last executing test programs:

2.459275893s ago: executing program 1 (id=18868):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000001850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)

2.447751634s ago: executing program 1 (id=18871):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000000))
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req={0x9, 0x7, 0x203, 0x7}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@ipv6_delrule={0x24, 0x21, 0x129, 0x40000, 0x25dfdbff, {}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e23, 0x4e23}}]}, 0x24}}, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0xcde, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x2, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000380)={0x1c, r6, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40480d0}, 0x40)
setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_gstrings={0xf}})
ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000280)=""/39, 0x27}, {&(0x7f0000000480)=""/179, 0xb3}, {&(0x7f00000002c0)=""/4, 0x4}, {&(0x7f0000000540)=""/240, 0xf0}, {&(0x7f0000000680)=""/199, 0xc7}, {&(0x7f0000000340)}, {&(0x7f0000000780)=""/56, 0x38}, {&(0x7f00000007c0)=""/210, 0xd2}, {&(0x7f00000008c0)=""/50, 0x32}, {&(0x7f0000000900)=""/223, 0xdf}], 0xa}, 0x20)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r0, 0x111, 0x2, 0x1, 0x4)
close(0x4)

2.446934394s ago: executing program 0 (id=18872):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010"], 0x30}, 0x1, 0x0, 0x0, 0xc004}, 0x0) (fail_nth: 6)

2.443870686s ago: executing program 2 (id=18874):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000fddbdf254f00000008000300", @ANYRES32=r2, @ANYBLOB="40007a800c00030090cac76a"], 0x5c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10)

2.443643366s ago: executing program 2 (id=18875):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
syz_emit_ethernet(0x56, &(0x7f0000000880)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "01044a", 0x20, 0x3a, 0xff, @remote, @private0, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, '\x00\x00\x00\x00\x00\x00'}]}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x8, 0x4, 0x4, 0x5, 0x2004}, 0x50)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x112, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0xb, 0x1, 0x0, r0}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.443389499s ago: executing program 0 (id=18876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180000000000000000008000540000000000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2400000001040500000000000000000000000000060006400003000005000100010000008783ffc92f29f7240bb69ca6153fab8c2228ec77cfdfeb9b4aa0af583cff1146ed5aad4b941ff6c5734804d0795173748e8c2a0a83fb1470bc230864b76349ae91ffccb4099d659014d2bae0a87073cf567f9fa2994a76d21ae12c2c9eb9f5935333904614b6b9dff2f0d338ef845d7133e71a90a01f3e690943b50c951aeca3836ca56147aa7fd6c0dc74cb429ac58f284b710735f87d7362b0bf5d4e25fa7b8b49a6b5d4d67c194cde6a4ba03c188c73b8a95eed8e"], 0x24}}, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0xcf)
ioctl$SIOCAX25OPTRT(r2, 0x89e7, &(0x7f00000000c0)={@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, 0x56})
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r3, 0x8947, &(0x7f00000002c0)={'bond0\x00', 0x8407})
r4 = socket(0x10, 0x803, 0x0)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x4}, 0x68)

1.276773356s ago: executing program 0 (id=18878):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x8, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x10}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6(0xa, 0x80003, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x1f, 0x6, 0x588, 0x0, 0x370, 0x370, 0x258, 0x370, 0x580, 0x580, 0x580, 0x580, 0x580, 0x6, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @local, [0xff000000, 0xff, 0xff000000, 0x1e67d6ff2976e25a], [0x0, 0xff000000, 0xffffffff], 'erspan0\x00', 'team_slave_0\x00', {}, {}, 0x3b, 0x5, 0x1, 0x7}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@icmp6={{0x28}, {0xb, "0c83", 0x1}}, @inet=@rpfilter={{0x28}, {0xa}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ipv6={@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xffffff00, 0xffffff00, 0xff000000], [0x0, 0xffffff00, 0xff000000, 0xff], 'veth0_to_team\x00', 'netpci0\x00', {}, {0xff}, 0x3a, 0x4, 0x4, 0x2}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0xb, 0x8, @ipv6=@mcast2, 0x4e23}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @empty, [0x0, 0xff000000, 0x0, 0xffffffff], [0xffffffff, 0xffffffff, 0xffffff00], 'erspan0\x00', 'netpci0\x00', {}, {0xff}, 0x7b, 0xb6, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv4=@loopback, 0x17, 0x34, 0x5}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @loopback}, @ipv4=@multicast2, 0x5, 0x1, 0x8}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2b}, @mcast2, [0xa9fb7d5bb2563bc9, 0xffffff00, 0xffffffff, 0xff000000], [0xffffffff, 0xff, 0x0, 0xff000000], 'wlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x1, 0x9e, 0x2, 0x1}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5e8)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f00000000c0)={0x1d, r8}, 0x18)
sendmsg$can_j1939(r7, &(0x7f0000000100)={&(0x7f0000000040)={0x1d, r8, 0x2, {0x2, 0xf0, 0x1}, 0x1}, 0x18, &(0x7f0000000080)={&(0x7f0000000180)="7cb516ccad1c0c489e8178350df380b25006a72eb3c6353604f093d5f34963cb4fa984fbf77e2f48b5c739139d77126ed4c8b0b44df693a6645f5bde28fc907b1e4e7484282c8c81a5e818eb7ed9d7ea3765ddb249468579f2936eba9a0dcc94e9666359fc87423c3e7887d68d6cde895fec6c478d17c4870ad0de5f76547dd37349802f1ea467", 0x87}, 0x1, 0x0, 0x0, 0xc000}, 0x40001)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRES8=r5, @ANYRESHEX=0x0, @ANYRES32=r5, @ANYRES32=r3, @ANYRES64=r7], 0x34}}, 0xea5bc50b6199df7e)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x4c}}, 0x800)

1.275777314s ago: executing program 1 (id=18879):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000a40)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}, 0xcf, &(0x7f00000002c0)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}, {{&(0x7f0000000a00)={0xa, 0x4e23, 0x8000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000340)='$', 0x1}], 0x1}}], 0x2, 0x40408d1)
shutdown(r1, 0x1) (async)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x82, &(0x7f00000001c0)=@sack_info={0x0, 0xffff, 0x8}, &(0x7f0000000200)=0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x80)

1.273627633s ago: executing program 2 (id=18880):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r1, &(0x7f0000001600), 0x0}, 0x20)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x250, [], 0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000100000000000000000000000000000002000000000ffffffff0000000000000000000000000000050000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffff"]}, 0x131)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x60, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0xa, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}]}]}, 0x60}}, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000880)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180200000040000000b97d9314000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, r3}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), r0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r3, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
r10 = socket(0xa, 0x1, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000340)={'lo\x00', <r12=>0x0})
sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@bridge_delneigh={0x3c, 0x1c, 0xc07, 0x70bd2b, 0x25dfdbfb, {0x2, 0x0, 0x0, r12, 0x40, 0x20, 0xa}, [@NDA_DST_IPV6={0x14, 0x1, @loopback}, @NDA_LLADDR={0x9, 0x2, @local}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x20024090)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000280)={'wg2\x00', <r13=>0x0})
sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00042dbd7000fddbdf25020000bb700002000000000008f30000", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r12, @ANYBLOB="08000100", @ANYRES32=r13, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="080008000100000005000d001f000000"], 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r2}, 0x20)
sendmmsg$inet6(r2, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="01", 0xfffffe9c}], 0x1}}], 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r14 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
listen(r14, 0x200026)
listen(r14, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00'})

1.273254111s ago: executing program 3 (id=18881):
r0 = socket(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x0, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {0x0, 0x32000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {0x8001}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {0x0, 0xaa}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4, 0x0, 0x0, 0x449b}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {0x100}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0)

1.154515383s ago: executing program 1 (id=18883):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xffffffffffff8000}, @NFTA_LIMIT_FLAGS={0x8}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x7ff}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x8c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000706010800000000000000000000000005000100060000001225bd8723bc975ed57f87"], 0x1c}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x14, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x10}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x11}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r6=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00", @ANYRES16=r9, @ANYRES32=r9], 0x44}}, 0x2000800)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r6, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x100, 0x70bd28, 0x0, {0x60, 0x0, 0x0, 0x0, {0x5, 0xfff2}, {0xc, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0x8f}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000080)=0x9, 0x4)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={<r12=>0x0, 0xab}, &(0x7f0000001080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r11, 0x84, 0xa, &(0x7f00000010c0)={0x1ff, 0xac81, 0x8001, 0x8, 0x3, 0xff, 0x40, 0x1, r12}, 0x20)
getsockopt$bt_hci(r11, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
recvmmsg(r1, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f00000002c0)=""/127, 0x7f}, {&(0x7f00000016c0)=""/4096, 0x1000}], 0x2}, 0x400}], 0x1, 0x20, 0x0)

1.103057037s ago: executing program 4 (id=18884):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000001850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)

1.01332914s ago: executing program 3 (id=18885):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfc8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979e29857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37ceff9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f0800000000000000af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed210d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734f87da3770845cf442d488afdc0e170000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bbf8ab9c691841ab0931d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f080091c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efde0142cf90ff668b9757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c2f56855b18f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55d02d48e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cffe6740f90735f66ca54fd87800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc604d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a37870000000000000000000000000000000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7da88d2489fb000a4aa838f911c1a869fa55e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e357e0cbed29faef19c0082e26fb867bf0ff0099d71bb0d2f443e77a44e8c4b0455d95b19c73ef4c98f775aad9e1b317b3cc48f7ad1d82ea6ad6c3c7d943fb0157c250e2ba56301e25c19a7e37ce880bed8a8e1538560f2be7d4cca6539277505826bd61bad2bcd4914344d4a27b29d2eb89bdc7a702e485d68c04e8f6b05336bf8d8e116605eaf375a592fe2382763c3cba76a0e4029dad5d37dd77abb1b7d2e2de23a4131e45ed81123ad6fa4f8b92c47e00000000000000774c"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x6000002c, &(0x7f0000000100)="b9ff03316844268cb89e14f008004ce0003020002000008877fbac141416e000030a89079f03b180ff83080520e0845013f2325f004408050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014c0000c0adc043084617d7ecf41effff38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d7da058f6efa6d1f5f7ff400"/254, 0x0, 0xfe, 0x60000000, 0x0, 0xfffffffe, &(0x7f0000000000), &(0x7f0000000000), 0xe72}, 0x2c)

986.632764ms ago: executing program 0 (id=18886):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8}, @NFTA_BITWISE_DREG={0x8}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "cc"}]}], {0x14}}, 0x94}}, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000ff908500", @ANYRES32=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r4}, 0xc)
sendmsg$key(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2, 0xe, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e20, 0x922, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xb15e}}]}, 0x50}}, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r1, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9848519def38491bbc4173c3c6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e0000ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f", 0x10d}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c8442", 0x18}], 0x3}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000fc0)="31fdffffffffffffff74098b2e5e55a1828636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6d10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba999d89d0c5d7c9c8c569334e9547e1e343b451d9025c4e153612d4674b9411fb4de29559900bcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a487b0d736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0", 0xdb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9", 0xb2}], 0x1}}], 0x3, 0x2090)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)

912.688877ms ago: executing program 4 (id=18887):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000fddbdf254f00000008000300", @ANYRES32=r2, @ANYBLOB="40007a800c00030090cac76a"], 0x5c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10)

740.098068ms ago: executing program 3 (id=18888):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x3a, 0x1, 0x270bd24, 0x25dfdbf8, {0x11}}, 0x14}}, 0x4000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r1, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffff70, &(0x7f0000001440)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffcac, 0xfffffffffffffffd}}, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_icmp(0x2, 0x2, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
close(0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000700000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

723.012327ms ago: executing program 4 (id=18889):
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="f7850addcfbe1fbb66ec", 0xff3b}], 0x13, 0x1)
setsockopt$MRT_TABLE(r0, 0x0, 0xcf, &(0x7f0000000000)=0xffffffff, 0x4)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000180)={'wlan1\x00', &(0x7f0000000100)=@ethtool_dump={0x3f, 0x3c5, 0x6}})
r2 = socket(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f00000022c0)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f0000000a0000000d0085a168d0bf46d32345653600648d04000b000209000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000402160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)

628.701229ms ago: executing program 0 (id=18890):
unshare(0x22020600)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000280)={{0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'nq\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x2000, 0xc24, 0x9, 0xfffffff9}}, 0x44)
r1 = socket$kcm(0x11, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x8b}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r5 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000240)=0x60)
accept$nfc_llcp(r5, &(0x7f0000000300), &(0x7f0000000380)=0x60)
sendmsg$sock(r1, &(0x7f00000000c0)={&(0x7f00000001c0)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4}}, 0x80, 0x0, 0x0, &(0x7f0000000080)=[@mark={{0x14, 0x1, 0x24, 0x4}}], 0x18}, 0x4000000)
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000100)=0x68)
socket$inet6_sctp(0xa, 0x1, 0x84)

528.617481ms ago: executing program 4 (id=18891):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000540)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="0300000000000000200012800800010067"], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000500)=ANY=[@ANYBLOB="840100001900010000000000000000001d0109004d00108025b57efaa223b473fe7783bc4a506cf756740574b89d316af9b5963870ef3391f3ac176f88d6e1db9b2bb2e5c90fa4eb2f71ebaede447dc8f6f61c6615fcf740adda4853b2d23adb370000001e0106"], 0x184}}, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000001b00), r2)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r1, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYRES64=r0], 0x54}, 0x1, 0x0, 0x0, 0x24004091}, 0xc4)
bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfe, 0x2000000}, 0xc)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$TIPC_MCAST_REPLICAST(r5, 0x10f, 0x86)
write(r5, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14)
recvmmsg(r5, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
ioctl$int_out(r1, 0x2, &(0x7f0000000100))
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641", 0xb0}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af94642ab1557e286442cfa6a84ad931e99549640705cd6261ca7094910df055747e2e2ae170e7850093b", 0x12e}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd9", 0x44}], 0x3}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9c515a1c3ee25ace1a9948c24b277d0c9c46f948f8a3f98b1a18eff685b7296457ba31632fea4d8f817817026eeb76460dad4f677de73", 0xe8}, {&(0x7f0000000040)="754247378279", 0x6}, {&(0x7f0000000740)="b176d469f44ff7e206a24a3a5f3a112da355134ae64fde53dc0e681885ead332aa45811c0070066fb0e5cf5a9a4965475953e2a028", 0x35}], 0x3}}], 0x2, 0x2090)
close(0x3)

490.927639ms ago: executing program 3 (id=18892):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000140)={<r0=>0xffffffffffffffff, 0x4, 0x5, 0x8}) (async)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r2 = socket(0x15, 0x80005, 0x0)
getsockopt(r2, 0x200000000114, 0x2710, 0x0, &(0x7f0000000040)) (async)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$inet6(r3, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c) (async)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) (async)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000900)=[@in6={0xa, 0x4e23, 0x3f, @loopback, 0x5}], 0x1c) (async)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000580)={0x0, 0x3}, 0x8) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x10, &(0x7f0000000240)=@ringbuf={{0x18, 0x3, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x0, 0xff}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x5, 0x0, 0xb, 0x2, 0x0, 0x0, 0x14}, {}, {0x4}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x24}}, [@call={0x85, 0x0, 0x0, 0x6c}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0xa, 0xffb, &(0x7f0000001b00)=""/4091, 0x40f00, 0x9, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) (async, rerun: 64)
sendto$inet6(r0, &(0x7f00000006c0)="1337c854554eb213bc30e4259a58d98529fe128a83795b45887446f924483a5415733114c92f41f2eec9fbaeb63207370a04d9e159d359e3cf7a9014ee71c17db3a01925f334b3a3c6334b1a63ff8bd27fbbf6f75c765193036dbcfe58e0bed915ffb39e26e34540025b8a76d101d0e9cd7934542446877e1a80cf1a3d33d3074010f08b8c5ca28794d360c58948c14cc56198f083f20e4406a8957d673b94351e9efc3f71be03afd126a6f22a69d118f944fd7d577d739de04576e6f644aacbbe0d991d719dbcf268565df9a5c95f1ef5a4c8a4cd9cade32a977cd7f101415768113fc0783ce08d020ab430414abe183004d86b2280af03861114f735377b83b2bdbbc8f81429e692d7320ac1699319e6796bd04ae7e351fb6c134aa575f616940f1e03385d3431cfdd7e01be0922a67e887460ccdb4d9375fd8c2865b7cbc1ef01cc26f6f805eae2c264adf5890d27c2b7dd3b65f826811694bbe8f14e6f3ef6ce907a4e5ae1ab1bf51ffd0c2a7a36bd4dad04c94e6c28eb8e2f6253133c490828cc91b8aa69c78e2a85445d7c53d7def9adb66e8f3678e13f68a1ba14b830f011b0f3b002aa8013cf6d43ed87f976cdc283436b164b29e4a37f899b39850a8543dec9a09af52b06d1817a9fbc93322bf81a803f222fe6e79ce3020673808b537c77c978d7bdf1144fbfe96c7bb44f82c007175af8075fe81787521e7508e677292c7841594a010fdb775fc9908bc5af1a59c7285062e1f2e9747f7fffbb9a0964139e04545045a2d3c05f4c440d471be5101b48981501876fc982364054afb7779ce6f2182d2cfdb011c43f7beb8da226f7be1f61e4720b83a905549f1d215e8a0b338a180be3b2faba5640cad3983c085814f4aa9f6a1f61ef4345467f8fa9ef6177340a415bf1e73ce5955b4b464ee1092664128d39421f3f74b51ffa0678f71fa0eb2132fdac2c59cba045e737ece6080c690195aeedcfcdc623ac600e758061aa26b1564e846e19518b6b225284b998021027180fabd5ebbeae73c3d3431b84a7dde2a9c3b948616d4bc7bf46eceb6cfabc861bc39aa9cc262500b1d2ee7e0079d55ea8d9858e09b1bcef8e012a75a683f6b4f62b4785c16ea4745b4ad34937cb65e543ca374fe31948df1eb13ed208e03ab1387adc1faab2608d9b76585ba589572926180c3b9f0accf45885b38fe2bf67a21bb43e11a847fcbbfe9d4b5eefefd2484777493e8e6b6ee8b8039bc95b551a6d69074fc64460cc37e167a75a0b907128dc6f489d62ad4d68ecfe181d502e52819eb6587d10a19d601c3b471b07ff1e6afd70fba7cc34fdc346bcbd5533849912a3499168154b190f84dd057d6057664badb0a40ccddaf19ee21e5b23852af893d942dcb3d16d64c7b42b7a504a51ac7aeea73a311a493b014aa2cdf0d2f336135a8b0321e91c8103f7af579ddf1cfc67072e9307ecbaae1e777e9572c16c8f21878d7c0418a5eb41fa1345083e461debdffcfcc8ff612a37a78743eec976ed95cb2b661b52e98cc86a712db59b81b8f8a24cca9c09172e15dd1e37607200825f880e2f938ebd80d4dbcfaedf082418b2a42b8fb57171d78781aeb7a5261840352a3a61bebd0d6b2a82c268ae685faa6ab30cdb102591a4d97ffc4db8765429872963de111f98eda117a375b404424780ae9c666a414f1d88eebf613ed9276103dc09f3a5ac20d41be5a547c989be9da5f656444bbf5615eda7c0e55e91540206b5cc1293501321702d8b0dbd9ab93539eeca29189966c8b00d030d8476af643ab331c679a5d0683608c29aec91be15691007b85ded8961683be49560aa491e9216f4fe61ce10660e2dedfef71ce81de66f0bfc9655a4100e937fcddd0b4f6d36fa8bd2e887add4ee0beaa3c895a65897598573c8889eb04b0e575d99b05807d3bc3df596c32e18dfe7cb9c37d9485f2a380d9d39454bad0fd606445563fed80fddebb0512415e633d254f8ee708cfd83ff628944d706ec89dbc194708fa210e2e5902b86c2861e4050d758f242cd7d4f9f359f7e1cec8d4627cb3358736be46235ecad0eb13d0b1c253a1d502dab70a97a264781101b098c1e806fa21fa42c06ac451d89ac8b8ef6554f1bf1ef037ddf75fe6a74419d7b0e6e46a85deced3bd4f0464839b936c7e5eb551e1584951961aaaed893aea293aff2c618ce712ad0b9b3a26fcda80799e5464061f6b81194cb43ba01cb3cbfae482d89108321157bf6284bbfcd04ba6bc5390ecf172eb7c95cde35bcec32c3af1e90d9db75bbccbab3225ca75de40aa1a8fa66f53cb6adc00f024f44e251714d8f5e7d3e5ea4696ae6b7b512b6de308ca8221b0f839b81e9b80cdab4b0b24e4d8dba1543c1655e21c9af667ddc2d64ce57fb087730f1479bb32eaf2c359df09bfc5e8737cbf3c42c055ecfc92d3b9dc16916d5ab3b7d8c1e898ec5a21f8089c58ccbdddf44686ee09ae3dce4058f7b468b4e872ed702c90fe0128856431a50650df3a2089145198ba742530f8a0d2e3f93b2e4faada0336ee97057b18a89d7bfb5a44d93f73ce699f66a9e5385b482bd79553a90a18c0ecfc610f7ee2e24bef540a62c9ef34aba174a97554e52de5d30dcd43b46ab3d574f69c152645834cc6b79c8469346c792f27c8da5ae62bc9af9b7e02bc66c34d135cbbadab995e64673dc8c90c69f86d43fd60400b112f2b77f7a7c5d745b47c150d9f2b34c685aef3e2027f0f91ad209b8e443dec23b5e863c59785dddd868bef57a4e222f057adeafddae58a22788f91b57f02446ef64b6d083c8fbbf111352ef6513fc080f79e9ac976f5b2a0e39559bfb743e16c63567bd97e1c3cb4fd066f2e0fc6d20bb0b7c05214ce3f8be7a12acf4703e0e18c93990b5e54c954a5fc3692bdde2d12c769b75665fe53d6e198596a4d51d6662c894f3e4f0c29ec1a2ac8f141cb22064a0bd0fdcf9c4ddaf46b8157c0c2d819abab3b44a90c21d8ef6c8998d4902ca8ff05a6b9e227c993298792b3fb00a8c1e8efbb257cee75b17dce1f49c2a66385d04504aec7ef8f93797058ae86d2aa8619c802cb91dee867eb11ba0839105ccedd2a100ad038de19670c2b87825b1815023c5b4772ff70727d19c66961900cbf5ff0da4cd3254d399a4227118d7f67f14101c86aa44a39559d448081ea735069761b1452f01065a637b7d39a71b26b2e7400592cfb27edec690230ea7d628efc81482f577ac248431adf22fa14679494e20dad3012ac313e90516c6daa39d74ac096535ef3d1c17890f8cc9c7faa70f0dc937048b3c0a20bafa370e2469773de7ec8d21bec2cf07062f834673f001b7afe0e6485e64289cdf795598280562709bea1fc0a8ed985463a7826fdce1588cd8be2fed1d831d2a396607629b97619416f54db157a462de97fe75d75f3b7eebece0c2c99f260e9a854667cb9ae05b58cd2091c0d2e5bce1d139c86638d8df58aa4a027dd4e84a381feebf2c7acb8a0ab61d8e3f7dbec23ecfbac318f43cc8628890f9c585f8f8c1076adaed2cf3908b665b83f9133b0a431c2d141f0d1f5848f94ee02bc28c7662a125cb572b5b678f0cd67e26b9bfab98b1d04908518599644d4f51db6ed58afdedefa36c7ec4767fc32ccfb8815acdeb9be3216db7ffe98dd862dae9fdeafc2e2adbfff2ddc403b688f775ce73e667195a1095338363803d724ea92502818d1fd76d226343e010bdc32be60895415ce617f125490966137b3ad47bd5a5f482e3b32610ad4cbeb385027333964c03c18b43bffcab38b9fdc45cabe832a11a422381448d89f4115be28ca9f09fc36403bee13e5be4d8c761f51380d4dc5195034ad899d256af3aa36e4804b6a1a051827dd19819ffdc8457a898b2cfe60e6419da1ab0af60435a742666d9dae5447ef130590cf4c35a579cf227e6873d1601c189f437ce97b012eb461a9b4f8e2f506e0cd264de447dddddb8b2d28bf655b1c7d36a4d36df2252518e645bf31e0ec2a824a20f61bc4374448a90e0b37afc25ef26c0e4ec3f15ec0680ee89a709ea044560a9a815a60d0377ebf68e894581f1c52da97e1f3d09ab524852f44321d22606bfcdca9cc3aabc2a5fdd9effe732595446ec2db800eda7dabf85a00a6a12c20b0cf340efd8a8f3cec14e3a77bed357237c867ace2014b0f6e4b0eacca7f571214953048a0079f5c90bc372f24e03eb00e23836d783e93b38fce032417dc9eae967f25a08af3708c67b2c78f2d425bd7bbce3d9fab5963e186e9de664278a7043b1d890880e9cc145610629a37a0c52197776c0d88fa3b6af6912b9a75a23d3e293c2bd9e06708f6b96911d1823777a888dfa9290580f07e793d5411209b518ef968e2e662a1ceab4d91e5d2179170783b08e7cfd8eafd400aae513d9c6b507680c54d403f95e6e34ffcfcfb56a966166e68574004001759383c275b443042d8a77fef28671c3a210a097a3d0b2f65c23f3ae70361a88213ced8bac568041ff45f0290d9b6f00d735b2215f8907550ef136e7f332cc9cacaa57b8c409eaa53a707e8d1bad518394ee69335a0fce288290f9b67568cde18ab28c37a97b889060d118d45e80e0eafdb772d15b08e7724ccd9d8e0208556deb8dc8ee600e3fd7e648be7be084336e9402751986190641cc93c4f566197d20f7a4d10af7c966de0f11fab6d2a5b15705acc3eae795f8ef271ebb2c95134d4013feb39b47beb874f9f85a2514926ddd67b08045a527206ecef30a473d8fa98490111bb2f94265f70937dcbd833f57e54cc728916d51f0c877905d44226cb30c4ab44f9a1e5ee5ba056d394a64b97d1ede2d46564d6c0af4cb01f4c434d2a9c3143074fc8bc2df749f80c5030f2d7a8fccabcccd3f2752a6312605d4164db15b0657243cc969740b9a6e9adefd993fd01398a1e542098adc6a681afdac59b6fdd6dd405d777ce1f52f425dc35239138a0be98f2a3690ade1e5a6bd458d5e6d88c5bd3c13dbc51aaa7e58c1dd7ddab0493bacdc03661ee197fb62ce39490099e36578b35fe52d0e776316e7c980679372e9036844fd45cd51dff249308d568fec8f028cf52b655fe2d98e101535444b55078f2b2b8e1be375f0b5db3320c928abf6d54d67aaccb290b180cc9ad04c2b6bcaf1184455734eb71080ae9d9613e30e95b6d9e139c774c3ab0a531ae228dd4378e0456cb342d55f439268cbdbbcc8850672028769562122e4628f232b5eee9477ee4ed11d04dae6f8500f42009ddc4e8f7791e0a706dd5a0f3d7ad9d710ac1f900627f3f13400d57280f40fdf3d9bb463975a169a850db867e1660d841d1c590d7675e42e29723d1923f0cefa6dc134c7f9753c81b7d1ad26d6cfcbe1fc5e45bd77df9c9ce31b289bb440b4104a775df39365a00c51c31c0779efeae69a842ed1ceac0e6eb45591085ccc5c324e481d25763a11bf85d62d22f7c7a7b16e418ca302d3e8fd13d7acb0761c131d8ab237e3cf7d8b3acdf2cabeae31bbb85338bcae6beed381b00e7f24767532b34d6d230f9cfc0f0ebc515ec90a368142476ae8ba58a0c17731b69be16637e92e2f69f0412b7b8d2b6cb6cf579eb87d5d499a2f3586b8a8af89c4f016eeaacdb2d4e37fa592a1471482fce31dd50e938258822915b709ff3297ce54eb6c819c468b1df6d4e0a14652d6ef0543abcb58c85c5c7ae2a9eea783a57ad9b95ba69adf2de03189827301a70d9e12bedf2600fb75fc8ee093c7b464d45d03d32caae6189258659ce1b4a90511efb59736933d4e501b8bf59479a8aa972d2e8421", 0x1000, 0x40080, &(0x7f0000000200)={0xa, 0x4e23, 0x8bd3, @private0, 0x1000}, 0x1c) (async, rerun: 64)
socket$kcm(0x11, 0x200000000000002, 0x300) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010026bd7000ffdbdf250c0000080800060028c581be"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8000) (async)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x114, r7, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6ca0}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3a}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xff}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2d}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x31}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010100}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bridge\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xd7d}]}, 0x114}, 0x1, 0x0, 0x0, 0x40}, 0x891)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)=@newtaction={0x68, 0x30, 0x101, 0x0, 0x0, {}, [{0x54, 0x1, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x613f, 0x81, 0x9cdbee1763468153, 0x3, 0x9}, 0x40}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888ca2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
r10 = socket$netlink(0x10, 0x3, 0x0) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000040000100fcff1616104900000300000004004880100001800c0010800400088004000e"], 0x28}, 0x1, 0x0, 0x0, 0x400c801}, 0x4048094) (async)
sendmsg$nl_route_sched(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettaction={0x34, 0x32, 0x6dd711a25f4cb58d, 0x0, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000014}, 0x2004c080) (async)
syz_emit_ethernet(0x46, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0020000000080800490000380000000000069078ac1e0001ac14142a830784e0000002860600"/54, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780007215562cc0a8b8cd20c2fdfe6d3cde976e1e31ae64db5a83136be906364a72941eb6cde129018825ec8925e3d95265b92a7513907ee719d0080000000000000b3bf9d3c0392cc8d0e50858dcfd857749b7c61cda576be44da81164a89de7f5cb13f3643139542628c6461b1a2ca62f86ce2ca85e7"], 0x0)

485.17407ms ago: executing program 2 (id=18893):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000000000014000000000000002900000034000000fdffffff00000000180000000000000029000000040000000400000000000000d8"], 0x188}}], 0x1, 0x810)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xd4}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000640)="3013f93f6a23826aeaa571d88a1fc628ec108a5ce411744d4e3ae79c5374eb3bdc7564d840b7d870c0da80f5", 0x2c}], 0x1, 0x0, 0x10}, 0x40000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000680)="9e3ea556d5281e11789fe95cdbdf39283370d0cc49120938a35416a25ab632d8908bc5f011fdbc918895333f6b25282335bab5bc9b6546336256522ccf063e84acea2849b877fec8bcb3152d3b9bedfc653d8616d9549bcfa27334b6001f15882f6acc91733a7a9866aeb2e7b55663e14e1603d9275a3e68a0ee6e98437f5df3264e117b06cf2575c8f342d360bdf4b41bf28b6819206479698c5b3b841ac99dcec0a1314d1e7d2a9b073fb75ab65be9e2b4b9a2bc2d3541c0d00c68c5", 0xbd)
r2 = accept4(r1, 0x0, 0x0, 0x800)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000340)={<r3=>0x0, @local, @multicast2}, &(0x7f0000000540)=0xc)
sendmsg$can_j1939(r2, &(0x7f0000000840)={&(0x7f0000000580)={0x1d, r3, 0x1, {0x2, 0x1}, 0x2}, 0x18, &(0x7f0000000600)={&(0x7f0000000780)="d9b321f796d7e1eece6ad5df1bc80611cc8104321c27eec053a88eb7a25a421c77f0218ab1bdae132f1e857e3e23621944682ad7bf4ed097519c76cfff8b22389a886a1802b6cb24642ac662fcde55ec712f33ae5476408accbb7955f727b2cc4618175d01eaed4b4bc349f8122caabca63f2c750c9fe0b180f5380a74ab58b8f50327b3057d41b83817319f544eaccdd9ef2bd7fb6132410f6b264209b5acd6c9f46f9c65a8ac94", 0xa8}, 0x1, 0x0, 0x0, 0x50}, 0x24000000)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x2c, 0x19, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x8004)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="f4060000", @ANYRES32=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

412.546574ms ago: executing program 1 (id=18894):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000000201050001000000000013900d03"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000c"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x19, &(0x7f0000000840)=ANY=[@ANYBLOB="180000000500000000000000100000081811", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r5, 0x0, 0xffffffffffffff9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe}, 0x37)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r5}, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r4, 0x110, 0x5, &(0x7f0000000100)=[0x3, 0x2], 0x2)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r6, &(0x7f0000000180), 0x0}, 0x20)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f00000000c0)={0x6, {0x6, 0x2, 0xf3b0, 0x2, 0x3}})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000040603000000000000000000010000080500010007"], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x20000814)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, 0x0, 0x8000)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000040)={0x18, 0x0, {0x4001, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, 'ip6gre0\x00'}}, 0x1e)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r3, 0x4058587a, &(0x7f0000000440)={{r0, &(0x7f0000000180)='ip_vti0\x00', 0xc08c0, &(0x7f00000001c0)={@align=0x3ff, {0x4, 0x9, 0x3, 0x992}}, 0xdb6, &(0x7f0000000200)={@_ha_fsid}, &(0x7f0000000280)=0x80}, {[0x5, 0x6, 0x7, 0x3]}, 0x2, 0x64, &(0x7f00000002c0)=""/100})
sendmmsg(r8, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
connect$pppoe(r8, &(0x7f0000000140)={0x18, 0x0, {0x1, @remote, 'ip_vti0\x00'}}, 0x1e)
sendmsg$nl_generic(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x40, 0x42, 0x1, 0xffffffff, 0x25dfdbfd, {0x2}, [@nested={0x18, 0x38, 0x0, 0x1, [@nested={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0x66, 0x0, 0x1, [@typed={0x9, 0x7e, 0x0, 0x0, @u64=0x8001}]}]}]}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0xc8, 0x0, 0x0, @u64=0x2}]}, @nested={0x4, 0x4}]}, 0xfffffd10}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)

403.333622ms ago: executing program 0 (id=18895):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="180100003500010000000000fcdbdf250701f2800c0004000bac0f00000000001400"], 0x118}], 0x1, 0x0, 0x0, 0x8011}, 0x48810)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800001000390400"/19, @ANYRES32=0x0, @ANYBLOB="0141000000000000280012800b000100697036746e6c00001800028014000200fc0100"/48], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x100, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x10000}, 0x1c)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020b07500feff0000820095"], &(0x7f0000000040)='syzkaller\x00', 0x6, 0xfa, &(0x7f0000000f40)=""/250, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94)
close(r4)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r7], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x90)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_SCB={0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
connect$qrtr(r3, &(0x7f0000000140)={0x2a, 0x1, 0x7fff}, 0xc)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0)
read$rfkill(r9, &(0x7f00000002c0), 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)

347.72953ms ago: executing program 4 (id=18896):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080047000030fffd00000006907d64010101ac1414aa82020706bb8e12979f584e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02ffff90780000"], 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7111})
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x200, 0xfffffffd}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000002c0)={0x100042, 0xf7, 0x1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0xa, 0x10, 0x437, 0x3, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e22}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x11}]}}}]}, 0x44}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4000000)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x42}, 0x10)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_TC={0x5, 0x4, 0x80}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x20040054)
ioctl$SIOCAX25NOUID(r4, 0x89e3, &(0x7f0000000040)=0x1)
close(r0)

345.00193ms ago: executing program 2 (id=18897):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
epoll_create1(0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x8, 0xc, 0xfffffffc}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x40804)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b826, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x6, 0x6691}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40040e0}, 0x2880)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000340)='O', 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x10, r5, 0x1, 0xf0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)

260.351303ms ago: executing program 3 (id=18898):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="020000"], 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000140)={@val={0x8, 0x800}, @val={0x2, 0x3, 0x0, 0x1}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x89, 0x0, @rand_addr=0x64010101, @multicast2=0xe0000001}, {{0x0, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "65011e6c0a1dc75a9c710d2b8589f995"}, @exp_fastopen={0xfe, 0xc, 0xf989, "4af11afc9c076424"}]}}}}}, 0x56)

70.251987ms ago: executing program 2 (id=18899):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fddbdf254f00000008000300", @ANYRES32=r3, @ANYBLOB="40007a800c00030090cac76a"], 0x5c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10)

64.181939ms ago: executing program 1 (id=18900):
syz_emit_ethernet(0x6e, &(0x7f00000004c0)={@local, @random="1553ff41cf11", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x38, 0x6, 0xff, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x2, 0xfffd, 0x0, 0x0, {[@generic={0x13, 0x12, "be00000080deae1159bf0ddcef2238d0"}, @generic={0x13, 0x2}, @sack={0x5, 0xe, [0x5, 0x5, 0x7f]}]}}}}}}}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100029bd7000ffdbdf250e0000003400028008000800060000000800030000000000966bcb080006000001000005000d000000000008000600f71f0000060002004e240000"], 0x48}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@loopback, 0x0, 0x0, 0x4e23, 0x0, 0x2}, {0x0, 0x0, 0x4, 0x4, 0x0, 0xfffffffffffffff8, 0x0, 0x6}, {0x0, 0x20000000000, 0x400000003, 0xfffffffffffffffc}, 0xfffffffc, 0x0, 0x1, 0x0, 0x3, 0x2}, {{@in=@empty, 0x4, 0x32}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xe}, 0x0, 0x0, 0x0, 0xf7, 0x2, 0xfffffffe}}, 0xe8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x6}, &(0x7f0000000040)=0x8) (async)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={<r3=>0x0, 0x6}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000080)=r3, 0x4) (async)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000080)=r3, 0x4)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) (async)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c)

693.711µs ago: executing program 4 (id=18901):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10)
connect$llc(r1, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="310300000000fbdbdf250b000000080003", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
writev(r0, &(0x7f00000009c0), 0x1000000000000025)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SIOCNRDECOBS(r7, 0x89e2)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0))
pwritev(r6, &(0x7f0000000540)=[{&(0x7f00000003c0)='\x00!G', 0x3}], 0x14, 0x0, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)

0s ago: executing program 3 (id=18902):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
write(r0, &(0x7f0000000240)="ef258d260298c674c50691e7e9804c6024", 0x11)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtfilter={0x88, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x8, 0xfff1}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x2, 0x3, 0x6, 0x2}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x80)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0)={<r4=>0x0, 0x9475}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={r4, 0x40000000}, 0x8)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035", 0x107}], 0x2}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641", 0xb0}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af9", 0x105}], 0x2}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000040)='uB', 0x2}], 0x1}}], 0x3, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

kernel console output (not intermixed with test programs):

x370
[ 1510.495738][T19739]  sctp_copy_local_addr_list+0x314/0x4f0
[ 1510.495764][T19739]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[ 1510.495787][T19739]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1510.495814][T19739]  ? sctp_v4_is_any+0x35/0x60
[ 1510.495835][T19739]  ? sctp_copy_one_addr+0x93/0x360
[ 1510.495861][T19739]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1510.495884][T19739]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1510.495918][T19739]  sctp_connect_new_asoc+0x2ff/0x6b0
[ 1510.495947][T19739]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1510.495975][T19739]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1510.496002][T19739]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1510.496027][T19739]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1510.496055][T19739]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1510.496081][T19739]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1510.496107][T19739]  sctp_sendmsg+0x1528/0x2c10
[ 1510.496149][T19739]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1510.496180][T19739]  ? aa_sk_perm+0x6d5/0x900
[ 1510.496214][T19739]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1510.496242][T19739]  ? sock_rps_record_flow+0x19/0x350
[ 1510.496276][T19739]  ? inet_sendmsg+0x2f4/0x370
[ 1510.496305][T19739]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1510.496332][T19739]  ____sys_sendmsg+0x80a/0x9f0
[ 1510.496362][T19739]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1510.496392][T19739]  ? import_iovec+0x73/0xa0
[ 1510.496427][T19739]  ___sys_sendmsg+0x2a5/0x360
[ 1510.496453][T19739]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1510.496512][T19739]  ? __fget_files+0x2a/0x420
[ 1510.496542][T19739]  ? __fget_files+0x3a0/0x420
[ 1510.496581][T19739]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1510.496609][T19739]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1510.496638][T19739]  ? __pfx_ksys_write+0x10/0x10
[ 1510.496672][T19739]  do_syscall_64+0x14d/0xf80
[ 1510.496702][T19739]  ? trace_irq_disable+0x3b/0x150
[ 1510.496731][T19739]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.496752][T19739]  ? clear_bhb_loop+0x40/0x90
[ 1510.496777][T19739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.496797][T19739] RIP: 0033:0x7fc19b59c799
[ 1510.496816][T19739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1510.496833][T19739] RSP: 002b:00007fc19c419028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1510.496854][T19739] RAX: ffffffffffffffda RBX: 00007fc19b815fa0 RCX: 00007fc19b59c799
[ 1510.496870][T19739] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000003
[ 1510.496884][T19739] RBP: 00007fc19c419090 R08: 0000000000000000 R09: 0000000000000000
[ 1510.496897][T19739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1510.496909][T19739] R13: 00007fc19b816038 R14: 00007fc19b815fa0 R15: 00007fff5becf5f8
[ 1510.496941][T19739]  </TASK>
[ 1510.575049][T19742] ÿÿÿÿÿÿ: renamed from vlan1
[ 1510.575560][T19742] FAULT_INJECTION: forcing a failure.
[ 1510.575560][T19742] name failslab, interval 1, probability 0, space 0, times 0
[ 1510.860044][T19742] CPU: 0 UID: 0 PID: 19742 Comm: syz.2.18285 Not tainted syzkaller #0 PREEMPT(full) 
[ 1510.860082][T19742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1510.860096][T19742] Call Trace:
[ 1510.860105][T19742]  <TASK>
[ 1510.860115][T19742]  dump_stack_lvl+0xe8/0x150
[ 1510.860152][T19742]  should_fail_ex+0x412/0x560
[ 1510.860187][T19742]  should_failslab+0xa8/0x100
[ 1510.860218][T19742]  __kmalloc_noprof+0xe8/0x760
[ 1510.860243][T19742]  ? kobject_get_path+0xc5/0x2f0
[ 1510.860265][T19742]  ? __kasan_kmalloc+0x93/0xb0
[ 1510.860293][T19742]  kobject_get_path+0xc5/0x2f0
[ 1510.860313][T19742]  ? kobject_uevent_env+0x28c/0x9e0
[ 1510.860343][T19742]  kobject_uevent_env+0x2a1/0x9e0
[ 1510.860378][T19742]  kobject_rename+0x41a/0x520
[ 1510.860404][T19742]  ? __pfx_kobject_rename+0x10/0x10
[ 1510.860430][T19742]  ? sysfs_rename_link_ns+0x178/0x1b0
[ 1510.860466][T19742]  device_rename+0x15d/0x210
[ 1510.860590][T19742]  netif_change_name+0x28e/0x960
[ 1510.860625][T19742]  ? dev_change_name+0x125/0x260
[ 1510.860656][T19742]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1510.860683][T19742]  ? dev_ioctl+0x5dc/0x1150
[ 1510.860715][T19742]  ? __pfx_netif_change_name+0x10/0x10
[ 1510.860742][T19742]  ? full_name_hash+0x92/0xe0
[ 1510.860778][T19742]  ? __dev_get_by_name+0xe5/0x140
[ 1510.860811][T19742]  dev_change_name+0x125/0x260
[ 1510.860849][T19742]  dev_ioctl+0x5ec/0x1150
[ 1510.860883][T19742]  sock_do_ioctl+0x23e/0x320
[ 1510.860914][T19742]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1510.860938][T19742]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1510.860989][T19742]  sock_ioctl+0x5c6/0x7f0
[ 1510.861017][T19742]  ? __pfx_sock_ioctl+0x10/0x10
[ 1510.861044][T19742]  ? __fget_files+0x2a/0x420
[ 1510.861084][T19742]  ? __fget_files+0x3a0/0x420
[ 1510.861117][T19742]  ? __fget_files+0x2a/0x420
[ 1510.861152][T19742]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1510.861181][T19742]  ? __pfx_sock_ioctl+0x10/0x10
[ 1510.861207][T19742]  __se_sys_ioctl+0xfc/0x170
[ 1510.861236][T19742]  do_syscall_64+0x14d/0xf80
[ 1510.861267][T19742]  ? trace_irq_disable+0x3b/0x150
[ 1510.861299][T19742]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.861323][T19742]  ? clear_bhb_loop+0x40/0x90
[ 1510.861350][T19742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.861373][T19742] RIP: 0033:0x7fbe8879c799
[ 1510.861394][T19742] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1510.861415][T19742] RSP: 002b:00007fbe89730028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1510.861439][T19742] RAX: ffffffffffffffda RBX: 00007fbe88a15fa0 RCX: 00007fbe8879c799
[ 1510.861455][T19742] RDX: 0000200000000000 RSI: 0000000000008923 RDI: 0000000000000004
[ 1510.861470][T19742] RBP: 00007fbe89730090 R08: 0000000000000000 R09: 0000000000000000
[ 1510.861485][T19742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1510.861498][T19742] R13: 00007fbe88a16038 R14: 00007fbe88a15fa0 R15: 00007ffe93c41928
[ 1510.861534][T19742]  </TASK>
[ 1511.153930][T19745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18286'.
[ 1511.282845][T19750] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1511.532906][T19767] netlink: 'syz.4.18293': attribute type 4 has an invalid length.
[ 1511.540786][T19767] netlink: 'syz.4.18293': attribute type 1 has an invalid length.
[ 1511.651584][T19767] netlink: 228 bytes leftover after parsing attributes in process `syz.4.18293'.
[ 1511.835511][T19778] netlink: 16 bytes leftover after parsing attributes in process `syz.3.18295'.
[ 1511.858033][T19778] netlink: 'syz.3.18295': attribute type 1 has an invalid length.
[ 1511.910294][T19778] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1511.956572][T19785] vlan2: entered promiscuous mode
[ 1511.982049][T19785] bond2: entered promiscuous mode
[ 1511.987413][T19785] vlan2: entered allmulticast mode
[ 1511.993007][T19785] bond2: entered allmulticast mode
[ 1512.043362][T19778] netlink: 44 bytes leftover after parsing attributes in process `syz.3.18295'.
[ 1512.104640][T19778] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1512.138927][T19778] bond2: (slave batadv1): making interface the new active one
[ 1512.167788][T19778] batadv1: entered promiscuous mode
[ 1512.173905][T19778] batadv1: entered allmulticast mode
[ 1512.211197][T19778] bond2: (slave batadv1): Enslaving as an active interface with an up link
[ 1512.262796][T19794] IPVS: Unknown mcast interface: vcan0
[ 1512.292864][T19794] netlink: 'syz.2.18300': attribute type 16 has an invalid length.
[ 1512.312712][T19794] netlink: 'syz.2.18300': attribute type 17 has an invalid length.
[ 1512.359135][T19794] erspan0: left promiscuous mode
[ 1512.397445][T19804] IPVS: wrr: FWM 3 0x00000003 - no destination available: all destinations are overloaded
[ 1512.427837][T19804] IPVS: wrr: FWM 3 0x00000003 - no destination available: all destinations are overloaded
[ 1512.433095][T19794] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1512.458930][T19794] 8021q: adding VLAN 0 to HW filter on device team0
[ 1512.475775][T19794] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1512.496746][T19792] lo speed is unknown, defaulting to 1000
[ 1512.762359][T19819] macsec3: entered promiscuous mode
[ 1512.768335][T19819] team0: Device macsec3 is already an upper device of the team interface
[ 1512.913322][ T1319] batman_adv: batadv1: MLD Querier disappeared - multicast optimizations disabled
[ 1512.941423][T19810] syzkaller0: entered promiscuous mode
[ 1512.948395][T19810] syzkaller0: entered allmulticast mode
[ 1512.987045][T19826] netlink: 'syz.2.18309': attribute type 1 has an invalid length.
[ 1513.133521][T19826] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1513.227106][T19830] bond4: (slave veth3): Enslaving as an active interface with a down link
[ 1513.285852][T19838] syzkaller0: entered promiscuous mode
[ 1513.291554][T19838] syzkaller0: entered allmulticast mode
[ 1513.359810][T19841] netlink: 40 bytes leftover after parsing attributes in process `syz.0.18312'.
[ 1513.458196][T19844] nbd: couldn't find a device at index 0
[ 1513.520900][T19846] netlink: 68 bytes leftover after parsing attributes in process `syz.0.18312'.
[ 1514.494000][T19870] FAULT_INJECTION: forcing a failure.
[ 1514.494000][T19870] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1514.507593][T19870] CPU: 1 UID: 0 PID: 19870 Comm: syz.2.18320 Not tainted syzkaller #0 PREEMPT(full) 
[ 1514.507617][T19870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1514.507628][T19870] Call Trace:
[ 1514.507636][T19870]  <TASK>
[ 1514.507643][T19870]  dump_stack_lvl+0xe8/0x150
[ 1514.507672][T19870]  should_fail_ex+0x412/0x560
[ 1514.507698][T19870]  _copy_from_iter+0x1d3/0x1670
[ 1514.507725][T19870]  ? rcu_is_watching+0x15/0xb0
[ 1514.507762][T19870]  ? __pfx__copy_from_iter+0x10/0x10
[ 1514.507808][T19870]  ? netlink_sendmsg+0x650/0xb40
[ 1514.507832][T19870]  ? skb_put+0x11b/0x210
[ 1514.507861][T19870]  netlink_sendmsg+0x6c0/0xb40
[ 1514.507893][T19870]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1514.507920][T19870]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1514.507944][T19870]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1514.507968][T19870]  ____sys_sendmsg+0x972/0x9f0
[ 1514.507994][T19870]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1514.508021][T19870]  ? import_iovec+0x73/0xa0
[ 1514.508053][T19870]  ___sys_sendmsg+0x2a5/0x360
[ 1514.508078][T19870]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1514.508128][T19870]  ? __fget_files+0x2a/0x420
[ 1514.508159][T19870]  ? __fget_files+0x3a0/0x420
[ 1514.508197][T19870]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1514.508229][T19870]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1514.508259][T19870]  ? __pfx_ksys_write+0x10/0x10
[ 1514.508292][T19870]  do_syscall_64+0x14d/0xf80
[ 1514.508321][T19870]  ? trace_irq_disable+0x3b/0x150
[ 1514.508347][T19870]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1514.508373][T19870]  ? clear_bhb_loop+0x40/0x90
[ 1514.508391][T19870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1514.508416][T19870] RIP: 0033:0x7fbe8879c799
[ 1514.508429][T19870] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1514.508442][T19870] RSP: 002b:00007fbe89730028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1514.508456][T19870] RAX: ffffffffffffffda RBX: 00007fbe88a15fa0 RCX: 00007fbe8879c799
[ 1514.508466][T19870] RDX: 0000000020040000 RSI: 0000200000000380 RDI: 0000000000000003
[ 1514.508475][T19870] RBP: 00007fbe89730090 R08: 0000000000000000 R09: 0000000000000000
[ 1514.508484][T19870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1514.508492][T19870] R13: 00007fbe88a16038 R14: 00007fbe88a15fa0 R15: 00007ffe93c41928
[ 1514.508513][T19870]  </TASK>
[ 1514.846588][T19872] __nla_validate_parse: 1 callbacks suppressed
[ 1514.846608][T19872] netlink: 180 bytes leftover after parsing attributes in process `syz.2.18321'.
[ 1514.862813][T19872] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18321'.
[ 1514.874246][T19872] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18321'.
[ 1514.919842][T19874] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18322'.
[ 1514.937023][T19874] netlink: 276 bytes leftover after parsing attributes in process `syz.4.18322'.
[ 1515.433940][T19872] batman_adv: batadv0: Adding interface: gretap1
[ 1515.440436][T19872] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1532.
[ 1515.461868][T19872] batman_adv: batadv0: Interface activated: gretap1
[ 1515.497105][T19848] lo speed is unknown, defaulting to 1000
[ 1515.659228][T19886] syzkaller0: entered promiscuous mode
[ 1515.668602][T19886] syzkaller0: entered allmulticast mode
[ 1515.845880][T19896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18328'.
[ 1515.928518][T19896] team_slave_0: left promiscuous mode
[ 1515.948623][T19896] team0 (unregistering): Port device team_slave_0 removed
[ 1515.979374][T19896] team_slave_1: left promiscuous mode
[ 1515.994545][T19896] team0 (unregistering): Port device team_slave_1 removed
[ 1516.162974][T19909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18331'.
[ 1516.470433][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1516.481642][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1516.490236][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1516.498859][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1516.513588][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1516.559220][T19919] lo speed is unknown, defaulting to 1000
[ 1516.743373][T25958] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1516.763417][T19919] chnl_net:caif_netlink_parms(): no params data found
[ 1516.816348][T25958] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1516.859701][T19919] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1516.867008][T19919] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1516.874486][T19919] bridge_slave_0: entered allmulticast mode
[ 1516.881588][T19919] bridge_slave_0: entered promiscuous mode
[ 1516.901670][T25958] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1516.916636][T19919] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1516.924426][T19919] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1516.931658][T19919] bridge_slave_1: entered allmulticast mode
[ 1516.939422][T19919] bridge_slave_1: entered promiscuous mode
[ 1516.967473][T19919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1516.986881][T25958] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1517.004383][T19919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1517.032086][T19919] team0: Port device team_slave_0 added
[ 1517.039712][T19919] team0: Port device team_slave_1 added
[ 1517.068518][T19919] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1517.075873][T19919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1517.102018][T19919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1517.114762][T19919] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1517.121754][T19919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1517.148351][T19919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1517.241561][T19919] hsr_slave_0: entered promiscuous mode
[ 1517.248363][T19919] hsr_slave_1: entered promiscuous mode
[ 1517.255509][T19919] debugfs: 'hsr0' already exists in 'hsr'
[ 1517.261254][T19919] Cannot create hsr debugfs directory
[ 1517.567569][T25958] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1517.578719][T25958] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1517.588638][T25958] bond0 (unregistering): Released all slaves
[ 1517.600093][T25958] bond1 (unregistering): (slave lo): Releasing backup interface
[ 1517.610043][T25958] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[ 1517.621298][T25958] bond1 (unregistering): Released all slaves
[ 1517.734224][T25958] !: left promiscuous mode
[ 1517.807888][T25958] tipc: Disabling bearer <udp:syz2>
[ 1517.814405][T25958] tipc: Left network mode
[ 1518.147616][T19919] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1518.166947][T19919] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1518.195093][T19919] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1518.224525][T19919] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1518.369185][T25958] hsr_slave_0: left promiscuous mode
[ 1518.378328][T25958] hsr_slave_1: left promiscuous mode
[ 1518.384680][T25958] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1518.392092][T25958] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1518.407499][T25958] macsec0: left allmulticast mode
[ 1518.413872][T25958] veth1_macvtap: left allmulticast mode
[ 1518.419523][T25958] veth1_macvtap: left promiscuous mode
[ 1518.426341][T25958] veth0_macvtap: left promiscuous mode
[ 1518.431934][T25958] veth1_vlan: left promiscuous mode
[ 1518.562480][T15776] Bluetooth: hci1: command tx timeout
[ 1518.631790][T25958] team_slave_1 (unregistering): left promiscuous mode
[ 1518.639389][T25958] team0 (unregistering): Port device team_slave_1 removed
[ 1518.749990][T19919] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1518.767174][T19919] 8021q: adding VLAN 0 to HW filter on device team0
[ 1518.785013][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1518.792150][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1518.803956][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1518.811092][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1519.008047][T19919] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1519.050660][T19919] veth0_vlan: entered promiscuous mode
[ 1519.059889][T25958] IPVS: stop unused estimator thread 0...
[ 1519.066667][T19919] veth1_vlan: entered promiscuous mode
[ 1519.100387][T19919] veth0_macvtap: entered promiscuous mode
[ 1519.113244][T19919] veth1_macvtap: entered promiscuous mode
[ 1519.129831][T19919] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1519.145498][T19919] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1519.159465][ T1319] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.168438][ T1319] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.188750][ T1319] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.197939][ T1319] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.252036][ T1039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1519.266206][ T1039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1519.290737][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1519.299018][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1520.642528][T15776] Bluetooth: hci1: command tx timeout
[ 1522.724536][T15776] Bluetooth: hci1: command tx timeout
[ 1522.731600][T19985] netlink: 'syz.0.18334': attribute type 10 has an invalid length.
[ 1522.738243][T19977] netlink: 'syz.2.18336': attribute type 1 has an invalid length.
[ 1522.753261][T19985] netlink: 2 bytes leftover after parsing attributes in process `syz.0.18334'.
[ 1522.790043][T19977] bond5: entered promiscuous mode
[ 1522.796166][T19977] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1522.818416][T19980] syzkaller0: entered promiscuous mode
[ 1522.824217][T19980] syzkaller0: entered allmulticast mode
[ 1522.861988][T19988] bond5: (slave bridge2): making interface the new active one
[ 1522.870882][T19988] bridge2: entered promiscuous mode
[ 1522.907415][T19988] bond5: (slave bridge2): Enslaving as an active interface with an up link
[ 1522.943779][T19985] bond0: entered promiscuous mode
[ 1522.957660][T19985] bond_slave_0: entered promiscuous mode
[ 1522.968998][T19985] bond_slave_1: entered promiscuous mode
[ 1522.977994][T19985] bridge0: port 3(bond0) entered blocking state
[ 1522.984884][T19985] bridge0: port 3(bond0) entered disabled state
[ 1522.993016][T19985] bond0: entered allmulticast mode
[ 1522.998299][T19985] bond_slave_0: entered allmulticast mode
[ 1523.004663][T19985] bond_slave_1: entered allmulticast mode
[ 1523.014990][T19985] bridge0: port 3(bond0) entered blocking state
[ 1523.021496][T19985] bridge0: port 3(bond0) entered forwarding state
[ 1523.031704][T19977] bridge0: Device is already in use.
[ 1523.233467][T20009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18344'.
[ 1523.244940][T20009] xt_hashlimit: size too large, truncated to 1048576
[ 1523.251687][T20009] xt_hashlimit: overflow, try lower: 0/0
[ 1523.273201][T20009] syz_tun: entered allmulticast mode
[ 1523.293860][T20013] IPVS: wrr: FWM 3 0x00000003 - no destination available: all destinations are overloaded
[ 1523.306155][T20012] netlink: 28 bytes leftover after parsing attributes in process `syz.1.18345'.
[ 1523.317983][T20007] lo speed is unknown, defaulting to 1000
[ 1523.336714][T20008] syz_tun: left allmulticast mode
[ 1523.421656][T20019] FAULT_INJECTION: forcing a failure.
[ 1523.421656][T20019] name failslab, interval 1, probability 0, space 0, times 0
[ 1523.435414][T20019] CPU: 1 UID: 0 PID: 20019 Comm: syz.4.18346 Not tainted syzkaller #0 PREEMPT(full) 
[ 1523.435441][T20019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1523.435454][T20019] Call Trace:
[ 1523.435462][T20019]  <TASK>
[ 1523.435471][T20019]  dump_stack_lvl+0xe8/0x150
[ 1523.435504][T20019]  should_fail_ex+0x412/0x560
[ 1523.435535][T20019]  should_failslab+0xa8/0x100
[ 1523.435561][T20019]  ? skb_clone+0x212/0x3a0
[ 1523.435582][T20019]  kmem_cache_alloc_noprof+0x87/0x650
[ 1523.435603][T20019]  ? __netlink_lookup+0xc6/0x8b0
[ 1523.435640][T20019]  skb_clone+0x212/0x3a0
[ 1523.435664][T20019]  __netlink_deliver_tap+0x404/0x850
[ 1523.435703][T20019]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1523.435732][T20019]  netlink_deliver_tap+0x19c/0x1b0
[ 1523.435761][T20019]  netlink_unicast+0x7e3/0x9b0
[ 1523.435794][T20019]  ? __pfx_netlink_unicast+0x10/0x10
[ 1523.435821][T20019]  ? netlink_sendmsg+0x650/0xb40
[ 1523.435847][T20019]  ? skb_put+0x11b/0x210
[ 1523.435881][T20019]  netlink_sendmsg+0x813/0xb40
[ 1523.435918][T20019]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1523.435950][T20019]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1523.435979][T20019]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1523.436005][T20019]  ____sys_sendmsg+0x972/0x9f0
[ 1523.436036][T20019]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1523.436066][T20019]  ? import_iovec+0x73/0xa0
[ 1523.436101][T20019]  ___sys_sendmsg+0x2a5/0x360
[ 1523.436128][T20019]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1523.436184][T20019]  ? __fget_files+0x2a/0x420
[ 1523.436214][T20019]  ? __fget_files+0x3a0/0x420
[ 1523.436253][T20019]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1523.436277][T20019]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1523.436308][T20019]  ? __pfx_ksys_write+0x10/0x10
[ 1523.436349][T20019]  do_syscall_64+0x14d/0xf80
[ 1523.436379][T20019]  ? trace_irq_disable+0x3b/0x150
[ 1523.436407][T20019]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.436433][T20019]  ? clear_bhb_loop+0x40/0x90
[ 1523.436463][T20019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.436483][T20019] RIP: 0033:0x7fb675f9c799
[ 1523.436521][T20019] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1523.436540][T20019] RSP: 002b:00007fb6741d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1523.436564][T20019] RAX: ffffffffffffffda RBX: 00007fb676216090 RCX: 00007fb675f9c799
[ 1523.436586][T20019] RDX: 0000000020040000 RSI: 0000200000000380 RDI: 0000000000000003
[ 1523.436601][T20019] RBP: 00007fb6741d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1523.436615][T20019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1523.436629][T20019] R13: 00007fb676216128 R14: 00007fb676216090 R15: 00007ffd66715b08
[ 1523.436664][T20019]  </TASK>
[ 1523.440690][T19997] syzkaller0: entered promiscuous mode
[ 1523.715925][T19997] syzkaller0: entered allmulticast mode
[ 1524.005120][T20040] siw: device registration error -23
[ 1524.805902][T15776] Bluetooth: hci1: command tx timeout
[ 1525.485284][T20044] netlink: 'syz.2.18354': attribute type 13 has an invalid length.
[ 1525.729674][T20074] FAULT_INJECTION: forcing a failure.
[ 1525.729674][T20074] name failslab, interval 1, probability 0, space 0, times 0
[ 1525.742913][T20078] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18357'.
[ 1525.751626][T20074] CPU: 1 UID: 0 PID: 20074 Comm: syz.1.18359 Not tainted syzkaller #0 PREEMPT(full) 
[ 1525.751700][T20074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1525.751738][T20074] Call Trace:
[ 1525.751764][T20074]  <TASK>
[ 1525.751785][T20074]  dump_stack_lvl+0xe8/0x150
[ 1525.751883][T20074]  should_fail_ex+0x412/0x560
[ 1525.751939][T20074]  should_failslab+0xa8/0x100
[ 1525.751968][T20074]  __kmalloc_noprof+0xe8/0x760
[ 1525.751993][T20074]  ? kobject_get_path+0xc5/0x2f0
[ 1525.752014][T20074]  ? __kasan_kmalloc+0x93/0xb0
[ 1525.752043][T20074]  kobject_get_path+0xc5/0x2f0
[ 1525.752062][T20074]  ? kobject_uevent_env+0x28c/0x9e0
[ 1525.752092][T20074]  kobject_uevent_env+0x2a1/0x9e0
[ 1525.752125][T20074]  nbd_config_put+0x14c/0x580
[ 1525.752176][T20074]  nbd_genl_connect+0x19d5/0x1cf0
[ 1525.752207][T20074]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1525.752259][T20074]  ? __pfx_nbd_genl_connect+0x10/0x10
[ 1525.752294][T20074]  ? rcu_is_watching+0x15/0xb0
[ 1525.752323][T20074]  ? trace_kmalloc+0x2a/0x110
[ 1525.752351][T20074]  ? __nla_parse+0x40/0x60
[ 1525.752385][T20074]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[ 1525.752408][T20074]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[ 1525.752438][T20074]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1525.752468][T20074]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1525.752511][T20074]  ? __lock_acquire+0x6b5/0x2cf0
[ 1525.752623][T20074]  genl_rcv_msg+0x61c/0x7a0
[ 1525.752687][T20074]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1525.752737][T20074]  ? __pfx_nbd_genl_connect+0x10/0x10
[ 1525.752813][T20074]  ? __lock_acquire+0x6b5/0x2cf0
[ 1525.752905][T20074]  netlink_rcv_skb+0x232/0x4b0
[ 1525.752978][T20074]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1525.753034][T20074]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1525.753161][T20074]  ? down_read+0x272/0x2e0
[ 1525.753207][T20074]  ? genl_rcv+0xd/0x40
[ 1525.753264][T20074]  genl_rcv+0x28/0x40
[ 1525.753298][T20074]  netlink_unicast+0x80f/0x9b0
[ 1525.753382][T20074]  ? __pfx_netlink_unicast+0x10/0x10
[ 1525.753449][T20074]  ? netlink_sendmsg+0x650/0xb40
[ 1525.753519][T20074]  ? skb_put+0x11b/0x210
[ 1525.753602][T20074]  netlink_sendmsg+0x813/0xb40
[ 1525.753689][T20074]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1525.753770][T20074]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1525.753843][T20074]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1525.753909][T20074]  ____sys_sendmsg+0x972/0x9f0
[ 1525.753996][T20074]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1525.754101][T20074]  ? import_iovec+0x73/0xa0
[ 1525.754205][T20074]  ___sys_sendmsg+0x2a5/0x360
[ 1525.754271][T20074]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1525.754411][T20074]  ? __fget_files+0x2a/0x420
[ 1525.754485][T20074]  ? __fget_files+0x3a0/0x420
[ 1525.754592][T20074]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1525.754645][T20074]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1525.754727][T20074]  ? __pfx_ksys_write+0x10/0x10
[ 1525.754808][T20074]  do_syscall_64+0x14d/0xf80
[ 1525.754870][T20074]  ? trace_irq_disable+0x3b/0x150
[ 1525.754946][T20074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1525.754993][T20074]  ? clear_bhb_loop+0x40/0x90
[ 1525.755052][T20074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1525.755096][T20074] RIP: 0033:0x7f664dd9c799
[ 1525.755145][T20074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1525.755192][T20074] RSP: 002b:00007f664ebb0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1525.755244][T20074] RAX: ffffffffffffffda RBX: 00007f664e015fa0 RCX: 00007f664dd9c799
[ 1525.755292][T20074] RDX: 0000000000004000 RSI: 00002000000027c0 RDI: 0000000000000009
[ 1525.755327][T20074] RBP: 00007f664ebb0090 R08: 0000000000000000 R09: 0000000000000000
[ 1525.755367][T20074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1525.755405][T20074] R13: 00007f664e016038 R14: 00007f664e015fa0 R15: 00007fff6cc84298
[ 1525.755539][T20074]  </TASK>
[ 1526.213598][T20072] xt_hashlimit: size too large, truncated to 1048576
[ 1526.222787][T20072] xt_hashlimit: overflow, try lower: 0/0
[ 1526.229935][T20072] syz_tun: entered allmulticast mode
[ 1526.359002][T20071] syz_tun: left allmulticast mode
[ 1526.436238][T20095] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input10
[ 1526.731271][T20108] lo speed is unknown, defaulting to 1000
[ 1527.054718][T20121] syzkaller0: entered promiscuous mode
[ 1527.060394][T20121] syzkaller0: entered allmulticast mode
[ 1527.201131][T20123] syzkaller0: entered promiscuous mode
[ 1527.213065][T20123] syzkaller0: entered allmulticast mode
[ 1527.221981][T20125] FAULT_INJECTION: forcing a failure.
[ 1527.221981][T20125] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1527.235376][T20125] CPU: 0 UID: 0 PID: 20125 Comm: syz.0.18373 Not tainted syzkaller #0 PREEMPT(full) 
[ 1527.235397][T20125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1527.235407][T20125] Call Trace:
[ 1527.235413][T20125]  <TASK>
[ 1527.235420][T20125]  dump_stack_lvl+0xe8/0x150
[ 1527.235448][T20125]  should_fail_ex+0x412/0x560
[ 1527.235482][T20125]  _copy_to_user+0x31/0xb0
[ 1527.235508][T20125]  simple_read_from_buffer+0xe1/0x170
[ 1527.235534][T20125]  proc_fail_nth_read+0x1bb/0x230
[ 1527.235560][T20125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1527.235584][T20125]  ? rw_verify_area+0x2a6/0x4d0
[ 1527.235600][T20125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1527.235623][T20125]  vfs_read+0x20c/0xa70
[ 1527.235637][T20125]  ? fdget_pos+0x246/0x320
[ 1527.235663][T20125]  ? __pfx___mutex_lock+0x10/0x10
[ 1527.235687][T20125]  ? __pfx_vfs_read+0x10/0x10
[ 1527.235704][T20125]  ? __fget_files+0x2a/0x420
[ 1527.235729][T20125]  ? __fget_files+0x3a0/0x420
[ 1527.235751][T20125]  ? __fget_files+0x2a/0x420
[ 1527.235779][T20125]  ksys_read+0x150/0x270
[ 1527.235797][T20125]  ? __pfx_ksys_read+0x10/0x10
[ 1527.235821][T20125]  do_syscall_64+0x14d/0xf80
[ 1527.235844][T20125]  ? trace_irq_disable+0x3b/0x150
[ 1527.235867][T20125]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1527.235883][T20125]  ? clear_bhb_loop+0x40/0x90
[ 1527.235902][T20125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1527.235917][T20125] RIP: 0033:0x7fc19b55cfce
[ 1527.235931][T20125] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1527.235945][T20125] RSP: 002b:00007fc19c418fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1527.235962][T20125] RAX: ffffffffffffffda RBX: 00007fc19c4196c0 RCX: 00007fc19b55cfce
[ 1527.235975][T20125] RDX: 000000000000000f RSI: 00007fc19c4190a0 RDI: 0000000000000004
[ 1527.235985][T20125] RBP: 00007fc19c419090 R08: 0000000000000000 R09: 0000000000000000
[ 1527.235994][T20125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1527.236003][T20125] R13: 00007fc19b816038 R14: 00007fc19b815fa0 R15: 00007fff5becf5f8
[ 1527.236028][T20125]  </TASK>
[ 1527.622821][T20134] 0: reclassify loop, rule prio 0, protocol 700
[ 1527.661237][T20132] netlink: 11 bytes leftover after parsing attributes in process `syz.4.18375'.
[ 1527.724887][T20140] netlink: 'syz.4.18375': attribute type 7 has an invalid length.
[ 1527.749617][T20139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18378'.
[ 1527.773798][T20139] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18378'.
[ 1527.814951][T20139] xt_hashlimit: size too large, truncated to 1048576
[ 1527.844123][T20139] xt_hashlimit: overflow, try lower: 0/0
[ 1527.880863][T20139] syz_tun: entered allmulticast mode
[ 1527.989599][T20147] lo speed is unknown, defaulting to 1000
[ 1528.033667][T20138] syz_tun: left allmulticast mode
[ 1528.410296][T20181] FAULT_INJECTION: forcing a failure.
[ 1528.410296][T20181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1528.460265][T20181] CPU: 0 UID: 0 PID: 20181 Comm: syz.3.18391 Not tainted syzkaller #0 PREEMPT(full) 
[ 1528.460295][T20181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1528.460310][T20181] Call Trace:
[ 1528.460319][T20181]  <TASK>
[ 1528.460329][T20181]  dump_stack_lvl+0xe8/0x150
[ 1528.460366][T20181]  should_fail_ex+0x412/0x560
[ 1528.460401][T20181]  _copy_to_user+0x31/0xb0
[ 1528.460439][T20181]  simple_read_from_buffer+0xe1/0x170
[ 1528.460478][T20181]  proc_fail_nth_read+0x1bb/0x230
[ 1528.460513][T20181]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1528.460548][T20181]  ? rw_verify_area+0x2a6/0x4d0
[ 1528.460571][T20181]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1528.460605][T20181]  vfs_read+0x20c/0xa70
[ 1528.460627][T20181]  ? fdget_pos+0x246/0x320
[ 1528.460664][T20181]  ? __pfx___mutex_lock+0x10/0x10
[ 1528.460699][T20181]  ? __pfx_vfs_read+0x10/0x10
[ 1528.460725][T20181]  ? __fget_files+0x2a/0x420
[ 1528.460762][T20181]  ? __fget_files+0x3a0/0x420
[ 1528.460793][T20181]  ? __fget_files+0x2a/0x420
[ 1528.460835][T20181]  ksys_read+0x150/0x270
[ 1528.460869][T20181]  ? __pfx_ksys_read+0x10/0x10
[ 1528.460892][T20181]  ? __pfx_sock_ioctl+0x10/0x10
[ 1528.460930][T20181]  do_syscall_64+0x14d/0xf80
[ 1528.460961][T20181]  ? trace_irq_disable+0x3b/0x150
[ 1528.461004][T20181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.461023][T20181]  ? clear_bhb_loop+0x40/0x90
[ 1528.461047][T20181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.461066][T20181] RIP: 0033:0x7f9ff295cfce
[ 1528.461084][T20181] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1528.461101][T20181] RSP: 002b:00007f9ff0bf5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1528.461121][T20181] RAX: ffffffffffffffda RBX: 00007f9ff0bf66c0 RCX: 00007f9ff295cfce
[ 1528.461136][T20181] RDX: 000000000000000f RSI: 00007f9ff0bf60a0 RDI: 0000000000000003
[ 1528.461148][T20181] RBP: 00007f9ff0bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1528.461160][T20181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1528.461171][T20181] R13: 00007f9ff2c16038 R14: 00007f9ff2c15fa0 R15: 00007ffc38d07ed8
[ 1528.461202][T20181]  </TASK>
[ 1529.258310][T20208] lo speed is unknown, defaulting to 1000
[ 1529.314192][T20220] netlink: 'syz.3.18406': attribute type 3 has an invalid length.
[ 1529.370634][T20225] FAULT_INJECTION: forcing a failure.
[ 1529.370634][T20225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1529.415747][T20225] CPU: 0 UID: 0 PID: 20225 Comm: syz.0.18409 Not tainted syzkaller #0 PREEMPT(full) 
[ 1529.415773][T20225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1529.415786][T20225] Call Trace:
[ 1529.415794][T20225]  <TASK>
[ 1529.415802][T20225]  dump_stack_lvl+0xe8/0x150
[ 1529.415834][T20225]  should_fail_ex+0x412/0x560
[ 1529.415864][T20225]  _copy_from_user+0x2d/0xb0
[ 1529.415894][T20225]  ___sys_sendmsg+0x1c6/0x360
[ 1529.415920][T20225]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1529.415969][T20225]  ? __fget_files+0x2a/0x420
[ 1529.415997][T20225]  ? __fget_files+0x3a0/0x420
[ 1529.416051][T20225]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1529.416075][T20225]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1529.416104][T20225]  ? __pfx_ksys_write+0x10/0x10
[ 1529.416137][T20225]  do_syscall_64+0x14d/0xf80
[ 1529.416166][T20225]  ? trace_irq_disable+0x3b/0x150
[ 1529.416195][T20225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1529.416215][T20225]  ? clear_bhb_loop+0x40/0x90
[ 1529.416239][T20225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1529.416275][T20225] RIP: 0033:0x7fc19b59c799
[ 1529.416294][T20225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1529.416311][T20225] RSP: 002b:00007fc19c419028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1529.416333][T20225] RAX: ffffffffffffffda RBX: 00007fc19b815fa0 RCX: 00007fc19b59c799
[ 1529.416348][T20225] RDX: 0000000020040800 RSI: 0000200000000100 RDI: 0000000000000003
[ 1529.416363][T20225] RBP: 00007fc19c419090 R08: 0000000000000000 R09: 0000000000000000
[ 1529.416376][T20225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1529.416388][T20225] R13: 00007fc19b816038 R14: 00007fc19b815fa0 R15: 00007fff5becf5f8
[ 1529.416420][T20225]  </TASK>
[ 1529.699627][T20236] netlink: 'syz.3.18412': attribute type 21 has an invalid length.
[ 1529.708411][T20236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18412'.
[ 1529.718123][T20236] netlink: 'syz.3.18412': attribute type 21 has an invalid length.
[ 1529.726149][T20236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18412'.
[ 1530.113134][T20258] FAULT_INJECTION: forcing a failure.
[ 1530.113134][T20258] name failslab, interval 1, probability 0, space 0, times 0
[ 1530.132603][T20258] CPU: 1 UID: 0 PID: 20258 Comm: syz.4.18418 Not tainted syzkaller #0 PREEMPT(full) 
[ 1530.132644][T20258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1530.132659][T20258] Call Trace:
[ 1530.132676][T20258]  <TASK>
[ 1530.132686][T20258]  dump_stack_lvl+0xe8/0x150
[ 1530.132727][T20258]  should_fail_ex+0x412/0x560
[ 1530.132777][T20258]  should_failslab+0xa8/0x100
[ 1530.132801][T20258]  ? security_inode_alloc+0x39/0x310
[ 1530.132827][T20258]  kmem_cache_alloc_noprof+0x87/0x650
[ 1530.132854][T20258]  security_inode_alloc+0x39/0x310
[ 1530.132881][T20258]  inode_init_always_gfp+0x9ed/0xdc0
[ 1530.132911][T20258]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[ 1530.132941][T20258]  alloc_inode+0x82/0x1b0
[ 1530.132968][T20258]  new_inode+0x22/0x170
[ 1530.132998][T20258]  __debugfs_create_file+0xb8/0x400
[ 1530.133029][T20258]  debugfs_create_file_full+0x3f/0x60
[ 1530.133061][T20258]  ref_tracker_dir_debugfs+0x197/0x360
[ 1530.133087][T20258]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 1530.133135][T20258]  ? __kvmalloc_node_noprof+0x545/0x8a0
[ 1530.133158][T20258]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 1530.133184][T20258]  ? __raw_spin_lock_init+0x45/0x100
[ 1530.133206][T20258]  alloc_netdev_mqs+0x272/0x11b0
[ 1530.133225][T20258]  ? __pfx_vlan_setup+0x10/0x10
[ 1530.133255][T20258]  rtnl_create_link+0x31f/0xd70
[ 1530.133282][T20258]  rtnl_newlink_create+0x277/0xb70
[ 1530.133311][T20258]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1530.133348][T20258]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1530.133379][T20258]  ? __pfx___mutex_lock+0x10/0x10
[ 1530.133418][T20258]  ? ns_capable+0x89/0xe0
[ 1530.133445][T20258]  rtnl_newlink+0x1666/0x1be0
[ 1530.133486][T20258]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1530.133509][T20258]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.133571][T20258]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1530.133596][T20258]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1530.133634][T20258]  ? kmem_cache_free+0x187/0x630
[ 1530.133659][T20258]  ? nlmon_xmit+0xb0/0x100
[ 1530.133719][T20258]  ? __lock_acquire+0x6b5/0x2cf0
[ 1530.133755][T20258]  ? __local_bh_enable_ip+0xd0/0x130
[ 1530.133783][T20258]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1530.133813][T20258]  ? __dev_queue_xmit+0x28b/0x3870
[ 1530.133835][T20258]  ? __local_bh_enable_ip+0xd0/0x130
[ 1530.133866][T20258]  ? __dev_queue_xmit+0x28b/0x3870
[ 1530.133904][T20258]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1530.133926][T20258]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1530.133962][T20258]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1530.133998][T20258]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1530.134016][T20258]  ? ref_tracker_free+0x693/0x840
[ 1530.134034][T20258]  ? __copy_skb_header+0xa3/0x4a0
[ 1530.134049][T20258]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1530.134067][T20258]  ? __skb_clone+0x63/0x7a0
[ 1530.134086][T20258]  netlink_rcv_skb+0x232/0x4b0
[ 1530.134106][T20258]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1530.134145][T20258]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1530.134176][T20258]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1530.134203][T20258]  netlink_unicast+0x80f/0x9b0
[ 1530.134229][T20258]  ? __pfx_netlink_unicast+0x10/0x10
[ 1530.134249][T20258]  ? netlink_sendmsg+0x650/0xb40
[ 1530.134269][T20258]  ? skb_put+0x11b/0x210
[ 1530.134294][T20258]  netlink_sendmsg+0x813/0xb40
[ 1530.134323][T20258]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1530.134346][T20258]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1530.134368][T20258]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1530.134388][T20258]  ____sys_sendmsg+0x972/0x9f0
[ 1530.134410][T20258]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1530.134432][T20258]  ? import_iovec+0x73/0xa0
[ 1530.134459][T20258]  ___sys_sendmsg+0x2a5/0x360
[ 1530.134478][T20258]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1530.134520][T20258]  ? __fget_files+0x2a/0x420
[ 1530.134542][T20258]  ? __fget_files+0x3a0/0x420
[ 1530.134572][T20258]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1530.134589][T20258]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1530.134640][T20258]  ? __pfx_ksys_write+0x10/0x10
[ 1530.134685][T20258]  do_syscall_64+0x14d/0xf80
[ 1530.134717][T20258]  ? trace_irq_disable+0x3b/0x150
[ 1530.134748][T20258]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.134763][T20258]  ? clear_bhb_loop+0x40/0x90
[ 1530.134782][T20258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.134798][T20258] RIP: 0033:0x7fb675f9c799
[ 1530.134812][T20258] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1530.134838][T20258] RSP: 002b:00007fb6741f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1530.134854][T20258] RAX: ffffffffffffffda RBX: 00007fb676215fa0 RCX: 00007fb675f9c799
[ 1530.134865][T20258] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000011
[ 1530.134875][T20258] RBP: 00007fb6741f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1530.134884][T20258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1530.134892][T20258] R13: 00007fb676216038 R14: 00007fb676215fa0 R15: 00007ffd66715b08
[ 1530.134915][T20258]  </TASK>
[ 1530.134939][T20258] debugfs: out of free dentries, can not create file 'netdev@ffff8880b13a6620'
[ 1530.638484][T20258] team_slave_0: entered promiscuous mode
[ 1530.644209][T20258] team_slave_1: entered promiscuous mode
[ 1530.650017][T20258] vlan0: entered promiscuous mode
[ 1530.656611][T20258] team0: entered promiscuous mode
[ 1530.693515][T20264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18421'.
[ 1530.811760][T20270] FAULT_INJECTION: forcing a failure.
[ 1530.811760][T20270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1530.852639][T20270] CPU: 1 UID: 0 PID: 20270 Comm: syz.4.18424 Not tainted syzkaller #0 PREEMPT(full) 
[ 1530.852666][T20270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1530.852678][T20270] Call Trace:
[ 1530.852686][T20270]  <TASK>
[ 1530.852694][T20270]  dump_stack_lvl+0xe8/0x150
[ 1530.852726][T20270]  should_fail_ex+0x412/0x560
[ 1530.852755][T20270]  _copy_from_user+0x2d/0xb0
[ 1530.852785][T20270]  csum_and_copy_from_iter_full+0x1e7/0x1f00
[ 1530.852823][T20270]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[ 1530.852850][T20270]  ? rcu_is_watching+0x15/0xb0
[ 1530.852876][T20270]  ? trace_kmem_cache_alloc+0x29/0xf0
[ 1530.852899][T20270]  ip_generic_getfrag+0x149/0x2d0
[ 1530.852932][T20270]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1530.852970][T20270]  __ip_append_data+0x3995/0x3f30
[ 1530.853016][T20270]  ? __pfx_raw_getfrag+0x10/0x10
[ 1530.853063][T20270]  ? __pfx___ip_append_data+0x10/0x10
[ 1530.853100][T20270]  ? ipv4_mtu+0x53b/0x650
[ 1530.853123][T20270]  ? ipv4_mtu+0x23/0x650
[ 1530.853148][T20270]  ? __pfx_ipv4_mtu+0x10/0x10
[ 1530.853172][T20270]  ? ip_setup_cork+0x57e/0xa50
[ 1530.853203][T20270]  ip_append_data+0x10d/0x190
[ 1530.853234][T20270]  ? __pfx_raw_getfrag+0x10/0x10
[ 1530.853262][T20270]  raw_sendmsg+0x14be/0x1a50
[ 1530.853304][T20270]  ? __pfx_raw_sendmsg+0x10/0x10
[ 1530.853345][T20270]  ? aa_sk_perm+0x6d5/0x900
[ 1530.853374][T20270]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1530.853394][T20270]  ? tomoyo_socket_sendmsg_permission+0x215/0x300
[ 1530.853424][T20270]  ? sock_rps_record_flow+0x19/0x350
[ 1530.853452][T20270]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1530.853481][T20270]  ? inet_sendmsg+0x2f4/0x370
[ 1530.853507][T20270]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1530.853528][T20270]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1530.853556][T20270]  __sys_sendto+0x5de/0x710
[ 1530.853587][T20270]  ? __pfx___sys_sendto+0x10/0x10
[ 1530.853612][T20270]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1530.853653][T20270]  ? __fget_files+0x3a0/0x420
[ 1530.853690][T20270]  ? ksys_write+0x242/0x270
[ 1530.853713][T20270]  ? __pfx_ksys_write+0x10/0x10
[ 1530.853739][T20270]  __x64_sys_sendto+0xde/0x100
[ 1530.853770][T20270]  do_syscall_64+0x14d/0xf80
[ 1530.853796][T20270]  ? trace_irq_disable+0x3b/0x150
[ 1530.853823][T20270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.853842][T20270]  ? clear_bhb_loop+0x40/0x90
[ 1530.853865][T20270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.853884][T20270] RIP: 0033:0x7fb675f9c799
[ 1530.853902][T20270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1530.853919][T20270] RSP: 002b:00007fb6741f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1530.853940][T20270] RAX: ffffffffffffffda RBX: 00007fb676215fa0 RCX: 00007fb675f9c799
[ 1530.853955][T20270] RDX: 0000000000000008 RSI: 0000200000000540 RDI: 0000000000000003
[ 1530.853967][T20270] RBP: 00007fb6741f6090 R08: 0000200000000080 R09: 0000000000000010
[ 1530.853980][T20270] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1530.853992][T20270] R13: 00007fb676216038 R14: 00007fb676215fa0 R15: 00007ffd66715b08
[ 1530.854022][T20270]  </TASK>
[ 1531.422565][T20292] netlink: 28 bytes leftover after parsing attributes in process `syz.4.18430'.
[ 1531.443399][T20277] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1531.459828][T20277] bond3: (slave lo): Enslaving as an active interface with an up link
[ 1531.491343][T20277] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1531.513527][T20296] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.18431'.
[ 1531.526602][T20274] lo speed is unknown, defaulting to 1000
[ 1531.723523][T20305] Cannot find set identified by id 0 to match
[ 1532.105254][   T30] audit: type=1800 audit(1773699815.930:2): pid=20325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.18441" name="blkio.bfq.time_recursive" dev="tmpfs" ino=727 res=0 errno=0
[ 1532.240621][T20330] netlink: 'syz.3.18442': attribute type 1 has an invalid length.
[ 1532.263194][T20330] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18442'.
[ 1532.428529][T20340] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18445'.
[ 1532.623995][T20344] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18447'.
[ 1532.930511][T20367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18455'.
[ 1532.947511][T20367] xt_hashlimit: size too large, truncated to 1048576
[ 1532.964792][T20367] xt_hashlimit: overflow, try lower: 0/0
[ 1533.054596][T20367] syz_tun: entered allmulticast mode
[ 1533.095900][T20366] syz_tun: left allmulticast mode
[ 1533.187945][T20374] lo speed is unknown, defaulting to 1000
[ 1534.214310][T20417] team_slave_0: entered promiscuous mode
[ 1534.220093][T20417] team_slave_1: entered promiscuous mode
[ 1534.227734][T20417] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1540.152731][T20451] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18473'.
[ 1540.183350][T20451] xt_hashlimit: size too large, truncated to 1048576
[ 1540.202674][T20451] xt_hashlimit: overflow, try lower: 0/0
[ 1540.216485][T20451] syz_tun: entered allmulticast mode
[ 1540.290297][T20448] syz_tun: left allmulticast mode
[ 1540.333335][T20461] lo speed is unknown, defaulting to 1000
[ 1540.564693][T20473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18478'.
[ 1540.723013][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1540.732266][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1540.745294][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1540.765280][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1540.773711][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1540.982032][T20473] vlan2: entered promiscuous mode
[ 1540.988816][T20473] batadv0: entered promiscuous mode
[ 1541.186058][T20482] FAULT_INJECTION: forcing a failure.
[ 1541.186058][T20482] name failslab, interval 1, probability 0, space 0, times 0
[ 1541.199214][T20482] CPU: 1 UID: 0 PID: 20482 Comm: syz.3.18484 Not tainted syzkaller #0 PREEMPT(full) 
[ 1541.199238][T20482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1541.199250][T20482] Call Trace:
[ 1541.199258][T20482]  <TASK>
[ 1541.199267][T20482]  dump_stack_lvl+0xe8/0x150
[ 1541.199299][T20482]  should_fail_ex+0x412/0x560
[ 1541.199329][T20482]  should_failslab+0xa8/0x100
[ 1541.199353][T20482]  ? skb_clone+0x212/0x3a0
[ 1541.199373][T20482]  kmem_cache_alloc_noprof+0x87/0x650
[ 1541.199392][T20482]  ? __netlink_lookup+0xc6/0x8b0
[ 1541.199426][T20482]  skb_clone+0x212/0x3a0
[ 1541.199449][T20482]  __netlink_deliver_tap+0x404/0x850
[ 1541.199486][T20482]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1541.199514][T20482]  netlink_deliver_tap+0x19c/0x1b0
[ 1541.199542][T20482]  netlink_unicast+0x7e3/0x9b0
[ 1541.199616][T20482]  ? __pfx_netlink_unicast+0x10/0x10
[ 1541.199643][T20482]  ? netlink_sendmsg+0x650/0xb40
[ 1541.199669][T20482]  ? skb_put+0x11b/0x210
[ 1541.199702][T20482]  netlink_sendmsg+0x813/0xb40
[ 1541.199739][T20482]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1541.199789][T20482]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1541.199820][T20482]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1541.199849][T20482]  ____sys_sendmsg+0x972/0x9f0
[ 1541.199881][T20482]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1541.199914][T20482]  ? import_iovec+0x73/0xa0
[ 1541.199952][T20482]  ___sys_sendmsg+0x2a5/0x360
[ 1541.199981][T20482]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1541.200043][T20482]  ? __fget_files+0x2a/0x420
[ 1541.200076][T20482]  ? __fget_files+0x3a0/0x420
[ 1541.200119][T20482]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1541.200144][T20482]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1541.200178][T20482]  ? __pfx_ksys_write+0x10/0x10
[ 1541.200218][T20482]  do_syscall_64+0x14d/0xf80
[ 1541.200250][T20482]  ? trace_irq_disable+0x3b/0x150
[ 1541.200281][T20482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1541.200304][T20482]  ? clear_bhb_loop+0x40/0x90
[ 1541.200331][T20482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1541.200353][T20482] RIP: 0033:0x7f9ff299c799
[ 1541.200374][T20482] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1541.200394][T20482] RSP: 002b:00007f9ff0bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1541.200417][T20482] RAX: ffffffffffffffda RBX: 00007f9ff2c15fa0 RCX: 00007f9ff299c799
[ 1541.200434][T20482] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1541.200449][T20482] RBP: 00007f9ff0bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1541.200463][T20482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1541.200476][T20482] R13: 00007f9ff2c16038 R14: 00007f9ff2c15fa0 R15: 00007ffc38d07ed8
[ 1541.200513][T20482]  </TASK>
[ 1541.512969][T20480] netlink: 'syz.4.18483': attribute type 29 has an invalid length.
[ 1541.522200][T20483] netlink: 'syz.4.18483': attribute type 29 has an invalid length.
[ 1541.558808][T20480] netlink: 288 bytes leftover after parsing attributes in process `syz.4.18483'.
[ 1541.584093][T20476] lo speed is unknown, defaulting to 1000
[ 1541.717793][T20492] TCP: tcp_parse_options: Illegal window scaling value 128 > 14 received
[ 1541.842083][T20495] ipvlan2: entered promiscuous mode
[ 1541.981893][T20501] lo speed is unknown, defaulting to 1000
[ 1542.092283][T20476] chnl_net:caif_netlink_parms(): no params data found
[ 1542.129922][T20513] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18493'.
[ 1542.591365][T20476] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1542.609574][T20476] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1542.618464][T20476] bridge_slave_0: entered allmulticast mode
[ 1542.627262][T20476] bridge_slave_0: entered promiscuous mode
[ 1542.658221][T20476] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1542.683469][T20476] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1542.690732][T20476] bridge_slave_1: entered allmulticast mode
[ 1542.706190][T20476] bridge_slave_1: entered promiscuous mode
[ 1542.768840][T20476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1542.803355][ T5831] Bluetooth: hci0: command tx timeout
[ 1542.828211][T20476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1542.868041][T20476] team0: Port device team_slave_0 added
[ 1542.877854][T20476] team0: Port device team_slave_1 added
[ 1542.919121][T20476] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1542.926869][T20476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1542.961156][T20557] netlink: 'syz.4.18512': attribute type 1 has an invalid length.
[ 1542.970158][T20476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1543.033801][T20557] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1543.055339][T20476] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1543.072452][T20476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1543.098960][T20476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1543.138599][T20558] bond4: (slave gretap1): making interface the new active one
[ 1543.150441][T20558] bond4: (slave gretap1): Enslaving as an active interface with an up link
[ 1543.468651][T20476] hsr_slave_0: entered promiscuous mode
[ 1543.475669][T20476] hsr_slave_1: entered promiscuous mode
[ 1543.481820][T20476] debugfs: 'hsr0' already exists in 'hsr'
[ 1543.503144][T20476] Cannot create hsr debugfs directory
[ 1543.565229][T20583] FAULT_INJECTION: forcing a failure.
[ 1543.565229][T20583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1543.599383][ T3543] batadv1: left allmulticast mode
[ 1543.613166][ T3543] batadv1: left promiscuous mode
[ 1543.618345][T20583] CPU: 0 UID: 0 PID: 20583 Comm: syz.3.18521 Not tainted syzkaller #0 PREEMPT(full) 
[ 1543.618369][T20583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1543.618382][T20583] Call Trace:
[ 1543.618391][T20583]  <TASK>
[ 1543.618399][T20583]  dump_stack_lvl+0xe8/0x150
[ 1543.618432][T20583]  should_fail_ex+0x412/0x560
[ 1543.618462][T20583]  _copy_from_iter+0x1d3/0x1670
[ 1543.618493][T20583]  ? rcu_is_watching+0x15/0xb0
[ 1543.618525][T20583]  ? __pfx__copy_from_iter+0x10/0x10
[ 1543.618558][T20583]  ? netlink_sendmsg+0x650/0xb40
[ 1543.618584][T20583]  ? skb_put+0x11b/0x210
[ 1543.618614][T20583]  netlink_sendmsg+0x6c0/0xb40
[ 1543.618649][T20583]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1543.618678][T20583]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1543.618704][T20583]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1543.618728][T20583]  ____sys_sendmsg+0x972/0x9f0
[ 1543.618756][T20583]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1543.618783][T20583]  ? import_iovec+0x73/0xa0
[ 1543.618814][T20583]  ___sys_sendmsg+0x2a5/0x360
[ 1543.618838][T20583]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1543.618888][T20583]  ? __fget_files+0x2a/0x420
[ 1543.618916][T20583]  ? __fget_files+0x3a0/0x420
[ 1543.618960][T20583]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1543.618982][T20583]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1543.619010][T20583]  ? __pfx_ksys_write+0x10/0x10
[ 1543.619041][T20583]  do_syscall_64+0x14d/0xf80
[ 1543.619068][T20583]  ? trace_irq_disable+0x3b/0x150
[ 1543.619095][T20583]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1543.619114][T20583]  ? clear_bhb_loop+0x40/0x90
[ 1543.619137][T20583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1543.619156][T20583] RIP: 0033:0x7f9ff299c799
[ 1543.619173][T20583] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1543.619190][T20583] RSP: 002b:00007f9ff0bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1543.619211][T20583] RAX: ffffffffffffffda RBX: 00007f9ff2c15fa0 RCX: 00007f9ff299c799
[ 1543.619225][T20583] RDX: 0000000020004800 RSI: 0000200000000300 RDI: 0000000000000003
[ 1543.619254][T20583] RBP: 00007f9ff0bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1543.619271][T20583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1543.619283][T20583] R13: 00007f9ff2c16038 R14: 00007f9ff2c15fa0 R15: 00007ffc38d07ed8
[ 1543.619314][T20583]  </TASK>
[ 1543.620671][ T3543] bridge0: port 3(batadv1) entered disabled state
[ 1543.876583][ T3543] bridge_slave_1: left allmulticast mode
[ 1543.909623][ T3543] bridge_slave_1: left promiscuous mode
[ 1543.915951][ T3543] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1543.934491][ T3543] ¾x9ÿ: left allmulticast mode
[ 1543.939312][ T3543] ¾x9ÿ: left promiscuous mode
[ 1543.953853][ T3543] bridge0: port 1(
1¾x9ÿ) entered disabled state
[ 1543.981603][ T3543] batman_adv: batadv0: Interface deactivated: gretap1
[ 1544.024771][T20599] netlink: 164 bytes leftover after parsing attributes in process `syz.3.18524'.
[ 1544.254196][ T3543] batman_adv: batadv0: Removing interface: gretap1
[ 1544.278083][T20607] netlink: 'syz.4.18530': attribute type 3 has an invalid length.
[ 1544.436632][ T3543] bond5 (unregistering): (slave bridge2): Releasing backup interface
[ 1544.444905][ T3543] bridge2 (unregistering): left promiscuous mode
[ 1544.497338][ T3543] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1544.507467][ T3543] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1544.518495][ T3543] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1544.530465][ T3543] bond0 (unregistering): Released all slaves
[ 1544.542760][ T3543] bond1 (unregistering): Released all slaves
[ 1544.558355][ T3543] bond2 (unregistering): Released all slaves
[ 1544.575628][ T3543] bond3 (unregistering): Released all slaves
[ 1544.600342][ T3543] bond4 (unregistering): (slave veth3): Releasing active interface
[ 1544.609800][ T3543] bond4 (unregistering): Released all slaves
[ 1544.625155][ T3543] bond5 (unregistering): Released all slaves
[ 1544.651068][T20595] vxcan2: entered allmulticast mode
[ 1544.671524][T20607] FAULT_INJECTION: forcing a failure.
[ 1544.671524][T20607] name failslab, interval 1, probability 0, space 0, times 0
[ 1544.685198][T20607] CPU: 1 UID: 0 PID: 20607 Comm: syz.4.18530 Not tainted syzkaller #0 PREEMPT(full) 
[ 1544.685225][T20607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1544.685239][T20607] Call Trace:
[ 1544.685247][T20607]  <TASK>
[ 1544.685256][T20607]  dump_stack_lvl+0xe8/0x150
[ 1544.685290][T20607]  should_fail_ex+0x412/0x560
[ 1544.685322][T20607]  should_failslab+0xa8/0x100
[ 1544.685351][T20607]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1544.685379][T20607]  ? __alloc_skb+0x1d0/0x7d0
[ 1544.685406][T20607]  ? __local_bh_enable_ip+0xd0/0x130
[ 1544.685437][T20607]  __alloc_skb+0x1d0/0x7d0
[ 1544.685465][T20607]  ? netlink_ack_tlv_len+0x6c/0x210
[ 1544.685495][T20607]  netlink_ack+0x146/0xa50
[ 1544.685519][T20607]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1544.685539][T20607]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1544.685569][T20607]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1544.685598][T20607]  ? __lock_acquire+0x6b5/0x2cf0
[ 1544.685636][T20607]  netlink_rcv_skb+0x2b6/0x4b0
[ 1544.685683][T20607]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1544.685707][T20607]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1544.685763][T20607]  ? down_read+0x272/0x2e0
[ 1544.685782][T20607]  ? genl_rcv+0xd/0x40
[ 1544.685805][T20607]  genl_rcv+0x28/0x40
[ 1544.685825][T20607]  netlink_unicast+0x80f/0x9b0
[ 1544.685861][T20607]  ? __pfx_netlink_unicast+0x10/0x10
[ 1544.685890][T20607]  ? netlink_sendmsg+0x650/0xb40
[ 1544.685918][T20607]  ? skb_put+0x11b/0x210
[ 1544.685952][T20607]  netlink_sendmsg+0x813/0xb40
[ 1544.685993][T20607]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1544.686027][T20607]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1544.686057][T20607]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1544.686085][T20607]  ____sys_sendmsg+0x972/0x9f0
[ 1544.686117][T20607]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1544.686149][T20607]  ? import_iovec+0x73/0xa0
[ 1544.686195][T20607]  ___sys_sendmsg+0x2a5/0x360
[ 1544.686221][T20607]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1544.686278][T20607]  ? __fget_files+0x2a/0x420
[ 1544.686306][T20607]  ? __fget_files+0x3a0/0x420
[ 1544.686346][T20607]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1544.686370][T20607]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1544.686401][T20607]  ? __pfx_ksys_write+0x10/0x10
[ 1544.686434][T20607]  do_syscall_64+0x14d/0xf80
[ 1544.686463][T20607]  ? trace_irq_disable+0x3b/0x150
[ 1544.686491][T20607]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1544.686513][T20607]  ? clear_bhb_loop+0x40/0x90
[ 1544.686537][T20607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1544.686558][T20607] RIP: 0033:0x7fb675f9c799
[ 1544.686577][T20607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1544.686596][T20607] RSP: 002b:00007fb6741f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1544.686618][T20607] RAX: ffffffffffffffda RBX: 00007fb676215fa0 RCX: 00007fb675f9c799
[ 1544.686644][T20607] RDX: 0000000000028000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1544.686657][T20607] RBP: 00007fb6741f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1544.686669][T20607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1544.686681][T20607] R13: 00007fb676216038 R14: 00007fb676215fa0 R15: 00007ffd66715b08
[ 1544.686712][T20607]  </TASK>
[ 1545.014098][ T5831] Bluetooth: hci0: command tx timeout
[ 1545.097976][T20614] netlink: 36 bytes leftover after parsing attributes in process `syz.4.18533'.
[ 1545.204191][T20609] lo speed is unknown, defaulting to 1000
[ 1545.260275][ T3543] tipc: Left network mode
[ 1545.988188][ T3543] hsr_slave_0: left promiscuous mode
[ 1546.012945][ T3543] hsr_slave_1: left promiscuous mode
[ 1546.019791][ T3543] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1546.032333][ T3543] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1546.171418][T20659] x_tables: duplicate underflow at hook 4
[ 1546.789203][T20476] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1546.837225][T20476] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1546.876267][T20476] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1546.914886][T20476] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1547.042513][ T5831] Bluetooth: hci0: command tx timeout
[ 1547.099081][T20476] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1547.120051][T20476] 8021q: adding VLAN 0 to HW filter on device team0
[ 1547.139456][T25958] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1547.146620][T25958] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1547.196800][T25958] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1547.204012][T25958] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1547.266104][ T3543] IPVS: stop unused estimator thread 0...
[ 1547.830519][T20476] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1547.945386][T20476] veth0_vlan: entered promiscuous mode
[ 1547.962012][T20476] veth1_vlan: entered promiscuous mode
[ 1548.000003][T20476] veth0_macvtap: entered promiscuous mode
[ 1548.011208][T20476] veth1_macvtap: entered promiscuous mode
[ 1548.031742][T20476] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1548.045831][T20476] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1548.059007][   T48] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1548.068245][   T48] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1548.078955][   T48] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1548.089994][T25958] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1548.170276][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1548.185192][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1548.209153][T25958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1548.217712][T25958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1549.122699][ T5831] Bluetooth: hci0: command tx timeout
[ 1553.627521][T20773] lo speed is unknown, defaulting to 1000
[ 1553.869313][T15776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1553.878359][T15776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1553.886492][T15776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1553.894438][T15776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1553.902256][T15776] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1554.020187][T20785] lo speed is unknown, defaulting to 1000
[ 1554.415105][T20813] netlink: 'syz.0.18573': attribute type 2 has an invalid length.
[ 1554.437125][T20815] FAULT_INJECTION: forcing a failure.
[ 1554.437125][T20815] name failslab, interval 1, probability 0, space 0, times 0
[ 1554.449817][T20815] CPU: 0 UID: 0 PID: 20815 Comm: syz.1.18574 Not tainted syzkaller #0 PREEMPT(full) 
[ 1554.449845][T20815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1554.449859][T20815] Call Trace:
[ 1554.449869][T20815]  <TASK>
[ 1554.449879][T20815]  dump_stack_lvl+0xe8/0x150
[ 1554.449916][T20815]  should_fail_ex+0x412/0x560
[ 1554.449950][T20815]  should_failslab+0xa8/0x100
[ 1554.449980][T20815]  __kmalloc_noprof+0xe8/0x760
[ 1554.450006][T20815]  ? switchdev_deferred_enqueue+0x2d/0x240
[ 1554.450168][T20815]  ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10
[ 1554.450201][T20815]  switchdev_deferred_enqueue+0x2d/0x240
[ 1554.450240][T20815]  br_set_state+0x374/0x730
[ 1554.450306][T20815]  ? __pfx_br_set_state+0x10/0x10
[ 1554.450327][T20815]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1554.450354][T20815]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1554.450384][T20815]  ? br_setlink+0x436/0x8c0
[ 1554.450415][T20815]  br_setlink+0x681/0x8c0
[ 1554.450450][T20815]  ? __pfx_br_setlink+0x10/0x10
[ 1554.450518][T20815]  ? __mutex_lock+0x5ac/0x1300
[ 1554.450559][T20815]  ? mutex_is_locked+0x17/0x50
[ 1554.450596][T20815]  rtnl_bridge_setlink+0x5bb/0x7e0
[ 1554.450637][T20815]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[ 1554.450679][T20815]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[ 1554.450711][T20815]  rtnetlink_rcv_msg+0x77e/0xbe0
[ 1554.450747][T20815]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1554.450777][T20815]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1554.450806][T20815]  ? ref_tracker_free+0x693/0x840
[ 1554.450834][T20815]  ? __copy_skb_header+0xa3/0x4a0
[ 1554.450857][T20815]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1554.450885][T20815]  ? __skb_clone+0x63/0x7a0
[ 1554.450917][T20815]  netlink_rcv_skb+0x232/0x4b0
[ 1554.450951][T20815]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1554.450984][T20815]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1554.451027][T20815]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1554.451065][T20815]  netlink_unicast+0x80f/0x9b0
[ 1554.451102][T20815]  ? __pfx_netlink_unicast+0x10/0x10
[ 1554.451132][T20815]  ? netlink_sendmsg+0x650/0xb40
[ 1554.451161][T20815]  ? skb_put+0x11b/0x210
[ 1554.451198][T20815]  netlink_sendmsg+0x813/0xb40
[ 1554.451240][T20815]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1554.451281][T20815]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1554.451313][T20815]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1554.451341][T20815]  ____sys_sendmsg+0x972/0x9f0
[ 1554.451375][T20815]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1554.451408][T20815]  ? import_iovec+0x73/0xa0
[ 1554.451446][T20815]  ___sys_sendmsg+0x2a5/0x360
[ 1554.451475][T20815]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1554.451537][T20815]  ? __fget_files+0x2a/0x420
[ 1554.451569][T20815]  ? __fget_files+0x3a0/0x420
[ 1554.451612][T20815]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1554.451638][T20815]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1554.451672][T20815]  ? __pfx_ksys_write+0x10/0x10
[ 1554.451709][T20815]  do_syscall_64+0x14d/0xf80
[ 1554.451741][T20815]  ? trace_irq_disable+0x3b/0x150
[ 1554.451773][T20815]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1554.451798][T20815]  ? clear_bhb_loop+0x40/0x90
[ 1554.451826][T20815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1554.451849][T20815] RIP: 0033:0x7f664dd9c799
[ 1554.451870][T20815] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1554.451891][T20815] RSP: 002b:00007f664ebb0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1554.451915][T20815] RAX: ffffffffffffffda RBX: 00007f664e015fa0 RCX: 00007f664dd9c799
[ 1554.451932][T20815] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1554.451947][T20815] RBP: 00007f664ebb0090 R08: 0000000000000000 R09: 0000000000000000
[ 1554.451962][T20815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1554.451976][T20815] R13: 00007f664e016038 R14: 00007f664e015fa0 R15: 00007fff6cc84298
[ 1554.452012][T20815]  </TASK>
[ 1554.452023][T20815] bridge0: error setting offload STP state on port 1(bridge_slave_0)
[ 1554.938991][T20785] chnl_net:caif_netlink_parms(): no params data found
[ 1555.100426][ T1039] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1555.133277][T20826] netlink: 65173 bytes leftover after parsing attributes in process `syz.0.18577'.
[ 1555.190765][ T1039] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1555.306531][ T1039] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1555.359053][T20848] netlink: 'syz.2.18583': attribute type 1 has an invalid length.
[ 1555.378223][T20785] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1555.386147][T20785] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1555.393473][T20785] bridge_slave_0: entered allmulticast mode
[ 1555.401316][T20785] bridge_slave_0: entered promiscuous mode
[ 1555.419117][ T1039] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1555.482809][T20851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18583'.
[ 1555.663401][T20785] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1555.670592][T20785] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1555.700686][T20785] bridge_slave_1: entered allmulticast mode
[ 1555.726950][T20785] bridge_slave_1: entered promiscuous mode
[ 1555.767691][T20860] xt_CT: No such helper "syz1"
[ 1555.937274][T20855] lo speed is unknown, defaulting to 1000
[ 1555.947928][T20785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1556.003246][T15776] Bluetooth: hci3: command tx timeout
[ 1556.035642][T20785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1556.245491][T20785] team0: Port device team_slave_0 added
[ 1556.255234][T20785] team0: Port device team_slave_1 added
[ 1556.343071][T20785] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1556.350081][T20785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1556.426176][T20785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1556.445664][ T1039] bridge_slave_1: left allmulticast mode
[ 1556.451382][ T1039] bridge_slave_1: left promiscuous mode
[ 1556.457406][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1557.105655][ T1039] bond4 (unregistering): (slave gretap1): Releasing active interface
[ 1557.134269][T20910] x_tables: duplicate entry at hook 1
[ 1557.231208][ T1039] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1557.350191][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1557.362937][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1557.372898][ T1039] bond0 (unregistering): Released all slaves
[ 1557.391126][ T1039] bond1 (unregistering): Released all slaves
[ 1557.418945][ T1039] bond2 (unregistering): Released all slaves
[ 1557.436904][ T1039] bond3 (unregistering): Released all slaves
[ 1557.461325][ T1039] bond4 (unregistering): Released all slaves
[ 1557.495385][T20785] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1557.503151][T20785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1557.565494][T20785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1557.695674][T20922] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18600'.
[ 1557.719147][T20895] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1557.753254][ T1039] tipc: Left network mode
[ 1557.800076][T20926] netlink: 'syz.3.18603': attribute type 39 has an invalid length.
[ 1557.838481][T20785] hsr_slave_0: entered promiscuous mode
[ 1557.846975][T20785] hsr_slave_1: entered promiscuous mode
[ 1557.854045][T20785] debugfs: 'hsr0' already exists in 'hsr'
[ 1557.860058][T20927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18603'.
[ 1557.869523][T20785] Cannot create hsr debugfs directory
[ 1557.965109][T20895] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1557.998154][T20933] netlink: 'syz.2.18606': attribute type 13 has an invalid length.
[ 1558.007753][T20933] netlink: 'syz.2.18606': attribute type 17 has an invalid length.
[ 1558.095463][T15776] Bluetooth: hci3: command tx timeout
[ 1558.171955][T20933] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1558.341057][T20895] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1558.448706][T20942] IPVS: set_ctl: invalid protocol: 47 10.1.1.1:20001
[ 1558.488859][ T1039] hsr_slave_0: left promiscuous mode
[ 1558.516078][ T1039] hsr_slave_1: left promiscuous mode
[ 1558.553555][ T1039] veth1_macvtap: left promiscuous mode
[ 1558.569128][ T1039] veth0_macvtap: left promiscuous mode
[ 1558.758237][T20958] xt_CHECKSUM: unsupported CHECKSUM operation 68
[ 1558.969992][ T1039] team_slave_1 (unregistering): left promiscuous mode
[ 1558.993526][ T1039] team0 (unregistering): Port device team_slave_1 removed
[ 1559.021380][ T1039] team_slave_0 (unregistering): left promiscuous mode
[ 1559.037712][ T1039] team0 (unregistering): Port device team_slave_0 removed
[ 1559.267827][T20895] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1559.371197][T19951] lo speed is unknown, defaulting to 1000
[ 1559.392083][T19951] infiniband syz2: ib_query_port failed (-19)
[ 1559.736539][   T62] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.789991][   T62] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.864511][ T1039] IPVS: stop unused estimator thread 0...
[ 1559.889393][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.976490][   T62] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1560.163283][T15776] Bluetooth: hci3: command tx timeout
[ 1560.184994][T21007] sctp: [Deprecated]: syz.1.18619 (pid 21007) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1560.184994][T21007] Use struct sctp_sack_info instead
[ 1560.255963][T21010] netlink: 20 bytes leftover after parsing attributes in process `syz.0.18620'.
[ 1560.266942][T21012] netlink: 'syz.1.18619': attribute type 1 has an invalid length.
[ 1560.857318][T20785] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1560.900566][T21024] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[ 1560.926328][T20785] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1560.984792][T20785] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1561.026746][T21035] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18625'.
[ 1561.059824][T20785] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1561.086124][T21035] 8021q: VLANs not supported on nlmon0
[ 1561.204250][T21047] Bluetooth: MGMT ver 1.23
[ 1561.267497][T21052] netlink: 65173 bytes leftover after parsing attributes in process `syz.3.18629'.
[ 1561.409102][T21058] netlink: 44 bytes leftover after parsing attributes in process `syz.1.18632'.
[ 1561.457964][T21058] netlink: 44 bytes leftover after parsing attributes in process `syz.1.18632'.
[ 1561.504228][T20785] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1561.776613][T20785] 8021q: adding VLAN 0 to HW filter on device team0
[ 1561.818831][ T3480] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1561.826094][ T3480] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1561.904471][ T3543] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1561.911665][ T3543] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1562.037998][T21082] FAULT_INJECTION: forcing a failure.
[ 1562.037998][T21082] name failslab, interval 1, probability 0, space 0, times 0
[ 1562.070712][T21082] CPU: 1 UID: 0 PID: 21082 Comm: syz.2.18640 Not tainted syzkaller #0 PREEMPT(full) 
[ 1562.070743][T21082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1562.070758][T21082] Call Trace:
[ 1562.070767][T21082]  <TASK>
[ 1562.070777][T21082]  dump_stack_lvl+0xe8/0x150
[ 1562.070815][T21082]  should_fail_ex+0x412/0x560
[ 1562.070851][T21082]  should_failslab+0xa8/0x100
[ 1562.070884][T21082]  ? skb_clone+0x212/0x3a0
[ 1562.070908][T21082]  kmem_cache_alloc_noprof+0x87/0x650
[ 1562.070931][T21082]  ? __netlink_lookup+0xc6/0x8b0
[ 1562.071019][T21082]  skb_clone+0x212/0x3a0
[ 1562.071047][T21082]  __netlink_deliver_tap+0x404/0x850
[ 1562.071091][T21082]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1562.071123][T21082]  netlink_deliver_tap+0x19c/0x1b0
[ 1562.071156][T21082]  netlink_unicast+0x7e3/0x9b0
[ 1562.071194][T21082]  ? __pfx_netlink_unicast+0x10/0x10
[ 1562.071224][T21082]  ? netlink_sendmsg+0x650/0xb40
[ 1562.071253][T21082]  ? skb_put+0x11b/0x210
[ 1562.071289][T21082]  netlink_sendmsg+0x813/0xb40
[ 1562.071330][T21082]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1562.071366][T21082]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1562.071397][T21082]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1562.071427][T21082]  ____sys_sendmsg+0x972/0x9f0
[ 1562.071460][T21082]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1562.071492][T21082]  ? import_iovec+0x73/0xa0
[ 1562.071531][T21082]  ___sys_sendmsg+0x2a5/0x360
[ 1562.071560][T21082]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1562.071623][T21082]  ? __fget_files+0x2a/0x420
[ 1562.071654][T21082]  ? __fget_files+0x3a0/0x420
[ 1562.071700][T21082]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1562.071727][T21082]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1562.071760][T21082]  ? __pfx_ksys_write+0x10/0x10
[ 1562.071799][T21082]  do_syscall_64+0x14d/0xf80
[ 1562.071832][T21082]  ? trace_irq_disable+0x3b/0x150
[ 1562.071864][T21082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.071889][T21082]  ? clear_bhb_loop+0x40/0x90
[ 1562.071917][T21082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.071940][T21082] RIP: 0033:0x7f783859c799
[ 1562.071961][T21082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1562.071987][T21082] RSP: 002b:00007f78394a7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1562.072012][T21082] RAX: ffffffffffffffda RBX: 00007f7838815fa0 RCX: 00007f783859c799
[ 1562.072029][T21082] RDX: 0000000000004040 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1562.072044][T21082] RBP: 00007f78394a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1562.072059][T21082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1562.072073][T21082] R13: 00007f7838816038 R14: 00007f7838815fa0 R15: 00007ffc04988d78
[ 1562.072109][T21082]  </TASK>
[ 1562.112861][T21083] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18639'.
[ 1562.271087][T15776] Bluetooth: hci3: command tx timeout
[ 1562.375907][T21083] 8021q: VLANs not supported on nlmon0
[ 1562.754476][T21098] FAULT_INJECTION: forcing a failure.
[ 1562.754476][T21098] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1562.832556][T21098] CPU: 1 UID: 0 PID: 21098 Comm: syz.2.18642 Not tainted syzkaller #0 PREEMPT(full) 
[ 1562.832588][T21098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1562.832602][T21098] Call Trace:
[ 1562.832611][T21098]  <TASK>
[ 1562.832621][T21098]  dump_stack_lvl+0xe8/0x150
[ 1562.832658][T21098]  should_fail_ex+0x412/0x560
[ 1562.832693][T21098]  prepare_alloc_pages+0x22a/0x650
[ 1562.832730][T21098]  __alloc_frozen_pages_noprof+0x12f/0x380
[ 1562.832763][T21098]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1562.832796][T21098]  ? __pfx_policy_nodemask+0x10/0x10
[ 1562.832837][T21098]  alloc_pages_mpol+0x232/0x4a0
[ 1562.832871][T21098]  vma_alloc_folio_noprof+0xea/0x210
[ 1562.832903][T21098]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1562.832952][T21098]  do_wp_page+0x1204/0x5a00
[ 1562.832991][T21098]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1562.833031][T21098]  ? __pfx_do_wp_page+0x10/0x10
[ 1562.833059][T21098]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1562.833086][T21098]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1562.833133][T21098]  handle_mm_fault+0x1520/0x3310
[ 1562.833180][T21098]  ? handle_mm_fault+0xee/0x3310
[ 1562.833221][T21098]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1562.833267][T21098]  ? __pfx___up_read+0x10/0x10
[ 1562.833293][T21098]  ? lock_mm_and_find_vma+0xa7/0x340
[ 1562.833321][T21098]  do_user_addr_fault+0x75b/0x1340
[ 1562.833372][T21098]  exc_page_fault+0x6a/0xc0
[ 1562.833423][T21098]  asm_exc_page_fault+0x26/0x30
[ 1562.833446][T21098] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1562.833472][T21098] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1562.833491][T21098] RSP: 0000:ffffc90004aaf5f8 EFLAGS: 00050206
[ 1562.833512][T21098] RAX: ffffffff84ac1801 RBX: ffff8880abdc0000 RCX: 00000000000186a0
[ 1562.833529][T21098] RDX: 0000000000000000 RSI: ffff8880abdca940 RDI: 000020000000b000
[ 1562.833545][T21098] RBP: ffffc90004aaf770 R08: ffff8880abde2fdf R09: 1ffff110157bc5fb
[ 1562.833561][T21098] R10: dffffc0000000000 R11: ffffed10157bc5fc R12: dffffc0000000000
[ 1562.833578][T21098] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000022fe0
[ 1562.833606][T21098]  ? _copy_to_iter+0x451/0x17d0
[ 1562.833645][T21098]  _copy_to_iter+0x493/0x17d0
[ 1562.833675][T21098]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1562.833721][T21098]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1562.833744][T21098]  ? __pfx__copy_to_iter+0x10/0x10
[ 1562.833786][T21098]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1562.833821][T21098]  __skb_datagram_iter+0xf8/0x980
[ 1562.833845][T21098]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 1562.833870][T21098]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1562.833897][T21098]  ? __pfx_sk_busy_loop_end+0x10/0x10
[ 1562.833931][T21098]  skb_copy_datagram_iter+0xb5/0x270
[ 1562.833966][T21098]  __unix_dgram_recvmsg+0x666/0xd50
[ 1562.834012][T21098]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[ 1562.834051][T21098]  ? is_bpf_text_address+0x26/0x2b0
[ 1562.834081][T21098]  ? aa_sock_msg_perm+0xda/0x1b0
[ 1562.834112][T21098]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1562.834136][T21098]  ? unix_dgram_recvmsg+0xae/0xd0
[ 1562.834161][T21098]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[ 1562.834187][T21098]  sock_recvmsg+0x172/0x1b0
[ 1562.834219][T21098]  ____sys_recvmsg+0x1e6/0x4a0
[ 1562.834253][T21098]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1562.834294][T21098]  ? import_iovec+0x73/0xa0
[ 1562.834332][T21098]  ___sys_recvmsg+0x215/0x590
[ 1562.834352][T21098]  ? get_pid_task+0x20/0x1f0
[ 1562.834392][T21098]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1562.834443][T21098]  ? __fget_files+0x3a0/0x420
[ 1562.834489][T21098]  __x64_sys_recvmsg+0x1ba/0x2a0
[ 1562.834515][T21098]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1562.834550][T21098]  ? __pfx_ksys_write+0x10/0x10
[ 1562.834600][T21098]  do_syscall_64+0x14d/0xf80
[ 1562.834629][T21098]  ? trace_irq_disable+0x3b/0x150
[ 1562.834659][T21098]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.834700][T21098]  ? clear_bhb_loop+0x40/0x90
[ 1562.834727][T21098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.834749][T21098] RIP: 0033:0x7f783859c799
[ 1562.834768][T21098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1562.834788][T21098] RSP: 002b:00007f78394a7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1562.834810][T21098] RAX: ffffffffffffffda RBX: 00007f7838815fa0 RCX: 00007f783859c799
[ 1562.834826][T21098] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[ 1562.834841][T21098] RBP: 00007f78394a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1562.834855][T21098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1562.834869][T21098] R13: 00007f7838816038 R14: 00007f7838815fa0 R15: 00007ffc04988d78
[ 1562.834905][T21098]  </TASK>
[ 1563.353487][T20785] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1563.361289][T15776] Bluetooth: hci0: command tx timeout
[ 1563.464640][T21115] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18648'.
[ 1563.656887][T21129] netlink: 32 bytes leftover after parsing attributes in process `syz.1.18650'.
[ 1564.080578][T20785] veth0_vlan: entered promiscuous mode
[ 1564.120915][T20785] veth1_vlan: entered promiscuous mode
[ 1564.220107][T20785] veth0_macvtap: entered promiscuous mode
[ 1564.275969][T20785] veth1_macvtap: entered promiscuous mode
[ 1564.347855][T20785] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1564.394853][T20785] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1564.455976][   T62] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1564.478209][   T62] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1564.534056][T21165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18659'.
[ 1564.551713][   T62] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1564.586638][T21172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18659'.
[ 1564.711230][   T62] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1564.972042][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1565.013393][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1565.222868][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1565.254925][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1565.347047][T21188] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1565.779829][T21219] __nla_validate_parse: 4 callbacks suppressed
[ 1565.779852][T21219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18669'.
[ 1565.842558][T21219] xt_hashlimit: size too large, truncated to 1048576
[ 1565.856279][T21219] xt_hashlimit: overflow, try lower: 0/0
[ 1565.883975][T21219] syz_tun: entered allmulticast mode
[ 1565.951510][T21218] syz_tun: left allmulticast mode
[ 1566.523893][T21238] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input11
[ 1566.675945][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1566.685774][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1566.701800][T21245] netlink: 20 bytes leftover after parsing attributes in process `syz.4.18675'.
[ 1566.718028][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1566.728771][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1566.739000][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1566.795561][T21245] netlink: 'syz.4.18675': attribute type 1 has an invalid length.
[ 1567.000948][T21257] netlink: 28 bytes leftover after parsing attributes in process `syz.4.18675'.
[ 1567.148267][T21248] bond1 (unregistering): Released all slaves
[ 1567.766046][T21280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18681'.
[ 1567.809701][T21244] chnl_net:caif_netlink_parms(): no params data found
[ 1567.824208][T21280] xt_hashlimit: size too large, truncated to 1048576
[ 1567.852950][T21280] xt_hashlimit: overflow, try lower: 0/0
[ 1567.894933][T21280] syz_tun: entered allmulticast mode
[ 1568.130847][T21244] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1568.157292][T21244] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1568.172946][T21244] bridge_slave_0: entered allmulticast mode
[ 1568.196659][T21244] bridge_slave_0: entered promiscuous mode
[ 1568.230413][T21279] syz_tun: left allmulticast mode
[ 1568.244658][T21244] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1568.284389][T21244] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1568.291683][T21244] bridge_slave_1: entered allmulticast mode
[ 1568.320357][T21244] bridge_slave_1: entered promiscuous mode
[ 1568.425964][T21291] syzkaller0: entered promiscuous mode
[ 1568.453409][T21291] syzkaller0: entered allmulticast mode
[ 1568.552586][T21292] syzkaller1: entered promiscuous mode
[ 1568.582617][T21292] syzkaller1: entered allmulticast mode
[ 1568.597597][T21304] dvmrp1: entered allmulticast mode
[ 1568.615482][T21244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1568.639452][T21244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1568.714568][T21307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18686'.
[ 1568.779662][T21244] team0: Port device team_slave_0 added
[ 1568.802645][T15776] Bluetooth: hci4: command tx timeout
[ 1570.120968][T21244] team0: Port device team_slave_1 added
[ 1570.161079][T21244] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1570.169109][T21244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1570.196581][T21244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1570.210552][T21244] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1570.217741][T21244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1570.243770][T21244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1570.286111][T21244] hsr_slave_0: entered promiscuous mode
[ 1570.292708][T21244] hsr_slave_1: entered promiscuous mode
[ 1570.299936][T21244] debugfs: 'hsr0' already exists in 'hsr'
[ 1570.305869][T21244] Cannot create hsr debugfs directory
[ 1570.407933][T21244] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1570.493499][T21244] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1570.539506][T21244] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1570.587750][T21244] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1570.711964][T21244] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1570.721828][T21244] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1570.732215][T21244] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1570.741670][T21244] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1570.811737][T21244] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1570.834345][T21244] 8021q: adding VLAN 0 to HW filter on device team0
[ 1570.845992][ T1319] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1570.853181][ T1319] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1570.866825][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1570.874017][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1570.882857][T15776] Bluetooth: hci4: command tx timeout
[ 1571.056743][T21244] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1571.097937][T21244] veth0_vlan: entered promiscuous mode
[ 1571.111438][T21244] veth1_vlan: entered promiscuous mode
[ 1571.138823][T21244] veth0_macvtap: entered promiscuous mode
[ 1571.148588][T21244] veth1_macvtap: entered promiscuous mode
[ 1571.169378][T21244] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1571.182114][T21244] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1571.197416][ T1319] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1571.206839][ T1319] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1571.220996][ T1319] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1571.230951][ T1319] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1571.293988][ T1319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1571.309454][ T1319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1571.334922][ T3543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1571.343541][ T3543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1571.535734][ T3480] bond0: left allmulticast mode
[ 1571.540634][ T3480] bond_slave_0: left allmulticast mode
[ 1571.546805][ T3480] bond_slave_1: left allmulticast mode
[ 1571.553801][ T3480] bridge0: port 3(bond0) entered disabled state
[ 1571.562033][ T3480] bridge_slave_1: left allmulticast mode
[ 1571.568177][ T3480] bridge_slave_1: left promiscuous mode
[ 1571.574055][ T3480] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1571.585596][ T3480] ¾x9ÿ: left allmulticast mode
[ 1571.590400][ T3480] ¾x9ÿ: left promiscuous mode
[ 1571.595521][ T3480] bridge0: port 1(
1¾x9ÿ) entered disabled state
[ 1571.611437][ T3480] dvmrp0: left allmulticast mode
[ 1571.765715][ T3480] bond2 (unregistering): (slave bridge1): Releasing active interface
[ 1571.836540][ T3480] bond3 (unregistering): (slave bridge2): Releasing backup interface
[ 1571.845180][ T3480] bridge2 (unregistering): left promiscuous mode
[ 1571.851525][ T3480] bridge2 (unregistering): left allmulticast mode
[ 1571.929035][ T3480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1571.939858][ T3480] bond_slave_0: left promiscuous mode
[ 1571.947533][ T3480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1571.956649][ T3480] bond_slave_1: left promiscuous mode
[ 1571.963355][ T3480] bond0 (unregistering): Released all slaves
[ 1571.975933][ T3480] bond1 (unregistering): Released all slaves
[ 1571.990469][ T3480] bond2 (unregistering): Released all slaves
[ 1572.011600][ T3480] bond3 (unregistering): Released all slaves
[ 1572.026539][ T3480] bond4 (unregistering): Released all slaves
[ 1572.042215][ T3480] bond5 (unregistering): Released all slaves
[ 1572.407068][ T3480] hsr_slave_0: left promiscuous mode
[ 1572.413209][ T3480] hsr_slave_1: left promiscuous mode
[ 1572.419040][ T3480] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1572.427069][ T3480] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1572.435991][ T3480] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1572.443489][ T3480] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1572.457196][ T3480] veth1_macvtap: left promiscuous mode
[ 1572.462863][ T3480] veth0_macvtap: left promiscuous mode
[ 1572.614626][ T3480] team0 (unregistering): Port device team_slave_1 removed
[ 1572.629385][ T3480] team0 (unregistering): Port device team_slave_0 removed
[ 1572.963339][T15776] Bluetooth: hci4: command tx timeout
[ 1573.021157][ T3480] IPVS: stop unused estimator thread 0...
[ 1575.042512][T15776] Bluetooth: hci4: command tx timeout
[ 1575.483141][T21359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.18694'.
[ 1575.485070][T21362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18693'.
[ 1575.508589][T21357] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1500) !
[ 1575.530144][T21362] xt_hashlimit: size too large, truncated to 1048576
[ 1575.544692][T21362] xt_hashlimit: overflow, try lower: 0/0
[ 1575.554644][T21357] syzkaller0: entered promiscuous mode
[ 1575.560190][T21357] syzkaller0: entered allmulticast mode
[ 1575.586342][T21362] syz_tun: entered allmulticast mode
[ 1575.595552][T21357] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18690'.
[ 1575.641331][T21361] syz_tun: left allmulticast mode
[ 1575.716095][T21370] xt_hashlimit: size too large, truncated to 1048576
[ 1575.761653][T21372] FAULT_INJECTION: forcing a failure.
[ 1575.761653][T21372] name failslab, interval 1, probability 0, space 0, times 0
[ 1575.820401][T21372] CPU: 0 UID: 0 PID: 21372 Comm: syz.4.18696 Not tainted syzkaller #0 PREEMPT(full) 
[ 1575.820434][T21372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1575.820448][T21372] Call Trace:
[ 1575.820458][T21372]  <TASK>
[ 1575.820468][T21372]  dump_stack_lvl+0xe8/0x150
[ 1575.820505][T21372]  should_fail_ex+0x412/0x560
[ 1575.820540][T21372]  should_failslab+0xa8/0x100
[ 1575.820571][T21372]  __kmalloc_noprof+0xe8/0x760
[ 1575.820597][T21372]  ? tomoyo_encode+0x28b/0x550
[ 1575.820634][T21372]  tomoyo_encode+0x28b/0x550
[ 1575.820671][T21372]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1575.820722][T21372]  ? tomoyo_path_number_perm+0x219/0x630
[ 1575.820749][T21372]  tomoyo_path_number_perm+0x246/0x630
[ 1575.820789][T21372]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1575.820818][T21372]  ? __lock_acquire+0x6b5/0x2cf0
[ 1575.820860][T21372]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1575.820934][T21372]  ? __fget_files+0x2a/0x420
[ 1575.820974][T21372]  ? __fget_files+0x2a/0x420
[ 1575.821024][T21372]  ? __fget_files+0x3a0/0x420
[ 1575.821054][T21372]  ? __fget_files+0x2a/0x420
[ 1575.821091][T21372]  security_file_ioctl+0xc3/0x2a0
[ 1575.821118][T21372]  __se_sys_ioctl+0x47/0x170
[ 1575.821153][T21372]  do_syscall_64+0x14d/0xf80
[ 1575.821185][T21372]  ? trace_irq_disable+0x3b/0x150
[ 1575.821218][T21372]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1575.821241][T21372]  ? clear_bhb_loop+0x40/0x90
[ 1575.821269][T21372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1575.821292][T21372] RIP: 0033:0x7f12f179c799
[ 1575.821312][T21372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1575.821333][T21372] RSP: 002b:00007f12f2616028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1575.821358][T21372] RAX: ffffffffffffffda RBX: 00007f12f1a16090 RCX: 00007f12f179c799
[ 1575.821375][T21372] RDX: 0000200000000080 RSI: 0000000000008923 RDI: 000000000000000c
[ 1575.821390][T21372] RBP: 00007f12f2616090 R08: 0000000000000000 R09: 0000000000000000
[ 1575.821405][T21372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1575.821419][T21372] R13: 00007f12f1a16128 R14: 00007f12f1a16090 R15: 00007fff46e8eb28
[ 1575.821460][T21372]  </TASK>
[ 1575.821618][T21372] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1576.197940][T21379] netlink: 'syz.3.18699': attribute type 3 has an invalid length.
[ 1576.369352][T21382] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18698'.
[ 1576.385451][T21382] netlink: 44 bytes leftover after parsing attributes in process `syz.1.18698'.
[ 1577.024683][T21415] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.18709'.
[ 1577.042920][T21415] openvswitch: netlink: EtherType 0 is less than min 600
[ 1577.077314][T21415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18709'.
[ 1577.097137][T21415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18709'.
[ 1577.357569][T21424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18712'.
[ 1577.411676][T21429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18712'.
[ 1577.678056][T21435] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1578.419717][T21452] syzkaller0: entered promiscuous mode
[ 1578.435456][T21452] syzkaller0: entered allmulticast mode
[ 1578.898316][T21467] syzkaller1: entered promiscuous mode
[ 1578.911030][T21467] syzkaller1: entered allmulticast mode
[ 1579.403218][T21489] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1580.097019][T21515] x_tables: duplicate entry at hook 1
[ 1580.409322][T21526] xt_hashlimit: size too large, truncated to 1048576
[ 1580.417797][T21526] xt_hashlimit: overflow, try lower: 0/0
[ 1580.427190][T21526] syz_tun: entered allmulticast mode
[ 1580.811432][T21524] syz_tun: left allmulticast mode
[ 1581.111828][T12492] IPVS: starting estimator thread 0...
[ 1581.147410][T21545] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1581.222463][T21543] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1581.394990][T21559] __nla_validate_parse: 3 callbacks suppressed
[ 1581.395013][T21559] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.18757'.
[ 1581.525937][T19950] IPVS: starting estimator thread 0...
[ 1581.533272][T21567] FAULT_INJECTION: forcing a failure.
[ 1581.533272][T21567] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1581.566401][T21567] CPU: 0 UID: 0 PID: 21567 Comm: syz.0.18760 Not tainted syzkaller #0 PREEMPT(full) 
[ 1581.566430][T21567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1581.566445][T21567] Call Trace:
[ 1581.566453][T21567]  <TASK>
[ 1581.566464][T21567]  dump_stack_lvl+0xe8/0x150
[ 1581.566501][T21567]  should_fail_ex+0x412/0x560
[ 1581.566534][T21567]  _copy_from_user+0x2d/0xb0
[ 1581.566569][T21567]  do_ip_vs_get_ctl+0x2d2/0xe80
[ 1581.566696][T21567]  ? __pfx_do_ip_vs_get_ctl+0x10/0x10
[ 1581.566741][T21567]  ? nf_getsockopt+0x224/0x290
[ 1581.566769][T21567]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1581.566806][T21567]  ? __pfx___mutex_lock+0x10/0x10
[ 1581.566840][T21567]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1581.566895][T21567]  nf_getsockopt+0x26e/0x290
[ 1581.566926][T21567]  ip_getsockopt+0x19e/0x230
[ 1581.566956][T21567]  ? __pfx_ip_getsockopt+0x10/0x10
[ 1581.566986][T21567]  ? sock_common_getsockopt+0x2d/0xb0
[ 1581.567013][T21567]  ? raw_getsockopt+0xce/0x1f0
[ 1581.567042][T21567]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1581.567074][T21567]  do_sock_getsockopt+0x2d3/0x3f0
[ 1581.567112][T21567]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1581.567148][T21567]  ? __fget_files+0x3a0/0x420
[ 1581.567180][T21567]  ? __fget_files+0x2a/0x420
[ 1581.567220][T21567]  __x64_sys_getsockopt+0x1a4/0x240
[ 1581.567264][T21567]  do_syscall_64+0x14d/0xf80
[ 1581.567295][T21567]  ? trace_irq_disable+0x3b/0x150
[ 1581.567327][T21567]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.567351][T21567]  ? clear_bhb_loop+0x40/0x90
[ 1581.567378][T21567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.567401][T21567] RIP: 0033:0x7fdbd5b9c799
[ 1581.567421][T21567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1581.567442][T21567] RSP: 002b:00007fdbd6a60028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1581.567466][T21567] RAX: ffffffffffffffda RBX: 00007fdbd5e15fa0 RCX: 00007fdbd5b9c799
[ 1581.567483][T21567] RDX: 0000000000000483 RSI: 0000000000000000 RDI: 0000000000000003
[ 1581.567497][T21567] RBP: 00007fdbd6a60090 R08: 0000200000000180 R09: 0000000000000000
[ 1581.567511][T21567] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1581.567526][T21567] R13: 00007fdbd5e16038 R14: 00007fdbd5e15fa0 R15: 00007ffdf6e9c1e8
[ 1581.567561][T21567]  </TASK>
[ 1581.850502][T21569] IPVS: using max 25 ests per chain, 60000 per kthread
[ 1581.965359][T21579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18763'.
[ 1581.979542][T21579] xt_hashlimit: size too large, truncated to 1048576
[ 1581.986328][T21579] xt_hashlimit: overflow, try lower: 0/0
[ 1581.993621][T21579] syz_tun: entered allmulticast mode
[ 1582.056079][T21582] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18764'.
[ 1582.066369][T21578] syz_tun: left allmulticast mode
[ 1582.241395][T21587] FAULT_INJECTION: forcing a failure.
[ 1582.241395][T21587] name failslab, interval 1, probability 0, space 0, times 0
[ 1582.268619][T21587] CPU: 1 UID: 0 PID: 21587 Comm: syz.3.18766 Not tainted syzkaller #0 PREEMPT(full) 
[ 1582.268645][T21587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1582.268659][T21587] Call Trace:
[ 1582.268667][T21587]  <TASK>
[ 1582.268676][T21587]  dump_stack_lvl+0xe8/0x150
[ 1582.268710][T21587]  should_fail_ex+0x412/0x560
[ 1582.268742][T21587]  should_failslab+0xa8/0x100
[ 1582.268770][T21587]  __kmalloc_noprof+0xe8/0x760
[ 1582.268792][T21587]  ? ima_alloc_init_template+0x9a/0x700
[ 1582.268897][T21587]  ima_alloc_init_template+0x9a/0x700
[ 1582.268927][T21587]  ima_store_measurement+0x1ce/0x670
[ 1582.268949][T21587]  ? take_dentry_name_snapshot+0x29/0x500
[ 1582.268984][T21587]  ? release_dentry_name_snapshot+0x42/0xb0
[ 1582.269014][T21587]  ? __pfx_ima_store_measurement+0x10/0x10
[ 1582.269033][T21587]  ? ima_d_path+0x1cb/0x230
[ 1582.269094][T21587]  process_measurement+0x13e5/0x1c80
[ 1582.269156][T21587]  ? security_file_alloc+0x34/0x310
[ 1582.269181][T21587]  ? __pfx_process_measurement+0x10/0x10
[ 1582.269210][T21587]  ? security_file_alloc+0x34/0x310
[ 1582.269286][T21587]  ima_file_mmap+0x1b0/0x200
[ 1582.269318][T21587]  ? __pfx_ima_file_mmap+0x10/0x10
[ 1582.269354][T21587]  ? apparmor_mmap_file+0x2da/0x3e0
[ 1582.269378][T21587]  security_mmap_file+0x773/0xa20
[ 1582.269405][T21587]  vm_mmap_pgoff+0x134/0x4f0
[ 1582.269436][T21587]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 1582.269465][T21587]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1582.269491][T21587]  ? rcu_is_watching+0x15/0xb0
[ 1582.269519][T21587]  ? hugetlbfs_get_inode+0x448/0x690
[ 1582.269557][T21587]  ? hugetlb_file_setup+0x42c/0x630
[ 1582.269584][T21587]  ksys_mmap_pgoff+0x586/0x760
[ 1582.269621][T21587]  do_syscall_64+0x14d/0xf80
[ 1582.269650][T21587]  ? trace_irq_disable+0x3b/0x150
[ 1582.269679][T21587]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.269700][T21587]  ? clear_bhb_loop+0x40/0x90
[ 1582.269726][T21587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.269746][T21587] RIP: 0033:0x7f9ff299c799
[ 1582.269783][T21587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1582.269801][T21587] RSP: 002b:00007f9ff0bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1582.269842][T21587] RAX: ffffffffffffffda RBX: 00007f9ff2c15fa0 RCX: 00007f9ff299c799
[ 1582.269858][T21587] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000200000
[ 1582.269872][T21587] RBP: 00007f9ff0bf6090 R08: ffffffffffffffff R09: 0000000000000000
[ 1582.269887][T21587] R10: 000200000006c832 R11: 0000000000000246 R12: 0000000000000002
[ 1582.269901][T21587] R13: 00007f9ff2c16038 R14: 00007f9ff2c15fa0 R15: 00007ffc38d07ed8
[ 1582.269938][T21587]  </TASK>
[ 1582.271829][   T30] audit: type=1804 audit(1773699866.090:3): pid=21587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.18766" name="anon_hugepage" dev="hugetlbfs" ino=241161 res=0 errno=0
[ 1588.271996][T21617] FAULT_INJECTION: forcing a failure.
[ 1588.271996][T21617] name failslab, interval 1, probability 0, space 0, times 0
[ 1588.296850][T21617] CPU: 0 UID: 0 PID: 21617 Comm: syz.2.18770 Not tainted syzkaller #0 PREEMPT(full) 
[ 1588.296877][T21617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1588.296890][T21617] Call Trace:
[ 1588.296906][T21617]  <TASK>
[ 1588.296914][T21617]  dump_stack_lvl+0xe8/0x150
[ 1588.296947][T21617]  should_fail_ex+0x412/0x560
[ 1588.296977][T21617]  should_failslab+0xa8/0x100
[ 1588.297001][T21617]  ? skb_clone+0x212/0x3a0
[ 1588.297022][T21617]  kmem_cache_alloc_noprof+0x87/0x650
[ 1588.297041][T21617]  ? apparmor_capable+0x126/0x170
[ 1588.297076][T21617]  skb_clone+0x212/0x3a0
[ 1588.297095][T21617]  ? nfnetlink_rcv+0x4b0/0x27b0
[ 1588.297120][T21617]  nfnetlink_rcv+0x4e2/0x27b0
[ 1588.297154][T21617]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1588.297181][T21617]  ? __dev_queue_xmit+0x28b/0x3870
[ 1588.297200][T21617]  ? __local_bh_enable_ip+0xd0/0x130
[ 1588.297225][T21617]  ? __dev_queue_xmit+0x1efe/0x3870
[ 1588.297244][T21617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.297274][T21617]  ? __dev_queue_xmit+0x28b/0x3870
[ 1588.297296][T21617]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1588.297333][T21617]  ? ref_tracker_free+0x693/0x840
[ 1588.297357][T21617]  ? __copy_skb_header+0xa3/0x4a0
[ 1588.297377][T21617]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1588.297402][T21617]  ? __skb_clone+0x63/0x7a0
[ 1588.297425][T21617]  ? __skb_clone+0x483/0x7a0
[ 1588.297450][T21617]  ? skb_clone+0x246/0x3a0
[ 1588.297472][T21617]  ? __netlink_deliver_tap+0x807/0x850
[ 1588.297499][T21617]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1588.297540][T21617]  netlink_unicast+0x80f/0x9b0
[ 1588.297572][T21617]  ? __pfx_netlink_unicast+0x10/0x10
[ 1588.297597][T21617]  ? netlink_sendmsg+0x650/0xb40
[ 1588.297621][T21617]  ? skb_put+0x11b/0x210
[ 1588.297652][T21617]  netlink_sendmsg+0x813/0xb40
[ 1588.297687][T21617]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1588.297716][T21617]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1588.297742][T21617]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1588.297767][T21617]  ____sys_sendmsg+0x972/0x9f0
[ 1588.297794][T21617]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1588.297822][T21617]  ? import_iovec+0x73/0xa0
[ 1588.297859][T21617]  ___sys_sendmsg+0x2a5/0x360
[ 1588.297913][T21617]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1588.297974][T21617]  ? __fget_files+0x2a/0x420
[ 1588.298006][T21617]  ? __fget_files+0x3a0/0x420
[ 1588.298049][T21617]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1588.298076][T21617]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1588.298109][T21617]  ? __pfx_ksys_write+0x10/0x10
[ 1588.298145][T21617]  do_syscall_64+0x14d/0xf80
[ 1588.298177][T21617]  ? trace_irq_disable+0x3b/0x150
[ 1588.298208][T21617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.298231][T21617]  ? clear_bhb_loop+0x40/0x90
[ 1588.298259][T21617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.298281][T21617] RIP: 0033:0x7f783859c799
[ 1588.298301][T21617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1588.298320][T21617] RSP: 002b:00007f78394a7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1588.298345][T21617] RAX: ffffffffffffffda RBX: 00007f7838815fa0 RCX: 00007f783859c799
[ 1588.298362][T21617] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1588.298376][T21617] RBP: 00007f78394a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1588.298390][T21617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1588.298404][T21617] R13: 00007f7838816038 R14: 00007f7838815fa0 R15: 00007ffc04988d78
[ 1588.298439][T21617]  </TASK>
[ 1588.725336][T21626] sctp: [Deprecated]: syz.3.18773 (pid 21626) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1588.725336][T21626] Use struct sctp_sack_info instead
[ 1589.052992][T21644] netlink: 48 bytes leftover after parsing attributes in process `syz.3.18780'.
[ 1589.229129][T21651] ip6gretap0: entered promiscuous mode
[ 1589.288272][T21657] netlink: 28 bytes leftover after parsing attributes in process `syz.4.18783'.
[ 1589.304070][T21651] netlink: 56 bytes leftover after parsing attributes in process `syz.1.18782'.
[ 1589.388164][T21651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18782'.
[ 1589.496891][T21670] netlink: 830 bytes leftover after parsing attributes in process `syz.2.18788'.
[ 1589.640897][T21673] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[ 1589.718649][T21679] Cannot find map_set index 135 as target
[ 1589.851891][T21683] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18791'.
[ 1590.319745][T21696] xt_CONNSECMARK: invalid mode: 254
[ 1590.481911][T21704] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18797'.
[ 1590.514384][T21706] netlink: 'syz.4.18799': attribute type 1 has an invalid length.
[ 1590.619903][T21715] netlink: 'syz.0.18803': attribute type 10 has an invalid length.
[ 1590.629286][T21715] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1590.636967][T21715] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1590.656525][T21716] delete_channel: no stack
[ 1590.663880][T21715] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1590.671116][T21715] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1590.678638][T21715] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1590.685869][T21715] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1590.717085][T21715] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1590.823027][T21725] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18808'.
[ 1590.973445][T21735] syzkaller1: entered promiscuous mode
[ 1590.980360][T21735] syzkaller1: entered allmulticast mode
[ 1591.119040][T21744] netlink: 28 bytes leftover after parsing attributes in process `syz.1.18814'.
[ 1591.297536][T21754] netlink: 20 bytes leftover after parsing attributes in process `syz.0.18820'.
[ 1591.377206][ T1319] nci: nci_ntf_packet: unsupported ntf opcode 0xf04
[ 1592.757644][T21792] chnl_net:caif_netlink_parms(): no params data found
[ 1594.224006][T21755] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1594.393051][T21802] FAULT_INJECTION: forcing a failure.
[ 1594.393051][T21802] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1594.444191][T21802] CPU: 0 UID: 0 PID: 21802 Comm: syz.4.18828 Not tainted syzkaller #0 PREEMPT(full) 
[ 1594.444223][T21802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1594.444238][T21802] Call Trace:
[ 1594.444248][T21802]  <TASK>
[ 1594.444258][T21802]  dump_stack_lvl+0xe8/0x150
[ 1594.444312][T21802]  should_fail_ex+0x412/0x560
[ 1594.444348][T21802]  _copy_from_user+0x2d/0xb0
[ 1594.444385][T21802]  ___sys_sendmsg+0x1c6/0x360
[ 1594.444414][T21802]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1594.444438][T21802]  ? kstrtouint+0x6e/0xe0
[ 1594.444487][T21802]  ? __fget_files+0x2a/0x420
[ 1594.444516][T21802]  ? __fget_files+0x3a0/0x420
[ 1594.444555][T21802]  __sys_sendmmsg+0x27c/0x4e0
[ 1594.444580][T21802]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1594.444598][T21802]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1594.444653][T21802]  ? ksys_write+0x242/0x270
[ 1594.444676][T21802]  ? __pfx_ksys_write+0x10/0x10
[ 1594.444704][T21802]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1594.444726][T21802]  do_syscall_64+0x14d/0xf80
[ 1594.444756][T21802]  ? trace_irq_disable+0x3b/0x150
[ 1594.444788][T21802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1594.444811][T21802]  ? clear_bhb_loop+0x40/0x90
[ 1594.444846][T21802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1594.444866][T21802] RIP: 0033:0x7f12f179c799
[ 1594.444886][T21802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1594.444905][T21802] RSP: 002b:00007f12f2637028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1594.444927][T21802] RAX: ffffffffffffffda RBX: 00007f12f1a15fa0 RCX: 00007f12f179c799
[ 1594.444942][T21802] RDX: 0000000000000001 RSI: 0000200000005200 RDI: 0000000000000003
[ 1594.444957][T21802] RBP: 00007f12f2637090 R08: 0000000000000000 R09: 0000000000000000
[ 1594.444971][T21802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1594.444984][T21802] R13: 00007f12f1a16038 R14: 00007f12f1a15fa0 R15: 00007fff46e8eb28
[ 1594.445018][T21802]  </TASK>
[ 1594.676948][T21812] pim6reg: entered allmulticast mode
[ 1594.737265][T21813] pim6reg: left allmulticast mode
[ 1595.180660][T21839] veth1: entered promiscuous mode
[ 1595.189820][T21839] veth1: entered allmulticast mode
[ 1595.227246][T21844] __nla_validate_parse: 1 callbacks suppressed
[ 1595.227266][T21844] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18843'.
[ 1595.247774][T21844] xt_hashlimit: size too large, truncated to 1048576
[ 1595.254857][T21844] xt_hashlimit: overflow, try lower: 0/0
[ 1595.261927][T21844] syz_tun: entered allmulticast mode
[ 1595.297244][T21842] syz_tun: left allmulticast mode
[ 1596.124962][T21887] SET target dimension over the limit!
[ 1598.750967][T21872] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1599.390619][T21932] FAULT_INJECTION: forcing a failure.
[ 1599.390619][T21932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1599.432550][T21932] CPU: 0 UID: 0 PID: 21932 Comm: syz.4.18870 Not tainted syzkaller #0 PREEMPT(full) 
[ 1599.432578][T21932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1599.432591][T21932] Call Trace:
[ 1599.432600][T21932]  <TASK>
[ 1599.432609][T21932]  dump_stack_lvl+0xe8/0x150
[ 1599.432642][T21932]  should_fail_ex+0x412/0x560
[ 1599.432674][T21932]  _copy_from_iter+0x1d3/0x1670
[ 1599.432704][T21932]  ? rcu_is_watching+0x15/0xb0
[ 1599.432737][T21932]  ? __pfx__copy_from_iter+0x10/0x10
[ 1599.432772][T21932]  ? netlink_sendmsg+0x650/0xb40
[ 1599.432800][T21932]  ? skb_put+0x11b/0x210
[ 1599.432834][T21932]  netlink_sendmsg+0x6c0/0xb40
[ 1599.432880][T21932]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1599.432912][T21932]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1599.432941][T21932]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1599.432968][T21932]  ____sys_sendmsg+0x972/0x9f0
[ 1599.432997][T21932]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1599.433026][T21932]  ? import_iovec+0x73/0xa0
[ 1599.433059][T21932]  ___sys_sendmsg+0x2a5/0x360
[ 1599.433085][T21932]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1599.433138][T21932]  ? __fget_files+0x2a/0x420
[ 1599.433168][T21932]  ? __fget_files+0x3a0/0x420
[ 1599.433207][T21932]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1599.433230][T21932]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1599.433260][T21932]  ? __pfx_ksys_write+0x10/0x10
[ 1599.433294][T21932]  do_syscall_64+0x14d/0xf80
[ 1599.433323][T21932]  ? trace_irq_disable+0x3b/0x150
[ 1599.433350][T21932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.433371][T21932]  ? clear_bhb_loop+0x40/0x90
[ 1599.433396][T21932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.433417][T21932] RIP: 0033:0x7f12f179c799
[ 1599.433436][T21932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1599.433455][T21932] RSP: 002b:00007f12f2637028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1599.433477][T21932] RAX: ffffffffffffffda RBX: 00007f12f1a15fa0 RCX: 00007f12f179c799
[ 1599.433503][T21932] RDX: 000000000400c0d4 RSI: 0000200000000000 RDI: 0000000000000003
[ 1599.433516][T21932] RBP: 00007f12f2637090 R08: 0000000000000000 R09: 0000000000000000
[ 1599.433527][T21932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1599.433538][T21932] R13: 00007f12f1a16038 R14: 00007f12f1a15fa0 R15: 00007fff46e8eb28
[ 1599.433567][T21932]  </TASK>
[ 1599.801858][T21938] FAULT_INJECTION: forcing a failure.
[ 1599.801858][T21938] name failslab, interval 1, probability 0, space 0, times 0
[ 1599.814586][T21938] CPU: 0 UID: 0 PID: 21938 Comm: syz.0.18872 Not tainted syzkaller #0 PREEMPT(full) 
[ 1599.814614][T21938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1599.814629][T21938] Call Trace:
[ 1599.814639][T21938]  <TASK>
[ 1599.814648][T21938]  dump_stack_lvl+0xe8/0x150
[ 1599.814683][T21938]  should_fail_ex+0x412/0x560
[ 1599.814720][T21938]  should_failslab+0xa8/0x100
[ 1599.814748][T21938]  ? skb_clone+0x212/0x3a0
[ 1599.814771][T21938]  kmem_cache_alloc_noprof+0x87/0x650
[ 1599.814794][T21938]  ? lock_acquire+0xf0/0x2e0
[ 1599.814829][T21938]  skb_clone+0x212/0x3a0
[ 1599.814850][T21938]  ? dev_queue_xmit_nit+0x268/0xad0
[ 1599.814886][T21938]  dev_queue_xmit_nit+0x29a/0xad0
[ 1599.814939][T21938]  ? dev_queue_xmit_nit+0x2d/0xad0
[ 1599.814981][T21938]  dev_hard_start_xmit+0x1cf/0x870
[ 1599.815021][T21938]  __dev_queue_xmit+0x1557/0x3870
[ 1599.815043][T21938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.815078][T21938]  ? __dev_queue_xmit+0x28b/0x3870
[ 1599.815113][T21938]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1599.815146][T21938]  ? __copy_skb_header+0xa3/0x4a0
[ 1599.815169][T21938]  ? __asan_memcpy+0x40/0x70
[ 1599.815187][T21938]  ? __skb_clone+0x63/0x7a0
[ 1599.815214][T21938]  ? __skb_clone+0x483/0x7a0
[ 1599.815242][T21938]  ? skb_clone+0x246/0x3a0
[ 1599.815268][T21938]  __netlink_deliver_tap+0x5ad/0x850
[ 1599.815312][T21938]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1599.815344][T21938]  netlink_deliver_tap+0x19c/0x1b0
[ 1599.815375][T21938]  netlink_unicast+0x7e3/0x9b0
[ 1599.815411][T21938]  ? __pfx_netlink_unicast+0x10/0x10
[ 1599.815440][T21938]  ? netlink_sendmsg+0x650/0xb40
[ 1599.815470][T21938]  ? skb_put+0x11b/0x210
[ 1599.815507][T21938]  netlink_sendmsg+0x813/0xb40
[ 1599.815547][T21938]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1599.815581][T21938]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1599.815612][T21938]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1599.815640][T21938]  ____sys_sendmsg+0x972/0x9f0
[ 1599.815672][T21938]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1599.815703][T21938]  ? import_iovec+0x73/0xa0
[ 1599.815740][T21938]  ___sys_sendmsg+0x2a5/0x360
[ 1599.815769][T21938]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1599.815828][T21938]  ? __fget_files+0x2a/0x420
[ 1599.815859][T21938]  ? __fget_files+0x3a0/0x420
[ 1599.815900][T21938]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1599.815931][T21938]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1599.815964][T21938]  ? __pfx_ksys_write+0x10/0x10
[ 1599.816000][T21938]  do_syscall_64+0x14d/0xf80
[ 1599.816031][T21938]  ? trace_irq_disable+0x3b/0x150
[ 1599.816062][T21938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.816084][T21938]  ? clear_bhb_loop+0x40/0x90
[ 1599.816111][T21938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.816133][T21938] RIP: 0033:0x7fdbd5b9c799
[ 1599.816154][T21938] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1599.816172][T21938] RSP: 002b:00007fdbd6a60028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1599.816195][T21938] RAX: ffffffffffffffda RBX: 00007fdbd5e15fa0 RCX: 00007fdbd5b9c799
[ 1599.816211][T21938] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1599.816225][T21938] RBP: 00007fdbd6a60090 R08: 0000000000000000 R09: 0000000000000000
[ 1599.816239][T21938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1599.816252][T21938] R13: 00007fdbd5e16038 R14: 00007fdbd5e15fa0 R15: 00007ffdf6e9c1e8
[ 1599.816287][T21938]  </TASK>
[ 1607.569896][T21986] tipc: Started in network mode
[ 1607.587716][T21985] xt_CT: No such helper "pptp"
[ 1607.591600][T21986] tipc: Node identity ff, cluster identity 4711
[ 1607.612430][T21986] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1607.840508][T22001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18883'.
[ 1607.933434][T22001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18883'.
[ 1607.962143][T22001] netlink: 'syz.1.18883': attribute type 14 has an invalid length.
[ 1607.985729][T22001] netlink: 'syz.1.18883': attribute type 12 has an invalid length.
[ 1608.092773][T22019] netlink: 'syz.4.18889': attribute type 5 has an invalid length.
[ 1608.121949][T22017] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18888'.
[ 1608.139179][T22017] 8021q: VLANs not supported on caif0
[ 1608.385209][T22034] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18896'.
[ 1608.413604][T22034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18896'.
[ 1608.440036][T22039] syzkaller0: entered promiscuous mode
[ 1608.447838][T22034] netlink: 'syz.4.18896': attribute type 18 has an invalid length.
[ 1608.454589][T22038] netlink: 'syz.0.18895': attribute type 4 has an invalid length.
[ 1608.456608][T22039] syzkaller0: entered allmulticast mode
[ 1608.506059][T22038] netlink: 228 bytes leftover after parsing attributes in process `syz.0.18895'.
[ 1608.747997][T22049] 
[ 1608.750382][T22049] ======================================================
[ 1608.757428][T22049] WARNING: possible circular locking dependency detected
[ 1608.764479][T22049] syzkaller #0 Not tainted
[ 1608.768915][T22049] ------------------------------------------------------
[ 1608.775955][T22049] syz.4.18901/22049 is trying to acquire lock:
[ 1608.782123][T22049] ffffffff8fd42738 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_ioctl+0x40c/0xf90
[ 1608.791504][T22049] 
[ 1608.791504][T22049] but task is already holding lock:
[ 1608.798915][T22049] ffff88807b7fcf70 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_ioctl+0x215/0xf90
[ 1608.808195][T22049] 
[ 1608.808195][T22049] which lock already depends on the new lock.
[ 1608.808195][T22049] 
[ 1608.818622][T22049] 
[ 1608.818622][T22049] the existing dependency chain (in reverse order) is:
[ 1608.827650][T22049] 
[ 1608.827650][T22049] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[ 1608.835677][T22049]        _raw_spin_lock_bh+0x36/0x50
[ 1608.841012][T22049]        nr_rt_device_down+0x153/0x860
[ 1608.846512][T22049]        nr_device_event+0x137/0x150
[ 1608.851837][T22049]        notifier_call_chain+0x1be/0x400
[ 1608.857522][T22049]        netif_close_many+0x2ae/0x420
[ 1608.862959][T22049]        netif_close+0x160/0x220
[ 1608.867938][T22049]        dev_close+0x10a/0x220
[ 1608.872767][T22049]        bpq_device_event+0x377/0x6a0
[ 1608.878304][T22049]        notifier_call_chain+0x1be/0x400
[ 1608.883983][T22049]        netif_close_many+0x2ae/0x420
[ 1608.889402][T22049]        netif_close+0x160/0x220
[ 1608.894377][T22049]        dev_close+0x10a/0x220
[ 1608.899206][T22049]        bond_setup_by_slave+0x5f/0x3e0
[ 1608.904843][T22049]        bond_enslave+0x847/0x3c10
[ 1608.909982][T22049]        bond_do_ioctl+0x6ec/0x8d0
[ 1608.915141][T22049]        dev_ifsioc+0x961/0x1280
[ 1608.920127][T22049]        dev_ioctl+0x7b4/0x1150
[ 1608.925019][T22049]        sock_do_ioctl+0x23e/0x320
[ 1608.930166][T22049]        sock_ioctl+0x5c6/0x7f0
[ 1608.935111][T22049]        __se_sys_ioctl+0xfc/0x170
[ 1608.940255][T22049]        do_syscall_64+0x14d/0xf80
[ 1608.945419][T22049]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1608.951955][T22049] 
[ 1608.951955][T22049] -> #1 (nr_node_list_lock){+...}-{3:3}:
[ 1608.959835][T22049]        _raw_spin_lock_bh+0x36/0x50
[ 1608.965188][T22049]        nr_rt_device_down+0xbe/0x860
[ 1608.970605][T22049]        nr_device_event+0x137/0x150
[ 1608.975929][T22049]        notifier_call_chain+0x1be/0x400
[ 1608.981618][T22049]        netif_close_many+0x2ae/0x420
[ 1608.987033][T22049]        netif_close+0x160/0x220
[ 1608.991999][T22049]        dev_close+0x10a/0x220
[ 1608.996791][T22049]        bpq_device_event+0x377/0x6a0
[ 1609.002178][T22049]        notifier_call_chain+0x1be/0x400
[ 1609.007843][T22049]        netif_close_many+0x2ae/0x420
[ 1609.013241][T22049]        netif_close+0x160/0x220
[ 1609.018214][T22049]        dev_close+0x10a/0x220
[ 1609.023003][T22049]        bond_setup_by_slave+0x5f/0x3e0
[ 1609.028566][T22049]        bond_enslave+0x847/0x3c10
[ 1609.033693][T22049]        bond_do_ioctl+0x6ec/0x8d0
[ 1609.038831][T22049]        dev_ifsioc+0x961/0x1280
[ 1609.043793][T22049]        dev_ioctl+0x7b4/0x1150
[ 1609.048671][T22049]        sock_do_ioctl+0x23e/0x320
[ 1609.053798][T22049]        sock_ioctl+0x5c6/0x7f0
[ 1609.058702][T22049]        __se_sys_ioctl+0xfc/0x170
[ 1609.063837][T22049]        do_syscall_64+0x14d/0xf80
[ 1609.068975][T22049]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1609.075402][T22049] 
[ 1609.075402][T22049] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[ 1609.083330][T22049]        __lock_acquire+0x15a5/0x2cf0
[ 1609.088725][T22049]        lock_acquire+0xf0/0x2e0
[ 1609.093677][T22049]        _raw_spin_lock_bh+0x36/0x50
[ 1609.098979][T22049]        nr_rt_ioctl+0x40c/0xf90
[ 1609.103937][T22049]        sock_do_ioctl+0x101/0x320
[ 1609.109070][T22049]        sock_ioctl+0x5c6/0x7f0
[ 1609.113936][T22049]        __se_sys_ioctl+0xfc/0x170
[ 1609.119062][T22049]        do_syscall_64+0x14d/0xf80
[ 1609.124200][T22049]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1609.130633][T22049] 
[ 1609.130633][T22049] other info that might help us debug this:
[ 1609.130633][T22049] 
[ 1609.140872][T22049] Chain exists of:
[ 1609.140872][T22049]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[ 1609.140872][T22049] 
[ 1609.154754][T22049]  Possible unsafe locking scenario:
[ 1609.154754][T22049] 
[ 1609.162228][T22049]        CPU0                    CPU1
[ 1609.167654][T22049]        ----                    ----
[ 1609.173033][T22049]   lock(&nr_node->node_lock);
[ 1609.177809][T22049]                                lock(nr_node_list_lock);
[ 1609.184957][T22049]                                lock(&nr_node->node_lock);
[ 1609.192256][T22049]   lock(nr_neigh_list_lock);
[ 1609.196955][T22049] 
[ 1609.196955][T22049]  *** DEADLOCK ***
[ 1609.196955][T22049] 
[ 1609.205108][T22049] 2 locks held by syz.4.18901/22049:
[ 1609.210430][T22049]  #0: ffffffff8fd42798 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_ioctl+0x15f/0xf90
[ 1609.219972][T22049]  #1: ffff88807b7fcf70 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_ioctl+0x215/0xf90
[ 1609.229671][T22049] 
[ 1609.229671][T22049] stack backtrace:
[ 1609.235581][T22049] CPU: 1 UID: 0 PID: 22049 Comm: syz.4.18901 Not tainted syzkaller #0 PREEMPT(full) 
[ 1609.235604][T22049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1609.235617][T22049] Call Trace:
[ 1609.235626][T22049]  <TASK>
[ 1609.235635][T22049]  dump_stack_lvl+0xe8/0x150
[ 1609.235664][T22049]  print_circular_bug+0x2e1/0x300
[ 1609.235695][T22049]  check_noncircular+0x12e/0x150
[ 1609.235725][T22049]  __lock_acquire+0x15a5/0x2cf0
[ 1609.235750][T22049]  ? kasan_save_track+0x4f/0x80
[ 1609.235777][T22049]  lock_acquire+0xf0/0x2e0
[ 1609.235798][T22049]  ? nr_rt_ioctl+0x40c/0xf90
[ 1609.235826][T22049]  ? nr_rt_ioctl+0x40c/0xf90
[ 1609.235849][T22049]  _raw_spin_lock_bh+0x36/0x50
[ 1609.235875][T22049]  ? nr_rt_ioctl+0x40c/0xf90
[ 1609.235899][T22049]  nr_rt_ioctl+0x40c/0xf90
[ 1609.235928][T22049]  ? __pfx_nr_rt_ioctl+0x10/0x10
[ 1609.235957][T22049]  ? apparmor_capable+0x126/0x170
[ 1609.235989][T22049]  ? capable+0x88/0xe0
[ 1609.236012][T22049]  ? nr_ioctl+0x1b1/0x3b0
[ 1609.236034][T22049]  sock_do_ioctl+0x101/0x320
[ 1609.236057][T22049]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1609.236077][T22049]  ? do_futex+0x395/0x420
[ 1609.236105][T22049]  sock_ioctl+0x5c6/0x7f0
[ 1609.236126][T22049]  ? __pfx_sock_ioctl+0x10/0x10
[ 1609.236147][T22049]  ? __fget_files+0x2a/0x420
[ 1609.236174][T22049]  ? __fget_files+0x3a0/0x420
[ 1609.236199][T22049]  ? __fget_files+0x2a/0x420
[ 1609.236227][T22049]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1609.236249][T22049]  ? __pfx_sock_ioctl+0x10/0x10
[ 1609.236269][T22049]  __se_sys_ioctl+0xfc/0x170
[ 1609.236291][T22049]  do_syscall_64+0x14d/0xf80
[ 1609.236316][T22049]  ? trace_irq_disable+0x3b/0x150
[ 1609.236344][T22049]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1609.236470][T22049]  ? clear_bhb_loop+0x40/0x90
[ 1609.236492][T22049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1609.236511][T22049] RIP: 0033:0x7f12f179c799
[ 1609.236529][T22049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1609.236545][T22049] RSP: 002b:00007f12f2637028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1609.236565][T22049] RAX: ffffffffffffffda RBX: 00007f12f1a15fa0 RCX: 00007f12f179c799
[ 1609.236579][T22049] RDX: 0000000000000000 RSI: 00000000000089e2 RDI: 000000000000000a
[ 1609.236590][T22049] RBP: 00007f12f1832c99 R08: 0000000000000000 R09: 0000000000000000
[ 1609.236613][T22049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1609.236624][T22049] R13: 00007f12f1a16038 R14: 00007f12f1a15fa0 R15: 00007fff46e8eb28
[ 1609.236643][T22049]  </TASK>