last executing test programs:

12.008932346s ago: executing program 1 (id=4046):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0x6, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x5, 0xfffffffb}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r7, 0x0, r8, 0x0, 0xf3a, 0x0)
write$cgroup_pid(r8, &(0x7f0000000000), 0xffffff98)
unshare(0x20000400) (async)
vmsplice(r8, &(0x7f0000000440)=[{&(0x7f0000000240)="f9", 0x1}], 0x1, 0xf)
splice(r7, 0x0, r8, 0x0, 0xc, 0x4)
write(r6, 0x0, 0x0)
write(r5, &(0x7f0000000000)="240000001a005f0214f9f407000901000000000000000005000000000800040001000000", 0x24)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000002c0)={"6b2f3b6aff9bc2f1af59106a2a1667f8", 0x0, 0x0, {0x9, 0x9d5b}, {0xd, 0x41}, 0xffff, [0xde99, 0xb, 0xc, 0xc4, 0x43, 0xfffffffffffffffb, 0x28, 0x1, 0x7fffffffffffffff, 0x7ffffffffffffffb, 0x9, 0x5, 0x6, 0x8, 0x7, 0x8]})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000200)={0x60000000}) (async, rerun: 64)
write$cgroup_subtree(r4, &(0x7f0000000280)=ANY=[], 0x10448) (rerun: 64)
socketpair(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff}) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r10}, &(0x7f0000000040), &(0x7f0000000140)=r9}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)=r9}, 0x20)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000003, 0x2010, r4, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x11fe726f7e78fcf0}, 0x28) (async, rerun: 64)
close(r2) (async, rerun: 64)
write(r0, 0x0, 0x0) (async)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000007, 0x31, r3, 0x0) (async, rerun: 64)
r11 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r11, 0x6b, 0x4, 0xffffffffffffffff, &(0x7f0000000080))

11.63678494s ago: executing program 1 (id=4047):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000001500010300000000000000000c00000008000100", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x4000000}, 0x6b7e369c6a3738ea)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
read$rfkill(0xffffffffffffffff, &(0x7f0000001780), 0x8)
epoll_create1(0x0)
r2 = socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64, @ANYRES32, @ANYRES8=r2, @ANYRES32=0x0, @ANYRES32, @ANYRES16=r2], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x4, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0xfffffffffffffe1e, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, 0xffffffffffffffff, 0x1b, 0x0, @val=@target_btf_id=0xffffffffffffffff}, 0x14)
socket$inet(0x2, 0x80001, 0x84)
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="87640000000000006111480000000000850000008b00000095000000000000008911a497f879aa69cd74ff97dd8314ae55f5316d4591fc84fed9cd082ece7b472d10c335c3b19359e9e45e90c1e7da578cd06f5c3b58eac3324efd57cc4d4da91249da7cf61538b51abf570b0600a98e3aedb37260e5e9dabd7619dc10431e2850fc4e5f50c66208815d2cf72014f20df3e20a9d0cf0bc9ff55fdf30b03aecd504b038"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)
r4 = socket$inet6(0x10, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0)
write(r4, &(0x7f0000000040)="1c00000021002551071c0165ff00fc020200000003100f000ee1000c", 0x1c)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="700200001b00000328bd7000ffdbdf25ac1414aa00000000000000000000000000000000000000000000ffff0a0101004e2101ff4e2400000200a08087000000", @ANYRES64=r0, @ANYRES32, @ANYBLOB="0800000000000000ff7f0000000000000100000000000000080000000000000001000000000000008000000000000000000400000000000006000000000000000700000000000000fffffffbffffffff1200000000000000070000000000000002feffffff6b6e000201020300000000050000000000000008001e000600000010000500e0000001000000000000000000000000000004d44800000008000000ac1414bb0000000000000000524f2b7b04ec3a3d4b80e7000000000000000002026f0004000000030000006dce0000ac1414bb0000000000000000000000000000d6ff0000000a00000000000000000000000000ffff000000000735000003000000ff0f00000000000006000000ac1414320000000000005fe000000000000004d40400000002000000ac1414aa000000000000000000008a0000073500000003000005000000ffffff7f05000000e4000600e0000001000000000000000000000000fe8000000000000000000000000000aa4e2200024e21000302000000110000008cea133d6f16a41541f47f5b26e9eb221aedec8dad6434e31f10c998c43e002c43c538ed5f0bcf737bc30139bafc3063a9", @ANYRESOCT=r1, @ANYRES16, @ANYBLOB="00000000000000000000000000000000000004d433000000fc0000000000000000000000000000000400000000000000faffffffffffffff00000000000000000f000000000000000800000000000000ff070000000000000100000000000000000100000000000008000000000000000180000000000000030000000000000000000000900000000700000002000000310c000028bd700000350000020003070800000000000000"], 0x270}, 0x1, 0x0, 0x0, 0x4c010}, 0x48040)
r6 = socket(0x1e, 0x4, 0x0)
recvmsg$unix(r6, 0x0, 0x20)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r7)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)

11.213187359s ago: executing program 1 (id=4052):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="04000000041401"], 0x20}, 0x1, 0x0, 0x0, 0x4008055}, 0x0)

11.001006657s ago: executing program 2 (id=4053):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f000000ae00), 0xffffffffffffffff) (async, rerun: 32)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f000000b200)={0x0, 0x0, &(0x7f000000b1c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf25320000000800030036eadbb3fbdd0db5fcb9112a6d2102b42eba0679ae22cf0b926054611128da9ca9d83f54225cb9b29cf052ed3a022ff7931fdc125fbb2795a8bcc914efff4f31e74f70d918", @ANYRES32=0x0, @ANYBLOB="0c009900050000004d000000"], 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x0) (async)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000071180a000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010c300000000033e0000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000000000000010009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50afdff0000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)

10.979945688s ago: executing program 1 (id=4054):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000000000000000100009308"], 0x0, 0x32, 0x0, 0xa, 0x2}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e0000006700000008000000ad00000008680100", @ANYRES32=0x1, @ANYBLOB="8100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300000003000000040000000500"/24, @ANYRES32, @ANYBLOB="09307d6a0e148981ad707c8109465f716c65be6e8570487e585dcd7d60c83a6c4c8361062446f4f5bc5c58562c"], 0x50)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000305000000000020000000000000", @ANYRES32=0x0, @ANYBLOB="15e3000000000000140012800c0001006d61637674617000", @ANYRES32, @ANYBLOB="0a0001"], 0x48}}, 0x0)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000002030108000000b3"], 0x14}, 0x1, 0x0, 0x0, 0x40049d1}, 0x9bd2e45169aa59f0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1100000004000000040000000600000000000000", @ANYRES32=0x1, @ANYBLOB="fcffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000003ccc4bb6b561edbedd94fa9712163d00"/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e99d86", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
r5 = socket$rds(0x15, 0x5, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bind$rds(r5, &(0x7f00000000c0)={0xa}, 0x1c)

10.752588561s ago: executing program 2 (id=4055):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x9}], 0x40002e9, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'dummy0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)
unshare(0x22020600)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e22, 0x3, 'lc\x00', 0x24, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xc9, 0x12d5f, 0x3}}, 0x44)
r5 = socket$kcm(0x2b, 0x1, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f00000001c0)=':', 0x0}, 0x20)
sendmsg$inet(r5, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000001c0), 0x2, 0xffffffffffffffff, 0x4}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="130000000700000002"], 0x48)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x890b, &(0x7f0000000100))
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{}, [@TCA_NETEM_RATE={0x14, 0xe}]}}}]}, 0x60}}, 0x0)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r8, &(0x7f0000000000)={0x2a, 0x2, 0x4000}, 0xc)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)

10.241551856s ago: executing program 2 (id=4058):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x60, r1, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8, 0x40}}}}, [@NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x6}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x9}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x3}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000814)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)="1400000016000b63d2b947468b041c031193e473", 0x14}], 0x1}, 0x0)

9.931974112s ago: executing program 2 (id=4062):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000000)={0x24, @long}, 0x8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190009002dbd7000fedbdf2502202000ff02ff02001a00000c00090008002810", @ANYRES32, @ANYBLOB="08000100ac1414aa"], 0x30}, 0x1, 0x0, 0x0, 0x448d0}, 0x1000)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000a0000000900010073797a30000000004c000000030a010200000000000000000a0000000900010073797a30000000000900030073797a31000000000a000700736f75746500000014000480080001"], 0x94}}, 0x0)
r3 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x8}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x20080880)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x10, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000001000000950000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000128850000007600000095"], &(0x7f0000000480)='syzkaller\x00', 0x1, 0xff46, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
bind$802154_raw(r0, &(0x7f0000000000)={0x24, @long}, 0x8) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190009002dbd7000fedbdf2502202000ff02ff02001a00000c00090008002810", @ANYRES32, @ANYBLOB="08000100ac1414aa"], 0x30}, 0x1, 0x0, 0x0, 0x448d0}, 0x1000) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000a0000000900010073797a30000000004c000000030a010200000000000000000a0000000900010073797a30000000000900030073797a31000000000a000700736f75746500000014000480080001"], 0x94}}, 0x0) (async)
socket$inet(0x2, 0x2, 0x1) (async)
sendmsg$inet(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x8}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x20080880) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x10, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000001000000950000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000128850000007600000095"], &(0x7f0000000480)='syzkaller\x00', 0x1, 0xff46, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) (async)

9.600889624s ago: executing program 3 (id=4063):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'gre0\x00', <r1=>0x0})
setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000040)={r1, @remote, @private=0xa010101}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000140)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x3e}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8000000}, @generic={0x66, 0x8, 0x0, 0x0, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x8}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa, 0x0, 0xfffd}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0xff00, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108)

9.552153755s ago: executing program 2 (id=4064):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@jmp={0x5, 0x1, 0x3}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
socketpair(0x1d, 0xd229624244415514, 0xe, &(0x7f0000000100))
bind$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x5)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x80004005})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vlan0\x00', <r4=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r5=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01f71800000000000000240000002400000002000000000000000000000400000003000000000000000000000000000000000000000d020000000000000600"/94], 0xffffffffffffffff, 0x3e, 0xb1, 0xa}, 0x1b)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d0000001200003000128008000100687372002400028008000200", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r4], 0x50}, 0x1, 0x0, 0x0, 0x40010}, 0x4008044)

9.271305819s ago: executing program 3 (id=4065):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r0 = socket(0x21, 0x800, 0x3)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "2d9421fe8a4c9563", "cf6ff9ff337ed301000100c747fbbfc1", "dbdc27ff", "16de86d67a8426bd"}, 0x28)
recvfrom(r2, &(0x7f0000002800)=""/4071, 0xfffffffffffffdab, 0x17, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="440000000102450000000000000000000a000005300002802c0001801400030020010000000000000000000000000000140040a8d937d91814fe990400fe880000000000"], 0x44}}, 0x4000)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000180)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18)
syz_emit_ethernet(0x36, &(0x7f0000001800)=ANY=[@ANYBLOB="0180c200c800aaaaaaaaaaaa080045000028006400000402907800000000e000000211009078e0000002000010020000000400000000"], 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280), 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a3000000000b4000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d24001280200001800e000100636f6e6e6c696d69740000000c00028008000140000000010c0009800800014000008f"], 0xfc}, 0x1, 0x0, 0x0, 0x4840}, 0x0)

9.052755203s ago: executing program 4 (id=4066):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="30de", 0x2}], 0x1, 0x0, 0x0, 0x24008000}}], 0x1, 0x0)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)=""/8, 0x8}], 0x1}, 0x6}], 0x1, 0x28144, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000c80)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36513001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e455fe2bb24ef66970746c7f1f2a5c4c3", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000002100)=[{&(0x7f0000000d00)=""/301, 0x12d}, {&(0x7f0000002a40)=""/4044, 0xfcc}, {&(0x7f0000000380)=""/175, 0xaf}, {&(0x7f0000000a40)=""/204, 0xcc}, {&(0x7f0000000680)=""/192, 0xc0}, {&(0x7f0000000740)=""/256, 0x100}, {&(0x7f0000000440)=""/168, 0xa8}, {&(0x7f0000000280)=""/202, 0xca}], 0x8}, 0x1082)

8.502032704s ago: executing program 2 (id=4068):
unshare(0x6a040000)
mmap(&(0x7f0000aa4000/0x1000)=nil, 0x1000, 0x200000e, 0x13, 0xffffffffffffffff, 0xffffc000)
socket(0x2b, 0x3, 0x1)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c4e9e82bb141edd8cf841fb14000006feea864e800000000000000006"], 0x14}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'veth1_virt_wifi\x00', 0x10})
r1 = socket(0x400000000010, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724866f", 0x4}], 0x1)
close(0xffffffffffffffff)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x5, 0x10, r1, 0x91081000)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1844"], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x67, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180))
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10)
connect$llc(r4, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x8}, {0xfff2, 0xc}, {0xfff5, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x4)

8.461744471s ago: executing program 4 (id=4069):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "1afc7c14d332bcc6", "a9ba0c85d68723369f51322151d9f41aaa2832bb07cc1e49ad714beac6f1ade8", "49960d8f", "bff2a81527ae4190"}, 0x38)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000300)=ANY=[@ANYBLOB="050000001446"], 0x38}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000100)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000001c0)=0x1c)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = socket$inet6_sctp(0xa, 0x6, 0x84)
setsockopt$MRT_DEL_VIF(r4, 0x0, 0xcb, &(0x7f0000000480)={0x0, 0x0, 0x7, 0x2b, @vifc_lcl_addr=@local, @broadcast}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300100000000000000000007374726565626f673531322d67656e657269"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xf0}}, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r7, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800800}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="20000000040a010100000000000000000a0000010900030073797a320000000083df0a63f183422e4215036c08a6377775327d731a22565a505990290b084f38d7af564b530c79f51a3b1c74ad86292d882cae"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r9 = socket$tipc(0x1e, 0x2, 0x0)
bind$bt_hci(r9, &(0x7f0000000040), 0x6)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @empty}], 0x10)
listen(r6, 0x3)
sendmsg$inet6(r5, &(0x7f0000001dc0)={&(0x7f0000000840)={0xa, 0x4e22, 0x906, @loopback, 0x7}, 0x1c, &(0x7f0000001d40)=[{&(0x7f0000000880)="fa", 0x1}], 0x1}, 0x40085)
r10 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f00000008c0)=[{&(0x7f0000000380)="d6", 0x1}], 0x1)
writev(r10, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600004e22590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

7.284606286s ago: executing program 4 (id=4074):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000003400)={0x10, 0x2, &(0x7f0000003200)=@raw=[@call={0x85, 0x0, 0x0, 0x8b}, @exit], &(0x7f0000003240)='GPL\x00'}, 0xc01)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x5a87, 0x4, 0x3, 0x0, r0}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001980), &(0x7f0000001ac0)="42d39c7a49", 0x8001, r1, 0x0, 0x8000000}, 0x38)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r3, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000500", @ANYRES32, @ANYBLOB="14000600fe8000010000009500040000000000aa14000700000000000000000000000010"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r4, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000280)}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x24004ffd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000040)}}], 0x1, 0x2090)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x840}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r6, &(0x7f0000000140)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000040)={0x7, 0x7, 0xc, 0x9, 0x0, 0xc, 0x4, 0x6, 0x8, 0x2, 0xa1, 0x4, 0x3, 0x80}, 0xe)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x40004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x6}})
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000000)="edfff1ceba1535e03cbc7179f057117d32d3ddb8352f785be2007bd2e4f7d73fe55a199e24f797946998bf32cb7ef62168069b0e8123ccf45c043093c003570bced2a45b6a041e1606aa422e4c17", &(0x7f0000000080)=@tcp6=r2}, 0x20)

7.10630693s ago: executing program 3 (id=4075):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x94, 0x30, 0x9, 0x0, 0x0, {}, [{0x80, 0x1, [@m_bpf={0x7c, 0x1, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x35, 0x0, 0x1, 0xb1000000}, {0x44}, {0x3}, {}, {}, {}, {0x6, 0x0, 0x0, 0x5}]}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x9, [@var={0x7, 0x0, 0x0, 0xe, 0x1, 0x2}]}, {0x0, [0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x31}, 0x28)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="05000000e4ef1f00810000007f00000001"], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000300)={r1, 0x0}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000040)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

6.608784466s ago: executing program 3 (id=4077):
socket$can_bcm(0x1d, 0x2, 0x2)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), r0)
unshare(0x6020400)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mreqn(r1, 0x0, 0x20, 0x0, 0x0)
r2 = socket(0x1e, 0x5, 0x0)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r2, 0x110, 0x5, &(0x7f0000000500)=[0x2, 0x4], 0x2)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r3 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4)
sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="75016a009cdc14"], 0xdd12}], 0x1, 0x0, 0x0, 0x8887}, 0x4048820)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r3)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x0, @loopback}, {0x2, 0x0, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10e4814}, 0xc, &(0x7f0000000480)={&(0x7f0000000b00)=ANY=[@ANYRESOCT=r0, @ANYRES16=r5, @ANYBLOB="000225bd7000fedbdf2512000000240002800800010007000000d5b1f1ff01000000080002004700000008000100060000000c0007800800020000000000fc000680c9000300d23f7eb529a1a9427be001de4b73cd0a174bc8fa6289529e8894f16ca08ddcb9070e3a16b9454ee5fc622a809d5701029f71e45541cc96585a650220a2c73194bc4772d0784738d0d3af5d04b04aaa503dc3e7262792d807554d41aa2b5f0645a8c00ca74171089568627f78b5fe2ba8e313ac00d9e9e427f63f3386fc5dd42a7b6d5d87a5445e3a30fab7e6277aa9a483dcaceb7922c6f30794dc77d40d1c1fe569c37459d91c80ca79d6e355b907a242107df1bab9968198a40e3e7c81753e11f8bc7b0700000008000600fbc00000080001000000010004000200040002000400050008000100390e0000080001000b000000cc0001802c0002800800030044d5000008000400ffffffff08ffef25368ac2a04ca300020008000000080004000100000008000300000012000d0001007564703a73797a30000000002400028008000200000000000800030005000000080001000600000008000300030000004400028008000300020000000800010000000000080003000500000008000400050400000800010010000000080002000200000008000400e6000000080001000a00000014000280080001000d000000080001001c000000080003000e00000008000300250000001c000680080006000500000004000200040005000400020004000200"], 0x228}, 0x1, 0x0, 0x0, 0x10}, 0x20008010)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r8)
sendmsg$nl_xfrm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="24000000240035b900000000000000000700000006000480ffef0000060003"], 0x24}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x94)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmsg$key(r9, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070020001f00001a000000030000a95a6e870200010000e9ff070040000200ee1500050005000000cc580a"], 0x80}}, 0x20000000)
close(0x3)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x18, 0x1409, 0x10, 0x70bd2d, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}}, 0x80)

6.475583278s ago: executing program 1 (id=4079):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000010880)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000010400)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1, r0}, 0xc)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a310000000054000380500000803e0001"], 0x80}}, 0x8000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000100)={'team0\x00', <r5=>0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb0c001800"], &(0x7f0000000000)=""/28, 0x56, 0x1c, 0x1}, 0x28)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r7, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xffbf}], 0x1)
sendmsg$NFNL_MSG_ACCT_NEW(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000dc3728369a7add3ce8c736a1344a000007010200000000000000000100001e474fa22b78080c000340000000000000008a0c000240c8ed0cd4a18c19f3823f57b325a151ad006913ee22f5b383eb2608e0d21525848387a27f7cec9b415e4d53c777e35373c92132eda833e70133cb3cf982b93512c427f7d004831e370e9ad07befdf0e5584e9173fcbcfadef9c7dbb630d8b7ac2812bf231e70d905c80f42a92dd3ae45e26159516e08363139ced5b23c3d209b738a4d2541c72"], 0x38}, 0x1, 0x0, 0x0, 0x810}, 0x4004090)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r5}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
accept4$unix(r12, 0x0, &(0x7f0000000140), 0x800)

6.275747255s ago: executing program 3 (id=4080):
r0 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/246, 0xf6}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="2b1c52ac82e71ea05b0c5e43ede4", 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffdf8, 0x0, &(0x7f0000000fc0)="dd5e48aa95ac0000"}, 0x50)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4)
socket(0x1e, 0x2, 0x0) (async)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) (async)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/246, 0xf6}], 0x1}, 0x20) (async)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="2b1c52ac82e71ea05b0c5e43ede4", 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffdf8, 0x0, &(0x7f0000000fc0)="dd5e48aa95ac0000"}, 0x50) (async)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4) (async)

6.070465961s ago: executing program 4 (id=4082):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000800000000000000070000006b113400000000009500000000000000d10cef9e998459428345180a9ba71b7f05646073d8380987e0c56c5354f8886e85e8d38488ed27a5becd0f5e82340e810b22e187180ab049ce1ad6d962a2fb78d7eecfa92b6e8380792ae843793863e761a65f844145e188f8e733f2be4b1e98b2e1859b786a841da8450422a96df9f5a158ed3696e5e53f72ed623377b199d49c5a2c0614e3c8adcd8722da6f1a81a363f63b8bf08e6fd55b56536e009bd6ffbf90"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="190000c5ff00000008000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r1}, 0x20)
sendmsg$IPSET_CMD_LIST(r0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket(0x15, 0x3, 0xb6)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0xcc, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
socket$kcm(0x10, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000580)={<r5=>0x0, 0xc0, "0f5efaacd0d12878f2659e749babba7d41e443975068a8178cd07aa09a9753f5e4a3c56672587b74e32d5b5fbf6ba2722bec7bcf22286464f872f2ee202284493c4021100739ac60f91da2345778cd1bdbe2d988b6e6ae1a67b0ff2197fda56d55b50a198331561220b7805108684e433e54bb839adce44669b37fc583eca8acf610c7cdd57666ac3c01f2a6a62dfb50e8a6785b6a57e3614fd9904e21c0c26a0027bebe458001fb746fa5b07eeff2cf7a914dab742e5b31f8e6a2c4ce7595fd"}, &(0x7f0000000180)=0xc8)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05400000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000008000140000000000900010073797a30000000004c000000060a01040000000000000000010000002400048020000180080001006f736600140002800500020000000000080001400000001408000b40000000000900010073797a3000000000140000001100"], 0xd4}}, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000100)={r5, 0x5, 0xdb}, &(0x7f0000000200)=0x8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6(0xa, 0x2, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f0000000040))
setsockopt$inet6_mreq(r10, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00', <r11=>0x0})
setsockopt$inet6_mreq(r9, 0x29, 0x15, &(0x7f0000000000)={@remote, r11}, 0x14)
sendmmsg$inet(r6, &(0x7f0000001d40)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000f40)=ANY=[], 0x120}}], 0x1, 0x4000)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="180000000600000000000000bf000000b7080000000000007b8af8ff00000000b7080000a6542a297b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001833971a62b4df230000b5c284dc89a31955ff47f55822738dd1c0afaf4e8e7b3c137dd3fc0590dd1a54a636357b3fdd096572cc7ee518668db63bd371eea7a098393a8dfce4a43f53098e43a0016ce2c69ec99f8300a550071cd0e44c734e", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f00000003c0)='syzkaller\x00', 0x8, 0x60, &(0x7f0000000680)=""/96, 0x41000, 0x5, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, &(0x7f00000007c0)=[0xffffffffffffffff, 0xffffffffffffffff, r3, r3, r3, r2, r3, r2, r3], 0x0, 0x10, 0x7}, 0x94)
sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newtfilter={0x24, 0x11, 0x1, 0x70bd24, 0x2000, {0x0, 0x0, 0x74, r11, {0x5, 0x10}, {0x1, 0xb}, {0xfff2, 0x10}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48000}, 0x840)

5.816783882s ago: executing program 3 (id=4083):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a0500000000ffffffe000050000030900010073797a30000000002c000000030a01020000000000800000050000000900010073797a30000000000900030073797a300000000054000000060a010400000000000000000500000008000b40000000002c0004802800018008000100667764001c0002800800034000000002080002400000000308000140000000060900010073797a3000000000140000001100010000000000000000000000000a748c02ad01cfddf48ef17c4ff283d564f27c61a586c1f25b15402531bf96a2e79395a1a1fb51e650edc43d49eaeeb8b76f84c1ecf39bc3875d353fa93e45a3836f384d4868be42ed2f65399a2154151b74f718d913a6de693158d51261b4037daa90061d3e0546f450a9e195ec914a934b32bb69181772092e59507f5f8b1de09fdca2dacb1c203dcad9b85f086f822f88119a641b29b65435fa0334efb2793e5cfca74f90d1bb2814de32ac48c1b8ec212e8d0902351031ea866038cd4c1bcbbb849b7cd9534c620ecafd165ca99d24c3639f54a9a930b041f143ee3a3a3ddcf5c23c8ea96d25e5c462fc6ad2d1229377e240ae70589309"], 0xc8}}, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x50dc11303b75adfd, r1, 0x1e834000)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r5, 0xc6e9f000)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, r6, 0xd1383000)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="38000000180001000000000000000000020080000003c809001b0000060015000400000014001680100008800c00028008000180"], 0x38}}, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r7, 0x1000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0xffffc000)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000300)={<r9=>r0, &(0x7f00000001c0)='syzkaller1\x00', 0x140, &(0x7f0000000240)={@_ha_fsid={[0x401, 0x2]}, {0x2f, 0x2, 0xaf3b, 0x83d}}, 0x2, &(0x7f0000000280)={@_ha_fsid}, &(0x7f00000002c0)=0x4a3})
openat$cgroup_type(r9, &(0x7f0000000340), 0x2, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000140)=0x8)
sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}, 0x1, 0x0, 0x0, 0x48010}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_int(r12, 0x1, 0x2f, 0x0, &(0x7f0000003440))
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)

5.644273024s ago: executing program 0 (id=4084):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0xfffffffe}, 0xc)
sendmmsg(r0, &(0x7f0000001b40)=[{{&(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @multicast2}, 0x2, 0x2, 0x0, 0x2}}, 0x80, &(0x7f0000001b00)=[{&(0x7f0000000b00)="a395710999a305764e0194995141dcf996df39becad3ff97241089d55e80259007fdf05361fddca0a64d588ddd2ee182e4be85ab08f693e1c8902adb1086138cb63c547b032a882fcafc9345ad077ea06fa658afbbb3a56450954523415bab247c963f581833126612782728493ed3a6bed532bf9f3839e77af67a4c8e1e74444613f12b1d59bed20f3e338902e726ff4d7c6b8f6f119c248646b947a58f7d1e400455ddd2787b3bf2a8a639a51d3aadfb63883ed3f4177d2dcd9e5486cf05aef815652e9e827b0a454e32d7ed6ae8a2b6d37cd0195693ed7d56be66b6bae39d5df11e898b09cb9ac68c642340be762f21870441d2dd212c39e51ab21276b53bfdae8a45de692fc35491b4d5b9ea2dc99b4f9ea6a4089ffa2ccc968eaecaa8b3b50f37c67cbe764c717a85803a1c6e2a1346bdad860a3c5f08ce9246bc9eb945bf9a2ae75d38d7f3804203308b12e1231d86658bcadaff3a930570f1e36daaf1fbb83400db282677f3171913e28f5fbdb9cc076c8cff9d725976a1d1dae8574523bfe577c1ec99361935d5494649f2ceccc0fc76b9262dea8b7a829f70b7ae103cc4b360618bf8335fa2920d86af3176839bfde489bbc3e71e8433d1754000442e01b19af0af9d16236ea28fbfd9de194ccbfce4db577aedc358cd49c2a310b8607a3839eb2a6647b7ab8e1c84d17bb10be8a7bf8efc211ec3c2ef4560493cf64ed641bc137796bb93888d212d06f3f66e0d6a70f58cdc23cf157dc633ba492af9fde4d5c4b42061f4c79e3c9decf97739e6fc14d0877d91aa16a371936a0dc0715414de7f084e633aa9228f98ff5c01745f65aeb74d796432c79d24b560ff84b98f8ffe2fd0514e3b279ec132c06741d03577ffd4dbc04a887ced7793072066bbaa20696a699f44c0b2037effbc6b3b04a86bee6e55ce61c64310e5cf59d6a90a203c00a14155f7e61ec02fa7ee581db794736f1406ef48c8a5c6d36932d4ad0dc2f315179b22d66045ad7c1048e7be1a61c050d32a97170c9dbb31ad341e242c3df6193d992a892cf7e2d031e8a25d34cc09a84a884fed8e71f334ab01efbbb560c67937093814c66afb95639bf63759d61515b02af5c38931dc13f132b4ec0bd33c09f37097217202ec6a301b5d00fe76cdfd2c58a19eb7b22e55f781895769576f871d9b21441e0f39e43009992e477695e6bca0348848545b35064d3b59affea44318e710cdf5e69d560ee2299ad457353406cfcb7d1bd2b64c8bda731d5007fbf3be4a2732c50dfc2793013233ad7957a673a7c9a81353f9bf1db9012bd62e8fc82745484ea4ca749bf8b17df32f70ac06daa07ce8fd570fa39d52df53d6ec954e973b7ee25fe2b8a863c8f08d7a142f8015b50e7c4c01168865678e0a7effd8823d6c60b04de1e6027ba002ebe529b4af406b84b504ae975287dff9de22e82d6a3342bbae90207e7ae4dc787356b3445035fbf15699f93c71d563df25380a7105c44d4018322bc09cedcf4c00b708b817616d5e5b7a404caf0d40d3bd7a36b0b92892a0594a46ceb227723295401016fe843fb9e5060d559a2e6cffe8058932a95e525bc811d576893bf943a9671a6f99cff40be0e372acd011580d2398b82cfae92731bf44ba0e53388552ac034c1bcc7b3bdcd148697f8f91a1c2a488c157d6afc20a035136e291bf79ba768a3bdd4716a0a97b1641ee29fcf7353683bf6edcd62befb8109c1842630593af894deb692a5886065e4c594bb0832fab379a7e99eab4facf2e4f801644d0a392b3e9ee47d70bce27f45dc7b65b514a0d0b212955f196636ad4c4de3e40dffcb07395574171228b845456f4e8adb88a85364ac95cec58d1519c46754cbabd22f986f95b452f5c654db6ee5d6ed10bf4783ead21f6b18bf78b525c107d98af9e088a84defa4277802eca3d7a7ab4172ee7f5068a4e07bc54804f02a3b83524a459bf1a9ee3d35316e4f9eee867bcf0e64f7da423620a67167ee2d0dcdcec6e580b9a66b658528ac5e971720f06d4c2dcbc0473d439679c7ffae0824daf992bcf0a1a1ea81377e44b5258ad6be9defad369742e7ff52f266e9e61b498fd0c26920a8eb8f475aba1a90b8ac6e9a41dd722e4b68441aab3518a4b145b74ed4de2b7dd258f41f141b35c0d22270f9ecf45fb79c043b2158c205a73f169f9c067d9457a7db82803f66d7f60c2e3677b912033d29d08e4ee7df005eb660cff58b19d46059a65cbde11fad41d53b2cedab348c7a1f95f7b98b2900db22f9cf0d80fd4f6daa2f25d62613540fb39eaaf975c918ec0f0b7ef123dfe26104f49b75e572d8a859b3a57c049f812ed798b73791c1549dd6330206330136b4810b98bd53708f19d5735bc84d069c290be2e7fea1dc02cd3424a1fdeebf3e40f2f4025377906571ccc1a71597921818608351c7b1c9813d5934dc70665d2ac5c27ce36a7e222a33b84e4c84ee93a0651110e85a9561a492bc3bbb3dd9cdd61eec5991a222a70842631d250bce59023d2b493ea068f10873f9f7c66f0b34bb6ae4305b9ce1889bc85b59d8ac8b6369b71b4e093f6b89d10c83aec94ff2fe6258ffdda26cb8024cfbc2088720e4704f66337c058afdce1497e9f19ffb6920bca026dd4c812ab56da7b8be7a653a481b80110f6534c2a59e202fbcb484ef8c4a014c01829ef775942025547f96034c8827a6744316417e2b3c1d0649643181b4aaf33eed72d363e0fd0d6bf7650c0966021376d285ce12b812f4b792b6d0fc7f415edceac189abbc8b657214462556b21ae4daabbda4ea7ee4d2356687915cda1d088abee52a0c1f2d2ef32309a5a7bb7a54a1036f298c97120e0a846d3b6ffb9e921edeb7118af25e3917913066862c6d261d59feee5062c889a050cb858658a0355024384315e1aa15d478fddd4ff9d0f5bafee97c8ecf331b43493baef25d4fd254dde9f1c4aa79e812e6140a1d8f1b055e67f43a3a308864161332560d14f0abfacaea69293be6e0de00a4069ef19ec2a7d729858a6d09bbe3dfd3273fef4aa6b0ab7bb2570d460ba23cf3ebc772562f82893ba0faa2bdf0a3a3676503ab3e987669ce2025de74d269b42a73dec399d6101c98b76fee0082f515829e0cd4890be27463731d8052322a9db8ca350c32eff9c6508aa287bb96d463382607c7c70f705091307d92d8a877a16b27228bb1b5cfc240a67ea9e56030f9660aec5c4c75fd6e56dfb8967c8559c2c173c78907718a1d808314482682eb157fff94c72f613860c18f53d23f8a20c5f86dadaeb9239727e601d4433aeee254ef4b0815bc5dd9257d1b96c2878157d837cf4f677e50baaf734b966766a59340bfe1d02c6b6496f08a9b427c93958921d18b583a4049eaab23db61ad35dea73d1be8c209d5df1e44b8a21142c86394906b3690f6fa98afe006f5835390e4c4f23fe24e206223d1ff314dedf674b687c487e7a479eebaadf1679c34bdb86662652d5b308eea7712a1475e250796bf0d6a4fcaa99cf59861273719113da01ef6af8d45143658346288cdd61ed2ad10166a7684be3f6e3b4296a21f5ba9afdee1dbd2ecebcd7ee0a332a5a4976ba7515795f56f60fe7fb358832c7997cb9b242800a3cde308d7e45c4ba72c3fafada897213ad6b1afbbfa0cf615bc0e48a464f0b8575547cab743e27c41f210f1623e01ebfa8706727a6d51485ef9a2b8c08205b50397caddf99d3f71c0fe4df4907e46d3b7461e3d5278ce85eedb0e0af633f654a767e4086f907e12ee39bd0bc31a57951a5bd292ff90cdf7b14771545e0bacc03f6d83d0d94f7699d1cbaffd4ba3dae8fc4d715925c09bd6396b7e765a8ad9ba2a84fca525d985886a90c82bae9677167bbc5ccf41924e4c26c1cb3eb37a8ed0918fa9e433a633dcd98e165739525bfa8b44b77a65dabd9e39c878dcd350b38ddf8a2ffcc7e4a510c6c7edc08c19931c5fb1b075a39f0d4bfa059297feac66da240233f9fa6237cbf639f9fa0db5c1d0dad8da15e8d1babcc649b3fb46820bcf57329e78bf2c5aae26835ed6e12c166bef89d0f97077162322b09c0651a32777f6d6e352f867cbb81807801f3e2a44c728cb10d25f83aacff4e54664778b83b6d34c0d3d9e8ae9901542ad3d9516f9feb25516ad3c06b86424b27cf7eaa56f36e022619ef0d8b63b135809f8d5a5d3e48f8ec4f23193fee9d5782306a2def48adacc69eccdbcc116617be8121be3bcbb4582cf3cff0074a953cc3e0e0a45d3830f3dc6229e6fd706fe48048392581afa172286a48ce3864ac25ce1a73bfe448bdcd97529ae37c9feec27befd935b254b6583f40eb775e61cacfb85a636fe8eb06780309afcc640449a2f1d29470c06b6a4dd9f29825b896ee50767aa1904554f25ff1f225a4b6a7882e52c611b5cec825405620ca3f1c2fcbd723cfea5d2f7e958cb575fda13b9bbd7ba1c4357b9492cd767c5531650faf831bfd32b43562af8951bd3f8b6bbcf51ec3494e41d1eacce9d84fbb937ab80ff4c139b51a295df5143fa2fcde11e72fa5635b3ef35fc9169bdf694dc0c52110534b600da7adb6ae77c5a6cce9f7105cfe8136cc374e9b2abd0e8f9bc558c42bff17f76de4612385413299b3edd6d2352d310c7f12851eaedeed1d0b5c36c67984e6f9c629f3f184a57ab035ff3f37d6816725a2d5b16e740c95e329afa3a1df36a6a9e19886d155fd0522929d83cfe40ad7527243cbe14fa6cb45f823d3b027716555dd0a3d5dca8364ec1d2dfc63852fcfb6ea0fc64fee093dd79750d17e994410bb1ffc1ceeacc0c73f239e1491289c4ab42c91838ef579b0940fafee75fa3c16a521affce837d2f1b51bfb54e1ce1322bb9d0d1053705c16f31ccca616895ab903fdb6628ee04013bfdaae58259a782aafa7c7db8f1bedb24e39034f73195baf23c05925d64984091499d43c80a391cb4d54ef4cfa293a29d2cbc423a30faa53e87e44f08a085f7ee2698474f2c57f2aead1bf54000eab929c6c73595d148155018b2a68798db005070c18e79a77af058587218731397d92cad34e3f2ed52d039790d0c5fa1b20d233af057bb507f7f427cb9fd35186ae29f9f182a4cd6520ceb73217a0031143832e6fde2143200cf2ae8e028bedff3cacce34eb666110aafdea2aaaf40f0dbca090727bcc716d5bc0009454ae70a404ff072b9bfc755bf854a5179c796f946e7dba43dc14f3bf9c2ee83a9170675284ace44e41b4eacf1f8a9c5c2d536445d04e0919c0824e9fb7ac8014b3852ab3209733891aca88f1719bf99905f75925a8a2274cdb3eeb3195fd73583bedb8a3bf005f45fee3ec03be8efe018a52fb847bf8685d368119c2d3f3a2294f2fbd74e0ae3976e43c83e687b8df04fa1c49144d4d8f7b7d5b880278dc94f4eaf47f156d1a52c7d13af8edc310122d35d735a9ff235fb3cb5e9b2d5764d0cfdf6bf0b72ab06ef808c9a6b51fef620c2cc25993b847dce7c855dafb962d4ec9b8364fe2ff608e8aa5a49bc80606b8d782f3109279ece1ce74223ce277d09fc0db18681ca29fca3f161caca81305a1981b26046eaa2691a5ae6ae080334ac7e8e37dc91660b375de178c3b6425f20bf377ef3aebb770c9114ba539199fd574ac237d426e83a8e559ea3f1b93b073cb7c30a131ea7a60bbd29eabf2243b25c88a1d93ecd3d53db2d73b513828473a1e225424248a95751c5b9adfb2ff267a2c0b12dec3589b6e1435044d0a737cd6f1598bdd10fd879f89e8cf09d6fb103660a6df8a3837c69c8792cbf075e4b19c9ded1ac1", 0x1000}], 0x1}}], 0x1, 0x40)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000000))
setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000300), 0x4)
r3 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r3, 0x29, 0x43, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
ioctl$sock_qrtr_SIOCGIFADDR(r0, 0x890b, 0x0)
writev(r0, &(0x7f00000006c0)=[{&(0x7f00000000c0)="a0df43fc3fb4b156efb0e80746e18f1c7b71f277f3ef8c971e1201c4709684b31e479a2e1cd23749bf2ad13c9335bf3071c353fdb63984f3aa27bbb10d2969f976cd37d6e9e2633ca2477d6a0276225dfd0eb152172add886498b234bfd431e87c5d48653c093e1873a47b", 0x6b}, {&(0x7f0000000140)="01238f843fbc251f3660df67945a65905d7be3d48587530152c9970dcdd33ed9f789cecaf7ecc2e349516140b3d2c84802944173387ae879acf500218377f7f94e8b10c2c246c5ed6a18bcbbfdbf820ebc9cf08967becdbfe79103c03679b9e8e32ba542433df9f4b3435b4832fc", 0xfffffffffffffe7b}, {&(0x7f00000001c0)="765c395859d7e7d992c000e444aa904400cdf095035895e57b1a2ccdc563825260fe8f3d150447cab69c83978286ebad49b77778aea537fc55e23b9e413bd3602eb8", 0x42}, {&(0x7f0000000240)="eb5788050d07355aeb205908372fcd0a11e00d8fd0a2f6beec456b4dbd30b93d44a483c55607db6ea1d18bf3e7b4fe465d84c3b658fca57a74d35436c7c5f9759d1c651ce106db7125459349fa397626e8e8f8ef00a6509641e93236d2f819a05477f07030f6aff2cf8b470611921528a4b864259c709a62dbc1a758cb74f519b835aefe58a60bdc8769a929c36cbacccca1b965754589e457124b8dd85ba65b3f23f0d3b54d451c6d8f70ac8cef", 0xae}, {&(0x7f0000000380)="a4995135acf80d5b9309acd2ed9299f3f1dabdf1ab1b208584fad1a0fb4bbd59e8c7683604dd39d0568b099a8c9539ace79ccfa397533db2e82eea75a8c604e453111429b568af7473857e4cca7812cad3771bcb336341bd8e6115509be757382bb86314fbbbca6113186e3d10abdfa8e1ad7d25e94885e13a706cb69f794e305ddce33e39f36cde743c2bd32bb13dfa0fdbb2664103eb5c03f0cfa8b93ced6529b4842ee3cb4b08aaf8b191946892f82031b819d2e2e3cc0119a4f926f6d0dad96a9b97eca8bc", 0xc7}, {&(0x7f0000000480)="bed34869ff0a07f5076c1adb9dd9fd1fa4667dc60c4496be129626870bd2f6d50aba2d09f038ff525836db121817cc7b7684d03b49a7abad7d413210bce6afae72f40ccb0a5481127792ef196d315f037f37e7531df276cad9557d3d423cfea47db97bd4331ee19c5a26170058000000", 0x84}, {&(0x7f0000000540)="e514d45f2f2198589e2bc08f0871067e17d263fe3035bd0004bd4fa9f5be3f11be7963f840665aa614e55fd31404758e5dc8a9f3afac08349a6ffbf4b57e95fa147966d6bc79588cbef4a24cd95675f764bdee05833fbfbc32a83f82682844ed2ec18b643db66b61b230e05f9f797306af025a1090cf28374fd6d5b2633b745d9ec0a3725a498da72c6c72d28ec683cdbe4e0311944f702d34e66a60f36329a9b29f19727c011044024c60fd31badfcefabad459877ae9858e09d32cb96b436be6b4c6ea3c7637f5d11be796", 0xcc}, {&(0x7f0000000640)="543f0aa1f9655af88eabe94b6ce3928b2b3c9be20981054d12b2dca8ffa541d4f06b530e139ed2e67eacb9f772b8127e17eab5a6d0bec465bc1b110fb4ca2d385e1d1ac0cd6d8ab5a10471", 0x4b}], 0x8)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)="fb", 0x1}], 0x1)

5.280802254s ago: executing program 0 (id=4085):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0xe, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe00000000a4080000000048027b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x20000000}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0xe, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe00000000a4080000000048027b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x20000000}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)

5.253030434s ago: executing program 4 (id=4086):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000011000100200000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000004001a"], 0x24}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x27, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000006000000000000004300f8ff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000a6030000fffe000085000000863e0000bf"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000d}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r3)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7001fe3a00251200000018000180140002006272696467655f736c6176655f3100000800070000000000080008"], 0x3c}, 0x1, 0x0, 0x0, 0x86}, 0x40040)

4.960370794s ago: executing program 0 (id=4087):
socket$netlink(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x3, @mcast1, 0x1}}, {{0xa, 0x4e23, 0x7fff, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8}}}, 0x108)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
socket(0x10, 0x803, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r1)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r2], 0xc4}}, 0x0)

4.778440752s ago: executing program 0 (id=4088):
unshare(0x22020400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
read$alg(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000001740), r1) (async)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001740), r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000068a00800000000004000000cb2004001001000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42}, 0x94) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000068a00800000000004000000cb2004001001000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42}, 0x94)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000017c0)={'wpan1\x00', <r5=>0x0})
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000080)={<r6=>0xffffffffffffffff, 0x0, 0x5, 0xffffffffffff9b0e})
getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x14)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe5f, 0x0, 0x0, 0x0, <r9=>0x0, 0x16, 0x0, 0x0, 0x10, &(0x7f0000000300), 0x0, 0x0, 0x63, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000500)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x2, 0xd2, &(0x7f00000009c0)=""/210, 0x0, 0x0, '\x00', r8, @fallback=0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1e, 0xf, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='syzkaller\x00', 0x4, 0x3, &(0x7f00000001c0)=""/3, 0x41000, 0x12, '\x00', r7, @fallback=0x2b, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x1, 0x4, 0x5}, 0x10, r9, r4, 0x2, 0x0, &(0x7f0000000340)=[{0x5, 0x1, 0x1, 0x2}, {0x2, 0x1, 0x2, 0x8}], 0x10, 0x1}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1e, 0xf, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='syzkaller\x00', 0x4, 0x3, &(0x7f00000001c0)=""/3, 0x41000, 0x12, '\x00', r7, @fallback=0x2b, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x1, 0x4, 0x5}, 0x10, r9, r4, 0x2, 0x0, &(0x7f0000000340)=[{0x5, 0x1, 0x1, 0x2}, {0x2, 0x1, 0x2, 0x8}], 0x10, 0x1}, 0x94)
sendmsg$IEEE802154_SET_MACPARAMS(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="230028bd7000fedbdf252300000008000200", @ANYRES32=r5, @ANYBLOB="aa8248893d17c0650ed8f842de0381d05e9397e81ddb1351f87bcb81c8ea64b56892a0e296bec93b8910ce0dd8729dbf3e25a71f0ad966c21f036e3f8273ff9d5e67168eb74af50899c40f888b21bca48e085b950a4c9a742eec78a481590000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4044810}, 0x0)

4.558436906s ago: executing program 0 (id=4089):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000005f80)={0x0, 0x0, &(0x7f0000005f40)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000000301010800000000000000000200000806001240000100002c0002800c0002801b00010088000000060003400004000014000180080001000a010102080002"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x20000040)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xd, 0x20000000ec071, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x114, 0x1, 0x9, 0x3, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x3}}, @NFCTH_STATUS={0x8}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x8}}, @NFCTH_TUPLE={0xac, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1002}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x8004}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x1000}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0xe}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x8}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x20}]}, 0x114}, 0x1, 0x0, 0x0, 0x41}, 0x8080)
ioctl$SIOCX25SDTEFACILITIES(r1, 0x89eb, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)

4.07295567s ago: executing program 0 (id=4090):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000005c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000700)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000580)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000228bd7000ffdbdf25070000000c00060003000000030000000800050000000000"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x804)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
socket(0x400000000010, 0x3, 0x0) (async)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x3, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xfff1, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x0) (async)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x3, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xfff1, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x1, 0xa}, {0x7}, {0x5, 0xfff1}}}, 0x24}}, 0x40004) (async)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x1, 0xa}, {0x7}, {0x5, 0xfff1}}}, 0x24}}, 0x40004)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000040)=0x4, 0x4) (async)
setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000040)=0x4, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r10, 0x0) (async)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r10, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="186084b70efb7f6f37087f231bfa00000003000000950a12bc4e6334de334a94ba6b1101b6314d23eed1aec47e21488fb830e922d525200e2fdd6b1ab62326404d41178be17b232c434404e0073bef316d5e331ac221d2c5"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r11, r8, 0x30, 0x0, @void}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r10, 0x58, &(0x7f0000000340)}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x25)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, &(0x7f00000010c0)='syzkaller\x00', 0x9, 0xff2, &(0x7f0000001cc0)=""/4082, 0x41000, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) (async)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f00000003c0)=ANY=[@ANYBLOB="800000000802110000010802110000005050505050500063c8b5e1410c98403bfda2112a0b000000000000000000640001000012bcb2fc61dca02864d19884114976094ba46f010076065c0504000600"], 0x42)
setsockopt$inet_IP_XFRM_POLICY(r10, 0x0, 0x11, 0x0, 0x0) (async)
setsockopt$inet_IP_XFRM_POLICY(r10, 0x0, 0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)

55.548435ms ago: executing program 4 (id=4091):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async, rerun: 32)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) (async, rerun: 32)
close(0x4) (async)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = getpid()
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000046000701fcffffff02000000017c000008000100", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000) (async)
unshare(0x6a040000) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000300)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x2, 0x4, 0x0, @empty, @multicast1, {[@generic={0x4af3dca665480ba0, 0x2}, @generic={0x0, 0x2}]}}, {0x4e23, 0x4e23, 0x18, 0x0, @wg=@data={0x4, 0xffffffff}}}}}}, 0x0) (async)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000000)=0x3, 0x8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="040100001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800050001200000080001"], 0x104}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x40, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008004}, 0x1)
ioctl$XFS_IOC_SET_RESBLKS(r3, 0xc0105872, &(0x7f0000000040)={0x8, 0x7})

0s ago: executing program 1 (id=4092):
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x12, 0x5, 0x4, 0x2, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f00000000c0)="a931", &(0x7f0000000100)=@tcp6=r1, 0x1}, 0x20)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="2503000000000000000004"], 0x14}}, 0x0)
sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x48000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='8\x00\x00j', @ANYRES16=r4, @ANYBLOB="000428bd7000fedbdf250700000008000c00030000000c000f000100000000000000060003000200000006001c0001000000"], 0x38}, 0x1, 0x0, 0x0, 0x844}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000001940)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c3100004a1000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d29066927603deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e62367581c92ef9e7e8ece17d566c93a114d68c577d694b9844e0d9e306404cfc3bfbead9e1b96c6a6cb639bca6d000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x201000}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0xb8, 0x3, 0x7, 0x301, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFACCT_FILTER={0x54, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3ff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}, @NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x44}, @NFACCT_QUOTA={0xc}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x1ff}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x7}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8000000000000001}]}, 0xb8}, 0x1, 0x0, 0x0, 0x8001}, 0x804)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)={0x1c, r7, 0x1, 0x70bd28, 0x25dfdbf8, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0xffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8006000)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x50, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$MPTCP_PM_CMD_REMOVE(r5, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x8c, r7, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x40}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x81}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r10}]}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20040081}, 0x1)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r2, &(0x7f0000000040)}, 0x20)
bind$alg(r1, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newsa={0x16c, 0x10, 0x713, 0xfffffffe, 0x25dfdbfc, {{@in=@rand_addr=0x64010101, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0xa, 0x0, 0x0, 0x1d}, {@in6=@private1, 0xfe, 0x32}, @in=@remote, {0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0x2}, 0x70bd2c, 0x3500, 0xa, 0x1, 0x0, 0x50}, [@encap={0x1c, 0x4, {0x2, 0x4e24, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2d}}}, @algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

kernel console output (not intermixed with test programs):

3.954009][T17272] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3135'.
[  444.006073][T15617] hsr_slave_0: left promiscuous mode
[  444.024443][T15617] hsr_slave_1: left promiscuous mode
[  444.033751][T15617] batman_adv: batadv0: Removing interface: batadv_slave_1
[  444.045382][T15617] batman_adv: batadv0: Removing interface: ipvlan2
[  444.234528][T17277] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3139'.
[  444.362758][T15617] team0 (unregistering): Port device team_slave_1 removed
[  444.405934][T15620] smbdirect: ib_dev[syz1] removed
[  444.560282][T17277] team0: Port device dummy0 removed
[  444.724554][T17282] syzkaller0: entered promiscuous mode
[  444.754012][T17282] syzkaller0: entered allmulticast mode
[  444.820917][T17285] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  444.835669][T17288] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3143'.
[  444.956384][T17288] FAULT_INJECTION: forcing a failure.
[  444.956384][T17288] name failslab, interval 1, probability 0, space 0, times 0
[  444.989406][T17288] CPU: 0 UID: 0 PID: 17288 Comm: syz.0.3143 Not tainted syzkaller #0 PREEMPT(full) 
[  444.989453][T17288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  444.989467][T17288] Call Trace:
[  444.989476][T17288]  <TASK>
[  444.989485][T17288]  dump_stack_lvl+0xe8/0x150
[  444.989516][T17288]  should_fail_ex+0x412/0x560
[  444.989550][T17288]  should_failslab+0xa8/0x100
[  444.989585][T17288]  __kmalloc_cache_noprof+0x88/0x660
[  444.989617][T17288]  ? fl_init+0x53/0x1d0
[  444.989652][T17288]  fl_init+0x53/0x1d0
[  444.989683][T17288]  tcf_proto_create+0x248/0x330
[  444.989720][T17288]  tc_new_tfilter+0x12ff/0x1780
[  444.989778][T17288]  ? __pfx_tc_new_tfilter+0x10/0x10
[  444.989824][T17288]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  444.989866][T17288]  ? __pfx_tc_new_tfilter+0x10/0x10
[  444.989895][T17288]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  444.989923][T17288]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  444.989947][T17288]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  444.989969][T17288]  ? ref_tracker_free+0x693/0x840
[  444.990001][T17288]  ? __pfx_ref_tracker_free+0x10/0x10
[  444.990042][T17288]  netlink_rcv_skb+0x232/0x4b0
[  444.990070][T17288]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  444.990096][T17288]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  444.990136][T17288]  ? netlink_deliver_tap+0x2e/0x1b0
[  444.990162][T17288]  ? netlink_deliver_tap+0x2e/0x1b0
[  444.990195][T17288]  netlink_unicast+0x75c/0x8e0
[  444.990231][T17288]  netlink_sendmsg+0x813/0xb40
[  444.990269][T17288]  ? __pfx_netlink_sendmsg+0x10/0x10
[  444.990300][T17288]  ? aa_sock_msg_perm+0xf1/0x1b0
[  444.990330][T17288]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  444.990369][T17288]  ____sys_sendmsg+0x972/0x9f0
[  444.990397][T17288]  ? __might_fault+0xaf/0x130
[  444.990429][T17288]  ? __pfx_____sys_sendmsg+0x10/0x10
[  444.990472][T17288]  ? import_iovec+0x73/0xa0
[  444.990507][T17288]  ___sys_sendmsg+0x2a5/0x360
[  444.990534][T17288]  ? __lock_acquire+0x6b5/0x2cf0
[  444.990560][T17288]  ? __pfx____sys_sendmsg+0x10/0x10
[  444.990625][T17288]  ? __fget_files+0x2a/0x420
[  444.990647][T17288]  ? __fget_files+0x3a0/0x420
[  444.990676][T17288]  __x64_sys_sendmsg+0x1bd/0x2a0
[  444.990703][T17288]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  444.990734][T17288]  ? __pfx_ksys_write+0x10/0x10
[  444.990766][T17288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.990785][T17288]  do_syscall_64+0x15f/0xf80
[  444.990806][T17288]  ? trace_irq_disable+0x3b/0x140
[  444.990832][T17288]  ? clear_bhb_loop+0x40/0x90
[  444.990854][T17288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.990871][T17288] RIP: 0033:0x7fa7e8d9cdd9
[  444.990889][T17288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  444.990904][T17288] RSP: 002b:00007fa7e9c20028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  444.990924][T17288] RAX: ffffffffffffffda RBX: 00007fa7e9015fa0 RCX: 00007fa7e8d9cdd9
[  444.990937][T17288] RDX: 0000000000004010 RSI: 0000200000000280 RDI: 0000000000000005
[  444.990949][T17288] RBP: 00007fa7e9c20090 R08: 0000000000000000 R09: 0000000000000000
[  444.990960][T17288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  444.990970][T17288] R13: 00007fa7e9016038 R14: 00007fa7e9015fa0 R15: 00007fff65a170e8
[  444.990997][T17288]  </TASK>
[  445.398530][T17298] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3145'.
[  445.589499][T17301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3146'.
[  445.785975][T17302] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3145'.
[  445.962134][T15617] IPVS: stop unused estimator thread 0...
[  446.108753][T17322] netlink: 'syz.0.3149': attribute type 4 has an invalid length.
[  446.485286][T16971] 8021q: adding VLAN 0 to HW filter on device batadv0
[  446.512218][T17335] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  446.598563][T17335] syzkaller0: entered promiscuous mode
[  446.604375][T17335] syzkaller0: entered allmulticast mode
[  446.611474][T17335] tipc: Resetting bearer <eth:syzkaller0>
[  446.645743][T17334] tipc: Resetting bearer <eth:syzkaller0>
[  449.940525][T17334] tipc: Disabling bearer <eth:syzkaller0>
[  450.125025][T16971] veth0_vlan: entered promiscuous mode
[  450.172030][T16971] veth1_vlan: entered promiscuous mode
[  450.229687][T17370] __nla_validate_parse: 4 callbacks suppressed
[  450.229803][T17370] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3160'.
[  450.319233][T17370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3160'.
[  450.356981][T16971] veth0_macvtap: entered promiscuous mode
[  450.396893][T16971] veth1_macvtap: entered promiscuous mode
[  450.452332][T16971] batman_adv: batadv0: Interface activated: batadv_slave_0
[  450.494149][T17382] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3164'.
[  450.505822][T16971] batman_adv: batadv0: Interface activated: batadv_slave_1
[  450.619486][T17388] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3165'.
[  450.637943][T17388] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3165'.
[  453.489169][T15619] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.502646][T17385] tipc: New replicast peer: 255.255.255.255
[  453.512984][T17385] tipc: Enabled bearer <udp:syz2>, priority 5
[  453.538066][T15619] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.559936][T15619] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  453.577856][T17392] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3165'.
[  453.600404][T15619] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  453.888105][T15617] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  453.899694][T17408] syzkaller0: entered promiscuous mode
[  453.913905][T15617] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  453.923317][T17408] syzkaller0: entered allmulticast mode
[  454.350686][T15617] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.366161][T17431] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3174'.
[  454.375575][T15617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.391659][T17430] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3175'.
[  454.437480][T17433] netlink: 'syz.1.3176': attribute type 6 has an invalid length.
[  454.459598][T17433] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3176'.
[  454.641161][T17442] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3177'.
[  455.105782][T17458] netlink: 'syz.1.3182': attribute type 3 has an invalid length.
[  455.443994][T17458] A link change request failed with some changes committed already. Interface veth0_to_batadv may have been left with an inconsistent configuration, please check.
[  455.981651][ T5630] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  456.015405][ T5630] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  456.027137][ T5630] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  456.055937][ T5630] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  456.071937][ T5630] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  456.121563][T17469] syzkaller0: entered promiscuous mode
[  456.143563][T17469] syzkaller0: entered allmulticast mode
[  456.787937][T17505] netlink: 'syz.1.3189': attribute type 39 has an invalid length.
[  456.832491][T17500] __nla_validate_parse: 3 callbacks suppressed
[  456.832513][T17500] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3189'.
[  457.055257][T17505] hsr_slave_0 (unregistering): left promiscuous mode
[  457.214411][T17516] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3191'.
[  457.276556][   T62] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  457.296242][   T62] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  457.478214][   T62] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  457.537905][   T62] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  457.665734][T17534] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3196'.
[  457.688646][T17534] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  457.811270][T17541] netlink: 'syz.1.3197': attribute type 1 has an invalid length.
[  457.828894][T17541] netlink: 'syz.1.3197': attribute type 2 has an invalid length.
[  457.856813][T17541] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3197'.
[  458.012341][   T62] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  458.037977][   T62] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  458.054853][T17546] nbd: must specify at least one socket
[  458.067602][T17546] netlink: 'syz.0.3198': attribute type 30 has an invalid length.
[  458.099458][ T5633] Bluetooth: hci3: command tx timeout
[  458.241318][   T62] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  458.252851][   T62] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  458.281049][T17525] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3192'.
[  459.271948][T17591] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3205'.
[  459.295289][T17591] tc_dump_action: action bad kind
[  459.719058][   T62] dvmrp0: left allmulticast mode
[  459.725152][   T62] pimreg: left allmulticast mode
[  459.742655][   T62] lo: left allmulticast mode
[  459.830254][T17611] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  460.168452][ T5633] Bluetooth: hci3: command tx timeout
[  460.541223][   T62] bond7 (unregistering): (slave geneve3): Releasing active interface
[  460.855641][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  460.865187][   T62] bond_slave_0: left promiscuous mode
[  460.872018][   T62] bond0 (unregistering): Released all slaves
[  460.883575][   T62] bond1 (unregistering): Released all slaves
[  460.902307][   T62] bond2 (unregistering): Released all slaves
[  460.918467][   T62] bond3 (unregistering): Released all slaves
[  460.935123][   T62] bond4 (unregistering): Released all slaves
[  460.956866][   T62] bond5 (unregistering): Released all slaves
[  460.973764][   T62] bond6 (unregistering): Released all slaves
[  460.990592][   T62] bond7 (unregistering): Released all slaves
[  461.172543][T17640] FAULT_INJECTION: forcing a failure.
[  461.172543][T17640] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  461.200408][T17640] CPU: 0 UID: 0 PID: 17640 Comm: syz.0.3211 Not tainted syzkaller #0 PREEMPT(full) 
[  461.200442][T17640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  461.200456][T17640] Call Trace:
[  461.200465][T17640]  <TASK>
[  461.200474][T17640]  dump_stack_lvl+0xe8/0x150
[  461.200505][T17640]  should_fail_ex+0x412/0x560
[  461.200539][T17640]  _copy_from_iter+0x1d3/0x1670
[  461.200573][T17640]  ? rcu_is_watching+0x15/0xb0
[  461.200606][T17640]  ? __pfx__copy_from_iter+0x10/0x10
[  461.200631][T17640]  ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0
[  461.200673][T17640]  ? netlink_sendmsg+0x650/0xb40
[  461.200700][T17640]  ? skb_put+0x11b/0x210
[  461.200730][T17640]  netlink_sendmsg+0x6c0/0xb40
[  461.200767][T17640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  461.200798][T17640]  ? aa_sock_msg_perm+0xf1/0x1b0
[  461.200827][T17640]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  461.200860][T17640]  ____sys_sendmsg+0x972/0x9f0
[  461.200889][T17640]  ? __might_fault+0xaf/0x130
[  461.200923][T17640]  ? __pfx_____sys_sendmsg+0x10/0x10
[  461.200963][T17640]  ? import_iovec+0x73/0xa0
[  461.200998][T17640]  ___sys_sendmsg+0x2a5/0x360
[  461.201025][T17640]  ? __lock_acquire+0x6b5/0x2cf0
[  461.201054][T17640]  ? __pfx____sys_sendmsg+0x10/0x10
[  461.201121][T17640]  ? __fget_files+0x2a/0x420
[  461.201154][T17640]  ? __fget_files+0x3a0/0x420
[  461.201205][T17640]  __x64_sys_sendmsg+0x1bd/0x2a0
[  461.201238][T17640]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  461.201279][T17640]  ? __pfx_ksys_write+0x10/0x10
[  461.201320][T17640]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.201345][T17640]  do_syscall_64+0x15f/0xf80
[  461.201372][T17640]  ? trace_irq_disable+0x3b/0x140
[  461.201405][T17640]  ? clear_bhb_loop+0x40/0x90
[  461.201433][T17640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.201455][T17640] RIP: 0033:0x7fa7e8d9cdd9
[  461.201477][T17640] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  461.201496][T17640] RSP: 002b:00007fa7e9bff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  461.201521][T17640] RAX: ffffffffffffffda RBX: 00007fa7e9016090 RCX: 00007fa7e8d9cdd9
[  461.201537][T17640] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003
[  461.201550][T17640] RBP: 00007fa7e9bff090 R08: 0000000000000000 R09: 0000000000000000
[  461.201564][T17640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  461.201577][T17640] R13: 00007fa7e9016128 R14: 00007fa7e9016090 R15: 00007fff65a170e8
[  461.201614][T17640]  </TASK>
[  461.608209][   T62] : left promiscuous mode
[  462.022364][   T62] tipc: Left network mode
[  462.249670][ T5633] Bluetooth: hci3: command tx timeout
[  462.384411][T17476] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.407467][T17476] bridge0: port 1(bridge_slave_0) entered disabled state
[  462.426583][T17476] bridge_slave_0: entered allmulticast mode
[  462.446141][T17476] bridge_slave_0: entered promiscuous mode
[  462.587197][T17476] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.600738][T17476] bridge0: port 2(bridge_slave_1) entered disabled state
[  462.610661][T17476] bridge_slave_1: entered allmulticast mode
[  462.630901][T17476] bridge_slave_1: entered promiscuous mode
[  462.783705][T17681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3221'.
[  462.945278][T17476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  462.979679][T17689] FAULT_INJECTION: forcing a failure.
[  462.979679][T17689] name failslab, interval 1, probability 0, space 0, times 0
[  462.992730][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1
[  463.001421][T17689] CPU: 0 UID: 0 PID: 17689 Comm: syz.1.3224 Not tainted syzkaller #0 PREEMPT(full) 
[  463.001452][T17689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  463.001467][T17689] Call Trace:
[  463.001475][T17689]  <TASK>
[  463.001485][T17689]  dump_stack_lvl+0xe8/0x150
[  463.001521][T17689]  should_fail_ex+0x412/0x560
[  463.001556][T17689]  should_failslab+0xa8/0x100
[  463.001589][T17689]  ? skb_clone+0x212/0x3a0
[  463.001618][T17689]  kmem_cache_alloc_noprof+0x87/0x650
[  463.001647][T17689]  ? __netlink_lookup+0xc6/0x8b0
[  463.001682][T17689]  skb_clone+0x212/0x3a0
[  463.001715][T17689]  __netlink_deliver_tap+0x404/0x850
[  463.001756][T17689]  ? netlink_deliver_tap+0x2e/0x1b0
[  463.001783][T17689]  netlink_deliver_tap+0x19c/0x1b0
[  463.001811][T17689]  netlink_unicast+0x730/0x8e0
[  463.001847][T17689]  netlink_sendmsg+0x813/0xb40
[  463.001884][T17689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  463.001926][T17689]  ? aa_sock_msg_perm+0xf1/0x1b0
[  463.001954][T17689]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  463.001986][T17689]  ____sys_sendmsg+0x972/0x9f0
[  463.002013][T17689]  ? __might_fault+0xaf/0x130
[  463.002047][T17689]  ? __pfx_____sys_sendmsg+0x10/0x10
[  463.002085][T17689]  ? import_iovec+0x73/0xa0
[  463.002118][T17689]  ___sys_sendmsg+0x2a5/0x360
[  463.002144][T17689]  ? __lock_acquire+0x6b5/0x2cf0
[  463.002172][T17689]  ? __pfx____sys_sendmsg+0x10/0x10
[  463.002237][T17689]  ? __fget_files+0x2a/0x420
[  463.002261][T17689]  ? __fget_files+0x3a0/0x420
[  463.002296][T17689]  __x64_sys_sendmsg+0x1bd/0x2a0
[  463.002327][T17689]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  463.002367][T17689]  ? __pfx_ksys_write+0x10/0x10
[  463.002406][T17689]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.002429][T17689]  do_syscall_64+0x15f/0xf80
[  463.002454][T17689]  ? clear_bhb_loop+0x40/0x90
[  463.002478][T17689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.002500][T17689] RIP: 0033:0x7f5ae3d9cdd9
[  463.002520][T17689] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  463.002539][T17689] RSP: 002b:00007f5ae1ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  463.002562][T17689] RAX: ffffffffffffffda RBX: 00007f5ae4015fa0 RCX: 00007f5ae3d9cdd9
[  463.002577][T17689] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003
[  463.002591][T17689] RBP: 00007f5ae1ff6090 R08: 0000000000000000 R09: 0000000000000000
[  463.002604][T17689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.002617][T17689] R13: 00007f5ae4016038 R14: 00007f5ae4015fa0 R15: 00007ffc6f4997c8
[  463.002650][T17689]  </TASK>
[  463.269148][T17476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  463.365829][T17689] netlink: 'syz.1.3224': attribute type 1 has an invalid length.
[  463.374698][T17689] netlink: 'syz.1.3224': attribute type 2 has an invalid length.
[  463.388805][T17689] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3224'.
[  463.511608][T17476] team0: Port device team_slave_0 added
[  463.520674][T17476] team0: Port device team_slave_1 added
[  463.639318][T17476] batman_adv: batadv0: Adding interface: batadv_slave_0
[  463.670133][T17476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  463.712738][T17476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  463.802972][T17476] batman_adv: batadv0: Adding interface: batadv_slave_1
[  463.824314][T17476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  463.827103][T17715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3231'.
[  463.884782][T17476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  463.907980][T17719] lo: Caught tx_queue_len zero misconfig
[  463.956756][T17715] ip6gre5: entered promiscuous mode
[  463.962808][T17715] ip6gre5: entered allmulticast mode
[  463.971430][T17722] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3233'.
[  464.328879][T17476] hsr_slave_0: entered promiscuous mode
[  464.338733][ T5633] Bluetooth: hci3: command tx timeout
[  464.365990][T17476] hsr_slave_1: entered promiscuous mode
[  464.522337][T17744] FAULT_INJECTION: forcing a failure.
[  464.522337][T17744] name failslab, interval 1, probability 0, space 0, times 0
[  464.562496][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  464.575214][T17744] CPU: 1 UID: 0 PID: 17744 Comm: syz.3.3237 Not tainted syzkaller #0 PREEMPT(full) 
[  464.575245][T17744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  464.575259][T17744] Call Trace:
[  464.575271][T17744]  <TASK>
[  464.575281][T17744]  dump_stack_lvl+0xe8/0x150
[  464.575312][T17744]  should_fail_ex+0x412/0x560
[  464.575346][T17744]  should_failslab+0xa8/0x100
[  464.575381][T17744]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  464.575411][T17744]  ? __alloc_skb+0x186/0x7d0
[  464.575435][T17744]  ? __alloc_skb+0x1d0/0x7d0
[  464.575457][T17744]  ? __local_bh_enable_ip+0xd0/0x130
[  464.575485][T17744]  __alloc_skb+0x1d0/0x7d0
[  464.575509][T17744]  ? netlink_ack_tlv_len+0x6c/0x210
[  464.575538][T17744]  netlink_ack+0x146/0xa50
[  464.575562][T17744]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  464.575589][T17744]  ? __lock_acquire+0x6b5/0x2cf0
[  464.575626][T17744]  netlink_rcv_skb+0x2b6/0x4b0
[  464.575654][T17744]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  464.575681][T17744]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  464.575729][T17744]  ? netlink_deliver_tap+0x2e/0x1b0
[  464.575755][T17744]  ? netlink_deliver_tap+0x2e/0x1b0
[  464.575788][T17744]  netlink_unicast+0x75c/0x8e0
[  464.575824][T17744]  netlink_sendmsg+0x813/0xb40
[  464.575862][T17744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  464.575893][T17744]  ? aa_sock_msg_perm+0xf1/0x1b0
[  464.575922][T17744]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  464.575956][T17744]  ____sys_sendmsg+0x972/0x9f0
[  464.575984][T17744]  ? __might_fault+0xaf/0x130
[  464.576019][T17744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  464.576057][T17744]  ? import_iovec+0x73/0xa0
[  464.576091][T17744]  ___sys_sendmsg+0x2a5/0x360
[  464.576118][T17744]  ? __lock_acquire+0x6b5/0x2cf0
[  464.576146][T17744]  ? __pfx____sys_sendmsg+0x10/0x10
[  464.576213][T17744]  ? __fget_files+0x2a/0x420
[  464.576237][T17744]  ? __fget_files+0x3a0/0x420
[  464.576274][T17744]  __x64_sys_sendmsg+0x1bd/0x2a0
[  464.576305][T17744]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  464.576345][T17744]  ? __pfx_ksys_write+0x10/0x10
[  464.576385][T17744]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.576408][T17744]  do_syscall_64+0x15f/0xf80
[  464.576433][T17744]  ? trace_irq_disable+0x3b/0x140
[  464.576465][T17744]  ? clear_bhb_loop+0x40/0x90
[  464.576491][T17744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.576513][T17744] RIP: 0033:0x7f847cd9cdd9
[  464.576533][T17744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  464.576551][T17744] RSP: 002b:00007f847dc64028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.576574][T17744] RAX: ffffffffffffffda RBX: 00007f847d016090 RCX: 00007f847cd9cdd9
[  464.576590][T17744] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003
[  464.576603][T17744] RBP: 00007f847dc64090 R08: 0000000000000000 R09: 0000000000000000
[  464.576617][T17744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.576629][T17744] R13: 00007f847d016128 R14: 00007f847d016090 R15: 00007ffff88f1008
[  464.576664][T17744]  </TASK>
[  464.919821][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  464.991539][T17747] block nbd0: server does not support multiple connections per device.
[  465.007085][T17747] block nbd0: shutting down sockets
[  465.213847][T17757] netlink: 'syz.3.3241': attribute type 1 has an invalid length.
[  465.358638][T17767] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3240'.
[  465.579631][   T62] team0 (unregistering): Port device team_slave_1 removed
[  465.602352][   T62] team0 (unregistering): Port device team_slave_0 removed
[  465.884529][T17757] bond8: entered promiscuous mode
[  465.890430][T17757] 8021q: adding VLAN 0 to HW filter on device bond8
[  465.944601][T17765] 8021q: adding VLAN 0 to HW filter on device bond8
[  465.961799][T17765] bond8: (slave ip6gre2): The slave device specified does not support setting the MAC address
[  465.975780][T17765] bond8: (slave ip6gre2): Setting fail_over_mac to active for active-backup mode
[  465.999220][T17765] bond8: (slave ip6gre2): making interface the new active one
[  466.012287][T17765] ip6gre2: entered promiscuous mode
[  466.023220][T17774] netlink: 'syz.0.3243': attribute type 1 has an invalid length.
[  466.035624][T17765] bond8: (slave ip6gre2): Enslaving as an active interface with an up link
[  466.056441][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2
[  466.171424][T17776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3244'.
[  466.720922][   T62] IPVS: stop unused estimator thread 0...
[  467.146534][T17812] ip6gretap0: entered promiscuous mode
[  467.170871][T17812] macsec1: entered promiscuous mode
[  467.182851][T17812] macsec1: entered allmulticast mode
[  467.202381][T17812] ip6gretap0: entered allmulticast mode
[  467.231732][T17812] ip6gretap0: left allmulticast mode
[  467.248562][T17812] ip6gretap0: left promiscuous mode
[  467.388484][T17829] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3257'.
[  467.566801][T17838] netlink: 'syz.3.3258': attribute type 1 has an invalid length.
[  467.688884][T17839] ref_ctr_offset mismatch. inode: 0x64 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xe
[  467.769357][    C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  467.889949][T17838] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3258'.
[  467.913218][T17845] 8021q: adding VLAN 0 to HW filter on device bond10
[  467.925957][T17845] bond9: (slave bond10): making interface the new active one
[  467.935562][T17845] bond9: (slave bond10): Enslaving as an active interface with an up link
[  467.990147][T17839] bond9: (slave gretap2): Enslaving as a backup interface with an up link
[  468.842776][T17872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3264'.
[  468.893663][T17476] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  468.933857][T17476] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  469.006158][T17476] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  469.050832][T17476] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  469.083877][T17880] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3264'.
[  469.120679][T17476] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  469.248869][T17476] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  469.284458][T17476] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  469.314412][T17476] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  469.346723][T17887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3268'.
[  469.863239][T17908] ip6gretap0: entered promiscuous mode
[  469.874235][T17908] macsec1: entered promiscuous mode
[  469.880760][T17908] macsec1: entered allmulticast mode
[  469.887185][T17908] ip6gretap0: entered allmulticast mode
[  469.901893][T17908] ip6gretap0: left allmulticast mode
[  469.907834][T17908] ip6gretap0: left promiscuous mode
[  470.111645][T17476] 8021q: adding VLAN 0 to HW filter on device bond0
[  470.135513][T17917] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3273'.
[  470.163783][T17917] netlink: 'syz.2.3273': attribute type 1 has an invalid length.
[  470.225666][T17476] 8021q: adding VLAN 0 to HW filter on device team0
[  470.256350][T15618] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.263726][T15618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  470.359769][T15618] bridge0: port 2(bridge_slave_1) entered blocking state
[  470.367082][T15618] bridge0: port 2(bridge_slave_1) entered forwarding state
[  470.893556][T17937] veth23: entered allmulticast mode
[  471.193100][T17952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3281'.
[  471.846536][T17980] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3286'.
[  471.879500][T17979] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3285'.
[  471.941616][T17982] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.3287'.
[  472.312140][T17476] 8021q: adding VLAN 0 to HW filter on device batadv0
[  473.009127][T18031] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[  473.018701][T18026] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  473.441411][T17476] veth0_vlan: entered promiscuous mode
[  473.517852][T17476] veth1_vlan: entered promiscuous mode
[  473.554043][T18047] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3297'.
[  474.415128][T17476] veth0_macvtap: entered promiscuous mode
[  474.545486][T17476] veth1_macvtap: entered promiscuous mode
[  474.627390][T17476] batman_adv: batadv0: Interface activated: batadv_slave_0
[  474.679011][T17476] batman_adv: batadv0: Interface activated: batadv_slave_1
[  474.744511][T15618] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  474.764455][T15618] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  474.796138][T18100] only policy match revision 0 supported
[  474.796209][T18100] unable to load match
[  474.822639][T18103] netlink: 'syz.1.3308': attribute type 8 has an invalid length.
[  474.833089][T15618] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  474.843169][T18103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3308'.
[  474.852849][T15618] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  474.865178][T18102] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3309'.
[  474.922987][T18103] veth1_to_team: entered promiscuous mode
[  474.950167][T18103] gretap0: entered promiscuous mode
[  474.965208][T18103] veth1_to_team: left promiscuous mode
[  474.987030][T18103] gretap0: left promiscuous mode
[  475.279137][T15618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  475.295272][T18120] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  475.299314][T15618] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  475.394096][T15621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  475.402946][T15621] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  475.425701][T18122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3315'.
[  475.464067][T18124] netlink: 'syz.3.3316': attribute type 1 has an invalid length.
[  475.472245][T18124] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3316'.
[  476.285614][ T5630] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  476.304654][ T5630] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  476.314323][ T5630] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  476.326933][ T5630] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  476.344126][ T5630] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  478.409181][ T5633] Bluetooth: hci1: command tx timeout
[  478.861900][T18165] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3326'.
[  478.935174][T18169] netlink: 'syz.1.3328': attribute type 1 has an invalid length.
[  478.944889][T18169] netlink: 'syz.1.3328': attribute type 2 has an invalid length.
[  478.953272][T18169] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3328'.
[  478.968818][T18170] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3327'.
[  479.007465][T18170] ªªªªª: renamed from virt_wifi0
[  479.030183][T18171] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3326'.
[  479.114784][T18179] netlink: 260 bytes leftover after parsing attributes in process `syz.0.3330'.
[  479.141586][T18179] xt_hashlimit: size too large, truncated to 1048576
[  479.533966][T18192] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3331'.
[  479.547301][T18192] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3331'.
[  480.017632][T18210] xt_hashlimit: size too large, truncated to 1048576
[  480.111673][T18219] netlink: 'syz.2.3336': attribute type 8 has an invalid length.
[  480.150054][T18219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3336'.
[  480.165801][T18154] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.187549][T18154] bridge0: port 1(bridge_slave_0) entered disabled state
[  480.207829][T18154] bridge_slave_0: entered allmulticast mode
[  480.223052][T18154] bridge_slave_0: entered promiscuous mode
[  480.294825][T18219] veth1_to_team: entered promiscuous mode
[  480.327140][T18219] gretap0: entered promiscuous mode
[  480.350720][T18219] hsr1: entered promiscuous mode
[  480.391576][T18217] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3338'.
[  480.432385][T18154] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.457107][T18154] bridge0: port 2(bridge_slave_1) entered disabled state
[  480.478499][T18154] bridge_slave_1: entered allmulticast mode
[  480.494616][T18154] bridge_slave_1: entered promiscuous mode
[  480.500952][ T5633] Bluetooth: hci1: command tx timeout
[  480.583752][T18154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  480.622982][T18154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.844748][T18154] team0: Port device team_slave_0 added
[  480.860954][T18236] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3342'.
[  480.877403][T18154] team0: Port device team_slave_1 added
[  480.964496][T18154] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.992507][T18154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  481.019408][T18154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.052721][T18154] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.083012][T18154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  481.157096][T18154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.323777][T18154] hsr_slave_0: entered promiscuous mode
[  481.335466][T18154] hsr_slave_1: entered promiscuous mode
[  481.343278][T18154] debugfs: 'hsr0' already exists in 'hsr'
[  481.349598][T18154] Cannot create hsr debugfs directory
[  481.903048][T18272] netlink: 'syz.4.3352': attribute type 1 has an invalid length.
[  481.983797][T18154] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.186617][T18154] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.203755][T18277] openvswitch: netlink: Tunnel attr 78 out of range max 16
[  482.274154][T18154] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.436637][T18154] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.579606][ T5633] Bluetooth: hci1: command tx timeout
[  482.793724][T18296] No such timeout policy "syz0"
[  483.982136][T18241] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  484.021839][T18154] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  484.076379][T18154] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  484.127211][T18154] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  484.180652][T18154] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  484.210968][T18154] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  484.235028][T18154] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  484.263702][T18306] __nla_validate_parse: 5 callbacks suppressed
[  484.263725][T18306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3359'.
[  484.293961][T18154] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  484.304843][T18308] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3361'.
[  484.321917][T18154] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  484.464436][T18315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3361'.
[  484.481689][T18311] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  484.514618][T18315] ip6tnl1: entered allmulticast mode
[  484.661219][ T5633] Bluetooth: hci1: command tx timeout
[  484.779016][T18327] netlink: 'syz.1.3366': attribute type 1 has an invalid length.
[  484.892380][T18154] 8021q: adding VLAN 0 to HW filter on device bond0
[  484.998056][T18154] 8021q: adding VLAN 0 to HW filter on device team0
[  485.014434][T18342] netlink: zone id is out of range
[  485.029763][T15618] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.037229][T15618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  485.048093][T18342] netlink: zone id is out of range
[  485.058848][T18342] netlink: zone id is out of range
[  485.064079][T18342] netlink: zone id is out of range
[  485.070943][T18342] netlink: zone id is out of range
[  485.078071][T18342] netlink: zone id is out of range
[  485.085662][T18342] netlink: zone id is out of range
[  485.100213][T15619] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.107545][T15619] bridge0: port 2(bridge_slave_1) entered forwarding state
[  485.109702][T18342] netlink: zone id is out of range
[  485.644841][T18378] netlink: 'syz.4.3374': attribute type 1 has an invalid length.
[  485.682966][T18378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3374'.
[  486.194472][T18391] syzkaller1: entered promiscuous mode
[  486.228918][T18391] syzkaller1: entered allmulticast mode
[  486.717413][T18154] 8021q: adding VLAN 0 to HW filter on device batadv0
[  486.859759][T18154] veth0_vlan: entered promiscuous mode
[  486.892089][T18154] veth1_vlan: entered promiscuous mode
[  487.024860][T18154] veth0_macvtap: entered promiscuous mode
[  487.077674][T18154] veth1_macvtap: entered promiscuous mode
[  487.146801][T18154] batman_adv: batadv0: Interface activated: batadv_slave_0
[  487.196372][T18154] batman_adv: batadv0: Interface activated: batadv_slave_1
[  487.257372][   T62] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  487.324140][   T62] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  487.363432][   T62] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  487.407132][   T62] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  487.460137][T18443] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3391'.
[  487.764411][T18446] pimreg: entered allmulticast mode
[  487.813834][T18456] macvlan2: entered promiscuous mode
[  487.826457][T18456] macvlan2: entered allmulticast mode
[  487.955468][T15620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.973725][T15620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.985147][T18446] pimreg: left allmulticast mode
[  488.145925][T18465] netlink: 'syz.2.3398': attribute type 1 has an invalid length.
[  488.156466][T18467] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3399'.
[  488.166793][T15620] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  488.176327][T15620] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  488.434689][T18477] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3401'.
[  488.482104][T18477] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3401'.
[  489.021472][T18485] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.256871][ T5630] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  489.284429][ T5630] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  489.294693][ T5630] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  489.303374][ T5630] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  489.314354][ T5630] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  489.491783][T18511] netlink: 'syz.2.3411': attribute type 1 has an invalid length.
[  489.512750][T18485] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.621842][T18513] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3411'.
[  489.655721][T18499] netlink: 204 bytes leftover after parsing attributes in process `syz.1.3408'.
[  489.679540][T18511] bond2: entered promiscuous mode
[  489.685080][T18511] 8021q: adding VLAN 0 to HW filter on device bond2
[  489.736562][T18513] bond2: left promiscuous mode
[  489.760022][T18513] bond2: entered allmulticast mode
[  489.833272][T18515] bond2: (slave bridge2): making interface the new active one
[  489.843596][T18515] bridge2: entered allmulticast mode
[  489.853665][T18515] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  489.896438][T18485] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.137898][T18485] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.169466][T18531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3414'.
[  490.606976][T18542] bond0: (slave bond_slave_1): Releasing backup interface
[  490.626341][T15614] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.714773][T15614] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.855895][T18552] netlink: 'syz.1.3419': attribute type 1 has an invalid length.
[  490.865924][T18552] net_ratelimit: 77 callbacks suppressed
[  490.865949][T18552] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  490.945857][   T62] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  491.047059][T15620] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  491.113942][T18561] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3422'.
[  491.202547][T18558] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3422'.
[  491.372228][ T5630] Bluetooth: hci4: command tx timeout
[  491.671351][T18583] syzkaller0: entered promiscuous mode
[  491.693733][T18583] syzkaller0: entered allmulticast mode
[  491.757879][T18585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3430'.
[  491.824530][T18583] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3431'.
[  492.269428][T18506] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.297241][T18506] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.340737][T18506] bridge_slave_0: entered allmulticast mode
[  492.362310][T18506] bridge_slave_0: entered promiscuous mode
[  492.371747][T18506] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.379166][T18506] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.386751][T18506] bridge_slave_1: entered allmulticast mode
[  492.395032][T18506] bridge_slave_1: entered promiscuous mode
[  492.528132][T18506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  492.594212][T18611] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3434'.
[  492.626775][T18506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  492.764727][T18634] netlink: 'syz.3.3439': attribute type 1 has an invalid length.
[  492.772911][T18634] netlink: 'syz.3.3439': attribute type 6 has an invalid length.
[  492.782791][T18634] netlink: 'syz.3.3439': attribute type 3 has an invalid length.
[  492.816942][T18506] team0: Port device team_slave_0 added
[  492.833574][T18506] team0: Port device team_slave_1 added
[  492.923777][T18506] batman_adv: batadv0: Adding interface: batadv_slave_0
[  492.934136][T18506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  492.992909][T18506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  493.022428][T18506] batman_adv: batadv0: Adding interface: batadv_slave_1
[  493.039365][T18506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  493.079746][T18506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  493.196297][T18506] hsr_slave_0: entered promiscuous mode
[  493.220020][T18506] hsr_slave_1: entered promiscuous mode
[  493.226488][T18506] debugfs: 'hsr0' already exists in 'hsr'
[  493.234340][T18506] Cannot create hsr debugfs directory
[  493.450538][ T5630] Bluetooth: hci4: command tx timeout
[  493.489629][ T5630] block nbd0: Receive control failed (result -32)
[  493.500051][ T5630] block nbd0: Receive control failed (result -32)
[  493.638917][T18649] openvswitch: netlink: Flow actions attr not present in new flow.
[  493.729413][T18646] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3442'.
[  493.758773][T18646] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3442'.
[  493.775080][T18646] tipc: Invalid UDP bearer configuration
[  493.775145][T18646] tipc: Enabling of bearer <udp:sy{±> rejected, failed to enable media
[  493.887723][T18506] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  494.034567][T18662] netlink: 'syz.4.3447': attribute type 1 has an invalid length.
[  494.060978][T18662] netlink: 'syz.4.3447': attribute type 1 has an invalid length.
[  494.143016][T18506] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  494.347399][T18506] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  494.518061][T18506] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  494.776317][T18697] __nla_validate_parse: 7 callbacks suppressed
[  494.776340][T18697] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3455'.
[  495.236519][T18704] tipc: Started in network mode
[  495.247992][T18704] tipc: Node identity 163435f1410a, cluster identity 4711
[  495.267417][T18704] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  495.354881][T18706] syzkaller0: entered promiscuous mode
[  495.376212][T18706] syzkaller0: entered allmulticast mode
[  495.443228][T18704] tipc: Resetting bearer <eth:syzkaller0>
[  495.488746][T18703] tipc: Resetting bearer <eth:syzkaller0>
[  495.528419][ T5630] Bluetooth: hci4: command tx timeout
[  495.566885][T18703] tipc: Disabling bearer <eth:syzkaller0>
[  495.606602][T18506] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  495.618172][T18506] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  495.627447][T18506] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  495.639809][T18506] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  495.656900][T18506] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  495.692366][T18506] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  495.709540][T18506] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  495.742879][T18506] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  495.807466][T18721] ip6gre1: entered promiscuous mode
[  495.832919][T18721] ip6gre1: entered allmulticast mode
[  495.991018][T18737] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  496.197264][T18745] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3465'.
[  496.311157][T18750] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3467'.
[  496.435936][T18506] 8021q: adding VLAN 0 to HW filter on device bond0
[  496.564327][T18754] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3468'.
[  496.605338][T18506] 8021q: adding VLAN 0 to HW filter on device team0
[  496.652498][T15614] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.659799][T15614] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.719291][T15614] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.726550][T15614] bridge0: port 2(bridge_slave_1) entered forwarding state
[  496.927723][T18765] tipc: Started in network mode
[  496.937188][T18765] tipc: Node identity 028606360b83, cluster identity 4711
[  496.956999][T18765] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  496.986139][T18765] syzkaller0: entered promiscuous mode
[  496.996392][T18765] syzkaller0: entered allmulticast mode
[  497.048080][T18765] tipc: Resetting bearer <eth:syzkaller0>
[  497.078872][T18764] tipc: Resetting bearer <eth:syzkaller0>
[  497.145704][T18764] tipc: Disabling bearer <eth:syzkaller0>
[  497.405082][T18788] FAULT_INJECTION: forcing a failure.
[  497.405082][T18788] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  497.427593][T18788] CPU: 1 UID: 0 PID: 18788 Comm: syz.2.3477 Not tainted syzkaller #0 PREEMPT(full) 
[  497.427624][T18788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  497.427638][T18788] Call Trace:
[  497.427646][T18788]  <TASK>
[  497.427655][T18788]  dump_stack_lvl+0xe8/0x150
[  497.427688][T18788]  should_fail_ex+0x412/0x560
[  497.427721][T18788]  _copy_from_user+0x2d/0xb0
[  497.427752][T18788]  btf_get_info_by_fd+0x112/0x680
[  497.427782][T18788]  ? __fget_files+0x2a/0x420
[  497.427808][T18788]  ? __pfx_btf_get_info_by_fd+0x10/0x10
[  497.427838][T18788]  ? __fget_files+0x2a/0x420
[  497.427873][T18788]  bpf_obj_get_info_by_fd+0xa73/0x32f0
[  497.427896][T18788]  ? __lock_acquire+0x6b5/0x2cf0
[  497.427923][T18788]  ? _parse_integer_limit+0x1ae/0x1f0
[  497.427956][T18788]  ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10
[  497.427982][T18788]  ? __lock_acquire+0x6b5/0x2cf0
[  497.428011][T18788]  ? get_pid_task+0x20/0x1f0
[  497.428045][T18788]  ? get_pid_task+0x20/0x1f0
[  497.428072][T18788]  ? get_pid_task+0x20/0x1f0
[  497.428096][T18788]  ? get_pid_task+0x20/0x1f0
[  497.428127][T18788]  ? __might_fault+0xaf/0x130
[  497.428155][T18788]  ? __might_fault+0xaf/0x130
[  497.428200][T18788]  ? bpf_lsm_bpf+0x9/0x20
[  497.428223][T18788]  ? security_bpf+0x7e/0x2d0
[  497.428250][T18788]  __sys_bpf+0x66e/0x950
[  497.428284][T18788]  ? __pfx___sys_bpf+0x10/0x10
[  497.428332][T18788]  ? ksys_write+0x242/0x270
[  497.428375][T18788]  ? __pfx_ksys_write+0x10/0x10
[  497.428410][T18788]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.428433][T18788]  __x64_sys_bpf+0x7c/0x90
[  497.428464][T18788]  do_syscall_64+0x15f/0xf80
[  497.428488][T18788]  ? trace_irq_disable+0x3b/0x140
[  497.428518][T18788]  ? clear_bhb_loop+0x40/0x90
[  497.428544][T18788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.428565][T18788] RIP: 0033:0x7f048d19cdd9
[  497.428585][T18788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  497.428604][T18788] RSP: 002b:00007f048dffa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  497.428628][T18788] RAX: ffffffffffffffda RBX: 00007f048d415fa0 RCX: 00007f048d19cdd9
[  497.428643][T18788] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 000000000000000f
[  497.428657][T18788] RBP: 00007f048dffa090 R08: 0000000000000000 R09: 0000000000000000
[  497.428669][T18788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  497.428681][T18788] R13: 00007f048d416038 R14: 00007f048d415fa0 R15: 00007ffcd09d2a18
[  497.428715][T18788]  </TASK>
[  497.703815][ T5630] Bluetooth: hci4: command tx timeout
[  498.093642][T18793] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  498.588407][T18825] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  498.622774][T18825] syzkaller0: entered promiscuous mode
[  498.684690][T18825] syzkaller0: entered allmulticast mode
[  498.696387][T18832] FAULT_INJECTION: forcing a failure.
[  498.696387][T18832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  498.744112][T18832] CPU: 0 UID: 0 PID: 18832 Comm: syz.1.3488 Not tainted syzkaller #0 PREEMPT(full) 
[  498.744140][T18832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  498.744152][T18832] Call Trace:
[  498.744190][T18832]  <TASK>
[  498.744198][T18832]  dump_stack_lvl+0xe8/0x150
[  498.744226][T18832]  should_fail_ex+0x412/0x560
[  498.744256][T18832]  _copy_to_user+0x31/0xb0
[  498.744294][T18832]  btf_get_info_by_fd+0x1dd/0x680
[  498.744323][T18832]  ? __fget_files+0x2a/0x420
[  498.744347][T18832]  ? __pfx_btf_get_info_by_fd+0x10/0x10
[  498.744373][T18832]  ? __fget_files+0x2a/0x420
[  498.744404][T18832]  bpf_obj_get_info_by_fd+0xa73/0x32f0
[  498.744424][T18832]  ? __lock_acquire+0x6b5/0x2cf0
[  498.744448][T18832]  ? _parse_integer_limit+0x1ae/0x1f0
[  498.744476][T18832]  ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10
[  498.744499][T18832]  ? __lock_acquire+0x6b5/0x2cf0
[  498.744526][T18832]  ? get_pid_task+0x20/0x1f0
[  498.744557][T18832]  ? get_pid_task+0x20/0x1f0
[  498.744579][T18832]  ? get_pid_task+0x20/0x1f0
[  498.744601][T18832]  ? get_pid_task+0x20/0x1f0
[  498.744628][T18832]  ? __might_fault+0xaf/0x130
[  498.744654][T18832]  ? __might_fault+0xaf/0x130
[  498.744692][T18832]  ? bpf_lsm_bpf+0x9/0x20
[  498.744708][T18832]  ? security_bpf+0x7e/0x2d0
[  498.744732][T18832]  __sys_bpf+0x66e/0x950
[  498.744763][T18832]  ? __pfx___sys_bpf+0x10/0x10
[  498.744807][T18832]  ? ksys_write+0x242/0x270
[  498.744836][T18832]  ? __pfx_ksys_write+0x10/0x10
[  498.744867][T18832]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.744888][T18832]  __x64_sys_bpf+0x7c/0x90
[  498.744916][T18832]  do_syscall_64+0x15f/0xf80
[  498.744937][T18832]  ? trace_irq_disable+0x3b/0x140
[  498.744966][T18832]  ? clear_bhb_loop+0x40/0x90
[  498.744989][T18832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.745008][T18832] RIP: 0033:0x7f5ae3d9cdd9
[  498.745027][T18832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  498.745043][T18832] RSP: 002b:00007f5ae1ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  498.745064][T18832] RAX: ffffffffffffffda RBX: 00007f5ae4015fa0 RCX: 00007f5ae3d9cdd9
[  498.745077][T18832] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 000000000000000f
[  498.745089][T18832] RBP: 00007f5ae1ff6090 R08: 0000000000000000 R09: 0000000000000000
[  498.745101][T18832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  498.745112][T18832] R13: 00007f5ae4016038 R14: 00007f5ae4015fa0 R15: 00007ffc6f4997c8
[  498.745142][T18832]  </TASK>
[  499.065379][T18825] tipc: Resetting bearer <eth:syzkaller0>
[  499.087929][T18823] tipc: Resetting bearer <eth:syzkaller0>
[  499.193984][T18823] tipc: Disabling bearer <eth:syzkaller0>
[  499.553393][T18506] 8021q: adding VLAN 0 to HW filter on device batadv0
[  499.858579][T18506] veth0_vlan: entered promiscuous mode
[  499.909935][T18506] veth1_vlan: entered promiscuous mode
[  500.030822][T18506] veth0_macvtap: entered promiscuous mode
[  500.047232][T18506] veth1_macvtap: entered promiscuous mode
[  500.103988][T18506] batman_adv: batadv0: Interface activated: batadv_slave_0
[  500.156607][T18506] batman_adv: batadv0: Interface activated: batadv_slave_1
[  500.198914][T15618] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  500.221373][T15618] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  500.243681][T18869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3499'.
[  500.257450][T15618] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  500.276601][T18875] FAULT_INJECTION: forcing a failure.
[  500.276601][T18875] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  500.309851][T18875] CPU: 1 UID: 0 PID: 18875 Comm: syz.1.3501 Not tainted syzkaller #0 PREEMPT(full) 
[  500.309883][T18875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  500.309897][T18875] Call Trace:
[  500.309906][T18875]  <TASK>
[  500.309916][T18875]  dump_stack_lvl+0xe8/0x150
[  500.309948][T18875]  should_fail_ex+0x412/0x560
[  500.309983][T18875]  prepare_alloc_pages+0x22a/0x650
[  500.310025][T18875]  __alloc_frozen_pages_noprof+0x12f/0x380
[  500.310064][T18875]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  500.310111][T18875]  ? __pfx_policy_nodemask+0x10/0x10
[  500.310144][T18875]  ? unwind_next_frame+0xa6/0x2550
[  500.310180][T18875]  alloc_pages_mpol+0x235/0x490
[  500.310218][T18875]  folio_alloc_mpol_noprof+0x39/0x160
[  500.310251][T18875]  shmem_alloc_and_add_folio+0x442/0xf80
[  500.310281][T18875]  ? filemap_get_entry+0xcd/0x3f0
[  500.310320][T18875]  ? __pfx_filemap_get_entry+0x10/0x10
[  500.310349][T18875]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  500.310380][T18875]  ? shmem_allowable_huge_orders+0x5ec/0x690
[  500.310415][T18875]  shmem_get_folio_gfp+0x5a9/0x1670
[  500.310461][T18875]  shmem_fault+0x179/0x390
[  500.310498][T18875]  __do_fault+0x138/0x2a0
[  500.310532][T18875]  do_pte_missing+0x601/0x33f0
[  500.310572][T18875]  ? handle_mm_fault+0xee/0x3170
[  500.310601][T18875]  handle_mm_fault+0x1bd7/0x3170
[  500.310641][T18875]  ? handle_mm_fault+0xee/0x3170
[  500.310672][T18875]  ? __pfx_handle_mm_fault+0x10/0x10
[  500.310717][T18875]  ? lock_mm_and_find_vma+0xa7/0x340
[  500.310750][T18875]  do_user_addr_fault+0x75b/0x1340
[  500.310788][T18875]  exc_page_fault+0x6a/0xc0
[  500.310811][T18875]  asm_exc_page_fault+0x26/0x30
[  500.310830][T18875] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  500.310864][T18875] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  500.310881][T18875] RSP: 0018:ffffc900040878a8 EFLAGS: 00050206
[  500.310901][T18875] RAX: ffffffff84b1fa01 RBX: 0000000000000052 RCX: 0000000000000052
[  500.310915][T18875] RDX: 0000000000000000 RSI: ffff888022e86780 RDI: 0000200000002700
[  500.310929][T18875] RBP: ffffc900040879d0 R08: 0000000000000001 R09: 0000000000000002
[  500.310942][T18875] R10: dffffc0000000000 R11: ffffed10045d0cfa R12: 0000200000002752
[  500.310957][T18875] R13: 00007ffffffff000 R14: ffff888022e86780 R15: 0000200000002700
[  500.310980][T18875]  ? _copy_from_user+0x91/0xb0
[  500.311019][T18875]  _copy_to_user+0x8a/0xb0
[  500.311051][T18875]  btf_get_info_by_fd+0x1dd/0x680
[  500.311090][T18875]  ? __fget_files+0x2a/0x420
[  500.311116][T18875]  ? __pfx_btf_get_info_by_fd+0x10/0x10
[  500.311146][T18875]  ? __fget_files+0x2a/0x420
[  500.311180][T18875]  bpf_obj_get_info_by_fd+0xa73/0x32f0
[  500.311202][T18875]  ? __lock_acquire+0x6b5/0x2cf0
[  500.311229][T18875]  ? _parse_integer_limit+0x1ae/0x1f0
[  500.311260][T18875]  ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10
[  500.311286][T18875]  ? __lock_acquire+0x6b5/0x2cf0
[  500.311313][T18875]  ? get_pid_task+0x20/0x1f0
[  500.311511][T18875]  ? get_pid_task+0x20/0x1f0
[  500.311538][T18875]  ? get_pid_task+0x20/0x1f0
[  500.311561][T18875]  ? get_pid_task+0x20/0x1f0
[  500.311591][T18875]  ? __might_fault+0xaf/0x130
[  500.311619][T18875]  ? __might_fault+0xaf/0x130
[  500.311662][T18875]  ? bpf_lsm_bpf+0x9/0x20
[  500.311681][T18875]  ? security_bpf+0x7e/0x2d0
[  500.311708][T18875]  __sys_bpf+0x66e/0x950
[  500.311743][T18875]  ? __pfx___sys_bpf+0x10/0x10
[  500.311790][T18875]  ? ksys_write+0x242/0x270
[  500.311822][T18875]  ? __pfx_ksys_write+0x10/0x10
[  500.311854][T18875]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.311875][T18875]  __x64_sys_bpf+0x7c/0x90
[  500.311903][T18875]  do_syscall_64+0x15f/0xf80
[  500.311918][T15618] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  500.311928][T18875]  ? trace_irq_disable+0x3b/0x140
[  500.311960][T18875]  ? clear_bhb_loop+0x40/0x90
[  500.312032][T18875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.312108][T18875] RIP: 0033:0x7f5ae3d9cdd9
[  500.312313][T18875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  500.312397][T18875] RSP: 002b:00007f5ae1ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  500.312458][T18875] RAX: ffffffffffffffda RBX: 00007f5ae4015fa0 RCX: 00007f5ae3d9cdd9
[  500.312510][T18875] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 000000000000000f
[  500.312559][T18875] RBP: 00007f5ae1ff6090 R08: 0000000000000000 R09: 0000000000000000
[  500.312594][T18875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.312627][T18875] R13: 00007f5ae4016038 R14: 00007f5ae4015fa0 R15: 00007ffc6f4997c8
[  500.312754][T18875]  </TASK>
[  501.035382][T18885] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3502'.
[  501.166792][T15622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.183439][T15622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.316412][T15620] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.337201][T18893] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.3506'.
[  501.348022][T15620] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.682785][T18903] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3409'.
[  501.694297][ T1314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  501.694825][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  501.743564][T18902] gretap0: entered promiscuous mode
[  501.773759][T18902] macsec1: entered promiscuous mode
[  501.796281][T18902] macsec1: entered allmulticast mode
[  501.810279][T18902] gretap0: entered allmulticast mode
[  501.849613][T18902] batman_adv: batadv0: Adding interface: macsec1
[  501.856264][T18902] batman_adv: batadv0: The MTU of interface macsec1 is too small (1430) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  501.895858][T18902] batman_adv: batadv0: Interface activated: macsec1
[  502.246190][T18919] netlink: 'syz.1.3513': attribute type 2 has an invalid length.
[  502.273552][T18919] netlink: 'syz.1.3513': attribute type 2 has an invalid length.
[  502.694758][T18935] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  502.744700][ T5837] IPVS: starting estimator thread 0...
[  502.848988][T18936] IPVS: using max 27 ests per chain, 64800 per kthread
[  502.897348][T18943] netlink: 11562 bytes leftover after parsing attributes in process `syz.1.3520'.
[  502.935335][T18943] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3520'.
[  503.471741][T18958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3525'.
[  503.498521][T18958] netlink: 348 bytes leftover after parsing attributes in process `syz.3.3525'.
[  503.512611][T18958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3525'.
[  503.539649][T18958] netlink: 348 bytes leftover after parsing attributes in process `syz.3.3525'.
[  504.415367][T18994] netlink: 'syz.3.3536': attribute type 3 has an invalid length.
[  504.997913][T19022] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  505.124199][T19028] syzkaller0: entered promiscuous mode
[  505.161787][T19028] syzkaller0: entered allmulticast mode
[  505.226440][   T30] audit: type=1800 audit(1777840654.027:6): pid=19031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3544" name="memory.events" dev="tmpfs" ino=209 res=0 errno=0
[  505.312929][   T30] audit: type=1804 audit(1777840654.077:7): pid=19031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3544" name="/newroot/37/memory.events" dev="tmpfs" ino=209 res=1 errno=0
[  505.630536][T19042] netlink: 'syz.1.3548': attribute type 1 has an invalid length.
[  505.694564][T19046] netlink: 'syz.2.3549': attribute type 10 has an invalid length.
[  507.115505][T19055] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[  507.317672][T19066] bridge0: port 2(bridge_slave_1) entered disabled state
[  507.328990][T19066] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.414118][T19071] netlink: 'syz.0.3557': attribute type 62 has an invalid length.
[  507.452163][T19065] dummy0: mtu less than device minimum
[  507.507866][T19075] __nla_validate_parse: 2 callbacks suppressed
[  507.507888][T19075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3556'.
[  507.738876][T19085] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3560'.
[  507.933704][T19094] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  507.959741][T19091] IPVS: Scheduler module ip_vs_sip not found
[  508.676096][T19115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3569'.
[  508.820329][T19125] netlink: 'syz.1.3571': attribute type 1 has an invalid length.
[  508.923084][T19124] bond1: Removing last ns target with arp_interval on
[  508.923682][T19129] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3571'.
[  509.095283][T19140] netlink: 596 bytes leftover after parsing attributes in process `syz.1.3571'.
[  509.131928][T19142] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  509.188440][T19142] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  509.207949][T19125] bond1: entered promiscuous mode
[  509.217552][T19125] 8021q: adding VLAN 0 to HW filter on device bond1
[  509.342174][T19135] bond1: (slave bridge3): making interface the new active one
[  509.377276][T19135] bridge3: entered promiscuous mode
[  509.389831][T19135] bond1: (slave bridge3): Enslaving as an active interface with an up link
[  509.431547][T19129] bond1: left promiscuous mode
[  509.442129][T19129] bridge3: left promiscuous mode
[  509.461202][T19129] bond1: entered allmulticast mode
[  509.469029][T19129] bridge3: entered allmulticast mode
[  509.476626][T19128] syzkaller1: entered promiscuous mode
[  509.484004][T19128] syzkaller1: entered allmulticast mode
[  509.856855][T19163] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  509.881224][ T3323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.913208][ T3323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  510.775406][T19205] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3589'.
[  510.850555][T19207] tipc: Started in network mode
[  510.862562][T19207] tipc: Node identity da7084ed51e8, cluster identity 4711
[  510.880102][T19207] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  510.892865][T19207] syzkaller0: entered promiscuous mode
[  510.908111][T19207] syzkaller0: entered allmulticast mode
[  510.942290][T19210] netlink: 'syz.4.3591': attribute type 1 has an invalid length.
[  510.952332][T19207] tipc: Resetting bearer <eth:syzkaller0>
[  510.972757][T19210] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3591'.
[  510.990447][T19206] tipc: Resetting bearer <eth:syzkaller0>
[  511.031317][T19206] tipc: Disabling bearer <eth:syzkaller0>
[  511.220122][T19218] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  511.247710][T19218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3592'.
[  511.285626][T19218] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3592'.
[  511.327917][T19225] pim6reg1: entered promiscuous mode
[  511.347369][T19225] pim6reg1: entered allmulticast mode
[  511.369543][T19228] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3597'.
[  511.452455][T19220] syzkaller1: entered promiscuous mode
[  511.465358][T19220] syzkaller1: entered allmulticast mode
[  511.494290][T19222] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  511.505027][T19220] syzkaller0: entered promiscuous mode
[  511.519155][T19222] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  511.532364][T19220] syzkaller0: entered allmulticast mode
[  511.558507][T19222] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  511.864223][T19244] netlink: 'syz.3.3602': attribute type 8 has an invalid length.
[  511.906126][T19244] veth1_to_team: entered promiscuous mode
[  511.947417][T19244] veth1_to_team: left promiscuous mode
[  512.016316][T19245] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  512.108897][T19245] batman_adv: batadv0: Removing interface: batadv_slave_0
[  512.210444][T19248] sit0: entered promiscuous mode
[  512.302666][T19263] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  512.362456][T19263] syzkaller0: entered promiscuous mode
[  512.389192][T19263] syzkaller0: entered allmulticast mode
[  512.572128][T19265] : entered promiscuous mode
[  512.604397][T19273] tipc: Resetting bearer <eth:syzkaller0>
[  512.641273][T19262] tipc: Resetting bearer <eth:syzkaller0>
[  512.682997][T19262] tipc: Disabling bearer <eth:syzkaller0>
[  513.334224][T19302] pimreg: tun_chr_ioctl cmd 1074025677
[  513.342707][T19302] pimreg: linktype set to 823
[  513.447199][T19311] netlink: 'syz.2.3616': attribute type 1 has an invalid length.
[  513.500009][T19311] __nla_validate_parse: 6 callbacks suppressed
[  513.500034][T19311] netlink: 280 bytes leftover after parsing attributes in process `syz.2.3616'.
[  513.649995][T19314] block nbd1: NBD_DISCONNECT
[  513.659492][T19314] block nbd1: Send disconnect failed -32
[  513.730047][T19320] tipc: Started in network mode
[  513.747216][T19320] tipc: Node identity 7212fd053cb1, cluster identity 4711
[  513.760276][T19320] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  513.796231][T19324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3623'.
[  513.823994][T15620] macvlan5: left allmulticast mode
[  513.834208][T15620] ip6gretap0: left allmulticast mode
[  513.843479][T15620] macvlan5: left promiscuous mode
[  513.851739][T19326] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3623'.
[  513.854209][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  513.865892][T15620] bridge0: port 1(macvlan5) entered disabled state
[  513.892538][T15620] bridge_slave_1: left allmulticast mode
[  513.901628][T15620] bridge_slave_1: left promiscuous mode
[  513.917283][T15620] bridge0: port 2(bridge_slave_1) entered disabled state
[  513.937569][T19329] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3623'.
[  514.097456][T19337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3625'.
[  514.874797][T15620] bond1 (unregistering): (slave veth3): Releasing backup interface
[  514.883330][T15620] veth3: left promiscuous mode
[  514.893826][T15620] bond1 (unregistering): Released all slaves
[  514.914234][T15620] bond2 (unregistering): Released all slaves
[  514.931076][T15620] team0: Port device bond3 removed
[  514.937461][T15620] bond3 (unregistering): Released all slaves
[  514.964211][T15620] bond4 (unregistering): Released all slaves
[  514.985444][T15620] bond0 (unregistering): Released all slaves
[  515.007068][T15620] bond5 (unregistering): Released all slaves
[  515.026631][T15620] bond6 (unregistering): Released all slaves
[  515.059162][T15620] bond7 (unregistering): Released all slaves
[  515.078495][T15620] bond8 (unregistering): Released all slaves
[  515.102353][T19320] syzkaller0: entered promiscuous mode
[  515.108461][T19320] syzkaller0: entered allmulticast mode
[  515.170411][T19335] tipc: Resetting bearer <eth:syzkaller0>
[  515.274252][T19319] tipc: Resetting bearer <eth:syzkaller0>
[  515.379065][T19351] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3628'.
[  515.408698][T19351] netlink: 'syz.4.3628': attribute type 12 has an invalid length.
[  515.410806][T19319] tipc: Disabling bearer <eth:syzkaller0>
[  515.481738][ T5750] tipc: Node number set to 1319369989
[  515.537100][T15619] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  515.537116][T19351] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3628'.
[  515.537159][T19351] netlink: 'syz.4.3628': attribute type 12 has an invalid length.
[  515.566531][T15620] : left promiscuous mode
[  515.686423][T19354] tipc: Cannot configure node identity twice
[  515.716007][T15619] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  515.776710][T15622] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  515.825270][T15620] tipc: Left network mode
[  515.827012][T15619] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  515.985391][T19362] netlink: 'syz.2.3632': attribute type 58 has an invalid length.
[  516.036069][T19371] netlink: 'syz.4.3634': attribute type 1 has an invalid length.
[  516.047538][T19362] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3632'.
[  516.070627][T19372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3633'.
[  516.188305][T19376] bond1: (slave macvlan1): making interface the new active one
[  516.204835][T19376] bond1: (slave macvlan1): Enslaving as an active interface with an up link
[  516.254099][T19371] bond1 (unregistering): (slave macvlan1): Releasing active interface
[  516.279989][T19371] bond1 (unregistering): Released all slaves
[  516.610792][T15620] batman_adv: batadv0: Removing interface: macvtap1
[  516.978979][T19399] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3639'.
[  517.210498][T15620] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.237791][T15620] batman_adv: batadv0: Removing interface: batadv_slave_1
[  517.268093][T15620] batman_adv: batadv0: Removing interface: veth9
[  518.443223][T15620] team0 (unregistering): Port device team_slave_1 removed
[  518.471499][T15620] team0 (unregistering): Port device team_slave_0 removed
[  518.645544][T19410] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  518.655595][T19414] syzkaller0: entered promiscuous mode
[  518.661862][T19414] syzkaller0: entered allmulticast mode
[  518.760516][T19439] bond2: entered promiscuous mode
[  518.766164][T19439] 8021q: adding VLAN 0 to HW filter on device bond2
[  518.774718][T19439] bridge0: port 3(bond2) entered blocking state
[  518.782253][T19439] bridge0: port 3(bond2) entered disabled state
[  518.788981][T19439] bond2: entered allmulticast mode
[  518.797811][T19439] bridge0: port 3(bond2) entered blocking state
[  518.804241][T19439] bridge0: port 3(bond2) entered forwarding state
[  518.831559][T19414] tipc: Resetting bearer <eth:syzkaller0>
[  518.880801][T19414] tipc: Disabling bearer <eth:syzkaller0>
[  519.602991][T15620] IPVS: stop unused estimator thread 0...
[  519.715062][T15617] bridge0: port 3(bond2) entered disabled state
[  520.090310][T19490] bond0: (slave wlan0): Error: Device can not be enslaved while up
[  520.104681][T19481] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  520.117946][T19489] netlink: 'syz.1.3659': attribute type 21 has an invalid length.
[  520.178711][T19489] netlink: 'syz.1.3659': attribute type 22 has an invalid length.
[  520.202662][T19489] netlink: 'syz.1.3659': attribute type 23 has an invalid length.
[  520.219796][T19491] syzkaller1: entered promiscuous mode
[  520.229841][T19489] netlink: 'syz.1.3659': attribute type 25 has an invalid length.
[  520.236749][T19491] syzkaller1: entered allmulticast mode
[  520.284691][T19489] netlink: 'syz.1.3659': attribute type 26 has an invalid length.
[  520.316532][T19489] __nla_validate_parse: 1 callbacks suppressed
[  520.316552][T19489] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3659'.
[  520.671268][T19520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3667'.
[  520.726505][T19526] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3668'.
[  520.750087][T19520] sit0: left promiscuous mode
[  520.931317][T19538] netlink: 'syz.0.3670': attribute type 1 has an invalid length.
[  520.949153][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  521.033109][T19520] macsec1: left promiscuous mode
[  521.043454][T19520] macsec1: left allmulticast mode
[  521.060325][T19547] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  521.078922][T19520] gretap0: left allmulticast mode
[  521.292151][T19538] 8021q: adding VLAN 0 to HW filter on device bond3
[  522.001565][T15614] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  522.017389][T15614] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  522.025816][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  522.032226][T16037] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  522.057763][T16037] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  522.226467][T19590] netlink: 'syz.0.3679': attribute type 1 has an invalid length.
[  522.273845][T16037] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  522.337510][T19592] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3680'.
[  522.793939][T19611] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3686'.
[  523.066795][T19621] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3688'.
[  523.555048][T19632] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3689'.
[  523.684385][T19635] netlink: 'syz.4.3691': attribute type 1 has an invalid length.
[  523.769862][T19635] bond1: entered promiscuous mode
[  523.785657][T19635] 8021q: adding VLAN 0 to HW filter on device bond1
[  524.176634][T19637] 8021q: adding VLAN 0 to HW filter on device bond1
[  524.224123][T19648] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3693'.
[  524.234521][T19637] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  524.265191][T19649] netlink: 280 bytes leftover after parsing attributes in process `syz.1.3693'.
[  524.319746][T19637] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  524.478716][T19637] bond1: (slave wireguard0): making interface the new active one
[  524.529194][T19637] wireguard0: entered promiscuous mode
[  524.547055][T19637] bond1: (slave wireguard0): Enslaving as an active interface with an up link
[  524.563061][T19635] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  525.352610][T19669] netlink: 'syz.3.3697': attribute type 8 has an invalid length.
[  525.562125][T19692] netlink: 'syz.0.3702': attribute type 1 has an invalid length.
[  525.652385][T19694] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3702'.
[  525.763707][T17403] IPVS: starting estimator thread 0...
[  525.767322][T19699] netlink: 596 bytes leftover after parsing attributes in process `syz.0.3702'.
[  525.772424][T19692] bond4: entered promiscuous mode
[  525.818798][T19692] 8021q: adding VLAN 0 to HW filter on device bond4
[  525.856265][T19701] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3704'.
[  525.868806][T19694] bond4: left promiscuous mode
[  525.882332][T19694] bond4: entered allmulticast mode
[  525.900193][T19698] IPVS: using max 26 ests per chain, 62400 per kthread
[  525.912545][T19704] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3704'.
[  525.928480][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  525.997399][T19697] bond4: (slave bridge1): making interface the new active one
[  526.054795][T19697] bridge1: entered allmulticast mode
[  526.066810][T19697] bond4: (slave bridge1): Enslaving as an active interface with an up link
[  526.385481][T19726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3710'.
[  526.403231][T19727] xt_cluster: you have exceeded the maximum number of cluster nodes (524288 > 32)
[  526.440828][T19727] netlink: 276 bytes leftover after parsing attributes in process `syz.1.3709'.
[  526.467539][T19730] xt_cluster: you have exceeded the maximum number of cluster nodes (524288 > 32)
[  526.496156][T19727] netlink: 276 bytes leftover after parsing attributes in process `syz.1.3709'.
[  527.015903][T19757] netlink: 'syz.0.3718': attribute type 1 has an invalid length.
[  527.054797][T19757] bond5: entered promiscuous mode
[  527.062982][T19757] 8021q: adding VLAN 0 to HW filter on device bond5
[  527.105507][T19757] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3718'.
[  527.200255][T19759] bond5: (slave bridge2): making interface the new active one
[  527.226468][T19759] bridge2: entered promiscuous mode
[  527.245956][T19764] netlink: 596 bytes leftover after parsing attributes in process `syz.0.3718'.
[  527.277036][T19759] bond5: (slave bridge2): Enslaving as an active interface with an up link
[  527.304573][T19757] bond5: left promiscuous mode
[  527.309911][T19757] bridge2: left promiscuous mode
[  527.315284][T19757] bond5: entered allmulticast mode
[  527.322488][T19757] bridge2: entered allmulticast mode
[  527.334961][T19766] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3720'.
[  527.380309][T19770] netlink: 'syz.2.3721': attribute type 1 has an invalid length.
[  527.516096][T19770] 8021q: adding VLAN 0 to HW filter on device bond3
[  528.191491][T19800] SET target dimension over the limit!
[  528.446309][T19811] ipip0: entered promiscuous mode
[  528.466731][T19813] netlink: 'syz.4.3732': attribute type 1 has an invalid length.
[  528.485508][T19811] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ipip0
[  528.521449][T19811] gretap1: entered promiscuous mode
[  528.526980][T19811] gretap1: entered allmulticast mode
[  528.645465][T19813] bond2: entered promiscuous mode
[  528.651227][T19813] 8021q: adding VLAN 0 to HW filter on device bond2
[  528.664918][T19816] bond2: left promiscuous mode
[  528.685232][T19816] bond2: entered allmulticast mode
[  528.744358][T19817] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  528.835308][T19813] bond2: (slave bridge1): making interface the new active one
[  528.846642][T19813] bridge1: entered allmulticast mode
[  528.853351][T19813] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  528.998675][T19837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.842911][T19870] xt_HMARK: spi-set and port-set can't be combined
[  529.989764][T19878] netlink: 'syz.1.3750': attribute type 1 has an invalid length.
[  530.053428][T19878] bond2: entered promiscuous mode
[  530.059293][T19878] 8021q: adding VLAN 0 to HW filter on device bond2
[  530.113669][T19878] bond2: left promiscuous mode
[  530.129240][T19878] bond2: entered allmulticast mode
[  530.230278][T19878] bond2: (slave bridge4): making interface the new active one
[  530.260523][T19878] bridge4: entered allmulticast mode
[  530.286575][T19878] bond2: (slave bridge4): Enslaving as an active interface with an up link
[  530.662059][T19908] netlink: 'syz.3.3758': attribute type 4 has an invalid length.
[  530.703484][T19908] netlink: 'syz.3.3758': attribute type 4 has an invalid length.
[  530.760213][T19910] dummy0 speed is unknown, defaulting to 1000
[  530.787658][T19910] dummy0 speed is unknown, defaulting to 1000
[  530.816683][T19910] dummy0 speed is unknown, defaulting to 1000
[  530.876007][T19913] can: request_module (can-proto-0) failed.
[  531.296956][T19910] infiniband syz1: set active
[  531.302038][ T5635] dummy0 speed is unknown, defaulting to 1000
[  531.324952][T19910] infiniband syz1: added dummy0
[  531.377035][T19933] netlink: 'syz.2.3766': attribute type 1 has an invalid length.
[  531.447730][T19910] smbdirect: ib_dev[syz1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  531.471350][T19939] __nla_validate_parse: 29 callbacks suppressed
[  531.471372][T19939] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3766'.
[  531.508759][T19910] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  531.546344][T19933] bond4: entered promiscuous mode
[  531.555916][T19910] smbdirect: ib_dev[syz1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  531.566607][T19933] 8021q: adding VLAN 0 to HW filter on device bond4
[  531.633781][T19910] RDS/IB: syz1: added
[  531.638005][T19910] smc: adding ib device syz1 with port count 1
[  531.645876][T19910] smc:    ib device syz1 port 1 has pnetid SYZ0 (user defined)
[  531.694904][T19941] bond4: (slave bridge4): making interface the new active one
[  531.710206][T19941] bridge4: entered promiscuous mode
[  531.717299][T19941] bond4: (slave bridge4): Enslaving as an active interface with an up link
[  531.739625][T19939] bond4: left promiscuous mode
[  531.744661][T19939] bridge4: left promiscuous mode
[  531.751162][T19939] bond4: entered allmulticast mode
[  531.756610][T19939] bridge4: entered allmulticast mode
[  531.764120][T17403] dummy0 speed is unknown, defaulting to 1000
[  531.790231][T19910] dummy0 speed is unknown, defaulting to 1000
[  531.917555][T19951] netlink: 'syz.2.3771': attribute type 1 has an invalid length.
[  531.943236][T19951] netlink: 181328 bytes leftover after parsing attributes in process `syz.2.3771'.
[  531.957950][   T30] audit: type=1804 audit(1777840680.757:8): pid=19951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3771" name="/newroot/141/cgroup.controllers" dev="tmpfs" ino=732 res=1 errno=0
[  532.006350][   T30] audit: type=1800 audit(1777840680.757:9): pid=19951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3771" name="cgroup.controllers" dev="tmpfs" ino=732 res=0 errno=0
[  532.132089][T19953] netlink: 'syz.2.3772': attribute type 21 has an invalid length.
[  532.145431][T19953] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3772'.
[  532.220337][T19953] netlink: 'syz.2.3772': attribute type 4 has an invalid length.
[  532.236143][T19953] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3772'.
[  532.444670][T19940] dummy0 speed is unknown, defaulting to 1000
[  532.858075][T19976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3779'.
[  532.969470][T19977] netlink: 'syz.0.3779': attribute type 30 has an invalid length.
[  533.040481][T19981] netlink: 'syz.2.3781': attribute type 1 has an invalid length.
[  533.159926][T19983] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3781'.
[  533.197229][T19981] bond5: entered promiscuous mode
[  533.202968][T19981] 8021q: adding VLAN 0 to HW filter on device bond5
[  533.211089][T19910] dummy0 speed is unknown, defaulting to 1000
[  533.227352][T19983] bond5: left promiscuous mode
[  533.241560][T19983] bond5: entered allmulticast mode
[  533.688427][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  533.918091][T20004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3786'.
[  534.036754][T20002] syzkaller1: entered promiscuous mode
[  534.045435][T20002] syzkaller1: entered allmulticast mode
[  534.055869][T20004] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  534.081231][T20004] batman_adv: batadv0: Removing interface: batadv_slave_1
[  534.179121][T19910] dummy0 speed is unknown, defaulting to 1000
[  534.664567][T20021] dvmrp0: entered allmulticast mode
[  535.038581][T20027] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  535.202008][T20033] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  535.218608][T19910] dummy0 speed is unknown, defaulting to 1000
[  535.746424][T20041] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3796'.
[  536.042194][T19910] dummy0 speed is unknown, defaulting to 1000
[  536.518036][T20057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3800'.
[  536.561641][T20057] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3800'.
[  536.817674][T19910] dummy0 speed is unknown, defaulting to 1000
[  537.043126][T20061] netlink: 13 bytes leftover after parsing attributes in process `syz.3.3801'.
[  537.491770][T20074] openvswitch: netlink: Unexpected mask (mask=200440, allowed=10048)
[  537.545217][T20074] netlink: 'syz.3.3805': attribute type 1 has an invalid length.
[  537.715966][T20074] 8021q: adding VLAN 0 to HW filter on device bond1
[  537.749122][T20076] bond1: (slave geneve2): making interface the new active one
[  537.759806][T20076] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  537.805288][T20079] batman_adv: batadv0: Adding interface: gretap1
[  537.812407][T20079] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  537.838654][T20079] batman_adv: batadv0: Interface activated: gretap1
[  537.846027][T19910] dummy0 speed is unknown, defaulting to 1000
[  538.014627][T20083] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3808'.
[  538.563130][T19910] dummy0 speed is unknown, defaulting to 1000
[  539.093460][T19910] dummy0 speed is unknown, defaulting to 1000
[  539.218073][T20092] netlink: 165 bytes leftover after parsing attributes in process `syz.3.3811'.
[  539.393243][T19910] dummy0 speed is unknown, defaulting to 1000
[  540.218077][T20101] block nbd1: server does not support multiple connections per device.
[  540.242179][T20101] block nbd1: shutting down sockets
[  541.527848][T20115] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3817'.
[  541.723051][T20120] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3819'.
[  542.366631][T20140] vlan2: entered promiscuous mode
[  542.391336][T20140] bridge0: entered promiscuous mode
[  542.520775][T20149] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3828'.
[  542.546126][T20146] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3827'.
[  542.584691][T20151] netlink: 'syz.2.3829': attribute type 1 has an invalid length.
[  542.611829][T20149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3828'.
[  542.654803][T20153] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3830'.
[  542.704480][T20153] netlink: 'syz.0.3830': attribute type 1 has an invalid length.
[  542.770583][T20153] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3830'.
[  542.864279][T20149] team0: Failed to send options change via netlink (err -105)
[  542.877536][T20160] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3832'.
[  542.899676][T20153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3830'.
[  542.909598][T20149] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  542.955816][T20149] team0: Port device team_slave_1 removed
[  543.256212][T20172] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3833'.
[  543.513484][T20177] bond2 (unregistering): Released all slaves
[  543.836181][T20185] netlink: 'syz.2.3838': attribute type 15 has an invalid length.
[  543.886986][T20189] 0ªX¹¦À: renamed from batadv0 (while UP)
[  543.966951][T20189] 0ªX¹¦À: entered allmulticast mode
[  543.995172][T20189] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  544.089521][ T5635] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  544.252553][ T5635] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  544.570989][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  544.830703][T20213] dummy0 speed is unknown, defaulting to 1000
[  544.859305][T20222] netlink: 'syz.2.3847': attribute type 11 has an invalid length.
[  545.122759][T20226] dvmrp0: entered allmulticast mode
[  545.222819][T20229] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  545.244284][T20229] syzkaller0: entered promiscuous mode
[  545.276249][T20229] syzkaller0: entered allmulticast mode
[  545.392846][T20229] tipc: Resetting bearer <eth:syzkaller0>
[  545.421765][T20227] tipc: Resetting bearer <eth:syzkaller0>
[  545.516560][T20227] tipc: Disabling bearer <eth:syzkaller0>
[  546.633306][T20272] __nla_validate_parse: 12 callbacks suppressed
[  546.633329][T20272] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3864'.
[  547.027107][T20285] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  547.735528][T20314] netlink: 'syz.1.3873': attribute type 1 has an invalid length.
[  547.877893][T20314] 8021q: adding VLAN 0 to HW filter on device bond3
[  547.913592][T20323] bond3: (slave geneve2): making interface the new active one
[  547.962334][T20323] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  548.140942][T20328] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3874'.
[  549.045968][T20365] tipc: Started in network mode
[  549.051304][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  549.125754][T20365] tipc: Node identity 4a46a207c195, cluster identity 4711
[  549.179857][T20365] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  549.215623][T20367] syzkaller0: entered promiscuous mode
[  549.230357][T20372] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3885'.
[  549.255827][T20367] syzkaller0: entered allmulticast mode
[  549.270586][T20372] netlink: 'syz.3.3885': attribute type 1 has an invalid length.
[  549.449268][T20367] tipc: Resetting bearer <eth:syzkaller0>
[  549.492357][T20362] tipc: Resetting bearer <eth:syzkaller0>
[  549.523924][T20377] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3886'.
[  549.618050][T20362] tipc: Disabling bearer <eth:syzkaller0>
[  549.893654][T20379] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  549.931738][T20379] syzkaller0: entered promiscuous mode
[  549.954929][T20379] syzkaller0: entered allmulticast mode
[  550.165725][T20381] tipc: Resetting bearer <eth:syzkaller0>
[  550.502006][T20399] bond6: option all_slaves_active: invalid value (249)
[  550.513495][T20399] bond6 (unregistering): Released all slaves
[  550.717923][T20378] tipc: Resetting bearer <eth:syzkaller0>
[  550.814711][T20378] tipc: Disabling bearer <eth:syzkaller0>
[  551.181959][T20409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3896'.
[  551.221073][T20411] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3897'.
[  551.460087][T20411] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3897'.
[  551.525977][T20411] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3897'.
[  551.676501][T20417] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3899'.
[  552.015203][T20419] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  552.069898][T20419] syzkaller0: entered promiscuous mode
[  552.116598][T20419] syzkaller0: entered allmulticast mode
[  552.285059][T20429] tipc: Resetting bearer <eth:syzkaller0>
[  552.326792][T20418] tipc: Resetting bearer <eth:syzkaller0>
[  552.441559][T20418] tipc: Disabling bearer <eth:syzkaller0>
[  552.619150][T20430] dummy0 speed is unknown, defaulting to 1000
[  552.852532][T20442] netlink: 'syz.3.3907': attribute type 6 has an invalid length.
[  553.332283][T20455] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3911'.
[  554.015194][T20470] netlink: 'syz.1.3916': attribute type 1 has an invalid length.
[  554.177343][T20472] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3917'.
[  554.201227][T20474] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  554.227188][T20474] syzkaller0: entered promiscuous mode
[  554.237632][T20475] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3917'.
[  554.260235][T20474] syzkaller0: entered allmulticast mode
[  554.296419][T20474] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3918'.
[  554.324968][T20472] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3917'.
[  554.388717][T20478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3919'.
[  554.504867][T20478] netlink: 'syz.1.3919': attribute type 39 has an invalid length.
[  554.770297][T20473] tipc: Resetting bearer <eth:syzkaller0>
[  554.907472][T20473] tipc: Disabling bearer <eth:syzkaller0>
[  554.968800][ T5630] Bluetooth: hci5: command 0x0406 tx timeout
[  555.022736][T20484] netlink: 'syz.2.3921': attribute type 6 has an invalid length.
[  555.211622][T20489] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3923'.
[  555.465483][T20494] netlink: 'syz.1.3924': attribute type 1 has an invalid length.
[  555.654950][T20499] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  555.957613][T20494] 8021q: adding VLAN 0 to HW filter on device bond4
[  556.120314][T20510] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3927'.
[  556.397756][T20510] syzkaller0: entered promiscuous mode
[  556.425797][T20510] syzkaller0: entered allmulticast mode
[  556.446272][T20517] x_tables: unsorted entry at hook 3
[  557.050200][T20524] FAULT_INJECTION: forcing a failure.
[  557.050200][T20524] name failslab, interval 1, probability 0, space 0, times 0
[  557.066305][T20524] CPU: 1 UID: 0 PID: 20524 Comm: syz.3.3930 Not tainted syzkaller #0 PREEMPT(full) 
[  557.066337][T20524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  557.066350][T20524] Call Trace:
[  557.066359][T20524]  <TASK>
[  557.066368][T20524]  dump_stack_lvl+0xe8/0x150
[  557.066400][T20524]  should_fail_ex+0x412/0x560
[  557.066433][T20524]  should_failslab+0xa8/0x100
[  557.066469][T20524]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  557.066505][T20524]  ? __alloc_skb+0x186/0x7d0
[  557.066528][T20524]  ? __alloc_skb+0x1d0/0x7d0
[  557.066550][T20524]  ? __local_bh_enable_ip+0xd0/0x130
[  557.066578][T20524]  __alloc_skb+0x1d0/0x7d0
[  557.066607][T20524]  netlink_sendmsg+0x5d4/0xb40
[  557.066655][T20524]  ? __pfx_netlink_sendmsg+0x10/0x10
[  557.066686][T20524]  ? aa_sock_msg_perm+0xf1/0x1b0
[  557.066716][T20524]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  557.066750][T20524]  ____sys_sendmsg+0x972/0x9f0
[  557.066778][T20524]  ? __might_fault+0xaf/0x130
[  557.066814][T20524]  ? __pfx_____sys_sendmsg+0x10/0x10
[  557.066852][T20524]  ? import_iovec+0x73/0xa0
[  557.066888][T20524]  ___sys_sendmsg+0x2a5/0x360
[  557.066914][T20524]  ? __lock_acquire+0x6b5/0x2cf0
[  557.066942][T20524]  ? __pfx____sys_sendmsg+0x10/0x10
[  557.067009][T20524]  ? __fget_files+0x2a/0x420
[  557.067035][T20524]  ? __fget_files+0x3a0/0x420
[  557.067072][T20524]  __x64_sys_sendmsg+0x1bd/0x2a0
[  557.067104][T20524]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  557.067143][T20524]  ? __pfx_ksys_write+0x10/0x10
[  557.067183][T20524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.067207][T20524]  do_syscall_64+0x15f/0xf80
[  557.067234][T20524]  ? trace_irq_disable+0x3b/0x140
[  557.067266][T20524]  ? clear_bhb_loop+0x40/0x90
[  557.067293][T20524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.067315][T20524] RIP: 0033:0x7f0873b9cdd9
[  557.067336][T20524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  557.067354][T20524] RSP: 002b:00007f08749ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  557.067377][T20524] RAX: ffffffffffffffda RBX: 00007f0873e15fa0 RCX: 00007f0873b9cdd9
[  557.067392][T20524] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  557.067406][T20524] RBP: 00007f08749ea090 R08: 0000000000000000 R09: 0000000000000000
[  557.067419][T20524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.067432][T20524] R13: 00007f0873e16038 R14: 00007f0873e15fa0 R15: 00007ffea526ddf8
[  557.067491][T20524]  </TASK>
[  560.101647][ T5630] Bluetooth: hci2: command 0x0406 tx timeout
[  562.426963][T20544] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3935'.
[  562.439269][T20549] netlink: 'syz.2.3936': attribute type 30 has an invalid length.
[  563.021955][T20562] FAULT_INJECTION: forcing a failure.
[  563.021955][T20562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.084127][T20562] CPU: 0 UID: 0 PID: 20562 Comm: syz.3.3941 Not tainted syzkaller #0 PREEMPT(full) 
[  563.084158][T20562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  563.084171][T20562] Call Trace:
[  563.084180][T20562]  <TASK>
[  563.084189][T20562]  dump_stack_lvl+0xe8/0x150
[  563.084219][T20562]  should_fail_ex+0x412/0x560
[  563.084262][T20562]  _copy_from_iter+0x1d3/0x1670
[  563.084293][T20562]  ? rcu_is_watching+0x15/0xb0
[  563.084325][T20562]  ? __pfx__copy_from_iter+0x10/0x10
[  563.084361][T20562]  ? netlink_sendmsg+0x650/0xb40
[  563.084388][T20562]  ? skb_put+0x11b/0x210
[  563.084416][T20562]  netlink_sendmsg+0x6c0/0xb40
[  563.084453][T20562]  ? __pfx_netlink_sendmsg+0x10/0x10
[  563.084484][T20562]  ? aa_sock_msg_perm+0xf1/0x1b0
[  563.084512][T20562]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  563.084545][T20562]  ____sys_sendmsg+0x972/0x9f0
[  563.084573][T20562]  ? __might_fault+0xaf/0x130
[  563.084607][T20562]  ? __pfx_____sys_sendmsg+0x10/0x10
[  563.084644][T20562]  ? import_iovec+0x73/0xa0
[  563.084680][T20562]  ___sys_sendmsg+0x2a5/0x360
[  563.084706][T20562]  ? __lock_acquire+0x6b5/0x2cf0
[  563.084735][T20562]  ? __pfx____sys_sendmsg+0x10/0x10
[  563.084800][T20562]  ? __fget_files+0x2a/0x420
[  563.084825][T20562]  ? __fget_files+0x3a0/0x420
[  563.084862][T20562]  __x64_sys_sendmsg+0x1bd/0x2a0
[  563.084911][T20562]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  563.084950][T20562]  ? __pfx_ksys_write+0x10/0x10
[  563.084990][T20562]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.085014][T20562]  do_syscall_64+0x15f/0xf80
[  563.085040][T20562]  ? trace_irq_disable+0x3b/0x140
[  563.085071][T20562]  ? clear_bhb_loop+0x40/0x90
[  563.085106][T20562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.085134][T20562] RIP: 0033:0x7f0873b9cdd9
[  563.085160][T20562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  563.085178][T20562] RSP: 002b:00007f08749ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  563.085202][T20562] RAX: ffffffffffffffda RBX: 00007f0873e15fa0 RCX: 00007f0873b9cdd9
[  563.085218][T20562] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  563.085238][T20562] RBP: 00007f08749ea090 R08: 0000000000000000 R09: 0000000000000000
[  563.085252][T20562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.085264][T20562] R13: 00007f0873e16038 R14: 00007f0873e15fa0 R15: 00007ffea526ddf8
[  563.085299][T20562]  </TASK>
[  563.333859][ T1314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  563.343759][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  563.767401][T20581] 8021q: VLANs not supported on lo
[  563.808266][T20586] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3949'.
[  564.317160][T20606] FAULT_INJECTION: forcing a failure.
[  564.317160][T20606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  564.344946][T20606] CPU: 1 UID: 0 PID: 20606 Comm: syz.3.3955 Not tainted syzkaller #0 PREEMPT(full) 
[  564.344976][T20606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  564.344989][T20606] Call Trace:
[  564.344997][T20606]  <TASK>
[  564.345007][T20606]  dump_stack_lvl+0xe8/0x150
[  564.345037][T20606]  should_fail_ex+0x412/0x560
[  564.345070][T20606]  _copy_from_iter+0x1d3/0x1670
[  564.345100][T20606]  ? rcu_is_watching+0x15/0xb0
[  564.345134][T20606]  ? __pfx__copy_from_iter+0x10/0x10
[  564.345177][T20606]  ? netlink_sendmsg+0x650/0xb40
[  564.345203][T20606]  ? skb_put+0x11b/0x210
[  564.345230][T20606]  netlink_sendmsg+0x6c0/0xb40
[  564.345267][T20606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  564.345296][T20606]  ? aa_sock_msg_perm+0xf1/0x1b0
[  564.345326][T20606]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  564.345359][T20606]  ____sys_sendmsg+0x972/0x9f0
[  564.345386][T20606]  ? __might_fault+0xaf/0x130
[  564.345420][T20606]  ? __pfx_____sys_sendmsg+0x10/0x10
[  564.345458][T20606]  ? import_iovec+0x73/0xa0
[  564.345492][T20606]  ___sys_sendmsg+0x2a5/0x360
[  564.345518][T20606]  ? __lock_acquire+0x6b5/0x2cf0
[  564.345546][T20606]  ? __pfx____sys_sendmsg+0x10/0x10
[  564.345612][T20606]  ? __fget_files+0x2a/0x420
[  564.345638][T20606]  ? __fget_files+0x3a0/0x420
[  564.345679][T20606]  __x64_sys_sendmsg+0x1bd/0x2a0
[  564.345711][T20606]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  564.345749][T20606]  ? __pfx_ksys_write+0x10/0x10
[  564.345789][T20606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.345811][T20606]  do_syscall_64+0x15f/0xf80
[  564.345836][T20606]  ? trace_irq_disable+0x3b/0x140
[  564.345868][T20606]  ? clear_bhb_loop+0x40/0x90
[  564.345894][T20606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.345916][T20606] RIP: 0033:0x7f0873b9cdd9
[  564.345937][T20606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  564.345955][T20606] RSP: 002b:00007f08749ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  564.345978][T20606] RAX: ffffffffffffffda RBX: 00007f0873e15fa0 RCX: 00007f0873b9cdd9
[  564.345993][T20606] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  564.346006][T20606] RBP: 00007f08749ea090 R08: 0000000000000000 R09: 0000000000000000
[  564.346019][T20606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  564.346031][T20606] R13: 00007f0873e16038 R14: 00007f0873e15fa0 R15: 00007ffea526ddf8
[  564.346065][T20606]  </TASK>
[  564.829721][T20611] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3957'.
[  565.386125][T20626] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3961'.
[  565.498582][T20630] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3962'.
[  565.977172][T20644] netlink: 'syz.2.3966': attribute type 1 has an invalid length.
[  565.999819][T20643] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  566.054839][T20643] syzkaller0: entered promiscuous mode
[  566.081732][T20643] syzkaller0: entered allmulticast mode
[  566.137337][T20647] bond3: entered promiscuous mode
[  566.147303][T20654] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3968'.
[  566.271476][T20650] FAULT_INJECTION: forcing a failure.
[  566.271476][T20650] name failslab, interval 1, probability 0, space 0, times 0
[  566.326774][T20650] CPU: 0 UID: 0 PID: 20650 Comm: syz.3.3965 Not tainted syzkaller #0 PREEMPT(full) 
[  566.326817][T20650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  566.326831][T20650] Call Trace:
[  566.326840][T20650]  <TASK>
[  566.326849][T20650]  dump_stack_lvl+0xe8/0x150
[  566.326881][T20650]  should_fail_ex+0x412/0x560
[  566.326914][T20650]  should_failslab+0xa8/0x100
[  566.326950][T20650]  __kmalloc_noprof+0xe8/0x760
[  566.326979][T20650]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  566.327015][T20650]  tomoyo_realpath_from_path+0xe3/0x5d0
[  566.327047][T20650]  ? tomoyo_domain+0xd7/0x130
[  566.327087][T20650]  ? tomoyo_path_number_perm+0x219/0x630
[  566.327112][T20650]  tomoyo_path_number_perm+0x246/0x630
[  566.327140][T20650]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  566.327163][T20650]  ? __lock_acquire+0x6b5/0x2cf0
[  566.327205][T20650]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  566.327255][T20650]  ? __fget_files+0x2a/0x420
[  566.327284][T20650]  ? __fget_files+0x2a/0x420
[  566.327308][T20650]  ? __fget_files+0x3a0/0x420
[  566.327331][T20650]  ? __fget_files+0x2a/0x420
[  566.327362][T20650]  security_file_ioctl+0xc3/0x2a0
[  566.327388][T20650]  __se_sys_ioctl+0x47/0x170
[  566.327420][T20650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.327445][T20650]  do_syscall_64+0x15f/0xf80
[  566.327475][T20650]  ? trace_irq_disable+0x3b/0x140
[  566.327509][T20650]  ? clear_bhb_loop+0x40/0x90
[  566.327535][T20650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.327557][T20650] RIP: 0033:0x7f0873b9cdd9
[  566.327577][T20650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  566.327597][T20650] RSP: 002b:00007f08749c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  566.327620][T20650] RAX: ffffffffffffffda RBX: 00007f0873e16090 RCX: 00007f0873b9cdd9
[  566.327636][T20650] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000007
[  566.327650][T20650] RBP: 00007f08749c9090 R08: 0000000000000000 R09: 0000000000000000
[  566.327664][T20650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.327676][T20650] R13: 00007f0873e16128 R14: 00007f0873e16090 R15: 00007ffea526ddf8
[  566.327713][T20650]  </TASK>
[  566.563605][T20650] ERROR: Out of memory at tomoyo_realpath_from_path.
[  566.687418][T20655] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.695772][T20655] bridge0: port 1(bridge_slave_0) entered disabled state
[  567.015831][T20655] batman_adv: 
60ªX¹¦À: Interface deactivated: batadv_slave_0
[  567.294787][T20650] tipc: Resetting bearer <eth:syzkaller0>
[  567.308078][T20641] tipc: Resetting bearer <eth:syzkaller0>
[  567.354563][T20641] tipc: Disabling bearer <eth:syzkaller0>
[  567.427018][T15622] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  567.456218][T15622] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  567.485715][T15622] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  567.555167][T15622] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  567.687986][T20674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3977'.
[  568.696216][T20714] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3986'.
[  568.874448][T20723] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3990'.
[  569.060383][T20733] x_tables: duplicate underflow at hook 2
[  569.473218][T20743] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3995'.
[  569.590746][T20745] netlink: 'syz.2.3996': attribute type 22 has an invalid length.
[  569.623513][T20745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3996'.
[  569.654805][   T30] audit: type=1107 audit(1777840718.457:10): pid=20742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  569.702529][T20748] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3995'.
[  569.790732][T20745] netlink: 'syz.2.3996': attribute type 22 has an invalid length.
[  569.800005][T15618] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  569.811312][T15618] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  569.821896][T20745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3996'.
[  569.836020][T15618] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  569.865245][T15618] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  570.539195][T20786] netlink: 112 bytes leftover after parsing attributes in process `syz.0.4003'.
[  570.569275][T20784] netlink: 'syz.4.4005': attribute type 3 has an invalid length.
[  570.594798][T20784] netlink: 666 bytes leftover after parsing attributes in process `syz.4.4005'.
[  570.963963][T20789] bridge0: port 2(bridge_slave_1) entered disabled state
[  570.971890][T20789] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.377622][T20797] netlink: 'syz.4.4008': attribute type 1 has an invalid length.
[  571.412884][ T5750] dummy0 speed is unknown, defaulting to 1000
[  571.420217][T20797] FAULT_INJECTION: forcing a failure.
[  571.420217][T20797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  571.449613][ T5750] syz1: Port: 1 Link DOWN
[  571.454385][T16037] dummy0 speed is unknown, defaulting to 1000
[  571.472640][T20797] CPU: 0 UID: 0 PID: 20797 Comm: syz.4.4008 Not tainted syzkaller #0 PREEMPT(full) 
[  571.472673][T20797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  571.472687][T20797] Call Trace:
[  571.472695][T20797]  <TASK>
[  571.472706][T20797]  dump_stack_lvl+0xe8/0x150
[  571.472737][T20797]  should_fail_ex+0x412/0x560
[  571.472771][T20797]  _copy_to_user+0x31/0xb0
[  571.472805][T20797]  simple_read_from_buffer+0xe1/0x170
[  571.472838][T20797]  proc_fail_nth_read+0x1bb/0x230
[  571.472870][T20797]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  571.472901][T20797]  ? rw_verify_area+0x2a6/0x4d0
[  571.472931][T20797]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  571.472960][T20797]  vfs_read+0x20c/0xa70
[  571.472996][T20797]  ? __pfx___mutex_lock+0x10/0x10
[  571.473024][T20797]  ? __pfx_vfs_read+0x10/0x10
[  571.473056][T20797]  ? __fget_files+0x2a/0x420
[  571.473085][T20797]  ? __fget_files+0x3a0/0x420
[  571.473109][T20797]  ? __fget_files+0x2a/0x420
[  571.473143][T20797]  ksys_read+0x150/0x270
[  571.473176][T20797]  ? __pfx_ksys_read+0x10/0x10
[  571.473224][T20797]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.473247][T20797]  do_syscall_64+0x15f/0xf80
[  571.473272][T20797]  ? trace_irq_disable+0x3b/0x140
[  571.473304][T20797]  ? clear_bhb_loop+0x40/0x90
[  571.473329][T20797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.473350][T20797] RIP: 0033:0x7f966cb5d60e
[  571.473369][T20797] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  571.473387][T20797] RSP: 002b:00007f966d9c8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  571.473410][T20797] RAX: ffffffffffffffda RBX: 00007f966d9c96c0 RCX: 00007f966cb5d60e
[  571.473425][T20797] RDX: 000000000000000f RSI: 00007f966d9c90a0 RDI: 0000000000000006
[  571.473438][T20797] RBP: 00007f966d9c9090 R08: 0000000000000000 R09: 0000000000000000
[  571.473451][T20797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.473463][T20797] R13: 00007f966ce16038 R14: 00007f966ce15fa0 R15: 00007ffc63629af8
[  571.473495][T20797]  </TASK>
[  571.981468][T20805] FAULT_INJECTION: forcing a failure.
[  571.981468][T20805] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  572.060647][T20804] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4011'.
[  572.066618][T20805] CPU: 1 UID: 0 PID: 20805 Comm: syz.1.4010 Not tainted syzkaller #0 PREEMPT(full) 
[  572.066709][T20805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  572.066751][T20805] Call Trace:
[  572.066774][T20805]  <TASK>
[  572.066806][T20805]  dump_stack_lvl+0xe8/0x150
[  572.066895][T20805]  should_fail_ex+0x412/0x560
[  572.066997][T20805]  prepare_alloc_pages+0x22a/0x650
[  572.067135][T20805]  __alloc_frozen_pages_noprof+0x12f/0x380
[  572.067240][T20805]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  572.067348][T20805]  ? __pfx_policy_nodemask+0x10/0x10
[  572.067448][T20805]  ? __lock_acquire+0x6b5/0x2cf0
[  572.067542][T20805]  alloc_pages_mpol+0x235/0x490
[  572.067658][T20805]  folio_alloc_mpol_noprof+0x39/0x160
[  572.067760][T20805]  shmem_alloc_and_add_folio+0x442/0xf80
[  572.067842][T20805]  ? filemap_get_entry+0xcd/0x3f0
[  572.067982][T20805]  ? __pfx_filemap_get_entry+0x10/0x10
[  572.068068][T20805]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  572.068153][T20805]  ? shmem_allowable_huge_orders+0x5ec/0x690
[  572.068248][T20805]  shmem_get_folio_gfp+0x5a9/0x1670
[  572.068386][T20805]  shmem_fault+0x179/0x390
[  572.068489][T20805]  __do_fault+0x138/0x2a0
[  572.068579][T20805]  do_pte_missing+0x601/0x33f0
[  572.068695][T20805]  ? handle_mm_fault+0xee/0x3170
[  572.068778][T20805]  handle_mm_fault+0x1bd7/0x3170
[  572.068892][T20805]  ? handle_mm_fault+0xee/0x3170
[  572.068983][T20805]  ? __pfx_handle_mm_fault+0x10/0x10
[  572.069110][T20805]  ? lock_mm_and_find_vma+0xa7/0x340
[  572.069203][T20805]  do_user_addr_fault+0x75b/0x1340
[  572.069334][T20805]  exc_page_fault+0x6a/0xc0
[  572.069413][T20805]  asm_exc_page_fault+0x26/0x30
[  572.069477][T20805] RIP: 0010:rep_movs_alternative+0x33/0x90
[  572.069560][T20805] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  572.069613][T20805] RSP: 0018:ffffc90003477b48 EFLAGS: 00050246
[  572.069671][T20805] RAX: 0000000800000000 RBX: 0000000000000008 RCX: 0000000000000008
[  572.069706][T20805] RDX: 0000000000000000 RSI: ffff888031091090 RDI: 0000200000001780
[  572.069757][T20805] RBP: ffffc90003477c90 R08: ffff888031091097 R09: 1ffff11006212212
[  572.069771][T20805] R10: dffffc0000000000 R11: ffffed1006212213 R12: 0000200000001788
[  572.069785][T20805] R13: 00007ffffffff000 R14: ffff888031091090 R15: 0000200000001780
[  572.069819][T20805]  _copy_to_user+0x8a/0xb0
[  572.069852][T20805]  rfkill_fop_read+0x2fe/0x520
[  572.069886][T20805]  ? __pfx_rfkill_fop_read+0x10/0x10
[  572.069964][T20805]  ? apparmor_file_permission+0x1f4/0x300
[  572.070042][T20805]  ? bpf_lsm_file_permission+0x9/0x20
[  572.070142][T20805]  ? security_file_permission+0x75/0x260
[  572.070210][T20805]  ? rw_verify_area+0x2a6/0x4d0
[  572.070290][T20805]  ? __pfx_rfkill_fop_read+0x10/0x10
[  572.070379][T20805]  vfs_read+0x20c/0xa70
[  572.070488][T20805]  ? __pfx_vfs_read+0x10/0x10
[  572.070576][T20805]  ? __fget_files+0x2a/0x420
[  572.070655][T20805]  ? __fget_files+0x2a/0x420
[  572.070721][T20805]  ? __fget_files+0x3a0/0x420
[  572.070787][T20805]  ? __fget_files+0x2a/0x420
[  572.070879][T20805]  ksys_read+0x150/0x270
[  572.070970][T20805]  ? __pfx_ksys_read+0x10/0x10
[  572.071080][T20805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.071150][T20805]  do_syscall_64+0x15f/0xf80
[  572.071220][T20805]  ? trace_irq_disable+0x3b/0x140
[  572.071308][T20805]  ? clear_bhb_loop+0x40/0x90
[  572.071402][T20805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.071482][T20805] RIP: 0033:0x7f5ae3d9cdd9
[  572.071550][T20805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  572.071595][T20805] RSP: 002b:00007f5ae1ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  572.071661][T20805] RAX: ffffffffffffffda RBX: 00007f5ae4015fa0 RCX: 00007f5ae3d9cdd9
[  572.071706][T20805] RDX: 0000000000000008 RSI: 0000200000001780 RDI: 0000000000000003
[  572.071742][T20805] RBP: 00007f5ae1ff6090 R08: 0000000000000000 R09: 0000000000000000
[  572.071784][T20805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  572.071818][T20805] R13: 00007f5ae4016038 R14: 00007f5ae4015fa0 R15: 00007ffc6f4997c8
[  572.071911][T20805]  </TASK>
[  573.127145][T20823] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.4017'.
[  573.140710][T20818] sctp: [Deprecated]: syz.0.4016 (pid 20818) Use of struct sctp_assoc_value in delayed_ack socket option.
[  573.140710][T20818] Use struct sctp_sack_info instead
[  573.224714][T20825] sctp: [Deprecated]: syz.0.4016 (pid 20825) Use of struct sctp_assoc_value in delayed_ack socket option.
[  573.224714][T20825] Use struct sctp_sack_info instead
[  573.564322][T20828] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  573.591529][T20828] syzkaller0: entered promiscuous mode
[  573.603689][T20828] syzkaller0: entered allmulticast mode
[  573.710665][T20828] tipc: Resetting bearer <eth:syzkaller0>
[  573.749668][T20827] tipc: Resetting bearer <eth:syzkaller0>
[  573.834308][T20827] tipc: Disabling bearer <eth:syzkaller0>
[  573.869317][T20836] IPVS: set_ctl: invalid protocol: 50 172.20.20.187:20002
[  574.194730][T20847] syzkaller0: entered promiscuous mode
[  574.216969][T20847] syzkaller0: entered allmulticast mode
[  574.422221][T20852] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4026'.
[  574.433072][T20853] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4025'.
[  574.496252][T20853] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4025'.
[  574.575836][T20852] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4026'.
[  574.952678][T20865] 5Ò: entered promiscuous mode
[  574.973121][T20872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4029'.
[  575.115440][T20871] dummy0 speed is unknown, defaulting to 1000
[  575.725656][T20891] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  575.759182][T20891] syzkaller0: entered promiscuous mode
[  575.791776][T20891] syzkaller0: entered allmulticast mode
[  575.820148][T20901] netlink: 'syz.1.4036': attribute type 4 has an invalid length.
[  575.941872][T20891] syzkaller0: mtu greater than device maximum
[  575.974490][T20890] tipc: Resetting bearer <eth:syzkaller0>
[  576.073124][T20889] sctp: [Deprecated]: syz.3.4033 (pid 20889) Use of int in max_burst socket option.
[  576.073124][T20889] Use struct sctp_assoc_value instead
[  576.132062][T20890] tipc: Disabling bearer <eth:syzkaller0>
[  576.454542][T20919] openvswitch: netlink: IPv4 tun info is not correct
[  576.733753][T20926] netlink: 'syz.4.4042': attribute type 1 has an invalid length.
[  576.775085][T20932] netlink: 'syz.1.4043': attribute type 6 has an invalid length.
[  576.786472][T20926] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4042'.
[  577.466526][T20957] netlink: 'syz.1.4047': attribute type 4 has an invalid length.
[  577.510940][T20957] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4047'.
[  577.538455][T20961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4048'.
[  577.564050][T20960] netlink: 'syz.4.4049': attribute type 1 has an invalid length.
[  577.579026][T20961] xt_hashlimit: size too large, truncated to 1048576
[  577.587629][T20960] netlink: 'syz.4.4049': attribute type 2 has an invalid length.
[  577.605459][T20960] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4049'.
[  578.166496][T20974] openvswitch: netlink: Invalid VLAN frame
[  578.294609][T20989] RDS: rds_bind could not find a transport for c001:0:20:0:8001:0:20:0, load rds_tcp or rds_rdma?
[  578.363797][T20972] __nla_validate_parse: 3 callbacks suppressed
[  578.363822][T20972] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4051'.
[  578.410135][   T10] IPVS: starting estimator thread 0...
[  578.437150][T20992] netlink: 'syz.2.4055': attribute type 14 has an invalid length.
[  578.538779][T20995] IPVS: using max 27 ests per chain, 64800 per kthread
[  578.676051][T20986] dummy0 speed is unknown, defaulting to 1000
[  579.010606][T21003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4059'.
[  579.106616][T21005] nbd: socks must be embedded in a SOCK_ITEM attr
[  579.128513][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  579.136429][T21005] block nbd1: shutting down sockets
[  579.208801][T21011] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4062'.
[  579.230242][T21003] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  579.263824][T21007] syzkaller0: entered promiscuous mode
[  579.306332][T21007] syzkaller0: entered allmulticast mode
[  579.385910][T21009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4059'.
[  579.654923][T21002] tipc: Disabling bearer <eth:syzkaller0>
[  579.672085][T21022] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4064'.
[  580.061701][T21030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4067'.
[  580.177139][T21026] dummy0 speed is unknown, defaulting to 1000
[  580.177439][T21033] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4066'.
[  580.207864][T21031] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4065'.
[  580.209879][T21037] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4066'.
[  580.581130][ T5633] Bluetooth: hci3: command 0x0406 tx timeout
[  580.658635][T21044] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4069'.
[  580.703254][ T5630] block nbd1: Receive control failed (result -1)
[  581.120673][T21046] dummy0 speed is unknown, defaulting to 1000
[  582.023411][T21072] netlink: 'syz.3.4075': attribute type 4 has an invalid length.
[  582.115801][T21071] ip6gre1: entered promiscuous mode
[  582.139265][T21071] ip6gre1: entered allmulticast mode
[  583.113574][T21089] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  583.229317][T21091] syzkaller0: entered promiscuous mode
[  583.235118][T21091] syzkaller0: entered allmulticast mode
[  583.244029][T21091] tipc: Resetting bearer <eth:syzkaller0>
[  583.513391][T21081] tipc: Resetting bearer <eth:syzkaller0>
[  583.775115][T21116] __nla_validate_parse: 4 callbacks suppressed
[  583.775137][T21116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4083'.
[  584.492581][T21133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4089'.
[  588.777027][T21081] tipc: Disabling bearer <eth:syzkaller0>
[  588.815901][T16037] tipc: Node number set to 2345902599
[  588.825420][T21136] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  588.888748][T21136] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  588.954499][T21136] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  589.040178][T21136] 
[  589.042589][T21136] ======================================================
[  589.049739][T21136] WARNING: possible circular locking dependency detected
[  589.056823][T21136] syzkaller #0 Not tainted
[  589.061278][T21136] ------------------------------------------------------
[  589.068437][T21136] syz.0.4090/21136 is trying to acquire lock:
[  589.074555][T21136] ffffffff8ea854e0 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x40/0x660
[  589.084028][T21136] 
[  589.084028][T21136] but task is already holding lock:
[  589.091618][T21136] ffffffff8f38d3a0 (gdp_mutex){+.+.}-{4:4}, at: get_device_parent+0x16f/0x3a0
[  589.101150][T21136] 
[  589.101150][T21136] which lock already depends on the new lock.
[  589.101150][T21136] 
[  589.111607][T21136] 
[  589.111607][T21136] the existing dependency chain (in reverse order) is:
[  589.120749][T21136] 
[  589.120749][T21136] -> #9 (gdp_mutex){+.+.}-{4:4}:
[  589.127929][T21136]        __mutex_lock+0x1a3/0x1550
[  589.133175][T21136]        get_device_parent+0x16f/0x3a0
[  589.138763][T21136]        device_add+0x2e1/0xbb0
[  589.143672][T21136]        device_create+0x269/0x300
[  589.148829][T21136]        msr_device_create+0x33/0x50
[  589.154235][T21136]        cpuhp_invoke_callback+0x445/0x860
[  589.160073][T21136]        cpuhp_thread_fun+0x36b/0x780
[  589.165485][T21136]        smpboot_thread_fn+0x541/0xa50
[  589.171153][T21136]        kthread+0x388/0x470
[  589.175867][T21136]        ret_from_fork+0x514/0xb70
[  589.181007][T21136]        ret_from_fork_asm+0x1a/0x30
[  589.186338][T21136] 
[  589.186338][T21136] -> #8 (cpuhp_state-up){+.+.}-{0:0}:
[  589.193946][T21136]        cpuhp_thread_fun+0x127/0x780
[  589.199801][T21136]        smpboot_thread_fn+0x541/0xa50
[  589.205295][T21136]        kthread+0x388/0x470
[  589.209925][T21136]        ret_from_fork+0x514/0xb70
[  589.215075][T21136]        ret_from_fork_asm+0x1a/0x30
[  589.220395][T21136] 
[  589.220395][T21136] -> #7 (cpu_hotplug_lock){++++}-{0:0}:
[  589.228178][T21136]        cpus_read_lock+0x42/0x160
[  589.233339][T21136]        static_key_slow_inc+0x12/0x30
[  589.238829][T21136]        setup_udp_tunnel_sock+0x2fd/0x510
[  589.244715][T21136]        l2tp_tunnel_register+0xde2/0x1490
[  589.250558][T21136]        pppol2tp_connect+0x8b7/0x17c0
[  589.256142][T21136]        __sys_connect+0x312/0x450
[  589.261371][T21136]        __x64_sys_connect+0x7a/0x90
[  589.266690][T21136]        do_syscall_64+0x15f/0xf80
[  589.271834][T21136]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.278317][T21136] 
[  589.278317][T21136] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  589.286095][T21136]        lock_sock_nested+0x41/0x100
[  589.291421][T21136]        inet_shutdown+0x6a/0x390
[  589.296489][T21136]        nbd_mark_nsock_dead+0x2e9/0x560
[  589.302152][T21136]        recv_work+0x1c2e/0x1d40
[  589.307122][T21136]        process_scheduled_works+0xb5d/0x1860
[  589.313240][T21136]        worker_thread+0xa53/0xfc0
[  589.318477][T21136]        kthread+0x388/0x470
[  589.323187][T21136]        ret_from_fork+0x514/0xb70
[  589.328503][T21136]        ret_from_fork_asm+0x1a/0x30
[  589.333824][T21136] 
[  589.333824][T21136] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  589.341686][T21136]        __mutex_lock+0x1a3/0x1550
[  589.346833][T21136]        nbd_queue_rq+0x37b/0x1100
[  589.351975][T21136]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  589.358091][T21136]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  589.365334][T21136]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  589.371875][T21136]        blk_mq_run_hw_queue+0x348/0x4f0
[  589.377543][T21136]        blk_mq_dispatch_list+0xd16/0xe10
[  589.383302][T21136]        blk_mq_flush_plug_list+0x48d/0x570
[  589.389230][T21136]        __blk_flush_plug+0x3ed/0x4d0
[  589.394647][T21136]        __submit_bio+0x28d/0x580
[  589.399706][T21136]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  589.405983][T21136]        block_read_full_folio+0x599/0x830
[  589.411910][T21136]        filemap_read_folio+0x137/0x3b0
[  589.417499][T21136]        do_read_cache_folio+0x358/0x590
[  589.423263][T21136]        read_part_sector+0xb6/0x2b0
[  589.428586][T21136]        adfspart_check_ICS+0xb1/0x960
[  589.434165][T21136]        bdev_disk_changed+0x817/0x1770
[  589.439753][T21136]        blkdev_get_whole+0x380/0x510
[  589.445162][T21136]        bdev_open+0x31e/0xd30
[  589.449967][T21136]        blkdev_open+0x470/0x610
[  589.454938][T21136]        do_dentry_open+0x785/0x14e0
[  589.460431][T21136]        vfs_open+0x3b/0x340
[  589.465055][T21136]        path_openat+0x2e08/0x3860
[  589.470198][T21136]        do_file_open+0x23e/0x4a0
[  589.475263][T21136]        do_sys_openat2+0x113/0x200
[  589.480488][T21136]        __x64_sys_openat+0x138/0x170
[  589.485891][T21136]        do_syscall_64+0x15f/0xf80
[  589.491129][T21136]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.497577][T21136] 
[  589.497577][T21136] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  589.504823][T21136]        __mutex_lock+0x1a3/0x1550
[  589.509968][T21136]        nbd_queue_rq+0xc6/0x1100
[  589.515036][T21136]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  589.521140][T21136]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  589.528039][T21136]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  589.534630][T21136]        blk_mq_run_hw_queue+0x348/0x4f0
[  589.540913][T21136]        blk_mq_dispatch_list+0xd16/0xe10
[  589.546680][T21136]        blk_mq_flush_plug_list+0x48d/0x570
[  589.552608][T21136]        __blk_flush_plug+0x3ed/0x4d0
[  589.558025][T21136]        __submit_bio+0x28d/0x580
[  589.563104][T21136]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  589.569297][T21136]        block_read_full_folio+0x599/0x830
[  589.575311][T21136]        filemap_read_folio+0x137/0x3b0
[  589.580938][T21136]        do_read_cache_folio+0x358/0x590
[  589.586622][T21136]        read_part_sector+0xb6/0x2b0
[  589.592194][T21136]        adfspart_check_ICS+0xb1/0x960
[  589.597962][T21136]        bdev_disk_changed+0x817/0x1770
[  589.604156][T21136]        blkdev_get_whole+0x380/0x510
[  589.609563][T21136]        bdev_open+0x31e/0xd30
[  589.614380][T21136]        blkdev_open+0x470/0x610
[  589.619358][T21136]        do_dentry_open+0x785/0x14e0
[  589.624730][T21136]        vfs_open+0x3b/0x340
[  589.629365][T21136]        path_openat+0x2e08/0x3860
[  589.634532][T21136]        do_file_open+0x23e/0x4a0
[  589.639583][T21136]        do_sys_openat2+0x113/0x200
[  589.644808][T21136]        __x64_sys_openat+0x138/0x170
[  589.650209][T21136]        do_syscall_64+0x15f/0xf80
[  589.655352][T21136]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.661832][T21136] 
[  589.661832][T21136] -> #3 (set->srcu){.+.+}-{0:0}:
[  589.668989][T21136]        __synchronize_srcu+0xca/0x300
[  589.674488][T21136]        elevator_switch+0x1e8/0x7a0
[  589.679812][T21136]        elevator_change+0x2cc/0x450
[  589.685134][T21136]        elevator_set_default+0x36c/0x430
[  589.690979][T21136]        blk_register_queue+0x3e9/0x4e0
[  589.696663][T21136]        __add_disk+0x677/0xd50
[  589.701544][T21136]        add_disk_fwnode+0xfb/0x480
[  589.706771][T21136]        nbd_dev_add+0x72c/0xb50
[  589.711742][T21136]        nbd_init+0x168/0x1f0
[  589.716546][T21136]        do_one_initcall+0x250/0x870
[  589.721948][T21136]        do_initcall_level+0x104/0x190
[  589.727443][T21136]        do_initcalls+0x59/0xa0
[  589.732427][T21136]        kernel_init_freeable+0x2a6/0x3e0
[  589.738176][T21136]        kernel_init+0x1d/0x1d0
[  589.743077][T21136]        ret_from_fork+0x514/0xb70
[  589.748217][T21136]        ret_from_fork_asm+0x1a/0x30
[  589.753541][T21136] 
[  589.753541][T21136] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  589.761411][T21136]        __mutex_lock+0x1a3/0x1550
[  589.766571][T21136]        elevator_change+0x1b3/0x450
[  589.771899][T21136]        elevator_set_none+0xb5/0x140
[  589.777306][T21136]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  589.783672][T21136]        nbd_start_device+0x17f/0xb10
[  589.789172][T21136]        nbd_genl_connect+0x165b/0x1cf0
[  589.794757][T21136]        genl_family_rcv_msg_doit+0x22a/0x330
[  589.800865][T21136]        genl_rcv_msg+0x61c/0x7a0
[  589.805932][T21136]        netlink_rcv_skb+0x232/0x4b0
[  589.811245][T21136]        genl_rcv+0x28/0x40
[  589.815791][T21136]        netlink_unicast+0x75c/0x8e0
[  589.821190][T21136]        netlink_sendmsg+0x813/0xb40
[  589.826591][T21136]        ____sys_sendmsg+0x972/0x9f0
[  589.831905][T21136]        ___sys_sendmsg+0x2a5/0x360
[  589.837232][T21136]        __x64_sys_sendmsg+0x1bd/0x2a0
[  589.842723][T21136]        do_syscall_64+0x15f/0xf80
[  589.847869][T21136]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.854368][T21136] 
[  589.854368][T21136] -> #1 (&q->q_usage_counter(io)#69){++++}-{0:0}:
[  589.863286][T21136]        blk_alloc_queue+0x546/0x680
[  589.868610][T21136]        __blk_mq_alloc_disk+0x197/0x390
[  589.874372][T21136]        nbd_dev_add+0x499/0xb50
[  589.879432][T21136]        nbd_genl_connect+0x962/0x1cf0
[  589.884918][T21136]        genl_family_rcv_msg_doit+0x22a/0x330
[  589.891110][T21136]        genl_rcv_msg+0x61c/0x7a0
[  589.896170][T21136]        netlink_rcv_skb+0x232/0x4b0
[  589.901495][T21136]        genl_rcv+0x28/0x40
[  589.906074][T21136]        netlink_unicast+0x75c/0x8e0
[  589.911484][T21136]        netlink_sendmsg+0x813/0xb40
[  589.916802][T21136]        ____sys_sendmsg+0x972/0x9f0
[  589.922146][T21136]        ___sys_sendmsg+0x2a5/0x360
[  589.927459][T21136]        __x64_sys_sendmsg+0x1bd/0x2a0
[  589.933018][T21136]        do_syscall_64+0x15f/0xf80
[  589.938181][T21136]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.944803][T21136] 
[  589.944803][T21136] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  589.952048][T21136]        __lock_acquire+0x15a5/0x2cf0
[  589.957460][T21136]        lock_acquire+0x106/0x350
[  589.962518][T21136]        fs_reclaim_acquire+0x71/0x100
[  589.968011][T21136]        __kmalloc_cache_noprof+0x40/0x660
[  589.973854][T21136]        get_device_parent+0x255/0x3a0
[  589.979338][T21136]        device_add+0x2e1/0xbb0
[  589.984228][T21136]        firmware_fallback_sysfs+0x2e4/0xa30
[  589.990303][T21136]        _request_firmware+0x1052/0x1780
[  589.995976][T21136]        request_firmware+0x36/0x50
[  590.001219][T21136]        reg_reload_regdb+0x95/0x490
[  590.006632][T21136]        genl_family_rcv_msg_doit+0x22a/0x330
[  590.012789][T21136]        genl_rcv_msg+0x61c/0x7a0
[  590.017888][T21136]        netlink_rcv_skb+0x232/0x4b0
[  590.023341][T21136]        genl_rcv+0x28/0x40
[  590.027914][T21136]        netlink_unicast+0x75c/0x8e0
[  590.033351][T21136]        netlink_sendmsg+0x813/0xb40
[  590.038672][T21136]        ____sys_sendmsg+0x972/0x9f0
[  590.043989][T21136]        ___sys_sendmsg+0x2a5/0x360
[  590.049222][T21136]        __x64_sys_sendmsg+0x1bd/0x2a0
[  590.054720][T21136]        do_syscall_64+0x15f/0xf80
[  590.059972][T21136]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.066522][T21136] 
[  590.066522][T21136] other info that might help us debug this:
[  590.066522][T21136] 
[  590.077054][T21136] Chain exists of:
[  590.077054][T21136]   fs_reclaim --> cpuhp_state-up --> gdp_mutex
[  590.077054][T21136] 
[  590.089094][T21136]  Possible unsafe locking scenario:
[  590.089094][T21136] 
[  590.096753][T21136]        CPU0                    CPU1
[  590.102142][T21136]        ----                    ----
[  590.107794][T21136]   lock(gdp_mutex);
[  590.111721][T21136]                                lock(cpuhp_state-up);
[  590.118690][T21136]                                lock(gdp_mutex);
[  590.125344][T21136]   lock(fs_reclaim);
[  590.129369][T21136] 
[  590.129369][T21136]  *** DEADLOCK ***
[  590.129369][T21136] 
[  590.137546][T21136] 3 locks held by syz.0.4090/21136:
[  590.142774][T21136]  #0: ffffffff8fe3e608 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  590.151100][T21136]  #1: ffffffff8e7f9ae8 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xfc/0x2c0
[  590.161515][T21136]  #2: ffffffff8f38d3a0 (gdp_mutex){+.+.}-{4:4}, at: get_device_parent+0x16f/0x3a0
[  590.170895][T21136] 
[  590.170895][T21136] stack backtrace:
[  590.177104][T21136] CPU: 0 UID: 0 PID: 21136 Comm: syz.0.4090 Not tainted syzkaller #0 PREEMPT(full) 
[  590.177133][T21136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  590.177146][T21136] Call Trace:
[  590.177158][T21136]  <TASK>
[  590.177168][T21136]  dump_stack_lvl+0xe8/0x150
[  590.177196][T21136]  print_circular_bug+0x2e1/0x300
[  590.177224][T21136]  check_noncircular+0x12e/0x150
[  590.177257][T21136]  __lock_acquire+0x15a5/0x2cf0
[  590.177283][T21136]  ? lockdep_unlock+0x5d/0xd0
[  590.177298][T21136]  ? __lock_acquire+0x146e/0x2cf0
[  590.177317][T21136]  ? __mutex_lock+0x319/0x1550
[  590.177343][T21136]  ? __kmalloc_cache_noprof+0x40/0x660
[  590.177368][T21136]  lock_acquire+0x106/0x350
[  590.177386][T21136]  ? __kmalloc_cache_noprof+0x40/0x660
[  590.177416][T21136]  fs_reclaim_acquire+0x71/0x100
[  590.177441][T21136]  ? __kmalloc_cache_noprof+0x40/0x660
[  590.177468][T21136]  __kmalloc_cache_noprof+0x40/0x660
[  590.177493][T21136]  ? get_device_parent+0x255/0x3a0
[  590.177512][T21136]  ? do_raw_spin_unlock+0xf5/0x210
[  590.177662][T21136]  get_device_parent+0x255/0x3a0
[  590.177707][T21136]  device_add+0x2e1/0xbb0
[  590.177727][T21136]  firmware_fallback_sysfs+0x2e4/0xa30
[  590.177746][T21136]  ? kfree+0x1c5/0x640
[  590.177772][T21136]  _request_firmware+0x1052/0x1780
[  590.177806][T21136]  ? __pfx__request_firmware+0x10/0x10
[  590.177831][T21136]  ? netdev_run_todo+0xd5c/0xde0
[  590.177859][T21136]  ? __pfx_netdev_run_todo+0x10/0x10
[  590.177885][T21136]  request_firmware+0x36/0x50
[  590.177910][T21136]  reg_reload_regdb+0x95/0x490
[  590.177932][T21136]  ? __nla_parse+0x40/0x60
[  590.177958][T21136]  ? __pfx_reg_reload_regdb+0x10/0x10
[  590.177982][T21136]  genl_family_rcv_msg_doit+0x22a/0x330
[  590.178014][T21136]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  590.178046][T21136]  ? bpf_lsm_capable+0x9/0x20
[  590.178063][T21136]  ? security_capable+0x7e/0x2c0
[  590.178086][T21136]  genl_rcv_msg+0x61c/0x7a0
[  590.178115][T21136]  ? __pfx_genl_rcv_msg+0x10/0x10
[  590.178140][T21136]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  590.178156][T21136]  ? __pfx_nl80211_reload_regdb+0x10/0x10
[  590.178178][T21136]  ? __pfx_nl80211_post_doit+0x10/0x10
[  590.178197][T21136]  ? __pfx_ref_tracker_free+0x10/0x10
[  590.178226][T21136]  netlink_rcv_skb+0x232/0x4b0
[  590.178250][T21136]  ? __pfx_genl_rcv_msg+0x10/0x10
[  590.178279][T21136]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  590.178309][T21136]  ? down_read+0x270/0x2e0
[  590.178334][T21136]  ? genl_rcv+0xd/0x40
[  590.178361][T21136]  genl_rcv+0x28/0x40
[  590.178386][T21136]  netlink_unicast+0x75c/0x8e0
[  590.178409][T21136]  netlink_sendmsg+0x813/0xb40
[  590.178444][T21136]  ? __pfx_netlink_sendmsg+0x10/0x10
[  590.178467][T21136]  ? aa_sock_msg_perm+0xf1/0x1b0
[  590.178490][T21136]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  590.178514][T21136]  ____sys_sendmsg+0x972/0x9f0
[  590.178537][T21136]  ? __might_fault+0xaf/0x130
[  590.178561][T21136]  ? __pfx_____sys_sendmsg+0x10/0x10
[  590.178587][T21136]  ? import_iovec+0x73/0xa0
[  590.178613][T21136]  ___sys_sendmsg+0x2a5/0x360
[  590.178634][T21136]  ? __lock_acquire+0x6b5/0x2cf0
[  590.178655][T21136]  ? __pfx____sys_sendmsg+0x10/0x10
[  590.178682][T21136]  ? futex_wait+0x2a2/0x390
[  590.178718][T21136]  ? __fget_files+0x2a/0x420
[  590.178738][T21136]  ? __fget_files+0x3a0/0x420
[  590.178762][T21136]  __x64_sys_sendmsg+0x1bd/0x2a0
[  590.178785][T21136]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  590.178811][T21136]  ? rcu_is_watching+0x15/0xb0
[  590.178836][T21136]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.178854][T21136]  do_syscall_64+0x15f/0xf80
[  590.178874][T21136]  ? trace_irq_disable+0x3b/0x140
[  590.178900][T21136]  ? clear_bhb_loop+0x40/0x90
[  590.178920][T21136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.178937][T21136] RIP: 0033:0x7f67dc19cdd9
[  590.178954][T21136] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  590.178970][T21136] RSP: 002b:00007f67dd02c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  590.178990][T21136] RAX: ffffffffffffffda RBX: 00007f67dc415fa0 RCX: 00007f67dc19cdd9
[  590.179003][T21136] RDX: 0000000020008004 RSI: 00002000000006c0 RDI: 0000000000000004
[  590.179014][T21136] RBP: 00007f67dc232d69 R08: 0000000000000000 R09: 0000000000000000
[  590.179025][T21136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  590.179035][T21136] R13: 00007f67dc416038 R14: 00007f67dc415fa0 R15: 00007ffffb9a47f8
[  590.179056][T21136]  </TASK>