_do_ioctl+0x10/0x10
[  134.691812][ T6938]  ? __lock_acquire+0xab9/0xd20
[  134.691854][ T6938]  sock_ioctl+0x576/0x790
[  134.691889][ T6938]  ? __pfx_sock_ioctl+0x10/0x10
[  134.691921][ T6938]  ? __fget_files+0x2a/0x420
[  134.691939][ T6938]  ? __fget_files+0x3a0/0x420
[  134.691955][ T6938]  ? __fget_files+0x2a/0x420
[  134.691977][ T6938]  ? bpf_lsm_file_ioctl+0x9/0x20
[  134.692003][ T6938]  ? __pfx_sock_ioctl+0x10/0x10
[  134.692033][ T6938]  __se_sys_ioctl+0xfc/0x170
[  134.692062][ T6938]  do_syscall_64+0xfa/0x3b0
[  134.692085][ T6938]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.692108][ T6938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.692129][ T6938]  ? clear_bhb_loop+0x60/0xb0
[  134.692166][ T6938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.692187][ T6938] RIP: 0033:0x7f2f6a98e9a9
[  134.692206][ T6938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.692224][ T6938] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.692247][ T6938] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  134.692262][ T6938] RDX: 0000200000000380 RSI: 0000000000008949 RDI: 0000000000000004
[  134.692275][ T6938] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  134.692288][ T6938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.692300][ T6938] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  134.692333][ T6938]  </TASK>
[  136.018507][ T6956] netlink: 36 bytes leftover after parsing attributes in process `syz.0.304'.
[  136.259182][ T6949] syz.0.304 (6949) used greatest stack depth: 17864 bytes left
[  136.319249][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.309'.
[  136.332147][ T6963] bridge_slave_1: left allmulticast mode
[  136.355840][ T6961] netlink: 24 bytes leftover after parsing attributes in process `syz.2.308'.
[  136.365609][ T6963] bridge_slave_1: left promiscuous mode
[  136.390552][ T6963] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.430797][ T6963] bridge_slave_0: left allmulticast mode
[  136.443891][ T6963] bridge_slave_0: left promiscuous mode
[  136.454908][ T6963] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.571185][ T6972] IPv6: Can't replace route, no match found
[  136.783910][ T6966] netlink: 36 bytes leftover after parsing attributes in process `syz.2.308'.
[  137.069684][ T6984] netlink: 24 bytes leftover after parsing attributes in process `syz.1.315'.
[  137.138495][ T6984] netlink: 36 bytes leftover after parsing attributes in process `syz.1.315'.
[  137.763019][ T7002] FAULT_INJECTION: forcing a failure.
[  137.763019][ T7002] name failslab, interval 1, probability 0, space 0, times 0
[  137.784583][ T7003] syzkaller1: entered promiscuous mode
[  137.790306][ T7003] syzkaller1: entered allmulticast mode
[  137.796318][ T7002] CPU: 0 UID: 0 PID: 7002 Comm: syz.0.322 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  137.796344][ T7002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  137.796355][ T7002] Call Trace:
[  137.796363][ T7002]  <TASK>
[  137.796371][ T7002]  dump_stack_lvl+0x189/0x250
[  137.796399][ T7002]  ? __pfx____ratelimit+0x10/0x10
[  137.796422][ T7002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.796448][ T7002]  ? __pfx__printk+0x10/0x10
[  137.796479][ T7002]  ? __lock_acquire+0xab9/0xd20
[  137.796513][ T7002]  should_fail_ex+0x414/0x560
[  137.796542][ T7002]  should_failslab+0xa8/0x100
[  137.796577][ T7002]  kmem_cache_alloc_noprof+0x73/0x3c0
[  137.796606][ T7002]  ? skb_clone+0x212/0x3a0
[  137.796639][ T7002]  skb_clone+0x212/0x3a0
[  137.796672][ T7002]  __netlink_deliver_tap+0x404/0x850
[  137.796710][ T7002]  ? netlink_deliver_tap+0x2e/0x1b0
[  137.796735][ T7002]  netlink_deliver_tap+0x19c/0x1b0
[  137.796760][ T7002]  netlink_unicast+0x7fa/0x9e0
[  137.796804][ T7002]  ? __pfx_netlink_unicast+0x10/0x10
[  137.796840][ T7002]  ? netlink_sendmsg+0x642/0xb30
[  137.796860][ T7002]  ? skb_put+0x11b/0x210
[  137.796897][ T7002]  netlink_sendmsg+0x805/0xb30
[  137.796929][ T7002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.796955][ T7002]  ? aa_sock_msg_perm+0x94/0x160
[  137.796979][ T7002]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  137.797003][ T7002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.797027][ T7002]  __sock_sendmsg+0x21c/0x270
[  137.797064][ T7002]  ____sys_sendmsg+0x505/0x830
[  137.797098][ T7002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  137.797135][ T7002]  ? import_iovec+0x74/0xa0
[  137.797170][ T7002]  ___sys_sendmsg+0x21f/0x2a0
[  137.797201][ T7002]  ? __pfx____sys_sendmsg+0x10/0x10
[  137.797270][ T7002]  ? __fget_files+0x2a/0x420
[  137.797288][ T7002]  ? __fget_files+0x3a0/0x420
[  137.797325][ T7002]  __x64_sys_sendmsg+0x19b/0x260
[  137.797358][ T7002]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  137.797397][ T7002]  ? __pfx_ksys_write+0x10/0x10
[  137.797422][ T7002]  ? rcu_is_watching+0x15/0xb0
[  137.797452][ T7002]  ? do_syscall_64+0xbe/0x3b0
[  137.797481][ T7002]  do_syscall_64+0xfa/0x3b0
[  137.797505][ T7002]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.797528][ T7002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.797550][ T7002]  ? clear_bhb_loop+0x60/0xb0
[  137.797578][ T7002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.797598][ T7002] RIP: 0033:0x7f2111d8e9a9
[  137.797618][ T7002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.797635][ T7002] RSP: 002b:00007f2112c14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.797658][ T7002] RAX: ffffffffffffffda RBX: 00007f2111fb5fa0 RCX: 00007f2111d8e9a9
[  137.797673][ T7002] RDX: 0000000000000000 RSI: 00002000000015c0 RDI: 0000000000000005
[  137.797687][ T7002] RBP: 00007f2112c14090 R08: 0000000000000000 R09: 0000000000000000
[  137.797700][ T7002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.797712][ T7002] R13: 0000000000000000 R14: 00007f2111fb5fa0 R15: 00007ffc91c8d3c8
[  137.797746][ T7002]  </TASK>
[  138.107338][ T7003] FAULT_INJECTION: forcing a failure.
[  138.107338][ T7003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  138.152856][ T7006] netlink: 24 bytes leftover after parsing attributes in process `syz.4.324'.
[  138.156042][ T7003] CPU: 1 UID: 0 PID: 7003 Comm: syz.3.320 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  138.156077][ T7003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  138.156092][ T7003] Call Trace:
[  138.156102][ T7003]  <TASK>
[  138.156112][ T7003]  dump_stack_lvl+0x189/0x250
[  138.156157][ T7003]  ? __pfx____ratelimit+0x10/0x10
[  138.156185][ T7003]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.156213][ T7003]  ? __pfx__printk+0x10/0x10
[  138.156247][ T7003]  ? __might_fault+0xb0/0x130
[  138.156295][ T7003]  should_fail_ex+0x414/0x560
[  138.156327][ T7003]  _copy_from_iter+0x1db/0x16f0
[  138.156364][ T7003]  ? sock_alloc_send_pskb+0x875/0x990
[  138.156406][ T7003]  ? __pfx__copy_from_iter+0x10/0x10
[  138.156447][ T7003]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  138.156486][ T7003]  skb_copy_datagram_from_iter+0xf5/0x720
[  138.156526][ T7003]  ? skb_put+0x11b/0x210
[  138.156559][ T7003]  tun_get_user+0x1691/0x3e20
[  138.156623][ T7003]  ? __pfx_tun_get_user+0x10/0x10
[  138.156663][ T7003]  ? aa_file_perm+0x3e7/0xed0
[  138.156708][ T7003]  ? ref_tracker_alloc+0x318/0x460
[  138.156732][ T7003]  ? __lock_acquire+0xab9/0xd20
[  138.156759][ T7003]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  138.156794][ T7003]  ? tun_get+0x1c/0x2f0
[  138.156836][ T7003]  ? tun_get+0x1c/0x2f0
[  138.156869][ T7003]  ? tun_get+0x1c/0x2f0
[  138.156909][ T7003]  tun_chr_write_iter+0x113/0x200
[  138.156947][ T7003]  vfs_write+0x54b/0xa90
[  138.156985][ T7003]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  138.157020][ T7003]  ? __pfx_vfs_write+0x10/0x10
[  138.157065][ T7003]  ? __fget_files+0x2a/0x420
[  138.157099][ T7003]  ksys_write+0x145/0x250
[  138.157140][ T7003]  ? __pfx_ksys_write+0x10/0x10
[  138.157171][ T7003]  ? rcu_is_watching+0x15/0xb0
[  138.157206][ T7003]  ? do_syscall_64+0xbe/0x3b0
[  138.157239][ T7003]  do_syscall_64+0xfa/0x3b0
[  138.157267][ T7003]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.157293][ T7003]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.157318][ T7003]  ? clear_bhb_loop+0x60/0xb0
[  138.157349][ T7003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.157373][ T7003] RIP: 0033:0x7f2f6a98e9a9
[  138.157395][ T7003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.157415][ T7003] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  138.157441][ T7003] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  138.157459][ T7003] RDX: 00000000000000be RSI: 0000200000000240 RDI: 0000000000000003
[  138.157474][ T7003] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  138.157488][ T7003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.157502][ T7003] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  138.157539][ T7003]  </TASK>
[  138.219047][ T7007] netlink: 36 bytes leftover after parsing attributes in process `syz.4.324'.
[  138.823708][ T7017] FAULT_INJECTION: forcing a failure.
[  138.823708][ T7017] name failslab, interval 1, probability 0, space 0, times 0
[  138.836678][ T7017] CPU: 1 UID: 0 PID: 7017 Comm: syz.1.326 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  138.836708][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  138.836720][ T7017] Call Trace:
[  138.836730][ T7017]  <TASK>
[  138.836740][ T7017]  dump_stack_lvl+0x189/0x250
[  138.836771][ T7017]  ? __pfx____ratelimit+0x10/0x10
[  138.836795][ T7017]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.836821][ T7017]  ? __pfx__printk+0x10/0x10
[  138.836854][ T7017]  ? __rt6_find_exception_rcu+0x127/0x4c0
[  138.836894][ T7017]  should_fail_ex+0x414/0x560
[  138.836922][ T7017]  should_failslab+0xa8/0x100
[  138.836953][ T7017]  ? __pfx_ip6_dst_gc+0x10/0x10
[  138.836990][ T7017]  kmem_cache_alloc_noprof+0x73/0x3c0
[  138.837020][ T7017]  ? dst_alloc+0x105/0x170
[  138.837049][ T7017]  ? __pfx_ip6_dst_gc+0x10/0x10
[  138.837082][ T7017]  dst_alloc+0x105/0x170
[  138.837116][ T7017]  ip6_pol_route+0xa21/0x1180
[  138.837137][ T7017]  ? ip6_pol_route+0x162/0x1180
[  138.837164][ T7017]  ? __pfx_ip6_pol_route+0x10/0x10
[  138.837194][ T7017]  ? ip6_addr_string+0x246/0x2e0
[  138.837224][ T7017]  fib6_rule_lookup+0x1fc/0x6f0
[  138.837248][ T7017]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  138.837271][ T7017]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  138.837319][ T7017]  ip6_route_output_flags+0x364/0x5d0
[  138.837342][ T7017]  ? ip6_route_output_flags+0x2e/0x5d0
[  138.837368][ T7017]  ip6_dst_lookup_tail+0x1ae/0x1510
[  138.837408][ T7017]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  138.837443][ T7017]  ? sk_dst_check+0x25/0x480
[  138.837467][ T7017]  ? sk_dst_check+0x25/0x480
[  138.837485][ T7017]  ? sk_dst_check+0x30e/0x480
[  138.837509][ T7017]  ip6_sk_dst_lookup_flow+0x730/0x980
[  138.837536][ T7017]  ? ping_v6_sendmsg+0xb5b/0x1210
[  138.837560][ T7017]  ping_v6_sendmsg+0xbd5/0x1210
[  138.837581][ T7017]  ? look_up_lock_class+0x74/0x170
[  138.837604][ T7017]  ? __pfx_ping_v6_sendmsg+0x10/0x10
[  138.837640][ T7017]  ? __local_bh_enable_ip+0x12d/0x1c0
[  138.837664][ T7017]  ? __local_bh_enable_ip+0x12d/0x1c0
[  138.837690][ T7017]  ? inet_sendmsg+0x14f/0x370
[  138.837718][ T7017]  ? inet_sendmsg+0x2f4/0x370
[  138.837749][ T7017]  __sock_sendmsg+0x19c/0x270
[  138.837780][ T7017]  ____sys_sendmsg+0x52d/0x830
[  138.837808][ T7017]  ? __pfx_____sys_sendmsg+0x10/0x10
[  138.837838][ T7017]  ? import_iovec+0x74/0xa0
[  138.837866][ T7017]  ___sys_sendmsg+0x21f/0x2a0
[  138.837891][ T7017]  ? __pfx____sys_sendmsg+0x10/0x10
[  138.837945][ T7017]  ? __fget_files+0x2a/0x420
[  138.837959][ T7017]  ? __fget_files+0x3a0/0x420
[  138.837990][ T7017]  __sys_sendmmsg+0x227/0x430
[  138.838020][ T7017]  ? __pfx___sys_sendmmsg+0x10/0x10
[  138.838040][ T7017]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  138.838084][ T7017]  ? ksys_write+0x22a/0x250
[  138.838109][ T7017]  ? __pfx_ksys_write+0x10/0x10
[  138.838130][ T7017]  ? rcu_is_watching+0x15/0xb0
[  138.838157][ T7017]  __x64_sys_sendmmsg+0xa0/0xc0
[  138.838181][ T7017]  do_syscall_64+0xfa/0x3b0
[  138.838201][ T7017]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.838220][ T7017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.838237][ T7017]  ? clear_bhb_loop+0x60/0xb0
[  138.838259][ T7017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.838276][ T7017] RIP: 0033:0x7f7f60d8e9a9
[  138.838292][ T7017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.838306][ T7017] RSP: 002b:00007f7f61b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  138.838324][ T7017] RAX: ffffffffffffffda RBX: 00007f7f60fb5fa0 RCX: 00007f7f60d8e9a9
[  138.838337][ T7017] RDX: 0000000000000001 RSI: 0000200000000e40 RDI: 0000000000000003
[  138.838348][ T7017] RBP: 00007f7f61b3e090 R08: 0000000000000000 R09: 0000000000000000
[  138.838358][ T7017] R10: 0000000004000880 R11: 0000000000000246 R12: 0000000000000001
[  138.838368][ T7017] R13: 0000000000000000 R14: 00007f7f60fb5fa0 R15: 00007ffd9c6fcfe8
[  138.838394][ T7017]  </TASK>
[  139.271147][ T7018] syzkaller1: entered allmulticast mode
[  139.351719][ T7023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  139.594983][ T7043] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  139.677794][ T7045] FAULT_INJECTION: forcing a failure.
[  139.677794][ T7045] name failslab, interval 1, probability 0, space 0, times 0
[  139.716010][ T7045] CPU: 1 UID: 0 PID: 7045 Comm: syz.3.339 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  139.716041][ T7045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  139.716054][ T7045] Call Trace:
[  139.716063][ T7045]  <TASK>
[  139.716072][ T7045]  dump_stack_lvl+0x189/0x250
[  139.716104][ T7045]  ? __pfx____ratelimit+0x10/0x10
[  139.716128][ T7045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.716154][ T7045]  ? __pfx__printk+0x10/0x10
[  139.716192][ T7045]  ? __pfx___might_resched+0x10/0x10
[  139.716222][ T7045]  should_fail_ex+0x414/0x560
[  139.716250][ T7045]  should_failslab+0xa8/0x100
[  139.716285][ T7045]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  139.716317][ T7045]  ? __alloc_skb+0x112/0x2d0
[  139.716346][ T7045]  __alloc_skb+0x112/0x2d0
[  139.716375][ T7045]  tcp_stream_alloc_skb+0x3d/0x340
[  139.716415][ T7045]  tcp_sendmsg_locked+0xf38/0x5620
[  139.716511][ T7045]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  139.716543][ T7045]  ? __local_bh_enable_ip+0x12d/0x1c0
[  139.716572][ T7045]  ? __local_bh_enable_ip+0x12d/0x1c0
[  139.716612][ T7045]  tcp_sendmsg+0x2f/0x50
[  139.716645][ T7045]  __sock_sendmsg+0x19c/0x270
[  139.716682][ T7045]  __sys_sendto+0x3bd/0x520
[  139.716709][ T7045]  ? __pfx___sys_sendto+0x10/0x10
[  139.716739][ T7045]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  139.716780][ T7045]  ? __fget_files+0x3a0/0x420
[  139.716812][ T7045]  ? ksys_write+0x22a/0x250
[  139.716843][ T7045]  ? __pfx_ksys_write+0x10/0x10
[  139.716868][ T7045]  ? rcu_is_watching+0x15/0xb0
[  139.716899][ T7045]  __x64_sys_sendto+0xde/0x100
[  139.716927][ T7045]  do_syscall_64+0xfa/0x3b0
[  139.716951][ T7045]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.716975][ T7045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.716996][ T7045]  ? clear_bhb_loop+0x60/0xb0
[  139.717022][ T7045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.717042][ T7045] RIP: 0033:0x7f2f6a98e9a9
[  139.717061][ T7045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.717079][ T7045] RSP: 002b:00007f2f6b8b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  139.717101][ T7045] RAX: ffffffffffffffda RBX: 00007f2f6abb5fa0 RCX: 00007f2f6a98e9a9
[  139.717116][ T7045] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  139.717129][ T7045] RBP: 00007f2f6b8b0090 R08: 0000000000000000 R09: 0000000000000000
[  139.717142][ T7045] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000001
[  139.717155][ T7045] R13: 0000000000000000 R14: 00007f2f6abb5fa0 R15: 00007ffe4b233748
[  139.717188][ T7045]  </TASK>
[  140.416998][ T7059] FAULT_INJECTION: forcing a failure.
[  140.416998][ T7059] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.446195][ T7059] CPU: 1 UID: 0 PID: 7059 Comm: syz.4.343 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  140.446235][ T7059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  140.446250][ T7059] Call Trace:
[  140.446259][ T7059]  <TASK>
[  140.446268][ T7059]  dump_stack_lvl+0x189/0x250
[  140.446300][ T7059]  ? __pfx____ratelimit+0x10/0x10
[  140.446325][ T7059]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.446351][ T7059]  ? __pfx__printk+0x10/0x10
[  140.446381][ T7059]  ? __might_fault+0xb0/0x130
[  140.446423][ T7059]  should_fail_ex+0x414/0x560
[  140.446453][ T7059]  _copy_from_user+0x2d/0xb0
[  140.446485][ T7059]  __sys_bpf+0x1ed/0x860
[  140.446522][ T7059]  ? __pfx___sys_bpf+0x10/0x10
[  140.446551][ T7059]  ? bpf_trace_run2+0x322/0x4b0
[  140.446608][ T7059]  ? rcu_is_watching+0x15/0xb0
[  140.446639][ T7059]  __x64_sys_bpf+0x7c/0x90
[  140.446670][ T7059]  do_syscall_64+0xfa/0x3b0
[  140.446694][ T7059]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.446717][ T7059]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.446739][ T7059]  ? clear_bhb_loop+0x60/0xb0
[  140.446765][ T7059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.446786][ T7059] RIP: 0033:0x7ff9c798e9a9
[  140.446805][ T7059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.446824][ T7059] RSP: 002b:00007ff9c8885038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  140.446847][ T7059] RAX: ffffffffffffffda RBX: 00007ff9c7bb5fa0 RCX: 00007ff9c798e9a9
[  140.446863][ T7059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  140.446875][ T7059] RBP: 00007ff9c8885090 R08: 0000000000000000 R09: 0000000000000000
[  140.446889][ T7059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.446909][ T7059] R13: 0000000000000000 R14: 00007ff9c7bb5fa0 R15: 00007ffe84170128
[  140.446944][ T7059]  </TASK>
[  140.672594][ T7064] netlink: 268 bytes leftover after parsing attributes in process `syz.2.345'.
[  141.121353][ T7076] Cannot find del_set index 4 as target
[  141.139764][ T7076] batadv0: entered promiscuous mode
[  141.153974][ T7076] vlan2: entered promiscuous mode
[  141.541869][ T7090] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  141.548412][ T7090] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  141.762705][ T7099] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  141.967661][ T7081] lo speed is unknown, defaulting to 1000
[  142.069471][ T7105] netlink: 'syz.3.358': attribute type 13 has an invalid length.
[  142.077593][ T7105] netlink: 'syz.3.358': attribute type 17 has an invalid length.
[  142.092651][ T7105] lo: entered promiscuous mode
[  142.097315][ T7107] netlink: 5 bytes leftover after parsing attributes in process `syz.2.359'.
[  142.098538][ T7105] lo: entered allmulticast mode
[  142.112852][ T7105] tunl0: entered promiscuous mode
[  142.135958][ T7105] tunl0: entered allmulticast mode
[  142.151373][ T7110] netlink: 8 bytes leftover after parsing attributes in process `syz.2.359'.
[  142.157842][ T7105] gre0: entered promiscuous mode
[  142.165279][ T7105] gre0: entered allmulticast mode
[  142.172473][ T7105] gretap0: entered promiscuous mode
[  142.179603][ T7105] gretap0: entered allmulticast mode
[  142.194588][ T7105] erspan0: entered promiscuous mode
[  142.199975][ T7105] erspan0: entered allmulticast mode
[  142.224295][ T7105] ip_vti0: entered promiscuous mode
[  142.233397][ T7105] ip_vti0: entered allmulticast mode
[  142.241370][ T7105] ip6_vti0: entered promiscuous mode
[  142.249982][ T7105] ip6_vti0: entered allmulticast mode
[  142.258531][ T7105] sit0: entered promiscuous mode
[  142.263707][ T7105] sit0: entered allmulticast mode
[  142.273569][ T7105] ip6tnl0: entered promiscuous mode
[  142.280106][ T7105] ip6tnl0: entered allmulticast mode
[  142.287381][ T7105] ip6gre0: entered promiscuous mode
[  142.292797][ T7105] ip6gre0: entered allmulticast mode
[  142.299444][ T7105] syz_tun: entered promiscuous mode
[  142.304776][ T7105] syz_tun: entered allmulticast mode
[  142.319803][ T7105] ip6gretap0: entered promiscuous mode
[  142.326814][ T7105] ip6gretap0: entered allmulticast mode
[  142.341790][ T7105] bridge0: entered promiscuous mode
[  142.349642][ T7117] No such timeout policy "syz0"
[  142.355368][ T7105] bridge0: entered allmulticast mode
[  142.362754][ T7105] vcan0: entered promiscuous mode
[  142.366281][ T7114] No such timeout policy "syz0"
[  142.368535][ T7105] vcan0: entered allmulticast mode
[  142.379709][ T7105] bond0: entered promiscuous mode
[  142.384850][ T7105] bond_slave_0: entered promiscuous mode
[  142.409476][ T7105] bond_slave_1: entered promiscuous mode
[  142.423971][ T7105] bond0: entered allmulticast mode
[  142.430500][ T7105] bond_slave_0: entered allmulticast mode
[  142.438186][ T7105] bond_slave_1: entered allmulticast mode
[  142.456433][ T7105] dummy0: entered promiscuous mode
[  142.468179][ T7105] dummy0: entered allmulticast mode
[  142.474637][ T7105] nlmon0: entered promiscuous mode
[  142.480680][ T7105] nlmon0: entered allmulticast mode
[  142.487428][ T7105] caif0: entered promiscuous mode
[  142.492508][ T7105] caif0: entered allmulticast mode
[  142.497848][ T7105] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  142.514269][ T7107] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  142.601891][ T7110] dummy0: entered promiscuous mode
[  142.614925][ T7110] dummy0: left promiscuous mode
[  143.201430][ T7129] netlink: 'syz.4.364': attribute type 1 has an invalid length.
[  143.229514][ T7129] 8021q: adding VLAN 0 to HW filter on device bond1
[  143.254925][ T7129] bond1: (slave gretap2): making interface the new active one
[  143.264028][ T7129] bond1: (slave gretap2): Enslaving as an active interface with an up link
[  143.528932][ T7138] netlink: 8 bytes leftover after parsing attributes in process `syz.4.368'.
[  143.540640][ T7138] netlink: 8 bytes leftover after parsing attributes in process `syz.4.368'.
[  143.550596][ T7139] netlink: 16 bytes leftover after parsing attributes in process `syz.1.367'.
[  143.831475][ T7148] netlink: 'syz.4.371': attribute type 29 has an invalid length.
[  143.841239][ T7148] netlink: 'syz.4.371': attribute type 29 has an invalid length.
[  143.860174][ T7148] netlink: 500 bytes leftover after parsing attributes in process `syz.4.371'.
[  156.662057][ T5167] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  156.670993][ T5167] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  156.680995][ T5167] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  156.689655][ T5167] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  156.699090][ T5167] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  156.888022][ T7153] lo speed is unknown, defaulting to 1000
[  157.042517][ T7153] chnl_net:caif_netlink_parms(): no params data found
[  157.133083][ T7153] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.140440][ T7153] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.148210][ T7153] bridge_slave_0: entered allmulticast mode
[  157.155609][ T7153] bridge_slave_0: entered promiscuous mode
[  157.166015][ T7153] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.174637][ T7153] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.182016][ T7153] bridge_slave_1: entered allmulticast mode
[  157.190258][ T7153] bridge_slave_1: entered promiscuous mode
[  157.226896][ T7153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.240641][ T7153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.287594][ T7153] team0: Port device team_slave_0 added
[  157.295652][ T7153] team0: Port device team_slave_1 added
[  157.330723][ T7153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.337912][ T7153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.364496][ T7153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.380738][ T7153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.387971][ T7153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.414031][ T7153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.513539][ T7153] hsr_slave_0: entered promiscuous mode
[  157.525147][ T7153] hsr_slave_1: entered promiscuous mode
[  157.534173][ T7153] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.548540][ T7153] Cannot create hsr debugfs directory
[  157.820670][ T5167] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  157.830059][ T5167] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  157.838420][ T5167] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  157.847302][ T5167] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  157.855625][ T5167] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  158.054596][ T7162] lo speed is unknown, defaulting to 1000
[  158.224212][ T7162] chnl_net:caif_netlink_parms(): no params data found
[  158.312814][ T7162] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.320632][ T7162] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.328056][ T7162] bridge_slave_0: entered allmulticast mode
[  158.335559][ T7162] bridge_slave_0: entered promiscuous mode
[  158.344486][ T7162] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.352021][ T7162] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.359519][ T7162] bridge_slave_1: entered allmulticast mode
[  158.367390][ T7162] bridge_slave_1: entered promiscuous mode
[  158.408389][ T7162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.420885][ T7162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.460704][ T7162] team0: Port device team_slave_0 added
[  158.473705][ T7162] team0: Port device team_slave_1 added
[  158.511716][ T7162] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.519703][ T7162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.553969][ T7162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.567143][ T7162] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.574138][ T7162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.600800][ T7162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.653377][ T7162] hsr_slave_0: entered promiscuous mode
[  158.660740][ T7162] hsr_slave_1: entered promiscuous mode
[  158.667820][ T7162] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  158.675427][ T7162] Cannot create hsr debugfs directory
[  158.786377][ T5167] Bluetooth: hci5: command tx timeout
[  159.479153][   T51] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  159.492905][   T51] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  159.515989][   T51] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  159.530916][   T51] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  159.539411][   T51] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  159.567591][   T51] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  159.576837][   T51] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  159.587127][   T51] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  159.595326][   T51] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  159.604700][   T51] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  159.630062][ T5857] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  159.655662][ T5857] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  159.666859][ T5857] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  159.676932][ T5857] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  159.689083][ T5857] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  159.884791][ T7175] lo speed is unknown, defaulting to 1000
[  159.906251][   T51] Bluetooth: hci6: command tx timeout
[  160.141793][ T7173] lo speed is unknown, defaulting to 1000
[  160.207871][ T7175] chnl_net:caif_netlink_parms(): no params data found
[  160.434613][ T7175] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.441967][ T7175] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.451536][ T7175] bridge_slave_0: entered allmulticast mode
[  160.459367][ T7175] bridge_slave_0: entered promiscuous mode
[  160.470738][ T7175] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.478240][ T7175] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.485678][ T7175] bridge_slave_1: entered allmulticast mode
[  160.493495][ T7175] bridge_slave_1: entered promiscuous mode
[  160.534849][ T7177] lo speed is unknown, defaulting to 1000
[  160.540119][ T7175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  160.599391][ T7175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  160.667163][ T7175] team0: Port device team_slave_0 added
[  160.690472][ T7175] team0: Port device team_slave_1 added
[  160.745761][ T7175] batman_adv: batadv0: Adding interface: batadv_slave_0
[  160.754646][ T7175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.780810][ T7175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  160.803013][ T7173] chnl_net:caif_netlink_parms(): no params data found
[  160.822032][ T7175] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.829160][ T7175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.860530][ T7175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.871588][   T51] Bluetooth: hci5: command tx timeout
[  160.981984][ T7175] hsr_slave_0: entered promiscuous mode
[  160.988911][ T7175] hsr_slave_1: entered promiscuous mode
[  160.995185][ T7175] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.003347][ T7175] Cannot create hsr debugfs directory
[  161.136563][ T7173] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.143741][ T7173] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.151830][ T7173] bridge_slave_0: entered allmulticast mode
[  161.159775][ T7173] bridge_slave_0: entered promiscuous mode
[  161.181562][ T7173] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.189180][ T7173] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.197580][ T7173] bridge_slave_1: entered allmulticast mode
[  161.204954][ T7173] bridge_slave_1: entered promiscuous mode
[  161.295819][ T7173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.353841][ T7173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.448027][ T7173] team0: Port device team_slave_0 added
[  161.460325][ T7173] team0: Port device team_slave_1 added
[  161.466748][ T7177] chnl_net:caif_netlink_parms(): no params data found
[  161.523842][ T7173] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.530940][ T7173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.557462][ T7173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.586042][   T51] Bluetooth: hci7: command tx timeout
[  161.609294][ T7173] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.616883][ T7173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.643015][ T7173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.666622][   T51] Bluetooth: hci8: command tx timeout
[  161.747244][   T51] Bluetooth: hci9: command tx timeout
[  161.814750][ T7173] hsr_slave_0: entered promiscuous mode
[  161.821787][ T7173] hsr_slave_1: entered promiscuous mode
[  161.829260][ T7173] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.838110][ T7173] Cannot create hsr debugfs directory
[  161.861982][ T7177] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.869497][ T7177] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.877003][ T7177] bridge_slave_0: entered allmulticast mode
[  161.886338][ T7177] bridge_slave_0: entered promiscuous mode
[  161.918412][ T7177] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.925633][ T7177] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.933551][ T7177] bridge_slave_1: entered allmulticast mode
[  161.941484][ T7177] bridge_slave_1: entered promiscuous mode
[  161.986292][   T51] Bluetooth: hci6: command tx timeout
[  162.015516][ T7177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  162.034384][ T7177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  162.103528][ T7177] team0: Port device team_slave_0 added
[  162.125389][ T7177] team0: Port device team_slave_1 added
[  162.183069][ T7177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  162.192444][ T7177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.219015][ T7177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  162.247346][ T7177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  162.254333][ T7177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.280884][ T7177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  162.371593][ T7177] hsr_slave_0: entered promiscuous mode
[  162.378626][ T7177] hsr_slave_1: entered promiscuous mode
[  162.385072][ T7177] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  162.397852][ T7177] Cannot create hsr debugfs directory
[  162.946193][   T51] Bluetooth: hci5: command tx timeout
[  163.668664][   T51] Bluetooth: hci7: command tx timeout
[  163.746173][   T51] Bluetooth: hci8: command tx timeout
[  163.836653][   T51] Bluetooth: hci9: command tx timeout
[  164.066208][   T51] Bluetooth: hci6: command tx timeout
[  164.312345][   T55] block nbd0: Possible stuck request ffff88802520e000: control (read@0,1024B). Runtime 60 seconds
[  165.026173][   T51] Bluetooth: hci5: command tx timeout
[  165.627915][ T5217] udevd[5217]: worker [5902] /devices/virtual/block/nbd0 is taking a long time
[  165.746101][   T51] Bluetooth: hci7: command tx timeout
[  165.826068][   T51] Bluetooth: hci8: command tx timeout
[  165.906141][   T51] Bluetooth: hci9: command tx timeout
[  166.146488][   T51] Bluetooth: hci6: command tx timeout
[  167.826105][   T51] Bluetooth: hci7: command tx timeout
[  167.906133][   T51] Bluetooth: hci8: command tx timeout
[  167.986431][   T51] Bluetooth: hci9: command tx timeout
[  194.389697][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.389984][   T55] block nbd0: Possible stuck request ffff88802520e000: control (read@0,1024B). Runtime 90 seconds
[  194.405973][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  211.830189][ T5861] Bluetooth: hci4: command 0x0406 tx timeout
[  211.830212][ T5852] Bluetooth: hci1: command 0x0406 tx timeout
[  211.830236][ T5862] Bluetooth: hci2: command 0x0406 tx timeout
[  211.836857][ T5852] Bluetooth: hci3: command 0x0406 tx timeout
[  216.740165][ T5866] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  216.749292][ T5866] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  216.757744][ T5866] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  216.768186][ T5866] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  216.777066][ T5866] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  216.982325][ T7198] lo speed is unknown, defaulting to 1000
[  217.151748][ T7198] chnl_net:caif_netlink_parms(): no params data found
[  217.245431][ T7198] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.252707][ T7198] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.260283][ T7198] bridge_slave_0: entered allmulticast mode
[  217.268631][ T7198] bridge_slave_0: entered promiscuous mode
[  217.280206][ T7198] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.287834][ T7198] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.295107][ T7198] bridge_slave_1: entered allmulticast mode
[  217.303685][ T7198] bridge_slave_1: entered promiscuous mode
[  217.344022][ T7198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  217.358166][ T7198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.400454][ T7198] team0: Port device team_slave_0 added
[  217.409545][ T7198] team0: Port device team_slave_1 added
[  217.448228][ T7198] batman_adv: batadv0: Adding interface: batadv_slave_0
[  217.455214][ T7198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.482887][ T7198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  217.498042][ T7198] batman_adv: batadv0: Adding interface: batadv_slave_1
[  217.505060][ T7198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.531759][ T7198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  217.625651][ T7198] hsr_slave_0: entered promiscuous mode
[  217.633128][ T7198] hsr_slave_1: entered promiscuous mode
[  217.649373][ T7198] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  217.664535][ T7198] Cannot create hsr debugfs directory
[  217.926007][   T51] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  217.935185][   T51] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  217.946386][   T51] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  217.955609][   T51] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  217.965284][   T51] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  218.250752][ T7207] lo speed is unknown, defaulting to 1000
[  218.427401][ T7207] chnl_net:caif_netlink_parms(): no params data found
[  218.523429][ T7207] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.530791][ T7207] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.538620][ T7207] bridge_slave_0: entered allmulticast mode
[  218.546720][ T7207] bridge_slave_0: entered promiscuous mode
[  218.556454][ T7207] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.563662][ T7207] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.571455][ T7207] bridge_slave_1: entered allmulticast mode
[  218.579839][ T7207] bridge_slave_1: entered promiscuous mode
[  218.621814][ T7207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.634129][ T7207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.676893][ T7207] team0: Port device team_slave_0 added
[  218.685071][ T7207] team0: Port device team_slave_1 added
[  218.729000][ T7207] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.736048][ T7207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.762268][ T7207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.775644][ T7207] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.782920][ T7207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.812593][ T7207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.866353][ T5866] Bluetooth: hci10: command tx timeout
[  218.875080][ T7207] hsr_slave_0: entered promiscuous mode
[  218.881930][ T7207] hsr_slave_1: entered promiscuous mode
[  218.888769][ T7207] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.896477][ T7207] Cannot create hsr debugfs directory
[  220.014120][ T5866] Bluetooth: hci11: command tx timeout
[  220.156430][   T51] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  220.167254][   T51] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  220.175447][   T51] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  220.188568][ T5167] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  220.197966][ T5857] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  220.226534][ T5857] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  220.246269][ T5857] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  220.267327][ T5857] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  220.278059][ T5857] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  220.294462][ T5857] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  220.317619][ T5866] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  220.326948][ T5866] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  220.335052][ T5866] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  220.344410][ T5866] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  220.354123][ T5866] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  220.565176][ T7218] lo speed is unknown, defaulting to 1000
[  220.828557][ T7222] lo speed is unknown, defaulting to 1000
[  220.946423][ T5857] Bluetooth: hci10: command tx timeout
[  220.971012][ T7218] chnl_net:caif_netlink_parms(): no params data found
[  221.101718][ T7220] lo speed is unknown, defaulting to 1000
[  221.221575][ T7218] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.230000][ T7218] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.237617][ T7218] bridge_slave_0: entered allmulticast mode
[  221.244974][ T7218] bridge_slave_0: entered promiscuous mode
[  221.315265][ T7218] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.322626][ T7218] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.330238][ T7218] bridge_slave_1: entered allmulticast mode
[  221.338253][ T7218] bridge_slave_1: entered promiscuous mode
[  221.428647][ T7218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.451569][ T7218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.504647][ T7222] chnl_net:caif_netlink_parms(): no params data found
[  221.533838][ T7218] team0: Port device team_slave_0 added
[  221.543724][ T7218] team0: Port device team_slave_1 added
[  221.634714][ T7218] batman_adv: batadv0: Adding interface: batadv_slave_0
[  221.642942][ T7218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.669818][ T7218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  221.710940][ T7218] batman_adv: batadv0: Adding interface: batadv_slave_1
[  221.718148][ T7218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.744256][ T7218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  221.902595][ T7222] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.914351][ T7222] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.922220][ T7222] bridge_slave_0: entered allmulticast mode
[  221.932729][ T7222] bridge_slave_0: entered promiscuous mode
[  221.949230][ T7218] hsr_slave_0: entered promiscuous mode
[  221.955744][ T7218] hsr_slave_1: entered promiscuous mode
[  221.962605][ T7218] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  221.970697][ T7218] Cannot create hsr debugfs directory
[  221.976984][ T7222] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.984182][ T7222] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.994598][ T7222] bridge_slave_1: entered allmulticast mode
[  222.002725][ T7222] bridge_slave_1: entered promiscuous mode
[  222.045738][ T7220] chnl_net:caif_netlink_parms(): no params data found
[  222.066192][ T5857] Bluetooth: hci11: command tx timeout
[  222.092853][ T7222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  222.124451][ T7222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.235761][ T7222] team0: Port device team_slave_0 added
[  222.242087][ T5857] Bluetooth: hci12: command tx timeout
[  222.256830][ T7222] team0: Port device team_slave_1 added
[  222.346973][ T7222] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.353968][ T7222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.380773][ T7222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.391820][ T5866] Bluetooth: hci14: command tx timeout
[  222.397880][ T5857] Bluetooth: hci13: command tx timeout
[  222.408660][ T7222] batman_adv: batadv0: Adding interface: batadv_slave_1
[  222.415668][ T7222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.441706][ T7222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  222.493693][ T7220] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.502716][ T7220] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.510810][ T7220] bridge_slave_0: entered allmulticast mode
[  222.519322][ T7220] bridge_slave_0: entered promiscuous mode
[  222.528104][ T7220] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.535321][ T7220] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.542859][ T7220] bridge_slave_1: entered allmulticast mode
[  222.552678][ T7220] bridge_slave_1: entered promiscuous mode
[  222.640533][ T7220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  222.690056][ T7220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.731532][ T7222] hsr_slave_0: entered promiscuous mode
[  222.738389][ T7222] hsr_slave_1: entered promiscuous mode
[  222.744615][ T7222] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  222.752967][ T7222] Cannot create hsr debugfs directory
[  222.817488][ T7220] team0: Port device team_slave_0 added
[  222.840302][ T7220] team0: Port device team_slave_1 added
[  222.947101][ T7220] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.954099][ T7220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.980566][ T7220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.994843][ T7220] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.002179][ T7220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.028311][ T5866] Bluetooth: hci10: command tx timeout
[  223.035224][ T7220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.192567][ T7220] hsr_slave_0: entered promiscuous mode
[  223.201377][ T7220] hsr_slave_1: entered promiscuous mode
[  223.208912][ T7220] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  223.218830][ T7220] Cannot create hsr debugfs directory
[  224.146204][ T5866] Bluetooth: hci11: command tx timeout
[  224.306180][ T5866] Bluetooth: hci12: command tx timeout
[  224.466391][ T5857] Bluetooth: hci13: command tx timeout
[  224.471947][ T5857] Bluetooth: hci14: command tx timeout
[  224.476115][   T55] block nbd0: Possible stuck request ffff88802520e000: control (read@0,1024B). Runtime 120 seconds
[  225.117434][ T5857] Bluetooth: hci10: command tx timeout
[  226.226295][ T5857] Bluetooth: hci11: command tx timeout
[  226.386223][ T5857] Bluetooth: hci12: command tx timeout
[  226.556395][ T5857] Bluetooth: hci14: command tx timeout
[  226.558651][ T5866] Bluetooth: hci13: command tx timeout
[  228.466630][ T5866] Bluetooth: hci12: command tx timeout
[  228.626238][ T5866] Bluetooth: hci13: command tx timeout
[  228.631890][ T5866] Bluetooth: hci14: command tx timeout
[  254.546500][   T55] block nbd0: Possible stuck request ffff88802520e000: control (read@0,1024B). Runtime 150 seconds
[  255.829730][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.836216][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  277.374570][ T5857] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  277.383878][ T5857] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  277.395153][ T5857] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  277.404592][ T5857] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  277.412710][ T5857] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  277.623893][ T7243] lo speed is unknown, defaulting to 1000
[  277.802841][ T7243] chnl_net:caif_netlink_parms(): no params data found
[  277.906130][ T7243] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.913383][ T7243] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.920839][ T7243] bridge_slave_0: entered allmulticast mode
[  277.929012][ T7243] bridge_slave_0: entered promiscuous mode
[  277.938880][ T7243] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.946182][ T7243] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.953461][ T7243] bridge_slave_1: entered allmulticast mode
[  277.962142][ T7243] bridge_slave_1: entered promiscuous mode
[  278.010053][ T7243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  278.022395][ T7243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  278.067861][ T7243] team0: Port device team_slave_0 added
[  278.079185][ T7243] team0: Port device team_slave_1 added
[  278.127796][ T7243] batman_adv: batadv0: Adding interface: batadv_slave_0
[  278.134834][ T7243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.164257][ T7243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  278.177943][ T7243] batman_adv: batadv0: Adding interface: batadv_slave_1
[  278.184927][ T7243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.214018][ T7243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  278.328355][ T7243] hsr_slave_0: entered promiscuous mode
[  278.335770][ T7243] hsr_slave_1: entered promiscuous mode
[  278.354190][ T7243] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  278.366044][ T7243] Cannot create hsr debugfs directory
[  278.528987][ T5866] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  278.549642][ T5866] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  278.566794][ T5866] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  278.584167][ T5866] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  278.593051][ T5866] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  278.909611][ T7252] lo speed is unknown, defaulting to 1000
[  279.132348][ T7252] chnl_net:caif_netlink_parms(): no params data found
[  279.239222][ T7252] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.246825][ T7252] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.254111][ T7252] bridge_slave_0: entered allmulticast mode
[  279.262613][ T7252] bridge_slave_0: entered promiscuous mode
[  279.272853][ T7252] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.280506][ T7252] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.288623][ T7252] bridge_slave_1: entered allmulticast mode
[  279.296623][ T7252] bridge_slave_1: entered promiscuous mode
[  279.341295][ T7252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.355224][ T7252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.399777][ T7252] team0: Port device team_slave_0 added
[  279.409460][ T7252] team0: Port device team_slave_1 added
[  279.453462][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_0
[  279.460734][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.487409][ T7252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  279.501183][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_1
[  279.508457][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.508789][ T5857] Bluetooth: hci15: command tx timeout
[  279.537360][ T7252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  279.603317][ T7252] hsr_slave_0: entered promiscuous mode
[  279.610754][ T7252] hsr_slave_1: entered promiscuous mode
[  279.617436][ T7252] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  279.625019][ T7252] Cannot create hsr debugfs directory
[  280.626035][ T5857] Bluetooth: hci16: command tx timeout
[  280.761268][ T5866] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  280.775700][ T5866] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  280.784397][   T51] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[  280.794184][   T51] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  280.801982][ T5866] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[  280.816582][   T51] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  280.824588][ T5866] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[  280.825749][   T51] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  280.840395][ T5866] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[  280.849225][ T5866] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[  280.909082][ T5866] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1
[  280.928541][ T5866] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9
[  280.938083][ T5866] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9
[  280.948887][ T5866] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4
[  280.957075][ T5866] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2
[  281.184959][ T7263] lo speed is unknown, defaulting to 1000
[  281.444284][ T7265] lo speed is unknown, defaulting to 1000
[  281.586425][ T5862] Bluetooth: hci15: command tx timeout
[  281.676200][ T7263] chnl_net:caif_netlink_parms(): no params data found
[  281.722696][ T7267] lo speed is unknown, defaulting to 1000
[  281.926922][ T7263] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.935044][ T7263] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.947073][ T7263] bridge_slave_0: entered allmulticast mode
[  281.955506][ T7263] bridge_slave_0: entered promiscuous mode
[  282.000478][ T7263] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.007884][ T7263] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.015293][ T7263] bridge_slave_1: entered allmulticast mode
[  282.023674][ T7263] bridge_slave_1: entered promiscuous mode
[  282.145214][ T7263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.175567][ T7263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.191579][ T7265] chnl_net:caif_netlink_parms(): no params data found
[  282.370785][ T7263] team0: Port device team_slave_0 added
[  282.398670][ T7263] team0: Port device team_slave_1 added
[  282.457030][ T7263] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.464025][ T7263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.491160][ T7263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.520410][ T7267] chnl_net:caif_netlink_parms(): no params data found
[  282.541187][ T7263] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.548666][ T7263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.574758][ T7263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.667937][ T7265] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.675209][ T7265] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.682761][ T7265] bridge_slave_0: entered allmulticast mode
[  282.691232][ T7265] bridge_slave_0: entered promiscuous mode
[  282.706141][ T5862] Bluetooth: hci16: command tx timeout
[  282.751841][ T7265] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.760333][ T7265] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.768945][ T7265] bridge_slave_1: entered allmulticast mode
[  282.777720][ T7265] bridge_slave_1: entered promiscuous mode
[  282.825141][ T7263] hsr_slave_0: entered promiscuous mode
[  282.832542][ T7263] hsr_slave_1: entered promiscuous mode
[  282.839774][ T7263] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  282.848074][ T7263] Cannot create hsr debugfs directory
[  282.867496][ T5862] Bluetooth: hci17: command tx timeout
[  282.909681][ T7265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.924467][ T7265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.946979][ T5862] Bluetooth: hci18: command tx timeout
[  283.026316][ T5862] Bluetooth: hci19: command tx timeout
[  283.051880][ T7267] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.059359][ T7267] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.067939][ T7267] bridge_slave_0: entered allmulticast mode
[  283.079935][ T7267] bridge_slave_0: entered promiscuous mode
[  283.090142][ T7267] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.097450][ T7267] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.104766][ T7267] bridge_slave_1: entered allmulticast mode
[  283.113577][ T7267] bridge_slave_1: entered promiscuous mode
[  283.143154][ T7265] team0: Port device team_slave_0 added
[  283.153457][ T7265] team0: Port device team_slave_1 added
[  283.267489][ T7267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.281112][ T7267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  283.291851][ T7265] batman_adv: batadv0: Adding interface: batadv_slave_0
[  283.301267][ T7265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.329630][ T7265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.342794][ T7265] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.350269][ T7265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.376891][ T7265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.491240][ T7267] team0: Port device team_slave_0 added
[  283.500392][ T7267] team0: Port device team_slave_1 added
[  283.508379][ T5862] Bluetooth: hci7: command 0x0406 tx timeout
[  283.516576][ T5167] Bluetooth: hci9: command 0x0406 tx timeout
[  283.516599][ T5862] Bluetooth: hci5: command 0x0406 tx timeout
[  283.522619][ T5167] Bluetooth: hci6: command 0x0406 tx timeout
[  283.529235][ T5864] Bluetooth: hci8: command 0x0406 tx timeout
[  283.651382][ T7265] hsr_slave_0: entered promiscuous mode
[  283.659905][ T7265] hsr_slave_1: entered promiscuous mode
[  283.666590][   T51] Bluetooth: hci15: command tx timeout
[  283.673366][ T7265] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  283.681106][ T7265] Cannot create hsr debugfs directory
[  283.705088][ T7267] batman_adv: batadv0: Adding interface: batadv_slave_0
[  283.712470][ T7267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.741485][ T7267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.775230][ T7267] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.782617][ T7267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.809724][ T7267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.969352][ T7267] hsr_slave_0: entered promiscuous mode
[  283.976612][ T7267] hsr_slave_1: entered promiscuous mode
[  283.983090][ T7267] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  283.993123][ T7267] Cannot create hsr debugfs directory
[  284.645930][   T55] block nbd0: Possible stuck request ffff88802520e000: control (read@0,1024B). Runtime 180 seconds
[  284.796163][   T51] Bluetooth: hci16: command tx timeout
[  284.946298][   T51] Bluetooth: hci17: command tx timeout
[  285.026213][   T51] Bluetooth: hci18: command tx timeout
[  285.106187][   T51] Bluetooth: hci19: command tx timeout
[  285.746091][   T51] Bluetooth: hci15: command tx timeout
[  286.866108][   T51] Bluetooth: hci16: command tx timeout
[  287.026113][   T51] Bluetooth: hci17: command tx timeout
[  287.105978][   T51] Bluetooth: hci18: command tx timeout
[  287.186560][   T51] Bluetooth: hci19: command tx timeout
[  287.827127][   T31] INFO: task syz.0.350:7087 blocked for more than 143 seconds.
[  287.835918][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  287.843764][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  287.852848][   T31] task:syz.0.350       state:D stack:25992 pid:7087  tgid:7085  ppid:5846   task_flags:0x480140 flags:0x00004004
[  287.865082][   T31] Call Trace:
[  287.868505][   T31]  <TASK>
[  287.871477][   T31]  __schedule+0x16fd/0x4cf0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  287.876127][   T31]  ? __lock_acquire+0xab9/0xd20
[  287.882330][ T5217] udevd[5217]: worker [5902] /devices/virtual/block/nbd0 timeout; kill it
[  287.902902][   T31]  ? schedule+0x165/0x360
[  287.903982][ T5217] udevd[5217]: seq 11286 '/devices/virtual/block/nbd0' killed
[  287.916063][   T31]  ? __lock_acquire+0xab9/0xd20
[  287.920988][   T31]  ? __pfx___schedule+0x10/0x10
[  287.976132][   T31]  ? schedule+0x91/0x360
[  287.980447][   T31]  schedule+0x165/0x360
[  287.984636][   T31]  blk_mq_freeze_queue_wait+0xf4/0x170
[  288.016113][   T31]  ? __pfx_blk_mq_freeze_queue_wait+0x10/0x10
[  288.022285][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  288.036773][   T31]  ? percpu_ref_kill_and_confirm+0xa3/0x130
[  288.042784][   T31]  queue_limits_commit_update_frozen+0x5e/0x360
[  288.049571][   T31]  ? nbd_set_size+0x2bb/0x6c0
[  288.054308][   T31]  nbd_set_size+0x494/0x6c0
[  288.059443][   T31]  ? __pfx_nbd_set_size+0x10/0x10
[  288.064560][   T31]  ? __mutex_trylock_common+0x153/0x260
[  288.070742][   T31]  ? __mutex_lock+0x330/0xe80
[  288.075462][   T31]  ? nla_memcpy+0x5b/0xc0
[  288.080256][   T31]  nbd_genl_size_set+0x2eb/0x3c0
[  288.085236][   T31]  ? __pfx_nbd_genl_size_set+0x10/0x10
[  288.091261][   T31]  ? __pfx_nbd_get_config_unlocked+0x10/0x10
[  288.099342][   T31]  ? bpf_lsm_capable+0x9/0x20
[  288.104087][   T31]  ? security_capable+0x7e/0x2e0
[  288.109649][   T31]  ? radix_tree_lookup+0x240/0x290
[  288.114805][   T31]  nbd_genl_reconfigure+0x409/0x1870
[  288.121687][   T31]  ? __pfx_nbd_genl_reconfigure+0x10/0x10
[  288.128024][   T31]  ? __nla_parse+0x40/0x60
[  288.132481][   T31]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  288.140574][   T31]  genl_family_rcv_msg_doit+0x212/0x300
[  288.146933][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  288.153079][   T31]  ? stack_trace_save+0x9c/0xe0
[  288.158491][   T31]  genl_rcv_msg+0x60e/0x790
[  288.163045][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.168700][   T31]  ? __pfx_nbd_genl_reconfigure+0x10/0x10
[  288.174483][   T31]  netlink_rcv_skb+0x208/0x470
[  288.179721][   T31]  ? __lock_acquire+0xab9/0xd20
[  288.184605][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.190202][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  288.195585][   T31]  ? down_read+0x1ad/0x2e0
[  288.200529][   T31]  genl_rcv+0x28/0x40
[  288.204567][   T31]  netlink_unicast+0x82f/0x9e0
[  288.210048][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  288.215402][   T31]  ? netlink_sendmsg+0x642/0xb30
[  288.220841][   T31]  ? skb_put+0x11b/0x210
[  288.225166][   T31]  netlink_sendmsg+0x805/0xb30
[  288.232587][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.238462][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  288.244838][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  288.250723][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.256345][   T31]  __sock_sendmsg+0x21c/0x270
[  288.261118][   T31]  ____sys_sendmsg+0x505/0x830
[  288.266015][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  288.271541][   T31]  ? import_iovec+0x74/0xa0
[  288.276217][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  288.281072][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  288.286546][   T31]  ? __fget_files+0x2a/0x420
[  288.291168][   T31]  ? __fget_files+0x3a0/0x420
[  288.295941][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  288.301089][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  288.307734][   T31]  ? rcu_is_watching+0x15/0xb0
[  288.312551][   T31]  ? do_syscall_64+0xbe/0x3b0
[  288.317396][   T31]  do_syscall_64+0xfa/0x3b0
[  288.322106][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.327443][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.333682][   T31]  ? clear_bhb_loop+0x60/0xb0
[  288.338540][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.346285][   T31] RIP: 0033:0x7f2111d8e9a9
[  288.350767][   T31] RSP: 002b:00007f2112c14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  288.359289][   T31] RAX: ffffffffffffffda RBX: 00007f2111fb5fa0 RCX: 00007f2111d8e9a9
[  288.367781][   T31] RDX: 0000000000000804 RSI: 0000200000002940 RDI: 0000000000000004
[  288.375882][   T31] RBP: 00007f2111e10d69 R08: 0000000000000000 R09: 0000000000000000
[  288.383890][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  288.392463][   T31] R13: 0000000000000000 R14: 00007f2111fb5fa0 R15: 00007ffc91c8d3c8
[  288.400727][   T31]  </TASK>
[  288.403839][   T31] INFO: task syz.3.358:7109 blocked for more than 143 seconds.
[  288.411472][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  288.420304][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  288.435070][   T31] task:syz.3.358       state:D stack:25992 pid:7109  tgid:7104  ppid:5847   task_flags:0x400140 flags:0x00004004
[  288.449385][   T31] Call Trace:
[  288.452713][   T31]  <TASK>
[  288.455672][   T31]  __schedule+0x16fd/0x4cf0
[  288.460327][   T31]  ? __lock_acquire+0xab9/0xd20
[  288.465426][   T31]  ? schedule+0x165/0x360
[  288.470625][   T31]  ? __pfx___schedule+0x10/0x10
[  288.475542][   T31]  ? schedule+0x91/0x360
[  288.480561][   T31]  schedule+0x165/0x360
[  288.484774][   T31]  schedule_preempt_disabled+0x13/0x30
[  288.490551][   T31]  __mutex_lock+0x724/0xe80
[  288.495093][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  288.500313][   T31]  ? __mutex_lock+0x51b/0xe80
[  288.505346][   T31]  ? genl_rcv_msg+0x10d/0x790
[  288.510223][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  288.515284][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  288.520613][   T31]  ? radix_tree_lookup+0x240/0x290
[  288.525777][   T31]  genl_rcv_msg+0x10d/0x790
[  288.531335][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.536764][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  288.541854][   T31]  ? __asan_memcpy+0x40/0x70
[  288.547124][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  288.553700][   T31]  netlink_rcv_skb+0x208/0x470
[  288.559117][   T31]  ? __lock_acquire+0xab9/0xd20
[  288.564019][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.569790][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  288.575139][   T31]  ? down_read+0x1ad/0x2e0
[  288.580110][   T31]  genl_rcv+0x28/0x40
[  288.584134][   T31]  netlink_unicast+0x82f/0x9e0
[  288.589469][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  288.594806][   T31]  ? netlink_sendmsg+0x642/0xb30
[  288.600264][   T31]  ? skb_put+0x11b/0x210
[  288.604575][   T31]  netlink_sendmsg+0x805/0xb30
[  288.609989][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.615319][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  288.620748][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  288.626555][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.631891][   T31]  __sock_sendmsg+0x21c/0x270
[  288.636900][   T31]  __sys_sendto+0x3bd/0x520
[  288.641452][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  288.647767][   T31]  ? count_memcg_event_mm+0x21/0x260
[  288.654254][   T31]  ? exc_page_fault+0x76/0xf0
[  288.659625][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  288.664971][   T31]  __x64_sys_sendto+0xde/0x100
[  288.670306][   T31]  do_syscall_64+0xfa/0x3b0
[  288.674856][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.680756][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.687185][   T31]  ? clear_bhb_loop+0x60/0xb0
[  288.691903][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.698218][   T31] RIP: 0033:0x7f2f6a99083c
[  288.702664][   T31] RSP: 002b:00007f2f6b88dec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  288.711697][   T31] RAX: ffffffffffffffda RBX: 00007f2f6b88dfc0 RCX: 00007f2f6a99083c
[  288.720053][   T31] RDX: 0000000000000020 RSI: 00007f2f6b88e010 RDI: 0000000000000008
[  288.728492][   T31] RBP: 0000000000000000 R08: 00007f2f6b88df14 R09: 000000000000000c
[  288.736807][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[  288.744835][   T31] R13: 00007f2f6b88df68 R14: 00007f2f6b88e010 R15: 0000000000000000
[  288.754482][   T31]  </TASK>
[  288.757917][   T31] INFO: task syz.3.358:7111 blocked for more than 144 seconds.
[  288.765522][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  288.774192][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  288.783266][   T31] task:syz.3.358       state:D stack:26824 pid:7111  tgid:7104  ppid:5847   task_flags:0x400040 flags:0x00004004
[  288.796197][   T31] Call Trace:
[  288.799520][   T31]  <TASK>
[  288.802478][   T31]  __schedule+0x16fd/0x4cf0
[  288.807653][   T31]  ? __lock_acquire+0xab9/0xd20
[  288.812556][   T31]  ? schedule+0x165/0x360
[  288.817394][   T31]  ? __pfx___schedule+0x10/0x10
[  288.822305][   T31]  ? schedule+0x91/0x360
[  288.827077][   T31]  schedule+0x165/0x360
[  288.831280][   T31]  schedule_preempt_disabled+0x13/0x30
[  288.837302][   T31]  __mutex_lock+0x724/0xe80
[  288.841846][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  288.847423][   T31]  ? __mutex_lock+0x51b/0xe80
[  288.852155][   T31]  ? genl_rcv_msg+0x10d/0x790
[  288.858450][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  288.863533][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  288.869571][   T31]  ? radix_tree_lookup+0x240/0x290
[  288.874729][   T31]  genl_rcv_msg+0x10d/0x790
[  288.879774][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.884845][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  288.891523][   T31]  ? __asan_memcpy+0x40/0x70
[  288.896695][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  288.902118][   T31]  netlink_rcv_skb+0x208/0x470
[  288.907333][   T31]  ? __lock_acquire+0xab9/0xd20
[  288.912238][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.917792][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  288.923140][   T31]  ? down_read+0x1ad/0x2e0
[  288.928022][   T31]  genl_rcv+0x28/0x40
[  288.932049][   T31]  netlink_unicast+0x82f/0x9e0
[  288.937372][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  288.942714][   T31]  ? netlink_sendmsg+0x642/0xb30
[  288.948619][   T31]  ? skb_put+0x11b/0x210
[  288.952916][   T31]  netlink_sendmsg+0x805/0xb30
[  288.959969][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.965311][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  288.970648][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  288.977850][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.983182][   T31]  __sock_sendmsg+0x21c/0x270
[  288.988003][   T31]  __sys_sendto+0x3bd/0x520
[  288.992545][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  288.998792][   T31]  ? fd_install+0x97/0x540
[  289.003282][   T31]  ? fd_install+0x30d/0x540
[  289.008917][   T31]  __x64_sys_sendto+0xde/0x100
[  289.013740][   T31]  do_syscall_64+0xfa/0x3b0
[  289.018376][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.023614][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.030374][   T31]  ? clear_bhb_loop+0x60/0xb0
[  289.035105][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.041106][   T31] RIP: 0033:0x7f2f6a99083c
[  289.045552][   T31] RSP: 002b:00007f2f6b86ce90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  289.054215][   T31] RAX: ffffffffffffffda RBX: 00007f2f6b86cfa0 RCX: 00007f2f6a99083c
[  289.063515][   T31] RDX: 0000000000000028 RSI: 00007f2f6b86cff0 RDI: 0000000000000009
[  289.071663][   T31] RBP: 0000000000000000 R08: 00007f2f6b86cee4 R09: 000000000000000c
[  289.079889][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009
[  289.089758][   T31] R13: 00007f2f6b86cf38 R14: 00007f2f6b86cff0 R15: 0000000000000000
[  289.097847][   T31]  </TASK>
[  289.100958][   T31] INFO: task syz.3.358:7116 blocked for more than 144 seconds.
[  289.108754][   T51] Bluetooth: hci17: command tx timeout
[  289.114303][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  289.122318][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  289.132102][   T31] task:syz.3.358       state:D stack:28200 pid:7116  tgid:7104  ppid:5847   task_flags:0x400040 flags:0x00004004
[  289.144155][   T31] Call Trace:
[  289.147528][   T31]  <TASK>
[  289.150500][   T31]  __schedule+0x16fd/0x4cf0
[  289.155050][   T31]  ? __lock_acquire+0xab9/0xd20
[  289.160102][   T31]  ? schedule+0x165/0x360
[  289.165589][   T31]  ? __pfx___schedule+0x10/0x10
[  289.170606][   T31]  ? schedule+0x91/0x360
[  289.174886][   T31]  schedule+0x165/0x360
[  289.179128][   T31]  schedule_preempt_disabled+0x13/0x30
[  289.184610][   T31]  __mutex_lock+0x724/0xe80
[  289.189335][   T51] Bluetooth: hci18: command tx timeout
[  289.194870][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  289.200162][   T31]  ? __mutex_lock+0x51b/0xe80
[  289.204884][   T31]  ? genl_rcv_msg+0x10d/0x790
[  289.209680][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  289.214765][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  289.220010][   T31]  ? radix_tree_lookup+0x240/0x290
[  289.225158][   T31]  genl_rcv_msg+0x10d/0x790
[  289.230001][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  289.235071][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  289.240372][   T31]  ? __asan_memcpy+0x40/0x70
[  289.245003][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  289.250476][   T31]  netlink_rcv_skb+0x208/0x470
[  289.255270][   T31]  ? __lock_acquire+0xab9/0xd20
[  289.260197][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  289.266522][   T51] Bluetooth: hci19: command tx timeout
[  289.272074][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  289.277530][   T31]  ? down_read+0x1ad/0x2e0
[  289.281990][   T31]  genl_rcv+0x28/0x40
[  289.286095][   T31]  netlink_unicast+0x82f/0x9e0
[  289.290925][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  289.296322][   T31]  ? netlink_sendmsg+0x642/0xb30
[  289.301325][   T31]  ? skb_put+0x11b/0x210
[  289.305596][   T31]  netlink_sendmsg+0x805/0xb30
[  289.310533][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.315915][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  289.320889][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  289.326329][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.331655][   T31]  __sock_sendmsg+0x21c/0x270
[  289.336673][   T31]  __sys_sendto+0x3bd/0x520
[  289.341220][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  289.346426][   T31]  ? fd_install+0x97/0x540
[  289.350899][   T31]  ? fd_install+0x30d/0x540
[  289.355450][   T31]  __x64_sys_sendto+0xde/0x100
[  289.360313][   T31]  do_syscall_64+0xfa/0x3b0
[  289.365027][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.371414][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.377645][   T31]  ? clear_bhb_loop+0x60/0xb0
[  289.382375][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.388472][   T31] RIP: 0033:0x7f2f6a99083c
[  289.392914][   T31] RSP: 002b:00007f2f6b82ae90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  289.401424][   T31] RAX: ffffffffffffffda RBX: 00007f2f6b82afa0 RCX: 00007f2f6a99083c
[  289.409598][   T31] RDX: 0000000000000028 RSI: 00007f2f6b82aff0 RDI: 000000000000000a
[  289.417686][   T31] RBP: 0000000000000000 R08: 00007f2f6b82aee4 R09: 000000000000000c
[  289.425698][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000a
[  289.434063][   T31] R13: 00007f2f6b82af38 R14: 00007f2f6b82aff0 R15: 0000000000000000
[  289.442292][   T31]  </TASK>
[  289.445395][   T31] INFO: task syz.3.358:7120 blocked for more than 144 seconds.
[  289.453309][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  289.461036][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  289.471692][   T31] task:syz.3.358       state:D stack:28200 pid:7120  tgid:7104  ppid:5847   task_flags:0x400040 flags:0x00004004
[  289.483766][   T31] Call Trace:
[  289.487198][   T31]  <TASK>
[  289.490164][   T31]  __schedule+0x16fd/0x4cf0
[  289.494713][   T31]  ? __lock_acquire+0xab9/0xd20
[  289.499656][   T31]  ? schedule+0x165/0x360
[  289.504025][   T31]  ? __pfx___schedule+0x10/0x10
[  289.509126][   T31]  ? schedule+0x91/0x360
[  289.513406][   T31]  schedule+0x165/0x360
[  289.517713][   T31]  schedule_preempt_disabled+0x13/0x30
[  289.523210][   T31]  __mutex_lock+0x724/0xe80
[  289.528911][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  289.534074][   T31]  ? __mutex_lock+0x51b/0xe80
[  289.538871][   T31]  ? genl_rcv_msg+0x10d/0x790
[  289.543590][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  289.548756][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  289.553936][   T31]  ? radix_tree_lookup+0x240/0x290
[  289.560369][   T31]  genl_rcv_msg+0x10d/0x790
[  289.564938][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  289.570092][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  289.577048][   T31]  ? __asan_memcpy+0x40/0x70
[  289.581701][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  289.587659][   T31]  netlink_rcv_skb+0x208/0x470
[  289.592462][   T31]  ? __lock_acquire+0xab9/0xd20
[  289.597444][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  289.602534][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  289.607991][   T31]  ? down_read+0x1ad/0x2e0
[  289.612455][   T31]  genl_rcv+0x28/0x40
[  289.616546][   T31]  netlink_unicast+0x82f/0x9e0
[  289.621458][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  289.627061][   T31]  ? netlink_sendmsg+0x642/0xb30
[  289.632036][   T31]  ? skb_put+0x11b/0x210
[  289.636454][   T31]  netlink_sendmsg+0x805/0xb30
[  289.641271][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.646789][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  289.651800][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  289.657313][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.662632][   T31]  __sock_sendmsg+0x21c/0x270
[  289.667979][   T31]  __sys_sendto+0x3bd/0x520
[  289.672540][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  289.680574][   T31]  ? fd_install+0x97/0x540
[  289.685048][   T31]  ? fd_install+0x30d/0x540
[  289.690120][   T31]  __x64_sys_sendto+0xde/0x100
[  289.694929][   T31]  do_syscall_64+0xfa/0x3b0
[  289.699652][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.705056][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.711411][   T31]  ? clear_bhb_loop+0x60/0xb0
[  289.716182][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.722128][   T31] RIP: 0033:0x7f2f6a99083c
[  289.726665][   T31] RSP: 002b:00007f2f6b809e90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  289.735120][   T31] RAX: ffffffffffffffda RBX: 00007f2f6b809fa0 RCX: 00007f2f6a99083c
[  289.743206][   T31] RDX: 0000000000000028 RSI: 00007f2f6b809ff0 RDI: 000000000000000b
[  289.752125][   T31] RBP: 0000000000000000 R08: 00007f2f6b809ee4 R09: 000000000000000c
[  289.760315][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000b
[  289.768497][   T31] R13: 00007f2f6b809f38 R14: 00007f2f6b809ff0 R15: 0000000000000000
[  289.778148][   T31]  </TASK>
[  289.781292][   T31] INFO: task syz.1.367:7136 blocked for more than 145 seconds.
[  289.789034][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  289.796870][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  289.805597][   T31] task:syz.1.367       state:D stack:24720 pid:7136  tgid:7135  ppid:5848   task_flags:0x400140 flags:0x00004004
[  289.817779][   T31] Call Trace:
[  289.821103][   T31]  <TASK>
[  289.824077][   T31]  __schedule+0x16fd/0x4cf0
[  289.829307][   T31]  ? __lock_acquire+0xab9/0xd20
[  289.834227][   T31]  ? schedule+0x165/0x360
[  289.839042][   T31]  ? __pfx___schedule+0x10/0x10
[  289.843960][   T31]  ? schedule+0x91/0x360
[  289.848726][   T31]  schedule+0x165/0x360
[  289.852924][   T31]  schedule_preempt_disabled+0x13/0x30
[  289.858951][   T31]  __mutex_lock+0x724/0xe80
[  289.863585][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  289.869157][   T31]  ? __mutex_lock+0x51b/0xe80
[  289.873945][   T31]  ? genl_rcv_msg+0x10d/0x790
[  289.880904][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  289.886127][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  289.891342][   T31]  ? radix_tree_lookup+0x240/0x290
[  289.896576][   T31]  genl_rcv_msg+0x10d/0x790
[  289.901126][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  289.906730][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  289.911803][   T31]  ? __asan_memcpy+0x40/0x70
[  289.916569][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  289.921989][   T31]  netlink_rcv_skb+0x208/0x470
[  289.926864][   T31]  ? __lock_acquire+0xab9/0xd20
[  289.931746][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  289.937323][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  289.942661][   T31]  ? down_read+0x1ad/0x2e0
[  289.947248][   T31]  genl_rcv+0x28/0x40
[  289.951282][   T31]  netlink_unicast+0x82f/0x9e0
[  289.956190][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  289.961517][   T31]  ? netlink_sendmsg+0x642/0xb30
[  289.966699][   T31]  ? skb_put+0x11b/0x210
[  289.971016][   T31]  netlink_sendmsg+0x805/0xb30
[  289.975916][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.983346][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  289.988664][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  289.993987][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.999464][   T31]  __sock_sendmsg+0x21c/0x270
[  290.004272][   T31]  __sys_sendto+0x3bd/0x520
[  290.008991][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  290.014085][   T31]  ? exc_page_fault+0x76/0xf0
[  290.019000][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  290.024347][   T31]  __x64_sys_sendto+0xde/0x100
[  290.029238][   T31]  do_syscall_64+0xfa/0x3b0
[  290.033784][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.039115][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.045210][   T31]  ? clear_bhb_loop+0x60/0xb0
[  290.049991][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.057064][   T31] RIP: 0033:0x7f7f60d9083c
[  290.061617][   T31] RSP: 002b:00007f7f61b3cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  290.070882][   T31] RAX: ffffffffffffffda RBX: 00007f7f61b3cfc0 RCX: 00007f7f60d9083c
[  290.079219][   T31] RDX: 0000000000000020 RSI: 00007f7f61b3d010 RDI: 0000000000000006
[  290.090114][   T31] RBP: 0000000000000000 R08: 00007f7f61b3cf14 R09: 000000000000000c
[  290.098559][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006
[  290.106748][   T31] R13: 00007f7f61b3cf68 R14: 00007f7f61b3d010 R15: 0000000000000000
[  290.114766][   T31]  </TASK>
[  290.117927][   T31] INFO: task syz.4.371:7147 blocked for more than 145 seconds.
[  290.125488][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  290.133289][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  290.142330][   T31] task:syz.4.371       state:D stack:25352 pid:7147  tgid:7146  ppid:5856   task_flags:0x400140 flags:0x00004004
[  290.154411][   T31] Call Trace:
[  290.157777][   T31]  <TASK>
[  290.160741][   T31]  __schedule+0x16fd/0x4cf0
[  290.165302][   T31]  ? __lock_acquire+0xab9/0xd20
[  290.170351][   T31]  ? schedule+0x165/0x360
[  290.174739][   T31]  ? __pfx___schedule+0x10/0x10
[  290.179723][   T31]  ? schedule+0x91/0x360
[  290.183995][   T31]  schedule+0x165/0x360
[  290.190451][   T31]  schedule_preempt_disabled+0x13/0x30
[  290.197638][   T31]  __mutex_lock+0x724/0xe80
[  290.202194][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  290.207512][   T31]  ? __mutex_lock+0x51b/0xe80
[  290.212232][   T31]  ? genl_rcv_msg+0x10d/0x790
[  290.217199][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  290.222315][   T31]  ? __dev_queue_xmit+0x27b/0x3b50
[  290.227757][   T31]  ? radix_tree_lookup+0x240/0x290
[  290.232910][   T31]  genl_rcv_msg+0x10d/0x790
[  290.237668][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.242735][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  290.247954][   T31]  ? __asan_memcpy+0x40/0x70
[  290.252587][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  290.258097][   T31]  netlink_rcv_skb+0x208/0x470
[  290.262896][   T31]  ? __lock_acquire+0xab9/0xd20
[  290.267867][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.272928][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  290.278328][   T31]  ? down_read+0x1ad/0x2e0
[  290.282800][   T31]  genl_rcv+0x28/0x40
[  290.286880][   T31]  netlink_unicast+0x82f/0x9e0
[  290.293500][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  290.299095][   T31]  ? netlink_sendmsg+0x642/0xb30
[  290.304068][   T31]  ? skb_put+0x11b/0x210
[  290.308785][   T31]  netlink_sendmsg+0x805/0xb30
[  290.313605][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.319032][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  290.324010][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  290.329584][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.334998][   T31]  __sock_sendmsg+0x21c/0x270
[  290.339869][   T31]  __sys_sendto+0x3bd/0x520
[  290.344423][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  290.349795][   T31]  ? count_memcg_event_mm+0x21/0x260
[  290.355140][   T31]  ? exc_page_fault+0x76/0xf0
[  290.361516][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  290.367175][   T31]  __x64_sys_sendto+0xde/0x100
[  290.371977][   T31]  do_syscall_64+0xfa/0x3b0
[  290.376677][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.381905][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.388279][   T31]  ? clear_bhb_loop+0x60/0xb0
[  290.394708][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.401217][   T31] RIP: 0033:0x7ff9c799083c
[  290.405664][   T31] RSP: 002b:00007ff9c8883ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  290.414615][   T31] RAX: ffffffffffffffda RBX: 00007ff9c8883fc0 RCX: 00007ff9c799083c
[  290.423168][   T31] RDX: 0000000000000024 RSI: 00007ff9c8884010 RDI: 0000000000000006
[  290.431517][   T31] RBP: 0000000000000000 R08: 00007ff9c8883f14 R09: 000000000000000c
[  290.439836][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006
[  290.448112][   T31] R13: 00007ff9c8883f68 R14: 00007ff9c8884010 R15: 0000000000000000
[  290.456338][   T31]  </TASK>
[  290.459429][   T31] INFO: task syz.2.372:7150 blocked for more than 145 seconds.
[  290.468073][   T31]       Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0
[  290.475746][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  290.484528][   T31] task:syz.2.372       state:D stack:28184 pid:7150  tgid:7149  ppid:5853   task_flags:0x400140 flags:0x00004004
[  290.498023][   T31] Call Trace:
[  290.501345][   T31]  <TASK>
[  290.504281][   T31]  __schedule+0x16fd/0x4cf0
[  290.508923][   T31]  ? __lock_acquire+0xab9/0xd20
[  290.513816][   T31]  ? schedule+0x165/0x360
[  290.518262][   T31]  ? __pfx___schedule+0x10/0x10
[  290.523327][   T31]  ? schedule+0x91/0x360
[  290.527706][   T31]  schedule+0x165/0x360
[  290.531888][   T31]  schedule_preempt_disabled+0x13/0x30
[  290.538378][   T31]  __mutex_lock+0x724/0xe80
[  290.542920][   T31]  ? is_bpf_text_address+0x292/0x2b0
[  290.554171][   T31]  ? __mutex_lock+0x51b/0xe80
[  290.560561][   T31]  ? genl_rcv_msg+0x10d/0x790
[  290.565317][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  290.570998][   T31]  ? stack_trace_save+0x9c/0xe0
[  290.577465][   T31]  ? radix_tree_lookup+0x240/0x290
[  290.582628][   T31]  genl_rcv_msg+0x10d/0x790
[  290.587276][   T31]  ? __lock_acquire+0xab9/0xd20
[  290.592175][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.599531][   T31]  netlink_rcv_skb+0x208/0x470
[  290.604352][   T31]  ? __lock_acquire+0xab9/0xd20
[  290.609653][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.614719][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  290.620233][   T31]  ? down_read+0x1ad/0x2e0
[  290.624691][   T31]  genl_rcv+0x28/0x40
[  290.628810][   T31]  netlink_unicast+0x82f/0x9e0
[  290.633624][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  290.639027][   T31]  ? netlink_sendmsg+0x642/0xb30
[  290.643996][   T31]  ? skb_put+0x11b/0x210
[  290.648475][   T31]  netlink_sendmsg+0x805/0xb30
[  290.653293][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.658760][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  290.663739][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  290.669278][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.674607][   T31]  __sock_sendmsg+0x21c/0x270
[  290.679552][   T31]  __sys_sendto+0x3bd/0x520
[  290.684090][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  290.689836][   T31]  ? count_memcg_event_mm+0x21/0x260
[  290.695177][   T31]  ? exc_page_fault+0x76/0xf0
[  290.702526][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  290.708124][   T31]  __x64_sys_sendto+0xde/0x100
[  290.712969][   T31]  do_syscall_64+0xfa/0x3b0
[  290.717643][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.722882][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.729103][   T31]  ? clear_bhb_loop+0x60/0xb0
[  290.733813][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.739865][   T31] RIP: 0033:0x7f506ef9083c
[  290.744309][   T31] RSP: 002b:00007f506fe30ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  290.752866][   T31] RAX: ffffffffffffffda RBX: 00007f506fe30fc0 RCX: 00007f506ef9083c
[  290.760989][   T31] RDX: 0000000000000028 RSI: 00007f506fe31010 RDI: 0000000000000005
[  290.769143][   T31] RBP: 0000000000000000 R08: 00007f506fe30f14 R09: 000000000000000c
[  290.777212][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  290.785208][   T31] R13: 00007f506fe30f68 R14: 00007f506fe31010 R15: 0000000000000000
[  290.793931][   T31]  </TASK>
[  290.797156][   T31] 
[  290.797156][   T31] Showing all locks held in the system:
[  290.807836][   T31] 1 lock held by khungtaskd/31:
[  290.812724][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  290.822770][   T31] 2 locks held by kworker/u8:8/4616:
[  290.828182][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  290.838311][   T31]  #1: ffffc9000d787bc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  290.851639][   T31] 2 locks held by getty/5613:
[  290.856485][   T31]  #0: ffff88814dd380a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  290.866547][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  290.876888][   T31] 1 lock held by udevd/5902:
[  290.881499][   T31]  #0: ffff888025166358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  290.890938][   T31] 6 locks held by syz.0.350/7087:
[  290.896155][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  290.906183][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  290.915230][   T31]  #2: ffff888025169230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_reconfigure+0x36f/0x1870
[  290.925940][   T31]  #3: ffff888142be5f08 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x2a2/0x6c0
[  290.935426][   T31]  #4: ffff888142be58b0 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: queue_limits_commit_update_frozen+0x5e/0x360
[  290.947939][   T31]  #5: ffff888142be58e8 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: queue_limits_commit_update_frozen+0x5e/0x360
[  290.960206][   T31] 2 locks held by syz.3.358/7109:
[  290.965258][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  290.973616][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  290.982703][   T31] 2 locks held by syz.3.358/7111:
[  290.988659][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  290.999550][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.011603][   T31] 2 locks held by syz.3.358/7116:
[  291.017002][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.025248][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.034633][   T31] 2 locks held by syz.3.358/7120:
[  291.041112][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.049473][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.058663][   T31] 2 locks held by syz.1.367/7136:
[  291.063709][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.072202][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.081620][   T31] 2 locks held by syz.4.371/7147:
[  291.086773][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.095017][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.104208][   T31] 2 locks held by syz.2.372/7150:
[  291.111301][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.120866][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.130013][   T31] 2 locks held by syz-executor/7153:
[  291.135319][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.143718][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.154351][   T31] 2 locks held by syz-executor/7162:
[  291.160035][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.168467][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.177643][   T31] 2 locks held by syz-executor/7173:
[  291.182960][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.191540][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.200826][   T31] 2 locks held by syz-executor/7175:
[  291.206299][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.217473][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.226907][   T31] 2 locks held by syz-executor/7177:
[  291.232230][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.240601][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.249731][   T31] 2 locks held by syz-executor/7198:
[  291.255041][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.263444][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.272737][   T31] 2 locks held by syz-executor/7207:
[  291.278107][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.286517][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.295556][   T31] 2 locks held by syz-executor/7218:
[  291.301021][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.309503][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.320308][   T31] 2 locks held by syz-executor/7220:
[  291.325715][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.334112][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.343292][   T31] 2 locks held by syz-executor/7222:
[  291.348892][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.357283][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.366420][   T31] 2 locks held by syz-executor/7243:
[  291.371733][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.380020][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.389128][   T31] 2 locks held by syz-executor/7252:
[  291.394427][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.402676][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.411803][   T31] 2 locks held by syz-executor/7263:
[  291.418795][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.427258][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.436445][   T31] 2 locks held by syz-executor/7265:
[  291.441748][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.450127][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.459298][   T31] 2 locks held by syz-executor/7267:
[  291.464616][   T31]  #0: ffffffff8f5849f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  291.472942][   T31]  #1: ffffffff8f584808 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  291.482077][   T31] 
[  291.484423][   T31] =============================================
[  291.484423][   T31] 
[  291.493007][   T31] NMI backtrace for cpu 1
[  291.493024][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  291.493049][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.493062][   T31] Call Trace:
[  291.493069][   T31]  <TASK>
[  291.493077][   T31]  dump_stack_lvl+0x189/0x250
[  291.493107][   T31]  ? __wake_up_klogd+0xd9/0x110
[  291.493142][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.493167][   T31]  ? __pfx__printk+0x10/0x10
[  291.493211][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  291.493247][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  291.493278][   T31]  ? _printk+0xcf/0x120
[  291.493311][   T31]  ? __pfx__printk+0x10/0x10
[  291.493351][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  291.493375][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  291.493412][   T31]  watchdog+0xfee/0x1030
[  291.493434][   T31]  ? watchdog+0x1de/0x1030
[  291.493462][   T31]  kthread+0x70e/0x8a0
[  291.493496][   T31]  ? __pfx_watchdog+0x10/0x10
[  291.493514][   T31]  ? __pfx_kthread+0x10/0x10
[  291.493546][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  291.493567][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.493589][   T31]  ? __pfx_kthread+0x10/0x10
[  291.493620][   T31]  ret_from_fork+0x3fc/0x770
[  291.493645][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  291.493674][   T31]  ? __switch_to_asm+0x39/0x70
[  291.493701][   T31]  ? __switch_to_asm+0x33/0x70
[  291.493728][   T31]  ? __pfx_kthread+0x10/0x10
[  291.493759][   T31]  ret_from_fork_asm+0x1a/0x30
[  291.493805][   T31]  </TASK>
[  291.493813][   T31] Sending NMI from CPU 1 to CPUs 0:
[  291.655931][    C0] NMI backtrace for cpu 0
[  291.655949][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  291.655971][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.655982][    C0] RIP: 0010:validate_chain+0xa4/0x2140
[  291.656010][    C0] Code: c6 d6 37 a8 8d e8 ac 94 e5 ff 90 0f 0b 90 90 90 48 bb eb 83 b5 80 46 86 c8 61 49 0f af df 48 c1 eb 2d 48 8b 04 dd 20 93 64 93 <48> 85 c0 0f 94 c1 48 83 c0 f8 0f 94 c2 08 ca 0f 84 24 01 00 00 e8
[  291.656032][    C0] RSP: 0018:ffffc90000007458 EFLAGS: 00000803
[  291.656049][    C0] RAX: ffffffff93b2b7d8 RBX: 000000000004ae08 RCX: 0000000000040000
[  291.656061][    C0] RDX: 0000000000000000 RSI: ffffffff8de95e38 RDI: ffffffff8de95280
[  291.656074][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81aec7ee
[  291.656085][    C0] R10: dffffc0000000000 R11: ffffffff81aec7b0 R12: 0000000000000000
[  291.656098][    C0] R13: ffffffff8de95d70 R14: ffffffff8de95e38 R15: 216ca583170dc552
[  291.656111][    C0] FS:  0000000000000000(0000) GS:ffff888125c12000(0000) knlGS:0000000000000000
[  291.656126][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  291.656138][    C0] CR2: 0000560b666ae000 CR3: 000000000df38000 CR4: 00000000003526f0
[  291.656154][    C0] Call Trace:
[  291.656161][    C0]  <IRQ>
[  291.656168][    C0]  ? __lock_acquire+0xab9/0xd20
[  291.656191][    C0]  ? __lock_acquire+0xab9/0xd20
[  291.656221][    C0]  __lock_acquire+0xab9/0xd20
[  291.656242][    C0]  ? ktime_get+0x3e/0x1f0
[  291.656264][    C0]  lock_acquire+0x120/0x360
[  291.656281][    C0]  ? ktime_get+0x3e/0x1f0
[  291.656308][    C0]  ? ktime_get+0x3e/0x1f0
[  291.656331][    C0]  seqcount_lockdep_reader_access+0xc9/0x1c0
[  291.656355][    C0]  ? ktime_get+0x3e/0x1f0
[  291.656377][    C0]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  291.656402][    C0]  ? __remove_hrtimer+0x143/0x470
[  291.656429][    C0]  ktime_get+0x3e/0x1f0
[  291.656453][    C0]  start_dl_timer+0x20f/0x520
[  291.656473][    C0]  enqueue_dl_entity+0xf6f/0x1d40
[  291.656499][    C0]  dl_server_start+0xe5/0x280
[  291.656520][    C0]  enqueue_task_fair+0xea1/0x1470
[  291.656546][    C0]  ? sched_clock+0x3f/0x60
[  291.656572][    C0]  ? sched_clock_cpu+0x74/0x430
[  291.656595][    C0]  enqueue_task+0x72/0x420
[  291.656618][    C0]  ttwu_do_activate+0x1f3/0x870
[  291.656647][    C0]  try_to_wake_up+0x745/0x1290
[  291.656677][    C0]  kick_pool+0x47d/0x640
[  291.656700][    C0]  __queue_work+0xd09/0xfe0
[  291.656722][    C0]  ? __queue_work+0x103/0xfe0
[  291.656745][    C0]  call_timer_fn+0x17b/0x5f0
[  291.656763][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  291.656784][    C0]  ? call_timer_fn+0xbe/0x5f0
[  291.656801][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  291.656828][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  291.656854][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  291.656878][    C0]  __run_timer_base+0x646/0x860
[  291.656905][    C0]  ? ktime_get+0x3e/0x1f0
[  291.656933][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  291.656958][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  291.656991][    C0]  run_timer_softirq+0xb7/0x180
[  291.657019][    C0]  handle_softirqs+0x286/0x870
[  291.657041][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  291.657064][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  291.657086][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  291.657118][    C0]  __irq_exit_rcu+0xca/0x1f0
[  291.657137][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  291.657161][    C0]  irq_exit_rcu+0x9/0x30
[  291.657179][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  291.657199][    C0]  </IRQ>
[  291.657205][    C0]  <TASK>
[  291.657218][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  291.657238][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  291.657258][    C0] Code: 93 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 ad 17 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  291.657272][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[  291.657287][    C0] RAX: 3245a7fcc4a28600 RBX: ffffffff81976a18 RCX: 3245a7fcc4a28600
[  291.657301][    C0] RDX: 0000000000000001 RSI: ffffffff8d99fd05 RDI: ffffffff8be28d80
[  291.657313][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[  291.657327][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa23cf0
[  291.657340][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[  291.657354][    C0]  ? do_idle+0x1e8/0x510
[  291.657379][    C0]  default_idle+0x13/0x20
[  291.657401][    C0]  default_idle_call+0x74/0xb0
[  291.657423][    C0]  do_idle+0x1e8/0x510
[  291.657443][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.657464][    C0]  ? __pfx_do_idle+0x10/0x10
[  291.657487][    C0]  ? do_idle+0x10/0x510
[  291.657510][    C0]  cpu_startup_entry+0x44/0x60
[  291.657530][    C0]  rest_init+0x2de/0x300
[  291.657554][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  291.657579][    C0]  start_kernel+0x47d/0x500
[  291.657609][    C0]  x86_64_start_reservations+0x24/0x30
[  291.657631][    C0]  x86_64_start_kernel+0x143/0x1c0
[  291.657652][    C0]  common_startup_64+0x13e/0x147
[  291.657685][    C0]  </TASK>
[  291.664458][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  292.159866][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc7-syzkaller-01894-gfaa60990a541 #0 PREEMPT(full) 
[  292.171768][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  292.181831][   T31] Call Trace:
[  292.185142][   T31]  <TASK>
[  292.188079][   T31]  dump_stack_lvl+0x99/0x250
[  292.192685][   T31]  ? __asan_memcpy+0x40/0x70
[  292.197288][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  292.202498][   T31]  ? __pfx__printk+0x10/0x10
[  292.207112][   T31]  panic+0x2db/0x790
[  292.211023][   T31]  ? __pfx_panic+0x10/0x10
[  292.215446][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  292.221280][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  292.226675][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  292.232851][   T31]  watchdog+0x102d/0x1030
[  292.237190][   T31]  ? watchdog+0x1de/0x1030
[  292.241624][   T31]  kthread+0x70e/0x8a0
[  292.245716][   T31]  ? __pfx_watchdog+0x10/0x10
[  292.250402][   T31]  ? __pfx_kthread+0x10/0x10
[  292.255024][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  292.260230][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  292.265702][   T31]  ? __pfx_kthread+0x10/0x10
[  292.270310][   T31]  ret_from_fork+0x3fc/0x770
[  292.274908][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  292.280034][   T31]  ? __switch_to_asm+0x39/0x70
[  292.284827][   T31]  ? __switch_to_asm+0x33/0x70
[  292.289608][   T31]  ? __pfx_kthread+0x10/0x10
[  292.294214][   T31]  ret_from_fork_asm+0x1a/0x30
[  292.299017][   T31]  </TASK>
[  292.302380][   T31] Kernel Offset: disabled
[  292.306705][   T31] Rebooting in 86400 seconds..