last executing test programs:

3.95329718s ago: executing program 1 (id=3947):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x52, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0xf, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$tun(r1, &(0x7f0000000340)=ANY=[], 0x141)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0xffffffffffffffff, &(0x7f00000001c0)=0xa4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fcdbdf2505000000080003000600000008000200060085"], 0x24}, 0x1, 0x0, 0x0, 0x4015}, 0x40000c0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000043d623131d37dbacb063aaba59eb44c4816ad0678a7399a1c4775aa02886e5a47c6df74737c42c5f4500cda673e46ad0e58358e3d3b2db1e56211d12226338ff0fc039fa805a74ea704f1fb5deaa1960eea3abedc89e79b0943158f02c00a7d1ca6873311e940b39b02bfc7d081f2528463eb6154fdac0b975ea71f8495ab1ff5d80f4aae87e12d4b0145b1e72ff40fdcc076faf04fcac36247826b340ab3b7e0912888bc0eb041d94a5bafbd445d2fd"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x9, 0x9}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000980)="62040200000000000000002f", 0xc}], 0x1}, 0x4010)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b40000007f"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r7, @ANYBLOB="00000000000000006100ed0000000000180000000000000000000000000000009500000000000000b51a00000000000095000000000000001315c1"], &(0x7f0000000000)='GPL\x00', 0x4, 0x1e, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x900}, 0x21)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002cbd7000fddbdf2508000000180004801300010062726f61646361d5e6ca337342e4cf"], 0x2c}, 0x1, 0x0, 0x0, 0x844}, 0x4000000)
socket$inet(0xa, 0x801, 0x84)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10)
ppoll(&(0x7f0000000500)=[{r10}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x5, 0xfffffffffffffffe, 0x3, 0xfffffffffffffffd, 0x400000000000}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x9}, 0x0, 0x0)
listen(r6, 0x0)

2.972843845s ago: executing program 1 (id=3966):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18200000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

2.830974879s ago: executing program 1 (id=3968):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r1, 0x0, 0x9}, 0x18)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
close(r3)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000440)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local, {[@generic={0x86, 0x7, "0441b6ccdc"}]}}, {{0x4e23, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
bpf$MAP_CREATE(0x25, 0x0, 0x0)
setsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, 0x0)

2.753123124s ago: executing program 1 (id=3969):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0xfffffffffffffd5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x4)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r3, 0x0, 0x0, 0x50)
connect$unix(r2, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f0000000340)={'sit0\x00', 0x0, 0x7800, 0x700, 0x8, 0x8a7a, {{0x1a, 0x4, 0x1, 0x17, 0x68, 0x68, 0x0, 0x8, 0x29, 0x0, @empty, @rand_addr=0x64010100, {[@timestamp_prespec={0x44, 0x4, 0x11, 0x3, 0x5}, @timestamp={0x44, 0x4, 0xc9, 0x0, 0xc}, @timestamp_prespec={0x44, 0x3c, 0x89, 0x3, 0x6, [{@empty, 0x1}, {@private=0xa010101, 0x80000000}, {@multicast1, 0x4}, {@loopback, 0x1800000}, {@multicast2}, {@private=0xa010100, 0x7}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x6}]}, @ssrr={0x89, 0xf, 0xb3, [@remote, @private=0xa010101, @local]}]}}}}})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet6_tcp_buf(r4, 0x6, 0xe, &(0x7f0000000100)="c9", 0x1)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r4, 0x6, 0x15, &(0x7f0000000240)=0x52, 0x4)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a670f, 0x40)
getpid()
socket$nl_route(0x10, 0x3, 0x0)

2.602894424s ago: executing program 1 (id=3972):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffa42}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x200}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x840)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @private=0xa010101}})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = socket$kcm(0x10, 0x3, 0x10)
recvmsg(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10000)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000036000b63d25a595c779f10ce0630fc60", 0x14}], 0x1}, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r6, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
write$cgroup_pid(r2, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000016000000b30000007f00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="000000000000000000000000000000000000000000f4ff0000000000cdf3916e3ede162e3ad4cb19b13837d7e41ecbb41b69c7785e9e0d7039ebb698f288fe14d9394cde"], 0x50)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c000280080005000100"], 0x74}}, 0x0)

1.503928038s ago: executing program 2 (id=3992):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="183f0000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.430107918s ago: executing program 2 (id=3994):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$rds(0x15, 0x5, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=0x4)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x4, 0x4, 0xf, 0x4804, 0x1, 0x6, '\x00', r1, r2, 0x1, 0x5, 0x1, 0x4}, 0x50)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e20, @rand_addr=0x64010100}, {0x2, 0x4e23, @remote}, {0x2, 0x4e25, @loopback}, 0x4, 0x0, 0x0, 0x0, 0x101, 0x0, 0x8, 0x1550b5e4, 0xa})
write$tun(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="06000000040000000400000002"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f00000005c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)
bind$rds(r0, &(0x7f0000000480)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
unshare(0x400)
r10 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r10, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.123296217s ago: executing program 0 (id=4000):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x3e}}}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0xfffffffd}, @NL80211_ATTR_CQM_RSSI_THOLD={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={'veth0_to_team\x00', @remote})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r3, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="59cf6d08929b00000000080000001400018006000100458986be080005"], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x58}}, 0x880)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, 0x0, 0x800)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
r8 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3}}}, 0x108)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x42004100}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)=@bridge_getneigh={0x74, 0x1e, 0x20, 0x70bd2c, 0x25dfdbfb, {0x7, 0x0, 0x0, 0x0, 0x10400, 0x41240}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x4}, @IFLA_AF_SPEC={0x34, 0x1a, 0x0, 0x1, [@AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8, 0x17, 0x0, 0x0, 0xffffffff}, {0x8, 0x9, 0x0, 0x0, 0x8}, {0x8, 0x13, 0x0, 0x0, 0x4}, {0x8, 0x0, 0x0, 0x0, 0x800}, {0x8, 0x1f, 0x0, 0x0, 0x9}]}}]}, @IFLA_PROP_LIST={0x18, 0x34, 0x0, 0x1, [{0x14, 0x35, 'bond_slave_0\x00'}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x24000000}, 0x4040100)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r11}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020206e2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000888500000073000000850000000e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.118261993s ago: executing program 2 (id=4001):
r0 = socket$inet6(0xa, 0x2, 0x3a)
socket$packet(0x11, 0xa, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendto$inet6(r0, &(0x7f0000000240)="800034ca269bb73c", 0x8, 0x2004c080, &(0x7f0000000040)={0xa, 0xfffd, 0xc9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c)

1.100469098s ago: executing program 3 (id=4002):
r0 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
r2 = accept4(r0, &(0x7f0000000300)=@phonet, &(0x7f0000000240)=0x80, 0x0)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000380)={0x0, 0xe9f, 0x3, [0x80, 0x9, 0x67a4]}, 0xe) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0) (async)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000540000005400000002000000000000"], 0x0, 0x6e, 0x0, 0x1}, 0x28)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x0) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000007001000040000002500000001200000", @ANYRES32, @ANYBLOB='\x00\x00@\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000240), 0x2000cc0, r5}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r5}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000002c0)={r5, &(0x7f00000001c0), &(0x7f0000000040)=""/30}, 0x20)
r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r4)
sendmsg$NLBL_CALIPSO_C_ADD(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc840}, 0x20020000) (async)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x5, 0x2)

969.394657ms ago: executing program 3 (id=4004):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x4, 0x2}, 0x4)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000080)=""/80, &(0x7f0000000100)=0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0xd, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000feffffff00000000feffffff1801000020204a250000000000202020791af8ff00000000bfa100005d8e000007070000f8ffffffb702000008000000b703000004000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x1, 0x7, &(0x7f0000000040)=""/7, 0x0, 0x24, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)

833.062508ms ago: executing program 3 (id=4005):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1800000072009fb30000000000000000070000009e"], 0x18}}, 0x0)
sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRESHEX=r1, @ANYRES16=r0, @ANYRESHEX=r0], 0x7c}}, 0x0)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r4, r4, 0x1, 0x3, &(0x7f0000000240)='\x00\x00]', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r1)

743.069331ms ago: executing program 2 (id=4006):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18600000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

728.034135ms ago: executing program 0 (id=4007):
r0 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2711, @host}, 0x10)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000140)=0x2, 0x4)
r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r1)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r3 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r1, 0x0, 0x3, &(0x7f0000000080)='(-\x00'}, 0x30)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r4=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

705.456542ms ago: executing program 3 (id=4008):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000040000000400000004"], 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0x0, <r1=>0x0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1c, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000003000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
writev(r4, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0xf3a, 0x0)
shutdown(r4, 0x1)
splice(r3, 0x0, r7, 0x0, 0x80, 0x6)
write(r7, &(0x7f0000003300)="ac", 0x1)
write(r5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x2, 0x200000000000001, 0x0)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r9=>0x0})
r10 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r9, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r8, @ANYRES32=r10], 0x44}}, 0x0)

646.866228ms ago: executing program 2 (id=4009):
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002"], 0x3c}, 0x1, 0x0, 0x0, 0x2000082e}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x4000)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, 0x19, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x8004)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='blkio.bfq.group_wait_time\x00', 0x0, 0x0)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000440), r0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'syztnl2\x00', &(0x7f0000000480)={'syztnl1\x00', <r6=>0x0, 0x4, 0xa5, 0x0, 0x2, 0x61, @dev={0xfe, 0x80, '\x00', 0x3e}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x2ff78dbc57c23f9b, 0xfffffffe, 0x14fa7a2f}})
sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x30, r5, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r6}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x30}}, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800452e00380066000008019078ff0f0000ac141417050290787f000001455f0501006607f2482f000f00000000ac1414bb000022eb00000000d97ec90f65365aac231c530ef95c28f2822a7f70f0961217233d52ff9297c16ceb12021018869ab17dec932bab0a"], 0x0)
syz_emit_ethernet(0x86, &(0x7f0000001500)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0xd}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8908981864d689ac43445c1c26e95299e94ccad8794114ae3061e328af342f99", "e4d0ce57abcb41f7f5c8ab8f63dd38a1", {"bb3ce5a4bbb68671a2892fa0317a823c", "be9d98ca816f77013a778b6c40b49ea9"}}}}}}}, 0x0)
sendmsg$netlink(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f0001000000000000000000020100800c0001000300000000000000140003"], 0x114}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x24, r2, 0x5, 0xfffffffd, 0x2, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4810)
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, r2, 0x10, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x18}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000084}, 0x20040800)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840)
r9 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8b24, &(0x7f0000000000)={'wlan0\x00'})
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="14010000340001000000000000000000010100800c0007000000000000000000140003"], 0x114}], 0x1, 0x0, 0x0, 0x40}, 0x0)

646.196983ms ago: executing program 4 (id=4010):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x22}, @jmp={0x5, 0x0, 0x9, 0x0, 0x6, 0x40, 0xfffffffffffffff0}], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
listen(r0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0xfffffffffffffe01)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x31}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x7}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0)
accept(r0, 0x0, 0x0)

621.713287ms ago: executing program 0 (id=4011):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0x1, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb6b, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x80000001, 0xfffffffa, 0x0, 0x1, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0x0, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x40, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10000, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0xfffffffe, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x1, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}})
unshare(0x400)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x3, 0x0, 0x3, 0xe, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}]}, 0x70}, 0x1, 0x7}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newqdisc={0x34, 0x24, 0xd0b, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0x4, 0xd}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000001b00)="3fe6587946a998a3da3c60607ba0c7d8620b6f6e854d706849fd1f29b185130ef4d512a6cb54f137edb9ddf78554f1a6e7bc25d2cde0acbcd145568bbd977a0c4ecf845498079cc523700919730e50c2c29d1a69ae94bbc8faf7fed5d59bd9343c87b3cfd79254045f00cdeec023a186220d4d3d2e943f38b02903f2729edb02", 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x28, r7, 0x1, 0x0, 0x4, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}, @NL80211_BAND_60GHZ={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f000000a9c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r10, &(0x7f000000bb00)={0x0, 0x0, &(0x7f000000bac0)={&(0x7f000000b680)={0x24, r11, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x24}}, 0x80)
r12 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r12, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r13=>0x0})
bind$can_j1939(r12, &(0x7f0000000540)={0x1d, r3, 0x8000000000000005, {0x1, 0x1, 0x4}}, 0x18)
sendto$packet(r0, &(0x7f0000000580)="f4f05add44c394f305bb49b98799", 0xe, 0x0, &(0x7f0000000440)={0x11, 0xf5, r13, 0x1, 0x0, 0x6, @multicast}, 0x14)

592.117806ms ago: executing program 4 (id=4012):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0xfffffffffffffd5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x4)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r3, 0x0, 0x0, 0x50)
connect$unix(r2, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f0000000340)={'sit0\x00', 0x0, 0x7800, 0x700, 0x8, 0x8a7a, {{0x22, 0x4, 0x1, 0x17, 0x88, 0x68, 0x0, 0x8, 0x29, 0x0, @empty, @rand_addr=0x64010100, {[@timestamp_prespec={0x44, 0x4, 0x11, 0x3, 0x5}, @timestamp={0x44, 0x24, 0xc9, 0x0, 0xc, [0x0, 0x4, 0xf4f, 0x7f, 0x7ff, 0x3, 0xffff, 0x80]}, @timestamp_prespec={0x44, 0x3c, 0x89, 0x3, 0x6, [{@empty, 0x1}, {@private=0xa010101, 0x80000000}, {@multicast1, 0x4}, {@loopback, 0x1800000}, {@multicast2}, {@private=0xa010100, 0x7}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x6}]}, @ssrr={0x89, 0xf, 0xb3, [@remote, @private=0xa010101, @local]}]}}}}})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet6_tcp_buf(r4, 0x6, 0xe, &(0x7f0000000100)="c9", 0x1)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r4, 0x6, 0x15, &(0x7f0000000240)=0x52, 0x4)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a670f, 0x40)
getpid()
socket$nl_route(0x10, 0x3, 0x0)

573.364089ms ago: executing program 2 (id=4013):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000200), 0xffffffc1)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0xf37, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xb, &(0x7f0000000a80)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4e}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_LIST_RULES(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x10, 0x3f5, 0x100, 0x70bd27, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x20008000)

466.078219ms ago: executing program 0 (id=4014):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001080)=ANY=[@ANYBLOB="e0000000100001002dbd7000fcdbdf256563622861726334292d67656e6572696300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000410000000000000000000000000000004dba00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470ac1ee9da3f1d4fc97150000000000000000000000000000000000000000000000040000002000"/224], 0xe0}, 0x1, 0x0, 0x0, 0x24008805}, 0x80)
getsockname(r0, &(0x7f0000001100)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x0)

465.518391ms ago: executing program 4 (id=4015):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f00000000c0))
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
accept(r2, &(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @private}}, &(0x7f0000000080)=0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100), &(0x7f0000000140)=0x4)
sendmsg$kcm(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)

378.839481ms ago: executing program 3 (id=4016):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0xa0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$isdn(0x22, 0x3, 0x25)
setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f00000001c0)=0x1, 0x4) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r6) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r7=>0x0}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r4, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000825bd7000ffdbdf251c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c000600030000000000000008000300", @ANYRES32=0x0, @ANYBLOB="0c000600020000000200000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r7, @ANYBLOB="2c000600830004000000000008000300ea273814b53822e6dcf5aed60ff5370bd706e45e634b", @ANYRES32=r8, @ANYBLOB="0c0006000300000000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) (async)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x5, &(0x7f0000000000)=0x9, 0x4)

303.625718ms ago: executing program 3 (id=4017):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000340)={'gre0\x00', &(0x7f0000000440)={'syztnl0\x00', <r1=>0x0, 0x7800, 0xd0, 0x3f43, 0x9, {{0x21, 0x4, 0x1, 0x3, 0x84, 0x68, 0x0, 0xec, 0x2f, 0x0, @local, @local, {[@timestamp={0x44, 0x1c, 0x5e, 0x0, 0x4, [0x0, 0x9, 0x9, 0x1ff, 0x0, 0xce]}, @lsrr={0x83, 0x1b, 0xb9, [@empty, @broadcast, @rand_addr=0x64010100, @rand_addr=0x64010102, @empty, @multicast1]}, @timestamp={0x44, 0x20, 0x7a, 0x0, 0x8, [0x4, 0x1, 0xdf21, 0x400, 0x6, 0x7, 0x6]}, @ssrr={0x89, 0x17, 0xff, [@broadcast, @dev={0xac, 0x14, 0x14, 0x36}, @local, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @end]}}}}})
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/user\x00')
r4 = socket(0xa, 0x3, 0x3a)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
setsockopt$MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x200}, 0x3a)
setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000080)=0x8, 0x4)
ioctl$NS_GET_PARENT(r3, 0xb702, 0x0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0xffe}, 0x10)
write(r6, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40ac00e000000", 0x41d)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_ext={0x1c, 0x8, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x0, 0x1, 0x6, 0x7, 0x5, 0x20, 0xffffffffffffffff}, @alu={0x7, 0x0, 0x0, 0x1b, 0x6, 0xffffffffffffffe0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x3}, @ldst={0x3, 0x1, 0x0, 0x2, 0xa, 0xfffffffffffffff8}]}, &(0x7f0000000580)='GPL\x00', 0x6, 0x13, &(0x7f0000000600)=""/19, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xd, 0x4988, 0x10000}, 0x10, 0x264e4, 0xffffffffffffffff, 0x4, &(0x7f00000006c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000700)=[{0x5, 0x3, 0x9, 0x9}, {0x5, 0x2, 0xd, 0x8}, {0x4, 0x2, 0x2, 0x8}, {0x3, 0x4, 0x6, 0x4}], 0x10, 0x7}, 0x94)
r8 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000840)=@generic={&(0x7f0000000800)='./file0\x00'}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0xf, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000d0000000000000007000000180100002020784100004428e62020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000085dd36aa000000260000001800000007000000000000000101000095000000000000009500000000"], &(0x7f0000000900)='GPL\x00', 0xe, 0x1000, &(0x7f0000001000)=""/4096, 0x41000, 0xd, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x7, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f00000009c0)=[{0x4, 0x4, 0xb, 0x8}, {0x5, 0x3, 0x8, 0xc}, {0x7, 0x3, 0x8, 0x1}, {0x3, 0x5, 0x7, 0x1}, {0x2, 0x3, 0xe, 0x2}, {0x0, 0x3, 0xf, 0xb}, {0x5, 0x1, 0x1, 0xc}, {0x3, 0x1, 0x1, 0x8}], 0x10, 0xfffffffd}, 0x94)
pipe(&(0x7f0000000340)={<r10=>0xffffffffffffffff})
close(r10)
sendmsg$nl_route(r0, &(0x7f0000000c00)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="840000001000000426bd7000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="709001008160000005001100ff0000003c002b8008000800", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00\b\x00', @ANYRES32=r7, @ANYBLOB="08000100cf5cd454bb436217aae5b3b827502e082b97a1739c", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB='\b\x00\b\x00', @ANYRES32=r10, @ANYBLOB="080003000f00000008000f00ff7f0000180022001b177e6720650a9f0c58d9ec95229a39b11f5959"], 0x84}, 0x1, 0x0, 0x0, 0xc044}, 0x44091)
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r12 = accept4(r11, 0x0, 0x0, 0x0)
sendmmsg$alg(r12, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}, {&(0x7f0000000200)=""/83, 0x53}], 0x3a}, 0x0)
ioctl$int_in(r12, 0x5452, &(0x7f0000000500)=0xd0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r12)
bind$alg(r11, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12-simd\x00'}, 0x58)
sendmsg$alg(r12, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004011}, 0x4c040)

265.973433ms ago: executing program 4 (id=4018):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='highspeed\x00', 0xa)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000680001"], 0x24}}, 0x0)

170.803712ms ago: executing program 0 (id=4019):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b32fe43e4e0046090447105009b87830161b9422dac9c000000080003000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5, r0}, 0x38) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x23}, 0x38)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_WOL_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)={0x34, r5, 0x1, 0x70bd2d, 0x0, {0x1b}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x34}}, 0x4000000) (async)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000002000010300000000000000000200000000000000000000001400030076"], 0x30}}, 0x0) (async)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0x4c, r7, 0x0, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffffff}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4bbbf3ed}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040851}, 0x20000000)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000a1fb00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="942a000004000600140012800900f17966297c0054d801007665746800000400b8ff028008ee120085bf2129f82ed29b9e05dffc2e7a5ac9b1038a7769bc8e0c2c3f8c5ee3e45debbb911a2a", @ANYRES32=0x0, @ANYBLOB="0800250002000000"], 0x44}}, 0x4008040)

140.227918ms ago: executing program 4 (id=4020):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18700000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

51.594514ms ago: executing program 1 (id=4021):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
openat$tun(0xffffffffffffff9c, 0x0, 0x42901, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r0, &(0x7f0000000300), 0x0)

2.597321ms ago: executing program 0 (id=4022):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, &(0x7f0000000400), 0x8)
listen(r2, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r3, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
listen(r3, 0x86a)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x41}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000006fdfe17f007b50dc000018110000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r5}, 0x38)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000280)={'syztnl1\x00', <r6=>0x0, 0x4, 0x8, 0xad, 0x7ff, 0x13, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, 0x1, 0x700, 0x1, 0x5}})
socket$nl_route(0x10, 0x3, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='mctp_key_acquire\x00', r7, 0x0, 0xd}, 0x18)
r8 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000240)={r8})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xf, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6f285c1, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r12, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4)
setsockopt$sock_attach_bpf(r12, 0x1, 0x34, &(0x7f00000000c0)=r11, 0x4)
listen(r12, 0x0)
close(r12)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r10, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_lsm={0x1d, 0x26, &(0x7f00000009c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xe65}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@ldst={0x2, 0x3, 0x6, 0xb, 0x3, 0xfffffffffffffffc, 0xffffffffffffffff}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6b8aae73}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x29, 0x12, &(0x7f0000000240)=""/18, 0x41100, 0x8, '\x00', r6, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0xb, 0xfffff87b, 0x1}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000580)=[r1, r9, r1, r0, r0, r0, r1, r0, r1, r1], &(0x7f00000005c0)=[{0x5, 0x4, 0xd, 0x5}, {0x4, 0x1, 0x10, 0x8}, {0x1, 0x3, 0xf, 0x3}, {0x5, 0x5, 0x6, 0x2}, {0x3, 0x2, 0x7}, {0x1, 0x1, 0x4}, {0x3, 0x1, 0xd, 0x1}], 0x10, 0x7}, 0x94)

0s ago: executing program 4 (id=4023):
socket$packet(0x11, 0xa, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x20104, 0x4, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r1, &(0x7f0000000040), 0x0}, 0x20)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4800)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8402491a0c4050000000000f6542a9b0500000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00')
ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0)
close(0x3)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000000)=0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="8f", 0x1}], 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x90}, 0xc8c5)
ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x48, 0x0, 0x35, 0x2}, {0x6, 0x0, 0x0, 0x3}]})
write$ppp(r4, &(0x7f00000010c0)="1e00", 0x2)
r6 = socket(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x24009045)

kernel console output (not intermixed with test programs):

482245][T16717] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  388.762775][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  388.908891][T16717] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.990353][T16914] bridge0: left allmulticast mode
[  389.182809][T16919] __nla_validate_parse: 8 callbacks suppressed
[  389.182829][T16919] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3040'.
[  389.193278][T16717] veth0_vlan: entered promiscuous mode
[  389.263467][T16717] veth1_vlan: entered promiscuous mode
[  389.292647][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  389.372552][T16717] veth0_macvtap: entered promiscuous mode
[  389.400070][T16717] veth1_macvtap: entered promiscuous mode
[  389.460583][T16717] batman_adv: batadv0: Interface activated: batadv_slave_0
[  389.494679][T16717] batman_adv: batadv0: Interface activated: batadv_slave_1
[  389.541787][   T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  389.581308][ T5086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  389.593170][ T5086] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  389.604889][ T5086] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  389.677389][T16935] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  389.698361][T16935] team0: Device macvtap1 is already an upper device of the team interface
[  389.849911][T16937] netlink: 'syz.4.3042': attribute type 4 has an invalid length.
[  389.867376][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.883873][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  389.902526][T16944] netlink: 'syz.4.3042': attribute type 4 has an invalid length.
[  389.902995][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.009601][T16949] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3044'.
[  390.032601][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.056612][T16943] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3044'.
[  390.069731][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.150992][   T51] Bluetooth: hci4: command tx timeout
[  390.173452][T16953] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2979'.
[  390.347574][T16965] team0: Port device dummy0 added
[  390.375562][T16966] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  390.409845][T16966] team0: Failed to send options change via netlink (err -105)
[  390.426883][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  390.461042][T16966] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  390.472897][T16966] team0: Port device dummy0 removed
[  390.656621][ T5867] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  390.664382][ T5867] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  390.671840][ T5867] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  390.679679][ T5867] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  390.687719][ T5867] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  390.906759][T16973] chnl_net:caif_netlink_parms(): no params data found
[  390.980952][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  391.063518][T16973] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.081366][T16973] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.088677][T16973] bridge_slave_0: entered allmulticast mode
[  391.112694][T16973] bridge_slave_0: entered promiscuous mode
[  391.126652][T16996] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3057'.
[  391.133328][T16973] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.172137][T16973] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.179417][T16973] bridge_slave_1: entered allmulticast mode
[  391.214399][T16973] bridge_slave_1: entered promiscuous mode
[  391.263767][T16996] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3057'.
[  391.266437][T16973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.294889][T16994] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3055'.
[  391.368558][T16973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.458993][T16973] team0: Port device team_slave_0 added
[  391.488417][T16973] team0: Port device team_slave_1 added
[  391.537306][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  391.563366][T17009] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3060'.
[  391.579655][T16973] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.587308][T16973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.615612][T16973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.659729][   T30] audit: type=1800 audit(1756162429.208:10): pid=17007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3055" name="cgroup.controllers" dev="tmpfs" ino=23 res=0 errno=0
[  391.737142][T16973] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.753349][T16973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.812722][T16973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.899698][T16973] hsr_slave_0: entered promiscuous mode
[  391.906908][T16973] hsr_slave_1: entered promiscuous mode
[  391.914897][T16973] debugfs: 'hsr0' already exists in 'hsr'
[  391.931470][T16973] Cannot create hsr debugfs directory
[  392.017845][T17024] syzkaller1: entered promiscuous mode
[  392.024318][T17024] syzkaller1: entered allmulticast mode
[  392.091250][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  392.164356][T16973] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  392.177358][T16973] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.231958][ T5867] Bluetooth: hci4: command tx timeout
[  392.244451][T16973] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  392.290016][T16973] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.367301][T16973] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  392.378410][T16973] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.403872][T17036] dummy0: entered promiscuous mode
[  392.413663][T17035] dummy0: left promiscuous mode
[  392.458283][T17039] nbd: illegal input index -1
[  392.463825][T17039] openvswitch: netlink: Key type 10512 is out of range max 32
[  392.499906][T16973] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  392.527828][T16973] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.602928][T17041] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3069'.
[  392.622035][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  392.637910][T17041] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3069'.
[  392.710706][ T5867] Bluetooth: hci5: command tx timeout
[  392.779845][T16973] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  392.828656][T16973] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  392.859940][T16973] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  392.908259][T16973] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  393.059783][T16973] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.095042][T16973] 8021q: adding VLAN 0 to HW filter on device team0
[  393.117867][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.125061][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.164305][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.171500][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.203196][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  393.616996][T16973] 8021q: adding VLAN 0 to HW filter on device batadv0
[  393.765854][T16973] veth0_vlan: entered promiscuous mode
[  393.772092][T17094] validate_nla: 12 callbacks suppressed
[  393.772111][T17094] netlink: 'syz.1.3079': attribute type 10 has an invalid length.
[  393.772209][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  393.791917][T17093] netlink: 'syz.1.3079': attribute type 10 has an invalid length.
[  393.828088][T17094] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  393.869755][T16973] veth1_vlan: entered promiscuous mode
[  393.955700][T16973] veth0_macvtap: entered promiscuous mode
[  393.994046][T16973] veth1_macvtap: entered promiscuous mode
[  394.051213][T16973] batman_adv: batadv0: Interface activated: batadv_slave_0
[  394.086322][T16973] batman_adv: batadv0: Interface activated: batadv_slave_1
[  394.118305][ T7175] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.127260][ T7175] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.244479][ T7175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.298867][ T7175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.320750][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  394.433675][T17113] __nla_validate_parse: 3 callbacks suppressed
[  394.433694][T17113] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3084'.
[  394.500494][T17112] netlink: 'syz.1.3083': attribute type 1 has an invalid length.
[  394.509393][T17116] netlink: 'syz.1.3083': attribute type 1 has an invalid length.
[  394.530406][T17108] netlink: 'syz.2.3082': attribute type 4 has an invalid length.
[  394.531166][ T7175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.572510][T17108] netlink: 'syz.2.3082': attribute type 4 has an invalid length.
[  394.580736][ T7175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.643319][T17120] Unsupported ieee802154 address type: 0
[  394.680206][T17121] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3085'.
[  394.706537][T17121] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3085'.
[  394.746598][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.781569][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.791208][ T5867] Bluetooth: hci5: command tx timeout
[  394.828777][T17127] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3087'.
[  394.862116][T17132] mac80211_hwsim hwsim88 wlan1: entered allmulticast mode
[  394.874108][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  394.925963][T17132] bridge_slave_0: left allmulticast mode
[  394.943787][T17132] bridge_slave_0: left promiscuous mode
[  394.950072][T17132] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.991331][T17138] netlink: 'syz.0.3049': attribute type 10 has an invalid length.
[  395.040157][T17139] netlink: 'syz.2.3090': attribute type 2 has an invalid length.
[  395.122314][T17132] bridge_slave_1: left allmulticast mode
[  395.134872][T17132] bridge_slave_1: left promiscuous mode
[  395.149512][T17132] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.286074][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  395.294387][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  395.301900][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  395.309823][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  395.320736][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  395.397318][T17132] bond0: (slave bond_slave_0): Releasing backup interface
[  395.411667][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  395.432336][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  395.591575][T17132] bond0: (slave bond_slave_1): Releasing backup interface
[  395.615009][T17132] team0: Port device team_slave_0 removed
[  395.654039][T17132] team0: Port device team_slave_1 removed
[  395.672858][T17132] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  395.681172][T17132] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.696304][T17132] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.704572][T17132] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.737563][T17138] mac80211_hwsim hwsim88 wlan1: left allmulticast mode
[  395.748690][T17138] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  395.759522][T17140] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  395.769930][T17140] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  395.787766][T17140] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  395.802197][T17148] mac80211_hwsim hwsim86 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  395.934152][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  396.019447][T17144] syzkaller0: entered promiscuous mode
[  396.025218][T17144] syzkaller0: entered allmulticast mode
[  396.098666][T17168] Bluetooth: MGMT ver 1.23
[  396.326054][T17183] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3100'.
[  396.478055][T17141] chnl_net:caif_netlink_parms(): no params data found
[  396.703509][T17141] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.717360][T17141] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.725747][T17141] bridge_slave_0: entered allmulticast mode
[  396.735367][T17141] bridge_slave_0: entered promiscuous mode
[  396.755006][T17176] netlink: 'syz.3.3099': attribute type 4 has an invalid length.
[  396.881080][   T51] Bluetooth: hci5: command tx timeout
[  396.887051][T17207] netlink: 'syz.2.3102': attribute type 10 has an invalid length.
[  396.981029][   T36] net_ratelimit: 1 callbacks suppressed
[  396.981051][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  397.351169][   T51] Bluetooth: hci0: command tx timeout
[  397.445760][T17141] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.453819][T17141] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.470926][T17141] bridge_slave_1: entered allmulticast mode
[  397.482391][T17141] bridge_slave_1: entered promiscuous mode
[  397.511361][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  397.573396][T17198] bridge_slave_0: left allmulticast mode
[  397.579143][T17198] bridge_slave_0: left promiscuous mode
[  397.588349][T17198] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.590006][T17212] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3106'.
[  397.608915][T17198] bridge_slave_1: left allmulticast mode
[  397.615455][T17198] bridge_slave_1: left promiscuous mode
[  397.621221][T17198] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.634037][T17198] bond0: (slave bond_slave_0): Releasing backup interface
[  397.643808][T17198] bond0: (slave bond_slave_1): Releasing backup interface
[  397.657807][T17198] team0: Port device team_slave_0 removed
[  397.667319][T17198] team0: Port device team_slave_1 removed
[  397.675284][T17198] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.683320][T17198] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.693114][T17198] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.700529][T17198] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.715278][T17214] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3106'.
[  397.727362][T17198] team0: Port device geneve0 removed
[  397.748037][T17207] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  397.757810][T17208] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  397.768621][T17208] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  397.778415][T17208] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  397.795240][T17141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  397.836845][T17141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  397.896440][T17141] team0: Port device team_slave_0 added
[  397.905103][T17141] team0: Port device team_slave_1 added
[  397.926198][T17224] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3107'.
[  397.957334][T17141] batman_adv: batadv0: Adding interface: batadv_slave_0
[  397.965062][T17224] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3107'.
[  397.968538][T17141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  398.001481][T17141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  398.013817][T17141] batman_adv: batadv0: Adding interface: batadv_slave_1
[  398.022228][T17141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  398.049859][T17141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  398.072588][ T7175] wlan1: Trigger new scan to find an IBSS to join
[  398.087649][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  398.091505][ T5961] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  398.125808][T17141] hsr_slave_0: entered promiscuous mode
[  398.134844][T17141] hsr_slave_1: entered promiscuous mode
[  398.144286][T17141] debugfs: 'hsr0' already exists in 'hsr'
[  398.150227][T17141] Cannot create hsr debugfs directory
[  398.156638][T17232] lo speed is unknown, defaulting to 1000
[  398.173467][T17232] lo speed is unknown, defaulting to 1000
[  398.175808][T17235] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3112'.
[  398.197763][T17232] lo speed is unknown, defaulting to 1000
[  398.212372][T17232] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  398.244897][T17232] lo speed is unknown, defaulting to 1000
[  398.307425][T17232] lo speed is unknown, defaulting to 1000
[  398.329802][T17232] lo speed is unknown, defaulting to 1000
[  398.339124][T17232] lo speed is unknown, defaulting to 1000
[  398.346420][T17232] lo speed is unknown, defaulting to 1000
[  398.353009][T17232] lo speed is unknown, defaulting to 1000
[  398.359496][T17232] lo speed is unknown, defaulting to 1000
[  398.421066][ T5961] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  398.456390][T17240] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.463909][T17240] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.485696][T17244] Bluetooth: MGMT ver 1.23
[  398.533305][T17240] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  398.547016][T17240] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  398.625008][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  398.843892][   T13] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  398.846879][T17249] validate_nla: 10 callbacks suppressed
[  398.846903][T17249] netlink: 'syz.3.3115': attribute type 5 has an invalid length.
[  398.864339][   T13] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  398.894934][   T13] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  398.910827][T17243] lo speed is unknown, defaulting to 1000
[  398.912749][   T13] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  398.938542][T17254] lo speed is unknown, defaulting to 1000
[  398.943493][T17251] netlink: 'syz.0.3116': attribute type 4 has an invalid length.
[  398.953104][   T51] Bluetooth: hci5: command tx timeout
[  398.973481][T17251] netlink: 'syz.0.3116': attribute type 4 has an invalid length.
[  399.085647][T17141] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  399.099058][T17141] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  399.153379][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  399.175980][T17141] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  399.209078][T17141] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  399.227481][T17265] tap0: tun_chr_ioctl cmd 1074025677
[  399.234162][T17265] tap0: linktype set to 804
[  399.356997][T17141] 8021q: adding VLAN 0 to HW filter on device bond0
[  399.425349][T17141] 8021q: adding VLAN 0 to HW filter on device team0
[  399.451505][T17282] netlink: 'syz.0.3123': attribute type 10 has an invalid length.
[  399.451617][   T51] Bluetooth: hci0: command tx timeout
[  399.466907][ T7175] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.474091][ T7175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.532842][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.540030][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.592271][T17287] netlink: 'syz.2.3125': attribute type 12 has an invalid length.
[  399.600172][T17287] __nla_validate_parse: 5 callbacks suppressed
[  399.600192][T17287] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.3125'.
[  399.695048][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  399.697453][T17297] netlink: 'syz.0.3127': attribute type 1 has an invalid length.
[  399.731225][T17297] netlink: 'syz.0.3127': attribute type 3 has an invalid length.
[  399.757329][T17302] netlink: 'syz.0.3127': attribute type 7 has an invalid length.
[  399.766822][T17297] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3127'.
[  399.771553][T17302] netlink: 'syz.0.3127': attribute type 3 has an invalid length.
[  399.789769][T17302] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3127'.
[  399.879361][T17141] 8021q: adding VLAN 0 to HW filter on device batadv0
[  399.956909][T17306] lo speed is unknown, defaulting to 1000
[  400.028824][T17316] dvmrp0: left allmulticast mode
[  400.036223][T17316] pimreg: left allmulticast mode
[  400.178958][T17141] veth0_vlan: entered promiscuous mode
[  400.194016][T17141] veth1_vlan: entered promiscuous mode
[  400.225622][T17141] veth0_macvtap: entered promiscuous mode
[  400.232593][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  400.239486][T17141] veth1_macvtap: entered promiscuous mode
[  400.270155][T17141] batman_adv: batadv0: Interface activated: batadv_slave_0
[  400.290399][T17141] batman_adv: batadv0: Interface activated: batadv_slave_1
[  400.303850][ T7175] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.333187][ T7175] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  400.345158][ T7175] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  400.365071][ T7175] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  400.468818][ T7175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  400.493659][ T7175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  400.523938][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  400.533948][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  400.591866][T17340] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3137'.
[  400.680066][T17350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3138'.
[  400.819466][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  400.858197][T17362] netlink: 'syz.4.3141': attribute type 4 has an invalid length.
[  400.869544][T17370] IPVS: Unknown mcast interface: pim6reg
[  400.920132][T17360] 8021q: adding VLAN 0 to HW filter on device bond1
[  400.959320][T17360] erspan0: entered allmulticast mode
[  401.059777][T17383] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  401.073028][T17379] lo speed is unknown, defaulting to 1000
[  401.254561][T17402] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3149'.
[  401.306835][T17404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3150'.
[  401.362622][T17408] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3151'.
[  401.392941][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  401.527962][T17411] lo speed is unknown, defaulting to 1000
[  401.854611][ T5861] syz_tun (unregistering): left promiscuous mode
[  401.959865][T17428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3157'.
[  401.963278][ T5867] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  401.976608][ T5867] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  401.984082][ T5867] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  401.986083][T17432] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3158'.
[  401.992136][ T5867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  402.008818][ T5867] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  402.125732][T17429] lo speed is unknown, defaulting to 1000
[  402.355580][T17429] chnl_net:caif_netlink_parms(): no params data found
[  402.366908][T17445] syzkaller1: entered allmulticast mode
[  402.433630][ T7175] net_ratelimit: 1 callbacks suppressed
[  402.433651][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  402.537286][T17429] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.546498][T17429] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.559477][T17429] bridge_slave_0: entered allmulticast mode
[  402.567535][T17429] bridge_slave_0: entered promiscuous mode
[  402.596793][T17429] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.617573][T17429] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.642005][T17429] bridge_slave_1: entered allmulticast mode
[  402.652307][T17429] bridge_slave_1: entered promiscuous mode
[  402.706856][T17469] macvlan2: entered promiscuous mode
[  402.713845][T17469] hsr0: entered promiscuous mode
[  402.719178][T17469] macvlan2: entered allmulticast mode
[  402.725715][T17469] hsr0: entered allmulticast mode
[  402.731022][T17469] hsr_slave_0: entered allmulticast mode
[  402.736969][T17469] hsr_slave_1: entered allmulticast mode
[  402.766294][ T5961] IPVS: starting estimator thread 0...
[  402.807242][T17429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.820381][T17473] lo speed is unknown, defaulting to 1000
[  402.823102][T17429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.860887][T17474] IPVS: using max 52 ests per chain, 124800 per kthread
[  402.963442][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  402.992903][T17429] team0: Port device team_slave_0 added
[  403.034575][T17429] team0: Port device team_slave_1 added
[  403.111040][T17429] batman_adv: batadv0: Adding interface: batadv_slave_0
[  403.118405][T17429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.150507][T17429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.163332][T17429] batman_adv: batadv0: Adding interface: batadv_slave_1
[  403.170379][T17429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.197363][T17429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  403.445192][T17493] pimreg: entered allmulticast mode
[  403.472880][T17493] pimreg: left allmulticast mode
[  403.482930][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  403.563969][T17500] sctp: [Deprecated]: syz.0.3179 (pid 17500) Use of int in max_burst socket option.
[  403.563969][T17500] Use struct sctp_assoc_value instead
[  403.596279][T17429] hsr_slave_0: entered promiscuous mode
[  403.611639][T17429] hsr_slave_1: entered promiscuous mode
[  403.626438][T17429] debugfs: 'hsr0' already exists in 'hsr'
[  403.646782][T17429] Cannot create hsr debugfs directory
[  403.907484][T17515] team0: Port device dummy0 added
[  403.909310][T17520] validate_nla: 8 callbacks suppressed
[  403.909332][T17520] netlink: 'syz.0.3181': attribute type 10 has an invalid length.
[  404.023799][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  404.071103][ T5867] Bluetooth: hci1: command tx timeout
[  404.093742][T17520] team0: Port device dummy0 removed
[  404.103094][T17520] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  404.408864][T17534] atomic_op ffff8880825a2198 conn xmit_atomic 0000000000000000
[  404.519279][T17429] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  404.563357][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  404.589662][T17429] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  404.607818][T17540] netlink: 'syz.4.3190': attribute type 1 has an invalid length.
[  404.618801][T17540] netlink: 'syz.4.3190': attribute type 3 has an invalid length.
[  404.636436][T17541] __nla_validate_parse: 8 callbacks suppressed
[  404.636455][T17541] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3189'.
[  404.638381][T17540] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3190'.
[  404.651535][T17541] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  404.719240][T17429] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  404.739541][T17540] netlink: 'syz.4.3190': attribute type 7 has an invalid length.
[  404.747911][T17540] netlink: 'syz.4.3190': attribute type 3 has an invalid length.
[  404.757002][T17540] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3190'.
[  404.786532][T17429] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  404.796624][T17547] netlink: 'syz.1.3189': attribute type 4 has an invalid length.
[  405.005978][T17429] 8021q: adding VLAN 0 to HW filter on device bond0
[  405.044354][T17429] 8021q: adding VLAN 0 to HW filter on device team0
[  405.066517][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  405.073720][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  405.091093][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  405.098275][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  405.106272][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  405.357145][T17582] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3199'.
[  405.447467][T17429] 8021q: adding VLAN 0 to HW filter on device batadv0
[  405.469530][T17581] netlink: 'syz.4.3198': attribute type 4 has an invalid length.
[  405.522366][T17429] veth0_vlan: entered promiscuous mode
[  405.559761][T17585] lo speed is unknown, defaulting to 1000
[  405.571801][T17429] veth1_vlan: entered promiscuous mode
[  405.615374][T17590] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3201'.
[  405.679354][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  405.808181][T17429] veth0_macvtap: entered promiscuous mode
[  405.810960][T17598] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3204'.
[  405.820398][T17429] veth1_macvtap: entered promiscuous mode
[  405.839117][T17596] lo speed is unknown, defaulting to 1000
[  405.887638][T17429] batman_adv: batadv0: Interface activated: batadv_slave_0
[  406.036931][T17429] batman_adv: batadv0: Interface activated: batadv_slave_1
[  406.109853][T17612] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  406.125918][ T7175] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  406.138843][ T7175] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  406.159889][ T5867] Bluetooth: hci1: command tx timeout
[  406.192405][ T7175] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  406.214260][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  406.226669][ T7175] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  406.344288][ T3529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.379414][ T3529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.432628][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.456718][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.571915][T17642] netlink: 'syz.4.3213': attribute type 4 has an invalid length.
[  406.672564][T17634] lo speed is unknown, defaulting to 1000
[  406.744294][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  406.774199][T17652] netlink: 248 bytes leftover after parsing attributes in process `syz.3.3217'.
[  407.230356][T17659] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3218'.
[  407.369750][T17663] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3220'.
[  407.483145][T17674] netlink: 'syz.4.3222': attribute type 1 has an invalid length.
[  407.519080][T17674] netlink: 'syz.4.3222': attribute type 3 has an invalid length.
[  407.534957][T17674] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3222'.
[  407.575621][T17673] tipc: Started in network mode
[  407.583715][T17673] tipc: Node identity d2fbc951b9a2, cluster identity 4711
[  407.612854][T17673] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  407.651796][T17678] syzkaller0: entered promiscuous mode
[  407.657572][T17678] syzkaller0: entered allmulticast mode
[  407.666991][T17680] tipc: Started in network mode
[  407.679828][T17680] tipc: Node identity de135a414d3d, cluster identity 4711
[  407.693650][T17680] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  407.735209][T17680] syzkaller0: entered promiscuous mode
[  407.747640][T17680] syzkaller0: entered allmulticast mode
[  407.767789][T17671] tipc: Resetting bearer <eth:syzkaller0>
[  407.779774][T17671] tipc: Disabling bearer <eth:syzkaller0>
[  407.816349][T17680] tipc: Resetting bearer <eth:syzkaller0>
[  407.823156][T17682] lo speed is unknown, defaulting to 1000
[  407.830229][   T49] net_ratelimit: 1 callbacks suppressed
[  407.830247][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  407.876262][T17679] tipc: Resetting bearer <eth:syzkaller0>
[  407.906841][T17679] tipc: Disabling bearer <eth:syzkaller0>
[  407.977425][T17698] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input6
[  408.050503][T17700] dvmrp1: tun_chr_ioctl cmd 1074025677
[  408.065729][T17700] dvmrp1: linktype set to 4
[  408.179611][T17711] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  408.233715][ T5867] Bluetooth: hci1: command tx timeout
[  408.407672][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  408.587787][T17723] lo speed is unknown, defaulting to 1000
[  408.945698][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  408.991708][T17745] validate_nla: 6 callbacks suppressed
[  408.991728][T17745] netlink: 'syz.2.3250': attribute type 4 has an invalid length.
[  409.054037][T17745] ip6gre1: entered allmulticast mode
[  409.072594][T17760] netlink: 'syz.3.3252': attribute type 1 has an invalid length.
[  409.129360][T17762] tipc: Started in network mode
[  409.144684][T17762] tipc: Node identity 7295c1a18a2d, cluster identity 4711
[  409.167657][T17762] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.185843][T17766] syzkaller0: entered promiscuous mode
[  409.207147][T17766] syzkaller0: entered allmulticast mode
[  409.234585][T17771] netlink: 'syz.2.3254': attribute type 1 has an invalid length.
[  409.274246][T17762] tipc: Resetting bearer <eth:syzkaller0>
[  409.274565][T17771] netlink: 'syz.2.3254': attribute type 3 has an invalid length.
[  409.312342][T17761] tipc: Resetting bearer <eth:syzkaller0>
[  409.323614][T17773] netlink: 'syz.3.3255': attribute type 2 has an invalid length.
[  409.343626][T17761] tipc: Disabling bearer <eth:syzkaller0>
[  409.360408][T17773] syzkaller1: entered promiscuous mode
[  409.369882][T17773] syzkaller1: entered allmulticast mode
[  409.392813][T17771] netlink: 'syz.2.3254': attribute type 7 has an invalid length.
[  409.416930][T17771] netlink: 'syz.2.3254': attribute type 3 has an invalid length.
[  409.517990][T17781] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  409.529078][T17781] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  409.542813][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  409.587967][T17781] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  409.627403][T17781] bond0 (unregistering): Released all slaves
[  410.107736][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  410.179200][T17809] ip6gre1: left allmulticast mode
[  410.195355][ T5917] lo speed is unknown, defaulting to 1000
[  410.215528][ T5917] syz1: Port: 1 Link DOWN
[  410.238300][ T5086] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.256659][ T5086] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.307514][ T5086] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.319439][   T51] Bluetooth: hci1: command tx timeout
[  410.336678][T17828] __nla_validate_parse: 14 callbacks suppressed
[  410.336698][T17828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3271'.
[  410.356390][ T5086] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.365444][T17828] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3271'.
[  410.377843][T17828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3271'.
[  410.388271][T17828] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3271'.
[  410.671679][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  410.704222][T17856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3272'.
[  410.936958][T17856] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.018669][T17856] bridge_slave_1 (unregistering): left allmulticast mode
[  411.039016][T17856] bridge_slave_1 (unregistering): left promiscuous mode
[  411.049226][T17856] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.077619][T17855] syzkaller1: entered promiscuous mode
[  411.085652][T17855] syzkaller1: entered allmulticast mode
[  411.100536][T17854] lo speed is unknown, defaulting to 1000
[  411.144924][T17871] lo speed is unknown, defaulting to 1000
[  411.156851][T17869] netlink: 'syz.2.3279': attribute type 4 has an invalid length.
[  411.195585][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  411.274307][T17878] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  411.313674][T17878] syzkaller0: entered promiscuous mode
[  411.327987][T17878] syzkaller0: entered allmulticast mode
[  411.387255][T17888] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3283'.
[  411.428924][T17878] tipc: Resetting bearer <eth:syzkaller0>
[  411.516815][T17877] tipc: Resetting bearer <eth:syzkaller0>
[  411.769038][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  411.794331][T17877] tipc: Disabling bearer <eth:syzkaller0>
[  411.860991][T17910] lo speed is unknown, defaulting to 1000
[  411.898138][T17912] netlink: 'syz.3.3291': attribute type 16 has an invalid length.
[  411.927049][T17912] netlink: 'syz.3.3291': attribute type 17 has an invalid length.
[  411.957193][T17919] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[  411.970362][T17913] netlink: 232 bytes leftover after parsing attributes in process `syz.2.3289'.
[  411.983703][T17913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3289'.
[  412.017020][T17912] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.084917][T17912] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  412.099739][T17912] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  412.224178][   T49] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.246377][   T49] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.280651][   T49] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.309410][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  412.331954][ T7175] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.353490][T17932] lo speed is unknown, defaulting to 1000
[  412.393982][T17938] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3296'.
[  412.679357][T17952] lo speed is unknown, defaulting to 1000
[  412.781754][T17963] bridge2: the hash_elasticity option has been deprecated and is always 16
[  412.891852][   T49] net_ratelimit: 1 callbacks suppressed
[  412.891872][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  413.007308][ T5904] IPVS: starting estimator thread 0...
[  413.102089][T17977] IPVS: using max 36 ests per chain, 86400 per kthread
[  413.127501][T17984] lo speed is unknown, defaulting to 1000
[  413.198400][T17983] syzkaller0: entered promiscuous mode
[  413.204144][T17983] syzkaller0: entered allmulticast mode
[  413.467248][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  413.631151][T18002] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  413.639605][T18002] syzkaller0: entered promiscuous mode
[  413.666295][T18002] syzkaller0: entered allmulticast mode
[  413.718399][T18002] tipc: Resetting bearer <eth:syzkaller0>
[  413.736789][T18002] tipc: Disabling bearer <eth:syzkaller0>
[  414.032716][T18025] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  414.046587][T18025] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  414.163012][T18029] validate_nla: 3 callbacks suppressed
[  414.163032][T18029] netlink: 'syz.0.3322': attribute type 21 has an invalid length.
[  414.254462][T18029] netlink: 'syz.0.3322': attribute type 1 has an invalid length.
[  414.396617][T18036] syzkaller1: entered allmulticast mode
[  414.560759][T18038] netlink: 'syz.4.3323': attribute type 4 has an invalid length.
[  414.564534][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  414.668973][T18037] lo speed is unknown, defaulting to 1000
[  414.784373][T18045] wg1: entered promiscuous mode
[  414.789291][T18045] wg1: entered allmulticast mode
[  415.083469][T18065] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (6)
[  415.146885][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  415.154531][T18069] netlink: 'syz.0.3334': attribute type 1 has an invalid length.
[  415.452201][T18091] __nla_validate_parse: 9 callbacks suppressed
[  415.452222][T18091] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3341'.
[  415.495080][T18091] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3341'.
[  415.702695][T18104] lo speed is unknown, defaulting to 1000
[  415.705907][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  416.167373][T18120] netlink: 'syz.3.3348': attribute type 1 has an invalid length.
[  416.214739][T18120] netlink: 'syz.3.3348': attribute type 1 has an invalid length.
[  416.291928][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  416.319271][T18126] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3348'.
[  416.346777][T18125] lo speed is unknown, defaulting to 1000
[  416.382141][T18122] netlink: 'syz.0.3349': attribute type 4 has an invalid length.
[  416.573552][T18141] dvmrp1: entered allmulticast mode
[  416.582483][T18131] netlink: 'syz.4.3350': attribute type 4 has an invalid length.
[  416.594821][T18140] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  416.613935][T18141] dvmrp1: left allmulticast mode
[  416.696256][T18136] lo speed is unknown, defaulting to 1000
[  416.842959][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  416.974262][T18157] netlink: 5636 bytes leftover after parsing attributes in process `syz.0.3358'.
[  417.085349][T18167] netlink: 'syz.0.3361': attribute type 7 has an invalid length.
[  417.097344][ T5961] IPVS: starting estimator thread 0...
[  417.103959][T18167] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3361'.
[  417.233797][T18173] IPVS: using max 37 ests per chain, 88800 per kthread
[  417.286711][T18178] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  417.373949][T18193] Unsupported ieee802154 address type: 0
[  417.383479][T18195] netlink: 'syz.2.3370': attribute type 1 has an invalid length.
[  417.408417][T18193] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3369'.
[  417.426312][T18195] 8021q: adding VLAN 0 to HW filter on device bond1
[  417.437821][T18198] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3371'.
[  417.455091][T18198] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3371'.
[  417.476208][T18204] ipvlan2: entered allmulticast mode
[  417.483873][T18204] bond1: entered allmulticast mode
[  417.562763][T18211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3374'.
[  417.629670][T18211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3374'.
[  417.651819][T18204] bond1: (slave gretap1): making interface the new active one
[  417.669366][T18204] gretap1: entered allmulticast mode
[  417.678611][T18204] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  417.862774][T18235] FAULT_INJECTION: forcing a failure.
[  417.862774][T18235] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  417.878044][T18235] CPU: 0 UID: 0 PID: 18235 Comm: syz.1.3382 Not tainted syzkaller #0 PREEMPT(full) 
[  417.878081][T18235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  417.878094][T18235] Call Trace:
[  417.878102][T18235]  <TASK>
[  417.878117][T18235]  dump_stack_lvl+0x189/0x250
[  417.878145][T18235]  ? __pfx____ratelimit+0x10/0x10
[  417.878176][T18235]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.878200][T18235]  ? __pfx__printk+0x10/0x10
[  417.878227][T18235]  ? __might_fault+0xb0/0x130
[  417.878260][T18235]  ? rcu_is_watching+0x15/0xb0
[  417.878282][T18235]  should_fail_ex+0x414/0x560
[  417.878312][T18235]  _copy_from_iter+0x1db/0x16f0
[  417.878336][T18235]  ? rcu_is_watching+0x15/0xb0
[  417.878356][T18235]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  417.878389][T18235]  ? __pfx__copy_from_iter+0x10/0x10
[  417.878409][T18235]  ? __build_skb_around+0x257/0x3e0
[  417.878445][T18235]  ? netlink_sendmsg+0x642/0xb30
[  417.878463][T18235]  ? skb_put+0x11b/0x210
[  417.878483][T18235]  netlink_sendmsg+0x6b2/0xb30
[  417.878507][T18235]  ? __pfx_netlink_sendmsg+0x10/0x10
[  417.878527][T18235]  ? aa_sock_msg_perm+0xf1/0x1d0
[  417.878547][T18235]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  417.878569][T18235]  ? __pfx_netlink_sendmsg+0x10/0x10
[  417.878587][T18235]  __sock_sendmsg+0x21c/0x270
[  417.878615][T18235]  ____sys_sendmsg+0x505/0x830
[  417.878640][T18235]  ? __pfx_____sys_sendmsg+0x10/0x10
[  417.878665][T18235]  ? import_iovec+0x74/0xa0
[  417.878689][T18235]  ___sys_sendmsg+0x21f/0x2a0
[  417.878711][T18235]  ? __pfx____sys_sendmsg+0x10/0x10
[  417.878750][T18235]  ? __fget_files+0x2a/0x420
[  417.878767][T18235]  ? __fget_files+0x3a0/0x420
[  417.878789][T18235]  __x64_sys_sendmsg+0x19b/0x260
[  417.878813][T18235]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  417.878840][T18235]  ? __pfx_ksys_write+0x10/0x10
[  417.878866][T18235]  ? rcu_is_watching+0x15/0xb0
[  417.878889][T18235]  ? rcu_is_watching+0x15/0xb0
[  417.878909][T18235]  do_syscall_64+0xfa/0x3b0
[  417.878929][T18235]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.878948][T18235]  ? clear_bhb_loop+0x60/0xb0
[  417.878971][T18235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.878991][T18235] RIP: 0033:0x7f061138ebe9
[  417.879009][T18235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.879027][T18235] RSP: 002b:00007f06121a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  417.879049][T18235] RAX: ffffffffffffffda RBX: 00007f06115b5fa0 RCX: 00007f061138ebe9
[  417.879065][T18235] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000005
[  417.879079][T18235] RBP: 00007f06121a1090 R08: 0000000000000000 R09: 0000000000000000
[  417.879092][T18235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.879115][T18235] R13: 00007f06115b6038 R14: 00007f06115b5fa0 R15: 00007ffc0b209fa8
[  417.879139][T18235]  </TASK>
[  417.941008][ T5086] net_ratelimit: 3 callbacks suppressed
[  417.941031][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  418.480159][T18267] mac80211_hwsim hwsim87 wlan0: entered promiscuous mode
[  418.510530][T18267] macsec1: entered promiscuous mode
[  418.518639][T18267] macsec1: entered allmulticast mode
[  418.525225][T18267] mac80211_hwsim hwsim87 wlan0: entered allmulticast mode
[  418.678158][T18278] FAULT_INJECTION: forcing a failure.
[  418.678158][T18278] name failslab, interval 1, probability 0, space 0, times 0
[  418.704283][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  418.736140][T18278] CPU: 0 UID: 0 PID: 18278 Comm: syz.0.3395 Not tainted syzkaller #0 PREEMPT(full) 
[  418.736173][T18278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  418.736187][T18278] Call Trace:
[  418.736196][T18278]  <TASK>
[  418.736205][T18278]  dump_stack_lvl+0x189/0x250
[  418.736237][T18278]  ? __pfx____ratelimit+0x10/0x10
[  418.736268][T18278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.736293][T18278]  ? __pfx__printk+0x10/0x10
[  418.736330][T18278]  should_fail_ex+0x414/0x560
[  418.736360][T18278]  should_failslab+0xa8/0x100
[  418.736392][T18278]  kmem_cache_alloc_noprof+0x73/0x3c0
[  418.736420][T18278]  ? skb_clone+0x212/0x3a0
[  418.736446][T18278]  skb_clone+0x212/0x3a0
[  418.736471][T18278]  __netlink_deliver_tap+0x404/0x850
[  418.736510][T18278]  ? netlink_deliver_tap+0x2e/0x1b0
[  418.736542][T18278]  netlink_deliver_tap+0x19c/0x1b0
[  418.736575][T18278]  netlink_unicast+0x7fa/0x9e0
[  418.736607][T18278]  ? __pfx_netlink_unicast+0x10/0x10
[  418.736636][T18278]  ? netlink_sendmsg+0x642/0xb30
[  418.736654][T18278]  ? skb_put+0x11b/0x210
[  418.736675][T18278]  netlink_sendmsg+0x805/0xb30
[  418.736699][T18278]  ? __pfx_netlink_sendmsg+0x10/0x10
[  418.736720][T18278]  ? aa_sock_msg_perm+0xf1/0x1d0
[  418.736740][T18278]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  418.736763][T18278]  ? __pfx_netlink_sendmsg+0x10/0x10
[  418.736782][T18278]  __sock_sendmsg+0x21c/0x270
[  418.736812][T18278]  ____sys_sendmsg+0x505/0x830
[  418.736837][T18278]  ? __pfx_____sys_sendmsg+0x10/0x10
[  418.736865][T18278]  ? import_iovec+0x74/0xa0
[  418.736890][T18278]  ___sys_sendmsg+0x21f/0x2a0
[  418.736913][T18278]  ? __pfx____sys_sendmsg+0x10/0x10
[  418.736955][T18278]  ? __fget_files+0x2a/0x420
[  418.736973][T18278]  ? __fget_files+0x3a0/0x420
[  418.736997][T18278]  __x64_sys_sendmsg+0x19b/0x260
[  418.737020][T18278]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  418.737055][T18278]  ? __pfx_ksys_write+0x10/0x10
[  418.737082][T18278]  ? rcu_is_watching+0x15/0xb0
[  418.737106][T18278]  ? rcu_is_watching+0x15/0xb0
[  418.737127][T18278]  do_syscall_64+0xfa/0x3b0
[  418.737147][T18278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.737167][T18278]  ? clear_bhb_loop+0x60/0xb0
[  418.737191][T18278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.737212][T18278] RIP: 0033:0x7fc98a38ebe9
[  418.737230][T18278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.737250][T18278] RSP: 002b:00007fc98b2c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  418.737273][T18278] RAX: ffffffffffffffda RBX: 00007fc98a5b5fa0 RCX: 00007fc98a38ebe9
[  418.737289][T18278] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000005
[  418.737304][T18278] RBP: 00007fc98b2c5090 R08: 0000000000000000 R09: 0000000000000000
[  418.737318][T18278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.737331][T18278] R13: 00007fc98a5b6038 R14: 00007fc98a5b5fa0 R15: 00007ffe90d9dd48
[  418.737355][T18278]  </TASK>
[  419.054087][T18283] syzkaller0: entered promiscuous mode
[  419.059617][T18283] syzkaller0: entered allmulticast mode
[  419.276679][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  419.545166][T18301] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  419.762732][T18317] erspan0: left allmulticast mode
[  419.804020][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  419.851682][T18317] wg1: left promiscuous mode
[  419.856510][T18317] wg1: left allmulticast mode
[  419.878122][T18317] hsr0: left allmulticast mode
[  419.893757][T18317] hsr_slave_0: left allmulticast mode
[  419.908045][T18317] hsr_slave_1: left allmulticast mode
[  419.931019][T18317] hsr0: left promiscuous mode
[  419.954569][T18317] macvlan2: left promiscuous mode
[  419.964776][T18317] macvlan2: left allmulticast mode
[  419.991652][T18324] tipc: Started in network mode
[  419.996589][T18324] tipc: Node identity 080211000001, cluster identity 4711
[  420.011907][T18324] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  420.038544][T18325] mac80211_hwsim hwsim88 syzkaller0: entered promiscuous mode
[  420.054219][T18325] mac80211_hwsim hwsim88 syzkaller0: entered allmulticast mode
[  420.079556][T18320] validate_nla: 3 callbacks suppressed
[  420.079577][T18320] netlink: 'syz.0.3407': attribute type 1 has an invalid length.
[  420.178125][T18334] FAULT_INJECTION: forcing a failure.
[  420.178125][T18334] name failslab, interval 1, probability 0, space 0, times 0
[  420.205046][T18334] CPU: 1 UID: 0 PID: 18334 Comm: syz.0.3410 Not tainted syzkaller #0 PREEMPT(full) 
[  420.205078][T18334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.205091][T18334] Call Trace:
[  420.205100][T18334]  <TASK>
[  420.205109][T18334]  dump_stack_lvl+0x189/0x250
[  420.205140][T18334]  ? __pfx____ratelimit+0x10/0x10
[  420.205172][T18334]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.205198][T18334]  ? __pfx__printk+0x10/0x10
[  420.205230][T18334]  ? __pfx___might_resched+0x10/0x10
[  420.205250][T18334]  ? lock_acquire+0x5f/0x360
[  420.205280][T18334]  should_fail_ex+0x414/0x560
[  420.205307][T18334]  should_failslab+0xa8/0x100
[  420.205336][T18334]  kmem_cache_alloc_noprof+0x73/0x3c0
[  420.205362][T18334]  ? skb_clone+0x212/0x3a0
[  420.205386][T18334]  skb_clone+0x212/0x3a0
[  420.205407][T18334]  ? nfnetlink_rcv+0x486/0x2520
[  420.205436][T18334]  nfnetlink_rcv+0x4b4/0x2520
[  420.205466][T18334]  ? __dev_queue_xmit+0x1d79/0x3b50
[  420.205496][T18334]  ? __dev_queue_xmit+0x27b/0x3b50
[  420.205526][T18334]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  420.205561][T18334]  ? ref_tracker_free+0x63a/0x7d0
[  420.205589][T18334]  ? __asan_memcpy+0x40/0x70
[  420.205612][T18334]  ? __pfx_ref_tracker_free+0x10/0x10
[  420.205648][T18334]  ? skb_clone+0x246/0x3a0
[  420.205672][T18334]  ? __netlink_deliver_tap+0x807/0x850
[  420.205703][T18334]  ? netlink_deliver_tap+0x2e/0x1b0
[  420.205733][T18334]  ? rcu_is_watching+0x15/0xb0
[  420.205752][T18334]  ? netlink_deliver_tap+0x2e/0x1b0
[  420.205782][T18334]  ? lock_release+0x4b/0x3e0
[  420.205817][T18334]  netlink_unicast+0x82c/0x9e0
[  420.205851][T18334]  ? __pfx_netlink_unicast+0x10/0x10
[  420.205880][T18334]  ? netlink_sendmsg+0x642/0xb30
[  420.205896][T18334]  ? skb_put+0x11b/0x210
[  420.205925][T18334]  netlink_sendmsg+0x805/0xb30
[  420.205948][T18334]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.205964][T18334]  ? aa_sock_msg_perm+0xf1/0x1d0
[  420.205981][T18334]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  420.205999][T18334]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.206015][T18334]  __sock_sendmsg+0x21c/0x270
[  420.206042][T18334]  ____sys_sendmsg+0x505/0x830
[  420.206063][T18334]  ? __pfx_____sys_sendmsg+0x10/0x10
[  420.206084][T18334]  ? import_iovec+0x74/0xa0
[  420.206105][T18334]  ___sys_sendmsg+0x21f/0x2a0
[  420.206124][T18334]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.206159][T18334]  ? __fget_files+0x2a/0x420
[  420.206174][T18334]  ? __fget_files+0x3a0/0x420
[  420.206194][T18334]  __x64_sys_sendmsg+0x19b/0x260
[  420.206213][T18334]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  420.206236][T18334]  ? __pfx_ksys_write+0x10/0x10
[  420.206257][T18334]  ? rcu_is_watching+0x15/0xb0
[  420.206276][T18334]  ? rcu_is_watching+0x15/0xb0
[  420.206293][T18334]  do_syscall_64+0xfa/0x3b0
[  420.206309][T18334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.206326][T18334]  ? clear_bhb_loop+0x60/0xb0
[  420.206345][T18334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.206362][T18334] RIP: 0033:0x7fc98a38ebe9
[  420.206378][T18334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.206393][T18334] RSP: 002b:00007fc98b2c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  420.206413][T18334] RAX: ffffffffffffffda RBX: 00007fc98a5b5fa0 RCX: 00007fc98a38ebe9
[  420.206425][T18334] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000005
[  420.206437][T18334] RBP: 00007fc98b2c5090 R08: 0000000000000000 R09: 0000000000000000
[  420.206448][T18334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.206459][T18334] R13: 00007fc98a5b6038 R14: 00007fc98a5b5fa0 R15: 00007ffe90d9dd48
[  420.206479][T18334]  </TASK>
[  420.577726][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  420.704710][T18340] syzkaller0: entered promiscuous mode
[  420.711482][T18340] syzkaller0: entered allmulticast mode
[  420.875034][T18368] netlink: 'syz.1.3417': attribute type 4 has an invalid length.
[  421.086076][T18362] __nla_validate_parse: 7 callbacks suppressed
[  421.086099][T18362] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3415'.
[  421.131938][ T7493] tipc: Node number set to 134418688
[  421.131932][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  421.415667][T18374] tipc: Resetting bearer <eth:syzkaller0>
[  421.423426][T18374] mac80211_hwsim hwsim88 syzkaller0: left promiscuous mode
[  421.434699][T18374] mac80211_hwsim hwsim88 syzkaller0: left allmulticast mode
[  421.450270][T18374] mac80211_hwsim hwsim87 wlan0: left allmulticast mode
[  421.459602][T18374] macsec1: left promiscuous mode
[  421.464815][T18374] macsec1: left allmulticast mode
[  421.496248][T18362] hsr_slave_0: left promiscuous mode
[  421.506327][T18362] hsr_slave_1: left promiscuous mode
[  421.531353][ T3529] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  421.550054][ T3529] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  421.575576][T18357] lo speed is unknown, defaulting to 1000
[  421.579628][ T3529] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  421.598450][ T3529] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  421.607752][T18384] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3423'.
[  421.642737][T18385] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3422'.
[  421.644172][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  421.674007][T18381] lo speed is unknown, defaulting to 1000
[  421.746374][T18387] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3424'.
[  421.773342][T18387] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.789600][T18387] bridge_slave_1 (unregistering): left allmulticast mode
[  421.809034][T18387] bridge_slave_1 (unregistering): left promiscuous mode
[  421.817238][T18387] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.838577][T18391] lo speed is unknown, defaulting to 1000
[  422.146817][T18409] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3428'.
[  422.156869][T18408] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3428'.
[  422.211214][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  422.569126][T18425] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3434'.
[  422.580116][T18393] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  422.608485][T18425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3434'.
[  422.620828][T18425] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  422.671304][T18422] lo speed is unknown, defaulting to 1000
[  422.732127][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  422.929576][T18442] lo speed is unknown, defaulting to 1000
[  423.038900][T18448] lo speed is unknown, defaulting to 1000
[  423.077352][T18453] netlink: 'syz.1.3442': attribute type 4 has an invalid length.
[  423.253752][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  423.376819][T18468] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  423.392286][T18468] syzkaller0: entered promiscuous mode
[  423.405288][T18468] syzkaller0: entered allmulticast mode
[  423.419563][T18472] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3448'.
[  423.429271][T18472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3448'.
[  423.440264][T18468] tipc: Resetting bearer <eth:syzkaller0>
[  423.528641][T18467] tipc: Resetting bearer <eth:syzkaller0>
[  423.554761][T18467] tipc: Disabling bearer <eth:syzkaller0>
[  423.784588][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  423.828110][T18496] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  423.923628][T18496] syzkaller0: entered promiscuous mode
[  423.929273][T18496] syzkaller0: entered allmulticast mode
[  424.279517][T18522] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  424.310758][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  424.507846][T18538] xt_limit: Overflow, try lower: 271964/0
[  424.576822][T18488] tipc: Resetting bearer <eth:syzkaller0>
[  424.625482][T18488] tipc: Disabling bearer <eth:syzkaller0>
[  424.841571][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  425.394717][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  425.510812][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  425.555859][T18553] netlink: 'syz.3.3473': attribute type 39 has an invalid length.
[  425.886568][T18582] lo speed is unknown, defaulting to 1000
[  425.971793][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  426.135586][T18605] netlink: 'syz.3.3487': attribute type 8 has an invalid length.
[  426.151316][T18605] __nla_validate_parse: 5 callbacks suppressed
[  426.151338][T18605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'.
[  426.523939][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  426.565315][T18619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3490'.
[  426.587268][T18619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3490'.
[  426.765474][T18626] FAULT_INJECTION: forcing a failure.
[  426.765474][T18626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.779326][T18626] CPU: 1 UID: 0 PID: 18626 Comm: syz.1.3492 Not tainted syzkaller #0 PREEMPT(full) 
[  426.779358][T18626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  426.779372][T18626] Call Trace:
[  426.779380][T18626]  <TASK>
[  426.779388][T18626]  dump_stack_lvl+0x189/0x250
[  426.779420][T18626]  ? __pfx____ratelimit+0x10/0x10
[  426.779451][T18626]  ? __pfx_dump_stack_lvl+0x10/0x10
[  426.779475][T18626]  ? __pfx__printk+0x10/0x10
[  426.779509][T18626]  ? rcu_is_watching+0x15/0xb0
[  426.779533][T18626]  should_fail_ex+0x414/0x560
[  426.779563][T18626]  _copy_to_user+0x31/0xb0
[  426.779589][T18626]  simple_read_from_buffer+0xe1/0x170
[  426.779622][T18626]  proc_fail_nth_read+0x1b3/0x220
[  426.779647][T18626]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  426.779673][T18626]  ? rw_verify_area+0x2a6/0x4d0
[  426.779699][T18626]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  426.779734][T18626]  vfs_read+0x1fd/0xa30
[  426.779760][T18626]  ? fdget_pos+0x247/0x320
[  426.779780][T18626]  ? __pfx___mutex_lock+0x10/0x10
[  426.779800][T18626]  ? __pfx_vfs_read+0x10/0x10
[  426.779831][T18626]  ? __fget_files+0x3a0/0x420
[  426.779848][T18626]  ? __fget_files+0x2a/0x420
[  426.779871][T18626]  ksys_read+0x145/0x250
[  426.779900][T18626]  ? __pfx_ksys_read+0x10/0x10
[  426.779929][T18626]  ? rcu_is_watching+0x15/0xb0
[  426.779951][T18626]  do_syscall_64+0xfa/0x3b0
[  426.779971][T18626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.780004][T18626]  ? clear_bhb_loop+0x60/0xb0
[  426.780027][T18626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.780047][T18626] RIP: 0033:0x7f061138d5fc
[  426.780065][T18626] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  426.780083][T18626] RSP: 002b:00007f0612180030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  426.780103][T18626] RAX: ffffffffffffffda RBX: 00007f06115b6090 RCX: 00007f061138d5fc
[  426.780115][T18626] RDX: 000000000000000f RSI: 00007f06121800a0 RDI: 0000000000000007
[  426.780126][T18626] RBP: 00007f0612180090 R08: 0000000000000000 R09: 0000000000000000
[  426.780137][T18626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  426.780146][T18626] R13: 00007f06115b6128 R14: 00007f06115b6090 R15: 00007ffc0b209fa8
[  426.780165][T18626]  </TASK>
[  427.041924][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  427.087616][T18628] geneve2: entered promiscuous mode
[  427.097895][T18628] geneve2: entered allmulticast mode
[  427.107896][T18633] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3497'.
[  427.157875][T18643] syz_tun: entered promiscuous mode
[  427.172626][T18643] syz_tun: entered allmulticast mode
[  427.186546][T18644] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.315818][T18655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3502'.
[  427.418741][T18657] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3503'.
[  427.429197][T18664] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3505'.
[  428.027609][T18669] lo speed is unknown, defaulting to 1000
[  428.595037][   T73] net_ratelimit: 3 callbacks suppressed
[  428.595055][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  428.604839][T18693] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  428.628100][T18693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3511'.
[  428.897085][T18701] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3514'.
[  428.998551][T18710] netem: change failed
[  429.004185][T18703] lo speed is unknown, defaulting to 1000
[  429.029006][T18711] netlink: 'syz.0.3515': attribute type 4 has an invalid length.
[  429.122471][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  429.138418][T18719] netlink: 'syz.0.3519': attribute type 11 has an invalid length.
[  429.148764][T18719] netlink: 'syz.0.3519': attribute type 4 has an invalid length.
[  429.158475][T18719] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3519'.
[  429.315187][T18724] team0: entered promiscuous mode
[  429.320342][T18724] team_slave_0: entered promiscuous mode
[  429.328984][T18724] team_slave_1: entered promiscuous mode
[  429.336057][T18724] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  429.607004][T18741] team0: left promiscuous mode
[  429.614539][T18741] team_slave_0: left promiscuous mode
[  429.621405][T18741] team_slave_1: left promiscuous mode
[  429.671953][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  429.745366][T18759] lo speed is unknown, defaulting to 1000
[  429.864173][T18764] netlink: 'syz.2.3536': attribute type 15 has an invalid length.
[  429.931249][T18766] geneve2: entered promiscuous mode
[  429.938069][ T5086] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.951999][ T5086] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.975745][ T5086] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  429.996869][ T5086] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.194346][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  430.324737][T18778] netem: incorrect gi model size
[  430.337471][T18778] netem: change failed
[  430.476933][T18796] netlink: 'syz.0.3546': attribute type 4 has an invalid length.
[  430.724759][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  430.784407][T18814] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR
[  430.786082][T18813] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  430.874106][T18819] syzkaller0: entered promiscuous mode
[  430.879727][T18819] syzkaller0: entered allmulticast mode
[  430.930367][T18819] tipc: Resetting bearer <eth:syzkaller0>
[  431.052256][T18819] tipc: Disabling bearer <eth:syzkaller0>
[  431.117371][T18832] lo speed is unknown, defaulting to 1000
[  431.258173][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  431.264773][T18842] syzkaller1: entered promiscuous mode
[  431.300475][T18842] syzkaller1: entered allmulticast mode
[  431.700765][T18880] lo speed is unknown, defaulting to 1000
[  431.805799][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  431.851661][T18880] __nla_validate_parse: 7 callbacks suppressed
[  431.851680][T18880] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3566'.
[  431.939322][T18898] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3572'.
[  431.944253][T18896] ip6_vti0: entered allmulticast mode
[  432.308249][T18913] lo speed is unknown, defaulting to 1000
[  432.331678][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  432.357786][T18918] lo speed is unknown, defaulting to 1000
[  432.375084][T18924] syzkaller1: entered promiscuous mode
[  432.381369][T18924] syzkaller1: entered allmulticast mode
[  432.711644][T18945] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3585'.
[  432.763968][T18949] netlink: 'syz.2.3586': attribute type 11 has an invalid length.
[  432.774841][T18949] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3586'.
[  432.788074][T18948] netlink: 'syz.2.3586': attribute type 11 has an invalid length.
[  432.797645][T18948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3586'.
[  432.863984][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  433.183117][T18980] lo speed is unknown, defaulting to 1000
[  433.711535][T19023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3604'.
[  433.809441][T19034] netlink: 'syz.3.3606': attribute type 10 has an invalid length.
[  433.822820][T19030] netlink: 'syz.3.3606': attribute type 10 has an invalid length.
[  433.844419][T19034] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  433.913602][   T73] net_ratelimit: 1 callbacks suppressed
[  433.913622][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  434.050559][T19055] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3615'.
[  434.075259][T19056] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3615'.
[  434.178429][T19062] netlink: 'syz.3.3617': attribute type 13 has an invalid length.
[  434.268765][T19072] syz_tun: entered allmulticast mode
[  434.304993][T19077] : entered promiscuous mode
[  434.312982][T19072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3622'.
[  434.451190][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  434.563530][T19099] veth0: entered promiscuous mode
[  434.569199][T19099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3628'.
[  434.627273][T19099] veth0 (unregistering): left promiscuous mode
[  434.847949][T19128] !
: renamed from dummy0
[  435.011267][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  435.065721][T19128] lo speed is unknown, defaulting to 1000
[  435.534068][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  435.728596][T19177] netlink: 'syz.3.3650': attribute type 15 has an invalid length.
[  435.991704][T19200] netlink: 'syz.2.3659': attribute type 1 has an invalid length.
[  435.999495][T19200] netlink: 'syz.2.3659': attribute type 3 has an invalid length.
[  436.045126][T19202] netlink: 'syz.2.3659': attribute type 7 has an invalid length.
[  436.057119][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  436.077628][T19202] netlink: 'syz.2.3659': attribute type 3 has an invalid length.
[  436.623748][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  436.986514][T19208] __nla_validate_parse: 16 callbacks suppressed
[  436.986533][T19208] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.3660'.
[  437.023775][T19207] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.3660'.
[  437.084183][T19218] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3664'.
[  437.213185][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  437.277653][T19240] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  437.304011][T19239] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  437.397404][T19240] syzkaller0: entered promiscuous mode
[  437.408342][T19240] syzkaller0: entered allmulticast mode
[  437.458556][T19251] gretap0: refused to change device tx_queue_len
[  437.470500][T19251] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  437.539047][T19257] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3673'.
[  437.549670][T19237] tipc: Resetting bearer <eth:syzkaller0>
[  437.646948][T19237] tipc: Disabling bearer <eth:syzkaller0>
[  437.666225][T19257] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3673'.
[  437.763648][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  438.027768][T19300] Bluetooth: MGMT ver 1.23
[  438.083154][T19302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3685'.
[  438.317959][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  438.418997][T19312] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3691'.
[  438.643210][T19318] validate_nla: 10 callbacks suppressed
[  438.643232][T19318] netlink: 'syz.2.3693': attribute type 1 has an invalid length.
[  438.657567][T19318] netlink: 'syz.2.3693': attribute type 3 has an invalid length.
[  438.665610][T19318] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3693'.
[  438.677043][T19318] netlink: 'syz.2.3693': attribute type 7 has an invalid length.
[  438.685146][T19318] netlink: 'syz.2.3693': attribute type 3 has an invalid length.
[  438.693832][T19318] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3693'.
[  438.854583][T19327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3696'.
[  438.886964][T19327] macvtap1: entered promiscuous mode
[  438.893098][T19327] bridge0: entered promiscuous mode
[  438.898608][T19327] macvtap1: entered allmulticast mode
[  438.908205][T19327] bridge0: entered allmulticast mode
[  438.953317][T19327] bridge0: left allmulticast mode
[  438.958506][T19327] bridge0: left promiscuous mode
[  438.965432][T19327] macvtap1: left promiscuous mode
[  438.970653][T19327] macvtap1: left allmulticast mode
[  438.977308][T19336] nft_compat: unsupported protocol 0
[  438.994046][T19336] nft_compat: unsupported protocol 0
[  439.138345][T19353] team0: entered promiscuous mode
[  439.177810][T19353] team0 (unregistering): left promiscuous mode
[  439.269995][T19364] netlink: 'syz.3.3705': attribute type 1 has an invalid length.
[  439.306168][T19364] netlink: 'syz.3.3705': attribute type 3 has an invalid length.
[  439.345442][T19364] netlink: 'syz.3.3705': attribute type 7 has an invalid length.
[  439.360908][   T73] net_ratelimit: 1 callbacks suppressed
[  439.360930][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  439.392627][T19364] netlink: 'syz.3.3705': attribute type 3 has an invalid length.
[  439.492285][T19379] IPVS: set_ctl: invalid protocol: 103 172.30.255.1:20003
[  439.745007][T19389] bridge_slave_0: left allmulticast mode
[  439.758676][T19389] bridge_slave_0: left promiscuous mode
[  439.768756][T19389] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.902387][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  439.918756][T19421] sctp: [Deprecated]: syz.2.3714 (pid 19421) Use of int in max_burst socket option.
[  439.918756][T19421] Use struct sctp_assoc_value instead
[  440.085432][T19431] netlink: 'syz.1.3721': attribute type 1 has an invalid length.
[  440.108063][T19431] netlink: 'syz.1.3721': attribute type 3 has an invalid length.
[  440.223119][T19443] bond0: (slave wlan1): Releasing backup interface
[  440.251271][T19443] bond0: (slave wlan1): the permanent HWaddr of slave - 08:02:11:00:00:01 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  440.302833][T19447] debugfs: 'žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!' already exists in 'ieee80211'
[  440.501080][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  440.932762][T19496] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  440.942629][T19496] mac80211_hwsim hwsim88 syzkaller0: entered promiscuous mode
[  440.950173][T19496] mac80211_hwsim hwsim88 syzkaller0: entered allmulticast mode
[  440.964316][T19496] tipc: Resetting bearer <eth:syzkaller0>
[  441.025880][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  441.254614][T19520] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  441.262851][T19519] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  441.287753][T19521] syzkaller0: entered promiscuous mode
[  441.301226][T19521] syzkaller0: entered allmulticast mode
[  441.309931][T19524] syz_tun: left promiscuous mode
[  441.317333][T19524] syz_tun: left allmulticast mode
[  441.337067][T19524] ipvlan2: left allmulticast mode
[  441.345531][T19524] bond1: left allmulticast mode
[  441.350456][T19524] gretap1: left allmulticast mode
[  441.364956][T19524] geneve2: left promiscuous mode
[  441.375361][T19523] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  441.397778][ T5086] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.407906][ T5086] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.457583][T19519] tipc: Resetting bearer <eth:syzkaller0>
[  441.477971][ T5086] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.489979][T19518] tipc: Resetting bearer <eth:syzkaller0>
[  441.524506][T19518] tipc: Disabling bearer <eth:syzkaller0>
[  441.561557][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  441.581217][ T5086] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.618373][T19537] lo speed is unknown, defaulting to 1000
[  441.817656][T19561] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40
[  442.025692][T19573] __nla_validate_parse: 14 callbacks suppressed
[  442.025730][T19573] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3759'.
[  442.050155][T19573] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3759'.
[  442.112260][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  442.200103][T19584] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  442.242904][T19584] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  442.652457][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  442.703925][T19627] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3773'.
[  442.717743][T19627] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3773'.
[  442.736808][T19629] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3774'.
[  442.755102][T19631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3775'.
[  442.997468][T19649] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.093340][T19649] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.125057][T19660] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  443.183326][T19663] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  443.276020][T19649] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.285258][T19667] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3787'.
[  443.394714][T19670] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3788'.
[  443.409860][T19671] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3787'.
[  443.451591][T19670] 8021q: adding VLAN 0 to HW filter on device bond0
[  443.508421][T19649] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.552393][T19670] macvlan5: entered promiscuous mode
[  443.557829][T19670] macvlan5: entered allmulticast mode
[  443.586977][T19670] bond0: entered promiscuous mode
[  443.596715][T19670] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  443.685938][T19670] bond0: left promiscuous mode
[  443.829327][   T73] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  443.881364][   T73] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  443.912906][ T3529] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  443.934371][T19691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3793'.
[  443.978214][T19691] 8021q: adding VLAN 0 to HW filter on device team0
[  444.008815][   T13] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  444.134199][T19705] validate_nla: 25 callbacks suppressed
[  444.134220][T19705] netlink: 'syz.3.3799': attribute type 1 has an invalid length.
[  444.165345][T19705] netlink: 'syz.3.3799': attribute type 3 has an invalid length.
[  444.209715][T19705] netlink: 'syz.3.3799': attribute type 7 has an invalid length.
[  444.221961][T19705] netlink: 'syz.3.3799': attribute type 3 has an invalid length.
[  444.530519][T19734] net_ratelimit: 4 callbacks suppressed
[  444.530542][T19734] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  444.751142][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  444.899146][T19755] netlink: 'syz.2.3813': attribute type 1 has an invalid length.
[  444.927431][T19759] xt_HMARK: proto mask must be zero with L3 mode
[  444.934600][T19755] netlink: 'syz.2.3813': attribute type 3 has an invalid length.
[  445.003970][T19755] netlink: 'syz.2.3813': attribute type 7 has an invalid length.
[  445.012349][T19755] netlink: 'syz.2.3813': attribute type 3 has an invalid length.
[  445.151069][T19769] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  445.301856][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  445.314761][T19791] netlink: 'syz.4.3820': attribute type 21 has an invalid length.
[  445.759612][T19816] netlink: 'syz.4.3828': attribute type 1 has an invalid length.
[  445.857341][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  446.088626][   T73] bond0 (unregistering): Released all slaves
[  446.102567][   T73] bond1 (unregistering): Released all slaves
[  446.119452][   T73] bond2 (unregistering): Released all slaves
[  446.147358][   T73] bond3 (unregistering): Released all slaves
[  446.159594][   T73] bond4 (unregistering): Released all slaves
[  446.176612][   T73] bond5 (unregistering): Released all slaves
[  446.290079][   T73] þ`Ì: left promiscuous mode
[  446.385149][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  446.432244][   T73] þ: left promiscuous mode
[  446.562566][   T73] tipc: Disabling bearer <udp:syz2>
[  446.580831][   T73] tipc: Left network mode
[  446.940690][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  447.211927][T19928] __nla_validate_parse: 32 callbacks suppressed
[  447.211947][T19928] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3855'.
[  447.494875][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  447.540293][T19948] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3861'.
[  447.593664][T19943] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  447.641554][T19948] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3861'.
[  447.676652][T19939] lo speed is unknown, defaulting to 1000
[  447.848910][   T73] IPVS: stop unused estimator thread 0...
[  447.894803][T19968] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  447.912679][T19968] CPU: 1 UID: 0 PID: 19968 Comm: syz.0.3865 Not tainted syzkaller #0 PREEMPT(full) 
[  447.912710][T19968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  447.912724][T19968] Call Trace:
[  447.912733][T19968]  <TASK>
[  447.912742][T19968]  dump_stack_lvl+0x189/0x250
[  447.912776][T19968]  ? __pfx_dump_stack_lvl+0x10/0x10
[  447.912802][T19968]  ? __pfx__printk+0x10/0x10
[  447.912830][T19968]  ? kernfs_root+0x1c/0x230
[  447.912856][T19968]  ? kernfs_path_from_node+0x2f/0x290
[  447.912879][T19968]  ? kernfs_path_from_node+0x250/0x290
[  447.912903][T19968]  ? kernfs_path_from_node+0x2f/0x290
[  447.912928][T19968]  sysfs_warn_dup+0x8e/0xa0
[  447.912950][T19968]  sysfs_do_create_link_sd+0xc0/0x110
[  447.912986][T19968]  device_add_class_symlinks+0x1cf/0x240
[  447.913013][T19968]  device_add+0x475/0xb50
[  447.913036][T19968]  wiphy_register+0x1ba6/0x28d0
[  447.913078][T19968]  ? __pfx_wiphy_register+0x10/0x10
[  447.913108][T19968]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  447.913138][T19968]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  447.913164][T19968]  ieee80211_register_hw+0x3425/0x4080
[  447.913199][T19968]  ? ieee80211_register_hw+0x14e1/0x4080
[  447.913229][T19968]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  447.913257][T19968]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  447.913291][T19968]  ? __hrtimer_setup+0x187/0x210
[  447.913310][T19968]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  447.913345][T19968]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  447.913391][T19968]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  447.913419][T19968]  ? trace_kmalloc+0x1f/0xd0
[  447.913445][T19968]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  447.913476][T19968]  ? kstrndup+0xbf/0x160
[  447.913503][T19968]  hwsim_new_radio_nl+0xea4/0x1b10
[  447.913543][T19968]  ? __pfx___nla_validate_parse+0x10/0x10
[  447.913583][T19968]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  447.913617][T19968]  ? __nla_parse+0x40/0x60
[  447.913650][T19968]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  447.913682][T19968]  genl_family_rcv_msg_doit+0x215/0x300
[  447.913712][T19968]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  447.913744][T19968]  ? bpf_lsm_capable+0x9/0x20
[  447.913773][T19968]  ? security_capable+0x7e/0x2e0
[  447.913807][T19968]  genl_rcv_msg+0x60e/0x790
[  447.913835][T19968]  ? __pfx_genl_rcv_msg+0x10/0x10
[  447.913858][T19968]  ? __kasan_slab_alloc+0x6c/0x80
[  447.913884][T19968]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  447.913912][T19968]  ? __netlink_lookup+0xbd/0x810
[  447.913929][T19968]  ? rcu_is_watching+0x15/0xb0
[  447.913955][T19968]  netlink_rcv_skb+0x205/0x470
[  447.913995][T19968]  ? __pfx_genl_rcv_msg+0x10/0x10
[  447.914020][T19968]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  447.914058][T19968]  ? lock_release+0x4b/0x3e0
[  447.914089][T19968]  ? down_read+0x1ad/0x2e0
[  447.914121][T19968]  genl_rcv+0x28/0x40
[  447.914141][T19968]  netlink_unicast+0x82c/0x9e0
[  447.914172][T19968]  ? __pfx_netlink_unicast+0x10/0x10
[  447.914200][T19968]  ? netlink_sendmsg+0x642/0xb30
[  447.914216][T19968]  ? skb_put+0x11b/0x210
[  447.914236][T19968]  netlink_sendmsg+0x805/0xb30
[  447.914258][T19968]  ? __pfx_netlink_sendmsg+0x10/0x10
[  447.914277][T19968]  ? aa_sock_msg_perm+0xf1/0x1d0
[  447.914296][T19968]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  447.914318][T19968]  ? __pfx_netlink_sendmsg+0x10/0x10
[  447.914335][T19968]  __sock_sendmsg+0x21c/0x270
[  447.914362][T19968]  ____sys_sendmsg+0x505/0x830
[  447.914383][T19968]  ? __pfx_____sys_sendmsg+0x10/0x10
[  447.914407][T19968]  ? import_iovec+0x74/0xa0
[  447.914430][T19968]  ___sys_sendmsg+0x21f/0x2a0
[  447.914451][T19968]  ? __pfx____sys_sendmsg+0x10/0x10
[  447.914475][T19968]  ? futex_wake+0x4b2/0x560
[  447.914515][T19968]  ? __fget_files+0x2a/0x420
[  447.914531][T19968]  ? __fget_files+0x3a0/0x420
[  447.914552][T19968]  __x64_sys_sendmsg+0x19b/0x260
[  447.914573][T19968]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  447.914599][T19968]  ? rcu_is_watching+0x15/0xb0
[  447.914620][T19968]  ? rcu_is_watching+0x15/0xb0
[  447.914640][T19968]  do_syscall_64+0xfa/0x3b0
[  447.914657][T19968]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.914676][T19968]  ? clear_bhb_loop+0x60/0xb0
[  447.914698][T19968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.914717][T19968] RIP: 0033:0x7fc98a38ebe9
[  447.914736][T19968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.914754][T19968] RSP: 002b:00007fc98b2a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  447.914775][T19968] RAX: ffffffffffffffda RBX: 00007fc98a5b6090 RCX: 00007fc98a38ebe9
[  447.914791][T19968] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000010
[  447.914804][T19968] RBP: 00007fc98a411e19 R08: 0000000000000000 R09: 0000000000000000
[  447.914816][T19968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  447.914829][T19968] R13: 00007fc98a5b6128 R14: 00007fc98a5b6090 R15: 00007ffe90d9dd48
[  447.914852][T19968]  </TASK>
[  448.401974][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  448.632952][T19979] bond1: entered promiscuous mode
[  448.638461][T19979] 8021q: adding VLAN 0 to HW filter on device bond1
[  448.683452][T19979] 8021q: adding VLAN 0 to HW filter on device bond1
[  448.685725][T19987] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3874'.
[  448.690921][T19979] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  448.709992][T19979] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  448.734035][T19979] bond1: (slave wireguard0): making interface the new active one
[  448.749744][T19991] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  448.752183][T19979] wireguard0: entered promiscuous mode
[  448.757069][T19991] IPv6: NLM_F_CREATE should be set when creating new route
[  448.769743][T19991] IPv6: NLM_F_CREATE should be set when creating new route
[  448.777854][T19979] bond1: (slave wireguard0): Enslaving as an active interface with an up link
[  448.787107][T19991] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  448.798561][T19987] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3874'.
[  448.819074][T19993] lo speed is unknown, defaulting to 1000
[  448.829093][T19993] lo speed is unknown, defaulting to 1000
[  448.856843][T19993] lo speed is unknown, defaulting to 1000
[  448.913957][T20002] FAULT_INJECTION: forcing a failure.
[  448.913957][T20002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.927329][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  448.945735][T20002] CPU: 1 UID: 0 PID: 20002 Comm: syz.1.3879 Not tainted syzkaller #0 PREEMPT(full) 
[  448.945765][T20002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  448.945779][T20002] Call Trace:
[  448.945786][T20002]  <TASK>
[  448.945795][T20002]  dump_stack_lvl+0x189/0x250
[  448.945826][T20002]  ? __pfx____ratelimit+0x10/0x10
[  448.945857][T20002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.945894][T20002]  ? __pfx__printk+0x10/0x10
[  448.945922][T20002]  ? __might_fault+0xb0/0x130
[  448.945956][T20002]  ? rcu_is_watching+0x15/0xb0
[  448.945978][T20002]  should_fail_ex+0x414/0x560
[  448.946008][T20002]  _copy_from_user+0x2d/0xb0
[  448.946033][T20002]  __sys_bpf+0x1ed/0x870
[  448.946062][T20002]  ? __pfx___sys_bpf+0x10/0x10
[  448.946108][T20002]  ? ksys_write+0x22a/0x250
[  448.946137][T20002]  ? __pfx_ksys_write+0x10/0x10
[  448.946180][T20002]  ? rcu_is_watching+0x15/0xb0
[  448.946204][T20002]  __x64_sys_bpf+0x7c/0x90
[  448.946228][T20002]  do_syscall_64+0xfa/0x3b0
[  448.946248][T20002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.946268][T20002]  ? clear_bhb_loop+0x60/0xb0
[  448.946292][T20002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.946312][T20002] RIP: 0033:0x7f061138ebe9
[  448.946330][T20002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.946349][T20002] RSP: 002b:00007f06121a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  448.946372][T20002] RAX: ffffffffffffffda RBX: 00007f06115b5fa0 RCX: 00007f061138ebe9
[  448.946388][T20002] RDX: 0000000000000090 RSI: 00002000000004c0 RDI: 0000000000000005
[  448.946401][T20002] RBP: 00007f06121a1090 R08: 0000000000000000 R09: 0000000000000000
[  448.946415][T20002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.946427][T20002] R13: 00007f06115b6038 R14: 00007f06115b5fa0 R15: 00007ffc0b209fa8
[  448.946452][T20002]  </TASK>
[  449.217270][T19993] infiniband syz0: set down
[  449.221257][T20011] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3883'.
[  449.222046][T19993] infiniband syz0: added lo
[  449.235908][T19993] syz0: rxe_create_cq: returned err = -12
[  449.237227][T20011] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3883'.
[  449.241842][T19993] infiniband syz0: Couldn't create ib_mad CQ
[  449.241954][T19993] infiniband syz0: Couldn't open port 1
[  449.244937][   T43] lo speed is unknown, defaulting to 1000
[  449.276863][T19993] RDS/IB: syz0: added
[  449.281208][T19993] smc: adding ib device syz0 with port count 1
[  449.287393][T19993] smc:    ib device syz0 port 1 has pnetid 
[  449.292960][T20014] rdma_op ffff88807e7681f0 conn xmit_rdma 0000000000000000
[  449.294790][T19993] lo speed is unknown, defaulting to 1000
[  449.340707][   T43] lo speed is unknown, defaulting to 1000
[  449.414840][T20017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3886'.
[  449.458551][T19993] lo speed is unknown, defaulting to 1000
[  449.654908][T19993] lo speed is unknown, defaulting to 1000
[  449.824402][T20043] validate_nla: 19 callbacks suppressed
[  449.824422][T20043] netlink: 'syz.3.3892': attribute type 1 has an invalid length.
[  449.843594][T20043] netlink: 'syz.3.3892': attribute type 3 has an invalid length.
[  449.851859][T20043] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3892'.
[  449.867663][T20043] netlink: 'syz.3.3892': attribute type 7 has an invalid length.
[  449.879047][T20043] netlink: 'syz.3.3892': attribute type 3 has an invalid length.
[  449.880800][T19993] lo speed is unknown, defaulting to 1000
[  449.887073][T20043] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3892'.
[  449.902632][T20047] FAULT_INJECTION: forcing a failure.
[  449.902632][T20047] name failslab, interval 1, probability 0, space 0, times 0
[  449.919389][T20047] CPU: 1 UID: 0 PID: 20047 Comm: syz.4.3894 Not tainted syzkaller #0 PREEMPT(full) 
[  449.919418][T20047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  449.919432][T20047] Call Trace:
[  449.919440][T20047]  <TASK>
[  449.919449][T20047]  dump_stack_lvl+0x189/0x250
[  449.919478][T20047]  ? __pfx____ratelimit+0x10/0x10
[  449.919508][T20047]  ? __pfx_dump_stack_lvl+0x10/0x10
[  449.919532][T20047]  ? __pfx__printk+0x10/0x10
[  449.919562][T20047]  ? fs_reclaim_acquire+0x7d/0x100
[  449.919592][T20047]  ? rcu_is_watching+0x15/0xb0
[  449.919613][T20047]  ? __pfx___might_resched+0x10/0x10
[  449.919642][T20047]  ? lock_acquire+0x5f/0x360
[  449.919671][T20047]  should_fail_ex+0x414/0x560
[  449.919698][T20047]  should_failslab+0xa8/0x100
[  449.919726][T20047]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  449.919753][T20047]  ? __get_vm_area_node+0x13f/0x300
[  449.919800][T20047]  __get_vm_area_node+0x13f/0x300
[  449.919830][T20047]  __vmalloc_node_range_noprof+0x301/0x12f0
[  449.919860][T20047]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  449.919888][T20047]  ? lock_release+0x4b/0x3e0
[  449.919915][T20047]  ? lock_release+0x4b/0x3e0
[  449.919948][T20047]  ? rcu_is_watching+0x15/0xb0
[  449.919971][T20047]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  449.919999][T20047]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  449.920028][T20047]  ? lock_acquire+0x5f/0x360
[  449.920056][T20047]  ? _parse_integer_limit+0x1ae/0x1f0
[  449.920096][T20047]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  449.920122][T20047]  __vmalloc_noprof+0xb1/0xf0
[  449.920150][T20047]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  449.920181][T20047]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  449.920212][T20047]  bpf_prog_alloc+0x3c/0x1a0
[  449.920240][T20047]  bpf_prog_load+0x735/0x1930
[  449.920292][T20047]  ? __pfx_bpf_prog_load+0x10/0x10
[  449.920320][T20047]  ? __might_fault+0xb0/0x130
[  449.920355][T20047]  ? lock_release+0x4b/0x3e0
[  449.920383][T20047]  ? __might_fault+0xb0/0x130
[  449.920409][T20047]  ? __might_fault+0xcc/0x130
[  449.920437][T20047]  ? bpf_lsm_bpf+0x9/0x20
[  449.920462][T20047]  ? security_bpf+0x7e/0x300
[  449.920492][T20047]  __sys_bpf+0x528/0x870
[  449.920519][T20047]  ? __pfx___sys_bpf+0x10/0x10
[  449.920553][T20047]  ? ksys_write+0x22a/0x250
[  449.920582][T20047]  ? __pfx_ksys_write+0x10/0x10
[  449.920611][T20047]  ? rcu_is_watching+0x15/0xb0
[  449.920634][T20047]  __x64_sys_bpf+0x7c/0x90
[  449.920658][T20047]  do_syscall_64+0xfa/0x3b0
[  449.920688][T20047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.920708][T20047]  ? clear_bhb_loop+0x60/0xb0
[  449.920738][T20047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.920767][T20047] RIP: 0033:0x7fb969f8ebe9
[  449.920785][T20047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.920804][T20047] RSP: 002b:00007fb96ae0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  449.920826][T20047] RAX: ffffffffffffffda RBX: 00007fb96a1b5fa0 RCX: 00007fb969f8ebe9
[  449.920841][T20047] RDX: 0000000000000090 RSI: 00002000000004c0 RDI: 0000000000000005
[  449.920854][T20047] RBP: 00007fb96ae0e090 R08: 0000000000000000 R09: 0000000000000000
[  449.920867][T20047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.920879][T20047] R13: 00007fb96a1b6038 R14: 00007fb96a1b5fa0 R15: 00007ffc90658f18
[  449.920901][T20047]  </TASK>
[  450.249907][ T5086] net_ratelimit: 2 callbacks suppressed
[  450.249924][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  450.294626][T20047] syz.4.3894: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  450.313392][T20047] CPU: 1 UID: 0 PID: 20047 Comm: syz.4.3894 Not tainted syzkaller #0 PREEMPT(full) 
[  450.313423][T20047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  450.313449][T20047] Call Trace:
[  450.313456][T20047]  <TASK>
[  450.313465][T20047]  dump_stack_lvl+0x189/0x250
[  450.313495][T20047]  ? __pfx_dump_stack_lvl+0x10/0x10
[  450.313518][T20047]  ? __pfx__printk+0x10/0x10
[  450.313544][T20047]  ? lock_release+0x4b/0x3e0
[  450.313574][T20047]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  450.313599][T20047]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  450.313624][T20047]  warn_alloc+0x214/0x310
[  450.313657][T20047]  ? __pfx_warn_alloc+0x10/0x10
[  450.313687][T20047]  ? __get_vm_area_node+0x13f/0x300
[  450.313715][T20047]  ? __get_vm_area_node+0x2b5/0x300
[  450.313742][T20047]  __vmalloc_node_range_noprof+0x326/0x12f0
[  450.313769][T20047]  ? lock_release+0x4b/0x3e0
[  450.313795][T20047]  ? lock_release+0x4b/0x3e0
[  450.313827][T20047]  ? rcu_is_watching+0x15/0xb0
[  450.313851][T20047]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  450.313879][T20047]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  450.313918][T20047]  ? lock_acquire+0x5f/0x360
[  450.313947][T20047]  ? _parse_integer_limit+0x1ae/0x1f0
[  450.313981][T20047]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  450.314010][T20047]  __vmalloc_noprof+0xb1/0xf0
[  450.314038][T20047]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  450.314077][T20047]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  450.314109][T20047]  bpf_prog_alloc+0x3c/0x1a0
[  450.314138][T20047]  bpf_prog_load+0x735/0x1930
[  450.314172][T20047]  ? __pfx_bpf_prog_load+0x10/0x10
[  450.314200][T20047]  ? __might_fault+0xb0/0x130
[  450.314235][T20047]  ? lock_release+0x4b/0x3e0
[  450.314263][T20047]  ? __might_fault+0xb0/0x130
[  450.314289][T20047]  ? __might_fault+0xcc/0x130
[  450.314316][T20047]  ? bpf_lsm_bpf+0x9/0x20
[  450.314342][T20047]  ? security_bpf+0x7e/0x300
[  450.314371][T20047]  __sys_bpf+0x528/0x870
[  450.314402][T20047]  ? __pfx___sys_bpf+0x10/0x10
[  450.314435][T20047]  ? ksys_write+0x22a/0x250
[  450.314464][T20047]  ? __pfx_ksys_write+0x10/0x10
[  450.314488][T20047]  ? rcu_is_watching+0x15/0xb0
[  450.314511][T20047]  __x64_sys_bpf+0x7c/0x90
[  450.314535][T20047]  do_syscall_64+0xfa/0x3b0
[  450.314555][T20047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.314575][T20047]  ? clear_bhb_loop+0x60/0xb0
[  450.314598][T20047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.314618][T20047] RIP: 0033:0x7fb969f8ebe9
[  450.314636][T20047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.314654][T20047] RSP: 002b:00007fb96ae0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  450.314676][T20047] RAX: ffffffffffffffda RBX: 00007fb96a1b5fa0 RCX: 00007fb969f8ebe9
[  450.314692][T20047] RDX: 0000000000000090 RSI: 00002000000004c0 RDI: 0000000000000005
[  450.314706][T20047] RBP: 00007fb96ae0e090 R08: 0000000000000000 R09: 0000000000000000
[  450.314719][T20047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.314732][T20047] R13: 00007fb96a1b6038 R14: 00007fb96a1b5fa0 R15: 00007ffc90658f18
[  450.314756][T20047]  </TASK>
[  450.314827][T20047] Mem-Info:
[  450.322302][T20049] dvmrp1: tun_chr_ioctl cmd 1074025677
[  450.326531][T20047] active_anon:9703 inactive_anon:0 isolated_anon:0
[  450.326531][T20047]  active_file:3530 inactive_file:40003 isolated_file:0
[  450.326531][T20047]  unevictable:768 dirty:234 writeback:0
[  450.326531][T20047]  slab_reclaimable:14411 slab_unreclaimable:135285
[  450.326531][T20047]  mapped:29383 shmem:1362 pagetables:1045
[  450.326531][T20047]  sec_pagetables:0 bounce:0
[  450.326531][T20047]  kernel_misc_reclaimable:0
[  450.326531][T20047]  free:1278028 free_pcp:14244 free_cma:0
[  450.335200][T20049] dvmrp1: linktype set to 769
[  450.340385][T20047] Node 0 active_anon:38812kB inactive_anon:0kB active_file:14120kB inactive_file:159808kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117532kB dirty:936kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12268kB pagetables:4032kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  450.373512][T19993] lo speed is unknown, defaulting to 1000
[  450.401192][T20047] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  450.463310][T20052] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  450.465045][T20047] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  450.794756][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  450.809331][T20047] lowmem_reserve[]: 0 2497 2499 2499 2499
[  450.815647][T20047] Node 0 DMA32 free:1208696kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38864kB inactive_anon:0kB active_file:14120kB inactive_file:158240kB unevictable:1536kB writepending:936kB present:3129332kB managed:2557448kB mlocked:0kB bounce:0kB free_pcp:41076kB local_pcp:20484kB free_cma:0kB
[  450.848196][T20047] lowmem_reserve[]: 0 0 1 1 1
[  450.848356][T19993] lo speed is unknown, defaulting to 1000
[  450.891333][T20047] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  450.949130][T20047] lowmem_reserve[]: 0 0 0 0 0
[  450.954083][T20047] Node 1 Normal free:3886340kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16004kB local_pcp:7648kB free_cma:0kB
[  450.985824][T20047] lowmem_reserve[]: 0 0 0 0 0
[  450.994841][T20047] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  451.007834][T20047] Node 0 DMA32: 1928*4kB (UM) 772*8kB (UME) 440*16kB (UME) 548*32kB (UM) 126*64kB (UM) 88*128kB (UME) 45*256kB (UM) 102*512kB (UM) 55*1024kB (UE) 7*2048kB (UE) 248*4096kB (UM) = 1208000kB
[  451.107854][T19993] lo speed is unknown, defaulting to 1000
[  451.157736][T20047] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  451.204042][T20047] Node 1 Normal: 223*4kB (UME) 69*8kB (UME) 52*16kB (UME) 189*32kB (UME) 42*64kB (UME) 12*128kB (UME) 4*256kB (UM) 4*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 944*4096kB (M) = 3886340kB
[  451.226557][T20047] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  451.237326][T20047] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  451.246976][T20047] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  451.256955][T20047] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  451.266364][T20047] 44892 total pagecache pages
[  451.268080][T20070] lo speed is unknown, defaulting to 1000
[  451.271351][T20047] 0 pages in swap cache
[  451.271364][T20047] Free swap  = 124996kB
[  451.271374][T20047] Total swap = 124996kB
[  451.271385][T20047] 2097051 pages RAM
[  451.271393][T20047] 0 pages HighMem/MovableOnly
[  451.271401][T20047] 425663 pages reserved
[  451.271410][T20047] 0 pages cma reserved
[  451.312942][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  451.333675][T20065] netlink: 'syz.1.3902': attribute type 4 has an invalid length.
[  451.389942][T20070] lo speed is unknown, defaulting to 1000
[  451.474758][T20089] netlink: 'syz.2.3906': attribute type 1 has an invalid length.
[  451.504868][T20089] netlink: 'syz.2.3906': attribute type 3 has an invalid length.
[  451.544887][T20089] netlink: 'syz.2.3906': attribute type 7 has an invalid length.
[  451.554205][T20089] netlink: 'syz.2.3906': attribute type 3 has an invalid length.
[  451.863343][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  452.139723][T20132] lo speed is unknown, defaulting to 1000
[  452.146474][T20132] lo speed is unknown, defaulting to 1000
[  452.192356][T20140] netlink: 'syz.0.3920': attribute type 4 has an invalid length.
[  452.313594][T20145] __nla_validate_parse: 5 callbacks suppressed
[  452.313614][T20145] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3923'.
[  452.337418][T20145] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3923'.
[  452.412385][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  452.691711][T20167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3930'.
[  452.897779][T20179] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3933'.
[  452.931536][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  452.931597][T20182] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3935'.
[  452.999849][T20182] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3935'.
[  453.188610][T20200] lo speed is unknown, defaulting to 1000
[  453.216320][T20200] lo speed is unknown, defaulting to 1000
[  453.472431][   T13] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  453.500707][T20222] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3949'.
[  453.506153][T20226] IPVS: set_ctl: invalid protocol: 255 0.0.0.0:20000
[  453.512135][T20224] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3950'.
[  453.547694][T20224] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3950'.
[  453.800514][T20241] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3953'.
[  454.031868][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  454.354397][T20277] lo speed is unknown, defaulting to 1000
[  454.368036][T20277] lo speed is unknown, defaulting to 1000
[  454.574352][ T3529] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  454.906093][T20310] validate_nla: 21 callbacks suppressed
[  454.906115][T20310] netlink: 'syz.1.3972': attribute type 5 has an invalid length.
[  454.933118][T20310] geneve2: entered promiscuous mode
[  454.938525][T20310] geneve2: entered allmulticast mode
[  454.955493][ T5086] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[  454.974255][T20319] netlink: 'syz.0.3977': attribute type 1 has an invalid length.
[  454.977038][ T5086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[  454.984953][T20319] netlink: 'syz.0.3977': attribute type 3 has an invalid length.
[  455.092244][T20319] netlink: 'syz.0.3977': attribute type 7 has an invalid length.
[  455.103456][T20319] netlink: 'syz.0.3977': attribute type 3 has an invalid length.
[  455.144670][T20326] vxcan1: entered allmulticast mode
[  455.154486][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  455.245540][T20331] netlink: 'syz.3.3980': attribute type 4 has an invalid length.
[  455.271091][T20332] netlink: 'syz.3.3980': attribute type 4 has an invalid length.
[  455.428508][T20347] lo speed is unknown, defaulting to 1000
[  455.449626][T20340] netlink: 'syz.3.3984': attribute type 4 has an invalid length.
[  455.459175][T20347] lo speed is unknown, defaulting to 1000
[  455.710960][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  455.899409][T20375] syzkaller1: entered promiscuous mode
[  455.917113][T20377] netlink: 'syz.3.3993': attribute type 1 has an invalid length.
[  455.920952][T20375] syzkaller1: entered allmulticast mode
[  455.943443][T20377] netlink: 'syz.3.3993': attribute type 3 has an invalid length.
[  455.959219][T20375] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma?
[  456.283507][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  456.358417][T20401] lo speed is unknown, defaulting to 1000
[  456.364846][T20401] lo speed is unknown, defaulting to 1000
[  456.519501][   T43] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0
[  456.537791][   T43] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0
[  456.556071][   T43] hid-generic 0005:16BF:5505.0002: item fetching failed at offset 2/3
[  456.566523][   T43] hid-generic 0005:16BF:5505.0002: probe with driver hid-generic failed with error -22
[  456.717634][T20303] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  456.771968][T20303] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  456.832021][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  456.979366][   T73] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  457.048147][   T49] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  457.089222][ T3529] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  457.116518][T20444] pim6reg: entered allmulticast mode
[  457.127619][T20450] pim6reg: left allmulticast mode
[  457.178423][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  457.393836][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  457.413132][T20468] lo speed is unknown, defaulting to 1000
[  457.433210][T20468] lo speed is unknown, defaulting to 1000
[  457.507646][T20470] __nla_validate_parse: 21 callbacks suppressed
[  457.507665][T20470] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4024'.
[  457.585039][T20475] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4027'.
[  457.602854][T20476] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4024'.
[  457.887944][T20487] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4028'.
[  457.933066][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  458.480894][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  459.002388][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  459.522418][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  460.040772][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  460.560758][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  461.080753][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  461.600744][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  462.121351][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  462.641137][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  463.160862][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  463.682058][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  464.201010][ T5086] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  464.721071][ T7175] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  465.240752][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  465.762269][   T36] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  466.280758][   T49] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
[  466.314818][   T36] bond1 (unregistering): Released all slaves
[  466.327321][   T36] smc: removing net device bond0 with user defined pnetid SYZ2
[  466.335331][   T36] bond0 (unregistering): Released all slaves
[  466.394742][   T36] : left promiscuous mode
[  466.441600][   T36] tipc: Left network mode
[  466.734981][   T36] ------------[ cut here ]------------
[  466.740501][   T36] WARNING: CPU: 0 PID: 36 at net/wireless/core.c:204 cfg80211_switch_netns+0x58a/0x5b0
[  466.750268][   T36] Modules linked in:
[  466.754332][   T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  466.763683][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  466.773783][   T36] Workqueue: netns cleanup_net
[  466.778568][   T36] RIP: 0010:cfg80211_switch_netns+0x58a/0x5b0
[  466.784688][   T36] Code: e1 07 38 c1 7c 8c 4c 89 e7 e8 02 b4 5a f7 eb 82 e8 bb 48 f7 f6 e9 63 fe ff ff e8 b1 48 f7 f6 e9 59 fe ff ff e8 a7 48 f7 f6 90 <0f> 0b 90 e9 7f fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a1 fa
[  466.804408][   T36] RSP: 0018:ffffc90000ac7860 EFLAGS: 00010293
[  466.810847][   T36] RAX: ffffffff8ac86289 RBX: ffff88807f828d80 RCX: ffff8881404c1e00
[  466.813199][   T73] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:51
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer)
[  466.818846][   T36] RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000
[  466.841508][   T36] RBP: 00000000ffffffef R08: ffffffff8fa38637 R09: 1ffffffff1f470c6
[  466.849515][   T36] R10: dffffc0000000000 R11: fffffbfff1f470c7 R12: ffff88807f828700
[  466.857577][   T36] R13: ffff888026eb5e00 R14: dffffc0000000000 R15: ffff88807f8288f0
[  466.865658][   T36] FS:  0000000000000000(0000) GS:ffff888125c18000(0000) knlGS:0000000000000000
[  466.874797][   T36] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  466.881475][   T36] CR2: 00007ffc90657fd8 CR3: 000000000df36000 CR4: 00000000003526f0
[  466.889570][   T36] Call Trace:
[  466.892923][   T36]  <TASK>
[  466.895893][   T36]  cfg80211_pernet_exit+0xa2/0x140
[  466.901074][   T36]  ops_undo_list+0x497/0x990
[  466.905699][   T36]  ? __pfx_ops_undo_list+0x10/0x10
[  466.910887][   T36]  ? do_raw_spin_unlock+0x122/0x240
[  466.916216][   T36]  cleanup_net+0x4c5/0x800
[  466.920800][   T36]  ? __pfx_cleanup_net+0x10/0x10
[  466.925759][   T36]  ? rcu_is_watching+0x15/0xb0
[  466.930538][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  466.936457][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  466.942235][   T36]  process_scheduled_works+0xae1/0x17b0
[  466.947818][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  466.953865][   T36]  worker_thread+0x8a0/0xda0
[  466.958496][   T36]  kthread+0x70e/0x8a0
[  466.962644][   T36]  ? __pfx_worker_thread+0x10/0x10
[  466.967799][   T36]  ? __pfx_kthread+0x10/0x10
[  466.972467][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  466.977703][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.982998][   T36]  ? __pfx_kthread+0x10/0x10
[  466.987630][   T36]  ret_from_fork+0x3f9/0x770
[  466.992296][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  466.997435][   T36]  ? __switch_to_asm+0x39/0x70
[  467.002270][   T36]  ? __switch_to_asm+0x33/0x70
[  467.007070][   T36]  ? __pfx_kthread+0x10/0x10
[  467.011727][   T36]  ret_from_fork_asm+0x1a/0x30
[  467.016540][   T36]  </TASK>
[  467.019582][   T36] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  467.026875][   T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  467.036185][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.046253][   T36] Workqueue: netns cleanup_net
[  467.051123][   T36] Call Trace:
[  467.054404][   T36]  <TASK>
[  467.057337][   T36]  dump_stack_lvl+0x99/0x250
[  467.061938][   T36]  ? __asan_memcpy+0x40/0x70
[  467.066539][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  467.071748][   T36]  ? __pfx__printk+0x10/0x10
[  467.076355][   T36]  vpanic+0x281/0x750
[  467.080362][   T36]  ? __pfx__printk+0x10/0x10
[  467.084958][   T36]  ? __pfx_vpanic+0x10/0x10
[  467.089551][   T36]  ? is_bpf_text_address+0x26/0x2b0
[  467.094776][   T36]  panic+0xb9/0xc0
[  467.098525][   T36]  ? __pfx_panic+0x10/0x10
[  467.102970][   T36]  __warn+0x31b/0x4b0
[  467.107012][   T36]  ? cfg80211_switch_netns+0x58a/0x5b0
[  467.112506][   T36]  ? cfg80211_switch_netns+0x58a/0x5b0
[  467.118080][   T36]  report_bug+0x2be/0x4f0
[  467.122424][   T36]  ? cfg80211_switch_netns+0x58a/0x5b0
[  467.127906][   T36]  ? cfg80211_switch_netns+0x58a/0x5b0
[  467.133381][   T36]  ? cfg80211_switch_netns+0x58c/0x5b0
[  467.138847][   T36]  handle_bug+0x84/0x160
[  467.143096][   T36]  exc_invalid_op+0x1a/0x50
[  467.147603][   T36]  asm_exc_invalid_op+0x1a/0x20
[  467.152458][   T36] RIP: 0010:cfg80211_switch_netns+0x58a/0x5b0
[  467.158537][   T36] Code: e1 07 38 c1 7c 8c 4c 89 e7 e8 02 b4 5a f7 eb 82 e8 bb 48 f7 f6 e9 63 fe ff ff e8 b1 48 f7 f6 e9 59 fe ff ff e8 a7 48 f7 f6 90 <0f> 0b 90 e9 7f fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a1 fa
[  467.178145][   T36] RSP: 0018:ffffc90000ac7860 EFLAGS: 00010293
[  467.184218][   T36] RAX: ffffffff8ac86289 RBX: ffff88807f828d80 RCX: ffff8881404c1e00
[  467.192198][   T36] RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000
[  467.200170][   T36] RBP: 00000000ffffffef R08: ffffffff8fa38637 R09: 1ffffffff1f470c6
[  467.208145][   T36] R10: dffffc0000000000 R11: fffffbfff1f470c7 R12: ffff88807f828700
[  467.216121][   T36] R13: ffff888026eb5e00 R14: dffffc0000000000 R15: ffff88807f8288f0
[  467.224113][   T36]  ? cfg80211_switch_netns+0x589/0x5b0
[  467.229589][   T36]  cfg80211_pernet_exit+0xa2/0x140
[  467.234707][   T36]  ops_undo_list+0x497/0x990
[  467.239302][   T36]  ? __pfx_ops_undo_list+0x10/0x10
[  467.244414][   T36]  ? do_raw_spin_unlock+0x122/0x240
[  467.249636][   T36]  cleanup_net+0x4c5/0x800
[  467.254055][   T36]  ? __pfx_cleanup_net+0x10/0x10
[  467.258996][   T36]  ? rcu_is_watching+0x15/0xb0
[  467.263761][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  467.269509][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  467.275233][   T36]  process_scheduled_works+0xae1/0x17b0
[  467.280798][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  467.286792][   T36]  worker_thread+0x8a0/0xda0
[  467.291393][   T36]  kthread+0x70e/0x8a0
[  467.295477][   T36]  ? __pfx_worker_thread+0x10/0x10
[  467.300597][   T36]  ? __pfx_kthread+0x10/0x10
[  467.305196][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  467.310398][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  467.315630][   T36]  ? __pfx_kthread+0x10/0x10
[  467.320235][   T36]  ret_from_fork+0x3f9/0x770
[  467.324853][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  467.329974][   T36]  ? __switch_to_asm+0x39/0x70
[  467.334760][   T36]  ? __switch_to_asm+0x33/0x70
[  467.339534][   T36]  ? __pfx_kthread+0x10/0x10
[  467.344166][   T36]  ret_from_fork_asm+0x1a/0x30
[  467.348992][   T36]  </TASK>
[  467.352425][   T36] Kernel Offset: disabled
[  467.356767][   T36] Rebooting in 86400 seconds..