last executing test programs:

6.811827624s ago: executing program 0 (id=3250):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0xffffffff}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x78}, 0x1, 0x0, 0x0, 0x840}, 0x0)

6.641789462s ago: executing program 0 (id=3251):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv4_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4}}, 0x18}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x11}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0xc, &(0x7f00000000c0), 0x8}, 0x94)
syz_emit_ethernet(0x32, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d482449a"}}}}}}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000400)="14", 0x2, 0x0, 0x4}, 0x50)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x8040)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x1}, 0x48)
write$cgroup_subtree(r5, &(0x7f0000000200)=ANY=[@ANYRESDEC=r5, @ANYRES64=r5, @ANYRESHEX=r5, @ANYRESHEX=r5, @ANYRESOCT=r5, @ANYRES64=r5, @ANYRESOCT=r5, @ANYRESDEC=r5], 0x32600)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="bd4e54d45303", @dev, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @broadcast, @dev, @local, @multicast2}}}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000440)='cpuacct.usage_user\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYRES16=r4, @ANYRES32=r5], &(0x7f0000000380)='syzkaller\x00', 0x70, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x11, '\x00', 0x0, @fallback=0x17, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000fc020000002300129a2e55f10ab88d295f9a63add2be6f00000000000000000000000000000000000000000000000000000003000000000a0000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac141408000000000000000000000000000000000000ff00000000000000000001000000fc020000000000000000000000000000000000003200000000000000fe8000000000000000000000000000bb023500000000000000000000000000000000000000000000000000000000000000000001000000003c00000002000000ac1414bb0000000000000000000000000000000001030000000000000000000000000000ff020000000000000000000000000001000004d33c00000002000000ffffffff000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000003200000002000000ac141400000000000000000000000000ffffffff0002000000000000000000000300000020010000000000000000000000000001000000002b00000002000000fe880000000000000000000000000001000000000400"/500], 0x23c}}, 0x0)

6.449967553s ago: executing program 0 (id=3255):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x24004800)
sendto$inet(r0, &(0x7f00000000c0)="1261830000000000", 0x8, 0x4084, &(0x7f0000000100)={0x2, 0x0, @empty}, 0x10)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r4=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000003c0)={r4, 0xcb}, 0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000000c0)={r4, 0x7, 0x9, 0x1c0}, 0x10)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010008506000000000000000000000000a9b8311974895addf60eeed3398ae37ad6399c0a85c5e6c0fe0fbb55740a134f27ef1c984f0d2e0707b9fd48d1a9b2f22c5caa93ebcfbd87a864fa27e01a1b58a026b8b53d3affd46c7b737813f70fa5028bc8834a1640c4191fb1d8d118efce7bf7397de523dadf62aa41a3043e47b6cb29fb771943c4c10b42d05a405bf651e9d5a101257c982ed28c300a4188899959b83bfdd7b0a80a1f313531179e3d584539aae5ca04dca44833c4a74c509e085c42d3ba31f0f8ed6880dc0ef13e743db949ea8672a06f3c7685ccdbca0a5c8be8587191e9f7dfc1674366cb536e2ef1de7745", @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)

6.137566573s ago: executing program 0 (id=3263):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
write(r1, &(0x7f0000000000)='b', 0xffffffffffffffa7)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
sendto$inet6(r1, &(0x7f0000000080)="6769c299a39baae5ec17d4614d5b7de90fd24d93bbe73f79913689242145e2689c8746ba9fd7b0e535bc12dcbaef6cd7193e9a6b42416266843bf31bb12ae0829613d4cdab446d368d", 0x49, 0x20004800, &(0x7f0000000140)={0xa, 0x4e22, 0x9, @mcast1, 0x1}, 0x1c)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="01f25e560797483c504f00"/25, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000a5976ac6acd41fd8"], 0x48}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="010000008db879e2b2fa56da00000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x38}}, 0x20000000)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x2}, 0x8)
close(r1)

6.013310886s ago: executing program 0 (id=3266):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000440), &(0x7f0000000080)=@tcp, 0x3}, 0x20)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a4fdd7a6ccb2535880a0d"], 0x26}}, 0x40000)
bind$pptp(r1, &(0x7f0000000140)={0x18, 0x2, {0x1, @multicast2}}, 0x1e)
bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001800010300000000000000000a0000000003"], 0x24}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x864, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}], [@TCA_POLICE_RATE={0x404}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r8, 0x1, 0x28, 0x0, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f00000007c0)={0x0, 0x8, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000780)=0x10)
write$cgroup_subtree(r9, &(0x7f0000000080)=ANY=[@ANYBLOB="180000007800911fdabcf8b3077fa54a07"], 0xfe33)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)=ANY=[@ANYBLOB="1c00000022"], 0x1c}], 0x1}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newtaction={0x18, 0x30, 0x400, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

5.82888418s ago: executing program 0 (id=3269):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000098000000060a010400000000000000000100000008000b400000000070000480340001800b000100657874686472000024000280080001400000000c0800034000000000080004400000002d0500020007000000380001800c0001006269747769736500280002800800014000000014080002400000001209000640000000030400048008000340000000010900010073797a30"], 0x10c}}, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x0, 'ip_vti0\x00', {0x1}, 0x3})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010026bd6000000000002d9300000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000)

3.264647552s ago: executing program 2 (id=3309):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000480)="32780f64398323c37e7b311fcbc8d6756224d03ac5cb3838e854", 0x1a, 0x60000010, &(0x7f00000001c0)={0xa, 0x2, 0xfffe, @loopback, 0xfffffff9}, 0x1c)
shutdown(r0, 0x1)

3.099493479s ago: executing program 2 (id=3313):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'sit0\x00'})
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x80)

2.946857567s ago: executing program 2 (id=3316):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x2, 0x200000ff, 0x4, 0x1}, 0x48)
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'nr0\x00', 0x2000})
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e27, 0x2, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
sendmmsg$inet(r1, &(0x7f0000002e40)=[{{&(0x7f0000000040)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}}], 0x1, 0x4008000)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

2.640858423s ago: executing program 1 (id=3320):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006001000000010"], 0x68}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000140)={'syztnl1\x00', <r2=>0x0, 0x7, 0x1, 0x401, 0x1, {{0x14, 0x4, 0x0, 0x30, 0x50, 0x64, 0x0, 0xfa, 0x4, 0x0, @private=0xa010102, @remote, {[@end, @rr={0x7, 0xb, 0x7e, [@initdev={0xac, 0x1e, 0x0, 0x0}, @remote]}, @timestamp={0x44, 0x14, 0x53, 0x0, 0x4, [0xc86a, 0x5, 0x7, 0x2]}, @cipso={0x86, 0x15, 0x2, [{0x1, 0x2}, {0x6, 0xd, "5736c0950576684d405098"}]}, @lsrr={0x83, 0x7, 0xd6, [@local]}]}}}}})
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010029bd7000ffdbdf2507000000", @ANYRES32=r5, @ANYBLOB="80007f0a0a00020091"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040004)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtclass={0xc48, 0x28, 0x20, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xa}, {0x4, 0xc}, {0xfff1, 0xf}}, [@tclass_kind_options=@c_htb={{0x8}, {0xc1c, 0x2, [@TCA_HTB_CTAB={0x404, 0x3, [0xfffff800, 0x4, 0x8, 0x5, 0x3, 0x6, 0x0, 0x7fffffff, 0xd, 0x5, 0x7, 0x7, 0x1, 0xa67, 0x4, 0x8, 0x5, 0xb391, 0x9, 0x80000000, 0x81, 0x4, 0x0, 0x6, 0x5, 0xd0d, 0x7fffffff, 0xffffff7f, 0x100, 0xfffffff9, 0x0, 0x8, 0xc, 0x6, 0x2, 0x8d4c, 0x6, 0x5, 0xa, 0x7fffffff, 0x1000, 0x3, 0x0, 0x2, 0xffffffff, 0x0, 0x5, 0x9, 0x81, 0x2, 0xc49e, 0x3, 0x4, 0x3, 0x7, 0x9, 0x6, 0x6, 0x6, 0x800, 0xfcf5, 0x7, 0x762, 0x7, 0x8000, 0x6, 0x7, 0x4, 0xf8000000, 0x1c2, 0x9, 0x8, 0xbd27, 0x11, 0x0, 0x4, 0xd, 0x5, 0x101, 0x3, 0x6, 0x5, 0x3, 0x10000000, 0x2, 0xd, 0x4, 0x4, 0x40, 0xc9c, 0x1000, 0x61a9, 0xe4a4, 0x0, 0x2, 0x8001, 0x1, 0x7, 0x3, 0x6, 0x8, 0x1000, 0x5716, 0x6, 0xa3d, 0x7, 0x3, 0xffffff81, 0x80000000, 0x30000000, 0x2, 0xfffffffb, 0xe2, 0x9, 0x7, 0xfffffff3, 0x7, 0x6, 0x0, 0x8, 0x4, 0x2, 0xfffff0ef, 0xffff7fff, 0x2, 0x5, 0x200, 0xc6a, 0x81, 0x6, 0x85, 0x7600, 0x0, 0xffffffff, 0x7, 0x4000000, 0x8, 0x3, 0x3ff, 0x0, 0x2, 0x1, 0x2, 0x4, 0x2, 0xfffffffd, 0x3, 0x9, 0xfff, 0x6, 0x9, 0x9, 0x6, 0x1, 0xffffffff, 0x2, 0x1, 0xffff, 0x6, 0x0, 0x0, 0x1, 0x4, 0x8, 0x5, 0x81, 0x85, 0x3, 0x0, 0xa, 0x7a1, 0x889, 0xff2e, 0x5, 0x80000001, 0x9, 0xffff, 0x10001, 0x8, 0x0, 0xa94, 0x4, 0x20fb, 0x9, 0x1, 0x9, 0xf59c, 0x9, 0x0, 0x81, 0x8001, 0xfffffff7, 0x851, 0xffff0001, 0xb, 0x15, 0x6, 0x7, 0x3, 0xab7, 0xc, 0xbf0, 0x3, 0x1, 0x5, 0x0, 0xffff, 0x6, 0x2, 0x10001, 0x9, 0x7, 0x800, 0xfff, 0xcbbb4847, 0x5, 0x1, 0xfffffffc, 0xfffffffe, 0x9, 0x1, 0xfffff184, 0x8, 0x6, 0x7f, 0x955, 0xa940, 0x88ee, 0x6, 0x1, 0x8, 0x4, 0xe, 0xffffffff, 0x1, 0x8000, 0x8000, 0x7, 0x10, 0xffffffff, 0xe, 0x9, 0x9, 0x7fff, 0x5, 0x98b, 0x8000, 0x6, 0x6, 0x200, 0x2, 0x8ef, 0x4, 0x3, 0x5, 0x8]}, @TCA_HTB_CTAB={0x404, 0x3, [0x80, 0xe, 0x12, 0x2, 0xb6fb, 0x8, 0xe42c, 0x70a2, 0x8, 0xa, 0x4, 0x5, 0x0, 0x4, 0x8, 0x67c, 0xb1, 0x7, 0x2b, 0x6, 0xa, 0x9, 0x2, 0x1ff, 0x8, 0x80, 0xa25, 0x80000001, 0x4, 0xffffffff, 0x81, 0x0, 0xfd0, 0xfffffffc, 0x0, 0x5a9a, 0x800, 0x4, 0x8, 0x9, 0x5, 0x4, 0x0, 0x7, 0x0, 0x3, 0x10000, 0x50000, 0x2, 0x8001, 0x6bdc, 0xfffffffa, 0x92, 0x97b, 0x1000, 0x1, 0x7, 0x7f, 0x1, 0x7, 0x1, 0x5, 0xfffffffe, 0xe14, 0x1, 0xffffffff, 0x0, 0x7, 0x6, 0x7f, 0x8, 0x10, 0x8ab, 0x4, 0x80000000, 0x1ff, 0x9, 0x10000, 0x0, 0xba08, 0x4, 0x100, 0x0, 0x8, 0x1, 0x6, 0x0, 0x4, 0x8, 0x7fff, 0x9, 0x8, 0x3, 0x2, 0x80000000, 0x40, 0xc3, 0x8, 0x1, 0x1625, 0x802f, 0x0, 0xea, 0x8, 0x4, 0x0, 0x80000000, 0x20f, 0x9, 0xb, 0x2, 0xfd2, 0x7f, 0x7fffffff, 0xc, 0x0, 0x2, 0x1, 0x8, 0x9, 0x401, 0x3, 0x6, 0x6, 0x9, 0x8001, 0x0, 0x2, 0x6, 0xa, 0x1, 0x8, 0x6, 0x8, 0x0, 0x4, 0x6, 0x40, 0x3, 0x9, 0x0, 0x3f, 0x288, 0x1, 0x6, 0x5, 0x4, 0xac8, 0xffff, 0x2, 0x9, 0x0, 0xed, 0x4, 0x40, 0x4, 0x2, 0xa, 0x5, 0xd, 0x66a, 0x9, 0x8, 0x7fffffff, 0x5, 0x5, 0x77e9, 0x5, 0xf48f, 0x7, 0x1, 0x7, 0x1, 0x3, 0x9, 0x2000000, 0xffffffff, 0x2, 0x4, 0x2, 0x8001, 0xf, 0x0, 0x80000000, 0x9, 0x4, 0x2, 0x2, 0x8, 0x7c8, 0x3, 0x4, 0x3, 0x1, 0x4, 0x28c, 0x8000, 0x2, 0xd, 0x2, 0x5, 0x5, 0xffff, 0x5, 0x4, 0x1e5, 0x8, 0x7, 0xfff, 0x5, 0x1, 0x101, 0x8, 0x9, 0x7fffffff, 0x4, 0x0, 0x2b3, 0x2, 0x8, 0x7, 0x7, 0x6, 0x7, 0x4, 0x9, 0x80000001, 0x93f6, 0x4, 0x5, 0x8, 0x7f, 0x8, 0x80, 0x1, 0xc658, 0x42, 0xc059, 0xfffffff7, 0x7, 0x8, 0x3ff, 0x400, 0x7, 0xc0, 0x200, 0x4, 0x1, 0xffff8000, 0x10000, 0x6, 0xc4, 0x8, 0x208, 0x2, 0x5]}, @TCA_HTB_CEIL64={0xc, 0x7, 0x10000}, @TCA_HTB_CTAB={0x404, 0x3, [0x1, 0x80000000, 0x5, 0x2, 0xfff, 0x7ff, 0x1, 0x9, 0x1ff, 0x7, 0x1, 0x9, 0xff, 0x200, 0x4, 0x47bd, 0x3, 0x7, 0x9, 0x2, 0x5, 0x1, 0x8f7, 0x7fff, 0x7, 0x400, 0xff, 0x2, 0xb132, 0x10000, 0x4, 0x1000, 0x4814, 0x3c00000, 0x1, 0x5, 0x4, 0x492c, 0x10000, 0x3, 0x9, 0xff, 0x101, 0x1, 0xa5, 0x6, 0x80, 0x8, 0x400, 0x6, 0x4, 0x3, 0x0, 0xfff, 0x3, 0x9, 0x5, 0x8001, 0x7f, 0x4, 0x8, 0x9, 0x8, 0x7f, 0x7, 0x0, 0x8, 0x5, 0x4, 0x6, 0x6, 0x6, 0x4375, 0xfff, 0x10, 0x5, 0x2, 0x4, 0x6, 0x9, 0x3, 0x4, 0x3, 0x4, 0xffff, 0x5, 0xee, 0xe32, 0x902, 0x2, 0xd, 0x6, 0x79, 0x9, 0x5, 0xba75, 0x33a, 0xfffffff7, 0x406, 0x1, 0x78, 0x1, 0x0, 0x1f5, 0xf, 0x9, 0x8514, 0x5, 0x1f66, 0x7, 0x6, 0x4, 0x3371, 0x1, 0x8, 0x8000, 0x7, 0x2, 0x200, 0x4, 0x4, 0x8, 0x7, 0x10001, 0x5, 0xc3, 0x10000, 0x80000001, 0xfffffff7, 0xc, 0x0, 0x2, 0x1, 0x6, 0x80000000, 0x8, 0x8001, 0x8, 0x6, 0x7, 0x8, 0x5, 0xfffffbff, 0x0, 0x5, 0x594, 0x6, 0x10001, 0x6, 0x77, 0x9, 0xfffffc01, 0x2aa, 0xf8, 0x7, 0x2, 0x40, 0x2, 0x1000, 0x4, 0xf, 0x7fffffff, 0x153e, 0xffffffc0, 0x643, 0x8, 0x6, 0x2, 0x0, 0x2, 0x5, 0x1, 0x5, 0x2, 0x0, 0x8, 0x80, 0x38, 0x4, 0xce6, 0x2, 0x2, 0xf, 0x6, 0x4, 0x1, 0xfffffff8, 0x6, 0x9, 0x9, 0x2, 0xfffffff2, 0x8, 0x8, 0x2, 0xfffffff9, 0x0, 0x6, 0x80000000, 0xfffff000, 0x3ff, 0x5c656a82, 0x7fff, 0x3, 0x12, 0x8000, 0xa25, 0xf, 0x7000, 0x5, 0x40, 0x9, 0xa, 0x5, 0x336f, 0x401, 0x2, 0x1, 0x2, 0x8, 0x4, 0x5, 0xe, 0x800, 0x3, 0x200, 0xc, 0x6, 0xc, 0x6, 0x773, 0x12e0000, 0x0, 0x8, 0x1ff, 0x752, 0xa, 0x361, 0x7, 0xa4, 0x8001, 0xb3, 0x2, 0xc, 0x2fe0, 0x2, 0x1, 0x800, 0x59ede202, 0x4, 0x4, 0x7, 0x3, 0x1, 0x4da6e407, 0x5]}]}}]}, 0xc48}}, 0x4004080)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)

1.773849172s ago: executing program 1 (id=3321):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb000000000000000000000000000000000400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0)

1.584511468s ago: executing program 1 (id=3324):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000007300)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @private0}, 0x1c, &(0x7f0000000400)=[{&(0x7f0000000000)="7f21547c", 0x4}], 0x1}}], 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0))
ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x40047440, 0x0)
bind$alg(r1, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000480)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @remote}, @local, 0xfffffffe, 0x0, 0xfffd, 0x0, 0xfffffffffffffffc, 0x4400046, r5})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r7=>0x0})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r7})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@ipv6_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8}}, 0x1c}}, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000380)='\r\x00\x00\x00Y~V\x00\x00\x00\x00\x00\x00', 0xd)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020001000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14}}, 0x28}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000190001002abd7000ffdbdf251d01060015000400030000e0080100002698c13a70ca67e7020000000c000b0004000020020000800800050004faf80cd222ea21"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000001c0)={'bond0\x00', <r12=>0x0})
sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000000000000000000000000a61c0d500c2", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r12, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40000c4}, 0x4054)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
r14 = accept(r1, &(0x7f0000000180)=@pppoe={0x18, 0x0, {0x0, @multicast}}, &(0x7f0000000240)=0x80)
setsockopt$SO_TIMESTAMPING(r14, 0x1, 0x25, &(0x7f0000000440)=0x1640, 0x4)
sendmsg$IPSET_CMD_CREATE(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000228010100000000000000000000000005000100070000000900020073597a43dbfa5ec5177c12716d318e3394f8ca30000000001400078005001500fc00000008001240000000fd0c0003006c6973743a73657400000000"], 0x5c}, 0x1, 0x0, 0x0, 0xc000}, 0xc044)
listen(r0, 0xfff)

1.316693751s ago: executing program 3 (id=3327):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f00000004c0)={{0x6, @rose, 0x6}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r2, 0x80)
accept$netrom(r2, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), r0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newlink={0x3c, 0x10, 0x401, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4801, 0x15319}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

983.53311ms ago: executing program 2 (id=3329):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c0001800600060080"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)

955.897681ms ago: executing program 4 (id=3330):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="f0000000120003", @ANYBLOB="22e2cf8975608d18d91a17cb3776054e081dabffa7f6d27fde1ce1430ce08e97c0b5b8f7c62feaf4d6a382197b0c779680ea688b149c8f8f0743684688243db3cbf65e6217f0aec537"], 0xf0}}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x1b}, @exit], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51}, 0x90)

870.544605ms ago: executing program 3 (id=3331):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x9, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r2, 0x0, 0xfdef)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0xadd, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

869.370248ms ago: executing program 2 (id=3332):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async, rerun: 32)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002300)={0x1c, 0x34, 0x107, 0xffffffff, 0xfffffffe, {0x1, 0x7c}, [@nested={0x8, 0x4, 0x0, 0x1, [@nested={0x4, 0x149}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (async)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x148, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x5, 0x9, 0x48, 0x7, 0xc, 0x4, 0x4}}, @TCA_RED_STAB={0x104, 0x2, "1a00de5bd00d8d44604634839a8f3f5cdf548bc7fda21fc9f12ed25937ef1791bbd1628e6224a3bafb088a85df1f110e78dfcf4ebe1a6861490587997af87970f70724291e929ece5c569501a4b8276a18bfdf5b4ebc76d374ea2bd9b141e6900d0e5f5e2b860aac22f1483ca962a4ba4190b33185f0d8b704dd6f1f95b9f9e3357bb0737e213f677f83e58c5b521ec8b78c0d6869921a2ce4851bb3f56bc8d2c7b9168a942fa8870af9e1ad6c28f83e716c543ec693a6071601d74b9c88931aee46cbf9475946a2ea9b23ab2ce663716ef4026bae6d8d88d012b47eef7b1a02b48ce9e2d3785708e5df2a4e5715d604dfa43c7745a6a8ef4d56506111a7c6b4"}]}}]}, 0x148}}, 0x0) (async, rerun: 32)
listen(r0, 0x8) (async, rerun: 32)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
getpeername$tipc(r5, &(0x7f0000000280)=@name, &(0x7f00000002c0)=0x10)
r6 = accept4(r0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r6, 0x84, 0x1a, &(0x7f00000001c0)={<r7=>0x0, 0x82, "3157a017d6b0bd38f1140c0b5b3f2a753f7d8ddc93ecbf00ff4ce87664745439768c087f5d4515811c737f466f95b7a25cdb4256b32796ca0c5a40c8afe571a24dcde0010d1a5bc7fd281abe33b2cb63a3296cd0a6702d47e5e767162b7f187deb3a90874a5c9b40ae2c0637944b7b958260ce7766950e5cbc23121c8fbce9b99eb3"}, &(0x7f0000000080)=0x8a)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r7, 0xb, 0xffffff81}, &(0x7f0000000100)=0xc)

798.053827ms ago: executing program 4 (id=3333):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb00000000000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0)

702.52573ms ago: executing program 3 (id=3334):
syz_emit_ethernet(0x6a, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d20040", 0x34, 0x3a, 0x0, @dev, @local, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "31c944", 0x0, 0x2b, 0x0, @empty, @remote, [], "d4a3fb00"}}}}}}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x26e1, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='xprt_transmit\x00', r0, 0x0, 0x5}, 0x18)

699.20218ms ago: executing program 4 (id=3335):
connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000f8ffffff00"/28], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x1c}}, @TCA_CHOKE_STAB={0x104, 0x2, "1c1f15f3c5e23d27d29a00dd397b5c11d4cf201c1a0619fc314514ab71788e4079fdbe4f2a0d60b83a7d04c1d709981110401e5e10685abbad9b6f18e303e902c77244658a099a36fa486760c4941ea7df64250af29a4935de5d244f0549d93679b3d4fb358c2076bc6b1c9735ff8243f088e67455ba14975d12e5903ceeb7a23d62ecb5253ad444ef726b58a00f13f22ccc84cc06c9912b621c3ddc5f3229dc84c0880b5c6faefe33413b34a146e592fc15ae234dac030f05bb99eab08dfd2cb5659c6fc21fb7da6c380165ddde4659e75538dc864a53f691e1d785d6e6f73a03abf2120bce67e2d50075fd811b3e03a1cc2d66335bdee19738a0c1fb79b77d"}]}}]}, 0x14c}}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r6)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)=ANY=[@ANYBLOB="140065620c6eed40a7e850d053a20d55a3b243e4887e61", @ANYRES16=r7, @ANYRESHEX=r7], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000680))
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x1c, r10, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4010)
bind$inet6(r8, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r8, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r8, &(0x7f0000000480)="32780f64398323c37e7b311fcbc8d6756224d03ac5cb3838e854", 0x1a, 0x60000010, &(0x7f00000001c0)={0xa, 0x2, 0xfffe, @loopback, 0xfffffff9}, 0x1c)
shutdown(r8, 0x1)

589.473753ms ago: executing program 3 (id=3336):
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x80)

485.833153ms ago: executing program 4 (id=3337):
accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c, 0x80800)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfe04}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x5, 0x0}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}, {0x95, 0x0, 0x6000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfe04}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x5, 0x0}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}, {0x95, 0x0, 0x6000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'ip6_vti0\x00', <r3=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x6c}}, &(0x7f0000000000)='GPL\x00'}, 0x90) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x6c}}, &(0x7f0000000000)='GPL\x00'}, 0x90)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000340), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x2c, r6, 0x1, 0x70bd26, 0x25dfdbfe, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaaa}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20006911}, 0x0)
sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6011a8bc0014060000000000000000000000ffffac141400fe8000000000000000000000000000aa00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='oI\x00\x00'], 0x0) (async)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6011a8bc0014060000000000000000000000ffffac141400fe8000000000000000000000000000aa00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='oI\x00\x00'], 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8) (async)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="ad08c29fb214", @ANYRES16=r9, @ANYBLOB="0100230100003402000002000000"], 0x14}}, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000035c0), 0xffffffffffffffff) (async)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000035c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r8, &(0x7f0000003680)={&(0x7f0000003580)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000003640)={&(0x7f0000003600)={0x38, r10, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'pim6reg1\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000880}, 0x200008c4)

478.136085ms ago: executing program 3 (id=3338):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
close(0x3)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r3, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r3, 0x80)
accept$netrom(r3, 0x0, 0x0)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x806000)
ioctl$FS_IOC_RESVSP(r5, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x4000, 0x9ffffc})
recvmmsg(r2, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}, 0x80}], 0x1, 0x32000, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'veth1_to_hsr\x00'})
write$tun(r1, &(0x7f00000003c0)=ANY=[], 0xdc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r6, 0x0, 0x2, &(0x7f0000000000)={0x9, [0x9, 0x7], 0x5}, 0x10)
ioctl$sock_bt_hci(r6, 0x400448df, &(0x7f00000002c0))
ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000240)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xffffffffffffffff})

425.741286ms ago: executing program 1 (id=3339):
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4400, 0x3, @dev={0xfe, 0x80, '\x00', 0x23}, 0x3}, 0x1c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x53}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl(r1, 0x8b2c, &(0x7f0000000040))

365.878641ms ago: executing program 4 (id=3340):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}})
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000740)='net_prio.prioidx\x00', 0x0, 0x0)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/134, 0x86}], 0x1, 0x0, 0x0)
setsockopt$MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x24}, 0x1}, {0xa, 0x4e22, 0x101, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}, 0xffffffffffffffff, {[0x10, 0xd, 0x2, 0x4, 0x281000, 0x9, 0x800, 0x4]}}, 0x5c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000680), r3)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000000)={0x0, 0x3c, &(0x7f0000000180)={&(0x7f0000000200)={0x38, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CQM={0x1c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x5, 0x5, 0x4d}, @NL80211_ATTR_CQM_TXE_PKTS={0x23, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x337}]}]}, 0x38}}, 0x0)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000d0e8b710e92199fe93949009a4fea9c8bdfd91b75f1c2984172e5e4d4bd80d02511c7c43e40c7196caf83fb4a998ccffb0bdcd470f95fa9e81e165e9996c0ef47ff1e99feeaa6ac71d4eb2bfffb634973690fee7fa0f102b1664162b8e1dac1674deafa752582f42", @ANYRES16=r4, @ANYBLOB="01002dbd7000fddbdf2501000000080008000000000006000a004e2100000800060000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0000003e000701feffffff00000000017c0000040042800c00018080"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

307.301875ms ago: executing program 1 (id=3341):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0003200002801c00178004"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)

162.950124ms ago: executing program 1 (id=3342):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$l2tp6(0xa, 0x2, 0x73) (async)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2) (async)
socket$key(0xf, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6(0xa, 0x80002, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r3=>0x0})
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r4, &(0x7f0000000600)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1, 0x10}}, 0x12)
socket(0x400000000010, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00', <r6=>0x0})
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000000)={r6, 0x1, 0x6, @multicast}, 0x10)
close(r5) (async)
close(r5)
r7 = socket(0x10, 0x80002, 0x0)
connect$l2tp6(r1, &(0x7f0000000100)={0xa, 0x0, 0xb, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3, 0x4}, 0x20)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=@gettfilter={0x74, 0x2e, 0x500, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x7, 0x9}, {0x6, 0x3}, {0xfff2, 0x9}}, [{0x8, 0xb, 0x2}, {0x8, 0xb, 0xa1}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0xfffffe00}, {0x8, 0xb, 0x7fff}, {0x8, 0xb, 0xdcb}, {0x8, 0xb, 0xa}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0xfffffc01}]}, 0x74}, 0x1, 0x0, 0x0, 0x8041}, 0x4000) (async)
sendmsg$nl_route_sched(r8, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=@gettfilter={0x74, 0x2e, 0x500, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x7, 0x9}, {0x6, 0x3}, {0xfff2, 0x9}}, [{0x8, 0xb, 0x2}, {0x8, 0xb, 0xa1}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0xfffffe00}, {0x8, 0xb, 0x7fff}, {0x8, 0xb, 0xdcb}, {0x8, 0xb, 0xa}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0xfffffc01}]}, 0x74}, 0x1, 0x0, 0x0, 0x8041}, 0x4000)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r7, @ANYRES32=r7], 0x44}}, 0x2000800)
r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="60010000", @ANYRES16=r9, @ANYBLOB="010028bd7000fcdbdf25010000001400020077673000000000000000000000000000060006004e21000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d784308000500000000000401088030000080060005000100000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696bd000008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696ba80004"], 0x160}, 0x1, 0x0, 0x0, 0x20048000}, 0x814)

114.016015ms ago: executing program 4 (id=3343):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000001400791048000000000069001e000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0xa3}, 0x21)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x80000000}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$caif_seqpacket(0x25, 0x5, 0x3)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x1c)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@fwd={0x7}]}, {0x0, [0x0, 0x5f, 0x61, 0x20]}}, &(0x7f0000000440)=""/202, 0x2a, 0xca, 0x0, 0x4}, 0x28)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0xb, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2}, [@exit, @exit, @map_fd={0x18, 0x1, 0x1, 0x0, r3}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8001}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x3c, &(0x7f0000000240)=""/60, 0x41000, 0x22, '\x00', r1, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x0, 0x1, 0x7, 0x5}, 0x10, 0xf173, r4, 0x5, &(0x7f00000005c0)=[r3], &(0x7f0000000600)=[{0x2, 0x4, 0xb, 0x7}, {0x3, 0x3, 0xd, 0x5}, {0x2, 0x5, 0x6, 0x4}, {0x4, 0x5, 0x9, 0x7}, {0x2, 0x4, 0x6, 0x9}], 0x10, 0x9}, 0x94)
syz_emit_ethernet(0x19, &(0x7f0000000940)={@remote, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @val={@val={0x88a8, 0x4, 0x1, 0x1}, {0x8100, 0x3, 0x1, 0x4}}, {@llc={0x4, {@llc={0x6, 0x8e, 'L'}}}}}, 0x0)
r6 = socket$inet6(0xa, 0xa, 0x5)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000740)={'batadv0\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000780)={@rand_addr=' \x01\x00', 0x5, r7})

29.867543ms ago: executing program 3 (id=3344):
r0 = socket$inet(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000200000000000feffffff"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff060000000100000045000000250000001900040004", 0x25}], 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000000000000100000004000480080002000100000008000b"], 0x28}}, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x0, @empty}, @in6={0xa, 0x4e24, 0x0, @empty}], 0x38)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r8, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x1c, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b704000002ec0000850000008200000018110000", @ANYRES32=r9, @ANYRESHEX=r0, @ANYRES32=r9, @ANYBLOB="0000000000000000b702000000e27a7cd227000008000000f40cccbf9100003fb8413aaf6aef3900000000b702000000000000ff00000084000000b7"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
r11 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x8, r0}, 0x18)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r11}, 0x10)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0xb4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r7, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x84, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1], 0x0, [0x8, 0x6, 0x3c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x401]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x1}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x1}]}}]}, 0xb4}}, 0x0)

0s ago: executing program 2 (id=3345):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x3, 0x5)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x10, 0x0, 0x63)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x70bd2c, 0x0, {{@in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x40000000000000}, 0x0, 0x0, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x40000000000000}, 0x0, 0x0, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2) (async)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$netlink(0x10, 0x3, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) (async)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

__pfx_genl_rcv_msg+0x10/0x10
[  325.950729][T14067]  ? __pfx_batadv_dat_cache_dump+0x10/0x10
[  325.950756][T14067]  ? __asan_memcpy+0x40/0x70
[  325.950778][T14067]  ? __pfx_ref_tracker_free+0x10/0x10
[  325.950815][T14067]  netlink_rcv_skb+0x205/0x470
[  325.950842][T14067]  ? __lock_acquire+0xab9/0xd20
[  325.950871][T14067]  ? __pfx_genl_rcv_msg+0x10/0x10
[  325.950897][T14067]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  325.950948][T14067]  ? down_read+0x1ad/0x2e0
[  325.950972][T14067]  genl_rcv+0x28/0x40
[  325.950993][T14067]  netlink_unicast+0x82c/0x9e0
[  325.951031][T14067]  ? __pfx_netlink_unicast+0x10/0x10
[  325.951061][T14067]  ? netlink_sendmsg+0x642/0xb30
[  325.951076][T14067]  ? skb_put+0x11b/0x210
[  325.951100][T14067]  netlink_sendmsg+0x805/0xb30
[  325.951130][T14067]  ? __pfx_netlink_sendmsg+0x10/0x10
[  325.951153][T14067]  ? aa_sock_msg_perm+0xf1/0x1d0
[  325.951174][T14067]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  325.951195][T14067]  ? __pfx_netlink_sendmsg+0x10/0x10
[  325.951215][T14067]  __sock_sendmsg+0x21c/0x270
[  325.951256][T14067]  ____sys_sendmsg+0x505/0x830
[  325.951284][T14067]  ? __pfx_____sys_sendmsg+0x10/0x10
[  325.951316][T14067]  ? import_iovec+0x74/0xa0
[  325.951342][T14067]  ___sys_sendmsg+0x21f/0x2a0
[  325.951366][T14067]  ? __pfx____sys_sendmsg+0x10/0x10
[  325.951426][T14067]  ? __fget_files+0x2a/0x420
[  325.951441][T14067]  ? __fget_files+0x3a0/0x420
[  325.951469][T14067]  __x64_sys_sendmsg+0x19b/0x260
[  325.951494][T14067]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  325.951526][T14067]  ? __pfx_ksys_write+0x10/0x10
[  325.951548][T14067]  ? rcu_is_watching+0x15/0xb0
[  325.951577][T14067]  ? do_syscall_64+0xbe/0x3b0
[  325.951600][T14067]  do_syscall_64+0xfa/0x3b0
[  325.951615][T14067]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.951642][T14067]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.951661][T14067]  ? clear_bhb_loop+0x60/0xb0
[  325.951683][T14067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.951701][T14067] RIP: 0033:0x7faca958eba9
[  325.951718][T14067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.951734][T14067] RSP: 002b:00007facaa44b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  325.951750][T14067] RAX: ffffffffffffffda RBX: 00007faca97d5fa0 RCX: 00007faca958eba9
[  325.951762][T14067] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[  325.951771][T14067] RBP: 00007facaa44b090 R08: 0000000000000000 R09: 0000000000000000
[  325.951780][T14067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  325.951789][T14067] R13: 00007faca97d6038 R14: 00007faca97d5fa0 R15: 00007ffd019e2e48
[  325.951814][T14067]  </TASK>
[  326.734229][T14101] netlink: 'syz.0.2546': attribute type 1 has an invalid length.
[  326.805118][T14108] FAULT_INJECTION: forcing a failure.
[  326.805118][T14108] name failslab, interval 1, probability 0, space 0, times 0
[  326.821634][T14108] CPU: 0 UID: 0 PID: 14108 Comm: syz.1.2551 Not tainted syzkaller #0 PREEMPT(full) 
[  326.821663][T14108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  326.821676][T14108] Call Trace:
[  326.821685][T14108]  <TASK>
[  326.821693][T14108]  dump_stack_lvl+0x189/0x250
[  326.821729][T14108]  ? __pfx____ratelimit+0x10/0x10
[  326.821758][T14108]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.821779][T14108]  ? __pfx__printk+0x10/0x10
[  326.821811][T14108]  ? __pfx___might_resched+0x10/0x10
[  326.821828][T14108]  ? fs_reclaim_acquire+0x7d/0x100
[  326.821863][T14108]  should_fail_ex+0x414/0x560
[  326.821896][T14108]  should_failslab+0xa8/0x100
[  326.821927][T14108]  __kmalloc_cache_noprof+0x70/0x3d0
[  326.821953][T14108]  ? ovs_flow_cmd_new+0x294/0xd80
[  326.821988][T14108]  ovs_flow_cmd_new+0x294/0xd80
[  326.822015][T14108]  ? stack_depot_save_flags+0x40/0x860
[  326.822050][T14108]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  326.822144][T14108]  ? __nla_parse+0x40/0x60
[  326.822179][T14108]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  326.822214][T14108]  genl_family_rcv_msg_doit+0x215/0x300
[  326.822244][T14108]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  326.822283][T14108]  ? bpf_lsm_capable+0x9/0x20
[  326.822310][T14108]  ? security_capable+0x7e/0x2e0
[  326.822345][T14108]  genl_rcv_msg+0x60e/0x790
[  326.822377][T14108]  ? __pfx_genl_rcv_msg+0x10/0x10
[  326.822400][T14108]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  326.822432][T14108]  ? __asan_memcpy+0x40/0x70
[  326.822454][T14108]  ? __pfx_ref_tracker_free+0x10/0x10
[  326.822490][T14108]  netlink_rcv_skb+0x205/0x470
[  326.822519][T14108]  ? __lock_acquire+0xab9/0xd20
[  326.822547][T14108]  ? __pfx_genl_rcv_msg+0x10/0x10
[  326.822572][T14108]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  326.822622][T14108]  ? down_read+0x1ad/0x2e0
[  326.822646][T14108]  genl_rcv+0x28/0x40
[  326.822667][T14108]  netlink_unicast+0x82c/0x9e0
[  326.822704][T14108]  ? __pfx_netlink_unicast+0x10/0x10
[  326.822741][T14108]  ? netlink_sendmsg+0x642/0xb30
[  326.822756][T14108]  ? skb_put+0x11b/0x210
[  326.822779][T14108]  netlink_sendmsg+0x805/0xb30
[  326.822808][T14108]  ? __pfx_netlink_sendmsg+0x10/0x10
[  326.822831][T14108]  ? aa_sock_msg_perm+0xf1/0x1d0
[  326.822852][T14108]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  326.822872][T14108]  ? __pfx_netlink_sendmsg+0x10/0x10
[  326.822890][T14108]  __sock_sendmsg+0x21c/0x270
[  326.822919][T14108]  ____sys_sendmsg+0x505/0x830
[  326.822946][T14108]  ? __pfx_____sys_sendmsg+0x10/0x10
[  326.822977][T14108]  ? import_iovec+0x74/0xa0
[  326.823004][T14108]  ___sys_sendmsg+0x21f/0x2a0
[  326.823027][T14108]  ? __pfx____sys_sendmsg+0x10/0x10
[  326.823089][T14108]  ? __fget_files+0x2a/0x420
[  326.823107][T14108]  ? __fget_files+0x3a0/0x420
[  326.823136][T14108]  __x64_sys_sendmsg+0x19b/0x260
[  326.823162][T14108]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  326.823195][T14108]  ? __pfx_ksys_write+0x10/0x10
[  326.823218][T14108]  ? rcu_is_watching+0x15/0xb0
[  326.823244][T14108]  ? do_syscall_64+0xbe/0x3b0
[  326.823267][T14108]  do_syscall_64+0xfa/0x3b0
[  326.823284][T14108]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.823313][T14108]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.823333][T14108]  ? clear_bhb_loop+0x60/0xb0
[  326.823357][T14108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.823376][T14108] RIP: 0033:0x7f560cf8eba9
[  326.823395][T14108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.823410][T14108] RSP: 002b:00007f560dd4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  326.823430][T14108] RAX: ffffffffffffffda RBX: 00007f560d1d5fa0 RCX: 00007f560cf8eba9
[  326.823445][T14108] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  326.823458][T14108] RBP: 00007f560dd4d090 R08: 0000000000000000 R09: 0000000000000000
[  326.823470][T14108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.823482][T14108] R13: 00007f560d1d6038 R14: 00007f560d1d5fa0 R15: 00007ffd203514a8
[  326.823514][T14108]  </TASK>
[  327.308127][T14118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2553'.
[  327.356343][T14120] netlink: 'syz.1.2555': attribute type 10 has an invalid length.
[  327.384647][T14120] bond0: (slave geneve1): Enslaving as an active interface with an up link
[  327.401447][ T6431] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  327.415764][ T6431] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.463180][ T6431] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.480745][ T6431] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.542779][T14133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2559'.
[  327.556549][T14135] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2560'.
[  327.562894][T14133] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2559'.
[  327.713637][T14142] openvswitch: netlink: Key type 29 is not supported
[  327.731136][T14142] FAULT_INJECTION: forcing a failure.
[  327.731136][T14142] name failslab, interval 1, probability 0, space 0, times 0
[  327.759142][T14142] CPU: 1 UID: 0 PID: 14142 Comm: syz.1.2562 Not tainted syzkaller #0 PREEMPT(full) 
[  327.759168][T14142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  327.759180][T14142] Call Trace:
[  327.759188][T14142]  <TASK>
[  327.759196][T14142]  dump_stack_lvl+0x189/0x250
[  327.759224][T14142]  ? __pfx____ratelimit+0x10/0x10
[  327.759254][T14142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.759278][T14142]  ? __pfx__printk+0x10/0x10
[  327.759312][T14142]  ? __pfx___might_resched+0x10/0x10
[  327.759330][T14142]  ? fs_reclaim_acquire+0x7d/0x100
[  327.759364][T14142]  should_fail_ex+0x414/0x560
[  327.759395][T14142]  should_failslab+0xa8/0x100
[  327.759426][T14142]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  327.759453][T14142]  ? __alloc_skb+0x112/0x2d0
[  327.759477][T14142]  __alloc_skb+0x112/0x2d0
[  327.759501][T14142]  netlink_ack+0x146/0xa50
[  327.759527][T14142]  ? __pfx_genl_rcv_msg+0x10/0x10
[  327.759555][T14142]  ? __asan_memcpy+0x40/0x70
[  327.759577][T14142]  ? __pfx_ref_tracker_free+0x10/0x10
[  327.759614][T14142]  netlink_rcv_skb+0x28c/0x470
[  327.759641][T14142]  ? __lock_acquire+0xab9/0xd20
[  327.759680][T14142]  ? __pfx_genl_rcv_msg+0x10/0x10
[  327.759705][T14142]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  327.759755][T14142]  ? down_read+0x1ad/0x2e0
[  327.759779][T14142]  genl_rcv+0x28/0x40
[  327.759800][T14142]  netlink_unicast+0x82c/0x9e0
[  327.759838][T14142]  ? __pfx_netlink_unicast+0x10/0x10
[  327.759868][T14142]  ? netlink_sendmsg+0x642/0xb30
[  327.759885][T14142]  ? skb_put+0x11b/0x210
[  327.759908][T14142]  netlink_sendmsg+0x805/0xb30
[  327.759937][T14142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  327.759960][T14142]  ? aa_sock_msg_perm+0xf1/0x1d0
[  327.759982][T14142]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  327.760001][T14142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  327.760021][T14142]  __sock_sendmsg+0x21c/0x270
[  327.760052][T14142]  ____sys_sendmsg+0x505/0x830
[  327.760080][T14142]  ? __pfx_____sys_sendmsg+0x10/0x10
[  327.760114][T14142]  ? import_iovec+0x74/0xa0
[  327.760142][T14142]  ___sys_sendmsg+0x21f/0x2a0
[  327.760167][T14142]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.760231][T14142]  ? __fget_files+0x2a/0x420
[  327.760248][T14142]  ? __fget_files+0x3a0/0x420
[  327.760278][T14142]  __x64_sys_sendmsg+0x19b/0x260
[  327.760304][T14142]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  327.760337][T14142]  ? __pfx_ksys_write+0x10/0x10
[  327.760362][T14142]  ? rcu_is_watching+0x15/0xb0
[  327.760388][T14142]  ? do_syscall_64+0xbe/0x3b0
[  327.760413][T14142]  do_syscall_64+0xfa/0x3b0
[  327.760430][T14142]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.760459][T14142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.760479][T14142]  ? clear_bhb_loop+0x60/0xb0
[  327.760504][T14142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.760523][T14142] RIP: 0033:0x7f560cf8eba9
[  327.760540][T14142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.760558][T14142] RSP: 002b:00007f560dd4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.760579][T14142] RAX: ffffffffffffffda RBX: 00007f560d1d5fa0 RCX: 00007f560cf8eba9
[  327.760593][T14142] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  327.760606][T14142] RBP: 00007f560dd4d090 R08: 0000000000000000 R09: 0000000000000000
[  327.760618][T14142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  327.760630][T14142] R13: 00007f560d1d6038 R14: 00007f560d1d5fa0 R15: 00007ffd203514a8
[  327.760663][T14142]  </TASK>
[  328.443545][T14162] netlink: 'syz.1.2573': attribute type 2 has an invalid length.
[  328.452206][T14167] netlink: 'syz.3.2572': attribute type 33 has an invalid length.
[  328.484853][T14167] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2572'.
[  328.604454][T14174] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2571'.
[  328.755878][T14185] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2575'.
[  328.816077][T14185] netlink: zone id is out of range
[  328.821534][T14185] netlink: zone id is out of range
[  328.827472][T14185] netlink: zone id is out of range
[  328.832629][T14185] netlink: zone id is out of range
[  328.842896][T14185] netlink: zone id is out of range
[  328.848369][T14185] netlink: zone id is out of range
[  328.853492][T14185] netlink: zone id is out of range
[  328.864143][T14185] netlink: zone id is out of range
[  328.872753][T14185] netlink: zone id is out of range
[  328.872788][T14187] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.2577'.
[  328.992533][T14192] syzkaller0: entered promiscuous mode
[  329.017011][T14192] syzkaller0: entered allmulticast mode
[  329.373108][T14218] netlink: 'syz.3.2588': attribute type 1 has an invalid length.
[  329.651709][T14218] veth5: entered promiscuous mode
[  329.678313][T14218] bond4: (slave veth5): Enslaving as a backup interface with a down link
[  330.022646][T14259] geneve3: entered promiscuous mode
[  330.030573][T14259] geneve3: entered allmulticast mode
[  330.174305][T14269] netlink: 'syz.0.2602': attribute type 1 has an invalid length.
[  330.324260][T14273] bond4: (slave gretap1): making interface the new active one
[  330.339624][T14273] bond4: (slave gretap1): Enslaving as an active interface with an up link
[  330.393793][T14280] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.503739][T14286] netlink: 'syz.1.2607': attribute type 1 has an invalid length.
[  330.543907][T14286] netlink: 'syz.1.2607': attribute type 2 has an invalid length.
[  330.560801][T14286] __nla_validate_parse: 8 callbacks suppressed
[  330.560822][T14286] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2607'.
[  330.603067][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.613212][T14286] syzkaller1: entered promiscuous mode
[  330.613358][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.619771][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.620246][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.620687][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.665668][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.673324][T14286] syzkaller1: entered allmulticast mode
[  330.676088][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.691303][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.701992][T14293] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2611'.
[  330.765043][T14298] netlink: 'syz.0.2613': attribute type 11 has an invalid length.
[  330.794228][T14298] netlink: 'syz.0.2613': attribute type 11 has an invalid length.
[  331.753879][T14358] syzkaller1: entered promiscuous mode
[  331.764178][T14358] syzkaller1: entered allmulticast mode
[  332.347192][T14383] netlink: 'syz.2.2641': attribute type 7 has an invalid length.
[  332.766308][T14410] netlink: 'syz.3.2651': attribute type 4 has an invalid length.
[  332.921386][T14420] net_ratelimit: 224 callbacks suppressed
[  332.921400][T14420] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  333.047010][  T848] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.069903][T14416] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  333.107399][T14416] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  333.141952][T14434] nftables ruleset with unbound chain
[  334.044377][T14479] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  334.082218][T14479] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  334.111522][T14479] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  334.283339][T14489] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[  334.333709][T14496] syzkaller1: entered promiscuous mode
[  334.345694][T14496] syzkaller1: entered allmulticast mode
[  334.403120][ T6431] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  334.428239][ T6431] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  334.554763][ T6431] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  334.564806][ T6431] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  334.678467][T14509] C speed is unknown, defaulting to 1000
[  334.686046][T14509] lo speed is unknown, defaulting to 1000
[  335.871375][T14569] __nla_validate_parse: 54 callbacks suppressed
[  335.871395][T14569] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2698'.
[  336.108091][ T6431] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  336.129530][ T6431] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[  336.151222][ T6431] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  336.156058][T14579] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2702'.
[  336.162953][ T6431] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0
[  336.227374][ T6431] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  336.241824][ T6431] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0
[  336.250965][ T6431] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  336.263966][ T6431] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0
[  336.293625][T14579] gretap0: entered promiscuous mode
[  336.382614][T14587] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2705'.
[  336.386603][T14591] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2704'.
[  336.406259][T14591] netlink: zone id is out of range
[  336.414212][T14587] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2705'.
[  336.415532][T14591] netlink: zone id is out of range
[  336.429658][T14591] netlink: zone id is out of range
[  336.438489][T14587] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2705'.
[  336.460437][T14590] netlink: 'syz.0.2706': attribute type 12 has an invalid length.
[  336.673343][T14593] netlink: 'syz.4.2705': attribute type 12 has an invalid length.
[  336.851010][T14612] netlink: 'syz.4.2710': attribute type 10 has an invalid length.
[  336.888723][T14616] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2712'.
[  336.998772][T14621] bond0: (slave gretap1): Releasing active interface
[  337.314170][T14640] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2718'.
[  337.609852][T14648] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2720'.
[  337.617272][T14646] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2720'.
[  337.831154][T14658] : entered promiscuous mode
[  337.980870][T14672] net_ratelimit: 71 callbacks suppressed
[  337.980891][T14672] openvswitch: netlink: Message has 24 unknown bytes.
[  338.030793][T14672] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  338.190898][T14680] Unsupported xt match
[  338.190919][T14680] unable to load match
[  338.253899][T14690] netlink: zone id is out of range
[  338.277062][T14690] netlink: zone id is out of range
[  338.282229][T14690] netlink: zone id is out of range
[  338.310631][T14690] netlink: zone id is out of range
[  338.315803][T14690] netlink: zone id is out of range
[  338.344917][T14690] netlink: zone id is out of range
[  338.355470][T14690] netlink: zone id is out of range
[  338.374312][T14690] netlink: zone id is out of range
[  338.683522][T14711] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  338.694341][T14711] syzkaller0: entered promiscuous mode
[  338.700596][T14711] syzkaller0: entered allmulticast mode
[  338.714135][T14711] tipc: Resetting bearer <eth:syzkaller0>
[  338.733281][T14709] tipc: Resetting bearer <eth:syzkaller0>
[  338.829124][T14709] tipc: Disabling bearer <eth:syzkaller0>
[  339.239585][T14749] vlan0: entered allmulticast mode
[  339.248871][T14749] veth1: entered allmulticast mode
[  339.318038][T14753] Bluetooth: MGMT ver 1.23
[  339.328446][T14753] netlink: 'syz.2.2755': attribute type 1 has an invalid length.
[  339.409741][T14753] 8021q: adding VLAN 0 to HW filter on device bond9
[  339.461756][T14761] bond9: (slave geneve3): making interface the new active one
[  339.471855][T14761] bond9: (slave geneve3): Enslaving as an active interface with an up link
[  339.493291][T14769] IPVS: sync thread started: state = BACKUP, mcast_ifn = erspan0, syncid = 0, id = 0
[  339.509860][ T6433] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  339.538063][ T6433] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  339.562036][ T6433] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  339.582118][ T6433] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.396436][T14816] IPv6: sit1: Disabled Multicast RS
[  340.645726][T14834] netlink: 'syz.3.2776': attribute type 1 has an invalid length.
[  340.654073][T14834] netlink: 'syz.3.2776': attribute type 1 has an invalid length.
[  340.679945][T14834] netlink: 'syz.3.2776': attribute type 2 has an invalid length.
[  340.796484][T14829] syzkaller0: entered promiscuous mode
[  340.816905][T14829] syzkaller0: entered allmulticast mode
[  342.645156][T14887] netlink: 'syz.2.2791': attribute type 2 has an invalid length.
[  343.206540][T14916] __nla_validate_parse: 9 callbacks suppressed
[  343.206561][T14916] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2801'.
[  343.530456][T14935] net_ratelimit: 41 callbacks suppressed
[  343.530476][T14935] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  343.582345][T14937] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2803'.
[  343.603792][ T5862] bridge0: port 1(syz_tun) entered disabled state
[  343.604196][T14937] netlink: 'syz.3.2803': attribute type 9 has an invalid length.
[  343.692218][ T5862] syz_tun (unregistering): left allmulticast mode
[  343.713802][ T5862] syz_tun (unregistering): left promiscuous mode
[  343.740119][ T5862] bridge0: port 1(syz_tun) entered disabled state
[  343.776458][ T5186] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  343.798494][ T5186] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  343.810066][ T5186] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  343.830602][ T5186] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  343.835798][T14943] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2806'.
[  343.849601][ T5186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  343.896284][T14949] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2807'.
[  343.962340][ T6423] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.075099][T14954] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2809'.
[  344.112667][ T6423] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.202865][T14958] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  344.230372][T14945] C speed is unknown, defaulting to 1000
[  344.253123][ T6423] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.262809][T14963] FAULT_INJECTION: forcing a failure.
[  344.262809][T14963] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.278400][T14963] CPU: 1 UID: 0 PID: 14963 Comm: syz.2.2812 Not tainted syzkaller #0 PREEMPT(full) 
[  344.278426][T14963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  344.278438][T14963] Call Trace:
[  344.278445][T14963]  <TASK>
[  344.278453][T14963]  dump_stack_lvl+0x189/0x250
[  344.278481][T14963]  ? __pfx____ratelimit+0x10/0x10
[  344.278509][T14963]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.278531][T14963]  ? __pfx__printk+0x10/0x10
[  344.278557][T14963]  ? __might_fault+0xb0/0x130
[  344.278594][T14963]  should_fail_ex+0x414/0x560
[  344.278624][T14963]  _copy_from_user+0x2d/0xb0
[  344.278646][T14963]  ___sys_sendmsg+0x158/0x2a0
[  344.278670][T14963]  ? __pfx____sys_sendmsg+0x10/0x10
[  344.278727][T14963]  ? __fget_files+0x2a/0x420
[  344.278742][T14963]  ? __fget_files+0x3a0/0x420
[  344.278769][T14963]  __x64_sys_sendmsg+0x19b/0x260
[  344.278793][T14963]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  344.278824][T14963]  ? __pfx_ksys_write+0x10/0x10
[  344.278846][T14963]  ? rcu_is_watching+0x15/0xb0
[  344.278869][T14963]  ? do_syscall_64+0xbe/0x3b0
[  344.278907][T14963]  do_syscall_64+0xfa/0x3b0
[  344.278924][T14963]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.278953][T14963]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.278972][T14963]  ? clear_bhb_loop+0x60/0xb0
[  344.278996][T14963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.279015][T14963] RIP: 0033:0x7ff2b6d8eba9
[  344.279032][T14963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.279048][T14963] RSP: 002b:00007ff2b7cf9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  344.279068][T14963] RAX: ffffffffffffffda RBX: 00007ff2b6fd5fa0 RCX: 00007ff2b6d8eba9
[  344.279083][T14963] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  344.279095][T14963] RBP: 00007ff2b7cf9090 R08: 0000000000000000 R09: 0000000000000000
[  344.279108][T14963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  344.279119][T14963] R13: 00007ff2b6fd6038 R14: 00007ff2b6fd5fa0 R15: 00007ffc609005d8
[  344.279152][T14963]  </TASK>
[  344.282351][T14961] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  344.458136][T14968] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2814'.
[  344.463620][T14945] lo speed is unknown, defaulting to 1000
[  344.575190][T14958] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  344.638124][ T6423] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.693527][T14958] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  344.896485][T14958] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  345.326819][T14995] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2825'.
[  345.399098][T14998] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2826'.
[  345.417189][T14999] netlink: zone id is out of range
[  345.422441][T14999] netlink: zone id is out of range
[  345.446505][T14999] netlink: zone id is out of range
[  345.466056][T14999] netlink: zone id is out of range
[  345.488476][T14999] netlink: zone id is out of range
[  345.493753][T14999] netlink: zone id is out of range
[  345.521868][T14999] netlink: zone id is out of range
[  345.536491][T14999] netlink: zone id is out of range
[  345.556374][T14999] netlink: zone id is out of range
[  345.672469][T15008] IPv6: NLM_F_CREATE should be specified when creating new route
[  345.930939][ T6423] bond0 (unregistering): (slave geneve1): Releasing backup interface
[  345.938056][ T5186] Bluetooth: hci0: command tx timeout
[  346.180411][ T6423] bond0 (unregistering): Released all slaves
[  346.199060][ T6423] bond1 (unregistering): Released all slaves
[  346.222352][ T6421] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  346.305304][ T6431] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  346.324779][ T6423] : left promiscuous mode
[  346.443312][ T3575] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  346.475924][ T3575] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  346.497293][ T6423] tipc: Left network mode
[  346.523207][ T6423] IPVS: stopping master sync thread 10543 ...
[  346.745165][T15036] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  346.756328][T15036] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue
[  346.766138][T15036] gretap2: entered promiscuous mode
[  346.771564][T15036] gretap2: entered allmulticast mode
[  346.812707][T15033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2836'.
[  346.842847][T15033] bridge0: left promiscuous mode
[  346.936228][T14945] chnl_net:caif_netlink_parms(): no params data found
[  346.945319][T15041] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2837'.
[  347.203400][T15056] FAULT_INJECTION: forcing a failure.
[  347.203400][T15056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.217996][T15056] CPU: 1 UID: 0 PID: 15056 Comm: syz.0.2841 Not tainted syzkaller #0 PREEMPT(full) 
[  347.218024][T15056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  347.218036][T15056] Call Trace:
[  347.218043][T15056]  <TASK>
[  347.218051][T15056]  dump_stack_lvl+0x189/0x250
[  347.218078][T15056]  ? __pfx____ratelimit+0x10/0x10
[  347.218107][T15056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.218130][T15056]  ? __pfx__printk+0x10/0x10
[  347.218169][T15056]  should_fail_ex+0x414/0x560
[  347.218200][T15056]  _copy_to_user+0x31/0xb0
[  347.218224][T15056]  simple_read_from_buffer+0xe1/0x170
[  347.218257][T15056]  proc_fail_nth_read+0x1b3/0x220
[  347.218282][T15056]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  347.218306][T15056]  ? rw_verify_area+0x2a6/0x4d0
[  347.218330][T15056]  ? __lock_acquire+0xab9/0xd20
[  347.218355][T15056]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  347.218378][T15056]  vfs_read+0x200/0xa30
[  347.218400][T15056]  ? fdget_pos+0x247/0x320
[  347.218421][T15056]  ? __pfx___mutex_lock+0x10/0x10
[  347.218439][T15056]  ? __pfx_vfs_read+0x10/0x10
[  347.218465][T15056]  ? __fget_files+0x2a/0x420
[  347.218503][T15056]  ? __fget_files+0x3a0/0x420
[  347.218519][T15056]  ? __fget_files+0x2a/0x420
[  347.218547][T15056]  ksys_read+0x145/0x250
[  347.218576][T15056]  ? __pfx_ksys_read+0x10/0x10
[  347.218598][T15056]  ? rcu_is_watching+0x15/0xb0
[  347.218624][T15056]  ? do_syscall_64+0xbe/0x3b0
[  347.218647][T15056]  do_syscall_64+0xfa/0x3b0
[  347.218676][T15056]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.218702][T15056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.218721][T15056]  ? clear_bhb_loop+0x60/0xb0
[  347.218744][T15056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.218784][T15056] RIP: 0033:0x7faca958d5bc
[  347.218801][T15056] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  347.218817][T15056] RSP: 002b:00007facaa44b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  347.218836][T15056] RAX: ffffffffffffffda RBX: 00007faca97d5fa0 RCX: 00007faca958d5bc
[  347.218850][T15056] RDX: 000000000000000f RSI: 00007facaa44b0a0 RDI: 0000000000000004
[  347.218862][T15056] RBP: 00007facaa44b090 R08: 0000000000000000 R09: 0000000000000000
[  347.218873][T15056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.218884][T15056] R13: 00007faca97d6038 R14: 00007faca97d5fa0 R15: 00007ffd019e2e48
[  347.218915][T15056]  </TASK>
[  347.220202][T14945] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.530657][T15065] FAULT_INJECTION: forcing a failure.
[  347.530657][T15065] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.548028][T15065] CPU: 1 UID: 0 PID: 15065 Comm: syz.3.2846 Not tainted syzkaller #0 PREEMPT(full) 
[  347.548057][T15065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  347.548069][T15065] Call Trace:
[  347.548077][T15065]  <TASK>
[  347.548085][T15065]  dump_stack_lvl+0x189/0x250
[  347.548112][T15065]  ? __pfx____ratelimit+0x10/0x10
[  347.548141][T15065]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.548163][T15065]  ? __pfx__printk+0x10/0x10
[  347.548188][T15065]  ? __might_fault+0xb0/0x130
[  347.548244][T15065]  should_fail_ex+0x414/0x560
[  347.548289][T15065]  _copy_from_user+0x2d/0xb0
[  347.548312][T15065]  ___sys_sendmsg+0x158/0x2a0
[  347.548336][T15065]  ? __pfx____sys_sendmsg+0x10/0x10
[  347.548414][T15065]  ? __fget_files+0x2a/0x420
[  347.548431][T15065]  ? __fget_files+0x3a0/0x420
[  347.548460][T15065]  __x64_sys_sendmsg+0x19b/0x260
[  347.548485][T15065]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  347.548518][T15065]  ? __pfx_ksys_write+0x10/0x10
[  347.548542][T15065]  ? rcu_is_watching+0x15/0xb0
[  347.548583][T15065]  ? do_syscall_64+0xbe/0x3b0
[  347.548604][T15065]  do_syscall_64+0xfa/0x3b0
[  347.548620][T15065]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.548646][T15065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.548663][T15065]  ? clear_bhb_loop+0x60/0xb0
[  347.548686][T15065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.548704][T15065] RIP: 0033:0x7f97ce38eba9
[  347.548720][T15065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.548735][T15065] RSP: 002b:00007f97cf26d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  347.548754][T15065] RAX: ffffffffffffffda RBX: 00007f97ce5d5fa0 RCX: 00007f97ce38eba9
[  347.548767][T15065] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  347.548779][T15065] RBP: 00007f97cf26d090 R08: 0000000000000000 R09: 0000000000000000
[  347.548790][T15065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.548801][T15065] R13: 00007f97ce5d6038 R14: 00007f97ce5d5fa0 R15: 00007ffe6fd52768
[  347.548831][T15065]  </TASK>
[  347.549238][T14945] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.665964][T15063] netlink: 'syz.2.2844': attribute type 1 has an invalid length.
[  347.671628][T14945] bridge_slave_0: entered allmulticast mode
[  347.793150][T14945] bridge_slave_0: entered promiscuous mode
[  347.811781][T15068] netlink: 'syz.2.2844': attribute type 13 has an invalid length.
[  347.828632][T14945] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.883778][T14945] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.895854][T14945] bridge_slave_1: entered allmulticast mode
[  347.905732][T14945] bridge_slave_1: entered promiscuous mode
[  348.007098][ T5186] Bluetooth: hci0: command tx timeout
[  348.113362][T14945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  348.144799][T14945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  348.285586][T15088] batman_adv: batadv0: Interface deactivated: dummy0
[  348.355592][T15098] FAULT_INJECTION: forcing a failure.
[  348.355592][T15098] name failslab, interval 1, probability 0, space 0, times 0
[  348.372858][T15098] CPU: 0 UID: 0 PID: 15098 Comm: syz.0.2857 Not tainted syzkaller #0 PREEMPT(full) 
[  348.372890][T15098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  348.372902][T15098] Call Trace:
[  348.372909][T15098]  <TASK>
[  348.372917][T15098]  dump_stack_lvl+0x189/0x250
[  348.372944][T15098]  ? __pfx____ratelimit+0x10/0x10
[  348.372973][T15098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  348.372995][T15098]  ? __pfx__printk+0x10/0x10
[  348.373026][T15098]  ? __pfx___might_resched+0x10/0x10
[  348.373049][T15098]  should_fail_ex+0x414/0x560
[  348.373090][T15098]  should_failslab+0xa8/0x100
[  348.373120][T15098]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  348.373146][T15098]  ? __alloc_skb+0x112/0x2d0
[  348.373169][T15098]  __alloc_skb+0x112/0x2d0
[  348.373191][T15098]  netlink_sendmsg+0x5c6/0xb30
[  348.373219][T15098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.373240][T15098]  ? aa_sock_msg_perm+0xf1/0x1d0
[  348.373259][T15098]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  348.373279][T15098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.373298][T15098]  __sock_sendmsg+0x21c/0x270
[  348.373326][T15098]  ____sys_sendmsg+0x505/0x830
[  348.373352][T15098]  ? __pfx_____sys_sendmsg+0x10/0x10
[  348.373382][T15098]  ? import_iovec+0x74/0xa0
[  348.373408][T15098]  ___sys_sendmsg+0x21f/0x2a0
[  348.373439][T15098]  ? __pfx____sys_sendmsg+0x10/0x10
[  348.373495][T15098]  ? __fget_files+0x2a/0x420
[  348.373510][T15098]  ? __fget_files+0x3a0/0x420
[  348.373536][T15098]  __x64_sys_sendmsg+0x19b/0x260
[  348.373559][T15098]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  348.373589][T15098]  ? __pfx_ksys_write+0x10/0x10
[  348.373612][T15098]  ? rcu_is_watching+0x15/0xb0
[  348.373635][T15098]  ? do_syscall_64+0xbe/0x3b0
[  348.373657][T15098]  do_syscall_64+0xfa/0x3b0
[  348.373673][T15098]  ? lockdep_hardirqs_on+0x9c/0x150
[  348.373699][T15098]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.373717][T15098]  ? clear_bhb_loop+0x60/0xb0
[  348.373739][T15098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.373756][T15098] RIP: 0033:0x7faca958eba9
[  348.373772][T15098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.373786][T15098] RSP: 002b:00007facaa44b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  348.373805][T15098] RAX: ffffffffffffffda RBX: 00007faca97d5fa0 RCX: 00007faca958eba9
[  348.373818][T15098] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  348.373829][T15098] RBP: 00007facaa44b090 R08: 0000000000000000 R09: 0000000000000000
[  348.373841][T15098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  348.373851][T15098] R13: 00007faca97d6038 R14: 00007faca97d5fa0 R15: 00007ffd019e2e48
[  348.373881][T15098]  </TASK>
[  348.660824][T15100] netlink: 'syz.2.2858': attribute type 1 has an invalid length.
[  348.678666][ T1016] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 256 - 0
[  348.710963][ T1016] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 256 - 0
[  348.714220][T15101] __nla_validate_parse: 4 callbacks suppressed
[  348.714238][T15101] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2858'.
[  348.720226][ T1016] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 256 - 0
[  348.821961][T14945] team0: Port device team_slave_0 added
[  348.946563][T15104] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2860'.
[  348.948852][T15114] FAULT_INJECTION: forcing a failure.
[  348.948852][T15114] name failslab, interval 1, probability 0, space 0, times 0
[  348.968522][T15100] 8021q: adding VLAN 0 to HW filter on device bond10
[  348.975955][ T1016] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 256 - 0
[  348.984697][T15114] CPU: 0 UID: 0 PID: 15114 Comm: syz.0.2861 Not tainted syzkaller #0 PREEMPT(full) 
[  348.984723][T15114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  348.984736][T15114] Call Trace:
[  348.984743][T15114]  <TASK>
[  348.984752][T15114]  dump_stack_lvl+0x189/0x250
[  348.984780][T15114]  ? __pfx____ratelimit+0x10/0x10
[  348.984811][T15114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  348.984834][T15114]  ? __pfx__printk+0x10/0x10
[  348.984864][T15114]  ? __pfx___might_resched+0x10/0x10
[  348.984884][T15114]  ? fs_reclaim_acquire+0x7d/0x100
[  348.984919][T15114]  should_fail_ex+0x414/0x560
[  348.984951][T15114]  should_failslab+0xa8/0x100
[  348.984983][T15114]  __kmalloc_noprof+0xcb/0x4f0
[  348.985009][T15114]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  348.985059][T15114]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  348.985094][T15114]  genl_family_rcv_msg_doit+0xb8/0x300
[  348.985128][T15114]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  348.985163][T15114]  ? apparmor_capable+0x137/0x1b0
[  348.985190][T15114]  ? bpf_lsm_capable+0x9/0x20
[  348.985216][T15114]  ? security_capable+0x7e/0x2e0
[  348.985253][T15114]  genl_rcv_msg+0x60e/0x790
[  348.985285][T15114]  ? __pfx_genl_rcv_msg+0x10/0x10
[  348.985309][T15114]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  348.985342][T15114]  ? __asan_memcpy+0x40/0x70
[  348.985363][T15114]  ? __pfx_ref_tracker_free+0x10/0x10
[  348.985402][T15114]  netlink_rcv_skb+0x205/0x470
[  348.985430][T15114]  ? __lock_acquire+0xab9/0xd20
[  348.985460][T15114]  ? __pfx_genl_rcv_msg+0x10/0x10
[  348.985486][T15114]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  348.985540][T15114]  ? down_read+0x1ad/0x2e0
[  348.985564][T15114]  genl_rcv+0x28/0x40
[  348.985586][T15114]  netlink_unicast+0x82c/0x9e0
[  348.985633][T15114]  ? __pfx_netlink_unicast+0x10/0x10
[  348.985664][T15114]  ? netlink_sendmsg+0x642/0xb30
[  348.985681][T15114]  ? skb_put+0x11b/0x210
[  348.985706][T15114]  netlink_sendmsg+0x805/0xb30
[  348.985736][T15114]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.985760][T15114]  ? aa_sock_msg_perm+0xf1/0x1d0
[  348.985781][T15114]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  348.985802][T15114]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.985823][T15114]  __sock_sendmsg+0x21c/0x270
[  348.985855][T15114]  ____sys_sendmsg+0x505/0x830
[  348.985884][T15114]  ? __pfx_____sys_sendmsg+0x10/0x10
[  348.985918][T15114]  ? import_iovec+0x74/0xa0
[  348.985947][T15114]  ___sys_sendmsg+0x21f/0x2a0
[  348.985973][T15114]  ? __pfx____sys_sendmsg+0x10/0x10
[  348.986039][T15114]  ? __fget_files+0x2a/0x420
[  348.986057][T15114]  ? __fget_files+0x3a0/0x420
[  348.986087][T15114]  __x64_sys_sendmsg+0x19b/0x260
[  348.986113][T15114]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  348.986148][T15114]  ? __pfx_ksys_write+0x10/0x10
[  348.986172][T15114]  ? rcu_is_watching+0x15/0xb0
[  348.986199][T15114]  ? do_syscall_64+0xbe/0x3b0
[  348.986223][T15114]  do_syscall_64+0xfa/0x3b0
[  348.986240][T15114]  ? lockdep_hardirqs_on+0x9c/0x150
[  348.986270][T15114]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.986289][T15114]  ? clear_bhb_loop+0x60/0xb0
[  348.986314][T15114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.986334][T15114] RIP: 0033:0x7faca958eba9
[  348.986351][T15114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.986369][T15114] RSP: 002b:00007facaa44b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  348.986390][T15114] RAX: ffffffffffffffda RBX: 00007faca97d5fa0 RCX: 00007faca958eba9
[  348.986405][T15114] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  348.986418][T15114] RBP: 00007facaa44b090 R08: 0000000000000000 R09: 0000000000000000
[  348.986430][T15114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  348.986442][T15114] R13: 00007faca97d6038 R14: 00007faca97d5fa0 R15: 00007ffd019e2e48
[  348.986488][T15114]  </TASK>
[  349.439381][T14945] team0: Port device team_slave_1 added
[  349.689719][T15121] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2865'.
[  349.771154][T15135] net_ratelimit: 117 callbacks suppressed
[  349.771175][T15135] netlink: zone id is out of range
[  349.822556][T15123] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2866'.
[  349.863222][T15135] netlink: zone id is out of range
[  349.883774][T15135] netlink: zone id is out of range
[  349.933879][T15135] netlink: zone id is out of range
[  349.960797][T15135] netlink: zone id is out of range
[  349.983324][T15135] netlink: zone id is out of range
[  349.988475][T14945] batman_adv: batadv0: Adding interface: batadv_slave_0
[  350.020547][T15135] netlink: zone id is out of range
[  350.025853][T14945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.041688][T15135] netlink: zone id is out of range
[  350.086224][T14945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  350.087067][ T5186] Bluetooth: hci0: command tx timeout
[  350.114362][T14945] batman_adv: batadv0: Adding interface: batadv_slave_1
[  350.142733][T15135] netlink: zone id is out of range
[  350.148300][T15135] netlink: zone id is out of range
[  350.149181][T14945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.183196][T14945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  350.264284][ T6423] hsr_slave_0: left promiscuous mode
[  350.273599][ T6423] hsr_slave_1: left promiscuous mode
[  350.367150][T15159] netlink: 'syz.4.2869': attribute type 1 has an invalid length.
[  350.375087][T15159] netlink: 'syz.4.2869': attribute type 3 has an invalid length.
[  350.386204][T15159] netlink: 'syz.4.2869': attribute type 235 has an invalid length.
[  350.387054][T15160] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2870'.
[  350.451288][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2870'.
[  351.153034][T15175] syzkaller1: entered promiscuous mode
[  351.176754][T15175] syzkaller1: entered allmulticast mode
[  351.260082][T15180] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2877'.
[  351.286425][T15182] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2878'.
[  351.345019][T15183] netlink: 'syz.3.2878': attribute type 12 has an invalid length.
[  351.352732][T14945] hsr_slave_0: entered promiscuous mode
[  351.361342][T14945] hsr_slave_1: entered promiscuous mode
[  351.371350][T14945] debugfs: 'hsr0' already exists in 'hsr'
[  351.378962][T14945] Cannot create hsr debugfs directory
[  351.400155][T15188] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2877'.
[  351.544784][T15187] netlink: 'syz.3.2878': attribute type 12 has an invalid length.
[  351.794577][ T6423] IPVS: stop unused estimator thread 0...
[  351.835933][T15210] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2888'.
[  352.166769][ T5878] Bluetooth: hci0: command tx timeout
[  352.534042][T15259] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  352.682251][T14945] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  352.717594][T14945] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  352.752143][T14945] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  352.804300][T14945] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  352.890466][T15280] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  352.909215][T15280] syzkaller0: entered promiscuous mode
[  352.914715][T15280] syzkaller0: entered allmulticast mode
[  353.014744][T15280] tipc: Resetting bearer <eth:syzkaller0>
[  353.032604][T15279] tipc: Resetting bearer <eth:syzkaller0>
[  353.059782][T15279] tipc: Disabling bearer <eth:syzkaller0>
[  353.089658][T15293] bond5: (slave geneve3): Enslaving as an active interface with an up link
[  353.105052][ T6423] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  353.114991][ T6423] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  353.159617][ T6423] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  353.189211][ T6423] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  353.293863][T14945] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.311284][ T6423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.331769][ T6423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.341528][T14945] 8021q: adding VLAN 0 to HW filter on device team0
[  353.374140][ T6423] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.381359][ T6423] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.444405][ T6423] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.451661][ T6423] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.539151][T15323] FAULT_INJECTION: forcing a failure.
[  353.539151][T15323] name failslab, interval 1, probability 0, space 0, times 0
[  353.602241][T15323] CPU: 1 UID: 0 PID: 15323 Comm: syz.0.2921 Not tainted syzkaller #0 PREEMPT(full) 
[  353.602276][T15323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  353.602289][T15323] Call Trace:
[  353.602297][T15323]  <TASK>
[  353.602307][T15323]  dump_stack_lvl+0x189/0x250
[  353.602336][T15323]  ? __pfx____ratelimit+0x10/0x10
[  353.602368][T15323]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.602393][T15323]  ? __pfx__printk+0x10/0x10
[  353.602441][T15323]  ? __pfx___might_resched+0x10/0x10
[  353.602468][T15323]  should_fail_ex+0x414/0x560
[  353.602501][T15323]  should_failslab+0xa8/0x100
[  353.602534][T15323]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  353.602564][T15323]  ? ovs_nla_get_match+0x3b5/0x18c0
[  353.602584][T15323]  ? __parse_vlan_from_nlattrs+0x1dc/0x12e0
[  353.602615][T15323]  kmemdup_noprof+0x2b/0x70
[  353.602647][T15323]  ovs_nla_get_match+0x3b5/0x18c0
[  353.602668][T15323]  ? ___sys_sendmsg+0x21f/0x2a0
[  353.602689][T15323]  ? __x64_sys_sendmsg+0x19b/0x260
[  353.602725][T15323]  ? __pfx_ovs_nla_get_match+0x10/0x10
[  353.602793][T15323]  ? __asan_memset+0x22/0x50
[  353.602824][T15323]  ovs_flow_cmd_new+0x324/0xd80
[  353.602854][T15323]  ? stack_depot_save_flags+0x40/0x860
[  353.602892][T15323]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  353.602994][T15323]  ? __nla_parse+0x40/0x60
[  353.603030][T15323]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  353.603067][T15323]  genl_family_rcv_msg_doit+0x215/0x300
[  353.603101][T15323]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  353.603143][T15323]  ? bpf_lsm_capable+0x9/0x20
[  353.603170][T15323]  ? security_capable+0x7e/0x2e0
[  353.603208][T15323]  genl_rcv_msg+0x60e/0x790
[  353.603245][T15323]  ? __pfx_genl_rcv_msg+0x10/0x10
[  353.603269][T15323]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  353.603302][T15323]  ? __asan_memcpy+0x40/0x70
[  353.603324][T15323]  ? __pfx_ref_tracker_free+0x10/0x10
[  353.603362][T15323]  netlink_rcv_skb+0x205/0x470
[  353.603391][T15323]  ? __lock_acquire+0xab9/0xd20
[  353.603430][T15323]  ? __pfx_genl_rcv_msg+0x10/0x10
[  353.603457][T15323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  353.603510][T15323]  ? down_read+0x1ad/0x2e0
[  353.603534][T15323]  genl_rcv+0x28/0x40
[  353.603555][T15323]  netlink_unicast+0x82c/0x9e0
[  353.603594][T15323]  ? __pfx_netlink_unicast+0x10/0x10
[  353.603626][T15323]  ? netlink_sendmsg+0x642/0xb30
[  353.603643][T15323]  ? skb_put+0x11b/0x210
[  353.603668][T15323]  netlink_sendmsg+0x805/0xb30
[  353.603698][T15323]  ? __pfx_netlink_sendmsg+0x10/0x10
[  353.603722][T15323]  ? aa_sock_msg_perm+0xf1/0x1d0
[  353.603745][T15323]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  353.603767][T15323]  ? __pfx_netlink_sendmsg+0x10/0x10
[  353.603788][T15323]  __sock_sendmsg+0x21c/0x270
[  353.603820][T15323]  ____sys_sendmsg+0x505/0x830
[  353.603850][T15323]  ? __pfx_____sys_sendmsg+0x10/0x10
[  353.603885][T15323]  ? import_iovec+0x74/0xa0
[  353.603914][T15323]  ___sys_sendmsg+0x21f/0x2a0
[  353.603940][T15323]  ? __pfx____sys_sendmsg+0x10/0x10
[  353.604006][T15323]  ? __fget_files+0x2a/0x420
[  353.604024][T15323]  ? __fget_files+0x3a0/0x420
[  353.604054][T15323]  __x64_sys_sendmsg+0x19b/0x260
[  353.604081][T15323]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  353.604116][T15323]  ? __pfx_ksys_write+0x10/0x10
[  353.604140][T15323]  ? rcu_is_watching+0x15/0xb0
[  353.604167][T15323]  ? do_syscall_64+0xbe/0x3b0
[  353.604192][T15323]  do_syscall_64+0xfa/0x3b0
[  353.604210][T15323]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.604240][T15323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.604261][T15323]  ? clear_bhb_loop+0x60/0xb0
[  353.604286][T15323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.604307][T15323] RIP: 0033:0x7faca958eba9
[  353.604325][T15323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.604343][T15323] RSP: 002b:00007facaa44b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  353.604366][T15323] RAX: ffffffffffffffda RBX: 00007faca97d5fa0 RCX: 00007faca958eba9
[  353.604380][T15323] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  353.604394][T15323] RBP: 00007facaa44b090 R08: 0000000000000000 R09: 0000000000000000
[  353.604406][T15323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  353.604424][T15323] R13: 00007faca97d6038 R14: 00007faca97d5fa0 R15: 00007ffd019e2e48
[  353.604459][T15323]  </TASK>
[  354.225925][T15338] delete_channel: no stack
[  354.246892][ T5878] Bluetooth: hci0: command 0x0405 tx timeout
[  354.384908][T14945] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.552952][T14945] veth0_vlan: entered promiscuous mode
[  354.625043][T15360] __nla_validate_parse: 5 callbacks suppressed
[  354.625063][T15360] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2930'.
[  354.640245][T14945] veth1_vlan: entered promiscuous mode
[  354.840038][T14945] veth0_macvtap: entered promiscuous mode
[  354.873003][T14945] veth1_macvtap: entered promiscuous mode
[  354.873140][T15374] FAULT_INJECTION: forcing a failure.
[  354.873140][T15374] name failslab, interval 1, probability 0, space 0, times 0
[  354.883838][T15370] C speed is unknown, defaulting to 1000
[  354.911717][T15375] netlink: 176 bytes leftover after parsing attributes in process `syz.4.2935'.
[  354.927422][T15375] ip6gretap0: entered promiscuous mode
[  354.935584][T15374] CPU: 0 UID: 0 PID: 15374 Comm: syz.2.2934 Not tainted syzkaller #0 PREEMPT(full) 
[  354.935609][T15374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  354.935622][T15374] Call Trace:
[  354.935630][T15374]  <TASK>
[  354.935638][T15374]  dump_stack_lvl+0x189/0x250
[  354.935668][T15374]  ? __pfx____ratelimit+0x10/0x10
[  354.935697][T15374]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.935720][T15374]  ? __pfx__printk+0x10/0x10
[  354.935755][T15374]  ? __pfx___might_resched+0x10/0x10
[  354.935774][T15374]  ? fs_reclaim_acquire+0x7d/0x100
[  354.935811][T15374]  should_fail_ex+0x414/0x560
[  354.935844][T15374]  should_failslab+0xa8/0x100
[  354.935877][T15374]  __kmalloc_noprof+0xcb/0x4f0
[  354.935902][T15374]  ? __kasan_kmalloc+0x93/0xb0
[  354.935926][T15374]  ? ovs_nla_copy_actions+0x68/0x3d0
[  354.935955][T15374]  ovs_nla_copy_actions+0x68/0x3d0
[  354.935977][T15374]  ? __asan_memcpy+0x40/0x70
[  354.936007][T15374]  ovs_flow_cmd_new+0x528/0xd80
[  354.936035][T15374]  ? stack_depot_save_flags+0x40/0x860
[  354.936072][T15374]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  354.936168][T15374]  ? __nla_parse+0x40/0x60
[  354.936204][T15374]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  354.936238][T15374]  genl_family_rcv_msg_doit+0x215/0x300
[  354.936284][T15374]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  354.936332][T15374]  ? bpf_lsm_capable+0x9/0x20
[  354.936358][T15374]  ? security_capable+0x7e/0x2e0
[  354.936393][T15374]  genl_rcv_msg+0x60e/0x790
[  354.936425][T15374]  ? __pfx_genl_rcv_msg+0x10/0x10
[  354.936448][T15374]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  354.936493][T15374]  netlink_rcv_skb+0x205/0x470
[  354.936522][T15374]  ? __lock_acquire+0xab9/0xd20
[  354.936551][T15374]  ? __pfx_genl_rcv_msg+0x10/0x10
[  354.936587][T15374]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  354.936636][T15374]  ? down_read+0x1ad/0x2e0
[  354.936658][T15374]  genl_rcv+0x28/0x40
[  354.936678][T15374]  netlink_unicast+0x82c/0x9e0
[  354.936712][T15374]  ? __pfx_netlink_unicast+0x10/0x10
[  354.936741][T15374]  ? netlink_sendmsg+0x642/0xb30
[  354.936757][T15374]  ? skb_put+0x11b/0x210
[  354.936780][T15374]  netlink_sendmsg+0x805/0xb30
[  354.936807][T15374]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.936828][T15374]  ? aa_sock_msg_perm+0xf1/0x1d0
[  354.936847][T15374]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  354.936867][T15374]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.936885][T15374]  __sock_sendmsg+0x21c/0x270
[  354.936913][T15374]  ____sys_sendmsg+0x505/0x830
[  354.936940][T15374]  ? __pfx_____sys_sendmsg+0x10/0x10
[  354.936971][T15374]  ? import_iovec+0x74/0xa0
[  354.936996][T15374]  ___sys_sendmsg+0x21f/0x2a0
[  354.937020][T15374]  ? __pfx____sys_sendmsg+0x10/0x10
[  354.937078][T15374]  ? __fget_files+0x2a/0x420
[  354.937094][T15374]  ? __fget_files+0x3a0/0x420
[  354.937122][T15374]  __x64_sys_sendmsg+0x19b/0x260
[  354.937145][T15374]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  354.937177][T15374]  ? __pfx_ksys_write+0x10/0x10
[  354.937198][T15374]  ? rcu_is_watching+0x15/0xb0
[  354.937227][T15374]  ? do_syscall_64+0xbe/0x3b0
[  354.937249][T15374]  do_syscall_64+0xfa/0x3b0
[  354.937265][T15374]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.937291][T15374]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.937317][T15374]  ? clear_bhb_loop+0x60/0xb0
[  354.937340][T15374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.937358][T15374] RIP: 0033:0x7ff2b6d8eba9
[  354.937374][T15374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.937390][T15374] RSP: 002b:00007ff2b7cf9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  354.937410][T15374] RAX: ffffffffffffffda RBX: 00007ff2b6fd5fa0 RCX: 00007ff2b6d8eba9
[  354.937423][T15374] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  354.937434][T15374] RBP: 00007ff2b7cf9090 R08: 0000000000000000 R09: 0000000000000000
[  354.937445][T15374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  354.937455][T15374] R13: 00007ff2b6fd6038 R14: 00007ff2b6fd5fa0 R15: 00007ffc609005d8
[  354.937485][T15374]  </TASK>
[  354.957204][T15375] netlink: 176 bytes leftover after parsing attributes in process `syz.4.2935'.
[  354.994535][T15374] net_ratelimit: 32 callbacks suppressed
[  354.994555][T15374] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  355.009023][T15370] lo speed is unknown, defaulting to 1000
[  355.049201][T14945] batman_adv: batadv0: Interface activated: batadv_slave_0
[  355.411396][T14945] batman_adv: batadv0: Interface activated: batadv_slave_1
[  355.431717][T15382] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2937'.
[  355.455086][ T6435] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  355.470505][ T6435] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  355.501989][T15384] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2938'.
[  355.549360][ T6435] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  355.563877][ T6435] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  355.766000][ T6435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  355.795059][ T6435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  355.853000][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  355.872176][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  355.961598][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2944'.
[  356.011996][T15404] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2944'.
[  356.093272][T15406] netlink: 'syz.1.2795': attribute type 75 has an invalid length.
[  356.264597][T15414] netlink: 'syz.4.2948': attribute type 33 has an invalid length.
[  356.286230][T15414] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2948'.
[  356.306458][T15416] openvswitch: netlink: Duplicate or invalid key (type 0).
[  356.328931][T15416] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  356.570541][T15425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2952'.
[  356.624959][T15426] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2952'.
[  356.855510][T15430] netlink: 'syz.1.2954': attribute type 2 has an invalid length.
[  356.865762][T15434] netlink: 'syz.0.2955': attribute type 3 has an invalid length.
[  356.884257][ T5878] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  356.938786][ T5878] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  356.946733][ T5878] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  356.954950][ T5878] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  356.963455][ T5878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  356.985522][T15438] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  357.243366][T15433] C speed is unknown, defaulting to 1000
[  357.478011][T15433] lo speed is unknown, defaulting to 1000
[  357.731077][T15468] tipc: MTU too low for tipc bearer
[  357.826536][T15480] netlink: 'syz.0.2968': attribute type 2 has an invalid length.
[  357.858414][T15479] netlink: 'syz.0.2968': attribute type 2 has an invalid length.
[  357.869847][T15478] sctp: [Deprecated]: syz.1.2970 (pid 15478) Use of struct sctp_assoc_value in delayed_ack socket option.
[  357.869847][T15478] Use struct sctp_sack_info instead
[  358.397089][T15505] openvswitch: netlink: Key type 10512 is out of range max 32
[  358.979150][T15543] mac80211_hwsim hwsim55 wlan1: entered promiscuous mode
[  359.018090][T15543] mac80211_hwsim hwsim55 wlan1: entered allmulticast mode
[  359.048297][ T5186] Bluetooth: hci4: command tx timeout
[  359.104043][T15543] netlink: 'syz.1.2992': attribute type 10 has an invalid length.
[  359.163577][T15543] mac80211_hwsim hwsim55 wlan1: left promiscuous mode
[  359.203439][T15543] mac80211_hwsim hwsim55 wlan1: left allmulticast mode
[  359.204234][T15564] netlink: 'syz.0.2997': attribute type 1 has an invalid length.
[  359.240095][T15567] netlink: 'syz.3.2998': attribute type 1 has an invalid length.
[  359.251643][T15564] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  359.252861][T15543] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  359.305725][T15554] bridge_slave_0: left allmulticast mode
[  359.318801][T15554] bridge_slave_0: left promiscuous mode
[  359.324619][T15554] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.342772][T15554] bridge_slave_1: left allmulticast mode
[  359.349586][T15554] bridge_slave_1: left promiscuous mode
[  359.355535][T15554] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.376441][T15554] bond0: (slave bond_slave_0): Releasing backup interface
[  359.392559][T15554] bond0: (slave bond_slave_1): Releasing backup interface
[  359.415539][T15554] team0: Port device team_slave_0 removed
[  359.432832][T15554] team0: Port device team_slave_1 removed
[  359.439582][T15554] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  359.447660][T15554] batman_adv: batadv0: Removing interface: batadv_slave_0
[  359.457066][T15554] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  359.464495][T15554] batman_adv: batadv0: Removing interface: batadv_slave_1
[  359.483752][T15554] bond0: (slave wlan1): Releasing backup interface
[  359.814738][T15433] chnl_net:caif_netlink_parms(): no params data found
[  359.872671][T15589] __nla_validate_parse: 17 callbacks suppressed
[  359.872691][T15589] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3006'.
[  360.043217][T15602] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3009'.
[  360.067311][T15602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3009'.
[  360.091500][T15606] FAULT_INJECTION: forcing a failure.
[  360.091500][T15606] name failslab, interval 1, probability 0, space 0, times 0
[  360.126735][T15606] CPU: 0 UID: 0 PID: 15606 Comm: syz.1.3010 Not tainted syzkaller #0 PREEMPT(full) 
[  360.126761][T15606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  360.126772][T15606] Call Trace:
[  360.126780][T15606]  <TASK>
[  360.126787][T15606]  dump_stack_lvl+0x189/0x250
[  360.126815][T15606]  ? __pfx____ratelimit+0x10/0x10
[  360.126844][T15606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.126865][T15606]  ? __pfx__printk+0x10/0x10
[  360.126895][T15606]  ? __pfx___might_resched+0x10/0x10
[  360.126912][T15606]  ? fs_reclaim_acquire+0x7d/0x100
[  360.126962][T15606]  should_fail_ex+0x414/0x560
[  360.127002][T15606]  should_failslab+0xa8/0x100
[  360.127033][T15606]  __kmalloc_cache_noprof+0x70/0x3d0
[  360.127059][T15606]  ? nfnetlink_rcv+0xeff/0x2520
[  360.127091][T15606]  nfnetlink_rcv+0xeff/0x2520
[  360.127153][T15606]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  360.127198][T15606]  ? ref_tracker_free+0x63a/0x7d0
[  360.127255][T15606]  ? __netlink_deliver_tap+0x807/0x850
[  360.127282][T15606]  ? netlink_deliver_tap+0x2e/0x1b0
[  360.127323][T15606]  netlink_unicast+0x82c/0x9e0
[  360.127359][T15606]  ? __pfx_netlink_unicast+0x10/0x10
[  360.127386][T15606]  ? netlink_sendmsg+0x642/0xb30
[  360.127402][T15606]  ? skb_put+0x11b/0x210
[  360.127426][T15606]  netlink_sendmsg+0x805/0xb30
[  360.127453][T15606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.127475][T15606]  ? aa_sock_msg_perm+0xf1/0x1d0
[  360.127496][T15606]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  360.127518][T15606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.127537][T15606]  __sock_sendmsg+0x21c/0x270
[  360.127568][T15606]  ____sys_sendmsg+0x505/0x830
[  360.127605][T15606]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.127637][T15606]  ? import_iovec+0x74/0xa0
[  360.127665][T15606]  ___sys_sendmsg+0x21f/0x2a0
[  360.127689][T15606]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.127749][T15606]  ? __fget_files+0x2a/0x420
[  360.127766][T15606]  ? __fget_files+0x3a0/0x420
[  360.127794][T15606]  __x64_sys_sendmsg+0x19b/0x260
[  360.127819][T15606]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  360.127853][T15606]  ? __pfx_ksys_write+0x10/0x10
[  360.127876][T15606]  ? rcu_is_watching+0x15/0xb0
[  360.127902][T15606]  ? do_syscall_64+0xbe/0x3b0
[  360.127925][T15606]  do_syscall_64+0xfa/0x3b0
[  360.127941][T15606]  ? lockdep_hardirqs_on+0x9c/0x150
[  360.127981][T15606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.127999][T15606]  ? clear_bhb_loop+0x60/0xb0
[  360.128021][T15606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.128039][T15606] RIP: 0033:0x7fae5298eba9
[  360.128056][T15606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.128071][T15606] RSP: 002b:00007fae538f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.128091][T15606] RAX: ffffffffffffffda RBX: 00007fae52bd5fa0 RCX: 00007fae5298eba9
[  360.128104][T15606] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  360.128116][T15606] RBP: 00007fae538f4090 R08: 0000000000000000 R09: 0000000000000000
[  360.128127][T15606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.128138][T15606] R13: 00007fae52bd6038 R14: 00007fae52bd5fa0 R15: 00007ffd719a6788
[  360.128169][T15606]  </TASK>
[  360.473409][T15598] vlan5: entered promiscuous mode
[  360.482008][T15598] bridge0: entered promiscuous mode
[  360.495138][T15433] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.505152][T15433] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.506342][T15610] openvswitch: netlink: Duplicate or invalid key (type 0).
[  360.513376][T15433] bridge_slave_0: entered allmulticast mode
[  360.523389][T15610] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  360.536166][T15610] FAULT_INJECTION: forcing a failure.
[  360.536166][T15610] name failslab, interval 1, probability 0, space 0, times 0
[  360.549311][T15433] bridge_slave_0: entered promiscuous mode
[  360.562579][T15610] CPU: 0 UID: 0 PID: 15610 Comm: syz.3.3012 Not tainted syzkaller #0 PREEMPT(full) 
[  360.562603][T15610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  360.562615][T15610] Call Trace:
[  360.562623][T15610]  <TASK>
[  360.562631][T15610]  dump_stack_lvl+0x189/0x250
[  360.562658][T15610]  ? __pfx____ratelimit+0x10/0x10
[  360.562687][T15610]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.562709][T15610]  ? __pfx__printk+0x10/0x10
[  360.562741][T15610]  ? __pfx___might_resched+0x10/0x10
[  360.562759][T15610]  ? fs_reclaim_acquire+0x7d/0x100
[  360.562792][T15610]  should_fail_ex+0x414/0x560
[  360.562823][T15610]  should_failslab+0xa8/0x100
[  360.562852][T15610]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  360.562878][T15610]  ? __alloc_skb+0x112/0x2d0
[  360.562901][T15610]  __alloc_skb+0x112/0x2d0
[  360.562923][T15610]  netlink_ack+0x146/0xa50
[  360.562949][T15610]  ? __pfx_genl_rcv_msg+0x10/0x10
[  360.562989][T15610]  netlink_rcv_skb+0x28c/0x470
[  360.563015][T15610]  ? __lock_acquire+0xab9/0xd20
[  360.563060][T15610]  ? __pfx_genl_rcv_msg+0x10/0x10
[  360.563085][T15610]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  360.563149][T15610]  ? down_read+0x1ad/0x2e0
[  360.563171][T15610]  genl_rcv+0x28/0x40
[  360.563191][T15610]  netlink_unicast+0x82c/0x9e0
[  360.563225][T15610]  ? __pfx_netlink_unicast+0x10/0x10
[  360.563253][T15610]  ? netlink_sendmsg+0x642/0xb30
[  360.563268][T15610]  ? skb_put+0x11b/0x210
[  360.563290][T15610]  netlink_sendmsg+0x805/0xb30
[  360.563317][T15610]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.563339][T15610]  ? aa_sock_msg_perm+0xf1/0x1d0
[  360.563359][T15610]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  360.563379][T15610]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.563398][T15610]  __sock_sendmsg+0x21c/0x270
[  360.563427][T15610]  ____sys_sendmsg+0x505/0x830
[  360.563455][T15610]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.563485][T15610]  ? import_iovec+0x74/0xa0
[  360.563511][T15610]  ___sys_sendmsg+0x21f/0x2a0
[  360.563535][T15610]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.563606][T15610]  ? __fget_files+0x2a/0x420
[  360.563639][T15610]  ? __fget_files+0x3a0/0x420
[  360.563669][T15610]  __x64_sys_sendmsg+0x19b/0x260
[  360.563694][T15610]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  360.563728][T15610]  ? __pfx_ksys_write+0x10/0x10
[  360.563752][T15610]  ? rcu_is_watching+0x15/0xb0
[  360.563779][T15610]  ? do_syscall_64+0xbe/0x3b0
[  360.563802][T15610]  do_syscall_64+0xfa/0x3b0
[  360.563819][T15610]  ? lockdep_hardirqs_on+0x9c/0x150
[  360.563847][T15610]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.563867][T15610]  ? clear_bhb_loop+0x60/0xb0
[  360.563891][T15610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.563910][T15610] RIP: 0033:0x7f97ce38eba9
[  360.563928][T15610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.563945][T15610] RSP: 002b:00007f97cf26d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.563966][T15610] RAX: ffffffffffffffda RBX: 00007f97ce5d5fa0 RCX: 00007f97ce38eba9
[  360.563980][T15610] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  360.563993][T15610] RBP: 00007f97cf26d090 R08: 0000000000000000 R09: 0000000000000000
[  360.564005][T15610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  360.564017][T15610] R13: 00007f97ce5d6038 R14: 00007f97ce5d5fa0 R15: 00007ffe6fd52768
[  360.564050][T15610]  </TASK>
[  360.896228][T15433] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.903514][T15433] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.910826][T15433] bridge_slave_1: entered allmulticast mode
[  360.918892][T15433] bridge_slave_1: entered promiscuous mode
[  360.999505][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3014'.
[  361.022626][T15616] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3015'.
[  361.025608][T15433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  361.044863][T15433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.129694][ T5186] Bluetooth: hci4: command tx timeout
[  361.138016][T15433] team0: Port device team_slave_0 added
[  361.146641][T15433] team0: Port device team_slave_1 added
[  361.191633][T15433] batman_adv: batadv0: Adding interface: batadv_slave_0
[  361.198825][T15433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  361.225392][T15433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  361.240054][T15433] batman_adv: batadv0: Adding interface: batadv_slave_1
[  361.257471][T15433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  361.284845][T15433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  361.440796][T15433] hsr_slave_0: entered promiscuous mode
[  361.451650][T15433] hsr_slave_1: entered promiscuous mode
[  361.469442][T15433] debugfs: 'hsr0' already exists in 'hsr'
[  361.487349][T15433] Cannot create hsr debugfs directory
[  361.569938][T15641] netlink: 'syz.4.3021': attribute type 2 has an invalid length.
[  361.607797][T15645] FAULT_INJECTION: forcing a failure.
[  361.607797][T15645] name failslab, interval 1, probability 0, space 0, times 0
[  361.628190][T15645] CPU: 1 UID: 0 PID: 15645 Comm: syz.1.3022 Not tainted syzkaller #0 PREEMPT(full) 
[  361.628217][T15645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  361.628228][T15645] Call Trace:
[  361.628234][T15645]  <TASK>
[  361.628244][T15645]  dump_stack_lvl+0x189/0x250
[  361.628269][T15645]  ? __pfx____ratelimit+0x10/0x10
[  361.628296][T15645]  ? __pfx_dump_stack_lvl+0x10/0x10
[  361.628316][T15645]  ? __pfx__printk+0x10/0x10
[  361.628345][T15645]  ? __pfx___might_resched+0x10/0x10
[  361.628360][T15645]  ? fs_reclaim_acquire+0x7d/0x100
[  361.628390][T15645]  should_fail_ex+0x414/0x560
[  361.628418][T15645]  should_failslab+0xa8/0x100
[  361.628444][T15645]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  361.628467][T15645]  ? __pfx_nf_tables_abort+0x10/0x10
[  361.628485][T15645]  ? __alloc_skb+0x112/0x2d0
[  361.628506][T15645]  __alloc_skb+0x112/0x2d0
[  361.628526][T15645]  netlink_ack+0x146/0xa50
[  361.628555][T15645]  ? __kasan_kmalloc+0x93/0xb0
[  361.628587][T15645]  nfnetlink_rcv+0x2290/0x2520
[  361.628640][T15645]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  361.628679][T15645]  ? ref_tracker_free+0x63a/0x7d0
[  361.628730][T15645]  ? __netlink_deliver_tap+0x807/0x850
[  361.628763][T15645]  ? netlink_deliver_tap+0x2e/0x1b0
[  361.628806][T15645]  netlink_unicast+0x82c/0x9e0
[  361.628838][T15645]  ? __pfx_netlink_unicast+0x10/0x10
[  361.628864][T15645]  ? netlink_sendmsg+0x642/0xb30
[  361.628879][T15645]  ? skb_put+0x11b/0x210
[  361.628900][T15645]  netlink_sendmsg+0x805/0xb30
[  361.628925][T15645]  ? __pfx_netlink_sendmsg+0x10/0x10
[  361.628944][T15645]  ? aa_sock_msg_perm+0xf1/0x1d0
[  361.628963][T15645]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  361.628981][T15645]  ? __pfx_netlink_sendmsg+0x10/0x10
[  361.628998][T15645]  __sock_sendmsg+0x21c/0x270
[  361.629024][T15645]  ____sys_sendmsg+0x505/0x830
[  361.629050][T15645]  ? __pfx_____sys_sendmsg+0x10/0x10
[  361.629077][T15645]  ? import_iovec+0x74/0xa0
[  361.629101][T15645]  ___sys_sendmsg+0x21f/0x2a0
[  361.629123][T15645]  ? __pfx____sys_sendmsg+0x10/0x10
[  361.629175][T15645]  ? __fget_files+0x2a/0x420
[  361.629190][T15645]  ? __fget_files+0x3a0/0x420
[  361.629215][T15645]  __x64_sys_sendmsg+0x19b/0x260
[  361.629237][T15645]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  361.629266][T15645]  ? __pfx_ksys_write+0x10/0x10
[  361.629287][T15645]  ? rcu_is_watching+0x15/0xb0
[  361.629310][T15645]  ? do_syscall_64+0xbe/0x3b0
[  361.629330][T15645]  do_syscall_64+0xfa/0x3b0
[  361.629345][T15645]  ? lockdep_hardirqs_on+0x9c/0x150
[  361.629370][T15645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.629388][T15645]  ? clear_bhb_loop+0x60/0xb0
[  361.629408][T15645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.629425][T15645] RIP: 0033:0x7fae5298eba9
[  361.629442][T15645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.629457][T15645] RSP: 002b:00007fae538f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  361.629476][T15645] RAX: ffffffffffffffda RBX: 00007fae52bd5fa0 RCX: 00007fae5298eba9
[  361.629489][T15645] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  361.629517][T15645] RBP: 00007fae538f4090 R08: 0000000000000000 R09: 0000000000000000
[  361.629528][T15645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  361.629540][T15645] R13: 00007fae52bd6038 R14: 00007fae52bd5fa0 R15: 00007ffd719a6788
[  361.629570][T15645]  </TASK>
[  362.041558][T15654] openvswitch: netlink: Duplicate or invalid key (type 0).
[  362.051293][T15654] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  362.060667][T15654] FAULT_INJECTION: forcing a failure.
[  362.060667][T15654] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.078415][T15654] CPU: 1 UID: 0 PID: 15654 Comm: syz.3.3024 Not tainted syzkaller #0 PREEMPT(full) 
[  362.078443][T15654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  362.078456][T15654] Call Trace:
[  362.078464][T15654]  <TASK>
[  362.078473][T15654]  dump_stack_lvl+0x189/0x250
[  362.078502][T15654]  ? __pfx____ratelimit+0x10/0x10
[  362.078533][T15654]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.078557][T15654]  ? __pfx__printk+0x10/0x10
[  362.078585][T15654]  ? __might_fault+0xb0/0x130
[  362.078626][T15654]  should_fail_ex+0x414/0x560
[  362.078659][T15654]  _copy_from_user+0x2d/0xb0
[  362.078691][T15654]  kstrtouint_from_user+0xc4/0x170
[  362.078726][T15654]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  362.078777][T15654]  proc_fail_nth_write+0x88/0x200
[  362.078800][T15654]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  362.078830][T15654]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  362.078854][T15654]  vfs_write+0x27b/0xb30
[  362.078892][T15654]  ? __pfx_vfs_write+0x10/0x10
[  362.078920][T15654]  ? __fget_files+0x2a/0x420
[  362.078942][T15654]  ? __fget_files+0x3a0/0x420
[  362.078957][T15654]  ? __fget_files+0x2a/0x420
[  362.078995][T15654]  ksys_write+0x145/0x250
[  362.079023][T15654]  ? __pfx_ksys_write+0x10/0x10
[  362.079045][T15654]  ? rcu_is_watching+0x15/0xb0
[  362.079070][T15654]  ? do_syscall_64+0xbe/0x3b0
[  362.079092][T15654]  do_syscall_64+0xfa/0x3b0
[  362.079108][T15654]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.079135][T15654]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.079154][T15654]  ? clear_bhb_loop+0x60/0xb0
[  362.079177][T15654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.079195][T15654] RIP: 0033:0x7f97ce38d65f
[  362.079212][T15654] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  362.079228][T15654] RSP: 002b:00007f97cf26d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  362.079248][T15654] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f97ce38d65f
[  362.079260][T15654] RDX: 0000000000000001 RSI: 00007f97cf26d0a0 RDI: 0000000000000004
[  362.079272][T15654] RBP: 00007f97cf26d090 R08: 0000000000000000 R09: 0000000000000000
[  362.079283][T15654] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  362.079294][T15654] R13: 00007f97ce5d6038 R14: 00007f97ce5d5fa0 R15: 00007ffe6fd52768
[  362.079325][T15654]  </TASK>
[  362.396371][T15665] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3027'.
[  362.401256][T15433] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.491020][T15671] openvswitch: netlink: Duplicate or invalid key (type 0).
[  362.500285][T15666] batman_adv: batadv0: Adding interface: wlan1
[  362.504025][T15671] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  362.513187][T15666] batman_adv: batadv0: The MTU of interface wlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.565566][T15666] batman_adv: batadv0: Not using interface wlan1 (retrying later): interface not active
[  362.649782][T15680] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3033'.
[  362.665394][T15433] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.763371][T15687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3034'.
[  362.823568][T15689] openvswitch: netlink: Message has -1 unknown bytes.
[  362.832778][T15433] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.848244][T15689] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3035'.
[  362.877313][T15689] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3035'.
[  362.960097][T15692] FAULT_INJECTION: forcing a failure.
[  362.960097][T15692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.982581][T15433] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.982675][T15692] CPU: 0 UID: 0 PID: 15692 Comm: syz.4.3036 Not tainted syzkaller #0 PREEMPT(full) 
[  362.982702][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  362.982716][T15692] Call Trace:
[  362.982725][T15692]  <TASK>
[  362.982736][T15692]  dump_stack_lvl+0x189/0x250
[  362.982770][T15692]  ? __pfx____ratelimit+0x10/0x10
[  362.982803][T15692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.982832][T15692]  ? __pfx__printk+0x10/0x10
[  362.982877][T15692]  should_fail_ex+0x414/0x560
[  362.982914][T15692]  _copy_to_user+0x31/0xb0
[  362.982942][T15692]  simple_read_from_buffer+0xe1/0x170
[  362.982981][T15692]  proc_fail_nth_read+0x1b3/0x220
[  362.983011][T15692]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  362.983039][T15692]  ? rw_verify_area+0x2a6/0x4d0
[  362.983066][T15692]  ? __lock_acquire+0xab9/0xd20
[  362.983097][T15692]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  362.983124][T15692]  vfs_read+0x200/0xa30
[  362.983151][T15692]  ? fdget_pos+0x247/0x320
[  362.983176][T15692]  ? __pfx___mutex_lock+0x10/0x10
[  362.983198][T15692]  ? __pfx_vfs_read+0x10/0x10
[  362.983229][T15692]  ? __fget_files+0x2a/0x420
[  362.983254][T15692]  ? __fget_files+0x3a0/0x420
[  362.983272][T15692]  ? __fget_files+0x2a/0x420
[  362.983302][T15692]  ksys_read+0x145/0x250
[  362.983332][T15692]  ? __pfx_ksys_read+0x10/0x10
[  362.983358][T15692]  ? rcu_is_watching+0x15/0xb0
[  362.983387][T15692]  ? do_syscall_64+0xbe/0x3b0
[  362.983412][T15692]  do_syscall_64+0xfa/0x3b0
[  362.983431][T15692]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.983463][T15692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.983494][T15692]  ? clear_bhb_loop+0x60/0xb0
[  362.983522][T15692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.983542][T15692] RIP: 0033:0x7f97ee78d5bc
[  362.983564][T15692] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  362.983583][T15692] RSP: 002b:00007f97ef5eb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  362.983608][T15692] RAX: ffffffffffffffda RBX: 00007f97ee9d5fa0 RCX: 00007f97ee78d5bc
[  362.983624][T15692] RDX: 000000000000000f RSI: 00007f97ef5eb0a0 RDI: 0000000000000004
[  362.983645][T15692] RBP: 00007f97ef5eb090 R08: 0000000000000000 R09: 0000000000000000
[  362.983658][T15692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  362.983672][T15692] R13: 00007f97ee9d6038 R14: 00007f97ee9d5fa0 R15: 00007ffce25d1cc8
[  362.983709][T15692]  </TASK>
[  363.252225][ T5186] Bluetooth: hci4: command tx timeout
[  363.413853][T15433] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  363.445956][T15433] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  363.507767][T15433] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  363.575838][T15433] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  363.935569][T15433] 8021q: adding VLAN 0 to HW filter on device bond0
[  363.984744][T15433] 8021q: adding VLAN 0 to HW filter on device team0
[  364.013019][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.020256][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  364.066588][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.073849][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  364.209643][T15753] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  364.286036][T15758] netlink: 'syz.4.3051': attribute type 7 has an invalid length.
[  364.551605][T15433] 8021q: adding VLAN 0 to HW filter on device batadv0
[  364.641271][T15433] veth0_vlan: entered promiscuous mode
[  364.658707][T15433] veth1_vlan: entered promiscuous mode
[  364.709112][T15433] veth0_macvtap: entered promiscuous mode
[  364.730543][T15433] veth1_macvtap: entered promiscuous mode
[  364.772375][T15433] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.800534][T15433] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.814965][ T3575] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.830321][ T3575] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.852125][ T3575] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.873250][ T3575] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  365.006450][ T6421] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.025496][ T6421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.117213][ T6421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.141850][ T6421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.290928][ T5186] Bluetooth: hci4: command tx timeout
[  365.297623][T15808] netlink: 'syz.1.3064': attribute type 4 has an invalid length.
[  365.360772][T15808] __nla_validate_parse: 6 callbacks suppressed
[  365.360788][T15808] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3064'.
[  365.519448][T15812] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2946'.
[  365.558156][T15812] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2946'.
[  365.608698][T15818] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3067'.
[  365.635004][T15819] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3067'.
[  366.058816][T15831] Bluetooth: hci0: Opcode 0x080f failed: -4
[  366.246091][T15842] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3074'.
[  366.350790][T15842] can: request_module (can-proto-0) failed.
[  366.378372][ T5878] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  366.388307][ T5878] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  366.396503][ T5878] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  366.405151][ T5878] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  366.423010][ T5878] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  366.520190][T15853] netlink: 'syz.2.3075': attribute type 32 has an invalid length.
[  366.556517][T15858] xt_HMARK: spi-set and port-set can't be combined
[  366.559363][T15855] netlink: 'syz.2.3075': attribute type 32 has an invalid length.
[  366.564409][T15853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3075'.
[  366.571914][T15847] C speed is unknown, defaulting to 1000
[  366.605889][T15859] IPVS: set_ctl: invalid protocol: 255 127.0.0.1:20004
[  366.645094][T15847] lo speed is unknown, defaulting to 1000
[  366.669734][T15855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3075'.
[  366.678256][T15853] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  366.704750][T15862] openvswitch: netlink: Key type 278 is out of range max 32
[  366.839616][T15853] bond1 (unregistering): Released all slaves
[  366.989667][T15855] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  367.328754][T15890] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3087'.
[  367.457365][T15898] netlink: 'syz.4.3090': attribute type 10 has an invalid length.
[  367.465308][T15898] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3090'.
[  367.524989][T15908] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  367.848946][T15926] netlink: 'syz.4.3097': attribute type 3 has an invalid length.
[  367.937112][T15926] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  368.007852][ T5186] Bluetooth: hci0: command 0x0405 tx timeout
[  368.022142][T15933] netlink: zone id is out of range
[  368.034747][T15933] netlink: zone id is out of range
[  368.040364][T15847] chnl_net:caif_netlink_parms(): no params data found
[  368.040497][T15933] netlink: zone id is out of range
[  368.052358][T15933] netlink: zone id is out of range
[  368.058317][T15933] netlink: zone id is out of range
[  368.063616][T15933] netlink: zone id is out of range
[  368.068808][T15933] netlink: zone id is out of range
[  368.075163][T15933] netlink: zone id is out of range
[  368.419514][T15847] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.435698][T15847] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.446549][T15847] bridge_slave_0: entered allmulticast mode
[  368.456115][T15847] bridge_slave_0: entered promiscuous mode
[  368.495929][T15847] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.496780][ T5186] Bluetooth: hci3: command tx timeout
[  368.514773][T15847] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.537758][T15847] bridge_slave_1: entered allmulticast mode
[  368.549040][T15847] bridge_slave_1: entered promiscuous mode
[  368.730514][T15847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.750158][T15976] FAULT_INJECTION: forcing a failure.
[  368.750158][T15976] name failslab, interval 1, probability 0, space 0, times 0
[  368.766417][T15847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.780028][T15976] CPU: 1 UID: 0 PID: 15976 Comm: syz.2.3114 Not tainted syzkaller #0 PREEMPT(full) 
[  368.780065][T15976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  368.780080][T15976] Call Trace:
[  368.780087][T15976]  <TASK>
[  368.780095][T15976]  dump_stack_lvl+0x189/0x250
[  368.780122][T15976]  ? __pfx____ratelimit+0x10/0x10
[  368.780149][T15976]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.780170][T15976]  ? __pfx__printk+0x10/0x10
[  368.780199][T15976]  ? __pfx___might_resched+0x10/0x10
[  368.780221][T15976]  should_fail_ex+0x414/0x560
[  368.780249][T15976]  should_failslab+0xa8/0x100
[  368.780276][T15976]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  368.780302][T15976]  ? __alloc_skb+0x112/0x2d0
[  368.780323][T15976]  __alloc_skb+0x112/0x2d0
[  368.780344][T15976]  netlink_sendmsg+0x5c6/0xb30
[  368.780370][T15976]  ? __pfx_netlink_sendmsg+0x10/0x10
[  368.780391][T15976]  ? aa_sock_msg_perm+0xf1/0x1d0
[  368.780410][T15976]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  368.780429][T15976]  ? __pfx_netlink_sendmsg+0x10/0x10
[  368.780446][T15976]  __sock_sendmsg+0x21c/0x270
[  368.780474][T15976]  ____sys_sendmsg+0x505/0x830
[  368.780499][T15976]  ? __pfx_____sys_sendmsg+0x10/0x10
[  368.780527][T15976]  ? import_iovec+0x74/0xa0
[  368.780552][T15976]  ___sys_sendmsg+0x21f/0x2a0
[  368.780574][T15976]  ? __pfx____sys_sendmsg+0x10/0x10
[  368.780628][T15976]  ? __fget_files+0x2a/0x420
[  368.780643][T15976]  ? __fget_files+0x3a0/0x420
[  368.780668][T15976]  __x64_sys_sendmsg+0x19b/0x260
[  368.780690][T15976]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  368.780738][T15976]  ? __pfx_ksys_write+0x10/0x10
[  368.780759][T15976]  ? rcu_is_watching+0x15/0xb0
[  368.780800][T15976]  ? do_syscall_64+0xbe/0x3b0
[  368.780822][T15976]  do_syscall_64+0xfa/0x3b0
[  368.780838][T15976]  ? lockdep_hardirqs_on+0x9c/0x150
[  368.780865][T15976]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.780889][T15976]  ? clear_bhb_loop+0x60/0xb0
[  368.780911][T15976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.780933][T15976] RIP: 0033:0x7f61d618eba9
[  368.780950][T15976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.780979][T15976] RSP: 002b:00007f61d7039038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  368.780998][T15976] RAX: ffffffffffffffda RBX: 00007f61d63d5fa0 RCX: 00007f61d618eba9
[  368.781011][T15976] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  368.781022][T15976] RBP: 00007f61d7039090 R08: 0000000000000000 R09: 0000000000000000
[  368.781033][T15976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.781043][T15976] R13: 00007f61d63d6038 R14: 00007f61d63d5fa0 R15: 00007fffff81bab8
[  368.781072][T15976]  </TASK>
[  369.164190][T15847] team0: Port device team_slave_0 added
[  369.173392][T15847] team0: Port device team_slave_1 added
[  369.238197][T15847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.245264][T15847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.272032][T15847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.284572][T15847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.292780][T15847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.319037][T15847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.428723][T15847] hsr_slave_0: entered promiscuous mode
[  369.436659][T15847] hsr_slave_1: entered promiscuous mode
[  369.443033][T15847] debugfs: 'hsr0' already exists in 'hsr'
[  369.459228][T15847] Cannot create hsr debugfs directory
[  369.496531][T15996] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  369.566464][T15996] syzkaller0: entered promiscuous mode
[  369.572935][T15996] syzkaller0: entered allmulticast mode
[  369.643608][T16016] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614)
[  369.655110][T16016] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[  369.689646][T15996] tipc: Resetting bearer <eth:syzkaller0>
[  369.721198][T15995] tipc: Resetting bearer <eth:syzkaller0>
[  369.755087][T15995] tipc: Disabling bearer <eth:syzkaller0>
[  369.990481][T15847] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  370.074483][T15847] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  370.134240][T15847] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  370.195521][T16047] FAULT_INJECTION: forcing a failure.
[  370.195521][T16047] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.210219][T16047] CPU: 0 UID: 0 PID: 16047 Comm: syz.1.3142 Not tainted syzkaller #0 PREEMPT(full) 
[  370.210246][T16047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.210259][T16047] Call Trace:
[  370.210267][T16047]  <TASK>
[  370.210276][T16047]  dump_stack_lvl+0x189/0x250
[  370.210304][T16047]  ? __pfx____ratelimit+0x10/0x10
[  370.210334][T16047]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.210358][T16047]  ? __pfx__printk+0x10/0x10
[  370.210386][T16047]  ? __might_fault+0xb0/0x130
[  370.210425][T16047]  should_fail_ex+0x414/0x560
[  370.210467][T16047]  _copy_from_iter+0x1de/0x1790
[  370.210494][T16047]  ? rcu_is_watching+0x15/0xb0
[  370.210514][T16047]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  370.210541][T16047]  ? __pfx__copy_from_iter+0x10/0x10
[  370.210562][T16047]  ? __build_skb_around+0x257/0x3e0
[  370.210584][T16047]  ? netlink_sendmsg+0x642/0xb30
[  370.210600][T16047]  ? skb_put+0x11b/0x210
[  370.210622][T16047]  netlink_sendmsg+0x6b2/0xb30
[  370.210668][T16047]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.210690][T16047]  ? aa_sock_msg_perm+0xf1/0x1d0
[  370.210711][T16047]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  370.210733][T16047]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.210752][T16047]  __sock_sendmsg+0x21c/0x270
[  370.210794][T16047]  ____sys_sendmsg+0x505/0x830
[  370.210820][T16047]  ? __pfx_____sys_sendmsg+0x10/0x10
[  370.210850][T16047]  ? import_iovec+0x74/0xa0
[  370.210875][T16047]  ___sys_sendmsg+0x21f/0x2a0
[  370.210898][T16047]  ? __pfx____sys_sendmsg+0x10/0x10
[  370.210955][T16047]  ? __fget_files+0x2a/0x420
[  370.210971][T16047]  ? __fget_files+0x3a0/0x420
[  370.211003][T16047]  __x64_sys_sendmsg+0x19b/0x260
[  370.211027][T16047]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  370.211057][T16047]  ? __pfx_ksys_write+0x10/0x10
[  370.211080][T16047]  ? rcu_is_watching+0x15/0xb0
[  370.211102][T16047]  ? do_syscall_64+0xbe/0x3b0
[  370.211124][T16047]  do_syscall_64+0xfa/0x3b0
[  370.211139][T16047]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.211166][T16047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.211184][T16047]  ? clear_bhb_loop+0x60/0xb0
[  370.211207][T16047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.211228][T16047] RIP: 0033:0x7fae5298eba9
[  370.211245][T16047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.211260][T16047] RSP: 002b:00007fae538f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.211280][T16047] RAX: ffffffffffffffda RBX: 00007fae52bd5fa0 RCX: 00007fae5298eba9
[  370.211293][T16047] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  370.211305][T16047] RBP: 00007fae538f4090 R08: 0000000000000000 R09: 0000000000000000
[  370.211316][T16047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.211344][T16047] R13: 00007fae52bd6038 R14: 00007fae52bd5fa0 R15: 00007ffd719a6788
[  370.211377][T16047]  </TASK>
[  370.506389][T15847] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  370.568661][ T5186] Bluetooth: hci3: command tx timeout
[  370.678869][T15847] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  370.691535][T15847] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  370.707257][T15847] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  370.718221][T15847] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  370.885424][T15847] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.925852][T15847] 8021q: adding VLAN 0 to HW filter on device team0
[  370.955687][ T3575] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.962921][ T3575] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.001139][ T6421] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.008363][ T6421] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.153971][T16081] netlink: 'syz.0.3150': attribute type 29 has an invalid length.
[  371.182935][T16082] netlink: 'syz.0.3150': attribute type 29 has an invalid length.
[  371.194279][T16081] __nla_validate_parse: 13 callbacks suppressed
[  371.194297][T16081] netlink: 500 bytes leftover after parsing attributes in process `syz.0.3150'.
[  371.247027][T16081] unsupported nla_type 58
[  371.286436][T16087] FAULT_INJECTION: forcing a failure.
[  371.286436][T16087] name failslab, interval 1, probability 0, space 0, times 0
[  371.315010][T16087] CPU: 1 UID: 0 PID: 16087 Comm: syz.1.3152 Not tainted syzkaller #0 PREEMPT(full) 
[  371.315039][T16087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  371.315051][T16087] Call Trace:
[  371.315059][T16087]  <TASK>
[  371.315068][T16087]  dump_stack_lvl+0x189/0x250
[  371.315097][T16087]  ? __pfx____ratelimit+0x10/0x10
[  371.315127][T16087]  ? __pfx_dump_stack_lvl+0x10/0x10
[  371.315151][T16087]  ? __pfx__printk+0x10/0x10
[  371.315181][T16087]  ? __lock_acquire+0xab9/0xd20
[  371.315220][T16087]  should_fail_ex+0x414/0x560
[  371.315253][T16087]  should_failslab+0xa8/0x100
[  371.315284][T16087]  kmem_cache_alloc_noprof+0x73/0x3c0
[  371.315311][T16087]  ? skb_clone+0x212/0x3a0
[  371.315340][T16087]  skb_clone+0x212/0x3a0
[  371.315366][T16087]  __netlink_deliver_tap+0x404/0x850
[  371.315411][T16087]  ? netlink_deliver_tap+0x2e/0x1b0
[  371.315444][T16087]  netlink_deliver_tap+0x19c/0x1b0
[  371.315477][T16087]  netlink_unicast+0x7fa/0x9e0
[  371.315515][T16087]  ? __pfx_netlink_unicast+0x10/0x10
[  371.315545][T16087]  ? netlink_sendmsg+0x642/0xb30
[  371.315562][T16087]  ? skb_put+0x11b/0x210
[  371.315586][T16087]  netlink_sendmsg+0x805/0xb30
[  371.315615][T16087]  ? __pfx_netlink_sendmsg+0x10/0x10
[  371.315637][T16087]  ? aa_sock_msg_perm+0xf1/0x1d0
[  371.315657][T16087]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  371.315679][T16087]  ? __pfx_netlink_sendmsg+0x10/0x10
[  371.315699][T16087]  __sock_sendmsg+0x21c/0x270
[  371.315731][T16087]  ____sys_sendmsg+0x505/0x830
[  371.315770][T16087]  ? __pfx_____sys_sendmsg+0x10/0x10
[  371.315801][T16087]  ? import_iovec+0x74/0xa0
[  371.315826][T16087]  ___sys_sendmsg+0x21f/0x2a0
[  371.315851][T16087]  ? __pfx____sys_sendmsg+0x10/0x10
[  371.315915][T16087]  ? __fget_files+0x2a/0x420
[  371.315932][T16087]  ? __fget_files+0x3a0/0x420
[  371.315960][T16087]  __x64_sys_sendmsg+0x19b/0x260
[  371.315984][T16087]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  371.316016][T16087]  ? __pfx_ksys_write+0x10/0x10
[  371.316038][T16087]  ? rcu_is_watching+0x15/0xb0
[  371.316063][T16087]  ? do_syscall_64+0xbe/0x3b0
[  371.316085][T16087]  do_syscall_64+0xfa/0x3b0
[  371.316101][T16087]  ? lockdep_hardirqs_on+0x9c/0x150
[  371.316128][T16087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.316146][T16087]  ? clear_bhb_loop+0x60/0xb0
[  371.316169][T16087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.316187][T16087] RIP: 0033:0x7fae5298eba9
[  371.316203][T16087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.316219][T16087] RSP: 002b:00007fae538f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  371.316239][T16087] RAX: ffffffffffffffda RBX: 00007fae52bd5fa0 RCX: 00007fae5298eba9
[  371.316253][T16087] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  371.316265][T16087] RBP: 00007fae538f4090 R08: 0000000000000000 R09: 0000000000000000
[  371.316276][T16087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  371.316287][T16087] R13: 00007fae52bd6038 R14: 00007fae52bd5fa0 R15: 00007ffd719a6788
[  371.316318][T16087]  </TASK>
[  371.669301][T15847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.723029][T15847] veth0_vlan: entered promiscuous mode
[  371.740430][T16097] net_ratelimit: 40 callbacks suppressed
[  371.740467][T16097] openvswitch: netlink: Duplicate or invalid key (type 0).
[  371.753633][T16097] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  371.767626][T15847] veth1_vlan: entered promiscuous mode
[  371.823975][T15847] veth0_macvtap: entered promiscuous mode
[  371.836334][T15847] veth1_macvtap: entered promiscuous mode
[  371.860085][T15847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  371.871282][T15847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  371.893640][ T3575] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.925265][ T3575] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.944505][ T3575] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.996560][ T3575] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.126460][T16113] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  372.408680][T16122] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3161'.
[  372.484881][ T6435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.509166][ T6435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.569746][T16130] FAULT_INJECTION: forcing a failure.
[  372.569746][T16130] name failslab, interval 1, probability 0, space 0, times 0
[  372.581867][ T6435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.587217][T16130] CPU: 1 UID: 0 PID: 16130 Comm: syz.4.3164 Not tainted syzkaller #0 PREEMPT(full) 
[  372.587253][T16130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  372.587267][T16130] Call Trace:
[  372.587277][T16130]  <TASK>
[  372.587287][T16130]  dump_stack_lvl+0x189/0x250
[  372.587321][T16130]  ? __pfx____ratelimit+0x10/0x10
[  372.587356][T16130]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.587384][T16130]  ? __pfx__printk+0x10/0x10
[  372.587419][T16130]  ? __pfx___might_resched+0x10/0x10
[  372.587443][T16130]  ? fs_reclaim_acquire+0x7d/0x100
[  372.587483][T16130]  should_fail_ex+0x414/0x560
[  372.587530][T16130]  should_failslab+0xa8/0x100
[  372.587575][T16130]  __kmalloc_noprof+0xcb/0x4f0
[  372.587607][T16130]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  372.587645][T16130]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  372.587683][T16130]  genl_family_rcv_msg_doit+0xb8/0x300
[  372.587722][T16130]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  372.587760][T16130]  ? apparmor_capable+0x137/0x1b0
[  372.587789][T16130]  ? bpf_lsm_capable+0x9/0x20
[  372.587820][T16130]  ? security_capable+0x7e/0x2e0
[  372.587864][T16130]  genl_rcv_msg+0x60e/0x790
[  372.587899][T16130]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.587925][T16130]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  372.587963][T16130]  ? __asan_memcpy+0x40/0x70
[  372.587987][T16130]  ? __pfx_ref_tracker_free+0x10/0x10
[  372.588031][T16130]  netlink_rcv_skb+0x205/0x470
[  372.588065][T16130]  ? __lock_acquire+0xab9/0xd20
[  372.588100][T16130]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.588145][T16130]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  372.588199][T16130]  ? down_read+0x1ad/0x2e0
[  372.588225][T16130]  genl_rcv+0x28/0x40
[  372.588248][T16130]  netlink_unicast+0x82c/0x9e0
[  372.588289][T16130]  ? __pfx_netlink_unicast+0x10/0x10
[  372.588320][T16130]  ? netlink_sendmsg+0x642/0xb30
[  372.588339][T16130]  ? skb_put+0x11b/0x210
[  372.588363][T16130]  netlink_sendmsg+0x805/0xb30
[  372.588395][T16130]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.588438][T16130]  ? aa_sock_msg_perm+0xf1/0x1d0
[  372.588463][T16130]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  372.588486][T16130]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.588515][T16130]  __sock_sendmsg+0x21c/0x270
[  372.588553][T16130]  ____sys_sendmsg+0x505/0x830
[  372.588585][T16130]  ? __pfx_____sys_sendmsg+0x10/0x10
[  372.588623][T16130]  ? import_iovec+0x74/0xa0
[  372.588655][T16130]  ___sys_sendmsg+0x21f/0x2a0
[  372.588684][T16130]  ? __pfx____sys_sendmsg+0x10/0x10
[  372.588763][T16130]  ? __fget_files+0x2a/0x420
[  372.588782][T16130]  ? __fget_files+0x3a0/0x420
[  372.588816][T16130]  __x64_sys_sendmsg+0x19b/0x260
[  372.588845][T16130]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  372.588885][T16130]  ? __pfx_ksys_write+0x10/0x10
[  372.588913][T16130]  ? rcu_is_watching+0x15/0xb0
[  372.588943][T16130]  ? do_syscall_64+0xbe/0x3b0
[  372.588970][T16130]  do_syscall_64+0xfa/0x3b0
[  372.588989][T16130]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.589023][T16130]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.589044][T16130]  ? clear_bhb_loop+0x60/0xb0
[  372.589073][T16130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.589096][T16130] RIP: 0033:0x7f97ee78eba9
[  372.589116][T16130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.589135][T16130] RSP: 002b:00007f97ef5eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  372.589160][T16130] RAX: ffffffffffffffda RBX: 00007f97ee9d5fa0 RCX: 00007f97ee78eba9
[  372.589177][T16130] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  372.589193][T16130] RBP: 00007f97ef5eb090 R08: 0000000000000000 R09: 0000000000000000
[  372.589206][T16130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.589220][T16130] R13: 00007f97ee9d6038 R14: 00007f97ee9d5fa0 R15: 00007ffce25d1cc8
[  372.589258][T16130]  </TASK>
[  372.712616][T16131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3163'.
[  372.718476][ T6435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.724492][ T5186] Bluetooth: hci3: command tx timeout
[  373.586162][T16145] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3170'.
[  373.671276][T16145] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  373.706501][T16155] netlink: 'syz.0.3173': attribute type 1 has an invalid length.
[  373.718637][T16156] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3170'.
[  373.730872][T16155] netlink: 'syz.0.3173': attribute type 1 has an invalid length.
[  373.828431][T16161] FAULT_INJECTION: forcing a failure.
[  373.828431][T16161] name failslab, interval 1, probability 0, space 0, times 0
[  373.853021][T16161] CPU: 0 UID: 0 PID: 16161 Comm: syz.1.3174 Not tainted syzkaller #0 PREEMPT(full) 
[  373.853043][T16161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  373.853052][T16161] Call Trace:
[  373.853058][T16161]  <TASK>
[  373.853065][T16161]  dump_stack_lvl+0x189/0x250
[  373.853089][T16161]  ? __pfx____ratelimit+0x10/0x10
[  373.853112][T16161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.853129][T16161]  ? __pfx__printk+0x10/0x10
[  373.853153][T16161]  ? __pfx___might_resched+0x10/0x10
[  373.853167][T16161]  ? fs_reclaim_acquire+0x7d/0x100
[  373.853194][T16161]  should_fail_ex+0x414/0x560
[  373.853218][T16161]  should_failslab+0xa8/0x100
[  373.853242][T16161]  kmem_cache_alloc_noprof+0x73/0x3c0
[  373.853262][T16161]  ? ovs_flow_alloc+0x24/0x1f0
[  373.853283][T16161]  ovs_flow_alloc+0x24/0x1f0
[  373.853304][T16161]  ovs_flow_cmd_new+0x1ee/0xd80
[  373.853325][T16161]  ? stack_depot_save_flags+0x40/0x860
[  373.853346][T16161]  ? netlink_unicast+0x7f1/0x9e0
[  373.853371][T16161]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  373.853438][T16161]  ? __nla_parse+0x40/0x60
[  373.853464][T16161]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  373.853490][T16161]  genl_family_rcv_msg_doit+0x215/0x300
[  373.853514][T16161]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  373.853542][T16161]  ? bpf_lsm_capable+0x9/0x20
[  373.853563][T16161]  ? security_capable+0x7e/0x2e0
[  373.853590][T16161]  genl_rcv_msg+0x60e/0x790
[  373.853613][T16161]  ? __pfx_genl_rcv_msg+0x10/0x10
[  373.853630][T16161]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  373.853654][T16161]  ? __asan_memcpy+0x40/0x70
[  373.853670][T16161]  ? __pfx_ref_tracker_free+0x10/0x10
[  373.853697][T16161]  netlink_rcv_skb+0x205/0x470
[  373.853724][T16161]  ? __lock_acquire+0xab9/0xd20
[  373.853746][T16161]  ? __pfx_genl_rcv_msg+0x10/0x10
[  373.853765][T16161]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  373.853802][T16161]  ? down_read+0x1ad/0x2e0
[  373.853820][T16161]  genl_rcv+0x28/0x40
[  373.853836][T16161]  netlink_unicast+0x82c/0x9e0
[  373.853863][T16161]  ? __pfx_netlink_unicast+0x10/0x10
[  373.853886][T16161]  ? netlink_sendmsg+0x642/0xb30
[  373.853898][T16161]  ? skb_put+0x11b/0x210
[  373.853916][T16161]  netlink_sendmsg+0x805/0xb30
[  373.853937][T16161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  373.853954][T16161]  ? aa_sock_msg_perm+0xf1/0x1d0
[  373.853969][T16161]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  373.853985][T16161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  373.854000][T16161]  __sock_sendmsg+0x21c/0x270
[  373.854024][T16161]  ____sys_sendmsg+0x505/0x830
[  373.854045][T16161]  ? __pfx_____sys_sendmsg+0x10/0x10
[  373.854069][T16161]  ? import_iovec+0x74/0xa0
[  373.854089][T16161]  ___sys_sendmsg+0x21f/0x2a0
[  373.854107][T16161]  ? __pfx____sys_sendmsg+0x10/0x10
[  373.854161][T16161]  ? __fget_files+0x2a/0x420
[  373.854173][T16161]  ? __fget_files+0x3a0/0x420
[  373.854193][T16161]  __x64_sys_sendmsg+0x19b/0x260
[  373.854211][T16161]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  373.854234][T16161]  ? __pfx_ksys_write+0x10/0x10
[  373.854251][T16161]  ? rcu_is_watching+0x15/0xb0
[  373.854269][T16161]  ? do_syscall_64+0xbe/0x3b0
[  373.854286][T16161]  do_syscall_64+0xfa/0x3b0
[  373.854298][T16161]  ? lockdep_hardirqs_on+0x9c/0x150
[  373.854318][T16161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.854332][T16161]  ? clear_bhb_loop+0x60/0xb0
[  373.854349][T16161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.854362][T16161] RIP: 0033:0x7fae5298eba9
[  373.854375][T16161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.854388][T16161] RSP: 002b:00007fae538f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  373.854403][T16161] RAX: ffffffffffffffda RBX: 00007fae52bd5fa0 RCX: 00007fae5298eba9
[  373.854414][T16161] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  373.854423][T16161] RBP: 00007fae538f4090 R08: 0000000000000000 R09: 0000000000000000
[  373.854432][T16161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.854440][T16161] R13: 00007fae52bd6038 R14: 00007fae52bd5fa0 R15: 00007ffd719a6788
[  373.854464][T16161]  </TASK>
[  374.267318][ T5878] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  374.296300][ T5878] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  374.305987][ T5878] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  374.318205][ T5878] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  374.327222][ T5878] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  374.366044][T16165] C speed is unknown, defaulting to 1000
[  374.375202][T16165] lo speed is unknown, defaulting to 1000
[  374.423513][T16169] netlink: 'syz.0.3176': attribute type 1 has an invalid length.
[  374.478289][T16169] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  374.868626][T16190] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  374.997847][T16194] netlink: 'syz.1.3184': attribute type 1 has an invalid length.
[  375.008764][T16194] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.3184'.
[  375.047068][ T5878] Bluetooth: hci3: command tx timeout
[  375.241056][T16209] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3187'.
[  375.259799][T16165] chnl_net:caif_netlink_parms(): no params data found
[  375.511190][T16165] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.519710][T16165] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.527187][T16165] bridge_slave_0: entered allmulticast mode
[  375.535102][T16165] bridge_slave_0: entered promiscuous mode
[  375.544431][T16165] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.552194][T16165] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.560831][T16165] bridge_slave_1: entered allmulticast mode
[  375.569802][T16165] bridge_slave_1: entered promiscuous mode
[  375.636449][T16165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  375.680069][T16165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.714809][T16234] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3195'.
[  375.733162][T16234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3195'.
[  375.875139][T16165] team0: Port device team_slave_0 added
[  375.896331][T16165] team0: Port device team_slave_1 added
[  375.998975][T16165] batman_adv: batadv0: Adding interface: batadv_slave_0
[  376.009576][T16165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.037052][T16165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  376.078194][T16165] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.085174][T16165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.145218][T16165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.261748][T16165] hsr_slave_0: entered promiscuous mode
[  376.269268][T16165] hsr_slave_1: entered promiscuous mode
[  376.277982][T16165] debugfs: 'hsr0' already exists in 'hsr'
[  376.284177][T16165] Cannot create hsr debugfs directory
[  376.284690][T16258] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  376.289653][    T9] IPVS: starting estimator thread 0...
[  376.355543][T16258] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  376.395833][T16263] netlink: 'syz.1.3205': attribute type 1 has an invalid length.
[  376.406391][T16263] netlink: 236 bytes leftover after parsing attributes in process `syz.1.3205'.
[  376.417766][ T5878] Bluetooth: hci1: command tx timeout
[  376.427795][T16259] IPVS: using max 26 ests per chain, 62400 per kthread
[  376.553388][T16165] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.618516][T16165] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.684677][T16278] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3208'.
[  376.707099][T16278] netlink: 'syz.3.3208': attribute type 9 has an invalid length.
[  376.719626][T16165] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.810177][T16165] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.852078][T16285] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.864660][T16289] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3211'.
[  376.872547][T16292] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3213'.
[  376.959575][T16285] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  377.046106][T16300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3211'.
[  377.105284][T16285] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  377.205530][T16285] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  377.274916][T16165] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  377.302828][T16165] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  377.322283][T16165] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  377.352877][T16165] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  377.415232][T16314] netlink: zone id is out of range
[  377.425686][T16314] netlink: zone id is out of range
[  377.455391][ T1016] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  377.503542][ T1016] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  377.515142][T16318] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3217'.
[  377.585558][ T3575] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  377.612385][ T3575] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  377.733848][T16165] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.796362][T16165] 8021q: adding VLAN 0 to HW filter on device team0
[  377.835297][T16329] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  377.848834][ T6435] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.856059][ T6435] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.900885][ T6435] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.908075][ T6435] bridge0: port 2(bridge_slave_1) entered forwarding state
[  378.400901][T16365] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3227'.
[  378.497533][ T5878] Bluetooth: hci1: command tx timeout
[  378.681981][T16165] 8021q: adding VLAN 0 to HW filter on device batadv0
[  379.159165][T16402] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3235'.
[  379.180098][T16406] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0
[  379.200931][T16403] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  379.208350][T16401] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3235'.
[  379.707213][T16165] veth0_vlan: entered promiscuous mode
[  379.793985][T16165] veth1_vlan: entered promiscuous mode
[  379.881097][T16165] veth0_macvtap: entered promiscuous mode
[  379.911372][T16442] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  379.988371][T16165] veth1_macvtap: entered promiscuous mode
[  380.062112][T16165] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.098013][T16165] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.149321][T16449] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3252'.
[  380.178269][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.222778][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.280911][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.310252][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.476216][T16456] veth0_to_bond: left promiscuous mode
[  380.534701][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.553111][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.568234][ T5878] Bluetooth: hci1: command tx timeout
[  380.710406][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.721561][T16480] 8021q: VLANs not supported on vcan0
[  380.732553][T16480] netlink: 'syz.3.3264': attribute type 23 has an invalid length.
[  380.741530][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.882941][T16491] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  380.922206][T16493] netlink: 'syz.0.3269': attribute type 6 has an invalid length.
[  381.481237][T16523] __nla_validate_parse: 3 callbacks suppressed
[  381.481255][T16523] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3277'.
[  381.538088][T16524] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3277'.
[  382.051759][T16555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3284'.
[  382.531550][T16579] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  382.624766][T16581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3293'.
[  382.648190][ T5870] Bluetooth: hci1: command tx timeout
[  382.654206][ T5870] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  382.667713][ T5870] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  382.676248][ T5870] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  382.685044][ T5870] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  382.694282][ T5870] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  382.715384][T16586] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3294'.
[  382.725610][T16586] openvswitch: netlink: Flow key attr not present in new flow.
[  382.762506][T16588] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  382.784410][ T6435] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  382.802215][T16589] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3295'.
[  382.896258][T16582] C speed is unknown, defaulting to 1000
[  382.906044][ T6435] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  382.997461][T16582] lo speed is unknown, defaulting to 1000
[  383.036370][ T6435] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  383.060572][T16602] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3302'.
[  383.077548][T16600] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3299'.
[  383.117086][T16607] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  383.216438][ T6435] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  383.306936][T16614] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3306'.
[  383.340254][T16614] openvswitch: netlink: Flow key attr not present in new flow.
[  383.705924][T16633] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  383.955275][T16643] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3318'.
[  383.990307][T16643] openvswitch: netlink: Flow key attr not present in new flow.
[  384.132348][ T6435] bond4 (unregistering): (slave gretap1): Releasing active interface
[  384.636958][ T6435] bond1 (unregistering): (slave veth3): Releasing active interface
[  384.656751][ T6435] bond1 (unregistering): Released all slaves
[  384.675731][ T6435] bond2 (unregistering): Released all slaves
[  384.713433][ T6435] bond0 (unregistering): Released all slaves
[  384.736417][ T6435] bond3 (unregistering): Released all slaves
[  384.745604][ T5878] Bluetooth: hci5: command tx timeout
[  384.768266][ T6435] bond4 (unregistering): Released all slaves
[  384.987727][ T6435] tipc: Left network mode
[  385.584297][ T5915] IPVS: starting estimator thread 0...
[  385.591277][T16676] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  385.680556][T16677] IPVS: using max 26 ests per chain, 62400 per kthread
[  385.708291][T16674] 8021q: adding VLAN 0 to HW filter on device bond1
[  385.792987][T16681] openvswitch: netlink: Flow actions attr not present in new flow.
[  386.415858][T16708] netlink: 'syz.4.3340': attribute type 5 has an invalid length.
[  386.467540][T16713] openvswitch: netlink: Duplicate or invalid key (type 0).
[  386.467561][T16708] openvswitch: netlink: Flow actions attr not present in new flow.
[  386.600406][T16582] chnl_net:caif_netlink_parms(): no params data found
[  386.729811][    T9] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004b: 0000 [#1] SMP KASAN PTI
[  386.741761][    T9] KASAN: null-ptr-deref in range [0x0000000000000258-0x000000000000025f]
[  386.750198][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) 
[  386.759327][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  386.769403][    T9] Workqueue: events l2cap_info_timeout
[  386.774899][    T9] RIP: 0010:kasan_byte_accessible+0x12/0x30
[  386.780815][    T9] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 d0 d1 59 09 cc 66 66 66 66 66 66 2e
[  386.784969][T16720] veth0_to_bridge: entered promiscuous mode
[  386.800432][    T9] RSP: 0018:ffffc900000e77a8 EFLAGS: 00010206
[  386.800457][    T9] RAX: dffffc0000000000 RBX: ffffffff895a4928 RCX: fb6db3deee750000
[  386.800472][    T9] RDX: 0000000000000000 RSI: ffffffff895a4928 RDI: 000000000000004b
[  386.800484][    T9] RBP: ffffffff8a839bd5 R08: 0000000000000001 R09: 0000000000000000
[  386.800495][    T9] R10: dffffc0000000000 R11: ffffffff8a839b90 R12: 0000000000000000
[  386.800508][    T9] R13: 0000000000000258 R14: 0000000000000258 R15: 0000000000000001
[  386.800519][    T9] FS:  0000000000000000(0000) GS:ffff888125c18000(0000) knlGS:0000000000000000
[  386.800534][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  386.800553][    T9] CR2: 0000200000000140 CR3: 0000000077636000 CR4: 00000000003526f0
[  386.800569][    T9] Call Trace:
[  386.800576][    T9]  <TASK>
[  386.800584][    T9]  __kasan_check_byte+0x12/0x40
[  386.800615][    T9]  lock_acquire+0x8d/0x360
[  386.800642][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.800670][    T9]  ? __cancel_work+0x254/0x2e0
[  386.800714][    T9]  lock_sock_nested+0x48/0x100
[  386.800741][    T9]  ? l2cap_sock_ready_cb+0x45/0x140
[  386.800778][    T9]  l2cap_sock_ready_cb+0x45/0x140
[  386.800800][    T9]  l2cap_conn_start+0x76d/0xe50
[  386.800831][    T9]  ? __pfx_l2cap_conn_start+0x10/0x10
[  386.800858][    T9]  ? __lock_acquire+0xab9/0xd20
[  386.800884][    T9]  ? __pfx___mutex_lock+0x10/0x10
[  386.800905][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  386.800928][    T9]  l2cap_info_timeout+0x68/0xa0
[  386.800955][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  386.800971][    T9]  process_scheduled_works+0xae1/0x17b0
[  386.811265][T16720] veth0_to_bridge: left promiscuous mode
[  386.812950][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  386.970309][    T9]  worker_thread+0x8a0/0xda0
[  386.974926][    T9]  kthread+0x70e/0x8a0
[  386.979004][    T9]  ? __pfx_worker_thread+0x10/0x10
[  386.984113][    T9]  ? __pfx_kthread+0x10/0x10
[  386.988699][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  386.993901][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.999119][    T9]  ? __pfx_kthread+0x10/0x10
[  387.003740][    T9]  ret_from_fork+0x3fc/0x770
[  387.008332][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  387.013445][    T9]  ? __switch_to_asm+0x39/0x70
[  387.018213][    T9]  ? __switch_to_asm+0x33/0x70
[  387.022979][    T9]  ? __pfx_kthread+0x10/0x10
[  387.027571][    T9]  ret_from_fork_asm+0x1a/0x30
[  387.032349][    T9]  </TASK>
[  387.035377][    T9] Modules linked in:
[  387.041407][    T9] ---[ end trace 0000000000000000 ]---
[  387.045034][ T5878] Bluetooth: hci5: command tx timeout
[  387.061564][T16716] caif:caif_disconnect_client(): nothing to disconnect
[  387.123981][    T9] RIP: 0010:kasan_byte_accessible+0x12/0x30
[  387.148202][    T9] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 d0 d1 59 09 cc 66 66 66 66 66 66 2e
[  387.168621][    T9] RSP: 0018:ffffc900000e77a8 EFLAGS: 00010206
[  387.178816][    T9] RAX: dffffc0000000000 RBX: ffffffff895a4928 RCX: fb6db3deee750000
[  387.187008][    T9] RDX: 0000000000000000 RSI: ffffffff895a4928 RDI: 000000000000004b
[  387.195056][    T9] RBP: ffffffff8a839bd5 R08: 0000000000000001 R09: 0000000000000000
[  387.203334][    T9] R10: dffffc0000000000 R11: ffffffff8a839b90 R12: 0000000000000000
[  387.212172][    T9] R13: 0000000000000258 R14: 0000000000000258 R15: 0000000000000001
[  387.220237][    T9] FS:  0000000000000000(0000) GS:ffff888125c18000(0000) knlGS:0000000000000000
[  387.229655][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  387.236253][    T9] CR2: 0000200000002280 CR3: 0000000077636000 CR4: 00000000003526f0
[  387.244505][T16723] tipc: Started in network mode
[  387.249445][T16723] tipc: Node identity ca64065b71cb, cluster identity 4711
[  387.256964][T16723] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  387.257287][    T9] Kernel panic - not syncing: Fatal exception
[  387.263937][    T9] Kernel Offset: disabled