last executing test programs:

3.767197696s ago: executing program 2 (id=1189):
r0 = socket$nl_generic(0x11, 0x3, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x6, 0x1c, 0x67, 0x0, 0x0, 0x2, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x14, 0x0, 0x0, @empty}}}}}, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) (async)
r3 = socket$key(0xf, 0x3, 0x2) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x2}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0) (async)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_JOIN_FILTERS(r5, 0x65, 0x6, &(0x7f0000000140)=0x3, 0x4) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl2\x00', <r7=>0x0, 0x80, 0x700, 0x2, 0x80000001, {{0x10, 0x4, 0x3, 0x1e, 0x40, 0x64, 0x0, 0x3, 0x29, 0x0, @broadcast, @multicast2, {[@cipso={0x86, 0x29, 0xffffffffffffffff, [{0x6, 0x6, "12e44392"}, {0x7, 0xb, "5c1943df65ee6385d9"}, {0x7, 0x12, "638fcd5d2410d6a6e632e865e662f87a"}]}]}}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xf, &(0x7f00000001c0)=@raw=[@map_val={0x18, 0x8, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x100}, @generic={0x3, 0xf, 0x0, 0x5, 0x7fffffff}, @call={0x85, 0x0, 0x0, 0xc1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @map_val={0x18, 0x1, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0xcbae}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}], &(0x7f0000000080)='GPL\x00', 0xfffffff4, 0x59, &(0x7f0000000300)=""/89, 0x40f00, 0x5c, '\x00', r7, 0x0, r2, 0x8, &(0x7f0000000440)={0x4, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000480)=[r1, r1, r1], &(0x7f00000004c0)=[{0x4, 0x5, 0xf, 0x6}, {0x3, 0x3, 0x4, 0x3}, {0x2, 0x1, 0x9, 0x9}], 0x10, 0x8, @void, @value}, 0x94) (async)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

3.527509687s ago: executing program 2 (id=1192):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
pread64(r2, &(0x7f00000003c0)=""/4096, 0x1000, 0x2df)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r2}, 0x8)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r4, 0x325}, 0x14}}, 0x0)
unshare(0x20000400)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1f, 0x6, 0xfffffffc, 0x24, 0xc091, 0xffffffffffffffff, 0xd3, '\x00', r7, r3, 0x3, 0x2, 0x0, 0x0, @value=r2, @void, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r8, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r6}, 0x20)
recvmmsg(r6, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000001840)=""/4096, 0x1000}], 0x1}}], 0x1, 0x10003, 0x0)
connect$unix(r5, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e)
r9 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r9, 0x10e, 0x2, &(0x7f0000000100)=0x18, 0x4)

3.175948882s ago: executing program 2 (id=1196):
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0)
unshare(0x62040200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x755, 0xc, 0x8, 0xfffffffe}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={0x0, 0x0, 0x10}, 0x18)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x15, 0x12}})
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r4, 0x2)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f0000000080), 0x72a, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

2.575800933s ago: executing program 1 (id=1208):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

2.570438847s ago: executing program 0 (id=1209):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x34, r1, 0x5, 0x70bd27, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_id={0x72, 0x6}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x488c0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)

2.342083927s ago: executing program 4 (id=1213):
socket$packet(0x11, 0x3, 0x300)
setsockopt$MRT6_DONE(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd09003200030030"], 0xfdef)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="2400000076001f03000000000000000008000000ffffffff0c000d8008"], 0x24}], 0x1}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000d00)=ANY=[@ANYBLOB="b4050000200080006110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0be2566c43d72918a8a9323fd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5d82054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fcfcffffffffffffffd442017cfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beac671e8e8fdecb035868a623fa71f871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a00040000bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae991e7f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef8a4fed5c9455640dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d76ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6e257343c1a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabba3c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f3878b1e11316d8ddae1c6c3b8faaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000090ee7ba4a70a084bd994ac5e00000000000000000000000000351a30cdf57a3d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd68a34e286991f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf6433f76d5af45155536a1a44bfcbfbfd232af000052f99be13156f7d604d933e593985a6f9a00", @ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000001c0)={0x0, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=0x1, @ANYRES32=r1, @ANYBLOB="020000000000000000000000019f6b6150b1758e2ef3283c9dbc27da8abc7dedfa8a2eee19d44d56e2d5c0fdbd650dcba943f9f5d8075b18b9ad538b78abc4c71f1014392216e32c1938be8eb1cc0efe1bf1aa", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r3 = socket$key(0xf, 0x3, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x10000000})
sendmsg$key(r3, &(0x7f0000003880)={0x0, 0x0, &(0x7f0000003840)={&(0x7f0000000040)=ANY=[@ANYBLOB="0212ff060300000028bd7000fbdbdf2501000700"], 0x18}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r7, 0x8947, &(0x7f0000000000)="8d557fd094c38f748ec33512ef3a")
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'gre0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@ipv4_newaddr={0x88, 0x14, 0x20, 0x70bd28, 0x25dfdbff, {0x2, 0x1f, 0x10, 0x0, r8}, [@IFA_BROADCAST={0x8, 0x4, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x9, 0x8, 0x7, 0x9}}, @IFA_LABEL={0x14, 0x3, 'veth0_macvtap\x00'}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8}, @IFA_FLAGS={0x8, 0x8, 0x100}, @IFA_LABEL={0x14, 0x3, 'vlan0\x00'}, @IFA_ADDRESS={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IFA_CACHEINFO={0x14, 0x6, {0x505e3ac9, 0x200, 0x80, 0x27}}]}, 0x88}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

2.340296487s ago: executing program 1 (id=1214):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
r1 = accept(r0, &(0x7f0000000000)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private0}}, &(0x7f0000000080)=0x80)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000001c0)={'erspan0\x00', <r2=>0x0, 0x80, 0x1, 0x3, 0x321, {{0x37, 0x4, 0x0, 0x1, 0xdc, 0x64, 0x0, 0xb, 0x2f, 0x0, @private=0xa010101, @empty, {[@rr={0x7, 0x1b, 0x18, [@private=0xa010100, @remote, @loopback, @empty, @private=0xa010102, @empty]}, @cipso={0x86, 0x48, 0x2, [{0x1, 0x9, "c0a937e091c03f"}, {0x6, 0x4, "2f8d"}, {0x0, 0x6, "56f0c21d"}, {0x0, 0x8, "a49c67100bdf"}, {0x2, 0x9, "a0c45da7a58468"}, {0x5, 0x10, "590d1aa6f87fd16ca26169fbcce7"}, {0x0, 0xc, "d89f40ad191d341c29fc"}, {0x1, 0x2}]}, @lsrr={0x83, 0x7, 0x3f, [@multicast1]}, @ra={0x94, 0x4}, @cipso={0x86, 0x15, 0xffffffffffffffff, [{0x7, 0xf, "5ad3a26d313354a1dae1cf5ef9"}]}, @timestamp_prespec={0x44, 0x24, 0x6, 0x3, 0x6, [{@broadcast, 0x5}, {@empty, 0x5}, {@broadcast, 0x101}, {@dev={0xac, 0x14, 0x14, 0x21}, 0x3}]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x1b, 0x37, [@loopback, @loopback, @empty, @broadcast, @private=0xa010102, @rand_addr=0x64010102]}, @end]}}}}})
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in=@private}}, &(0x7f00000003c0)=0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@private2, @in6=@mcast1, 0x4e21, 0x101, 0x4e20, 0x59b9, 0xa, 0x0, 0x60, 0xa6, r2, r3}, {0xa478, 0x1, 0xb2, 0x5, 0x6, 0xff, 0x6632, 0x7}, {0x1ff, 0xf86, 0x9, 0xfffffffffffffff5}, 0xfe8, 0x6e6bb8, 0x0, 0x1, 0x1, 0x3}, {{@in=@multicast1, 0x4d6, 0x33}, 0x2, @in=@remote, 0x3502, 0x2, 0x1, 0x3, 0x2, 0x3ff, 0x1}}, 0xe8)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x1000}, {r0, 0x4000}, {r0, 0x140}, {r0, 0x40}, {r0, 0xa2}], 0x5, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)

2.311383661s ago: executing program 2 (id=1215):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_vlan\x00', <r1=>0x0})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000040)=@nat={'nat\x00', 0x19, 0x3, 0x90, [0x4000000002c0, 0x0, 0x0, 0x400000000534, 0x40000000064a], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000005695da6a000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000c30000000000000000000000000000000000000000000000000000000003000000feffffff"]}, 0x108)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe}}}, 0x24}}, 0x0)
r2 = socket(0x1, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000800)={'macvlan0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, 0x0, 0x0, 0x40000, &(0x7f00000001c0)={0x11, 0x1, r3, 0x1, 0x70, 0x6, @local}, 0x14)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10)
r6 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r6, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x4000080)
sendmsg$inet(r6, 0x0, 0x240448c4)
r7 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback, 0x580d5476}, 0x1c)
sendto$inet6(r7, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0xffffffff, @loopback}, 0x1c)
recvmmsg(r7, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/173, 0xad}], 0x1}, 0x5}], 0x1, 0x2, 0x0)

2.150521788s ago: executing program 0 (id=1217):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x7fffffff, 0x6, 0x9}}}}]}, 0x44}}, 0x44080)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, 0x0, 0x4000000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x3}, {0x0, 0xa}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xc}}]}, 0x38}}, 0x4000) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x3}, {0x0, 0xa}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xc}}]}, 0x38}}, 0x4000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x24, 0x2a, 0xd27, 0x4000000, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {}, {0x5, 0xffe0}}}, 0x24}}, 0x0) (async)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x24, 0x2a, 0xd27, 0x4000000, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {}, {0x5, 0xffe0}}}, 0x24}}, 0x0)

2.037124679s ago: executing program 1 (id=1218):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0x2000000000000178, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c250000000000202020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x7}, 0x8)
shutdown(r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000180)={'wg1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})

1.927074462s ago: executing program 4 (id=1220):
r0 = epoll_create1(0x0) (async)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001580)={{{@in6=@remote, @in6=@private2, 0x4e21, 0xfffb, 0x4e22, 0xfffd, 0xa, 0x80, 0xc0, 0x3c}, {0x34, 0x7fff, 0x7fff, 0x9, 0x6, 0xd, 0x0, 0x12000000000}, {0xf, 0xa0f, 0xe, 0x1}, 0x83b, 0x6e6bb7, 0x1, 0x1, 0x1, 0x6f23e161ad6863d5}, {{@in6=@mcast1, 0x4d6, 0x33}, 0xa, @in6=@loopback, 0x3504, 0x4, 0x3, 0x78, 0x3, 0x7fffffff, 0x755f}}, 0xe8)
r2 = socket$unix(0x1, 0x1, 0x0)
close(r2) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) (async)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000080)={0xa002a008}) (async)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x1, 0xb, 0x1, 0x200, r3, 0xfffffff8, '\x00', r4, 0xffffffffffffffff, 0x5, 0x0, 0x0, 0xe, @void, @value, @void, @value}, 0x50) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}}, 0x0)

1.767203303s ago: executing program 0 (id=1222):
unshare(0x20000400)
r0 = socket$netlink(0x10, 0x3, 0x14)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x18, 0xfffffffffffffcb9)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r0)

1.675949554s ago: executing program 4 (id=1223):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
close(r3)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x48, 0x1404, 0x400, 0x70bd26, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'xfrm0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000380)=' ', 0x1, 0x20008801, &(0x7f0000000100)={0x11, 0x88a8, r5, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, 0x14)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f00"/55], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000180))
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000e4cd833d6fc2aef99c6a0d2f9325fa47fc465260cfa888d2e92c358df6d9cc46a44fcfce46331397d6de93b0d200fdff005f4ce742ed4cd438abc56e864ae89cbff04750d4186a7486a33257c35fa57ee966f9d4eb13416a75edf3db200f87c08c50c95f3d0e3b01ac28034f3314b83f41dd26f698d428255b2bcab1862763fb3d9e240ca3ab7d4dd929c68803690e21138f65be0fa7830c475134273cd5171f5796cd6c0eecd0f365c14c41cd0000000000000000", @ANYRES16=r7, @ANYBLOB="010000000000000000000202020005000300000000000900010073797a3100000000"], 0x28}, 0x1, 0x40030000000000}, 0x0)

1.506656134s ago: executing program 0 (id=1224):
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00000109006e"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd70000400000005000000080018000a01010106001c00e8ffff"], 0x2c}, 0x1, 0x0, 0x0, 0xc100}, 0x4080)
close(r1)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

1.383615801s ago: executing program 1 (id=1225):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x1000}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}, {0x4}}]}]}, 0x5c}}, 0x4000010) (async)
syz_genetlink_get_family_id$nl80211(0xfffffffffffffffd, 0xffffffffffffffff)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000540)={{{@in=@multicast2, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@local}, 0x0, @in6=@private2}}, &(0x7f0000000440)=0xe8)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x50, 0x3b, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x24, 0x1, 0x0, 0x1, [@typed={0x14, 0x6, 0x0, 0x0, @ipv6=@remote}, @nested={0xc, 0x99, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @uid=r4}]}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0xc, 0x11b, 0x0, 0x0, @u64=0x9}]}, 0x50}}, 0xc000) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x38, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x22, 0x5b, "7f556370aefda0c9df5abbfcbc6c5baea8500c4c1e906910433fbb083b86"}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000004) (async)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) (async)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), r5)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="100009000000fbdbdf2502000000050005000100000008000a000300000008000a0000000000050005000000000005002200008416fc9b0001000b000000050007000000000100000000070000000c000f00010000000100000008001900ac1e0101"], 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x4008801) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async, rerun: 64)
socket(0x2b, 0x80000, 0x2000f7b) (async, rerun: 64)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) (async)
sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x52010000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200300", @ANYRES32=0x0, @ANYBLOB="11000700eaa8939588506392c9d31546cb00000024006e80040001000400020004000200040001000400010004000200040002000400020011000700a86bddcf08f041c3f554d00e1a0000000a0006000802110000010000"], 0x74}, 0x1, 0x0, 0x0, 0x4880}, 0x8004)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x4, 0x1f, 0x7fffffff}, @IFLA_BOND_MIN_LINKS={0x8, 0x12, 0x3}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004002}, 0x0) (async)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, r8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="b400000000000000791094000000000063004800000000009500000000000000bfe47502c1470e1c7c34c7a14ba3921ec161d3c648380c2ec7baed2cf92a9fb98c6803161129c6f022844c74ebff3d3ae00924d5cc28208f0a777472fd8f"], &(0x7f0000003ff6)='GPL\x00', 0x7, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff70, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000a80)={0x11, @multicast2, 0x0, 0x0, 'none\x00', 0x1f, 0x80, 0x72}, 0x2c) (async, rerun: 64)
socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64)

1.322433295s ago: executing program 3 (id=1226):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000280)=ANY=[@ANYRES8=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x100000000002, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2c, 0x3, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xb, 0x0, &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/ipc\x00')
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r5, 0x0)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080), 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYRESDEC=r6, @ANYRES8=r0, @ANYRESHEX=r4, @ANYRESDEC=r3, @ANYRESDEC=r6], 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0xc084)
setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x200}, 0x8)
sendmmsg(r6, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
socket$inet(0x2, 0x6, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r7)
socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRESOCT, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r7}, 0x20)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x12)

1.320636361s ago: executing program 4 (id=1227):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x34, r1, 0x5, 0x70bd27, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_id={0x72, 0x6}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x488c0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)

1.319710062s ago: executing program 2 (id=1228):
unshare(0x6a040000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x48, 0x0, 0x8, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4044000}, 0x4000)
r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r1)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x5}}}}]}, 0x40}}, 0x0)
sendmsg$NET_DM_CMD_START(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r2, 0x1, 0x70bd25}, 0x14}}, 0x0)
r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040), 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r5, r0, 0x0, r0}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x4001, 0x3, 0x1c0, 0x98, 0xb, 0x148, 0x0, 0x148, 0x128, 0x240, 0x240, 0x128, 0x215, 0x3, 0x0, {[{{@ip={@rand_addr=0x64010101, @local, 0x0, 0xff000000, 'macvtap0\x00', 'veth0_to_bond\x00'}, 0x2e8, 0x70, 0x98, 0x0, {0xff0f000000000000}}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x4, 0xc16}}}, {{@uncond, 0xec010000, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x220)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getuid()
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000140)={0x0, 0x3, 0x401, 0x3})
connect$llc(r7, &(0x7f0000000180)={0x1a, 0x0, 0xfc, 0x8, 0x0, 0x0, @multicast}, 0x10)
r8 = epoll_create1(0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1f00000000000000000000000010000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000cb6b8a111d9b1fdbda1b2c0246a2a9439ec41459001083f47d5027c385"], 0x48)
ppoll(&(0x7f0000000000)=[{r8, 0x2003}, {r8, 0xf401}, {}], 0x3, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r9, &(0x7f0000000480)={0x68000005})

1.175692808s ago: executing program 3 (id=1229):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a0000000000000000000001b7080000000001007baaf8ff00002000b5080200000000107b8af0ff00000000bf8100000000000007010000a8d5b100bfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000001000000b705000008000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0xff7, &(0x7f0000001e00)=""/4087, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3aa, @void, @value}, 0x94)

1.129972803s ago: executing program 1 (id=1230):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000080)=0x7fff, 0x4)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000000)="822df82e5c9716ee4bd22cb9294bcf01", 0x10)
close(r1)
sendto$inet6(r0, &(0x7f00000000c0)="aa", 0x1, 0xc0fe, &(0x7f0000000100)={0xa, 0x3, 0x0, @dev={0xfe, 0x80, '\x00', 0xf8}, 0x4}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r2 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_LEAVE_OCB(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000088}, 0x800)
sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0)
getpeername$packet(r2, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f00000005c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x4c)
sendmsg$nl_route(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newlink={0x38, 0x10, 0x437, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, 0x40c89}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}]}}}]}, 0x38}}, 0x0)
sendmmsg$inet(r7, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @empty, @rand_addr=0x3}}}], 0x20}}], 0x1, 0x4040880)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f0000003680)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000240], 0x0, 0x0, &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0x2}]}, 0x108)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r12=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r12, @ANYRES16=r0, @ANYRESOCT], 0xb4}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000001ac0), 0xffffffffffffffff)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
recvmmsg(r0, &(0x7f0000005a40)=[{{&(0x7f0000000000)=@phonet, 0x80, &(0x7f0000001400)=[{&(0x7f0000000140)=""/59, 0x3b}, {&(0x7f0000000180)=""/231, 0xe7}, {&(0x7f0000000280)=""/79, 0x4f}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/175, 0xaf}, {&(0x7f00000013c0)=""/1, 0x1}], 0x6, &(0x7f0000001480)=""/163, 0xa3}, 0xff}, {{&(0x7f0000001540)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000002800)=[{&(0x7f00000015c0)=""/93, 0x5d}, {&(0x7f0000001640)=""/5, 0x5}, {&(0x7f0000001680)=""/47, 0x2f}, {&(0x7f00000016c0)=""/230, 0xe6}, {&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/11, 0xb}], 0x6, &(0x7f0000002880)=""/205, 0xcd}, 0xb}, {{0x0, 0x0, &(0x7f0000003c80)=[{&(0x7f0000002980)=""/17, 0x11}, {&(0x7f00000029c0)=""/173, 0xad}, {&(0x7f0000002a80)=""/162, 0xa2}, {&(0x7f0000002b40)=""/151, 0x97}, {&(0x7f0000002c00)=""/4096, 0x1000}, {&(0x7f0000003c00)=""/97, 0x61}], 0x6, &(0x7f0000003d00)=""/242, 0xf2}, 0x3}, {{&(0x7f0000003e00)=@caif=@util, 0x80, &(0x7f00000042c0)=[{&(0x7f0000003e80)=""/155, 0x9b}, {&(0x7f0000003f40)=""/128, 0x80}, {&(0x7f0000003fc0)=""/183, 0xb7}, {&(0x7f0000004080)=""/60, 0x3c}, {&(0x7f00000040c0)=""/177, 0xb1}, {&(0x7f0000005c00)=""/235, 0xeb}, {&(0x7f0000004280)}], 0x7, &(0x7f0000004340)=""/4, 0x4}, 0x10000}, {{&(0x7f0000004380)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000005600)=[{&(0x7f0000004400)=""/198, 0xc6}, {&(0x7f0000004500)=""/4083, 0xff3}, {&(0x7f0000005500)=""/250, 0xfa}], 0x3, &(0x7f0000005640)=""/200, 0xc8}, 0x9}, {{&(0x7f0000005740)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000005900)=[{&(0x7f00000057c0)=""/89, 0x59}, {&(0x7f0000005840)=""/175, 0xaf}], 0x2, &(0x7f0000005940)=""/252, 0xfc}, 0x2}], 0x6, 0x10000, &(0x7f0000005bc0)={0x77359400})

1.128510534s ago: executing program 0 (id=1231):
r0 = socket$inet(0x2, 0x6, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="1400000010001db1957c0000000000000000000a6c000000060a090400000000000000000200000040000480100001800c0001006e6f747261636b002c0001800e000100696d6d656469617465000000180002800c00028005000100c400000008000140000000090900010073797a30000000000900020073797a320000000020000000080a05000000000000000000020000000900010073797a30"], 0xb4}}, 0x0)
shutdown(r0, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
unshare(0x20000000)
r3 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast1, 0xc}, 0x1c)
r4 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x2}, 0x4}, 0x1c)
close(0x3)
unshare(0x2a020400)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRESHEX=r3, @ANYRES32, @ANYRES32, @ANYRESOCT=r3], 0x50)
socket$nl_crypto(0x10, 0x3, 0x15)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r6, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r7 = socket$inet6(0xa, 0x805, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fd0f00db9fb26bc5c9a347cc83f1428600000000f154dca54da0d5f6"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000040)={{{@in=@rand_addr=0x64010102, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x1, 0x0, 0xe00000000, 0x40, 0xfffffffffffffffa, 0x100000000000}, {}, 0x0, 0x0, 0x1, 0x1}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x32}, 0xa, @in=@local, 0x0, 0x4}}, 0xe8)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', r5}, 0x18)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg$unix(r2, &(0x7f0000005100)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/91, 0x5b}, {&(0x7f0000000480)=""/210, 0xd2}], 0x2}}, {{0x0, 0x0, &(0x7f0000002700)}}], 0x2, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_udplite(0xa, 0x2, 0x88)

1.128022264s ago: executing program 4 (id=1232):
r0 = socket$inet6(0xa, 0x0, 0x80000002)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x10, {{0x29, 0x0, 0x3000000, @rand_addr=' \x01\x00', 0x8}}}, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r1, 0x101)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r2, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x14, 0x30, 0x12f, 0x40000, 0x1}, 0x14}}, 0x0)
connect$inet(r2, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10)
r3 = accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x9)
sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000124bd7000fcdbdf250f000000e356850d70553fab8002c13b3c62913329faa85a71fa3c48f20a17d31a792192c1f3d08d5a"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40805)
syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000001bc0)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000600)='q', 0x1}], 0x1}}], 0x1, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfe, 0x40}, 0xc)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000001480)={0x360, 0x14, 0x200, 0x70bd26, 0x25dfdbfe, {0x1d, 0x1}, [@INET_DIAG_REQ_BYTECODE={0x34b, 0x1, "846c28dd3f8c6d860dbe3aec7076d739dd2d69bf24219d1be9eadf0397c6845984b3aa915cec7e72d0ab9d3e27518f2873fc37846470328472929b2f12c2f8b59ba69fa7ddf3c6775447cd2f700c7bab01b5fbef071c32a2f4e7add34359b8839c7173454d8f04c1724463630060245ed1550836b0d72e2dc10df8085a50c2721f29b0f17a113fe8a115abb2d0651df300e9b969f230c8f741a0ed2948e456fca2c16ea7a5e84d4f201c40b031bd99ac6496539f4ed5e588a7cfe195eac242a64b070fb1390fef570ac5b07c0c1dfcf688963777573d19439db3cbdc8db874a251fce805858776e58b12da386a375d8badb94824ee278abe0bfa248b20093e8116fba154f4d82e1d0b5afabb76eb0381d0cd81b607f372c3c38726877a1382f2ec6bc152d9b03aba151b01d5908c90b143ed697f0572b37e919f123558e1d8a3378319166888f1a12a0cb865118f2c796dec9d0f42074f7421eee499d2d562930ba2a3e6bb8a80fff82297cdea2733e3080e92fc1148c6ee54f911b58570ba00985de8f6fae58e96360ed5c5ed97c115b840b177bb0761e8f56735cbacd8aeb152ecbcc5b90e4011af436fe04b9f651afd3614304fea26433dce6244bd996a841d7f2eb1d3fbf40617e51d9407717d2e58f335a14fbdb6c5ac1c8c9857e77904369a6199be7942a2d47c6f3aaec0fde1bc267b50caa446f04996c516d8b6cf13eceb0797fb65553c9fdda439a14b5c0c2296fc2d7de6bcd4b42ebb00235a469e1b68ed3ffba57af7fb816ba4ade809105e9b3b011d964dc3cedc0e4f6fcb8f76f4bfe65076a3de6dd6745dcff1b6aaeadbadfafe0a53f5f3774ea3ff17f89fb1e696cadc9cb08d5d335bda540fa90e40c17561c70759a56ae9d7252e936e81b897b2a0efe98fba969af238380715992dfdd0e14d662c690128d23de888e64d5cbb58e88f6a817fb52fc396a6d72784af664edbc4e1ebb035f95c16b2390322018b717b62c053ac9988a13262a4e2f83cda25b5df880128b51310ed77e5c9e49c5709e5b0b28ea558da58ce5dfe75db7aedef0353ca86708442c1a6b71e04bd9fa32bcd213817f4660d8a46f7d3716334a93f8b556ce0edfd0c80738ffce3f2a8143148363d6c3dc79a65aac71e1f50cf3452df447d14e817abc75df85c228b5a0c47a1c189947b"}]}, 0x360}, 0x1, 0x0, 0x0, 0x10}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r7}, 0x18)

916.043698ms ago: executing program 3 (id=1233):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xe, 0x0, &(0x7f0000000080)=0x9) (async)
r1 = socket$can_raw(0x1d, 0x3, 0x1) (async)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0xe}, {}, {0xe, 0xffe0}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x581e}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x4000) (async)
bind$can_raw(r1, &(0x7f0000000480)={0x1d, r3}, 0x10) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000004e000000711215000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r4 = socket$unix(0x1, 0x1, 0x0) (async)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
listen(r5, 0x0) (async)
connect$unix(r4, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f0000000000)={0x0, 0xea60}, 0x10)
connect$unix(r5, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f00006e5000/0x1000)=nil, 0x1000, 0x2000001, 0x40a8011, r6, 0x0) (async)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0x0) (async)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000002c0)={0x8, [<r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000340)=0x24)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000400)={r7, 0x200}, &(0x7f0000000440)=0x8) (async)
unshare(0x42000000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x12, 0xffffffffffffffff, 0x95c0e000) (async)
pipe(&(0x7f00000001c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
read$alg(r8, &(0x7f0000000200)=""/82, 0x52) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
splice(r10, &(0x7f0000000040), r9, 0x0, 0x800000000ff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)

684.436655ms ago: executing program 3 (id=1234):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580))
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0x8}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r1, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d", 0x129, 0x40040, 0x0, 0x0)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e22, @loopback}, 0x10)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000840))
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000000280)="625e4bc431896083fd715a3aff81dfb42f9ba756d3baf3c2929f1bb273fa59db3aed7f332b5c816216ed4310cd1ef491f527f60401b75e4905", 0x39, 0x24824, 0x0, 0x0)
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000300)="4daf8a728e", 0x5)
r4 = accept4$ax25(r3, &(0x7f00000004c0)={{0x3, @rose}, [@rose, @default, @bcast, @bcast, @null, @bcast, @default, @netrom]}, &(0x7f0000000200)=0x48, 0x8b6ff362807b1335)
ioctl$SIOCAX25OPTRT(r4, 0x89e7, &(0x7f0000000240)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x2, 0x44})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="4400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="0003000000440200180022000dc8737388a9ed89f75c6d84e8d4b8b17e460f9f08002c000000010004001400"], 0x44}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none, 0xd2}, 0xa)
getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f0000000040)=0x8, &(0x7f00000000c0)=0x2)
getpeername(r6, 0x0, &(0x7f0000000080))

509.99212ms ago: executing program 3 (id=1235):
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
unshare(0x20400)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
tee(r1, 0xffffffffffffffff, 0x3, 0x3)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000540)=0x10001, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000005c0)=0x41, 0x4)
write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b36598b8cb08591ffc2467faa14eba6144e8129396", 0x28)

383.912731ms ago: executing program 3 (id=1236):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000100000004000000e850000000000000", @ANYRES32, @ANYBLOB="000100000000000000", @ANYRES16, @ANYRES32], 0x50) (async, rerun: 32)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) (rerun: 32)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
close(r1) (async, rerun: 64)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (rerun: 64)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x36, 0x0, 0x9, 0x0, 0x0, @void, @value}, 0x28) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x7, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4, <r5=>0xffffffffffffffff}, 0x0, &(0x7f0000000140)=r3}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r5, &(0x7f00000002c0), &(0x7f0000000300)=@tcp6=r2, 0x1}, 0x20) (async)
close(r1) (async, rerun: 32)
r6 = socket(0x10, 0x3, 0x0) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'sit0\x00', <r7=>0x0}) (async, rerun: 64)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (rerun: 64)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000850000007d000000181100", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000004000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r9}, 0x10) (async)
ioctl$PPPIOCGMRU(r3, 0x80047453, &(0x7f0000000380)) (async)
sendmsg$nl_route(r6, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x25dfdbfd, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x7}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0xf}}, @NHA_OIF={0x8, 0x5, r7}]}, 0x34}}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) (async, rerun: 64)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) (async, rerun: 32)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'wlan1\x00', 0x400}) (async, rerun: 32)
r11 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000440)={'rose0\x00', <r12=>0x0}) (async)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r12], 0x20}}, 0x0) (async)
r14 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xe, 0x8, 0x20008, 0x7, 0x0, 0xffffffffffffffff, 0x7bd, '\x00', r12, 0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r14}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x54}}]}, &(0x7f0000001940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

280.67344ms ago: executing program 2 (id=1237):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x7}, 0x4)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
socket$kcm(0xa, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x2, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4844)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x80010, r2, 0x3dd3b000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_LOG_SNAPLEN={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_LOG_GROUP={0x6}]}}}]}]}], {0x14}}, 0x78}}, 0x0)
close(0xffffffffffffffff)
ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc})

168.371785ms ago: executing program 0 (id=1238):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="00000000000000000000b26ec917c97291cb4ee5ecf95892780e11fea4e8c5377394ff3bc2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x31)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000c500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

134.746126ms ago: executing program 4 (id=1239):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000040))
writev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)='?', 0x1}], 0x1)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
openat$cgroup_pressure(r3, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r4, 0x0)
recvfrom$unix(r2, &(0x7f0000000200)=""/191, 0xbf, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=1240):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, &(0x7f0000000300)=0x10)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000340)={'filter\x00', 0x4}, 0x68)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000006600)={0x1040, r5, 0x1, 0xffffffff, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x1014, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "fc654c187d6eb5f0ca15095cc8787b50b96435ad3147dd10e867248d37187c2a131a62d105462ce34d5cf8ded36159aea612a3460534d8c298556e91590238f40dd2c7148d365ab6cdd5f2a7f74bac8d59f731c655a46917f18b28ed05e58b70287d26677601258a5c0ab9f679e2e520228c3a1f1aede04c6ba82cc38cc2ab6b35a24fb20e032dedf6f6caf4bfea5435f746f746fd46ca192e3744eb6908b358c10833bf484237ba654641e6186a45957c6345e61ea620fdc74383ce1df4a24e7044bae596f018736424a5bfa438865044e7026fa37a3540fadd0e89d87aecd3bc127e0cb10274991d6127224a0f2a4ef19e2c4dedbe45f2471abcc38c584ead0e3df3f9211022b2421fb6b327361e8f58f2b73134fc5444b350ede95ecef5bbbf9950e75c9f772a3ff0180d2cfac287228709726a6abbab2971982de7f1a9149d71dcbfd212e89ff17cf284b7f8ad82a469cb1c1e3d9d1d3689271c8dad0ba89dda651d4242062ac0bc5877e397236fa9476ac5fac7c2c896babca09d74720004cd0e634327de4fd87ed72ae069c095d2c70caed52e3335478c1c3719925e24f2fd7755baebd5cde385727a0f0440dd3b662248c43ff5afc4f186ff0051ba8eaa07623b79c4bb6985f14c5ac15041a6ff7584f921982e5414481d4db4c76798d70a59b5aeccb6e7882aefe70993758b55b4dc4039c2b1c98452113aaf23ccdf68cb6eff6e048f9da6f39a2def3caaf80cdcbadb83b029b8738391f02fec90c8a8b6f036aae8ceaff5dca7d3e0098423fedc676c6774ab0e6a72bd246c0b3004d1988f802b846d62ca59e9a63ce12814176ec4380e1cf29d27e7b2f7e7eadcaae8f182498ad32e67323fe6ef9508fec40dd38897652053ef92e44a909060c237890c196f0c26ab10248f999001f6231813a81313971bea77a5470f312d185dce689adc99e430e4010a3a341482c51fb71c23c3cdf92303c7580c73775f9a74685a61ce9849eaca52b97ee7ffe2e672dc1be5267c285a102711b1b5d81d6dbb76494f2892fd4f85244ade3cdd3809fd5fdfce5157fc79e5e41fcd1658f0bceb379489732583707c170fc6392aa4f5b94843aeb18da58e0156e029c2b722918b1b3dc7c151cb9c248ddd18423629b53cd4b0ab2693b0df29c88c04657f4eccdc41357de8186fdc0ec86f92950734975921a2fde57c3e7176b57c871d76ff8a8f36520b67e64930cf34bcde9ad92d057a359ca022b646df18e2b7202845bd8ac4be5e5ebae436dc4b93dfaaf2778a53e7e4be937e83dac7d1d481bdbd8081ab0ac08af067e62580bbdbf397cbc629db9b023734b6fad7824d1a8b3257c1c18d6ebc928140060f004ec484b183560f830a1eb0c527c8600bb2600d761e847454e677aa29486aa407a9e9a5e9dc9542de038e3e55fdfec13184cdb16716556f972eef5c56230c43d146c86a9147265c309a279db6d138647920410896c5397c5f83634fa5e92b5161f786482d84830864388b91c2c1e3e9f9f038d5fa66f7fe904e14df0a60d46066c6b1f37cec6e13c35832f512be21da21a5921b81cc452b0076c2ec10fc5481cd0e1ca917b40cb3aa839b120ce6eb9773e942b74ececac6bdcd22eb8dd6cd9f148e0ebe5ef3094f42adc39bc5ca2259e1eab5059ccf5e82bb57b97d4d13a90747299b2e6b64f962aabf222e4f287503181de3c3a68fb2b0068583f3b97e40ce06e9805a7121eccac0527b8f1b18a62762efe0a9ce4114b7d1ba942bc93533ee0b1bd7f0a607207b976dfa1fbe3ce0868e7f4e31b41a0aada0ac6b291aefe22ea5338f07e57b981b8e4e4a121f231d2f46989fd5dd09a7c1d198f5886b4f1a222eccdabff096a81fef3c9e497621128562880938fe05a1f1c4da81daba55bf326f1e3a1712d79f01fbef2ee230615d4e454be67f0ad4dc2bfffaecbb683742925738b45854ab713ae548b9709e9ea2e28224ef466bced79e3ec6c163d45db187bc01c75afa85f78003927dcd122086acc8dd1b1224de41d62b83e34083dd39fe68aa5a479ba403f5dbddf9b763ca521b7efca6234be16484f1e0112d963672a6d24cdac15e80bcb82b3b22231670c41fe7e8a0a083b6df768e7fb0d94a004f8372f5cf8b9b45cc679eb67828a94d0ffabfe09d95ad2789cb8657f7ea86a46260416a72e6fc7b44e549a2e39fe015c7647cc0bec15fa63d26894be1cc5326331e7e0b1c505934182accf049bab033b026d48fda51de740afc0666e6c891e0c5192f4b2df21493477ff45319d7d8b816f0b73ccfa12d6846362feb4b85063ca42e950eb577c630300dc52698a38ca19cbbb398404a1e8e27d0be49985e59caef03da096d1ccbeed73bd7c9588325b747ab77f4d7c1c1f18388ce1771882ee680ed737ad197ff92f1052e5e79f6ffa5b85ba3fac5db13e0d0046c9dca0ab4b74b20299ba6bdd758940e088df31e1382cee6901503299028467a864d27affae30fd9aef5a6ff948c052124511a75a46d5a316e28fb6c5bfac787be5833c63c535557235b0e09f9a78a338aa8864613fca77a7e252d1975af2c4a6bcc969d1e20e3cd4dfc1b2fe34b70fd7804dbfde4fa4d950e5fb4eb926dece9e4601b12efe322bb42ac808158fef0a2690085a404726654987e7de20d1e41e82c607c33c6bae7bb234744b51dc683d5857afd6ba8246cebc734e393806ef102a6baaf04f3a7c3cb888d5830e1c6ae170c5c920e806b4f518be4416b216cdf9b1658a412d9e4eab6c9b20ce99960f27e77fdf9a2e98b35c63859f9db6bdcbef1001a19e12e41370f9358531987851ab64c250e68a8569ace4418e2118caff7d3d4caf1c87bc50a8ae75770fdae88a8490c041b39d08190d8b7c908caddd66331a508929d53dd6bc2dbc86f97115ff0a364b70f96918e6ed354c97e59ea5e2c7b149cd51d7c85a27ac658e78b99326857858df0ac0ee240cbb6ee9d9ee6c2c2ff7c29dd25fd337dc08bddeb50305ed48b9f5d89c55ffedde29ce0412ea8e2c976f961eb0c4966d2a8be0b657a5e51048a8a10005c488e1f637ce208a35b5aed0c2067465191dc42ebf6e4853cc89998bdf2ef755f38a3cd985b62df36a5ebc3b47df32423ee46857f9db9d756ff69ecd4ef2f307dcaefd4a1f399543952df972269c28200df8ebacad4eed1c00b9ce9841799bea583cafdeaa8d4a371a8ae55d8ffe4846833985975d8b234adff63eace9d2c4d1680c370827ebe1831ef311077607e8c4920506e03528861085dcfdb918f1efe91420c390fbca0a38377e1635c402ec1c34eddae986ffa8756b27f6c340907bae99f4a6b328fca8177b4dfaceea5ad3ceb901dbcefc15ded322bece4e750969e81935764ebe88749464af7e692e3d324c519b456013daae93bd63215541f80a7fe08f0e050cdeb25db2a8b9b6f5720ad1e7d2c5b6d609712ecefcc586611fb642a4cdf72504aabd017a9b4827d1e0e0264435a5e1045dbe33834968d2db503972995559b1efe1b9ce475405118346b63f637b1abf8e8374e7100d6b41c9c672d2b244c7a82ffb882522efd9e903fc69db14c469685780005843856c6623591f305d383eae55a1a1d5619dfff0027413f26fa6a793a348ba8b192e1b088745a2175d55517a75d4b63cce41cc0dcaca9002cd37a1ccc6710ba2a099297b0824f976919e8abf3b1510b1305a95241fefbd036afa9d4538affc82f005d29b9f2c0e60d6c20f673b8ca28cb088e1e89efe334f25ffe1a3fb3581e5aa63b9a4a49f269b5538788aacbbc04d49902ae2af1f59d2484ab6ba7a9b477be0d92e221fc48cdbc00bef7125bfe36f9afb1cbd58fef21625ec99ffd2e35fb00767e3f22dba7d36163203cfaf1860a8b1afe0d878ea00fe08f68fd592a6395fb357acbdc2834c8ac85571527dbf1dbaaccede3d583e2b9bf076737716785f44aebc7ba917fb426d5541adff1e75836ab70fb0b43565ab5e24c5902879f31701cc006b4ee2f57be0916cf0b6cd489c4fa9129031a4af75a00048f20eb962f0c6f68cda0d7756a4e83f7d065c4a00b8263d95f6b979507b7ca01735e83a5e5ff0b76f077ef6e4c1150f9202b5311a231b76111d48a387e09075edb2448fb19d2869ae420ada8ee7577fe980ed7e057dc963c0a98db790bb5b7920220f8a55213b6530637b832abdf3c6fefdefb712a2c2c9eba8087ce39335ddabdadb86f493061e593981c6b2d70b4bac3b58885787c46f85c1022f5ff6cec16ba227aa5dac2e0be30522c08369f18d170b9cb454f3ebf86d1e923fdd65245d8e0c476bfedddcb772453f4d0e70d059e79b8811c379c9eff6e45d99f81186930b32b24cdcb906a41fe29c147ed834b37e77800a33c15e65d121ee85a924ef6bbc1c8f4a423fbc5d14645a08178227f4c7f111fa318823a6c075ddf9e131c9bca8d56dec4a68fbab9a0c1a128880d8b4dec59b89ec33c19eb76f09f31ad730cba735b60deba54c399119949e45af4de5c758281945fe6b6a25ac1cd57a81b48f11a6575e79b82e529d4ba1b2a1175cfa03ef6d149b165195fa64736b302e28ee6444368fb395a2d89c8747348b546a07ed0306682971539f0031d88ffa020d0b3d40369e0a3d2238293a75a155eb5c0749f64ed37a9af5be26d5a4322a55a23c33d176280bd0e4c5168f2e66bca925304d0f32074f5e68d7c43f9e2e3f14a6bcf3e77e6b71737131c3e90208072e37c8a6cad1cabd756aa694e85b86256ce13b43541a26438374b6029ee461d223ed34ed1e9a3e580cec7b2b41bc9823b3729e683f079a498636d022799dd94c5e870b6aa7f3d36fb51ffb6c5e317fcde6b5ae45073f8e90ee0fc1fa0641ff6f0b789dcc6df2fe9a3b5e6ed9d2be3403f5af96e7c6019b0a0ce4f8342323638a52c121956de068069fe5c44946b5023e1db7742fec29cb749bcdc09d795b683c553dbae1298540b2cf1bc3e5e52adf252bca47ba2182c80541daf1d11b1c67675171e69c1abe3c0bc3a0f2d1a6e2165ca1647c394970a404a6002621a258cef01e2ca12a138888dace9ad06d2f0c0209f286c11b289626aa557cc201560651054a6042e84c6fc5e345e2f702d61851fed5ffa36ade652f76db815dabb7b8eee016ea0836d0086f2a2f7bd1c4a4ceb1d706817b41347a891c34b45eb06a9ecb19041d5a39f050cb0413662dc4700385fac2e1823e1ce4d08c66692fde0862a057f2aa2425d511735fff53d0e3d88bfb245e7724ba4ba8452e469862d333dad5c63bfa778809c043132db3a57e122d0495441f7a07034a3ac1024b8fc063694d8316c29639cb6605ff362a853f976c763f6d10e4e0972760e60f08acdd8a73607e7311819fe24ad8b670bbf0adede086f91bd0839ce37927f43a263e3e8369932db9ab786ba66e1bba664bfa8aa50d98ed18fc90e560933c2e8da72757a4539756740a73c41180cf97fde47cf3e9e6005302459d831eea7a03157e0c3178776e4d4add3999b9a1efca7c99b8234ff9d33492431dd9bd0814301ee49260e30b8b6afc46ce8a733bc9d7850c789e5e98cdefbfb11131a85bc24e75453a16c6780ab4229b985d1fe7a255f71cfe18398e881d493ded88300b54f6c4a5567fd84a6e1f11835433448a00420ab1b3a49fcc0e9938da52b68f9409c94a0de61f0beb69532c4f7a11fae6a9ffd10db7de01e3272448b517ad795a06f3fef8148b7196cb81a80aed42e395c1ac346dd27f9bce87661e19f957a17d54d59b68e023c1516ae9ba4d75f18d4b8fc7e9fe6f74e38597b0e52"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7fff}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x1040}, 0x1, 0x0, 0x0, 0x40001}, 0x0) (async)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r2, &(0x7f0000000540)={&(0x7f00000003c0), 0xc, &(0x7f0000000480)={&(0x7f0000000580)=ANY=[@ANYBLOB="2000000015e1e558ab70a08cbb46991d21525abda479dab07047c16bdaacd04645e75fa014fd37241c0a1b9b61c3c1beca75a4df880462a8b13e462f17fa5a5604abb83c91671e425d037053804c9310d6cd7ec0aaae9a44c0845b99c14019f02ce81465bac2d86fbfd961265aa0c51c5949235a82bfac405caea0a2ccb16806b0447c2cfc938646a80f4f4f01e1bc8468182b9e223d754518ae93", @ANYRES16=r3, @ANYBLOB="06002abd7000fedbdf251c0000000c009900000000004f000000"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000800)
r6 = socket$netlink(0x10, 0x3, 0x0) (async)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0xe72a9dff8ffcb14f}, 0x20) (async)
r7 = socket(0x10, 0x3, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000440)) (async)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r9, 0xb01, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}]}, 0x1c}}, 0x0) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0xc4, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0xac, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x9f, 0x1c, 0x0, 0x0, @str='\x9b\x00\x00\xa5\xba\xae\xc5R\xce\x1c\xdd9\x9bL\xf6ge\xb0W\xd1\xce5\xb6\x00O\xd35.r\x9b\xc5\x9c:k\x1e!\xef\xc7\xda\x1f\xd5p\xd3\xb7E\x05\xb6\x12G\xa2\xe8]C{\xa6\xb5\x83K\xcdY*\x9f\x80\x1c9\x01\x89$<\x806\xa9z\xadf-\xdc\xa3A\x8d-\xab\xb6\x8e1Y6\xcd\xaaw9L\v\xae\xce)\x94\xd8:m\xcb\xf5I\xbd<\xf1X\x80]\xa7\xa9_#\x19\x1f\xb9\xad&\xa5\x94/;>\x99Jf\xbcG\xc1\xde\x1cv\xb1\xec>\x92\xfb+ \xd0P\x84\xeb\xd7\xc9\x86B\xb3\x94\x19N\x1c\x0f\x1a\x97'}]}]}, 0xc4}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) (async)
getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r12, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@delchain={0x3c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4000)

kernel console output (not intermixed with test programs):

tes leftover after parsing attributes in process `syz.3.109'.
[   90.309407][ T6288] netlink: 'syz.1.110': attribute type 1 has an invalid length.
[   90.311852][ T6286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.109'.
[   90.335312][ T6288] netlink: 10 bytes leftover after parsing attributes in process `syz.1.110'.
[   90.555764][ T6296] netlink: 'syz.0.112': attribute type 21 has an invalid length.
[   90.563592][ T6296] netlink: 132 bytes leftover after parsing attributes in process `syz.0.112'.
[   90.589723][ T6297] netlink: 48 bytes leftover after parsing attributes in process `syz.2.113'.
[   90.599127][ T6296] netlink: 'syz.0.112': attribute type 1 has an invalid length.
[   90.609692][ T6300] netlink: 'syz.3.114': attribute type 1 has an invalid length.
[   90.635563][ T6296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.112'.
[   90.720804][ T6300] 8021q: adding VLAN 0 to HW filter on device bond1
[   91.187388][ T6315] netlink: 'syz.0.119': attribute type 1 has an invalid length.
[   91.316320][ T6307] bond0: (slave netdevsim0): Releasing backup interface
[   91.844260][ T6335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.125'.
[   92.071181][ T6343] netlink: 'syz.4.130': attribute type 4 has an invalid length.
[   92.217655][ T6351] xt_cgroup: invalid path, errno=-2
[   93.083611][ T6393] bridge_slave_0: invalid flags given to default FDB implementation
[   93.147416][ T6393] bridge_slave_0: invalid flags given to default FDB implementation
[   93.216416][ T6398] trusted_key: syz.4.147 sent an empty control message without MSG_MORE.
[   93.234488][ T6397] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   93.260096][ T6398] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[   93.339134][ T6398] bridge2: entered promiscuous mode
[   93.344395][ T6398] bridge2: entered allmulticast mode
[   93.418592][ T6398] team0: Port device bridge2 added
[   93.824873][ T6420] lo speed is unknown, defaulting to 1000
[   93.863642][ T6420] lo speed is unknown, defaulting to 1000
[   93.917470][ T6420] lo speed is unknown, defaulting to 1000
[   94.028621][ T6436] 8021q: adding VLAN 0 to HW filter on device bond1
[   94.039435][ T6437] IPVS: Error joining to the multicast group
[   94.069902][ T6436] 8021q: adding VLAN 0 to HW filter on device batadv1
[   94.078634][ T6436] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   94.269184][ T5888] lo speed is unknown, defaulting to 1000
[   94.286432][ T6420] infiniband syz2: set active
[   94.292890][ T6420] infiniband syz2: added lo
[   94.307496][ T6443] bridge_slave_1: entered allmulticast mode
[   94.416218][ T6420] RDS/IB: syz2: added
[   94.422560][ T6420] smc: adding ib device syz2 with port count 1
[   94.429136][ T6420] smc:    ib device syz2 port 1 has pnetid 
[   94.552928][ T3079] lo speed is unknown, defaulting to 1000
[   94.572902][ T6420] lo speed is unknown, defaulting to 1000
[   94.619359][ T6443] bridge_slave_1: left allmulticast mode
[   94.771608][ T6458] vti0: entered promiscuous mode
[   94.865093][ T6420] lo speed is unknown, defaulting to 1000
[   95.163404][ T6469] 8021q: adding VLAN 0 to HW filter on device bond2
[   95.199762][ T6474] 8021q: adding VLAN 0 to HW filter on device batadv2
[   95.206862][ T5852] Bluetooth: hci4: command 0x0405 tx timeout
[   95.214627][ T6474] bond2: (slave batadv2): Enslaving as an active interface with an up link
[   95.224173][ T6420] lo speed is unknown, defaulting to 1000
[   95.617940][ T6488] __nla_validate_parse: 8 callbacks suppressed
[   95.617957][ T6488] netlink: 8 bytes leftover after parsing attributes in process `syz.4.177'.
[   95.641465][ T6420] lo speed is unknown, defaulting to 1000
[   95.653753][ T6488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.177'.
[   95.759752][ T6491] netlink: 36 bytes leftover after parsing attributes in process `syz.4.177'.
[   95.989678][ T6420] lo speed is unknown, defaulting to 1000
[   96.217132][ T6507] netlink: 32 bytes leftover after parsing attributes in process `syz.2.183'.
[   96.835592][ T6541] netlink: 'syz.2.192': attribute type 4 has an invalid length.
[   97.284020][ T6565] netlink: 16 bytes leftover after parsing attributes in process `syz.1.201'.
[   97.380190][ T6565] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.388626][ T6565] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.844097][ T6589] netlink: 'syz.1.208': attribute type 11 has an invalid length.
[   97.892729][ T6592] netlink: 'syz.3.210': attribute type 39 has an invalid length.
[   98.434961][ T6615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'.
[   98.578711][ T6628] netlink: 32 bytes leftover after parsing attributes in process `syz.1.219'.
[   98.606914][ T6628] vti0: entered promiscuous mode
[   98.827792][ T6634] vxcan3: entered allmulticast mode
[   99.190274][ T6653] netlink: 96 bytes leftover after parsing attributes in process `syz.2.228'.
[   99.216252][ T6653] netlink: 96 bytes leftover after parsing attributes in process `syz.2.228'.
[   99.245252][ T6654] netlink: 56 bytes leftover after parsing attributes in process `syz.4.229'.
[   99.541095][ T6665] 8021q: adding VLAN 0 to HW filter on device bond1
[   99.580761][ T6671] 8021q: adding VLAN 0 to HW filter on device batadv1
[   99.596124][ T6671] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   99.639201][ T6673] bridge_slave_1: entered allmulticast mode
[   99.657590][ T6675] xt_hashlimit: size too large, truncated to 1048576
[   99.920295][ T6675] No such timeout policy "syz1"
[  100.284306][ T6700] netlink: 'syz.3.245': attribute type 1 has an invalid length.
[  100.545815][ T6710] 8021q: adding VLAN 0 to HW filter on device bond1
[  100.614408][ T6712] 8021q: adding VLAN 0 to HW filter on device batadv1
[  100.633674][ T6712] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  100.829554][ T6722] 8021q: VLANs not supported on gre0
[  100.941555][ T6728] lo speed is unknown, defaulting to 1000
[  100.949852][ T6729] Cannot find set identified by id 0 to match
[  100.979189][ T6729] netlink: 'syz.4.256': attribute type 178 has an invalid length.
[  101.049863][ T6732] netlink: 'syz.1.257': attribute type 9 has an invalid length.
[  101.171511][ T6736] __nla_validate_parse: 9 callbacks suppressed
[  101.171533][ T6736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.258'.
[  101.201704][ T6736] netlink: 'syz.3.258': attribute type 3 has an invalid length.
[  101.252107][ T6737] netlink: 8 bytes leftover after parsing attributes in process `syz.3.258'.
[  101.266514][ T6736] Cannot find del_set index 1 as target
[  101.369834][ T6734] lo speed is unknown, defaulting to 1000
[  101.513556][ T6714] lo speed is unknown, defaulting to 1000
[  101.791474][ T6745] netlink: 28 bytes leftover after parsing attributes in process `syz.1.261'.
[  102.477852][ T6769] netlink: 'syz.0.265': attribute type 3 has an invalid length.
[  102.674344][ T6773] lo speed is unknown, defaulting to 1000
[  102.708121][ T6780] syzkaller1: entered promiscuous mode
[  102.713625][ T6780] syzkaller1: entered allmulticast mode
[  103.078481][ T6786] lo speed is unknown, defaulting to 1000
[  103.255357][ T6795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.273'.
[  103.400730][ T6800] netlink: 12 bytes leftover after parsing attributes in process `syz.1.275'.
[  103.573031][ T6800] 8021q: adding VLAN 0 to HW filter on device bond1
[  103.613412][ T6804] 8021q: adding VLAN 0 to HW filter on device batadv1
[  103.640627][ T6800] netlink: 20 bytes leftover after parsing attributes in process `syz.1.275'.
[  103.748215][ T6804] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  103.767995][ T6812] netlink: 24 bytes leftover after parsing attributes in process `syz.2.278'.
[  104.289902][ T6837] netlink: 28 bytes leftover after parsing attributes in process `syz.2.285'.
[  104.357633][ T6839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.282'.
[  104.397086][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.4.284'.
[  104.575319][ T6840] vlan2: left promiscuous mode
[  104.580175][ T6840] bond0: left promiscuous mode
[  104.586202][ T6840] bridge0: port 1(vlan2) entered disabled state
[  104.837720][  T975] lo speed is unknown, defaulting to 1000
[  105.107772][ T6856] 8021q: adding VLAN 0 to HW filter on device bond3
[  105.199601][ T6864] 8021q: adding VLAN 0 to HW filter on device batadv3
[  105.209834][ T6864] bond3: (slave batadv3): Enslaving as an active interface with an up link
[  105.592634][ T6890] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD
[  106.132872][ T6909] bridge_slave_1: left allmulticast mode
[  106.146468][ T6909] bridge_slave_1: left promiscuous mode
[  106.162307][ T6909] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.216331][ T6909] bridge_slave_0: left allmulticast mode
[  106.223042][ T6909] bridge_slave_0: left promiscuous mode
[  106.247262][ T6909] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.252950][ T6923] __nla_validate_parse: 4 callbacks suppressed
[  106.252967][ T6923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.304'.
[  106.326238][ T5850] Bluetooth: hci4: command 0x0405 tx timeout
[  106.405881][ T6929] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  106.459967][ T6933] netlink: 12 bytes leftover after parsing attributes in process `syz.4.307'.
[  106.499516][ T6915] netlink: 'syz.1.304': attribute type 21 has an invalid length.
[  106.587814][ T6933] 8021q: adding VLAN 0 to HW filter on device bond4
[  106.636316][ T6933] netlink: 20 bytes leftover after parsing attributes in process `syz.4.307'.
[  106.673514][ T6935] 8021q: adding VLAN 0 to HW filter on device batadv4
[  106.735655][ T6935] bond4: (slave batadv4): Enslaving as an active interface with an up link
[  107.532122][ T6990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.321'.
[  107.560381][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.321'.
[  107.610697][ T6990] netlink: 'syz.2.321': attribute type 5 has an invalid length.
[  107.637332][ T6989] netlink: 100 bytes leftover after parsing attributes in process `syz.2.321'.
[  107.650263][ T6998] netlink: 12 bytes leftover after parsing attributes in process `syz.3.324'.
[  107.677909][ T6990] netlink: 'syz.2.321': attribute type 6 has an invalid length.
[  107.709583][ T6998] 8021q: adding VLAN 0 to HW filter on device bond3
[  107.728368][ T6998] 8021q: adding VLAN 0 to HW filter on device batadv1
[  107.738839][ T6998] bond3: (slave batadv1): Enslaving as an active interface with an up link
[  107.751693][ T6998] netlink: 20 bytes leftover after parsing attributes in process `syz.3.324'.
[  107.756235][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.805315][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.150064][ T7016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.328'.
[  108.221492][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.328'.
[  108.280275][ T7024] dvmrp0: entered allmulticast mode
[  108.683115][ T7043] 8021q: adding VLAN 0 to HW filter on device bond2
[  108.743091][ T7043] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.751719][ T7043] bond2: (slave batadv0): Enslaving as an active interface with an up link
[  109.178015][ T7064] netlink: 'syz.3.342': attribute type 1 has an invalid length.
[  109.181273][ T7061] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  109.198755][ T3079] IPVS: starting estimator thread 0...
[  109.324135][ T7069] IPVS: using max 23 ests per chain, 55200 per kthread
[  109.409867][ T7082] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  110.077525][ T7104] 8021q: adding VLAN 0 to HW filter on device bond4
[  110.121019][ T7104] 8021q: adding VLAN 0 to HW filter on device batadv2
[  110.143710][ T7106] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.147567][ T7104] bond4: (slave batadv2): Enslaving as an active interface with an up link
[  110.431265][ T7117] ip6gre1: entered allmulticast mode
[  110.738221][ T7118] lo speed is unknown, defaulting to 1000
[  110.866722][ T7138] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  110.910744][ T7138] syzkaller1: tun_chr_ioctl cmd 1074025677
[  110.923332][ T7138] syzkaller1: Linktype set failed because interface is up
[  110.935396][  T975] syzkaller1: tun_net_xmit 90
[  111.323807][ T7152] __nla_validate_parse: 11 callbacks suppressed
[  111.323825][ T7152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.370'.
[  111.366715][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.370'.
[  111.415264][ T7152] netlink: 'syz.0.370': attribute type 1 has an invalid length.
[  111.422956][ T7152] netlink: 10 bytes leftover after parsing attributes in process `syz.0.370'.
[  111.476368][ T7141] lo speed is unknown, defaulting to 1000
[  111.704122][ T7143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.365'.
[  111.746939][ T7169] netlink: 'syz.0.373': attribute type 4 has an invalid length.
[  111.765334][ T7169] netlink: 16 bytes leftover after parsing attributes in process `syz.0.373'.
[  111.927895][ T7121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.358'.
[  111.979728][ T7173] netlink: 12 bytes leftover after parsing attributes in process `syz.0.374'.
[  112.251526][ T7180] netlink: 20 bytes leftover after parsing attributes in process `syz.0.374'.
[  112.276864][ T7178] netlink: 'syz.1.375': attribute type 12 has an invalid length.
[  112.281622][ T7173] 8021q: adding VLAN 0 to HW filter on device bond3
[  112.366588][ T7176] 8021q: adding VLAN 0 to HW filter on device batadv2
[  112.406792][ T7176] bond3: (slave batadv2): Enslaving as an active interface with an up link
[  112.427832][ T7186] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  112.478236][ T7186] netlink: zone id is out of range
[  112.578782][ T7177] lo speed is unknown, defaulting to 1000
[  112.610117][ T7186] netlink: set zone limit has 4 unknown bytes
[  112.686895][ T7193] netlink: 'syz.1.375': attribute type 2 has an invalid length.
[  112.968226][ T7193] Tq€!7: entered promiscuous mode
[  113.137663][ T7205] lo: entered promiscuous mode
[  113.143682][ T7205] tunl0: entered promiscuous mode
[  113.156573][ T7205] gre0: entered promiscuous mode
[  113.182432][ T7205] gretap0: entered promiscuous mode
[  113.202869][ T7205] erspan0: entered promiscuous mode
[  113.231072][ T7205] ip_vti0: entered promiscuous mode
[  113.245375][ T7205] ip6_vti0: entered promiscuous mode
[  113.250824][ T7205] sit0: entered promiscuous mode
[  113.274406][ T7205] ip6tnl0: entered promiscuous mode
[  113.284714][ T7205] ip6gre0: entered promiscuous mode
[  113.315474][ T7205] syz_tun: entered promiscuous mode
[  113.321644][ T7205] ip6gretap0: entered promiscuous mode
[  113.335626][ T7205] bridge0: entered promiscuous mode
[  113.341029][ T7205] vcan0: entered promiscuous mode
[  113.365544][ T7205] bond0: entered promiscuous mode
[  113.377351][ T7205] bond_slave_0: entered promiscuous mode
[  113.398032][ T7205] bond_slave_1: entered promiscuous mode
[  113.421008][ T7205] team0: entered promiscuous mode
[  113.436641][ T7205] team_slave_0: entered promiscuous mode
[  113.451770][ T7205] team_slave_1: entered promiscuous mode
[  113.468230][ T7205] dummy0: entered promiscuous mode
[  113.484751][ T7205] nlmon0: entered promiscuous mode
[  113.501025][ T7205] caif0: entered promiscuous mode
[  113.514158][ T7205] vxcan0: entered promiscuous mode
[  113.527675][ T7205] vxcan1: entered promiscuous mode
[  113.541028][ T7205] veth0: entered promiscuous mode
[  113.554207][ T7205] veth1: entered promiscuous mode
[  113.568295][ T7205] wg0: entered promiscuous mode
[  113.579073][ T7205] wg1: entered promiscuous mode
[  113.587578][ T3079] IPVS: starting estimator thread 0...
[  113.589868][ T7205] wg2: entered promiscuous mode
[  113.605582][ T7205] veth0_to_bridge: entered promiscuous mode
[  113.611793][ T7205] veth1_to_bridge: entered promiscuous mode
[  113.627493][ T7205] veth0_to_bond: entered promiscuous mode
[  113.633550][ T7205] veth1_to_bond: entered promiscuous mode
[  113.643705][ T7205] veth0_to_team: entered promiscuous mode
[  113.655237][ T7205] veth1_to_team: entered promiscuous mode
[  113.663954][ T7205] veth0_to_batadv: entered promiscuous mode
[  113.679771][ T7205] batadv_slave_0: entered promiscuous mode
[  113.685611][ T7215] IPVS: using max 21 ests per chain, 50400 per kthread
[  113.711853][ T7217] netlink: 'syz.2.384': attribute type 4 has an invalid length.
[  113.713078][ T7205] veth1_to_batadv: entered promiscuous mode
[  113.735340][ T7217] netlink: 8 bytes leftover after parsing attributes in process `syz.2.384'.
[  113.745393][ T7205] batadv_slave_1: entered promiscuous mode
[  113.761570][ T7205] xfrm0: entered promiscuous mode
[  113.771693][ T7205] veth0_to_hsr: entered promiscuous mode
[  113.786893][ T7205] veth1_to_hsr: entered promiscuous mode
[  113.802982][ T7205] hsr0: entered promiscuous mode
[  113.815284][ T7205] veth1_virt_wifi: entered promiscuous mode
[  113.821353][ T7205] veth0_virt_wifi: entered promiscuous mode
[  113.845540][ T7205] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  113.873460][ T7205] macvtap0: entered promiscuous mode
[  113.883727][ T7205] macsec0: entered promiscuous mode
[  113.906814][ T7205] geneve0: entered promiscuous mode
[  113.912206][ T7205] geneve1: entered promiscuous mode
[  113.935653][ T7205] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  113.943080][ T7205] netdevsim netdevsim0 netdevsim1: entered promiscuous mode
[  113.965419][ T7205] netdevsim netdevsim0 netdevsim2: entered promiscuous mode
[  113.972875][ T7205] netdevsim netdevsim0 netdevsim3: entered promiscuous mode
[  113.995277][ T7205] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  114.012184][ T7205] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  114.035253][ T7205] ip6gre1: entered promiscuous mode
[  114.040610][ T7205] syztnl2: entered promiscuous mode
[  114.055246][ T7205] bond1: entered promiscuous mode
[  114.060307][ T7205] batadv1: entered promiscuous mode
[  114.075688][ T7205] bridge1: entered promiscuous mode
[  114.084041][ T7205] bond2: entered promiscuous mode
[  114.104477][ T7205] batadv0: entered promiscuous mode
[  114.117342][ T7205] bond3: entered promiscuous mode
[  114.122410][ T7205] batadv2: entered promiscuous mode
[  114.210885][ T7209] lo speed is unknown, defaulting to 1000
[  115.334169][ T7256] netlink: 12 bytes leftover after parsing attributes in process `syz.4.390'.
[  115.418355][ T7256] 8021q: adding VLAN 0 to HW filter on device bond5
[  115.582471][ T7256] 8021q: adding VLAN 0 to HW filter on device batadv5
[  115.596814][ T7256] bond5: (slave batadv5): Enslaving as an active interface with an up link
[  115.660777][ T7269] netlink: 'syz.3.395': attribute type 4 has an invalid length.
[  116.026987][ T7278] sctp: [Deprecated]: syz.4.398 (pid 7278) Use of struct sctp_assoc_value in delayed_ack socket option.
[  116.026987][ T7278] Use struct sctp_sack_info instead
[  116.105066][ T7282] tun0: tun_chr_ioctl cmd 1074025673
[  116.561925][ T7302] x_tables: duplicate underflow at hook 4
[  116.835747][ T7298] delete_channel: no stack
[  116.899243][ T7319] netlink: 'syz.3.407': attribute type 4 has an invalid length.
[  116.908733][ T7320] __nla_validate_parse: 2 callbacks suppressed
[  116.908749][ T7320] netlink: 12 bytes leftover after parsing attributes in process `syz.2.408'.
[  116.935921][ T7319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.407'.
[  117.038484][ T7320] 8021q: adding VLAN 0 to HW filter on device bond2
[  117.128276][ T7324] 8021q: adding VLAN 0 to HW filter on device batadv2
[  117.144029][ T7320] netlink: 20 bytes leftover after parsing attributes in process `syz.2.408'.
[  117.189452][ T7324] bond2: (slave batadv2): Enslaving as an active interface with an up link
[  117.429669][ T7335] netlink: 'syz.0.411': attribute type 27 has an invalid length.
[  117.807114][ T7358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.416'.
[  117.993365][ T7365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.418'.
[  118.028361][ T7365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.418'.
[  118.055070][ T7365] netlink: 'syz.0.418': attribute type 1 has an invalid length.
[  118.074482][ T7365] netlink: 10 bytes leftover after parsing attributes in process `syz.0.418'.
[  118.416579][ T7380] block nbd0: NBD_DISCONNECT
[  118.421607][ T7380] block nbd0: Send disconnect failed -89
[  118.466311][ T7380] block nbd0: Disconnected due to user request.
[  118.472656][ T7380] block nbd0: shutting down sockets
[  118.581267][ T7389] netlink: 44 bytes leftover after parsing attributes in process `syz.2.425'.
[  118.661576][ T7389] netlink: 'syz.2.425': attribute type 39 has an invalid length.
[  118.994480][ T7400] netlink: 'syz.0.430': attribute type 1 has an invalid length.
[  119.035032][ T7400] netlink: 16179 bytes leftover after parsing attributes in process `syz.0.430'.
[  119.279483][ T7412] netlink: 20 bytes leftover after parsing attributes in process `syz.0.434'.
[  120.564572][ T7454] Cannot find add_set index 0 as target
[  120.801153][ T7453] team0 (unregistering): Port device team_slave_0 removed
[  120.824292][ T7453] team0 (unregistering): Port device team_slave_1 removed
[  121.206871][ T7479] block nbd2: NBD_DISCONNECT
[  121.223727][ T7479] block nbd2: Send disconnect failed -89
[  121.254676][ T7479] block nbd2: Disconnected due to user request.
[  121.295928][ T7479] block nbd2: shutting down sockets
[  122.576064][ T7528] lo speed is unknown, defaulting to 1000
[  122.700613][ T7539] FAULT_INJECTION: forcing a failure.
[  122.700613][ T7539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.784963][ T7539] CPU: 0 UID: 0 PID: 7539 Comm: syz.1.473 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  122.784988][ T7539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.784998][ T7539] Call Trace:
[  122.785004][ T7539]  <TASK>
[  122.785012][ T7539]  dump_stack_lvl+0x241/0x360
[  122.785039][ T7539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.785059][ T7539]  ? __pfx__printk+0x10/0x10
[  122.785078][ T7539]  ? __pfx_lock_release+0x10/0x10
[  122.785116][ T7539]  should_fail_ex+0x40a/0x550
[  122.785147][ T7539]  _copy_from_user+0x2d/0xb0
[  122.785171][ T7539]  netlink_setsockopt+0x139/0x9c0
[  122.785202][ T7539]  ? __pfx_netlink_setsockopt+0x10/0x10
[  122.785228][ T7539]  ? aa_sock_opt_perm+0x79/0x120
[  122.785259][ T7539]  ? __pfx_netlink_setsockopt+0x10/0x10
[  122.785283][ T7539]  do_sock_setsockopt+0x3af/0x720
[  122.785306][ T7539]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  122.785329][ T7539]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  122.785363][ T7539]  __x64_sys_setsockopt+0x1ee/0x280
[  122.785386][ T7539]  do_syscall_64+0xf3/0x230
[  122.785408][ T7539]  ? clear_bhb_loop+0x35/0x90
[  122.785435][ T7539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.785458][ T7539] RIP: 0033:0x7f317c18d169
[  122.785473][ T7539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.785487][ T7539] RSP: 002b:00007f317d053038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  122.785505][ T7539] RAX: ffffffffffffffda RBX: 00007f317c3a5fa0 RCX: 00007f317c18d169
[  122.785517][ T7539] RDX: 0000000000000002 RSI: 000000000000010e RDI: 0000000000000003
[  122.785527][ T7539] RBP: 00007f317d053090 R08: 0000000000000004 R09: 0000000000000000
[  122.785537][ T7539] R10: 0000400000000100 R11: 0000000000000246 R12: 0000000000000001
[  122.785548][ T7539] R13: 0000000000000000 R14: 00007f317c3a5fa0 R15: 00007ffe8832d618
[  122.785572][ T7539]  </TASK>
[  123.056367][ T7542] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  123.102886][ T7546] __nla_validate_parse: 3 callbacks suppressed
[  123.102905][ T7546] netlink: 12 bytes leftover after parsing attributes in process `syz.0.476'.
[  123.320436][ T7558] netlink: 20 bytes leftover after parsing attributes in process `syz.0.476'.
[  123.357496][ T7546] 8021q: adding VLAN 0 to HW filter on device bond4
[  123.403731][ T7562] block nbd1: NBD_DISCONNECT
[  123.438487][ T7552] 8021q: adding VLAN 0 to HW filter on device batadv3
[  123.457393][ T7562] block nbd1: Send disconnect failed -89
[  123.473222][ T7562] block nbd1: Disconnected due to user request.
[  123.481432][ T7566] netlink: 'syz.4.478': attribute type 39 has an invalid length.
[  123.503639][ T7552] bond4: (slave batadv3): Enslaving as an active interface with an up link
[  123.519292][ T7562] block nbd1: shutting down sockets
[  123.562502][ T7563] netlink: 280 bytes leftover after parsing attributes in process `syz.4.478'.
[  123.588968][ T7532] lo speed is unknown, defaulting to 1000
[  123.759543][ T7572] lo: entered promiscuous mode
[  123.770691][ T7572] tunl0: entered promiscuous mode
[  123.781496][ T7572] gre0: entered promiscuous mode
[  123.834820][ T7572] gretap0: entered promiscuous mode
[  123.852672][ T7572] erspan0: entered promiscuous mode
[  123.861669][ T7572] ip_vti0: entered promiscuous mode
[  123.868771][ T7572] ip6_vti0: entered promiscuous mode
[  123.876084][ T7572] sit0: entered promiscuous mode
[  123.914802][ T7572] ip6tnl0: entered promiscuous mode
[  123.948438][ T7572] ip6gre0: entered promiscuous mode
[  123.989345][ T7572] ip6gretap0: entered promiscuous mode
[  124.001173][ T7572] bridge0: entered promiscuous mode
[  124.062051][ T7572] bond0: entered promiscuous mode
[  124.085678][ T7572] bond_slave_0: entered promiscuous mode
[  124.091670][ T7572] bond_slave_1: entered promiscuous mode
[  124.110749][ T7572] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.166805][ T7572] team0: entered promiscuous mode
[  124.171877][ T7572] team_slave_0: entered promiscuous mode
[  124.201033][ T7572] team_slave_1: entered promiscuous mode
[  124.222213][ T7572] 8021q: adding VLAN 0 to HW filter on device team0
[  124.243503][ T7572] dummy0: entered promiscuous mode
[  124.251294][ T7572] nlmon0: entered promiscuous mode
[  124.258039][ T7572] caif0: entered promiscuous mode
[  124.263101][ T7572] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  124.786368][ T7610] Bluetooth: MGMT ver 1.23
[  124.991768][ T7619] FAULT_INJECTION: forcing a failure.
[  124.991768][ T7619] name failslab, interval 1, probability 0, space 0, times 0
[  125.004707][ T7619] CPU: 0 UID: 0 PID: 7619 Comm: syz.3.487 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  125.004729][ T7619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  125.004739][ T7619] Call Trace:
[  125.004745][ T7619]  <TASK>
[  125.004753][ T7619]  dump_stack_lvl+0x241/0x360
[  125.004780][ T7619]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.004800][ T7619]  ? __pfx__printk+0x10/0x10
[  125.004818][ T7619]  ? _raw_write_lock_irq+0xdf/0x120
[  125.004837][ T7619]  ? __pfx__raw_write_lock_irq+0x10/0x10
[  125.004862][ T7619]  should_fail_ex+0x40a/0x550
[  125.004893][ T7619]  should_failslab+0xac/0x100
[  125.004919][ T7619]  __kmalloc_node_track_caller_noprof+0xdc/0x4c0
[  125.004946][ T7619]  ? netlink_realloc_groups+0x115/0x330
[  125.004972][ T7619]  ? rcu_is_watching+0x15/0xb0
[  125.004993][ T7619]  ? netlink_realloc_groups+0x115/0x330
[  125.005020][ T7619]  krealloc_noprof+0x10f/0x300
[  125.005049][ T7619]  netlink_realloc_groups+0x115/0x330
[  125.005080][ T7619]  netlink_setsockopt+0x455/0x9c0
[  125.005110][ T7619]  ? __pfx_netlink_setsockopt+0x10/0x10
[  125.005137][ T7619]  ? aa_sock_opt_perm+0x79/0x120
[  125.005168][ T7619]  ? __pfx_netlink_setsockopt+0x10/0x10
[  125.005192][ T7619]  do_sock_setsockopt+0x3af/0x720
[  125.005216][ T7619]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  125.005240][ T7619]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  125.005274][ T7619]  __x64_sys_setsockopt+0x1ee/0x280
[  125.005298][ T7619]  do_syscall_64+0xf3/0x230
[  125.005319][ T7619]  ? clear_bhb_loop+0x35/0x90
[  125.005347][ T7619]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.005370][ T7619] RIP: 0033:0x7fab6dd8d169
[  125.005385][ T7619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.005416][ T7619] RSP: 002b:00007fab6eb13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  125.005436][ T7619] RAX: ffffffffffffffda RBX: 00007fab6dfa5fa0 RCX: 00007fab6dd8d169
[  125.005455][ T7619] RDX: 0000000000000002 RSI: 000000000000010e RDI: 0000000000000003
[  125.005465][ T7619] RBP: 00007fab6eb13090 R08: 0000000000000004 R09: 0000000000000000
[  125.005476][ T7619] R10: 0000400000000100 R11: 0000000000000246 R12: 0000000000000001
[  125.005487][ T7619] R13: 0000000000000000 R14: 00007fab6dfa5fa0 R15: 00007ffffaf9f6e8
[  125.005515][ T7619]  </TASK>
[  125.296901][ T7621] netlink: 84 bytes leftover after parsing attributes in process `syz.0.488'.
[  126.019129][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.1.497'.
[  126.099768][ T7655] 8021q: adding VLAN 0 to HW filter on device bond3
[  126.152283][ T7655] 8021q: adding VLAN 0 to HW filter on device batadv2
[  126.166628][ T7663] netlink: 84 bytes leftover after parsing attributes in process `syz.0.500'.
[  126.217532][ T7665] netlink: 20 bytes leftover after parsing attributes in process `syz.1.497'.
[  126.279610][ T7655] bond3: (slave batadv2): Enslaving as an active interface with an up link
[  126.332669][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'.
[  126.461929][ T7677] netlink: 24 bytes leftover after parsing attributes in process `syz.0.501'.
[  126.862368][ T7694] veth1_macvtap: left promiscuous mode
[  127.280167][ T7715] netlink: 12 bytes leftover after parsing attributes in process `syz.3.515'.
[  127.330571][ T7715] 8021q: adding VLAN 0 to HW filter on device bond5
[  127.390113][ T7723] 8021q: adding VLAN 0 to HW filter on device batadv3
[  127.420655][ T7723] bond5: (slave batadv3): Enslaving as an active interface with an up link
[  128.382629][ T7760] __nla_validate_parse: 2 callbacks suppressed
[  128.382647][ T7760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.530'.
[  128.406263][ T7760] Unsupported ieee802154 address type: 0
[  128.621838][ T7770] netlink: 'syz.3.534': attribute type 41 has an invalid length.
[  128.961652][ T7783] netlink: 84 bytes leftover after parsing attributes in process `syz.0.539'.
[  129.026386][ T7770] veth0_to_batadv: left promiscuous mode
[  129.032071][ T7770] veth0_to_batadv: left allmulticast mode
[  129.155050][ T7770] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.164903][ T7770] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.176132][ T7770] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.191706][ T7770] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.278704][ T7770] ip6gre1: left allmulticast mode
[  129.332170][ T5890] lo speed is unknown, defaulting to 1000
[  129.347140][ T5890] lo speed is unknown, defaulting to 1000
[  129.659331][ T7806] netlink: 'syz.3.543': attribute type 1 has an invalid length.
[  129.667993][ T7806] netlink: 'syz.3.543': attribute type 2 has an invalid length.
[  129.676816][ T7806] netlink: 7 bytes leftover after parsing attributes in process `syz.3.543'.
[  129.740858][ T7806] netlink: 'syz.3.543': attribute type 11 has an invalid length.
[  129.894717][ T7818] netlink: 84 bytes leftover after parsing attributes in process `syz.4.550'.
[  130.989653][ T7873] netlink: 84 bytes leftover after parsing attributes in process `syz.1.565'.
[  131.080114][ T7875] lo speed is unknown, defaulting to 1000
[  131.242012][ T7889] openvswitch: netlink: Duplicate or invalid key (type 0).
[  131.281890][ T7889] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  131.563843][ T7898] netlink: 24 bytes leftover after parsing attributes in process `syz.0.573'.
[  131.900603][ T7918] netlink: 84 bytes leftover after parsing attributes in process `syz.2.580'.
[  131.960729][ T7915] netlink: 16 bytes leftover after parsing attributes in process `syz.1.579'.
[  131.989656][ T7915] netlink: 16 bytes leftover after parsing attributes in process `syz.1.579'.
[  132.076629][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.579'.
[  132.212976][ T7927] 8021q: adding VLAN 0 to HW filter on device bond3
[  132.291624][ T7927] 8021q: adding VLAN 0 to HW filter on device batadv3
[  132.299981][ T7927] bond3: (slave batadv3): Enslaving as an active interface with an up link
[  132.772279][ T7950] lo speed is unknown, defaulting to 1000
[  133.134208][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  133.487753][ T7974] __nla_validate_parse: 7 callbacks suppressed
[  133.487773][ T7974] netlink: 84 bytes leftover after parsing attributes in process `syz.1.597'.
[  133.988344][ T7991] netlink: 4 bytes leftover after parsing attributes in process `syz.4.601'.
[  134.202815][ T8004] netlink: 12 bytes leftover after parsing attributes in process `syz.1.605'.
[  134.254218][ T8004] 8021q: adding VLAN 0 to HW filter on device bond4
[  134.318901][ T8011] netlink: 20 bytes leftover after parsing attributes in process `syz.1.605'.
[  134.361358][ T8004] 8021q: adding VLAN 0 to HW filter on device batadv3
[  134.381178][ T8004] bond4: (slave batadv3): Enslaving as an active interface with an up link
[  134.419973][ T8012] lo speed is unknown, defaulting to 1000
[  134.919186][ T8030] netlink: 28 bytes leftover after parsing attributes in process `syz.1.612'.
[  135.399447][ T8056] netlink: 'syz.0.619': attribute type 4 has an invalid length.
[  135.489450][ T8060] FAULT_INJECTION: forcing a failure.
[  135.489450][ T8060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.541183][ T8060] CPU: 0 UID: 0 PID: 8060 Comm: syz.4.621 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  135.541222][ T8060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  135.541234][ T8060] Call Trace:
[  135.541240][ T8060]  <TASK>
[  135.541248][ T8060]  dump_stack_lvl+0x241/0x360
[  135.541277][ T8060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.541298][ T8060]  ? __pfx__printk+0x10/0x10
[  135.541319][ T8060]  ? __pfx_lock_release+0x10/0x10
[  135.541355][ T8060]  should_fail_ex+0x40a/0x550
[  135.541388][ T8060]  _copy_from_user+0x2d/0xb0
[  135.541414][ T8060]  copy_msghdr_from_user+0xae/0x680
[  135.541446][ T8060]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  135.541469][ T8060]  ? __fget_files+0x2a/0x410
[  135.541498][ T8060]  ? __fget_files+0x2a/0x410
[  135.541533][ T8060]  __sys_sendmsg+0x209/0x350
[  135.541558][ T8060]  ? __pfx___sys_sendmsg+0x10/0x10
[  135.541590][ T8060]  ? do_sys_openat2+0x17a/0x1d0
[  135.541648][ T8060]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  135.541678][ T8060]  ? do_syscall_64+0x100/0x230
[  135.541704][ T8060]  ? do_syscall_64+0xb6/0x230
[  135.541728][ T8060]  do_syscall_64+0xf3/0x230
[  135.541751][ T8060]  ? clear_bhb_loop+0x35/0x90
[  135.541780][ T8060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.541805][ T8060] RIP: 0033:0x7f053f58d169
[  135.541821][ T8060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.541836][ T8060] RSP: 002b:00007f0540310038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.541856][ T8060] RAX: ffffffffffffffda RBX: 00007f053f7a5fa0 RCX: 00007f053f58d169
[  135.541869][ T8060] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000004
[  135.541880][ T8060] RBP: 00007f0540310090 R08: 0000000000000000 R09: 0000000000000000
[  135.541891][ T8060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.541902][ T8060] R13: 0000000000000000 R14: 00007f053f7a5fa0 R15: 00007fff9ed818b8
[  135.541928][ T8060]  </TASK>
[  136.548792][ T8084] lo speed is unknown, defaulting to 1000
[  136.660787][ T8099] FAULT_INJECTION: forcing a failure.
[  136.660787][ T8099] name failslab, interval 1, probability 0, space 0, times 0
[  136.674010][ T8099] CPU: 0 UID: 0 PID: 8099 Comm: syz.3.633 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  136.674034][ T8099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  136.674045][ T8099] Call Trace:
[  136.674052][ T8099]  <TASK>
[  136.674060][ T8099]  dump_stack_lvl+0x241/0x360
[  136.674088][ T8099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.674109][ T8099]  ? __pfx__printk+0x10/0x10
[  136.674130][ T8099]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  136.674158][ T8099]  ? __pfx___might_resched+0x10/0x10
[  136.674182][ T8099]  ? aa_label_sk_perm+0x4f3/0x6c0
[  136.674222][ T8099]  should_fail_ex+0x40a/0x550
[  136.674252][ T8099]  should_failslab+0xac/0x100
[  136.674285][ T8099]  kmem_cache_alloc_node_noprof+0x77/0x380
[  136.674310][ T8099]  ? __alloc_skb+0x1c3/0x440
[  136.674330][ T8099]  __alloc_skb+0x1c3/0x440
[  136.674352][ T8099]  ? __pfx___alloc_skb+0x10/0x10
[  136.674377][ T8099]  netlink_sendmsg+0x634/0xcb0
[  136.674413][ T8099]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.674442][ T8099]  ? aa_sock_msg_perm+0x91/0x160
[  136.674473][ T8099]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.674496][ T8099]  __sock_sendmsg+0x221/0x270
[  136.674521][ T8099]  ____sys_sendmsg+0x53a/0x860
[  136.674548][ T8099]  ? __pfx_____sys_sendmsg+0x10/0x10
[  136.674565][ T8099]  ? __fget_files+0x2a/0x410
[  136.674593][ T8099]  ? __fget_files+0x2a/0x410
[  136.674625][ T8099]  __sys_sendmsg+0x269/0x350
[  136.674648][ T8099]  ? __pfx___sys_sendmsg+0x10/0x10
[  136.674678][ T8099]  ? do_sys_openat2+0x17a/0x1d0
[  136.674726][ T8099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  136.674754][ T8099]  ? do_syscall_64+0x100/0x230
[  136.674779][ T8099]  ? do_syscall_64+0xb6/0x230
[  136.674802][ T8099]  do_syscall_64+0xf3/0x230
[  136.674824][ T8099]  ? clear_bhb_loop+0x35/0x90
[  136.674852][ T8099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.674875][ T8099] RIP: 0033:0x7fab6dd8d169
[  136.674890][ T8099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.674904][ T8099] RSP: 002b:00007fab6eb13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  136.674922][ T8099] RAX: ffffffffffffffda RBX: 00007fab6dfa5fa0 RCX: 00007fab6dd8d169
[  136.674935][ T8099] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000004
[  136.674945][ T8099] RBP: 00007fab6eb13090 R08: 0000000000000000 R09: 0000000000000000
[  136.674955][ T8099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.674965][ T8099] R13: 0000000000000000 R14: 00007fab6dfa5fa0 R15: 00007ffffaf9f6e8
[  136.674990][ T8099]  </TASK>
[  137.071601][ T8108] xt_l2tp: v2 sid > 0xffff: 262144
[  137.219062][ T8118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.636'.
[  137.227964][ T8118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'.
[  137.237195][ T8118] netlink: 'syz.3.636': attribute type 1 has an invalid length.
[  137.244870][ T8118] netlink: 10 bytes leftover after parsing attributes in process `syz.3.636'.
[  137.558994][ T8127] netlink: 12 bytes leftover after parsing attributes in process `syz.3.639'.
[  137.758560][ T8138] netlink: 'syz.0.641': attribute type 4 has an invalid length.
[  137.795820][ T8138] netlink: 'syz.0.641': attribute type 4 has an invalid length.
[  137.891951][ T8138] lo: left promiscuous mode
[  138.215642][ T8164] FAULT_INJECTION: forcing a failure.
[  138.215642][ T8164] name failslab, interval 1, probability 0, space 0, times 0
[  138.228290][ T8164] CPU: 1 UID: 0 PID: 8164 Comm: syz.0.645 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  138.228308][ T8164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  138.228316][ T8164] Call Trace:
[  138.228321][ T8164]  <TASK>
[  138.228326][ T8164]  dump_stack_lvl+0x241/0x360
[  138.228348][ T8164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.228364][ T8164]  ? __pfx__printk+0x10/0x10
[  138.228378][ T8164]  ? _raw_write_lock_irq+0xdf/0x120
[  138.228392][ T8164]  ? __pfx__raw_write_lock_irq+0x10/0x10
[  138.228411][ T8164]  should_fail_ex+0x40a/0x550
[  138.228434][ T8164]  should_failslab+0xac/0x100
[  138.228453][ T8164]  __kmalloc_node_track_caller_noprof+0xdc/0x4c0
[  138.228474][ T8164]  ? netlink_realloc_groups+0x115/0x330
[  138.228494][ T8164]  ? rcu_is_watching+0x15/0xb0
[  138.228509][ T8164]  ? netlink_realloc_groups+0x115/0x330
[  138.228529][ T8164]  krealloc_noprof+0x10f/0x300
[  138.228550][ T8164]  netlink_realloc_groups+0x115/0x330
[  138.228574][ T8164]  netlink_setsockopt+0x455/0x9c0
[  138.228596][ T8164]  ? __pfx_netlink_setsockopt+0x10/0x10
[  138.228615][ T8164]  ? __pfx_lock_acquire+0x10/0x10
[  138.228634][ T8164]  ? aa_sock_opt_perm+0x79/0x120
[  138.228657][ T8164]  ? __pfx_netlink_setsockopt+0x10/0x10
[  138.228675][ T8164]  do_sock_setsockopt+0x3af/0x720
[  138.228693][ T8164]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  138.228709][ T8164]  ? __fget_files+0x395/0x410
[  138.228728][ T8164]  ? __fget_files+0x2a/0x410
[  138.228751][ T8164]  __x64_sys_setsockopt+0x1ee/0x280
[  138.228769][ T8164]  do_syscall_64+0xf3/0x230
[  138.228785][ T8164]  ? clear_bhb_loop+0x35/0x90
[  138.228806][ T8164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.228824][ T8164] RIP: 0033:0x7f1d7258d169
[  138.228837][ T8164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.228847][ T8164] RSP: 002b:00007f1d73473038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  138.228862][ T8164] RAX: ffffffffffffffda RBX: 00007f1d727a5fa0 RCX: 00007f1d7258d169
[  138.228871][ T8164] RDX: 0000000000000002 RSI: 000000000000010e RDI: 0000000000000003
[  138.228879][ T8164] RBP: 00007f1d73473090 R08: 0000000000000000 R09: 0000000000000000
[  138.228887][ T8164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.228894][ T8164] R13: 0000000000000000 R14: 00007f1d727a5fa0 R15: 00007ffd022f1b98
[  138.228913][ T8164]  </TASK>
[  138.725368][   T53] Bluetooth: hci4: command 0x0405 tx timeout
[  138.849879][ T8177] lo speed is unknown, defaulting to 1000
[  138.855916][ T8181] netlink: 32 bytes leftover after parsing attributes in process `syz.3.650'.
[  139.098577][ T8181] vti0: entered promiscuous mode
[  139.154712][ T8179] netlink: 'syz.0.648': attribute type 1 has an invalid length.
[  139.277645][ T8179] 8021q: adding VLAN 0 to HW filter on device bond5
[  139.315570][ T8204] netlink: 'syz.4.655': attribute type 15 has an invalid length.
[  139.334905][ T8210] netlink: 104 bytes leftover after parsing attributes in process `syz.1.658'.
[  139.335456][ T8207] netlink: 'syz.2.656': attribute type 4 has an invalid length.
[  139.353192][ T8211] netlink: 12 bytes leftover after parsing attributes in process `syz.3.657'.
[  139.381683][ T8188] 8021q: adding VLAN 0 to HW filter on device bond5
[  139.391027][ T8188] bond5: (slave vcan1): The slave device specified does not support setting the MAC address
[  139.402429][ T8214] netlink: 64 bytes leftover after parsing attributes in process `syz.1.658'.
[  139.456495][ T8188] bond5: (slave vcan1): Error -95 calling set_mac_address
[  139.469487][ T8219] netlink: 20 bytes leftover after parsing attributes in process `syz.3.657'.
[  139.480984][ T8201] dccp_close: ABORT with 20 bytes unread
[  139.657266][ T8211] 8021q: adding VLAN 0 to HW filter on device bond6
[  139.675432][ T8216] 8021q: adding VLAN 0 to HW filter on device batadv4
[  139.683940][ T8216] bond6: (slave batadv4): Enslaving as an active interface with an up link
[  139.988119][ T8237] netlink: 96 bytes leftover after parsing attributes in process `syz.3.661'.
[  140.016834][ T8241] FAULT_INJECTION: forcing a failure.
[  140.016834][ T8241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.054436][ T8243] netlink: 44 bytes leftover after parsing attributes in process `syz.2.664'.
[  140.074459][ T8241] CPU: 1 UID: 0 PID: 8241 Comm: syz.4.663 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  140.074484][ T8241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  140.074496][ T8241] Call Trace:
[  140.074502][ T8241]  <TASK>
[  140.074510][ T8241]  dump_stack_lvl+0x241/0x360
[  140.074539][ T8241]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.074560][ T8241]  ? __pfx__printk+0x10/0x10
[  140.074584][ T8241]  ? snprintf+0xda/0x120
[  140.074614][ T8241]  should_fail_ex+0x40a/0x550
[  140.074646][ T8241]  _copy_to_user+0x31/0xb0
[  140.074672][ T8241]  simple_read_from_buffer+0xca/0x150
[  140.074701][ T8241]  proc_fail_nth_read+0x1e9/0x250
[  140.074730][ T8241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  140.074759][ T8241]  ? rw_verify_area+0x243/0x630
[  140.074777][ T8241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  140.074805][ T8241]  vfs_read+0x1f8/0xb40
[  140.074824][ T8241]  ? fdget_pos+0x254/0x320
[  140.074852][ T8241]  ? __pfx___mutex_lock+0x10/0x10
[  140.074875][ T8241]  ? __pfx_vfs_read+0x10/0x10
[  140.074897][ T8241]  ? __fget_files+0x2a/0x410
[  140.074933][ T8241]  ? __fget_files+0x395/0x410
[  140.074958][ T8241]  ? __fget_files+0x2a/0x410
[  140.074993][ T8241]  ksys_read+0x18f/0x2b0
[  140.075014][ T8241]  ? __pfx_ksys_read+0x10/0x10
[  140.075034][ T8241]  ? do_syscall_64+0x100/0x230
[  140.075059][ T8241]  ? do_syscall_64+0xb6/0x230
[  140.075088][ T8241]  do_syscall_64+0xf3/0x230
[  140.075110][ T8241]  ? clear_bhb_loop+0x35/0x90
[  140.075140][ T8241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.075165][ T8241] RIP: 0033:0x7f053f58bb7c
[  140.075181][ T8241] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  140.075195][ T8241] RSP: 002b:00007f0540310030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  140.075214][ T8241] RAX: ffffffffffffffda RBX: 00007f053f7a5fa0 RCX: 00007f053f58bb7c
[  140.075227][ T8241] RDX: 000000000000000f RSI: 00007f05403100a0 RDI: 0000000000000004
[  140.075238][ T8241] RBP: 00007f0540310090 R08: 0000000000000000 R09: 0000000000000000
[  140.075249][ T8241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.075259][ T8241] R13: 0000000000000000 R14: 00007f053f7a5fa0 R15: 00007fff9ed818b8
[  140.075287][ T8241]  </TASK>
[  140.361415][ T8244] lo speed is unknown, defaulting to 1000
[  140.550446][ T8250] netlink: 32 bytes leftover after parsing attributes in process `syz.2.669'.
[  140.563572][ T8250] vti1: entered promiscuous mode
[  140.693552][ T8253] netlink: 'syz.4.668': attribute type 4 has an invalid length.
[  140.729563][ T8256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.670'.
[  141.093576][ T8268] netlink: 'syz.2.675': attribute type 6 has an invalid length.
[  141.406822][ T8278] FAULT_INJECTION: forcing a failure.
[  141.406822][ T8278] name failslab, interval 1, probability 0, space 0, times 0
[  141.456576][ T8278] CPU: 1 UID: 0 PID: 8278 Comm: syz.4.680 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  141.456606][ T8278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  141.456616][ T8278] Call Trace:
[  141.456622][ T8278]  <TASK>
[  141.456629][ T8278]  dump_stack_lvl+0x241/0x360
[  141.456658][ T8278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.456677][ T8278]  ? __pfx__printk+0x10/0x10
[  141.456697][ T8278]  ? __kmalloc_noprof+0xb5/0x4c0
[  141.456723][ T8278]  ? __pfx___might_resched+0x10/0x10
[  141.456745][ T8278]  ? aa_get_newest_label+0xff/0x6f0
[  141.456770][ T8278]  ? genl_get_cmd+0x19e/0xce0
[  141.456801][ T8278]  should_fail_ex+0x40a/0x550
[  141.456832][ T8278]  should_failslab+0xac/0x100
[  141.456857][ T8278]  __kmalloc_noprof+0xdd/0x4c0
[  141.456880][ T8278]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  141.456899][ T8278]  ? apparmor_capable+0x13b/0x1b0
[  141.456923][ T8278]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  141.456950][ T8278]  genl_rcv_msg+0x80b/0xec0
[  141.456976][ T8278]  ? __pfx_genl_rcv_msg+0x10/0x10
[  141.457022][ T8278]  ? __pfx_lock_acquire+0x10/0x10
[  141.457048][ T8278]  ? __pfx_nfc_genl_enable_se+0x10/0x10
[  141.457071][ T8278]  ? __pfx___might_resched+0x10/0x10
[  141.457097][ T8278]  netlink_rcv_skb+0x206/0x480
[  141.457117][ T8278]  ? __pfx_genl_rcv_msg+0x10/0x10
[  141.457133][ T8278]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  141.457173][ T8278]  genl_rcv+0x28/0x40
[  141.457185][ T8278]  netlink_unicast+0x7f6/0x990
[  141.457209][ T8278]  ? __pfx_netlink_unicast+0x10/0x10
[  141.457225][ T8278]  ? __virt_addr_valid+0x45f/0x530
[  141.457239][ T8278]  ? __phys_addr_symbol+0x2f/0x70
[  141.457252][ T8278]  ? __check_object_size+0x47a/0x730
[  141.457278][ T8278]  netlink_sendmsg+0x8de/0xcb0
[  141.457308][ T8278]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.457331][ T8278]  ? aa_sock_msg_perm+0x91/0x160
[  141.457356][ T8278]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.457374][ T8278]  __sock_sendmsg+0x221/0x270
[  141.457396][ T8278]  ____sys_sendmsg+0x53a/0x860
[  141.457417][ T8278]  ? __pfx_____sys_sendmsg+0x10/0x10
[  141.457431][ T8278]  ? __fget_files+0x2a/0x410
[  141.457453][ T8278]  ? __fget_files+0x2a/0x410
[  141.457479][ T8278]  __sys_sendmsg+0x269/0x350
[  141.457497][ T8278]  ? __pfx___sys_sendmsg+0x10/0x10
[  141.457522][ T8278]  ? do_sys_openat2+0x17a/0x1d0
[  141.457561][ T8278]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  141.457584][ T8278]  ? do_syscall_64+0x100/0x230
[  141.457603][ T8278]  ? do_syscall_64+0xb6/0x230
[  141.457621][ T8278]  do_syscall_64+0xf3/0x230
[  141.457638][ T8278]  ? clear_bhb_loop+0x35/0x90
[  141.457661][ T8278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.457680][ T8278] RIP: 0033:0x7f053f58d169
[  141.457692][ T8278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.457704][ T8278] RSP: 002b:00007f0540310038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.457719][ T8278] RAX: ffffffffffffffda RBX: 00007f053f7a5fa0 RCX: 00007f053f58d169
[  141.457729][ T8278] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000004
[  141.457738][ T8278] RBP: 00007f0540310090 R08: 0000000000000000 R09: 0000000000000000
[  141.457764][ T8278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.457772][ T8278] R13: 0000000000000000 R14: 00007f053f7a5fa0 R15: 00007fff9ed818b8
[  141.457858][ T8278]  </TASK>
[  141.949456][ T8282] FAULT_INJECTION: forcing a failure.
[  141.949456][ T8282] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.986970][ T8282] CPU: 1 UID: 0 PID: 8282 Comm: syz.3.683 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  141.987000][ T8282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  141.987013][ T8282] Call Trace:
[  141.987021][ T8282]  <TASK>
[  141.987030][ T8282]  dump_stack_lvl+0x241/0x360
[  141.987062][ T8282]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.987085][ T8282]  ? __pfx__printk+0x10/0x10
[  141.987109][ T8282]  ? __pfx_lock_release+0x10/0x10
[  141.987140][ T8282]  ? __lock_acquire+0x1397/0x2100
[  141.987179][ T8282]  should_fail_ex+0x40a/0x550
[  141.987214][ T8282]  _copy_from_user+0x2d/0xb0
[  141.987243][ T8282]  kstrtouint_from_user+0xc6/0x190
[  141.987270][ T8282]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  141.987296][ T8282]  ? __pfx_lock_acquire+0x10/0x10
[  141.987339][ T8282]  proc_fail_nth_write+0xaa/0x2d0
[  141.987368][ T8282]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  141.987395][ T8282]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  141.987431][ T8282]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  141.987462][ T8282]  vfs_write+0x29f/0xd10
[  141.987485][ T8282]  ? fdget_pos+0x254/0x320
[  141.987515][ T8282]  ? __mutex_unlock_slowpath+0x227/0x800
[  141.987544][ T8282]  ? __pfx_vfs_write+0x10/0x10
[  141.987563][ T8282]  ? do_sys_openat2+0x17a/0x1d0
[  141.987596][ T8282]  ? __fget_files+0x2a/0x410
[  141.987626][ T8282]  ? __fget_files+0x395/0x410
[  141.987654][ T8282]  ? __fget_files+0x2a/0x410
[  141.987693][ T8282]  ksys_write+0x18f/0x2b0
[  141.987763][ T8282]  ? __pfx_ksys_write+0x10/0x10
[  141.987787][ T8282]  ? do_syscall_64+0x100/0x230
[  141.987815][ T8282]  ? do_syscall_64+0xb6/0x230
[  141.987844][ T8282]  do_syscall_64+0xf3/0x230
[  141.987869][ T8282]  ? clear_bhb_loop+0x35/0x90
[  141.987902][ T8282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.987930][ T8282] RIP: 0033:0x7fab6dd8bc1f
[  141.987948][ T8282] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.987964][ T8282] RSP: 002b:00007fab6eb13030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.987986][ T8282] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fab6dd8bc1f
[  141.988000][ T8282] RDX: 0000000000000001 RSI: 00007fab6eb130a0 RDI: 0000000000000005
[  141.988012][ T8282] RBP: 00007fab6eb13090 R08: 0000000000000000 R09: 0000000000000000
[  141.988023][ T8282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  141.988035][ T8282] R13: 0000000000000000 R14: 00007fab6dfa5fa0 R15: 00007ffffaf9f6e8
[  141.988066][ T8282]  </TASK>
[  142.394130][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.0.684'.
[  142.403568][ T8290] netlink: 'syz.0.684': attribute type 1 has an invalid length.
[  142.900938][ T8314] geneve0: entered allmulticast mode
[  143.224403][ T8332] xfrm1: entered allmulticast mode
[  143.317110][ T8327] lo speed is unknown, defaulting to 1000
[  143.752903][ T8348] netlink: 'syz.1.710': attribute type 2 has an invalid length.
[  143.795584][ T8348] netlink: 'syz.1.710': attribute type 4 has an invalid length.
[  143.807358][ T8353] syz_tun: entered allmulticast mode
[  143.871940][ T8334] lo speed is unknown, defaulting to 1000
[  143.951874][ T8357] __nla_validate_parse: 6 callbacks suppressed
[  143.951893][ T8357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.713'.
[  143.975375][ T8359] netlink: 'syz.1.714': attribute type 5 has an invalid length.
[  144.072146][ T8363] tunl0: left promiscuous mode
[  144.085479][ T8363] gre0: left promiscuous mode
[  144.090336][ T8363] gretap0: left promiscuous mode
[  144.116710][ T8363] erspan0: left promiscuous mode
[  144.127172][ T8363] ip_vti0: left promiscuous mode
[  144.137166][ T8363] ip6_vti0: left promiscuous mode
[  144.142346][ T8363] sit0: left promiscuous mode
[  144.195658][ T8363] ip6tnl0: left promiscuous mode
[  144.200753][ T8363] ip6gre0: left promiscuous mode
[  144.243476][ T8363] syz_tun: left promiscuous mode
[  144.274494][ T8363] ip6gretap0: left promiscuous mode
[  144.288142][ T8363] bridge0: left promiscuous mode
[  144.312732][ T8363] vcan0: left promiscuous mode
[  144.325802][ T8363] bond0: left promiscuous mode
[  144.330981][ T8363] dummy0: left promiscuous mode
[  144.376771][ T8363] nlmon0: left promiscuous mode
[  144.403681][ T8363] caif0: left promiscuous mode
[  144.429417][ T8363] vxcan0: left promiscuous mode
[  144.445446][ T8363] vxcan1: left promiscuous mode
[  144.450729][ T8363] veth0: left promiscuous mode
[  144.456287][ T8363] veth1: left promiscuous mode
[  144.461323][ T8363] wg0: left promiscuous mode
[  144.466597][ T8363] wg1: left promiscuous mode
[  144.471517][ T8363] wg2: left promiscuous mode
[  144.476634][ T8363] veth0_to_bridge: left promiscuous mode
[  144.483039][ T8363] veth1_to_bridge: left promiscuous mode
[  144.489382][ T8363] veth0_to_bond: left promiscuous mode
[  144.495276][ T8363] bond_slave_0: left promiscuous mode
[  144.501263][ T8363] veth1_to_bond: left promiscuous mode
[  144.507469][ T8363] bond_slave_1: left promiscuous mode
[  144.513225][ T8363] veth0_to_team: left promiscuous mode
[  144.526457][ T8377] IPVS: set_ctl: invalid protocol: 92 0.0.0.0:20004
[  144.538475][ T8363] team_slave_0: left promiscuous mode
[  144.557564][ T8363] veth1_to_team: left promiscuous mode
[  144.563400][ T8363] team_slave_1: left promiscuous mode
[  144.570111][ T8363] veth0_to_batadv: left promiscuous mode
[  144.594375][ T8363] batadv_slave_0: left promiscuous mode
[  144.608022][ T8363] veth1_to_batadv: left promiscuous mode
[  144.614248][ T8363] batadv_slave_1: left promiscuous mode
[  144.621325][ T8363] xfrm0: left promiscuous mode
[  144.628601][ T8363] veth0_to_hsr: left promiscuous mode
[  144.634599][ T8363] veth1_to_hsr: left promiscuous mode
[  144.643607][ T8363] hsr0: left promiscuous mode
[  144.653954][ T8363] veth1_virt_wifi: left promiscuous mode
[  144.684567][ T8363] veth0_virt_wifi: left promiscuous mode
[  144.700206][ T8363] net veth1_virt_wifi virt_wifi0: left promiscuous mode
[  144.750568][ T8363] macvtap0: left promiscuous mode
[  144.759899][ T8363] macsec0: left promiscuous mode
[  144.764976][ T8363] geneve0: left promiscuous mode
[  144.771184][ T8363] geneve1: left promiscuous mode
[  144.777103][ T8363] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  144.784573][ T8363] netdevsim netdevsim0 netdevsim1: left promiscuous mode
[  144.792254][ T8363] netdevsim netdevsim0 netdevsim2: left promiscuous mode
[  144.799887][ T8363] netdevsim netdevsim0 netdevsim3: left promiscuous mode
[  144.808722][ T8363] mac80211_hwsim hwsim4 wlan0: left promiscuous mode
[  144.816119][ T8363] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  144.822930][ T8363] ip6gre1: left promiscuous mode
[  144.829389][ T8363] syztnl2: left promiscuous mode
[  144.834952][ T8363] bond1: left promiscuous mode
[  144.841629][ T8363] batadv1: left promiscuous mode
[  144.847663][ T8363] bridge1: left promiscuous mode
[  144.852901][ T8363] bond2: left promiscuous mode
[  144.859716][ T8363] batadv0: left promiscuous mode
[  144.864949][ T8363] bond3: left promiscuous mode
[  144.871001][ T8363] batadv2: left promiscuous mode
[  144.935693][ T8333] lo speed is unknown, defaulting to 1000
[  145.211302][ T8382] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.643251][ T8382] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.894643][ T8382] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.099157][ T8382] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.169775][ T8406] netlink: 'syz.0.726': attribute type 4 has an invalid length.
[  146.454000][ T8382] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.510172][ T8382] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.578877][ T8382] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.625946][ T8382] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.994801][ T8427] Bluetooth: MGMT ver 1.23
[  147.062398][ T8432] netlink: 16 bytes leftover after parsing attributes in process `syz.2.736'.
[  147.168497][ T8434] netlink: 32 bytes leftover after parsing attributes in process `syz.4.737'.
[  147.209202][ T8434] vti0: entered promiscuous mode
[  147.322160][ T8440] syzkaller1: entered promiscuous mode
[  147.328476][ T8440] syzkaller1: entered allmulticast mode
[  147.337436][ T8440] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 25
[  147.347669][ T8440] netlink: 'syz.3.739': attribute type 4 has an invalid length.
[  147.494878][ T8450] lo speed is unknown, defaulting to 1000
[  147.517214][ T8452] netlink: 20 bytes leftover after parsing attributes in process `syz.1.743'.
[  147.735905][ T8462] netlink: 'syz.1.747': attribute type 6 has an invalid length.
[  147.756056][ T8462] FAULT_INJECTION: forcing a failure.
[  147.756056][ T8462] name failslab, interval 1, probability 0, space 0, times 0
[  147.845363][ T8462] CPU: 1 UID: 0 PID: 8462 Comm: syz.1.747 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  147.845396][ T8462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  147.845408][ T8462] Call Trace:
[  147.845415][ T8462]  <TASK>
[  147.845424][ T8462]  dump_stack_lvl+0x241/0x360
[  147.845455][ T8462]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.845479][ T8462]  ? __pfx__printk+0x10/0x10
[  147.845501][ T8462]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  147.845533][ T8462]  ? __pfx___might_resched+0x10/0x10
[  147.845566][ T8462]  should_fail_ex+0x40a/0x550
[  147.845602][ T8462]  should_failslab+0xac/0x100
[  147.845631][ T8462]  kmem_cache_alloc_node_noprof+0x77/0x380
[  147.845660][ T8462]  ? __alloc_skb+0x1c3/0x440
[  147.845684][ T8462]  __alloc_skb+0x1c3/0x440
[  147.845709][ T8462]  ? __pfx___alloc_skb+0x10/0x10
[  147.845728][ T8462]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  147.845757][ T8462]  ? netlink_ack_tlv_len+0x6e/0x200
[  147.845789][ T8462]  netlink_ack+0x145/0xa60
[  147.845814][ T8462]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  147.845851][ T8462]  ? ref_tracker_free+0x643/0x7e0
[  147.845878][ T8462]  netlink_rcv_skb+0x294/0x480
[  147.845912][ T8462]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  147.845943][ T8462]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  147.846015][ T8462]  ? netlink_deliver_tap+0x2e/0x1b0
[  147.846048][ T8462]  netlink_unicast+0x7f6/0x990
[  147.846082][ T8462]  ? __pfx_netlink_unicast+0x10/0x10
[  147.846106][ T8462]  ? __virt_addr_valid+0x45f/0x530
[  147.846127][ T8462]  ? __phys_addr_symbol+0x2f/0x70
[  147.846146][ T8462]  ? __check_object_size+0x47a/0x730
[  147.846178][ T8462]  netlink_sendmsg+0x8de/0xcb0
[  147.846226][ T8462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.846259][ T8462]  ? aa_sock_msg_perm+0x91/0x160
[  147.846297][ T8462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.846324][ T8462]  __sock_sendmsg+0x221/0x270
[  147.846356][ T8462]  ____sys_sendmsg+0x53a/0x860
[  147.846387][ T8462]  ? __pfx_____sys_sendmsg+0x10/0x10
[  147.846408][ T8462]  ? __fget_files+0x2a/0x410
[  147.846441][ T8462]  ? __fget_files+0x2a/0x410
[  147.846479][ T8462]  __sys_sendmsg+0x269/0x350
[  147.846507][ T8462]  ? __pfx___sys_sendmsg+0x10/0x10
[  147.846542][ T8462]  ? do_sys_openat2+0x17a/0x1d0
[  147.846598][ T8462]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  147.846631][ T8462]  ? do_syscall_64+0x100/0x230
[  147.846660][ T8462]  ? do_syscall_64+0xb6/0x230
[  147.846687][ T8462]  do_syscall_64+0xf3/0x230
[  147.846712][ T8462]  ? clear_bhb_loop+0x35/0x90
[  147.846745][ T8462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.846772][ T8462] RIP: 0033:0x7f317c18d169
[  147.846791][ T8462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.846807][ T8462] RSP: 002b:00007f317d053038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.846829][ T8462] RAX: ffffffffffffffda RBX: 00007f317c3a5fa0 RCX: 00007f317c18d169
[  147.846844][ T8462] RDX: 0000000000040010 RSI: 0000400000000000 RDI: 0000000000000003
[  147.846858][ T8462] RBP: 00007f317d053090 R08: 0000000000000000 R09: 0000000000000000
[  147.846870][ T8462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.846883][ T8462] R13: 0000000000000000 R14: 00007f317c3a5fa0 R15: 00007ffe8832d618
[  147.846912][ T8462]  </TASK>
[  148.389362][ T8470] netlink: 'syz.4.749': attribute type 4 has an invalid length.
[  149.036938][ T8497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.757'.
[  149.263839][ T8504] netlink: 'syz.1.758': attribute type 6 has an invalid length.
[  149.409631][ T8512] netlink: 'syz.3.760': attribute type 6 has an invalid length.
[  149.485414][ T8512] FAULT_INJECTION: forcing a failure.
[  149.485414][ T8512] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.557532][ T8512] CPU: 0 UID: 0 PID: 8512 Comm: syz.3.760 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  149.557561][ T8512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  149.557573][ T8512] Call Trace:
[  149.557580][ T8512]  <TASK>
[  149.557589][ T8512]  dump_stack_lvl+0x241/0x360
[  149.557622][ T8512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.557645][ T8512]  ? __pfx__printk+0x10/0x10
[  149.557671][ T8512]  ? snprintf+0xda/0x120
[  149.557706][ T8512]  should_fail_ex+0x40a/0x550
[  149.557743][ T8512]  _copy_to_user+0x31/0xb0
[  149.557773][ T8512]  simple_read_from_buffer+0xca/0x150
[  149.557805][ T8512]  proc_fail_nth_read+0x1e9/0x250
[  149.557838][ T8512]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  149.557870][ T8512]  ? rw_verify_area+0x243/0x630
[  149.557891][ T8512]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  149.557920][ T8512]  vfs_read+0x1f8/0xb40
[  149.557942][ T8512]  ? fdget_pos+0x254/0x320
[  149.557972][ T8512]  ? __pfx___mutex_lock+0x10/0x10
[  149.557997][ T8512]  ? __pfx_vfs_read+0x10/0x10
[  149.558015][ T8512]  ? do_sys_openat2+0x17a/0x1d0
[  149.558048][ T8512]  ? __fget_files+0x2a/0x410
[  149.558079][ T8512]  ? __fget_files+0x395/0x410
[  149.558107][ T8512]  ? __fget_files+0x2a/0x410
[  149.558145][ T8512]  ksys_read+0x18f/0x2b0
[  149.558169][ T8512]  ? __pfx_ksys_read+0x10/0x10
[  149.558192][ T8512]  ? do_syscall_64+0x100/0x230
[  149.558221][ T8512]  ? do_syscall_64+0xb6/0x230
[  149.558258][ T8512]  do_syscall_64+0xf3/0x230
[  149.558283][ T8512]  ? clear_bhb_loop+0x35/0x90
[  149.558316][ T8512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.558341][ T8512] RIP: 0033:0x7fab6dd8bb7c
[  149.558358][ T8512] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  149.558374][ T8512] RSP: 002b:00007fab6eb13030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  149.558394][ T8512] RAX: ffffffffffffffda RBX: 00007fab6dfa5fa0 RCX: 00007fab6dd8bb7c
[  149.558408][ T8512] RDX: 000000000000000f RSI: 00007fab6eb130a0 RDI: 0000000000000004
[  149.558418][ T8512] RBP: 00007fab6eb13090 R08: 0000000000000000 R09: 0000000000000000
[  149.558429][ T8512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.558439][ T8512] R13: 0000000000000000 R14: 00007fab6dfa5fa0 R15: 00007ffffaf9f6e8
[  149.558466][ T8512]  </TASK>
[  149.559355][ T8514] lo speed is unknown, defaulting to 1000
[  149.867347][ T8518] lo speed is unknown, defaulting to 1000
[  150.044839][ T8514] lo speed is unknown, defaulting to 1000
[  150.059166][ T8514] lo speed is unknown, defaulting to 1000
[  150.526010][ T8534] netlink: 'syz.3.765': attribute type 5 has an invalid length.
[  150.753440][ T8538] lo speed is unknown, defaulting to 1000
[  151.205810][ T5851] Bluetooth: hci0: command 0x0401 tx timeout
[  151.206340][ T5852] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  151.307420][ T8514] infiniband syz0: set down
[  151.312163][  T975] lo speed is unknown, defaulting to 1000
[  151.318121][ T8514] infiniband syz0: added lo
[  151.323672][ T8514] syz0: rxe_create_cq: returned err = -12
[  151.333452][ T8514] infiniband syz0: Couldn't create ib_mad CQ
[  151.349878][ T8514] infiniband syz0: Couldn't open port 1
[  151.457202][ T8542] netlink: 12 bytes leftover after parsing attributes in process `syz.3.768'.
[  151.498769][ T8514] RDS/IB: syz0: added
[  151.506485][ T8514] smc: adding ib device syz0 with port count 1
[  151.512798][ T8514] smc:    ib device syz0 port 1 has pnetid SYZ1 (user defined)
[  151.569613][ T8542] 8021q: adding VLAN 0 to HW filter on device bond7
[  151.615870][  T975] lo speed is unknown, defaulting to 1000
[  151.628118][ T8514] lo speed is unknown, defaulting to 1000
[  151.646439][ T8542] netlink: 20 bytes leftover after parsing attributes in process `syz.3.768'.
[  151.670982][ T8544] 8021q: adding VLAN 0 to HW filter on device batadv5
[  151.700479][ T8544] bond7: (slave batadv5): Enslaving as an active interface with an up link
[  151.963605][ T8514] lo speed is unknown, defaulting to 1000
[  152.516773][ T8514] lo speed is unknown, defaulting to 1000
[  152.705620][ T8568] netlink: 'syz.3.771': attribute type 1 has an invalid length.
[  152.764429][ T8568] 8021q: adding VLAN 0 to HW filter on device bond8
[  152.893218][ T8514] lo speed is unknown, defaulting to 1000
[  153.154114][ T8514] lo speed is unknown, defaulting to 1000
[  153.432483][ T8514] lo speed is unknown, defaulting to 1000
[  153.573215][ T8580] netlink: 8 bytes leftover after parsing attributes in process `syz.3.773'.
[  153.726729][ T8550] siw: device registration error -23
[  154.238997][ T8591] netlink: 'syz.0.776': attribute type 4 has an invalid length.
[  154.991176][ T8606] lo speed is unknown, defaulting to 1000
[  155.085302][ T8611] netlink: 508 bytes leftover after parsing attributes in process `syz.4.785'.
[  155.557415][ T8621] netlink: 12 bytes leftover after parsing attributes in process `syz.2.789'.
[  155.624287][ T8621] netlink: 12 bytes leftover after parsing attributes in process `syz.2.789'.
[  155.675556][ T8620] lo speed is unknown, defaulting to 1000
[  155.731393][ T8606] lo speed is unknown, defaulting to 1000
[  156.259954][ T8629] syz.4.791: vmalloc error: size 69206016, failed to allocated page array size 135168, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  156.325376][ T8629] CPU: 1 UID: 0 PID: 8629 Comm: syz.4.791 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  156.325409][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  156.325422][ T8629] Call Trace:
[  156.325429][ T8629]  <TASK>
[  156.325438][ T8629]  dump_stack_lvl+0x241/0x360
[  156.325471][ T8629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.325495][ T8629]  ? __pfx__printk+0x10/0x10
[  156.325521][ T8629]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  156.325550][ T8629]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  156.325579][ T8629]  warn_alloc+0x278/0x410
[  156.325607][ T8629]  ? __pfx_warn_alloc+0x10/0x10
[  156.325636][ T8629]  ? translate_table+0x19f/0x22b0
[  156.325665][ T8629]  ? __get_vm_area_node+0x1c8/0x2d0
[  156.325697][ T8629]  ? __get_vm_area_node+0x25c/0x2d0
[  156.325736][ T8629]  __vmalloc_node_range_noprof+0x62f/0x1380
[  156.325758][ T8629]  ? lockdep_hardirqs_on+0x99/0x150
[  156.325807][ T8629]  ? rcu_is_watching+0x15/0xb0
[  156.325831][ T8629]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  156.325853][ T8629]  ? rcu_is_watching+0x15/0xb0
[  156.325877][ T8629]  ? trace_kmalloc+0x1f/0xd0
[  156.325903][ T8629]  ? __kmalloc_node_noprof+0x2ad/0x4d0
[  156.325932][ T8629]  ? __kvmalloc_node_noprof+0x72/0x190
[  156.325969][ T8629]  __kvmalloc_node_noprof+0x142/0x190
[  156.326003][ T8629]  ? translate_table+0x19f/0x22b0
[  156.326034][ T8629]  translate_table+0x19f/0x22b0
[  156.326092][ T8629]  ? __pfx_translate_table+0x10/0x10
[  156.326128][ T8629]  ? __virt_addr_valid+0x183/0x530
[  156.326150][ T8629]  ? __might_fault+0xaa/0x120
[  156.326171][ T8629]  ? __might_fault+0xc6/0x120
[  156.326197][ T8629]  ? copy_from_sockptr_offset+0x6b/0xb0
[  156.326232][ T8629]  do_arpt_set_ctl+0x101c/0x1650
[  156.326271][ T8629]  ? __pfx_do_arpt_set_ctl+0x10/0x10
[  156.326304][ T8629]  ? nf_setsockopt+0x240/0x2c0
[  156.326331][ T8629]  ? do_ip_setsockopt+0x2824/0x3ae0
[  156.326363][ T8629]  ? __pfx_lock_release+0x10/0x10
[  156.326396][ T8629]  ? rcu_is_watching+0x15/0xb0
[  156.326433][ T8629]  ? __mutex_unlock_slowpath+0x227/0x800
[  156.326469][ T8629]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  156.326499][ T8629]  ? __pfx___mutex_lock+0x10/0x10
[  156.326535][ T8629]  nf_setsockopt+0x295/0x2c0
[  156.326569][ T8629]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  156.326603][ T8629]  smc_setsockopt+0x275/0xd10
[  156.326632][ T8629]  ? __pfx_smc_setsockopt+0x10/0x10
[  156.326655][ T8629]  ? aa_sock_opt_perm+0x79/0x120
[  156.326692][ T8629]  ? __pfx_smc_setsockopt+0x10/0x10
[  156.326712][ T8629]  do_sock_setsockopt+0x3af/0x720
[  156.326739][ T8629]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  156.326765][ T8629]  ? __fget_files+0x395/0x410
[  156.326794][ T8629]  ? __fget_files+0x2a/0x410
[  156.326834][ T8629]  __x64_sys_setsockopt+0x1ee/0x280
[  156.326863][ T8629]  do_syscall_64+0xf3/0x230
[  156.326889][ T8629]  ? clear_bhb_loop+0x35/0x90
[  156.326922][ T8629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.326950][ T8629] RIP: 0033:0x7f053f58d169
[  156.326969][ T8629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.326986][ T8629] RSP: 002b:00007f053d3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  156.327008][ T8629] RAX: ffffffffffffffda RBX: 00007f053f7a6080 RCX: 00007f053f58d169
[  156.327023][ T8629] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 000000000000000a
[  156.327035][ T8629] RBP: 00007f053f60e2a0 R08: 00000000000003f8 R09: 0000000000000000
[  156.327048][ T8629] R10: 0000400000000240 R11: 0000000000000246 R12: 0000000000000000
[  156.327061][ T8629] R13: 0000000000000000 R14: 00007f053f7a6080 R15: 00007fff9ed818b8
[  156.327091][ T8629]  </TASK>
[  156.327100][ T8629] Mem-Info:
[  156.526782][ T8607] netlink: 376 bytes leftover after parsing attributes in process `syz.0.783'.
[  156.550685][ T8629] active_anon:11876 inactive_anon:0 isolated_anon:0
[  156.550685][ T8629]  active_file:1519 inactive_file:38328 isolated_file:0
[  156.550685][ T8629]  unevictable:768 dirty:299 writeback:0
[  156.550685][ T8629]  slab_reclaimable:10446 slab_unreclaimable:106833
[  156.550685][ T8629]  mapped:32781 shmem:4373 pagetables:880
[  156.550685][ T8629]  sec_pagetables:0 bounce:0
[  156.550685][ T8629]  kernel_misc_reclaimable:0
[  156.550685][ T8629]  free:1313143 free_pcp:4786 free_cma:0
[  156.601781][ T8607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.783'.
[  156.797726][ T8620] lo speed is unknown, defaulting to 1000
[  156.876864][ T8629] Node 0 active_anon:43604kB inactive_anon:0kB active_file:6076kB inactive_file:153240kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131124kB dirty:1192kB writeback:0kB shmem:15956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11736kB pagetables:3520kB sec_pagetables:0kB all_unreclaimable? no
[  156.938910][ T8629] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  156.993772][ T8629] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  157.102446][ T8629] lowmem_reserve[]: 0 2489 2490 0 0
[  157.152890][ T8629] Node 0 DMA32 free:1335692kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:34984kB inactive_anon:0kB active_file:6076kB inactive_file:152924kB unevictable:1536kB writepending:1192kB present:3129332kB managed:2549728kB mlocked:0kB bounce:0kB free_pcp:23272kB local_pcp:68kB free_cma:0kB
[  157.235289][ T8629] lowmem_reserve[]: 0 0 0 0 0
[  157.240141][ T8629] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  157.360986][ T8629] lowmem_reserve[]: 0 0 0 0 0
[  157.385745][ T8629] Node 1 Normal free:3908888kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  157.423103][ T8629] lowmem_reserve[]: 0 0 0 0 0
[  157.441041][ T8629] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  157.473241][ T8629] Node 0 DMA32: 111*4kB (ME) 104*8kB (ME) 56*16kB (UME) 15*32kB (UM) 10*64kB (UME) 4*128kB (UME) 3*256kB (ME) 2*512kB (ME) 3*1024kB (UM) 11*2048kB (UE) 318*4096kB (UM) = 1333724kB
[  157.536111][ T8629] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  157.634798][ T8629] Node 1 Normal: 254*4kB (UME) 74*8kB (UME) 43*16kB (UME) 199*32kB (UME) 99*64kB (UME) 29*128kB (UME) 20*256kB (UME) 10*512kB (UM) 7*1024kB (UME) 3*2048kB (UE) 944*4096kB (UM) = 3908888kB
[  157.766360][ T8629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.785271][ T8629] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  157.807926][ T8629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.835226][ T8629] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  157.863388][ T8629] 41363 total pagecache pages
[  157.965300][ T8629] 0 pages in swap cache
[  157.982096][ T8629] Free swap  = 124996kB
[  157.995180][ T8629] Total swap = 124996kB
[  157.999603][ T8629] 2097051 pages RAM
[  158.003446][ T8629] 0 pages HighMem/MovableOnly
[  158.038898][ T8629] 427897 pages reserved
[  158.057193][ T8629] 0 pages cma reserved
[  158.608602][ T8666] x_tables: duplicate underflow at hook 2
[  159.091411][ T8674] syzkaller1: entered promiscuous mode
[  159.135719][ T8674] syzkaller1: entered allmulticast mode
[  159.208083][ T8674] openvswitch: netlink: IP tunnel TTL not specified.
[  159.610547][ T8697] netlink: 'syz.4.815': attribute type 1 has an invalid length.
[  159.643727][ T8697] netlink: 16166 bytes leftover after parsing attributes in process `syz.4.815'.
[  159.858192][ T8705] netlink: 'syz.2.817': attribute type 12 has an invalid length.
[  159.867221][ T8704] netlink: 'syz.0.816': attribute type 4 has an invalid length.
[  159.896188][ T8705] netlink: 'syz.2.817': attribute type 29 has an invalid length.
[  159.936239][ T8705] netlink: 148 bytes leftover after parsing attributes in process `syz.2.817'.
[  159.960117][ T8705] netlink: 'syz.2.817': attribute type 1 has an invalid length.
[  159.985973][ T8705] netlink: 39 bytes leftover after parsing attributes in process `syz.2.817'.
[  160.349081][ T8717] pimreg: entered allmulticast mode
[  160.373472][ T8719] dvmrp0: left allmulticast mode
[  160.395662][ T8719] pimreg: left allmulticast mode
[  160.558377][ T8726] : entered promiscuous mode
[  160.683313][ T8727] netlink: 'syz.0.822': attribute type 2 has an invalid length.
[  160.749526][ T8727] fþ²¹¥‰: entered promiscuous mode
[  160.830631][ T8736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.826'.
[  160.882925][ T8743] netlink: 332 bytes leftover after parsing attributes in process `syz.2.826'.
[  160.928967][ T8744] netlink: 'syz.3.829': attribute type 4 has an invalid length.
[  161.305746][ T8755] lo speed is unknown, defaulting to 1000
[  161.332936][ T8759] netlink: 'syz.3.834': attribute type 10 has an invalid length.
[  161.390394][ T8759] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  161.451301][ T8759] netlink: 1268 bytes leftover after parsing attributes in process `syz.3.834'.
[  161.490454][ T8759] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  161.532338][ T8759] netlink: 'syz.3.834': attribute type 6 has an invalid length.
[  161.722198][ T8767] netlink: 44 bytes leftover after parsing attributes in process `syz.0.837'.
[  162.000671][ T8766] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.005911][ T8773] netlink: 'syz.3.840': attribute type 6 has an invalid length.
[  162.029069][ T8766] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  162.060182][ T3079] lo speed is unknown, defaulting to 1000
[  162.070127][ T3079] lo speed is unknown, defaulting to 1000
[  162.096415][ T8755] lo speed is unknown, defaulting to 1000
[  162.591863][ T8776] bond0: left allmulticast mode
[  162.659632][ T8793] xt_TCPMSS: Only works on TCP SYN packets
[  162.736850][ T8776] bridge_slave_1: left allmulticast mode
[  162.898932][ T8776] geneve0: left allmulticast mode
[  162.906969][ T8776] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  162.917714][ T8776] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  162.928081][ T8776] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  162.937549][ T8776] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  163.041862][ T8776] vlan2: left allmulticast mode
[  163.049565][ T8776] bridge2: left promiscuous mode
[  163.056285][ T8776] bridge2: left allmulticast mode
[  163.125982][ T8776] vti0: left promiscuous mode
[  163.141516][ T8756] netlink: 280 bytes leftover after parsing attributes in process `syz.1.833'.
[  163.226360][ T8793] lo speed is unknown, defaulting to 1000
[  163.493897][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.848'.
[  163.604834][ T8793] lo speed is unknown, defaulting to 1000
[  163.892020][ T8819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.850'.
[  164.047715][ T8826] netlink: 20 bytes leftover after parsing attributes in process `syz.2.850'.
[  164.120874][ T8819] 8021q: adding VLAN 0 to HW filter on device bond4
[  164.243958][ T8824] 8021q: adding VLAN 0 to HW filter on device batadv4
[  164.323897][ T8824] bond4: (slave batadv4): Enslaving as an active interface with an up link
[  164.916869][ T8843] vti0: left promiscuous mode
[  165.173940][ T8843] bridge0: port 1(gretap0) entered blocking state
[  165.197685][ T8843] bridge0: port 1(gretap0) entered disabled state
[  165.235677][ T8843] gretap0: entered allmulticast mode
[  165.257280][ T8843] gretap0: entered promiscuous mode
[  165.317745][ T8845] gretap0: left allmulticast mode
[  165.369527][ T8845] gretap0: left promiscuous mode
[  165.377381][ T8845] bridge0: port 1(gretap0) entered disabled state
[  165.714645][ T8862] netlink: 596 bytes leftover after parsing attributes in process `syz.3.860'.
[  165.800386][ T8866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.862'.
[  165.810967][ T8866] netlink: 'syz.4.862': attribute type 1 has an invalid length.
[  166.122067][ T8882] syzkaller0: tun_chr_ioctl cmd 1074025673
[  166.189680][ T8882] syzkaller0: tun_chr_ioctl cmd 1074025673
[  194.576285][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  196.650600][ T5848] Bluetooth: hci0: command 0x0401 tx timeout
[  196.650607][ T5845] Bluetooth: hci3: command 0x0406 tx timeout
[  196.650666][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  196.669684][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  200.219950][ T8912] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[  200.290579][ T8914] lo speed is unknown, defaulting to 1000
[  200.488420][ T8922] xt_nfacct: accounting object `syz1' does not exists
[  200.712633][ T8933] __nla_validate_parse: 2 callbacks suppressed
[  200.712652][ T8933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.881'.
[  200.765615][ T8935] netlink: 'syz.0.882': attribute type 1 has an invalid length.
[  200.825322][ T8939] netlink: 3 bytes leftover after parsing attributes in process `syz.0.882'.
[  200.841758][ T8933] 8021q: adding VLAN 0 to HW filter on device bond5
[  200.906738][ T8935] bond6: entered promiscuous mode
[  200.916616][ T8933] netlink: 20 bytes leftover after parsing attributes in process `syz.2.881'.
[  200.926122][ T8935] 8021q: adding VLAN 0 to HW filter on device bond6
[  200.940125][ T8938] 8021q: adding VLAN 0 to HW filter on device batadv5
[  200.951563][ T8938] bond5: (slave batadv5): Enslaving as an active interface with an up link
[  200.983570][ T8935] netlink: 48 bytes leftover after parsing attributes in process `syz.0.882'.
[  201.000764][ T8939] batadv4: entered promiscuous mode
[  201.006807][ T8939] batadv4: entered allmulticast mode
[  201.013693][ T8939] 8021q: adding VLAN 0 to HW filter on device batadv4
[  201.022319][ T8939] bond6: (slave batadv4): making interface the new active one
[  201.031789][ T8939] bond6: (slave batadv4): Enslaving as an active interface with an up link
[  201.043931][ T8914] lo speed is unknown, defaulting to 1000
[  201.240923][ T8920] smc: removing ib device syz0
[  201.249258][ T8931] lo speed is unknown, defaulting to 1000
[  201.289553][ T8945] netlink: 12 bytes leftover after parsing attributes in process `syz.2.883'.
[  201.846358][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  201.861125][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.309419][ T8962] netlink: 12 bytes leftover after parsing attributes in process `syz.0.887'.
[  202.428159][ T8964] netlink: 20 bytes leftover after parsing attributes in process `syz.0.887'.
[  202.583601][ T8962] 8021q: adding VLAN 0 to HW filter on device bond7
[  202.608259][ T8963] 8021q: adding VLAN 0 to HW filter on device batadv5
[  202.637393][ T8963] bond7: (slave batadv5): Enslaving as an active interface with an up link
[  202.701703][ T8964] vlan0: entered promiscuous mode
[  202.708483][ T8964] bond7: entered promiscuous mode
[  202.713569][ T8964] batadv5: entered promiscuous mode
[  202.916986][ T8969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.889'.
[  203.414364][ T8982] sch_fq: defrate 0 ignored.
[  203.470064][ T8986] netlink: 'syz.0.892': attribute type 10 has an invalid length.
[  203.553049][ T8987] sch_fq: defrate 511 ignored.
[  203.655330][ T8992] netlink: 'syz.1.893': attribute type 10 has an invalid length.
[  203.967381][ T9001] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  203.982382][ T9001] IPv6: NLM_F_CREATE should be set when creating new route
[  203.990778][ T9001] IPv6: NLM_F_CREATE should be set when creating new route
[  204.050975][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.899'.
[  204.060252][ T9006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.899'.
[  204.077798][ T9006] netlink: 'syz.3.899': attribute type 1 has an invalid length.
[  204.093331][ T9003] lo speed is unknown, defaulting to 1000
[  204.594780][ T9025] team0: Port device bridge2 removed
[  204.635889][ T9025] bond1: (slave batadv1): Releasing backup interface
[  204.658743][ T9025] bond2: (slave batadv2): Releasing backup interface
[  204.849949][ T9025] bond3: (slave batadv3): Releasing backup interface
[  204.909578][ T9025] bond4: (slave batadv4): Releasing backup interface
[  204.949775][ T9025] bond5: (slave batadv5): Releasing backup interface
[  205.816983][ T9048] lo speed is unknown, defaulting to 1000
[  205.868379][ T9051] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma?
[  206.133376][ T9058] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  206.480906][ T9064] __nla_validate_parse: 3 callbacks suppressed
[  206.480925][ T9064] netlink: 830 bytes leftover after parsing attributes in process `syz.1.911'.
[  206.856975][ T9071] lo speed is unknown, defaulting to 1000
[  207.127834][ T9082] netlink: 'syz.4.918': attribute type 6 has an invalid length.
[  207.267316][ T9089] netlink: 88 bytes leftover after parsing attributes in process `syz.2.920'.
[  207.305790][ T9089] netlink: 16 bytes leftover after parsing attributes in process `syz.2.920'.
[  207.546994][ T9086] lo speed is unknown, defaulting to 1000
[  207.592180][ T9092] netlink: 28 bytes leftover after parsing attributes in process `syz.1.921'.
[  207.613274][ T9097] netlink: 'syz.3.919': attribute type 21 has an invalid length.
[  207.621652][ T9092] netlink: 28 bytes leftover after parsing attributes in process `syz.1.921'.
[  207.736705][ T9097] netlink: 132 bytes leftover after parsing attributes in process `syz.3.919'.
[  207.778316][ T9105] netlink: 16 bytes leftover after parsing attributes in process `syz.3.919'.
[  207.904799][ T9092] syzkaller1: entered promiscuous mode
[  207.912479][ T9092] syzkaller1: entered allmulticast mode
[  208.083442][ T9119] sit0: entered promiscuous mode
[  208.090053][ T9119] netlink: 'syz.4.927': attribute type 1 has an invalid length.
[  208.145481][ T9119] netlink: 1 bytes leftover after parsing attributes in process `syz.4.927'.
[  208.305025][ T9115] lo speed is unknown, defaulting to 1000
[  208.428704][ T9124] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  208.635933][ T9130] FAULT_INJECTION: forcing a failure.
[  208.635933][ T9130] name failslab, interval 1, probability 0, space 0, times 0
[  208.649966][ T9134] netlink: 'syz.1.932': attribute type 6 has an invalid length.
[  208.659297][ T9130] CPU: 0 UID: 0 PID: 9130 Comm: syz.4.930 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  208.659321][ T9130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  208.659333][ T9130] Call Trace:
[  208.659340][ T9130]  <TASK>
[  208.659364][ T9130]  dump_stack_lvl+0x241/0x360
[  208.659415][ T9130]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.659434][ T9130]  ? __pfx__printk+0x10/0x10
[  208.659452][ T9130]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  208.659476][ T9130]  ? __pfx___might_resched+0x10/0x10
[  208.659500][ T9130]  should_fail_ex+0x40a/0x550
[  208.659528][ T9130]  should_failslab+0xac/0x100
[  208.659550][ T9130]  __kmalloc_node_noprof+0xe1/0x4d0
[  208.659572][ T9130]  ? __kvmalloc_node_noprof+0x72/0x190
[  208.659602][ T9130]  __kvmalloc_node_noprof+0x72/0x190
[  208.659627][ T9130]  bpf_test_run_xdp_live+0x290/0x2220
[  208.659650][ T9130]  ? __pfx_lock_release+0x10/0x10
[  208.659679][ T9130]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  208.659697][ T9130]  ? __pfx___might_resched+0x10/0x10
[  208.659721][ T9130]  ? __mutex_unlock_slowpath+0x227/0x800
[  208.659748][ T9130]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  208.659769][ T9130]  ? synchronize_rcu+0x11b/0x360
[  208.659787][ T9130]  ? __pfx_synchronize_rcu+0x10/0x10
[  208.659835][ T9130]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[  208.659860][ T9130]  ? 0xffffffffa0000948
[  208.659894][ T9130]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  208.659934][ T9130]  ? _copy_from_user+0x95/0xb0
[  208.659956][ T9130]  ? bpf_test_init+0x137/0x160
[  208.659982][ T9130]  ? xdp_convert_md_to_buff+0x5b/0x330
[  208.660010][ T9130]  bpf_prog_test_run_xdp+0x805/0x11e0
[  208.660037][ T9130]  ? __pfx_lock_release+0x10/0x10
[  208.660088][ T9130]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  208.660113][ T9130]  ? __fget_files+0x2a/0x410
[  208.660141][ T9130]  ? __fget_files+0x2a/0x410
[  208.660169][ T9130]  ? fput+0x21b/0x290
[  208.660192][ T9130]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  208.660218][ T9130]  bpf_prog_test_run+0x2e4/0x360
[  208.660249][ T9130]  __sys_bpf+0x487/0x820
[  208.660274][ T9130]  ? __pfx___sys_bpf+0x10/0x10
[  208.660310][ T9130]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  208.660339][ T9130]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  208.660366][ T9130]  ? do_syscall_64+0x100/0x230
[  208.660392][ T9130]  __x64_sys_bpf+0x7c/0x90
[  208.660414][ T9130]  do_syscall_64+0xf3/0x230
[  208.660435][ T9130]  ? clear_bhb_loop+0x35/0x90
[  208.660462][ T9130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.660486][ T9130] RIP: 0033:0x7f053f58d169
[  208.660501][ T9130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.660518][ T9130] RSP: 002b:00007f0540310038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  208.660545][ T9130] RAX: ffffffffffffffda RBX: 00007f053f7a5fa0 RCX: 00007f053f58d169
[  208.660559][ T9130] RDX: 0000000000000050 RSI: 0000400000000200 RDI: 000000000000000a
[  208.660571][ T9130] RBP: 00007f0540310090 R08: 0000000000000000 R09: 0000000000000000
[  208.660582][ T9130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  208.660592][ T9130] R13: 0000000000000000 R14: 00007f053f7a5fa0 R15: 00007fff9ed818b8
[  208.660619][ T9130]  </TASK>
[  209.118323][ T9137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.931'.
[  209.348438][ T9142] FAULT_INJECTION: forcing a failure.
[  209.348438][ T9142] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  209.392813][ T9142] CPU: 1 UID: 0 PID: 9142 Comm: syz.1.934 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  209.392842][ T9142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  209.392855][ T9142] Call Trace:
[  209.392862][ T9142]  <TASK>
[  209.392870][ T9142]  dump_stack_lvl+0x241/0x360
[  209.392902][ T9142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.392926][ T9142]  ? __pfx__printk+0x10/0x10
[  209.392950][ T9142]  ? __lock_acquire+0x1397/0x2100
[  209.392985][ T9142]  should_fail_ex+0x40a/0x550
[  209.393018][ T9142]  prepare_alloc_pages+0x1da/0x5b0
[  209.393049][ T9142]  __alloc_frozen_pages_noprof+0x16f/0x710
[  209.393076][ T9142]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  209.393114][ T9142]  ? __pfx_lock_acquire+0x10/0x10
[  209.393149][ T9142]  alloc_pages_mpol+0x311/0x660
[  209.393174][ T9142]  ? __lock_acquire+0x1397/0x2100
[  209.393208][ T9142]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  209.393253][ T9142]  vma_alloc_folio_noprof+0x12b/0x260
[  209.393283][ T9142]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  209.393318][ T9142]  folio_prealloc+0x2e/0x170
[  209.393339][ T9142]  __handle_mm_fault+0x3e4b/0x70f0
[  209.393405][ T9142]  ? __pfx___handle_mm_fault+0x10/0x10
[  209.393433][ T9142]  ? lock_vma_under_rcu+0x34b/0x790
[  209.393494][ T9142]  ? __pfx_reacquire_held_locks+0x10/0x10
[  209.393535][ T9142]  ? mtree_range_walk+0x6fd/0x8e0
[  209.393559][ T9142]  ? lock_vma_under_rcu+0x1dd/0x790
[  209.393589][ T9142]  ? __pfx_lock_release+0x10/0x10
[  209.393616][ T9142]  ? lock_vma_under_rcu+0x34b/0x790
[  209.393665][ T9142]  ? lock_vma_under_rcu+0x1dd/0x790
[  209.393697][ T9142]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  209.393732][ T9142]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  209.393768][ T9142]  handle_mm_fault+0x3e5/0x8d0
[  209.393807][ T9142]  exc_page_fault+0x459/0x8b0
[  209.393835][ T9142]  asm_exc_page_fault+0x26/0x30
[  209.393861][ T9142] RIP: 0033:0x7f317c058b7b
[  209.393878][ T9142] Code: 00 00 00 48 8d 3d 9d 33 19 00 48 89 c1 31 c0 e8 4b 44 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d d1 33 19 00 48 89 34 24 48 8b 14 24 48 8b
[  209.393893][ T9142] RSP: 002b:00007f317d051fb0 EFLAGS: 00010202
[  209.393910][ T9142] RAX: 0000000000000000 RBX: 00007f317c3a5fa0 RCX: 0000000000000000
[  209.393934][ T9142] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000400000000040
[  209.393946][ T9142] RBP: 00007f317d053090 R08: 0000000000000000 R09: 0000000000000000
[  209.393957][ T9142] R10: 0000400000000040 R11: 0000000000000000 R12: 0000000000000001
[  209.393968][ T9142] R13: 0000000000000000 R14: 00007f317c3a5fa0 R15: 00007ffe8832d618
[  209.394014][ T9142]  </TASK>
[  209.394383][ T9142] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  210.247311][ T9158] netlink: 'syz.0.936': attribute type 1 has an invalid length.
[  210.278116][ T9158] netlink: 16179 bytes leftover after parsing attributes in process `syz.0.936'.
[  210.638791][ T9168] 8021q: adding VLAN 0 to HW filter on device bond8
[  210.749958][ T9175] 8021q: adding VLAN 0 to HW filter on device batadv6
[  210.780572][ T9175] bond8: (slave batadv6): Enslaving as an active interface with an up link
[  210.833041][ T9168] vlan1: entered promiscuous mode
[  210.838708][ T9168] bond8: entered promiscuous mode
[  210.854053][ T9168] batadv6: entered promiscuous mode
[  211.144701][ T9191] FAULT_INJECTION: forcing a failure.
[  211.144701][ T9191] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.188533][ T9191] CPU: 1 UID: 0 PID: 9191 Comm: syz.0.944 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  211.188561][ T9191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  211.188573][ T9191] Call Trace:
[  211.188580][ T9191]  <TASK>
[  211.188588][ T9191]  dump_stack_lvl+0x241/0x360
[  211.188619][ T9191]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.188639][ T9191]  ? __pfx__printk+0x10/0x10
[  211.188661][ T9191]  ? __pfx_lock_release+0x10/0x10
[  211.188697][ T9191]  should_fail_ex+0x40a/0x550
[  211.188731][ T9191]  _copy_from_user+0x2d/0xb0
[  211.188758][ T9191]  copy_msghdr_from_user+0xae/0x680
[  211.188788][ T9191]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  211.188813][ T9191]  ? __fget_files+0x2a/0x410
[  211.188843][ T9191]  ? __fget_files+0x2a/0x410
[  211.188877][ T9191]  __sys_sendmsg+0x209/0x350
[  211.188901][ T9191]  ? __pfx___sys_sendmsg+0x10/0x10
[  211.188933][ T9191]  ? do_sys_openat2+0x17a/0x1d0
[  211.188989][ T9191]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  211.189019][ T9191]  ? do_syscall_64+0x100/0x230
[  211.189045][ T9191]  ? do_syscall_64+0xb6/0x230
[  211.189071][ T9191]  do_syscall_64+0xf3/0x230
[  211.189093][ T9191]  ? clear_bhb_loop+0x35/0x90
[  211.189124][ T9191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.189149][ T9191] RIP: 0033:0x7f1d7258d169
[  211.189166][ T9191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.189182][ T9191] RSP: 002b:00007f1d73473038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  211.189203][ T9191] RAX: ffffffffffffffda RBX: 00007f1d727a5fa0 RCX: 00007f1d7258d169
[  211.189216][ T9191] RDX: 0000000000000000 RSI: 0000400000000380 RDI: 0000000000000004
[  211.189228][ T9191] RBP: 00007f1d73473090 R08: 0000000000000000 R09: 0000000000000000
[  211.189240][ T9191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.189251][ T9191] R13: 0000000000000000 R14: 00007f1d727a5fa0 R15: 00007ffd022f1b98
[  211.189278][ T9191]  </TASK>
[  211.783372][ T9221] FAULT_INJECTION: forcing a failure.
[  211.783372][ T9221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.819349][ T9221] CPU: 0 UID: 0 PID: 9221 Comm: syz.4.952 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  211.819375][ T9221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  211.819387][ T9221] Call Trace:
[  211.819394][ T9221]  <TASK>
[  211.819402][ T9221]  dump_stack_lvl+0x241/0x360
[  211.819430][ T9221]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.819451][ T9221]  ? __pfx__printk+0x10/0x10
[  211.819475][ T9221]  ? snprintf+0xda/0x120
[  211.819518][ T9221]  should_fail_ex+0x40a/0x550
[  211.819551][ T9221]  _copy_to_user+0x31/0xb0
[  211.819579][ T9221]  simple_read_from_buffer+0xca/0x150
[  211.819608][ T9221]  proc_fail_nth_read+0x1e9/0x250
[  211.819637][ T9221]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  211.819667][ T9221]  ? rw_verify_area+0x243/0x630
[  211.819686][ T9221]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  211.819714][ T9221]  vfs_read+0x1f8/0xb40
[  211.819733][ T9221]  ? do_sock_setsockopt+0x3e2/0x720
[  211.819754][ T9221]  ? do_sock_setsockopt+0x3e2/0x720
[  211.819774][ T9221]  ? __pfx_vfs_read+0x10/0x10
[  211.819795][ T9221]  ? __pfx_netlink_setsockopt+0x10/0x10
[  211.819823][ T9221]  ? do_sock_setsockopt+0x3e2/0x720
[  211.819847][ T9221]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  211.819873][ T9221]  ksys_read+0x18f/0x2b0
[  211.819894][ T9221]  ? __pfx_ksys_read+0x10/0x10
[  211.819926][ T9221]  ? do_syscall_64+0x100/0x230
[  211.819952][ T9221]  ? do_syscall_64+0xb6/0x230
[  211.819976][ T9221]  do_syscall_64+0xf3/0x230
[  211.820002][ T9221]  ? clear_bhb_loop+0x35/0x90
[  211.820031][ T9221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.820074][ T9221] RIP: 0033:0x7f053f58bb7c
[  211.820092][ T9221] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  211.820110][ T9221] RSP: 002b:00007f0540310030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  211.820132][ T9221] RAX: ffffffffffffffda RBX: 00007f053f7a5fa0 RCX: 00007f053f58bb7c
[  211.820146][ T9221] RDX: 000000000000000f RSI: 00007f05403100a0 RDI: 0000000000000004
[  211.820159][ T9221] RBP: 00007f0540310090 R08: 0000000000000000 R09: 0000000000000000
[  211.820172][ T9221] R10: 0000400000000100 R11: 0000000000000246 R12: 0000000000000001
[  211.820184][ T9221] R13: 0000000000000000 R14: 00007f053f7a5fa0 R15: 00007fff9ed818b8
[  211.820214][ T9221]  </TASK>
[  212.424596][ T9243] __nla_validate_parse: 2 callbacks suppressed
[  212.424616][ T9243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.956'.
[  212.455304][ T9243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.956'.
[  212.494677][ T9243] netlink: 'syz.2.956': attribute type 1 has an invalid length.
[  212.546800][ T9243] netlink: 10 bytes leftover after parsing attributes in process `syz.2.956'.
[  212.942668][ T9265] netlink: 92 bytes leftover after parsing attributes in process `syz.4.967'.
[  212.988959][ T9268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.966'.
[  213.050679][ T9268] 8021q: adding VLAN 0 to HW filter on device bond9
[  213.067890][ T9272] netlink: 'syz.2.968': attribute type 1 has an invalid length.
[  213.152840][ T9272] bond6: entered allmulticast mode
[  213.159514][ T9272] 8021q: adding VLAN 0 to HW filter on device bond6
[  213.173783][ T9273] 8021q: adding VLAN 0 to HW filter on device batadv0
[  213.187205][ T9268] netlink: 20 bytes leftover after parsing attributes in process `syz.3.966'.
[  213.198014][ T9273] bond9: (slave batadv0): Enslaving as an active interface with an up link
[  213.232321][ T9276] netlink: 16 bytes leftover after parsing attributes in process `syz.2.968'.
[  213.274245][ T9272] 8021q: adding VLAN 0 to HW filter on device batadv6
[  213.292059][ T9272] bond6: (slave batadv6): making interface the new active one
[  213.301253][ T9272] batadv6: entered allmulticast mode
[  213.308473][ T9272] bond6: (slave batadv6): Enslaving as an active interface with an up link
[  213.360424][ T9268] vlan2: entered promiscuous mode
[  213.395173][ T9268] bond9: entered promiscuous mode
[  213.401549][ T9268] batadv0: entered promiscuous mode
[  213.445438][ T9287] FAULT_INJECTION: forcing a failure.
[  213.445438][ T9287] name failslab, interval 1, probability 0, space 0, times 0
[  213.485456][ T9287] CPU: 1 UID: 0 PID: 9287 Comm: syz.1.973 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  213.485485][ T9287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  213.485497][ T9287] Call Trace:
[  213.485504][ T9287]  <TASK>
[  213.485512][ T9287]  dump_stack_lvl+0x241/0x360
[  213.485544][ T9287]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.485567][ T9287]  ? __pfx__printk+0x10/0x10
[  213.485590][ T9287]  ? __kmalloc_cache_noprof+0x48/0x390
[  213.485621][ T9287]  ? __pfx___might_resched+0x10/0x10
[  213.485653][ T9287]  should_fail_ex+0x40a/0x550
[  213.485688][ T9287]  should_failslab+0xac/0x100
[  213.485717][ T9287]  __kmalloc_cache_noprof+0x70/0x390
[  213.485744][ T9287]  ? __xdp_reg_mem_model+0x1e3/0x620
[  213.485791][ T9287]  __xdp_reg_mem_model+0x1e3/0x620
[  213.485829][ T9287]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[  213.485864][ T9287]  ? page_pool_create_percpu+0x73b/0xb70
[  213.485892][ T9287]  xdp_reg_mem_model+0x22/0x40
[  213.485943][ T9287]  bpf_test_run_xdp_live+0x32f/0x2220
[  213.485972][ T9287]  ? __pfx_lock_release+0x10/0x10
[  213.486007][ T9287]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  213.486030][ T9287]  ? __pfx___might_resched+0x10/0x10
[  213.486061][ T9287]  ? __mutex_unlock_slowpath+0x227/0x800
[  213.486096][ T9287]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  213.486124][ T9287]  ? synchronize_rcu+0x11b/0x360
[  213.486149][ T9287]  ? __pfx_synchronize_rcu+0x10/0x10
[  213.486196][ T9287]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[  213.486227][ T9287]  ? 0xffffffffa0001bc8
[  213.486264][ T9287]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  213.486312][ T9287]  ? _copy_from_user+0x95/0xb0
[  213.486340][ T9287]  ? bpf_test_init+0x137/0x160
[  213.486366][ T9287]  ? xdp_convert_md_to_buff+0x5b/0x330
[  213.486398][ T9287]  bpf_prog_test_run_xdp+0x805/0x11e0
[  213.486433][ T9287]  ? __pfx_lock_release+0x10/0x10
[  213.486473][ T9287]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  213.486503][ T9287]  ? __fget_files+0x2a/0x410
[  213.486536][ T9287]  ? __fget_files+0x2a/0x410
[  213.486570][ T9287]  ? fput+0x21b/0x290
[  213.486598][ T9287]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  213.486628][ T9287]  bpf_prog_test_run+0x2e4/0x360
[  213.486663][ T9287]  __sys_bpf+0x487/0x820
[  213.486695][ T9287]  ? __pfx___sys_bpf+0x10/0x10
[  213.486737][ T9287]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  213.486779][ T9287]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  213.486813][ T9287]  ? do_syscall_64+0x100/0x230
[  213.486844][ T9287]  __x64_sys_bpf+0x7c/0x90
[  213.486871][ T9287]  do_syscall_64+0xf3/0x230
[  213.486897][ T9287]  ? clear_bhb_loop+0x35/0x90
[  213.486930][ T9287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.486959][ T9287] RIP: 0033:0x7f317c18d169
[  213.486976][ T9287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.486995][ T9287] RSP: 002b:00007f317d053038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  213.487018][ T9287] RAX: ffffffffffffffda RBX: 00007f317c3a5fa0 RCX: 00007f317c18d169
[  213.487034][ T9287] RDX: 0000000000000050 RSI: 0000400000000200 RDI: 000000000000000a
[  213.487047][ T9287] RBP: 00007f317d053090 R08: 0000000000000000 R09: 0000000000000000
[  213.487060][ T9287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.487073][ T9287] R13: 0000000000000000 R14: 00007f317c3a5fa0 R15: 00007ffe8832d618
[  213.487102][ T9287]  </TASK>
[  214.042678][ T9299] netlink: 'syz.0.977': attribute type 6 has an invalid length.
[  214.416663][ T9317] netlink: 'syz.1.982': attribute type 1 has an invalid length.
[  214.434858][ T9317] netlink: 224 bytes leftover after parsing attributes in process `syz.1.982'.
[  214.952534][ T9329] netlink: 12 bytes leftover after parsing attributes in process `syz.0.986'.
[  215.020236][ T9329] bond9: entered promiscuous mode
[  215.025847][ T9329] 8021q: adding VLAN 0 to HW filter on device bond9
[  215.454373][ T9347] lo speed is unknown, defaulting to 1000
[  215.693938][   T29] audit: type=1804 audit(1741366387.707:2): pid=9354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.992" name="/newroot/207/cgroup.controllers" dev="tmpfs" ino=1074 res=1 errno=0
[  215.718601][   T29] audit: type=1800 audit(1741366387.737:3): pid=9354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.992" name="cgroup.controllers" dev="tmpfs" ino=1074 res=0 errno=0
[  215.998120][ T9361] netlink: 'syz.2.993': attribute type 1 has an invalid length.
[  216.388943][ T9375] lo speed is unknown, defaulting to 1000
[  216.497192][ T9383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1001'.
[  216.528865][ T9383] netlink: 'syz.2.1001': attribute type 1 has an invalid length.
[  216.906750][ T9389] lo speed is unknown, defaulting to 1000
[  217.125291][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  217.191594][ T9397] ip6tnl1: entered promiscuous mode
[  217.203626][ T9398] x_tables: duplicate entry at hook 2
[  217.227435][ T9397] ip6tnl1: entered allmulticast mode
[  217.249241][ T9397] team0: Device ip6tnl1 is of different type
[  217.604827][ T9404] netlink: 'syz.4.1007': attribute type 6 has an invalid length.
[  217.692197][ T9406] __nla_validate_parse: 8 callbacks suppressed
[  217.692214][ T9406] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1008'.
[  217.719460][ T9408] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1009'.
[  217.902098][ T9420] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1008'.
[  217.929266][ T9406] 8021q: adding VLAN 0 to HW filter on device bond10
[  217.964361][ T9417] 8021q: adding VLAN 0 to HW filter on device batadv6
[  218.016633][ T9417] bond10: (slave batadv6): Enslaving as an active interface with an up link
[  218.135658][ T9420] vlan3: entered promiscuous mode
[  218.145726][ T9427] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  218.166067][ T9420] bond10: entered promiscuous mode
[  218.177987][ T9420] batadv6: entered promiscuous mode
[  218.217284][ T9429] FAULT_INJECTION: forcing a failure.
[  218.217284][ T9429] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.235252][ T9429] CPU: 1 UID: 0 PID: 9429 Comm: syz.2.1015 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  218.235279][ T9429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  218.235291][ T9429] Call Trace:
[  218.235299][ T9429]  <TASK>
[  218.235306][ T9429]  dump_stack_lvl+0x241/0x360
[  218.235336][ T9429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.235358][ T9429]  ? __pfx__printk+0x10/0x10
[  218.235390][ T9429]  should_fail_ex+0x40a/0x550
[  218.235424][ T9429]  _copy_to_user+0x31/0xb0
[  218.235453][ T9429]  bpf_test_finish+0x59c/0x890
[  218.235488][ T9429]  ? __pfx_bpf_test_finish+0x10/0x10
[  218.235521][ T9429]  ? bpf_test_init+0x137/0x160
[  218.235549][ T9429]  bpf_prog_test_run_xdp+0x8f4/0x11e0
[  218.235583][ T9429]  ? __pfx_lock_release+0x10/0x10
[  218.235622][ T9429]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  218.235661][ T9429]  ? __fget_files+0x2a/0x410
[  218.235691][ T9429]  ? __fget_files+0x2a/0x410
[  218.235721][ T9429]  ? fput+0x21b/0x290
[  218.235746][ T9429]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  218.235774][ T9429]  bpf_prog_test_run+0x2e4/0x360
[  218.235804][ T9429]  __sys_bpf+0x487/0x820
[  218.235832][ T9429]  ? __pfx___sys_bpf+0x10/0x10
[  218.235867][ T9429]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  218.235905][ T9429]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  218.235932][ T9429]  ? do_syscall_64+0x100/0x230
[  218.235955][ T9429]  __x64_sys_bpf+0x7c/0x90
[  218.235977][ T9429]  do_syscall_64+0xf3/0x230
[  218.236006][ T9429]  ? clear_bhb_loop+0x35/0x90
[  218.236032][ T9429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.236054][ T9429] RIP: 0033:0x7fc019d8d169
[  218.236070][ T9429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.236085][ T9429] RSP: 002b:00007fc01ac15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  218.236104][ T9429] RAX: ffffffffffffffda RBX: 00007fc019fa5fa0 RCX: 00007fc019d8d169
[  218.236117][ T9429] RDX: 0000000000000050 RSI: 0000400000000200 RDI: 000000000000000a
[  218.236128][ T9429] RBP: 00007fc01ac15090 R08: 0000000000000000 R09: 0000000000000000
[  218.236138][ T9429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  218.236149][ T9429] R13: 0000000000000000 R14: 00007fc019fa5fa0 R15: 00007ffda4f041e8
[  218.236178][ T9429]  </TASK>
[  218.924313][ T9449] openvswitch: netlink: IPv4 tunnel dst address is zero
[  219.042620][ T9450] lo speed is unknown, defaulting to 1000
[  219.428944][ T9464] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1028'.
[  219.443401][ T9464] vti0: entered promiscuous mode
[  219.558563][ T9433] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1017'.
[  219.695529][ T9472] FAULT_INJECTION: forcing a failure.
[  219.695529][ T9472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.754745][ T9473] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  219.778678][ T9472] CPU: 0 UID: 0 PID: 9472 Comm: syz.2.1031 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  219.778713][ T9472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  219.778725][ T9472] Call Trace:
[  219.778732][ T9472]  <TASK>
[  219.778740][ T9472]  dump_stack_lvl+0x241/0x360
[  219.778794][ T9472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.778817][ T9472]  ? __pfx__printk+0x10/0x10
[  219.778845][ T9472]  ? snprintf+0xda/0x120
[  219.778880][ T9472]  should_fail_ex+0x40a/0x550
[  219.778916][ T9472]  _copy_to_user+0x31/0xb0
[  219.778947][ T9472]  simple_read_from_buffer+0xca/0x150
[  219.778979][ T9472]  proc_fail_nth_read+0x1e9/0x250
[  219.779012][ T9472]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  219.779045][ T9472]  ? rw_verify_area+0x243/0x630
[  219.779067][ T9472]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  219.779099][ T9472]  vfs_read+0x1f8/0xb40
[  219.779130][ T9472]  ? fdget_pos+0x254/0x320
[  219.779161][ T9472]  ? __pfx___mutex_lock+0x10/0x10
[  219.779188][ T9472]  ? __pfx_vfs_read+0x10/0x10
[  219.779213][ T9472]  ? __fget_files+0x2a/0x410
[  219.779245][ T9472]  ? __fget_files+0x395/0x410
[  219.779273][ T9472]  ? __fget_files+0x2a/0x410
[  219.779312][ T9472]  ksys_read+0x18f/0x2b0
[  219.779336][ T9472]  ? __pfx_ksys_read+0x10/0x10
[  219.779359][ T9472]  ? do_syscall_64+0x100/0x230
[  219.779388][ T9472]  ? do_syscall_64+0xb6/0x230
[  219.779416][ T9472]  do_syscall_64+0xf3/0x230
[  219.779441][ T9472]  ? clear_bhb_loop+0x35/0x90
[  219.779485][ T9472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.779513][ T9472] RIP: 0033:0x7fc019d8bb7c
[  219.779531][ T9472] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  219.779548][ T9472] RSP: 002b:00007fc01ac15030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  219.779569][ T9472] RAX: ffffffffffffffda RBX: 00007fc019fa5fa0 RCX: 00007fc019d8bb7c
[  219.779583][ T9472] RDX: 000000000000000f RSI: 00007fc01ac150a0 RDI: 0000000000000004
[  219.779595][ T9472] RBP: 00007fc01ac15090 R08: 0000000000000000 R09: 0000000000000000
[  219.779608][ T9472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  219.779624][ T9472] R13: 0000000000000000 R14: 00007fc019fa5fa0 R15: 00007ffda4f041e8
[  219.779655][ T9472]  </TASK>
[  219.787243][ T9473] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  220.115954][ T9482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1034'.
[  220.124907][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1034'.
[  220.165344][ T9482] netlink: 'syz.2.1034': attribute type 1 has an invalid length.
[  220.205437][ T9482] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1034'.
[  220.222605][ T9474] lo speed is unknown, defaulting to 1000
[  220.418090][ T9487] openvswitch: netlink: ERSPAN option length err (len 4096, max 255).
[  220.626074][ T9488] lo speed is unknown, defaulting to 1000
[  220.725200][ T9495] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1040'.
[  220.790426][ T9498] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1041'.
[  220.823805][ T9498] vti1: entered promiscuous mode
[  220.851612][ T9502] FAULT_INJECTION: forcing a failure.
[  220.851612][ T9502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.896287][ T9502] CPU: 1 UID: 0 PID: 9502 Comm: syz.2.1042 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  220.896311][ T9502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  220.896322][ T9502] Call Trace:
[  220.896329][ T9502]  <TASK>
[  220.896337][ T9502]  dump_stack_lvl+0x241/0x360
[  220.896363][ T9502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  220.896384][ T9502]  ? __pfx__printk+0x10/0x10
[  220.896405][ T9502]  ? __pfx_lock_release+0x10/0x10
[  220.896431][ T9502]  ? __lock_acquire+0x1397/0x2100
[  220.896465][ T9502]  should_fail_ex+0x40a/0x550
[  220.896496][ T9502]  _copy_from_user+0x2d/0xb0
[  220.896520][ T9502]  kstrtouint_from_user+0xc6/0x190
[  220.896543][ T9502]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  220.896566][ T9502]  ? __pfx_lock_acquire+0x10/0x10
[  220.896602][ T9502]  proc_fail_nth_write+0xaa/0x2d0
[  220.896627][ T9502]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  220.896650][ T9502]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  220.896680][ T9502]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  220.896707][ T9502]  vfs_write+0x29f/0xd10
[  220.896734][ T9502]  ? fdget_pos+0x254/0x320
[  220.896764][ T9502]  ? __pfx_vfs_write+0x10/0x10
[  220.896786][ T9502]  ? __fget_files+0x2a/0x410
[  220.896812][ T9502]  ? __fget_files+0x395/0x410
[  220.896834][ T9502]  ? __fget_files+0x2a/0x410
[  220.896867][ T9502]  ksys_write+0x18f/0x2b0
[  220.896888][ T9502]  ? __pfx_ksys_write+0x10/0x10
[  220.896904][ T9502]  ? trace_sys_enter+0x74/0x120
[  220.896921][ T9502]  ? rcu_is_watching+0x15/0xb0
[  220.896941][ T9502]  ? trace_sys_enter+0x25/0x120
[  220.896962][ T9502]  do_syscall_64+0xf3/0x230
[  220.896984][ T9502]  ? clear_bhb_loop+0x35/0x90
[  220.897011][ T9502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.897035][ T9502] RIP: 0033:0x7fc019d8bc1f
[  220.897051][ T9502] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  220.897066][ T9502] RSP: 002b:00007fc01ac15030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  220.897084][ T9502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc019d8bc1f
[  220.897097][ T9502] RDX: 0000000000000001 RSI: 00007fc01ac150a0 RDI: 0000000000000005
[  220.897108][ T9502] RBP: 00007fc01ac15090 R08: 0000000000000000 R09: 0000000000000000
[  220.897118][ T9502] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  220.897128][ T9502] R13: 0000000000000000 R14: 00007fc019fa5fa0 R15: 00007ffda4f041e8
[  220.897155][ T9502]  </TASK>
[  221.729725][ T9520] 8021q: adding VLAN 0 to HW filter on device bond6
[  221.879251][ T9524] 8021q: adding VLAN 0 to HW filter on device batadv6
[  221.909746][ T9524] bond6: (slave batadv6): Enslaving as an active interface with an up link
[  221.971390][ T9520] vlan3: entered promiscuous mode
[  222.010892][ T9520] bond6: entered promiscuous mode
[  222.016411][ T9520] batadv6: entered promiscuous mode
[  222.461779][ T9547] lo: entered allmulticast mode
[  222.486238][ T9546] lo: left allmulticast mode
[  222.761528][ T9558] lo speed is unknown, defaulting to 1000
[  223.009034][ T9563] __nla_validate_parse: 8 callbacks suppressed
[  223.009053][ T9563] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1059'.
[  223.945944][ T9553] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1057'.
[  223.954960][ T9553] lo: left promiscuous mode
[  223.977525][ T9553] tunl0: left promiscuous mode
[  223.982851][ T9553] gre0: left promiscuous mode
[  224.006158][ T9553] gretap0: left promiscuous mode
[  224.011664][ T9553] erspan0: left promiscuous mode
[  224.027199][ T9553] ip_vti0: left promiscuous mode
[  224.036209][ T9553] ip6_vti0: left promiscuous mode
[  224.041794][ T9553] sit0: left promiscuous mode
[  224.066138][ T9553] ip6tnl0: left promiscuous mode
[  224.076307][ T9553] ip6gre0: left promiscuous mode
[  224.083334][ T9553] ip6gretap0: left promiscuous mode
[  224.106237][ T9553] bridge0: left promiscuous mode
[  224.115717][ T9553] bond0: left promiscuous mode
[  224.120521][ T9553] bond_slave_0: left promiscuous mode
[  224.135517][ T9604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1074'.
[  224.148091][ T9604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1074'.
[  224.158798][ T9553] bond_slave_1: left promiscuous mode
[  224.170042][ T9604] netlink: 'syz.3.1074': attribute type 1 has an invalid length.
[  224.187222][ T9604] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1074'.
[  224.206395][ T9553] team0: left promiscuous mode
[  224.211204][ T9553] team_slave_0: left promiscuous mode
[  224.237262][ T9553] team_slave_1: left promiscuous mode
[  224.243540][ T9553] dummy0: left promiscuous mode
[  224.279945][ T9553] nlmon0: left promiscuous mode
[  224.301663][ T9553] caif0: left promiscuous mode
[  224.315249][ T9553] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  224.574889][ T9614] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1077'.
[  224.660813][ T9614] vti1: entered promiscuous mode
[  224.672312][ T9617] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge_slave_0, syncid = 2, id = 0
[  224.815611][ T9624] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1081'.
[  224.850622][ T9624] unsupported nlmsg_type 40
[  224.891480][ T9624] macsec1: entered promiscuous mode
[  224.900996][ T9624] gretap0: entered promiscuous mode
[  224.917983][ T9624] gretap0: left promiscuous mode
[  224.996024][ T9635] lo speed is unknown, defaulting to 1000
[  225.177727][ T9642] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1084'.
[  225.257756][ T9642] 8021q: adding VLAN 0 to HW filter on device bond7
[  225.273771][ T9645] 8021q: adding VLAN 0 to HW filter on device batadv7
[  225.293594][ T9645] bond7: (slave batadv7): Enslaving as an active interface with an up link
[  225.294707][ T9642] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1084'.
[  225.347637][ T9642] vlan4: entered promiscuous mode
[  225.352713][ T9642] bond7: entered promiscuous mode
[  225.358405][ T9642] batadv7: entered promiscuous mode
[  225.806583][ T9669] lo speed is unknown, defaulting to 1000
[  226.146678][ T9681] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1099'.
[  226.187273][ T9681] 8021q: adding VLAN 0 to HW filter on device bond11
[  226.315525][ T9681] 8021q: adding VLAN 0 to HW filter on device batadv7
[  226.382383][ T9681] bond11: (slave batadv7): Enslaving as an active interface with an up link
[  226.961844][ T9707] lo speed is unknown, defaulting to 1000
[  227.651829][ T9730] 8021q: adding VLAN 0 to HW filter on device bond10
[  227.669292][ T9730] 8021q: adding VLAN 0 to HW filter on device batadv7
[  227.677724][ T9730] bond10: (slave batadv7): Enslaving as an active interface with an up link
[  227.862929][ T9741] vti2: entered promiscuous mode
[  228.091740][ T9751] __nla_validate_parse: 11 callbacks suppressed
[  228.091759][ T9751] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1118'.
[  229.124421][ T9779] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1128'.
[  229.124742][ T9776] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1126'.
[  229.149692][ T9783] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1130'.
[  229.189095][ T9783] vti2: entered promiscuous mode
[  229.594096][ T9803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1139'.
[  229.972864][ T9819] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1144'.
[  230.014978][ T9819] vti1: entered promiscuous mode
[  230.101944][ T9824] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1146'.
[  230.205912][ T9824] 8021q: adding VLAN 0 to HW filter on device bond5
[  230.241887][ T9827] 8021q: adding VLAN 0 to HW filter on device batadv4
[  230.272670][ T9830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1149'.
[  230.283677][ T9830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1149'.
[  230.292891][ T9830] netlink: 'syz.0.1149': attribute type 1 has an invalid length.
[  230.302462][ T9830] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1149'.
[  230.314973][ T9827] bond5: (slave batadv4): Enslaving as an active interface with an up link
[  230.804625][ T9872] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  230.997213][ T9910] sctp: [Deprecated]: syz.4.1160 (pid 9910) Use of struct sctp_assoc_value in delayed_ack socket option.
[  230.997213][ T9910] Use struct sctp_sack_info instead
[  231.026270][ T9913] netlink: 'syz.3.1163': attribute type 1 has an invalid length.
[  231.069044][ T9890] sctp: [Deprecated]: syz.4.1160 (pid 9890) Use of struct sctp_assoc_value in delayed_ack socket option.
[  231.069044][ T9890] Use struct sctp_sack_info instead
[  231.124536][ T9913] 8021q: adding VLAN 0 to HW filter on device bond12
[  231.189131][ T9914] bond12: (slave ip6gretap1): making interface the new active one
[  231.228505][ T9914] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  231.257733][ T9917] netlink: 'syz.4.1164': attribute type 1 has an invalid length.
[  231.265998][ T9914] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  231.284132][ T9914] bond12: (slave ip6gretap1): Enslaving as an active interface with an up link
[  231.318520][ T9899] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  231.328865][ T5888] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  231.365502][ T9898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  231.495326][ T5888] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  231.994109][ T9938] lo speed is unknown, defaulting to 1000
[  232.115564][ T9944] netlink: 'syz.2.1176': attribute type 1 has an invalid length.
[  232.215573][ T9898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  232.488369][ T9898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  232.508921][ T9898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  232.807146][ T9966] pimreg: entered allmulticast mode
[  232.866607][ T9965] pimreg: left allmulticast mode
[  233.025621][ T5887] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  233.174065][ T9985] __nla_validate_parse: 11 callbacks suppressed
[  233.174085][ T9985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1190'.
[  233.192417][ T9985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1190'.
[  233.229862][ T9985] netlink: 'syz.1.1190': attribute type 1 has an invalid length.
[  233.272334][ T9985] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1190'.
[  233.621578][T10006] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1199'.
[  233.642474][T10003] lo speed is unknown, defaulting to 1000
[  234.631252][T10066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1215'.
[  235.031639][T10075] pim6reg1: entered promiscuous mode
[  235.059773][T10075] pim6reg1: entered allmulticast mode
[  235.244579][T10087] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1221'.
[  235.552713][T10102] lo speed is unknown, defaulting to 1000
[  235.865806][T10120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1230'.
[  235.925796][T10120] vlan0: entered allmulticast mode
[  235.961734][T10120] hsr0: entered allmulticast mode
[  235.983575][T10120] hsr_slave_0: entered allmulticast mode
[  236.010581][T10120] hsr_slave_1: entered allmulticast mode
[  236.037185][T10120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1230'.
[  236.529685][T10120] syz.1.1230 (10120) used greatest stack depth: 18512 bytes left
[  236.726975][ T9904] ip6_tnl_xmit_ctl: 3 callbacks suppressed
[  236.726996][ T9904] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  236.765994][T10144] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000197: 0000 [#1] PREEMPT SMP KASAN PTI
[  236.778621][T10144] KASAN: null-ptr-deref in range [0x0000000000000cb8-0x0000000000000cbf]
[  236.787045][T10144] CPU: 1 UID: 0 PID: 10144 Comm: syz.0.1238 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  236.797817][T10144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  236.805495][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  236.807867][T10144] RIP: 0010:bpf_map_offload_map_alloc+0x19a/0x910
[  236.822038][T10144] Code: 48 89 44 24 30 42 80 3c 20 00 74 08 48 89 df e8 ac e6 3b 00 48 89 5c 24 18 4c 89 2b 49 8d 9d bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 df 06 00 00 0f b6 1b 31 ff 89 de e8 dd
[  236.841642][T10144] RSP: 0018:ffffc90002ef7bc0 EFLAGS: 00010203
[  236.847710][T10144] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000080000
[  236.855677][T10144] RDX: ffffc90004b22000 RSI: 000000000000006e RDI: 000000000000006f
[  236.863639][T10144] RBP: ffffc90002ef7cd8 R08: ffffffff903d0b77 R09: 1ffffffff207a16e
[  236.871602][T10144] R10: dffffc0000000000 R11: fffffbfff207a16f R12: dffffc0000000000
[  236.879569][T10144] R13: 0000000000000000 R14: ffff888033f38000 R15: 1ffff920005def80
[  236.887542][T10144] FS:  00007f1d734736c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  236.896473][T10144] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  236.903056][T10144] CR2: 00007f1d73472f98 CR3: 000000005c7ce000 CR4: 00000000003526f0
[  236.911030][T10144] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  236.919001][T10144] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  236.926968][T10144] Call Trace:
[  236.930244][T10144]  <TASK>
[  236.933175][T10144]  ? __die_body+0x5f/0xb0
[  236.937515][T10144]  ? die_addr+0xb0/0xe0
[  236.941704][T10144]  ? exc_general_protection+0x3dd/0x5d0
[  236.947263][T10144]  ? asm_exc_general_protection+0x26/0x30
[  236.952986][T10144]  ? bpf_map_offload_map_alloc+0x19a/0x910
[  236.958793][T10144]  ? __pfx_bpf_map_offload_map_alloc+0x10/0x10
[  236.964963][T10144]  ? __pfx___might_resched+0x10/0x10
[  236.970249][T10144]  ? __might_fault+0xaa/0x120
[  236.974928][T10144]  ? __pfx_lock_release+0x10/0x10
[  236.979955][T10144]  ? array_map_alloc_check+0x287/0x350
[  236.985434][T10144]  map_create+0x946/0x11c0
[  236.989853][T10144]  __sys_bpf+0x6d3/0x820
[  236.994272][T10144]  ? __pfx___sys_bpf+0x10/0x10
[  236.999132][T10144]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  237.005115][T10144]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  237.011467][T10144]  ? exc_page_fault+0x590/0x8b0
[  237.016317][T10144]  __x64_sys_bpf+0x7c/0x90
[  237.020736][T10144]  do_syscall_64+0xf3/0x230
[  237.025239][T10144]  ? clear_bhb_loop+0x35/0x90
[  237.029923][T10144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.035819][T10144] RIP: 0033:0x7f1d7258d169
[  237.040231][T10144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.059837][T10144] RSP: 002b:00007f1d73473038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  237.068248][T10144] RAX: ffffffffffffffda RBX: 00007f1d727a5fa0 RCX: 00007f1d7258d169
[  237.076211][T10144] RDX: 0000000000000031 RSI: 0000400000000080 RDI: 0000000000000000
[  237.084177][T10144] RBP: 00007f1d7260e2a0 R08: 0000000000000000 R09: 0000000000000000
[  237.092140][T10144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  237.100105][T10144] R13: 0000000000000001 R14: 00007f1d727a5fa0 R15: 00007ffd022f1b98
[  237.108098][T10144]  </TASK>
[  237.111112][T10144] Modules linked in:
[  237.115942][T10144] ---[ end trace 0000000000000000 ]---
[  237.158372][T10084] Bluetooth: hci4: command 0x0405 tx timeout
[  237.164513][T10144] RIP: 0010:bpf_map_offload_map_alloc+0x19a/0x910
[  237.203619][T10144] Code: 48 89 44 24 30 42 80 3c 20 00 74 08 48 89 df e8 ac e6 3b 00 48 89 5c 24 18 4c 89 2b 49 8d 9d bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 df 06 00 00 0f b6 1b 31 ff 89 de e8 dd
[  237.246456][T10144] RSP: 0018:ffffc90002ef7bc0 EFLAGS: 00010203
[  237.252579][T10144] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000080000
[  237.261017][T10144] RDX: ffffc90004b22000 RSI: 000000000000006e RDI: 000000000000006f
[  237.269222][T10144] RBP: ffffc90002ef7cd8 R08: ffffffff903d0b77 R09: 1ffffffff207a16e
[  237.277660][T10144] R10: dffffc0000000000 R11: fffffbfff207a16f R12: dffffc0000000000
[  237.285894][T10144] R13: 0000000000000000 R14: ffff888033f38000 R15: 1ffff920005def80
[  237.294026][T10144] FS:  00007f1d734736c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  237.303224][T10144] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  237.310201][T10144] CR2: 00007f1d73452d58 CR3: 000000005c7ce000 CR4: 00000000003526f0
[  237.318403][T10144] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  237.326653][T10144] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  237.334728][T10144] Kernel panic - not syncing: Fatal exception
[  237.341054][T10144] Kernel Offset: disabled
[  237.345395][T10144] Rebooting in 86400 seconds..