last executing test programs:

59.270536829s ago: executing program 2 (id=2390):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x144, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x40, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xc8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x188}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45", 0xc8}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

58.916240532s ago: executing program 2 (id=2394):
epoll_create1(0x80000)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000780)={'ip6_vti0\x00', &(0x7f0000000ac0)={'syztnl0\x00', <r2=>0x0, 0x2b, 0x9a, 0x1, 0x20000, 0x5, @empty, @local, 0x7800, 0x700, 0x81, 0x6}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7fffffff, '\x00', r2, r1, 0x4, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040800)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

45.887636702s ago: executing program 2 (id=2394):
epoll_create1(0x80000)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000780)={'ip6_vti0\x00', &(0x7f0000000ac0)={'syztnl0\x00', <r2=>0x0, 0x2b, 0x9a, 0x1, 0x20000, 0x5, @empty, @local, 0x7800, 0x700, 0x81, 0x6}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7fffffff, '\x00', r2, r1, 0x4, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040800)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

34.939807667s ago: executing program 2 (id=2394):
epoll_create1(0x80000)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000780)={'ip6_vti0\x00', &(0x7f0000000ac0)={'syztnl0\x00', <r2=>0x0, 0x2b, 0x9a, 0x1, 0x20000, 0x5, @empty, @local, 0x7800, 0x700, 0x81, 0x6}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7fffffff, '\x00', r2, r1, 0x4, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040800)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

22.576429422s ago: executing program 2 (id=2394):
epoll_create1(0x80000)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000780)={'ip6_vti0\x00', &(0x7f0000000ac0)={'syztnl0\x00', <r2=>0x0, 0x2b, 0x9a, 0x1, 0x20000, 0x5, @empty, @local, 0x7800, 0x700, 0x81, 0x6}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7fffffff, '\x00', r2, r1, 0x4, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040800)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

13.726563861s ago: executing program 3 (id=2807):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf20000000000000070000000f0000002d030100000000007300ffb1000000006926000000000000bf67000000000000150002000fff52004507000010000000d60600000ee60000bf0500000000000073700000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8473e2060d60bb39d0af449deaa27ea949e8f9000d885dfea2783835e29eb532ba8546fc020c196738b5f32b095f5d5b196b9e8d897e461c01c697671d1000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000000000000000000200", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000240), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet(0x2, 0x2, 0x1)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafb", 0x240}], 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x49, &(0x7f0000001880)=0x3, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0xa4, 0x0, 0xda}, {0x6}]}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b405000000000000711063000000000066000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$int_in(r7, 0x5421, &(0x7f0000001100)=0x2000000009)
connect$bt_sco(r7, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000002a000b0000000000000000000500000008000300040003000c0001"], 0x28}}, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x25dfdbfb, {{@in=@multicast1=0xe0000002, @in=@broadcast, 0x0, 0x0, 0x4, 0x0, 0xa}, {}, {0x0, 0x0, 0x1000000000}, 0x0, 0x6e6bc0}}, 0xb8}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
setsockopt$sock_int(r6, 0x1, 0x28, &(0x7f0000000040)=0x6, 0x4)

11.473400138s ago: executing program 3 (id=2818):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0)={<r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r6], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffff5e, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_pressure(r7, &(0x7f0000000240)='cpu.pressure\x00', 0x2, 0x0)
r9 = getpid()
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000840)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@local}, 0x0, @in6=@private0}}, &(0x7f0000000640)=0xe8)
sendmsg$nl_generic(r4, &(0x7f0000000ac0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000006c0)={&(0x7f0000000940)={0x150, 0x31, 0x2, 0x70bd2b, 0x25dfdbfc, {0x8}, [@typed={0x40, 0x48, 0x0, 0x0, @uid}, @nested={0xb5, 0xdb, 0x0, 0x1, [@nested={0x4, 0x131}, @nested={0x4, 0x22}, @generic="5532e41f98ac6731326724fe31dedbbed42b349d21650ccb3d0a01bce6512a1df2de9ec65e1a4a02ff0685c3dde673fd0885a2858d9d8a6b1f5f1cf6eb89f0cd5785b6784c6d6192e1118615472f2581237e8a241e2514b8ebfef2bfaa52ad416b914926d7887f9040a054b7d872533647faf111f33b159a50f8ea72bc28fed1e08b4b650ffc390d89a35f3e47", @typed={0x8, 0xd9, 0x0, 0x0, @u32=0x70be}, @typed={0x8, 0x6, 0x0, 0x0, @pid=r9}, @nested={0x4, 0xbc}, @typed={0x4, 0x7b}, @nested={0x4, 0x2a}]}, @nested={0x74, 0x67, 0x0, 0x1, [@generic="1a167fc9ab019c44acc24ac04eb250bfcabb57a27392f999be2a7421b023f09096ddb20383f3e104ae42d54a4e49a246ab2afabb1aa7f2a3ce7ca85b89e809ea02949bc4f9632434f8a628c6fa0c99845b7c56af1e65a424e93ef2c1befa458562d9a91906d82f25", @nested={0x4, 0x73}, @typed={0x4, 0xe7}]}, @typed={0x8, 0x147, 0x0, 0x0, @uid=r10}]}, 0x150}, 0x1, 0x0, 0x0, 0x4004}, 0x40)
sendfile(r8, r8, 0x0, 0x40000000000004)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYRESDEC=r5], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x580a3175}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r12, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

11.2268233s ago: executing program 3 (id=2821):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000004680)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483ad4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f03000000000000005dcf4f2aaee86d4802000000000000007cdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c7894010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c83ab6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f5078191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c94c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d8000000000000000000004000000000000000000000000000000000000000000400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b3966950000000000000000c187da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a14591f26b7b538c9bb22f6a2f7a34d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250f6b8520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118afdba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91ae3a75ca15eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592691d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc00000000002364bbd93964a8d0bdc802b9be2563838a91802e3deb150a6a97a73b168ccd8f7872"], &(0x7f0000000040)='GPL\x00', 0x4, 0x1076, &(0x7f0000000300)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp=0x7610, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

11.062502725s ago: executing program 3 (id=2824):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRESHEX], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
syz_emit_ethernet(0xa6, &(0x7f0000000580)=ANY=[@ANYBLOB="ffffffffff0000aaaaaaaaaa86dd6000000000703afffe8000000000000000000000000000aaff02000000000000000000000000a30000009078000004000000000000000000030abd3e6d4706598080a80300378927fc503b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e7145b681ac1e79d1c879b6573822374a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af03020001000000050000000026000400"], 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000080)=@hci={0x1f, 0x1, 0x4}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="75444ea2a6d654bb170f5813728cfa70e0f68b2007c73f133a9dc7f3cb6fd60ad7284d8c1574677280991a71fa4716922883824547cf501799878a8e492d3cc2b9d60b375db215abff8b5dba21aff8b54ff96ca87bb2472aba6fc38705f7", 0x5e}, {&(0x7f00000002c0)="2ac27da26a1aca4fbc7f7c5c5a1269046feb6e8de27882cd2965175ce0bb4dcd244f773361f97d5e70efdb35024dc3f7f1a0d35ab320f1d02702dfefb3b78fb213aadfc231b5f001412a38e751d22bc6d834b5317039be7fa0159039ce0058ad794b557e25c094853d0b0d448249343416ab5c385d1958037f00a2e17ff7f0321c16f44d4c84b75e71707c611ca00f8d74afeb91b7d1a25d7ad1b37432f62d6bb4bebdb2ed80d137732e92618d10fbf6135a9cce6640fc23348f0d0b7539fff043fe9330dd82d3aa1849b85bc4cf955e63", 0xd1}, {&(0x7f0000000480)="b45fe82f4549757038698127192ce37aef99f53bdd2649bbfc746e4215cf4958f78115e4c7aba954770218aee2877712740c12dd4a110d543d520417d58cca86d114958408895ab5a42cbbc10187fe81366238e2577d269d191800b5a07ab4fcbd0f53f706fdf77d6250bc882c457e4924fa7df3354e89359433fa795f1f7ba713a4cf948394095e2c49e0f9e18121d43d23f81237ce780266a7ac0b1fc964bd3d4644095fbbd75d2c07", 0xaa}, {&(0x7f0000000100)="1721617045183074d9135402be283cfeb0fa01045fc15b59110e6fdaf0801a5f42c5aa63c4c1dafdfb4243d264", 0x2d}], 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="c00000000000000001010000ff030000d4c85d93622015826a0537703cd2736ce4500820e145574942444a16210a30755e8294260613398b20f774020d79274c6514bae2a44ba266ac7b7c36854f3e705beab291d6761facb298243cda1d354ee7e30e39028f3f518847afa43edd7c2a472a2c6461a23eed44942e9e7a84a2cb36553e4347cecdd24dfcbf6de6c653d9dbd2d6c0d8d76611690fde54c01fa67618a0b6f4d5c031914eb4edb6bc538197ea05243bddc2e6c1ddf48c1400000000"], 0xc0}, 0x20004)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000140)='fib_table_lookup\x00', r0, 0x0, 0x417}, 0x18)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000a00))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000040)={r2}, 0x8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x2d, 0x0)
recvmmsg(r4, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1f00000000000000a68e21ea0c579dd573da7814ebbd0c4d5d6e6b26c1bd67c789d9e6b7a1c3c8471ee8a60930cfe7264dd689fd1596a98ec6823e6ce7353da32cffffc41091d49c01dab1056494fa5762fd156eb595902d5750d6e3d2446586a2489e9dec4471be69144b0e92bbd50ab2abb2f0b8532a68792c76c94a96cf00554b8ebd895dfa060ad15b628486d08689e5978eef25a922ff99da70e9b15adb347b2f688f9bb8f136313ba487c0ed4294d89bf946603f298c36f62a510bc3470ce35e4b672110949a151d191634f29d5df9c7c8035c16519f4b390abcfb8fcb087b6c87f95411166e", @ANYRES32=r3, @ANYBLOB, @ANYRES32=r3, @ANYBLOB, @ANYRES64=0x0], 0x20)
connect$netrom(r2, &(0x7f00000008c0)={{0x3, @null, 0x2}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r5, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r6)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r6, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x40, r7, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008045}, 0x24004800)
sendmmsg$inet6(r5, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0xff, @mcast2, 0xfffd}, 0x1c, 0x0}}], 0x1, 0x4040840)
recvmmsg(r5, &(0x7f0000002280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)}, 0x5}], 0x1, 0x12141, 0x0)
r9 = socket$kcm(0x2, 0x1, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000009c0)={&(0x7f00000020c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@func={0x2, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x61, 0x61, 0x51]}}, 0x0, 0x29, 0x0, 0x1, 0x699, 0x0, @void, @value}, 0x28)
sendmsg$inet(r9, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x4000080)

10.070776981s ago: executing program 3 (id=2831):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES16=r1, @ANYRESHEX=r0], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000c40)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100ffffffff000000000c000000140003800400040008000200ff7f0000040001001800020076657468305f746f5f626f6e6400000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000000c0)={'vlan0\x00', &(0x7f0000000000)=@ethtool_link_settings={0x4c, 0x4, 0x4, 0x7, 0x40, 0x7, 0x80, 0x1, 0x35, 0x4, [0x9, 0xffffff18, 0x40, 0x800, 0x3, 0x5, 0xff, 0x91e]}})
recvmmsg(r0, &(0x7f0000008200)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000380)=""/172, 0xac}, {&(0x7f0000001f40)=""/223, 0xdf}, {&(0x7f0000000980)=""/51, 0x33}, {&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000002d40)=""/4115, 0x1013}, {&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f0000004d80)=""/4096, 0x1000}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x3}], 0x5, 0x2003, 0x0)

9.900561265s ago: executing program 3 (id=2833):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x128, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x48, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x98, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x20, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x4}, {0x4}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x16c}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b000000", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9.717550711s ago: executing program 2 (id=2394):
epoll_create1(0x80000)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000780)={'ip6_vti0\x00', &(0x7f0000000ac0)={'syztnl0\x00', <r2=>0x0, 0x2b, 0x9a, 0x1, 0x20000, 0x5, @empty, @local, 0x7800, 0x700, 0x81, 0x6}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7fffffff, '\x00', r2, r1, 0x4, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040800)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

3.070540176s ago: executing program 1 (id=2868):
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f00000019c0)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x123, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r5], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$NFT_BATCH(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x140, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x40, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xb8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x5c, 0x2, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x4}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x184}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = socket(0x840000000002, 0x3, 0xff)
setsockopt$inet_int(r6, 0x0, 0x16, &(0x7f0000000000)=0x9, 0x4)
sendmmsg$inet(r6, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000002074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000001140)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}], 0x1, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.959658635s ago: executing program 0 (id=2869):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x100, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x3c, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x7c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x20, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x144}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.761387698s ago: executing program 1 (id=2871):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x150, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x48, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xc0, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x64, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x194}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r5 = socket(0x8, 0x3, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{@fixed}]})
ioctl$sock_netrom_SIOCADDRT(r5, 0x6180, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r5, 0x4040942c, 0x0)
sendmsg$kcm(r5, 0x0, 0x4000880)
recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000880)=""/83, 0x4d}, {&(0x7f0000000200)=""/83, 0x53}]}, 0x102)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.756020863s ago: executing program 0 (id=2872):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
ioctl$BTRFS_IOC_SNAP_DESTROY(r3, 0x5000940f, &(0x7f0000001300)={{r3}, "d99716514a98762e71bc9d5e79bd2f74126f8be87c7e892337bf1622acbc3c3851058b0b931de3f413f2a833855a99517307ee7d05e08ca20c3ef222cbecd4f31517f582c43e8040dcc59f34f152e07386c145460ae42c142d4ef778cab61ad02364500e8d51371d3d90b083d2a9f7e28db649684177fdc6db88f880fe172a008a224dcdfd3c50b404433b6c689173330e683b147692cfbb4415806d11046f072236fe062766b0d36b64c80e171e6209751870bc0557c5c1cb7d475c0afaf6afebcb84a7dec615356607c48b14e2a1d732676800353860b0dc4a7972b9ae9d330ff7747de261c4e6e143cfb5b5a97f75b5f0fa87dfa087c86bb30634566fa0e3025ae68dddf47bddc18322a84f23e5b91fbb0571941d438946f1615954c8cc4bf9fb8afddf50e5e4c8a8d603c79c6e3cd1438df48b05ec30493d59d52c7a77f79df2314bd44c1b2f04652925e2976c70705aa77570a55a6926cd9a5aae5ba49d22265389a59086a0e54c38a35712f535004a62203d3ed04d420f0b0b8befcc499e973675a4e515a0c983f0b64c34fbb1c4124804b0d3ceccff1ddaa0ef61e86bcb3c65b8382dd2428d945c784d7f25533936e631c5b8b7d1a744bf58f8ba947930b4fd39ed83764a1032d2d04c6e85780d70f982bcd0c393dd92cddf092704ffdc7451c46e792b4b2f8362efc6496ca9de94bbed42bf76d5366ed89714b9b76d86dbd4716e7672263191165c513bd231e0c9a4d7cb3278daa14ec04bc4163566e3ffbde4aef63843f801dc6a76a140327be4fd794cecd1c5c90b5045700d884d69f7751ce024ad934c4430751f3aa42d7af2ef75a55e78e30bbf68ad4200c5450886acf10ee6d4cb26c32c1317ded0b60cad0ed0082fb3bd60fc6ee55f934b463b8c55f53e2033e43feb43906525403f518c153c56308821dfbba5bba3202711c8b9940d423114aa919f52cbf2cfd56f2c1082709d6442ff91850d272f685048b789457382fdd6f56157c89101ef9c212f7a1d3eb1ea4951d309b3d1e8776e0f9a5b3ef7be0d85c7d618fe36707c5b12671788c8573e346f60aff174f435508fe0dd9ae254f292e23afe7defb677c32d86f698d9c933383da479ed205648ebbdfc6571829ee067dee265dad52d66ed67ce4b00f21d0fa6158d7174961814d44f2aef61e0db11d3b20998c005eff0833e3e647f55bc67ed1946537886e4c01ea7876080cc69203b3a662d67b7d028bae4000ef8410f516f1abd871c81dce429c9b297abee20ed147c6636ff3681cdcf1d8ac880e1fb2a517c2198c06f0bdc1cdd3282d8e98871608d8708e188520f91986c6f2f04b29d9b3b782cfa0027966df795809928002305284cc9286439249e50931aa982b2534b19056c635480cd393bb966efc124c68b12d4c3c00006e3283321e25fefca8cd985e5b1b9ee9759e7264fcdd0c1f62a80c204bd283ff319898ac5c60e609b0bc43a26f95676aa4af0f4e1842f865c3f7d4970764a3a8edcc0f82ef5e72d5362734571af45e3fc3166cadb1f106f6b485ad599f0603adf85bdb3e3e5dda4a051e70921e130d5bfa65e091a12d6edcc2e8e1faa5cb0cac2b7f2ff712c384bffe2fadc8827782cce068f9de4bdf3a6374794671b9af293221c16a5aeb010f8dbf2b3dd87b67c70430a1b391500e46005a9bd9dc1510de0aab00997d021f87d4701556b4defb6238918559a1e18613eeb8669c1fea43f12dff84d7aa5a450a157b4e06624baae87f8856bd9dce80fe7a3e5378a0448fdc879c00d8ac7cea245f2ade76ace7a7e63212ef5f1ecb6efa220df376b24377cabbe6cc91436d23e6d263929124711e457a7446240130b3a915e72012592ef8b5766476b206efec3e170a6915052234832b1fdeb5a546ceca63bd8294a5e6fe5b65f5744cde264e868ada0b8bb858a64547030149e917ec83196323321079ed1e64c83d3e500b2eca020046b3298987d0712ad74ee64e2afd72b67c1dd4263fca692bb6d5de8e5b010b5dd5d22d98f300ba7f66b40950f91eb09aea5bc7648bc6b60c648599e9455a1c8f3c204f13ad8f2a1c85791f750ee629e833bbb99b4a7874c43fc55a9165a708f5aa127491b251bf608c1ff115092718f6c30479c24f13055c8a2f6a15dca0b12f4625823c4b808a5969e3f0da0b82ab7523b6e73af03d173b3c661601cbba240bc1aaf971e38a4422b635e94cffa3e902b6176db6f761e7c4694f55bbd8eece4a98b0692f5430b259f8225865dc0e8a7fcb9661412244e16d9300d3db45bb732145d0efb175e7c0f477d949bb225df922e63bd79adc9586ef9bada649fdf643d5b6d5a1b5e157c303d77b569303848df9e4ddba9e3d20ce3d2a6a3e44c1002399fac328c8846f8d8f886497df9541b5910b3f61239ca109065aa4f2672b3313df0b7c69ea71d7c12bfd0626b758121cf56126c61a2059aa993c8c9bd309bed449960c4e212e1758ddbe1e1139cbd91b824c2bdc23caf47380dad6fb022486d634249b8fe1994343a7002b7f686becfb4d09224aa31a463b8af2d6e61051dff2b0cbe885e2ad38de9c84de47ac15aa628a97d1953d630179c90a60803e47152f3719185318af76ea3e71f71de6aa432d21b338f4f90bebccc32294af428a3b3968f6688e19276457c0cca1dc42c567c966980824578c31ce9d95cb366d91f4b18bb40aace5d04719cd03acde59e313dd63f81ff49a6b57bc39c5de5b42c11a9ef71efa0fff1158409cf2dfa0fd1f24cda62e90ba2723ea64f1dc668ae666102bc12cc3881778e3a40a4033bceefa44a647012bf656f8d6affe6a4d0155715a2263b89aa04dea917481e812cac6c07c7550676a327dfb87331fb38c9c6c3ad736f15479b4df247563ea44e427f410e511c08fec000bb84f5fb83caa04b4b2786c376d4845f8223462b104025be4f67bc8367c8573d05b11fd0e61df7fbd431ea01cad1c73478f227205e90b759965501be24b92eaa22bb4c3645ddc0cea876b72735745753079864536a7236eaac535b06d1fdda38e564e9f8436e2b397fcf9638b11917a17e1d06474c37f0836018b07779321c19457b81b731c6958b748b15e6614513f48db2db1b46c2e4437415b8a5a8d703b224402c5e39dd6aae6b8925613871e52200ef4eeecdb1611ad445f3311fcf45e54acffd33fa7e68dbad53e2a5d1cb2d1e7aecbea7769b0d004ea0f4407417328ed7eb8deaefc26678bd6f40670138032b6ed8916cb745b6c31bdf0684230c5ad51703d8bce8f374b533724b42d4cf9c671d3797b4cce63615cd6df7ddd5e33526641dcdd9f4d9fe555a3dac55e32bab6a1e7a3efbb1c73093b966e90fc3879303e3c02a34cece40daa103b94308dcb7473e57f5bd38fcd4478c782a87b9591e88f86b511380d9d33c08ac7f68c45a5c040b724eb24628e8ed9426f740b6ca6ceed295ba96ed553ad5f5b30b2209ff63a711b31e68d6a2a5002fa65d311af095a4b3497f0d4490b60de728ab470c30b9962969bd382956a19705e71f8ee1bab75de51dd8274a80173b3a1f5eaf71ca9ea3eabc6bce6ec864060ceb292126d014d4d3f6af5b055c4f3a11f790662f141724a35bf45c17ead1386b0949a3510ddb75691527ae331ff31c241d9b19515b8dd16451437dbf23c2645a7ed6bc5493340cf588377d599cfb8d2b6f94336780e714d07b66ec5b21866b5d2292b2cb86538a2392ab3a337b8ef4402cd6ff575ed5864b3afece82114e81e8f320c142c8dc72cc34537988d9481f6e133ba05b3eb9a1ac3e976153a69823a3c42fe6301c9761b52b4234cf3d23bd1f7f27c2127dfee5e0f9b61826a5afd12bf6722fdc38a986625dea644697704e76e7cd93a571449d3c179de9807b7b6260422e7c45e6699efa136200a6549021669c1fd0a7f85b357aeb65255f3b047853eb97d8e18ee3e31f6c739c950353d89222d28b673ac5a287af11f61de9a0c44fca9d383d32c73b64d0b92e3982983dc1906a8214362fdb64b703f55f9439c761174ebbe99641d8a161853efb28ff6fb73d23a78782b1aff8b32fad19669d4a2e20b0084a990ebfff5d6655aec19943da9e8994ebceb1c163b4fe627fe93ea9d347b1f90bb133ec8923f7e7c2f7c781f33436f491df30faaa64e91f5fbeef158d66f1108391651dbe7a188b3b52fbf2614f191312dc86b6dcf426f4fc00d1dd24098eeb49a680e2a50b2d84e7677f50d4e43a7a0b9380e8dd581b23601adefdc7a06e87edc4fa3d088e2a1dc354b7830fdfaaf2d7a1ea741049c5a9288f4225475eddd59b14e62dcb3482537b9a10f92c5e0da1d74535f5973ed44a3f3a04837fef53ec7bfcde78eb06bd5686d4f687ecfb11a969f7c9f0a52108e285db199e24e11f4b3ccc9314f83ddf4e7677cf74e7c0c6c085873a2c940c2ff407602f0b5be15f4a789c5785a5a80f350a68a1ae41be86df1c62bdb21af3ba7d3f80fa054d2441daa1c6431bd68a623181720663c66f6002559983973ecda0b70a845b21ffcaf18a88c5eb2582e1e242bb5b4c1a84219958916ba53599256673acc2bd5815f401e4996567a948882e5a708af4120afa08e5491e2ccc1da3dab09535e86844f5a67c43e8064d1d30d2a3fda93a4d100241cac6a665a67c9fef7ec45b785a483ec6db0e6f03a0a0537d95e74c4d61a46f20ef5299f9c727814da9f82a6b3cf09e8ee9d981cb985382a21be1af887b6b4c82f95ec09a1b8f89f03dd1013757c91a78578fd295c3040721af3716fc7f3b43b2c64498010e005d623e8a7af0235f7f98a84f696b599808a9c4f85b38c12d2d6cc7843d3ede34b79e2c1faa2cf179def7c412e49d2282d422f4ffd8bdbb95b7a65611d1a2a8d3da80c2c6bb3a677a152a4998977124f9c40b9cdf0af4135f2372790d3a75e4d9b28ffba958a67b3b342ae4f19f2aa493ff7a1535460598f79f88ecb34b26ca5e46eaae44af33c859bbf414977d0bb5ef148a9ca75db7dc9c7ae9375c73e2b0b106503162ecbec8b40113c55c2bc32420942a2bd0bf4ed9aa6151d8b79525df95c7477a95b829716b325b6a96d37c9ed254063410787b3f202a189a7d5a6aa9f06ea50336c0ad4f1cdad46fbd58fea2a9b9a7b39188854637740c4ff87a47a50cc9b14a3f793b44de18194ddb2ac6cd4283b1ddd89a741c826d206fed855e03976d53e8fffcdeb7b1811ae8c363b52ae5f10d2501153118ec8a8861bbdbd443438bb6a7cf1977e29cb403e323a5e69be5b229f639962f212741d6b0d1d2c4063129b812fc0e154ff5be6eea1664bf1b8de8e899634a07e839c1144647af5145984d7db9962f4b53bd387a2ab3f766fd55c0786c214a12fa37babd4aae1a154a8390cc9521037eb7a68d0571fd4799659193490b8dae0742e94d59a43001615c498708d6ed8e1864cdac46eb3d1f3f6d67c421b8058acb336c7418a589c2a09a42ac059c6af8e0c034c7a75c8283a787dac212a2ac700ebe525da49a1623ff7a4199386b0f0ae3cd85fd501bbefb1be8f98a5e98968cdbdfb3fe086ce7d4f2ed4f8f2ca90843d664ba1056faf1b91db1853989359888774a04347a78a85d7e44b4d52fdf26386cfb3364e11734509fd94b653beebdcb99b2264e7b477b24b3e6f947f0b3702ab98ea0c0ea25193d2c5c0fdaedb06e35cf437c6185f3275443f4d22b150743903c80c73185262ae4d1d419ba427c9254ebe00a638f8bfb559f3ad8d5833e285bb28d10620456e2203e0e0e8e2dab9f1616dedb180612ab722c"})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c0001800600060065"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r7, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000080)={0x34, r8, 0x2986b594068de4d5, 0x0, 0x0, {0x26}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4008050)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a320000000008000440040000000900010073797a30000000000800034000000007"], 0x64}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f00000000c0)={'tunl0\x00', &(0x7f0000000280)={'sit0\x00', r4, 0x40, 0x1, 0x2, 0x67a, {{0x19, 0x4, 0x2, 0xa, 0x64, 0x64, 0x0, 0xb, 0x29, 0x0, @private=0xa010102, @multicast2, {[@timestamp={0x44, 0x10, 0xd5, 0x0, 0x7, [0x101, 0x5, 0xfffffffb]}, @timestamp_addr={0x44, 0x2c, 0x24, 0x1, 0x8, [{@rand_addr=0x64010101, 0x3}, {@empty}, {@loopback, 0x800}, {@empty, 0xffffffff}, {@empty, 0xa}]}, @generic={0x7, 0xf, "4102ff27145fd0611196093687"}, @noop, @generic={0x44, 0x2}]}}}}})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40004)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r14=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r10, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x30, r11, 0xb97534d5fe9700cf, 0x2004, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0xfff7]}]}, 0x30}, 0x1, 0x0, 0x0, 0x14055}, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000004c0)={0x68, r11, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x47}}}}, [@NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x10, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DEFAULT_TYPES={0xc, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_IDX={0x5, 0x2, 0x5}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0x68}, 0x1, 0x0, 0x0, 0x8135666788691372}, 0x20000000)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0xfff3}, {}, {0x9, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x47, &(0x7f0000000140)={&(0x7f0000002e40)=@delchain={0x24, 0x64, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff3}, {0x0, 0xe}, {0xb, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

2.458400669s ago: executing program 4 (id=2873):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x140, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x48, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xb0, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x40, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x64, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x184}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.457071851s ago: executing program 1 (id=2874):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000380)={0x2a, 0x1, 0x3fff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000080601030000000000000000010000080500010006000000ff"], 0x1c}, 0x1, 0x0, 0x0, 0x20048040}, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000000005e000000020000060300010007000000a2d6bd6cac5aaf9000000000"], 0x28}, 0x1, 0x0, 0x0, 0x48090}, 0x40000)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, 0x0, 0x4000)
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}}, 0x14)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000420040008002900787d040008001b0000000000080028"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x884)
sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000a0850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000007f0a0003401188a8270081003e0008004900002cfffd000000010378ac1e0001e0000002440c1463ffffffff000000094404b4830f009078000100c7"], 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r5, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r5], 0x40c}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r6}, 0xc)
sendmmsg(r4, 0x0, 0x0, 0x0)
bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x2, 0x2ffffffff}, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r10=>0x0})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x64, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x1006, 0x60}}}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x5}, @device_a, @device_b, @random="73a733119de9", {0x0, 0x5}}, 0x38, @void}}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0xf8}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x84)
sendmsg$NFT_BATCH(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000200000a20000000000a050000000000000000000100000a0900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000084000000060a010400000000000000000100000008000b40000000005c0004802c000180090001007866726d000000001c0002800800024000000006050003000000000008000140000000092c00018008000100636d7000200002800c00038005000100ac000000080001400000000908000240000000050900010073797a3000000000140000001100010000000000000000000000000a000000"], 0xf8}, 0x1, 0x0, 0x0, 0x4}, 0x0)

2.268033863s ago: executing program 4 (id=2875):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000400)=0x3, 0x4)
bind$can_raw(r2, &(0x7f00000001c0), 0x10)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000100)=0x9b3f, 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x8, 0x0, {0xc}}, 0x14}}, 0x0)
close(r0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0xb8}}, 0x0)

2.109948148s ago: executing program 4 (id=2876):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x354, 0x30, 0x300, 0x71bd22, 0x25dfdbff, {}, [{0x4}, {0x33c, 0x1, [@m_bpf={0x9c, 0x6, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x5d, 0x6, "bfb48d1c9cbd39c403490f71e7c26903a2429639badf09f7f1460a1a37776d69ba43d012403ff817b805f05e15fda7d5abfefd6f88a71220a3dc2a6660c265b59ed90ce6980eda6d48215f2ed37602646c6855209b52b2022e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_csum={0x84, 0x1e, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4000, 0xfffffff7, 0x0, 0xff, 0x7}, 0x44}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x40, 0x80000001, 0x0, 0x2, 0xfffffffe}, 0x25}}]}, {0x1f, 0x6, "98eacc61cf6afd50fe380ede617c02066c7a79184224f084d6e1df"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_csum={0x130, 0x1d, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x20f, 0x7fffffff, 0x5, 0x7, 0xd}, 0x10070}}]}, {0xe6, 0x6, "f0b8bf92cf8611111a0ff27fcc8825ca405600cfd0f6876d2892df6b5723118bb7d9d86de0a2706031cc8c62f7d1b04f3a9ed11665c75023f87c16ce970413ede5e5f6782d0d17be877ac54c09075ed841c7daeddf3395a210eab4335ed3bcb36fe1598dc94259da01363ad59d8dc384cb8fe469869c99849bd0d19e999b2e8f62d563a2dcea91347cdc754302a566d6d8b7de1368972acbf9cfbdc3db5b71ceed91d4e9613e9cbf5e1ca71f3bf3b25cdf1ce11e5843ff89da11b01cf0b27474847e4fd8e648244e0dc6b3b99b8089d418ec3d6d27aa68b96ef236cc10ce12fb9c2f"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_connmark={0xa4, 0x13, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x7, 0x3, 0x7, 0x2}, 0x5a}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0xdbc6, 0x20000000, 0x401, 0xdbc0}, 0x6a}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5a, 0x7a1e, 0x0, 0x7fff, 0x10000}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xf, 0x1, 0x4, 0x8001, 0xaf0a}, 0xa26}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ctinfo={0x44, 0x1d, 0x0, 0x0, {{0xb}, {0x4}, {0x15, 0x6, "95f1a3136266ea21c922430dca562277c4"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x354}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040800)
r0 = socket$caif_stream(0x25, 0x1, 0x5)
getsockname(r0, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
getsockopt$inet6_buf(r2, 0x29, 0x3d, &(0x7f0000000000)=""/172, &(0x7f00000000c0)=0xac)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000100)='cgroup.stat\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$BTRFS_IOC_DEV_REPLACE(r5, 0xca289435, &(0x7f0000002640)={0x1, 0x7fff, @status={[0xffffffffffff166e, 0x4, 0x6, 0x3, 0x5, 0x2]}, [0x7, 0xf, 0x2, 0x800, 0x3, 0xebe, 0x6, 0xedea00000, 0x3f9a, 0x6, 0x5, 0x0, 0x5, 0x6, 0xc, 0x3, 0x8, 0xfffffffffffffffd, 0x7, 0xfffffffffffeffff, 0x10000, 0x4, 0xfffffffffffffff8, 0x6, 0x3, 0x0, 0x3c, 0x0, 0xac, 0x6, 0x7fffffffffffffff, 0x5, 0x2, 0x1000000, 0xfaad, 0x4, 0x4, 0x97df, 0x800, 0x0, 0x9, 0x80, 0x3, 0x491e, 0xfffffffffffffff2, 0x8, 0x7ff, 0x0, 0x86, 0x7, 0xdff, 0x8, 0xfff, 0x0, 0x80000000, 0x9, 0x9, 0x101, 0x1, 0x5, 0x81, 0x8, 0xffffffffffffff92]})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r7, 0x400448c8, &(0x7f0000000340)={r6, r6, 0x8, 0x0, 0x0, 0x82, 0x47, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
shutdown(r6, 0x1)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$tun(r8, &(0x7f0000000000)=ANY=[], 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r8, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000700)={'ip6tnl0\x00', &(0x7f0000000880)={'syztnl2\x00', <r9=>0x0, 0x29, 0xdd, 0xf7, 0x840e, 0x14, @private1, @mcast1, 0x10, 0x7, 0x5, 0xc1}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x15, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x17}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd77}}, @generic={0xd, 0x8, 0xf, 0x8bd4, 0x9}]}, &(0x7f0000000300)='syzkaller\x00', 0xb, 0x3f, &(0x7f00000006c0)=""/63, 0x41000, 0x0, '\x00', r9, 0x0, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000780)={0x5, 0x7, 0x101, 0x8}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000900)=[{0x2, 0x2, 0x9, 0x5}], 0x10, 0x217, @void, @value}, 0x94)
ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000180)={@none, 0x5})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r10=>0x0})
bind$can_j1939(r1, &(0x7f0000000080)={0x1d, r10, 0x2, {0x1, 0x0, 0xc4871f0ce4545d69}}, 0x18)

2.028473009s ago: executing program 0 (id=2877):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @loopback}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x2a, {0x2, 0x0, @empty}, 'lo\x00'}) (fail_nth: 1)

1.890444881s ago: executing program 1 (id=2878):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x150, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x48, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xc0, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x48, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x194}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b000000", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

930.491266ms ago: executing program 0 (id=2879):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x150, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x40, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xc8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x6c, 0x2, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x194}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f40600", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

913.527691ms ago: executing program 4 (id=2880):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x130, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x48, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xa0, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x40, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x54, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}, {0x4}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x174}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

746.422339ms ago: executing program 1 (id=2881):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x100, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x3c, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x7c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x20, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x144}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

732.468712ms ago: executing program 0 (id=2882):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000b40)={'dummy0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000700)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1004}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vti={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VTI_LOCAL={0x8, 0x4, @multicast2}, @vti_common_policy=[@IFLA_VTI_OKEY={0x8}, @IFLA_VTI_IKEY={0x8, 0x2, 0x800}]]}}}]}, 0x48}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0xa2}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000740)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x3, 0x4, 0x4, 0xffffffff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400000000000000", @ANYBLOB="0198000000000000200012800800", @ANYRES32=r6], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r8 = getuid()
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000001a00)={{{@in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0xe}, 0x4e24, 0x3, 0x4e23, 0x8, 0xa, 0x0, 0xa0, 0x6, r6, r8}, {0x8000000000000001, 0x1ff, 0xce2d, 0xffffffff, 0xb, 0x2c, 0x362, 0x567}, {0x6, 0x2, 0x200, 0x2}, 0x1, 0x6e6bba, 0x0, 0x1, 0x5}, {{@in6=@empty, 0x4d6, 0x32}, 0xa, @in=@initdev={0xac, 0x1e, 0xa, 0x0}, 0x0, 0x3, 0x1, 0xf1, 0x9, 0x100, 0xff}}, 0xe8)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r3)
recvmmsg(r3, &(0x7f0000008200)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/153, 0x99}, {&(0x7f00000009c0)=""/4110, 0x100e}, {&(0x7f0000000640)=""/211, 0xd3}], 0x3}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000380)=""/172, 0xac}, {&(0x7f0000001f40)=""/223, 0xdf}, {&(0x7f0000000980)=""/51, 0x33}, {&(0x7f0000001e00)=""/78, 0x4e}, {&(0x7f0000002d40)=""/4115, 0x1013}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f0000004d80)=""/4096, 0x1000}], 0x8}, 0x80000000}, {{0x0, 0x0, 0x0, 0x2a}, 0x3}], 0x5, 0x12002, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115, 0x2081}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x6}, @IFLA_BOND_ACTIVE_SLAVE={0x8}, @IFLA_BOND_MODE={0x5, 0x1, 0x6}]}}}]}, 0x4c}}, 0x28000000)

638.299748ms ago: executing program 1 (id=2883):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000140000001400000005000000000000000100000de9ae01500b01279750c2e20a00"], &(0x7f0000000f40)=""/4089, 0x31, 0xff9, 0x1, 0x0, 0x0, @void, @value}, 0x28)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x30, r3, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_PID={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x800)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r4, 0xc0096616, &(0x7f0000000300)={0x1, [0x0]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@hci={0x1f, 0x7, 0x31}, 0x80, &(0x7f0000000500)=[{&(0x7f00000000c0)="b8b28225ea772f0daee8c7c98100", 0x5e8}], 0x5b}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000022c0)=@delchain={0x24, 0x65, 0x2, 0x70bd27, 0x25dfdbf8, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x240408f0}, 0x20000080)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

620.624406ms ago: executing program 4 (id=2884):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
socket(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000700fc000000080011000700000008000e00800000000800", @ANYRES32=r2], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

503.137237ms ago: executing program 4 (id=2885):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000003e000701fefffffffcffffff047c000008004280040008000c00018008000600", @ANYRES32=r2, @ANYBLOB="02eab86c2d70699c5ccaa78b4678ffec25b43d0e019749056cd99b288e4d96cc031b1a5a1fdcb58f0868dfa2dcf05e6c15b19f20f6c03455"], 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000440)={0x144, r1, 0x341, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "089e87664427dc79ce0d8f890a08dc63ac287367a72d62ba096eed7e447a8e"}}]}, @TIPC_NLA_SOCK={0xe4, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x92c0}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xa}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1289}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9d}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10001}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x401}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x481}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}]}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000814}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x41, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
accept4(r3, 0x0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback=r2, 0x1, 0x1, 0x61, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0], &(0x7f0000000140), <r5=>0x0}, 0x40)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r6=>0x0})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r7=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r7, 0x4)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={@ifindex=r6, 0xffffffffffffffff, 0xd, 0x2020, 0x0, @void, @void, @value=r7, @void, r5}, 0x20)

0s ago: executing program 0 (id=2886):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="030000000300"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd94873b51", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x1, &(0x7f0000000f40)=""/4096, &(0x7f0000000080)=0x1000)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf2501000000000000000141000086e089506ffe42b35a001000170000000e0000000669623a00"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x3d, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x150, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_red={{0x8}, {0x124, 0x2, [@TCA_RED_STAB={0x104, 0x2, "f01bbe0327cc4c7cbbb221a7180b8a1a1224c372b06873a6779e5d229187ed1816099aaf42dc5cfb685028fb133783fa45a91bae6c2b461a671dfb0181c9b33855c6c2e706765bc6c9986520c191dae72f744d86ca41d48997092ba23478567e52dfbabafcd0d82c21cdca422800db9bd9e4fdb70b1bc2e57538219f1790fbe3894b8ea44352e2e405f85f05c5f742a4890a489f3940ff31938fc3c659fc3dd32f4f11d2ca4032d8602173d6db33eea09fea5c345a03434474429549c49e140adb6ebc34dde37acd203541bb0107a206b843fbffd77972a3ef4867010bf3a6b6749e79ed02237fba39e2d4d4ef3adb2ed958d1126c0c20324992cac37ecdd623"}, @TCA_RED_MAX_P={0x8, 0x3, 0x7}, @TCA_RED_PARMS={0x14, 0x1, {0x4, 0x10001, 0xe11, 0xf, 0x1, 0x5, 0x3}}]}}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000002}, 0x20004004)
clock_gettime(0x0, &(0x7f00000000c0)={<r6=>0x0, <r7=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x1d, r5}, 0x10, &(0x7f0000000100)={&(0x7f0000000180)={0x7, 0x500, 0x2, {r6, r7/1000+60000}, {}, {0x2, 0x0, 0x1}, 0x1, @canfd={{0x0, 0x0, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "147d1810d86fb493fea10f9f617db1c2f685645975393b7d0b004892c1ff1aab159ad674f8c1dfd946126992354848816dc73f45a7125255d770bfce634288f4"}}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x40000)

kernel console output (not intermixed with test programs):

613141][ T9412] 424684 pages reserved
[  195.621919][ T9412] 0 pages cma reserved
[  195.898038][ T9456] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1339'.
[  196.189741][ T9468] netlink: 232 bytes leftover after parsing attributes in process `syz.3.1345'.
[  196.553142][ T9482] netlink: 'syz.0.1351': attribute type 1 has an invalid length.
[  196.589876][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1351'.
[  196.636736][ T9482] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1351'.
[  196.809632][ T5857] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  196.934760][ T9503] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1360'.
[  197.028372][ T5857] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  197.056583][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1361'.
[  197.067814][ T9505] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1361'.
[  197.201551][ T9514] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1365'.
[  198.127848][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888033984000: rx timeout, send abort
[  198.184074][ T9554] netlink: 'syz.4.1381': attribute type 4 has an invalid length.
[  198.228291][ T9554] netlink: 'syz.4.1381': attribute type 4 has an invalid length.
[  198.432680][ T9565] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  198.567527][ T9573] FAULT_INJECTION: forcing a failure.
[  198.567527][ T9573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  198.592137][ T9573] CPU: 1 UID: 0 PID: 9573 Comm: syz.4.1388 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  198.592163][ T9573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.592173][ T9573] Call Trace:
[  198.592180][ T9573]  <TASK>
[  198.592187][ T9573]  dump_stack_lvl+0x189/0x250
[  198.592217][ T9573]  ? __pfx____ratelimit+0x10/0x10
[  198.592241][ T9573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.592264][ T9573]  ? __pfx__printk+0x10/0x10
[  198.592283][ T9573]  ? __might_fault+0xb0/0x130
[  198.592311][ T9573]  should_fail_ex+0x414/0x560
[  198.592337][ T9573]  _copy_to_iter+0x575/0x16f0
[  198.592369][ T9573]  ? __pfx__copy_to_iter+0x10/0x10
[  198.592390][ T9573]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  198.592418][ T9573]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  198.592448][ T9573]  __skb_datagram_iter+0xf8/0x990
[  198.592472][ T9573]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  198.592504][ T9573]  skb_copy_datagram_iter+0xc5/0x230
[  198.592530][ T9573]  netlink_recvmsg+0x2ab/0xa30
[  198.592561][ T9573]  ? __pfx_netlink_recvmsg+0x10/0x10
[  198.592585][ T9573]  ? aa_sock_msg_perm+0x94/0x160
[  198.592605][ T9573]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  198.592625][ T9573]  ? security_socket_recvmsg+0x7e/0x2e0
[  198.592648][ T9573]  ? __pfx_netlink_recvmsg+0x10/0x10
[  198.592668][ T9573]  sock_recvmsg+0x229/0x270
[  198.592688][ T9573]  ____sys_recvmsg+0x1c9/0x460
[  198.592719][ T9573]  ? __pfx_____sys_recvmsg+0x10/0x10
[  198.592755][ T9573]  ? import_iovec+0x74/0xa0
[  198.592775][ T9573]  ___sys_recvmsg+0x1b5/0x510
[  198.592803][ T9573]  ? __pfx____sys_recvmsg+0x10/0x10
[  198.592847][ T9573]  ? __fget_files+0x3a0/0x420
[  198.592875][ T9573]  do_recvmmsg+0x307/0x770
[  198.592913][ T9573]  ? __pfx_do_recvmmsg+0x10/0x10
[  198.592947][ T9573]  ? _copy_from_user+0x94/0xb0
[  198.592977][ T9573]  __x64_sys_recvmmsg+0x1af/0x240
[  198.593013][ T9573]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  198.593033][ T9573]  ? rcu_is_watching+0x15/0xb0
[  198.593062][ T9573]  ? do_syscall_64+0xbe/0x3b0
[  198.593083][ T9573]  do_syscall_64+0xfa/0x3b0
[  198.593098][ T9573]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.593120][ T9573]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.593135][ T9573]  ? clear_bhb_loop+0x60/0xb0
[  198.593154][ T9573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.593167][ T9573] RIP: 0033:0x7f4f38b8e929
[  198.593181][ T9573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.593194][ T9573] RSP: 002b:00007f4f3995f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  198.593209][ T9573] RAX: ffffffffffffffda RBX: 00007f4f38db5fa0 RCX: 00007f4f38b8e929
[  198.593219][ T9573] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  198.593229][ T9573] RBP: 00007f4f3995f090 R08: 0000200000003700 R09: 0000000000000000
[  198.593239][ T9573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  198.593247][ T9573] R13: 0000000000000000 R14: 00007f4f38db5fa0 R15: 00007ffc1b988f38
[  198.593269][ T9573]  </TASK>
[  198.628057][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888033984800: rx timeout, send abort
[  198.903780][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888033984000: abort rx timeout. Force session deactivation
[  198.928159][ T5156] Bluetooth: hci4: command 0x0405 tx timeout
[  199.246848][ T9594] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1396'.
[  199.258660][ T9594] openvswitch: netlink: Flow actions attr not present in new flow.
[  199.352234][ T9593] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  199.401508][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888033984800: abort rx timeout. Force session deactivation
[  199.772005][ T9607] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1400'.
[  199.800370][ T9607] openvswitch: netlink: Flow actions attr not present in new flow.
[  199.872170][ T9607] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  200.605540][ T9646] macsec2: entered promiscuous mode
[  200.969304][ T9661] __nla_validate_parse: 1 callbacks suppressed
[  200.969322][ T9661] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1417'.
[  201.010193][ T9661] openvswitch: netlink: Flow actions attr not present in new flow.
[  201.064151][ T9661] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  201.419641][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  201.588844][ T9689] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1429'.
[  201.696175][ T9690] netlink: 'syz.4.1430': attribute type 4 has an invalid length.
[  202.600071][ T9740] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1449'.
[  203.968530][ T9771] gretap0: entered promiscuous mode
[  203.981229][ T9769] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1461'.
[  204.069652][ T9731] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  204.080257][ T9731] hsr0: left allmulticast mode
[  204.085153][ T9731] hsr_slave_0: left allmulticast mode
[  204.108438][ T9731] hsr_slave_1: left allmulticast mode
[  204.114989][ T9731] hsr0: left promiscuous mode
[  204.143440][ T9731] macvlan2: left promiscuous mode
[  204.150466][ T9731] macvlan2: left allmulticast mode
[  204.449680][ T9793] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1468'.
[  204.463302][ T9793] openvswitch: netlink: Flow actions attr not present in new flow.
[  204.569308][ T9794] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  204.669386][ T9798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  204.884391][ T9803] team_slave_0: entered promiscuous mode
[  204.890184][ T9803] team_slave_1: entered promiscuous mode
[  204.916788][ T9803] vlan2: entered promiscuous mode
[  204.926273][ T9803] team0: entered promiscuous mode
[  205.171459][ T9817] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) !
[  205.213368][ T9817] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1479'.
[  205.564501][ T9828] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1484'.
[  205.626055][ T9828] openvswitch: netlink: Flow actions attr not present in new flow.
[  205.673946][ T9828] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  205.955908][ T9851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1493'.
[  206.096733][ T9859] netlink: 'syz.3.1493': attribute type 10 has an invalid length.
[  206.124143][ T9863] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1497'.
[  206.266204][ T9851] team0 (unregistering): Port device team_slave_0 removed
[  206.282080][ T9851] team0 (unregistering): Port device team_slave_1 removed
[  206.290561][ T9851] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  206.299981][ T9851] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  206.308940][ T9851] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  206.317808][ T9851] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  206.332169][ T9851] team0 (unregistering): Port device vxlan0 removed
[  206.367523][ T9859] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  206.748939][ T9879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1505'.
[  206.767599][ T9879] netlink: 'syz.2.1505': attribute type 8 has an invalid length.
[  207.222220][ T9901] netlink: 9280 bytes leftover after parsing attributes in process `syz.3.1514'.
[  207.319124][ T9907] sctp: [Deprecated]: syz.2.1516 (pid 9907) Use of int in max_burst socket option.
[  207.319124][ T9907] Use struct sctp_assoc_value instead
[  207.414191][ T9907] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.421865][ T9907] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.439986][ T9907] bridge0: entered promiscuous mode
[  207.471494][ T9916] netlink: 'syz.3.1520': attribute type 10 has an invalid length.
[  207.515666][ T9916] macvlan0: entered allmulticast mode
[  208.025404][ T9942] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.025404][ T9946] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.165722][ T9953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1533'.
[  208.487917][ T9968] lo speed is unknown, defaulting to 1000
[  208.526092][ T9968] lo speed is unknown, defaulting to 1000
[  208.557287][ T9968] lo speed is unknown, defaulting to 1000
[  208.626490][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1538'.
[  208.660605][ T9968] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  208.722588][ T9968] lo speed is unknown, defaulting to 1000
[  208.731370][ T9968] lo speed is unknown, defaulting to 1000
[  208.740953][ T9968] lo speed is unknown, defaulting to 1000
[  208.751289][ T9968] lo speed is unknown, defaulting to 1000
[  208.759334][ T9968] lo speed is unknown, defaulting to 1000
[  208.972037][ T9988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1545'.
[  209.246739][T10000] gretap0: left promiscuous mode
[  209.293432][T10000] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.300860][T10000] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.424758][T10000] batadv_slave_0: left promiscuous mode
[  209.435056][T10000] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  209.500058][T10000] macvlan0: left allmulticast mode
[  209.524027][T10000] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  209.533839][T10000] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  209.543471][T10000] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  209.552636][T10000] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  209.583009][T10000] veth2: left allmulticast mode
[  209.589785][T10000] veth4: left allmulticast mode
[  209.595428][T10000] macvlan2: left promiscuous mode
[  209.600912][T10000] macvlan2: left allmulticast mode
[  209.608759][T10000] hsr0: left allmulticast mode
[  209.613716][T10000] hsr_slave_0: left allmulticast mode
[  209.619475][T10000] hsr_slave_1: left allmulticast mode
[  209.625200][T10000] macvlan3: left promiscuous mode
[  209.630309][T10000] macvlan3: left allmulticast mode
[  209.636873][T10002] netlink: 'syz.0.1550': attribute type 30 has an invalid length.
[  210.036243][T10020] lo speed is unknown, defaulting to 1000
[  210.124809][T10027] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1559'.
[  210.556666][T10043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1565'.
[  210.605932][T10043] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1565'.
[  210.832163][T10052] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1569'.
[  210.861617][T10052] openvswitch: netlink: Flow actions attr not present in new flow.
[  210.893400][T10052] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  211.618427][T10076] lo speed is unknown, defaulting to 1000
[  211.696124][T10085] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1582'.
[  211.748996][T10085] openvswitch: netlink: Flow actions attr not present in new flow.
[  211.825500][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  211.825512][ T5840] Bluetooth: hci1: command 0x0406 tx timeout
[  211.837740][ T5843] Bluetooth: hci2: command 0x0406 tx timeout
[  211.894371][T10085] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  212.053190][T10098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1584'.
[  212.063071][T10098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1584'.
[  212.407333][T10104] xt_l2tp: missing protocol rule (udp|l2tpip)
[  212.950027][T10125] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1595'.
[  213.077560][T10129] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1596'.
[  213.188360][T10129] 8021q: VLANs not supported on gre0
[  213.351808][T10137] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1599'.
[  213.381399][T10137] openvswitch: netlink: Flow actions attr not present in new flow.
[  213.477903][T10137] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  213.553713][T10141] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1601'.
[  213.760622][T10146] sctp: [Deprecated]: syz.0.1604 (pid 10146) Use of int in max_burst socket option.
[  213.760622][T10146] Use struct sctp_assoc_value instead
[  213.824520][T10146] bridge0: entered promiscuous mode
[  214.266792][T10171] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1614'.
[  214.278194][T10171] openvswitch: netlink: Flow actions attr not present in new flow.
[  214.314447][T10171] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  214.545070][T10187] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1619'.
[  214.556862][T10189] netlink: 'syz.0.1623': attribute type 1 has an invalid length.
[  214.574233][T10189] netlink: 208 bytes leftover after parsing attributes in process `syz.0.1623'.
[  214.590512][T10189] netlink: 'syz.0.1623': attribute type 1 has an invalid length.
[  214.595235][T10187] 8021q: VLANs not supported on gre0
[  214.604165][T10189] netlink: 'syz.0.1623': attribute type 2 has an invalid length.
[  214.911891][T10202] netlink: 'syz.3.1628': attribute type 7 has an invalid length.
[  214.928494][T10202] netlink: 'syz.3.1628': attribute type 8 has an invalid length.
[  214.936256][T10202] netlink: 'syz.3.1628': attribute type 15 has an invalid length.
[  214.994251][T10202] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  215.300378][T10213] openvswitch: netlink: Flow actions attr not present in new flow.
[  215.345066][T10213] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  215.676038][T10228] batadv_slave_0: entered promiscuous mode
[  215.745352][T10223] netlink: 'syz.0.1637': attribute type 8 has an invalid length.
[  216.118590][T10245] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  216.119263][T10244] netlink: 'syz.0.1645': attribute type 1 has an invalid length.
[  216.606540][T10255] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.632233][T10255] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  216.672010][T10255] batadv_slave_0: entered promiscuous mode
[  216.763021][T10257] ip6gretap0: entered promiscuous mode
[  216.785567][T10257] vlan2: entered promiscuous mode
[  217.465401][T10285] __nla_validate_parse: 6 callbacks suppressed
[  217.465418][T10285] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1660'.
[  217.641798][T10290] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  217.649448][T10290] IPv6: NLM_F_CREATE should be set when creating new route
[  217.656781][T10290] IPv6: NLM_F_CREATE should be set when creating new route
[  217.853402][T10303] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  217.920921][T10291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  217.960263][T10309] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1664'.
[  217.973227][T10309] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1664'.
[  218.282982][T10322] netlink: 'syz.3.1673': attribute type 72 has an invalid length.
[  218.305378][T10323] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  218.318698][T10323] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  218.336819][T10323] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  218.356976][T10323] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  218.376144][T10323] geneve2: entered promiscuous mode
[  218.410941][T10323] geneve2: entered allmulticast mode
[  218.418383][T10323] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  218.427363][T10323] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  218.436552][T10323] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  218.446466][T10323] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  218.852433][T10341] macsec1: entered promiscuous mode
[  219.116969][T10354] netlink: 'syz.4.1687': attribute type 72 has an invalid length.
[  219.798987][T10385] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1702'.
[  220.078554][T10401] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1708'.
[  220.407104][T10416] netlink: 'syz.0.1716': attribute type 72 has an invalid length.
[  220.478395][T10421] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1718'.
[  220.694867][T10429] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1722'.
[  220.924001][T10439] xt_ipcomp: unknown flags F7
[  220.935291][T10439] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1727'.
[  221.014844][T10441] macsec1: entered promiscuous mode
[  221.326630][T10451] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1732'.
[  221.410956][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1736'.
[  221.937420][T10480] ipvlan2: entered promiscuous mode
[  222.169436][T10490] netlink: 'syz.1.1747': attribute type 72 has an invalid length.
[  222.547802][T10507] __nla_validate_parse: 3 callbacks suppressed
[  222.547820][T10507] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1755'.
[  222.590185][T10507] openvswitch: netlink: Flow actions attr not present in new flow.
[  222.596384][T10511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1757'.
[  222.651734][T10507] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  222.674365][T10511] syzkaller1: entered promiscuous mode
[  222.687273][T10511] syzkaller1: entered allmulticast mode
[  222.842827][T10522] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1761'.
[  223.489751][T10549] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1775'.
[  223.640593][T10553] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1776'.
[  223.719685][T10556] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1773'.
[  223.739115][T10556] openvswitch: netlink: Flow actions attr not present in new flow.
[  223.813934][T10556] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  223.908693][T10566] FAULT_INJECTION: forcing a failure.
[  223.908693][T10566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.932845][T10566] CPU: 1 UID: 0 PID: 10566 Comm: syz.0.1782 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  223.932870][T10566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  223.932880][T10566] Call Trace:
[  223.932887][T10566]  <TASK>
[  223.932895][T10566]  dump_stack_lvl+0x189/0x250
[  223.932923][T10566]  ? __pfx____ratelimit+0x10/0x10
[  223.932943][T10566]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.932963][T10566]  ? __pfx__printk+0x10/0x10
[  223.932981][T10566]  ? __might_fault+0xb0/0x130
[  223.933010][T10566]  should_fail_ex+0x414/0x560
[  223.933035][T10566]  _copy_to_iter+0x575/0x16f0
[  223.933069][T10566]  ? __pfx__copy_to_iter+0x10/0x10
[  223.933089][T10566]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  223.933120][T10566]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  223.933150][T10566]  __skb_datagram_iter+0xf8/0x990
[  223.933173][T10566]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  223.933205][T10566]  skb_copy_datagram_iter+0xc5/0x230
[  223.933234][T10566]  netlink_recvmsg+0x2ab/0xa30
[  223.933264][T10566]  ? __pfx_netlink_recvmsg+0x10/0x10
[  223.933288][T10566]  ? aa_sock_msg_perm+0x94/0x160
[  223.933312][T10566]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  223.933332][T10566]  ? security_socket_recvmsg+0x7e/0x2e0
[  223.933365][T10566]  ? __pfx_netlink_recvmsg+0x10/0x10
[  223.933385][T10566]  sock_recvmsg+0x229/0x270
[  223.933408][T10566]  ____sys_recvmsg+0x1c9/0x460
[  223.933441][T10566]  ? __pfx_____sys_recvmsg+0x10/0x10
[  223.933480][T10566]  ? import_iovec+0x74/0xa0
[  223.933501][T10566]  ___sys_recvmsg+0x1b5/0x510
[  223.933530][T10566]  ? __pfx____sys_recvmsg+0x10/0x10
[  223.933579][T10566]  ? __fget_files+0x3a0/0x420
[  223.933608][T10566]  do_recvmmsg+0x307/0x770
[  223.933642][T10566]  ? __pfx_do_recvmmsg+0x10/0x10
[  223.933678][T10566]  ? _copy_from_user+0x94/0xb0
[  223.933712][T10566]  __x64_sys_recvmmsg+0x1af/0x240
[  223.933739][T10566]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  223.933760][T10566]  ? rcu_is_watching+0x15/0xb0
[  223.933790][T10566]  ? do_syscall_64+0xbe/0x3b0
[  223.933812][T10566]  do_syscall_64+0xfa/0x3b0
[  223.933826][T10566]  ? lockdep_hardirqs_on+0x9c/0x150
[  223.933850][T10566]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.933868][T10566]  ? clear_bhb_loop+0x60/0xb0
[  223.933889][T10566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.933906][T10566] RIP: 0033:0x7fd3f838e929
[  223.933922][T10566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.933938][T10566] RSP: 002b:00007fd3f91af038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  223.933957][T10566] RAX: ffffffffffffffda RBX: 00007fd3f85b5fa0 RCX: 00007fd3f838e929
[  223.933970][T10566] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  223.933982][T10566] RBP: 00007fd3f91af090 R08: 0000200000003700 R09: 0000000000000000
[  223.933994][T10566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.934005][T10566] R13: 0000000000000000 R14: 00007fd3f85b5fa0 R15: 00007fff68c6eb78
[  223.934034][T10566]  </TASK>
[  224.441897][T10580] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  224.513688][T10578] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1785'.
[  224.552594][T10586] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1789'.
[  224.840012][T10602] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1792'.
[  225.083744][T10612] tc_dump_action: action bad kind
[  225.100201][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  225.296167][T10621] netlink: 'syz.4.1805': attribute type 72 has an invalid length.
[  225.338983][T10623] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1804'.
[  225.454156][T10627] FAULT_INJECTION: forcing a failure.
[  225.454156][T10627] name failslab, interval 1, probability 0, space 0, times 0
[  225.488478][T10627] CPU: 1 UID: 0 PID: 10627 Comm: syz.2.1807 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  225.488506][T10627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  225.488517][T10627] Call Trace:
[  225.488523][T10627]  <TASK>
[  225.488530][T10627]  dump_stack_lvl+0x189/0x250
[  225.488558][T10627]  ? __pfx____ratelimit+0x10/0x10
[  225.488582][T10627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.488604][T10627]  ? __pfx__printk+0x10/0x10
[  225.488626][T10627]  ? __ip_dev_find+0x444/0x4e0
[  225.488651][T10627]  should_fail_ex+0x414/0x560
[  225.488675][T10627]  should_failslab+0xa8/0x100
[  225.488696][T10627]  kmem_cache_alloc_noprof+0x73/0x3c0
[  225.488721][T10627]  ? dst_alloc+0x105/0x170
[  225.488748][T10627]  dst_alloc+0x105/0x170
[  225.488768][T10627]  ? ip_check_mc_rcu+0x4c7/0x680
[  225.488793][T10627]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[  225.488827][T10627]  ? ip_route_output_key_hash+0xde/0x2e0
[  225.488854][T10627]  ip_route_output_key_hash+0x1b9/0x2e0
[  225.488880][T10627]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  225.488916][T10627]  ? __lock_acquire+0xab9/0xd20
[  225.488944][T10627]  ip_route_output_flow+0x2a/0x150
[  225.488965][T10627]  ? security_sk_classify_flow+0x70/0x180
[  225.488987][T10627]  __ip4_datagram_connect+0x99d/0x1260
[  225.489032][T10627]  udp_connect+0x33/0x1f0
[  225.489056][T10627]  __sys_connect+0x313/0x440
[  225.489077][T10627]  ? __fget_files+0x3a0/0x420
[  225.489096][T10627]  ? __pfx___sys_connect+0x10/0x10
[  225.489130][T10627]  ? __pfx_ksys_write+0x10/0x10
[  225.489144][T10627]  ? rcu_is_watching+0x15/0xb0
[  225.489176][T10627]  __x64_sys_connect+0x7a/0x90
[  225.489198][T10627]  do_syscall_64+0xfa/0x3b0
[  225.489212][T10627]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.489236][T10627]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.489253][T10627]  ? clear_bhb_loop+0x60/0xb0
[  225.489274][T10627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.489291][T10627] RIP: 0033:0x7fb56738e929
[  225.489307][T10627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.489322][T10627] RSP: 002b:00007fb56817e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  225.489342][T10627] RAX: ffffffffffffffda RBX: 00007fb5675b5fa0 RCX: 00007fb56738e929
[  225.489355][T10627] RDX: 0000000000000010 RSI: 0000200000000480 RDI: 0000000000000008
[  225.489366][T10627] RBP: 00007fb56817e090 R08: 0000000000000000 R09: 0000000000000000
[  225.489377][T10627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.489387][T10627] R13: 0000000000000000 R14: 00007fb5675b5fa0 R15: 00007ffda8e74a78
[  225.489416][T10627]  </TASK>
[  226.066210][T10646] netlink: 'syz.1.1815': attribute type 1 has an invalid length.
[  226.137976][T10646] 8021q: adding VLAN 0 to HW filter on device bond2
[  226.214288][T10650] bond2: (slave veth3): Enslaving as an active interface with a down link
[  226.264921][T10649] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8
[  226.293397][T10651] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  226.500053][T10663] lo speed is unknown, defaulting to 1000
[  226.737026][T10673] macvtap1: entered promiscuous mode
[  226.748646][T10673] macvtap1: entered allmulticast mode
[  226.765931][T10673] hsr0: entered allmulticast mode
[  226.779819][T10673] hsr_slave_0: entered allmulticast mode
[  226.795809][T10673] hsr_slave_1: entered allmulticast mode
[  227.080883][T10663] netlink: 'syz.2.1820': attribute type 39 has an invalid length.
[  227.174641][T10683] netlink: 'syz.2.1820': attribute type 6 has an invalid length.
[  227.325412][T10699] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  227.742160][T10716] lo speed is unknown, defaulting to 1000
[  227.954686][T10728] __nla_validate_parse: 1 callbacks suppressed
[  227.954707][T10728] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1845'.
[  227.977023][T10725] 8021q: adding VLAN 0 to HW filter on device bond3
[  228.048223][T10733] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1848'.
[  228.446652][T10747] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1854'.
[  228.498596][T10750] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1856'.
[  228.574112][T10750] batman_adv: batadv0: Removing interface: batadv_slave_0
[  228.587603][T10750] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  228.595579][T10750] batman_adv: batadv0: Removing interface: batadv_slave_1
[  228.756327][T10758] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1859'.
[  228.775324][T10761] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1860'.
[  228.998854][T10768] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1863'.
[  229.033725][T10768] openvswitch: netlink: Flow actions attr not present in new flow.
[  229.049879][T10773] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1865'.
[  229.112873][T10768] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  229.525995][T10796] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1874'.
[  229.554598][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.566765][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.593615][T10798] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1876'.
[  229.779894][ T5924] IPVS: starting estimator thread 0...
[  229.792298][T10806] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  229.880993][T10809] IPVS: using max 28 ests per chain, 67200 per kthread
[  232.391727][T10888] netlink: 'syz.3.1910': attribute type 10 has an invalid length.
[  233.136128][T10923] FAULT_INJECTION: forcing a failure.
[  233.136128][T10923] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.158302][T10923] CPU: 0 UID: 0 PID: 10923 Comm: syz.0.1923 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  233.158328][T10923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  233.158340][T10923] Call Trace:
[  233.158347][T10923]  <TASK>
[  233.158354][T10923]  dump_stack_lvl+0x189/0x250
[  233.158385][T10923]  ? __pfx____ratelimit+0x10/0x10
[  233.158411][T10923]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.158436][T10923]  ? __pfx__printk+0x10/0x10
[  233.158455][T10923]  ? __might_fault+0xb0/0x130
[  233.158484][T10923]  should_fail_ex+0x414/0x560
[  233.158512][T10923]  _copy_to_iter+0x575/0x16f0
[  233.158548][T10923]  ? __pfx__copy_to_iter+0x10/0x10
[  233.158576][T10923]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  233.158607][T10923]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  233.158637][T10923]  __skb_datagram_iter+0xf8/0x990
[  233.158664][T10923]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  233.158698][T10923]  skb_copy_datagram_iter+0xc5/0x230
[  233.158726][T10923]  netlink_recvmsg+0x2ab/0xa30
[  233.158757][T10923]  ? __pfx_netlink_recvmsg+0x10/0x10
[  233.158782][T10923]  ? aa_sock_msg_perm+0x94/0x160
[  233.158806][T10923]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  233.158826][T10923]  ? security_socket_recvmsg+0x7e/0x2e0
[  233.158851][T10923]  ? __pfx_netlink_recvmsg+0x10/0x10
[  233.158872][T10923]  sock_recvmsg+0x229/0x270
[  233.158895][T10923]  ____sys_recvmsg+0x1c9/0x460
[  233.158927][T10923]  ? __pfx_____sys_recvmsg+0x10/0x10
[  233.158967][T10923]  ? import_iovec+0x74/0xa0
[  233.158989][T10923]  ___sys_recvmsg+0x1b5/0x510
[  233.159018][T10923]  ? __pfx____sys_recvmsg+0x10/0x10
[  233.159067][T10923]  ? __fget_files+0x3a0/0x420
[  233.159098][T10923]  do_recvmmsg+0x307/0x770
[  233.159131][T10923]  ? __pfx_do_recvmmsg+0x10/0x10
[  233.159168][T10923]  ? _copy_from_user+0x94/0xb0
[  233.159205][T10923]  __x64_sys_recvmmsg+0x1af/0x240
[  233.159231][T10923]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  233.159253][T10923]  ? rcu_is_watching+0x15/0xb0
[  233.159287][T10923]  ? do_syscall_64+0xbe/0x3b0
[  233.159309][T10923]  do_syscall_64+0xfa/0x3b0
[  233.159324][T10923]  ? lockdep_hardirqs_on+0x9c/0x150
[  233.159453][T10923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.159472][T10923]  ? clear_bhb_loop+0x60/0xb0
[  233.159494][T10923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.159512][T10923] RIP: 0033:0x7fd3f838e929
[  233.159530][T10923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.159545][T10923] RSP: 002b:00007fd3f91af038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  233.159565][T10923] RAX: ffffffffffffffda RBX: 00007fd3f85b5fa0 RCX: 00007fd3f838e929
[  233.159588][T10923] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  233.159601][T10923] RBP: 00007fd3f91af090 R08: 0000200000003700 R09: 0000000000000000
[  233.159613][T10923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  233.159624][T10923] R13: 0000000000000000 R14: 00007fd3f85b5fa0 R15: 00007fff68c6eb78
[  233.159658][T10923]  </TASK>
[  233.615710][T10931] netlink: 'syz.3.1929': attribute type 9 has an invalid length.
[  233.737503][T10931] netlink: 'syz.3.1929': attribute type 7 has an invalid length.
[  233.769884][T10936] batadv0: entered promiscuous mode
[  233.782757][T10931] netlink: 'syz.3.1929': attribute type 8 has an invalid length.
[  233.885624][T10939] __nla_validate_parse: 5 callbacks suppressed
[  233.885642][T10939] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1931'.
[  234.157898][T10948] lo speed is unknown, defaulting to 1000
[  234.513741][T10965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1939'.
[  234.772154][T10968] No such timeout policy "syz0"
[  234.799217][T10953] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1935'.
[  234.840975][T10953] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1935'.
[  234.885946][T10953] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  234.898329][T10953] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  234.945035][T10953] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  234.970831][T10953] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  235.012649][T10986] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1948'.
[  235.634631][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888056dbbc00: rx timeout, send abort
[  235.745268][T11018] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1964'.
[  235.864750][T11018] netlink: 'syz.3.1964': attribute type 2 has an invalid length.
[  235.891566][T11018] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1964'.
[  235.978454][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  236.024504][T11032] xt_bpf: check failed: parse error
[  236.039571][T11028] lo speed is unknown, defaulting to 1000
[  236.050736][T11031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  236.050871][T11029] lo speed is unknown, defaulting to 1000
[  236.066179][T11030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  236.134780][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888056dbb800: rx timeout, send abort
[  236.143876][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888056dbbc00: abort rx timeout. Force session deactivation
[  236.495196][T11045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1975'.
[  236.504804][T11045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1975'.
[  236.515819][T11045] netlink: 4612 bytes leftover after parsing attributes in process `syz.4.1975'.
[  236.643316][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888056dbb800: abort rx timeout. Force session deactivation
[  237.793608][T11094] FAULT_INJECTION: forcing a failure.
[  237.793608][T11094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  237.854022][T11094] CPU: 0 UID: 0 PID: 11094 Comm: syz.4.1990 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  237.854049][T11094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  237.854060][T11094] Call Trace:
[  237.854067][T11094]  <TASK>
[  237.854075][T11094]  dump_stack_lvl+0x189/0x250
[  237.854104][T11094]  ? __pfx____ratelimit+0x10/0x10
[  237.854129][T11094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.854154][T11094]  ? __pfx__printk+0x10/0x10
[  237.854187][T11094]  should_fail_ex+0x414/0x560
[  237.854212][T11094]  _copy_to_iter+0x575/0x16f0
[  237.854249][T11094]  ? __pfx__copy_to_iter+0x10/0x10
[  237.854270][T11094]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  237.854301][T11094]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  237.854335][T11094]  __skb_datagram_iter+0xf8/0x990
[  237.854360][T11094]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  237.854394][T11094]  skb_copy_datagram_iter+0xc5/0x230
[  237.854422][T11094]  netlink_recvmsg+0x2ab/0xa30
[  237.854453][T11094]  ? __pfx_netlink_recvmsg+0x10/0x10
[  237.854478][T11094]  ? aa_sock_msg_perm+0x94/0x160
[  237.854501][T11094]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  237.854522][T11094]  ? security_socket_recvmsg+0x7e/0x2e0
[  237.854547][T11094]  ? __pfx_netlink_recvmsg+0x10/0x10
[  237.854567][T11094]  sock_recvmsg+0x229/0x270
[  237.854589][T11094]  ____sys_recvmsg+0x1c9/0x460
[  237.854620][T11094]  ? __pfx_____sys_recvmsg+0x10/0x10
[  237.854657][T11094]  ? import_iovec+0x74/0xa0
[  237.854678][T11094]  ___sys_recvmsg+0x1b5/0x510
[  237.854707][T11094]  ? __pfx____sys_recvmsg+0x10/0x10
[  237.854755][T11094]  ? __fget_files+0x3a0/0x420
[  237.854785][T11094]  do_recvmmsg+0x307/0x770
[  237.854899][T11094]  ? __pfx_do_recvmmsg+0x10/0x10
[  237.854935][T11094]  ? _copy_from_user+0x94/0xb0
[  237.854968][T11094]  __x64_sys_recvmmsg+0x1af/0x240
[  237.854995][T11094]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  237.855017][T11094]  ? rcu_is_watching+0x15/0xb0
[  237.855047][T11094]  ? do_syscall_64+0xbe/0x3b0
[  237.855065][T11094]  do_syscall_64+0xfa/0x3b0
[  237.855151][T11094]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.855175][T11094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.855190][T11094]  ? clear_bhb_loop+0x60/0xb0
[  237.855210][T11094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.855227][T11094] RIP: 0033:0x7f4f38b8e929
[  237.855245][T11094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.855260][T11094] RSP: 002b:00007f4f3995f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  237.855279][T11094] RAX: ffffffffffffffda RBX: 00007f4f38db5fa0 RCX: 00007f4f38b8e929
[  237.855292][T11094] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  237.855304][T11094] RBP: 00007f4f3995f090 R08: 0000200000003700 R09: 0000000000000000
[  237.855316][T11094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.855326][T11094] R13: 0000000000000000 R14: 00007f4f38db5fa0 R15: 00007ffc1b988f38
[  237.855356][T11094]  </TASK>
[  238.506501][T11111] macsec1: entered promiscuous mode
[  239.545526][T11151] lo speed is unknown, defaulting to 1000
[  239.596066][T11157] __nla_validate_parse: 3 callbacks suppressed
[  239.596086][T11157] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2016'.
[  239.706175][T11162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2018'.
[  240.694328][T11151] xt_CT: No such helper "snmp"
[  241.215839][   T30] audit: type=1800 audit(1750237941.769:4): pid=11205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2029" name="memory.events" dev="tmpfs" ino=2091 res=0 errno=0
[  241.241859][T11227] netlink: 'syz.3.2040': attribute type 1 has an invalid length.
[  241.265188][T11227] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  241.275596][T11224] vlan2: entered promiscuous mode
[  241.493502][T11237] netlink: 'syz.2.2044': attribute type 9 has an invalid length.
[  241.507495][T11237] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2044'.
[  241.572780][T11237] macvlan6: entered promiscuous mode
[  241.710608][T11241] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[  242.053040][T11262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2052'.
[  242.157974][T11266] lo speed is unknown, defaulting to 1000
[  242.177345][   T30] audit: type=1107 audit(1750237942.729:5): pid=11265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1Žd»¥]:xJÐP@�cd$JnyãÒOº^øDØ#�z'
[  242.890064][T11292] macvtap2: entered promiscuous mode
[  242.903791][T11292] macvtap2: entered allmulticast mode
[  243.193065][T11304] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2069'.
[  244.294658][T11358] FAULT_INJECTION: forcing a failure.
[  244.294658][T11358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.311559][T11358] CPU: 1 UID: 0 PID: 11358 Comm: syz.2.2091 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  244.311587][T11358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  244.311598][T11358] Call Trace:
[  244.311606][T11358]  <TASK>
[  244.311614][T11358]  dump_stack_lvl+0x189/0x250
[  244.311645][T11358]  ? __pfx____ratelimit+0x10/0x10
[  244.311670][T11358]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.311695][T11358]  ? __pfx__printk+0x10/0x10
[  244.311714][T11358]  ? __might_fault+0xb0/0x130
[  244.311743][T11358]  should_fail_ex+0x414/0x560
[  244.311769][T11358]  _copy_from_user+0x2d/0xb0
[  244.311788][T11358]  kstrtouint_from_user+0xc4/0x170
[  244.311813][T11358]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  244.311853][T11358]  proc_fail_nth_write+0x88/0x240
[  244.311874][T11358]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  244.311901][T11358]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  244.311923][T11358]  vfs_write+0x27e/0xa90
[  244.311957][T11358]  ? __pfx_vfs_write+0x10/0x10
[  244.311983][T11358]  ? __fget_files+0x2a/0x420
[  244.312007][T11358]  ? __fget_files+0x3a0/0x420
[  244.312024][T11358]  ? __fget_files+0x2a/0x420
[  244.312051][T11358]  ksys_write+0x145/0x250
[  244.312069][T11358]  ? __pfx_ksys_write+0x10/0x10
[  244.312083][T11358]  ? rcu_is_watching+0x15/0xb0
[  244.312112][T11358]  ? do_syscall_64+0xbe/0x3b0
[  244.312131][T11358]  do_syscall_64+0xfa/0x3b0
[  244.312145][T11358]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.312168][T11358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.312185][T11358]  ? clear_bhb_loop+0x60/0xb0
[  244.312214][T11358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.312230][T11358] RIP: 0033:0x7fb56738d3df
[  244.312247][T11358] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  244.312261][T11358] RSP: 002b:00007fb56817e030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  244.312279][T11358] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb56738d3df
[  244.312291][T11358] RDX: 0000000000000001 RSI: 00007fb56817e0a0 RDI: 000000000000000a
[  244.312302][T11358] RBP: 00007fb56817e090 R08: 0000000000000000 R09: 0000000000000000
[  244.312312][T11358] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  244.312322][T11358] R13: 0000000000000000 R14: 00007fb5675b5fa0 R15: 00007ffda8e74a78
[  244.312350][T11358]  </TASK>
[  245.096093][T11394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2106'.
[  245.271457][T11402] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2109'.
[  245.338730][T11405] siw: device registration error -23
[  245.369852][T11405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2110'.
[  247.339648][T11438] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2124'.
[  247.387452][T11438] openvswitch: netlink: Flow actions attr not present in new flow.
[  247.453711][T11438] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  247.504801][T11452] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2131'.
[  247.816523][T11472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2135'.
[  247.862041][T11470] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  248.054640][T11479] netlink: 'syz.3.2140': attribute type 2 has an invalid length.
[  248.145860][T11479] þ`Ì: entered promiscuous mode
[  248.225864][T11481] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2142'.
[  248.377108][T11486] IPv6: Can't replace route, no match found
[  248.466283][T11490] xt_bpf: check failed: parse error
[  248.474360][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2146'.
[  248.770665][T11511] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2154'.
[  248.924762][T11499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  249.196635][T11530] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2160'.
[  249.276840][T11534] netlink: 'syz.0.2162': attribute type 21 has an invalid length.
[  249.326710][T11536] vlan2: entered promiscuous mode
[  249.348913][ T5156] Bluetooth: hci4: command 0x0405 tx timeout
[  249.386772][T11534] netlink: 'syz.0.2162': attribute type 5 has an invalid length.
[  249.398588][T11534] netlink: 'syz.0.2162': attribute type 6 has an invalid length.
[  249.829396][T11557] openvswitch: netlink: Flow actions attr not present in new flow.
[  249.875984][T11557] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  250.527027][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888028861c00: rx timeout, send abort
[  250.845575][T11609] macvtap1: entered allmulticast mode
[  250.851745][T11609] veth0_macvtap: entered allmulticast mode
[  250.879726][T11609] __nla_validate_parse: 4 callbacks suppressed
[  250.879744][T11609] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2195'.
[  250.898271][   T30] audit: type=1800 audit(1750237951.439:6): pid=11613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2197" name="#" dev="tmpfs" ino=2160 res=0 errno=0
[  251.000185][T11618] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2199'.
[  251.027510][    C0] vxcan1: j1939_tp_rxtimer: 0xffff8880576e4000: rx timeout, send abort
[  251.036152][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888028861c00: abort rx timeout. Force session deactivation
[  251.077264][T11618] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2199'.
[  251.135520][T11625] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2201'.
[  251.200530][T11625] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2201'.
[  251.237272][T11625] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2201'.
[  251.248839][T11625] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2201'.
[  251.343099][T11633] SET target dimension over the limit!
[  251.489877][T11633] lo speed is unknown, defaulting to 1000
[  251.535947][    C0] vxcan1: j1939_tp_rxtimer: 0xffff8880576e4000: abort rx timeout. Force session deactivation
[  252.372137][T11677] netlink: 'syz.1.2221': attribute type 1 has an invalid length.
[  252.400632][T11677] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2221'.
[  252.445227][T11688] netlink: 'syz.0.2225': attribute type 4 has an invalid length.
[  252.529661][T11692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2225'.
[  252.688377][T11688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2225'.
[  253.872577][T11745] IPVS: Error joining to the multicast group
[  254.111088][T11752] macsec1: entered promiscuous mode
[  254.675917][T11773] syzkaller1: entered promiscuous mode
[  254.688497][T11773] syzkaller1: entered allmulticast mode
[  255.823498][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  255.957326][T11839] lo speed is unknown, defaulting to 1000
[  256.037218][T11844] __nla_validate_parse: 4 callbacks suppressed
[  256.037237][T11844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2284'.
[  256.303953][T11849] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2285'.
[  256.840765][T11866] netlink: 'syz.3.2291': attribute type 7 has an invalid length.
[  256.919839][T11865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2290'.
[  257.198291][T11878] FAULT_INJECTION: forcing a failure.
[  257.198291][T11878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.235130][T11881] netlink: 236 bytes leftover after parsing attributes in process `syz.4.2298'.
[  257.244499][T11878] CPU: 1 UID: 0 PID: 11878 Comm: syz.3.2297 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  257.244524][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.244534][T11878] Call Trace:
[  257.244541][T11878]  <TASK>
[  257.244548][T11878]  dump_stack_lvl+0x189/0x250
[  257.244577][T11878]  ? __pfx____ratelimit+0x10/0x10
[  257.244602][T11878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.244627][T11878]  ? __pfx__printk+0x10/0x10
[  257.244644][T11878]  ? __might_fault+0xb0/0x130
[  257.244672][T11878]  should_fail_ex+0x414/0x560
[  257.244698][T11878]  _copy_from_iter+0x1db/0x16f0
[  257.244722][T11878]  ? __lock_acquire+0xab9/0xd20
[  257.244751][T11878]  ? __pfx__copy_from_iter+0x10/0x10
[  257.244786][T11878]  tun_get_user+0x20f/0x3ce0
[  257.244820][T11878]  ? aa_file_perm+0x11f/0xed0
[  257.244842][T11878]  ? __pfx_tun_get_user+0x10/0x10
[  257.244857][T11878]  ? aa_file_perm+0x11f/0xed0
[  257.244876][T11878]  ? aa_file_perm+0x3e7/0xed0
[  257.244909][T11878]  ? ref_tracker_alloc+0x318/0x460
[  257.244935][T11878]  ? __lock_acquire+0xab9/0xd20
[  257.244959][T11878]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  257.244984][T11878]  ? tun_get+0x1c/0x2f0
[  257.245006][T11878]  ? tun_get+0x1c/0x2f0
[  257.245020][T11878]  ? tun_get+0x1c/0x2f0
[  257.245039][T11878]  tun_chr_write_iter+0x113/0x200
[  257.245073][T11878]  vfs_write+0x548/0xa90
[  257.245109][T11878]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  257.245134][T11878]  ? __pfx_vfs_write+0x10/0x10
[  257.245167][T11878]  ? __fget_files+0x2a/0x420
[  257.245195][T11878]  ksys_write+0x145/0x250
[  257.245213][T11878]  ? __pfx_ksys_write+0x10/0x10
[  257.245227][T11878]  ? rcu_is_watching+0x15/0xb0
[  257.245256][T11878]  ? do_syscall_64+0xbe/0x3b0
[  257.245277][T11878]  do_syscall_64+0xfa/0x3b0
[  257.245292][T11878]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.245314][T11878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.245332][T11878]  ? clear_bhb_loop+0x60/0xb0
[  257.245352][T11878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.245369][T11878] RIP: 0033:0x7fe1c5f8e929
[  257.245385][T11878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.245400][T11878] RSP: 002b:00007fe1c6d89038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  257.245419][T11878] RAX: ffffffffffffffda RBX: 00007fe1c61b5fa0 RCX: 00007fe1c5f8e929
[  257.245431][T11878] RDX: 0000000000000fce RSI: 00002000000003c0 RDI: 0000000000000003
[  257.245443][T11878] RBP: 00007fe1c6d89090 R08: 0000000000000000 R09: 0000000000000000
[  257.245453][T11878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.245462][T11878] R13: 0000000000000000 R14: 00007fe1c61b5fa0 R15: 00007ffe1f9f7cb8
[  257.245490][T11878]  </TASK>
[  257.274665][T11882] Cannot find set identified by id 0 to match
[  257.796812][T11896] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2302'.
[  257.841008][T11897] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2300'.
[  257.850618][T11897] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2300'.
[  257.863471][T11897] netlink: 41 bytes leftover after parsing attributes in process `syz.3.2300'.
[  258.035739][T11904] sctp: [Deprecated]: syz.3.2300 (pid 11904) Use of int in max_burst socket option.
[  258.035739][T11904] Use struct sctp_assoc_value instead
[  258.563148][T11918] openvswitch: netlink: Message has 8 unknown bytes.
[  258.677433][T11920] netlink: 165 bytes leftover after parsing attributes in process `syz.2.2311'.
[  258.762166][T11926] delete_channel: no stack
[  258.770746][T11926] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  258.779590][T11926] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2313'.
[  258.895341][T11928] FAULT_INJECTION: forcing a failure.
[  258.895341][T11928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.958465][T11928] CPU: 0 UID: 0 PID: 11928 Comm: syz.1.2315 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  258.958492][T11928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  258.958502][T11928] Call Trace:
[  258.958509][T11928]  <TASK>
[  258.958517][T11928]  dump_stack_lvl+0x189/0x250
[  258.958547][T11928]  ? __pfx____ratelimit+0x10/0x10
[  258.958572][T11928]  ? __pfx_dump_stack_lvl+0x10/0x10
[  258.958596][T11928]  ? __pfx__printk+0x10/0x10
[  258.958628][T11928]  should_fail_ex+0x414/0x560
[  258.958655][T11928]  _copy_to_user+0x31/0xb0
[  258.958676][T11928]  simple_read_from_buffer+0xe1/0x170
[  258.958700][T11928]  proc_fail_nth_read+0x1df/0x250
[  258.958725][T11928]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  258.958748][T11928]  ? rw_verify_area+0x258/0x650
[  258.958772][T11928]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  258.958793][T11928]  vfs_read+0x200/0x980
[  258.958824][T11928]  ? __pfx___mutex_lock+0x10/0x10
[  258.958848][T11928]  ? __pfx_vfs_read+0x10/0x10
[  258.958874][T11928]  ? __fget_files+0x2a/0x420
[  258.958898][T11928]  ? __fget_files+0x3a0/0x420
[  258.958915][T11928]  ? __fget_files+0x2a/0x420
[  258.958943][T11928]  ksys_read+0x145/0x250
[  258.958970][T11928]  ? __pfx_ksys_read+0x10/0x10
[  258.958992][T11928]  ? rcu_is_watching+0x15/0xb0
[  258.959022][T11928]  ? do_syscall_64+0xbe/0x3b0
[  258.959044][T11928]  do_syscall_64+0xfa/0x3b0
[  258.959059][T11928]  ? lockdep_hardirqs_on+0x9c/0x150
[  258.959082][T11928]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.959099][T11928]  ? clear_bhb_loop+0x60/0xb0
[  258.959121][T11928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.959137][T11928] RIP: 0033:0x7f0d5698d33c
[  258.959154][T11928] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  258.959169][T11928] RSP: 002b:00007f0d577a1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  258.959188][T11928] RAX: ffffffffffffffda RBX: 00007f0d56bb5fa0 RCX: 00007f0d5698d33c
[  258.959201][T11928] RDX: 000000000000000f RSI: 00007f0d577a10a0 RDI: 0000000000000009
[  258.959211][T11928] RBP: 00007f0d577a1090 R08: 0000000000000000 R09: 0000000000000000
[  258.959221][T11928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  258.959231][T11928] R13: 0000000000000000 R14: 00007f0d56bb5fa0 R15: 00007ffecf30f5e8
[  258.959258][T11928]  </TASK>
[  259.280251][T11932] sctp: [Deprecated]: syz.4.2317 (pid 11932) Use of int in maxseg socket option.
[  259.280251][T11932] Use struct sctp_assoc_value instead
[  259.602058][T11942] xt_hashlimit: size too large, truncated to 1048576
[  260.482484][T11969] siw: device registration error -23
[  261.079293][T11996] __nla_validate_parse: 3 callbacks suppressed
[  261.079311][T11996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2341'.
[  261.130622][T11988] syzkaller0: entered promiscuous mode
[  261.185570][T11988] syzkaller0: entered allmulticast mode
[  261.785691][T12035] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2355'.
[  263.081053][T12042] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2357'.
[  263.371714][T12058] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2364'.
[  263.412222][T12061] netlink: 'syz.0.2365': attribute type 10 has an invalid length.
[  263.501308][T12065] 8021q: adding VLAN 0 to HW filter on device bond3
[  263.631013][T12076] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2370'.
[  263.769538][T12078] ip6gretap0: entered promiscuous mode
[  263.792458][T12078] vlan2: entered promiscuous mode
[  264.311640][T12112] FAULT_INJECTION: forcing a failure.
[  264.311640][T12112] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  264.358481][T12112] CPU: 0 UID: 0 PID: 12112 Comm: syz.3.2383 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  264.358507][T12112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  264.358518][T12112] Call Trace:
[  264.358526][T12112]  <TASK>
[  264.358534][T12112]  dump_stack_lvl+0x189/0x250
[  264.358563][T12112]  ? __pfx____ratelimit+0x10/0x10
[  264.358588][T12112]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.358613][T12112]  ? __pfx__printk+0x10/0x10
[  264.358634][T12112]  ? fs_reclaim_acquire+0x7d/0x100
[  264.358664][T12112]  should_fail_ex+0x414/0x560
[  264.358691][T12112]  prepare_alloc_pages+0x213/0x610
[  264.358720][T12112]  __alloc_frozen_pages_noprof+0x123/0x370
[  264.358740][T12112]  ? skb_trim+0x83/0x1a0
[  264.358758][T12112]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  264.358790][T12112]  ? policy_nodemask+0x27c/0x720
[  264.358805][T12112]  ? __lock_acquire+0xab9/0xd20
[  264.358834][T12112]  alloc_pages_mpol+0x232/0x4a0
[  264.358858][T12112]  vma_alloc_folio_noprof+0xe4/0x200
[  264.358880][T12112]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  264.358911][T12112]  folio_prealloc+0x30/0x180
[  264.358931][T12112]  __handle_mm_fault+0x2c88/0x5620
[  264.358976][T12112]  ? __pfx___handle_mm_fault+0x10/0x10
[  264.359021][T12112]  ? find_vma+0xe7/0x160
[  264.359037][T12112]  ? __pfx_find_vma+0x10/0x10
[  264.359056][T12112]  handle_mm_fault+0x40a/0x8e0
[  264.359091][T12112]  do_user_addr_fault+0x764/0x1390
[  264.359130][T12112]  exc_page_fault+0x76/0xf0
[  264.359158][T12112]  asm_exc_page_fault+0x26/0x30
[  264.359174][T12112] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  264.359194][T12112] Code: f7 03 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 0f f7 03 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  264.359209][T12112] RSP: 0018:ffffc9001aca74f8 EFLAGS: 00050202
[  264.359225][T12112] RAX: ffff88807ee8c001 RBX: ffff88807ee8c3e1 RCX: 0000000000000157
[  264.359237][T12112] RDX: 0000000000000000 RSI: ffff88807ee8c421 RDI: 0000200000001000
[  264.359248][T12112] RBP: ffffc9001aca7650 R08: ffff88807ee8c577 R09: 1ffff1100fdd18ae
[  264.359260][T12112] R10: dffffc0000000000 R11: ffffed100fdd18af R12: dffffc0000000000
[  264.359284][T12112] R13: 0000000000000197 R14: 00007ffffffff000 R15: 0000200000001157
[  264.359313][T12112]  _copy_to_iter+0x5f6/0x16f0
[  264.359346][T12112]  ? __pfx__copy_to_iter+0x10/0x10
[  264.359363][T12112]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  264.359389][T12112]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  264.359415][T12112]  __skb_datagram_iter+0xf8/0x990
[  264.359437][T12112]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  264.359465][T12112]  skb_copy_datagram_iter+0xc5/0x230
[  264.359489][T12112]  netlink_recvmsg+0x2ab/0xa30
[  264.359514][T12112]  ? __pfx_netlink_recvmsg+0x10/0x10
[  264.359534][T12112]  ? aa_sock_msg_perm+0x94/0x160
[  264.359553][T12112]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  264.359571][T12112]  ? security_socket_recvmsg+0x7e/0x2e0
[  264.359592][T12112]  ? __pfx_netlink_recvmsg+0x10/0x10
[  264.359608][T12112]  sock_recvmsg+0x229/0x270
[  264.359627][T12112]  ____sys_recvmsg+0x1c9/0x460
[  264.359654][T12112]  ? __pfx_____sys_recvmsg+0x10/0x10
[  264.359686][T12112]  ? import_iovec+0x74/0xa0
[  264.359703][T12112]  ___sys_recvmsg+0x1b5/0x510
[  264.359728][T12112]  ? __pfx____sys_recvmsg+0x10/0x10
[  264.359768][T12112]  ? __fget_files+0x3a0/0x420
[  264.359792][T12112]  do_recvmmsg+0x307/0x770
[  264.359819][T12112]  ? __pfx_do_recvmmsg+0x10/0x10
[  264.359849][T12112]  ? _copy_from_user+0x94/0xb0
[  264.359876][T12112]  __x64_sys_recvmmsg+0x1af/0x240
[  264.359898][T12112]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  264.359916][T12112]  ? rcu_is_watching+0x15/0xb0
[  264.359940][T12112]  ? do_syscall_64+0xbe/0x3b0
[  264.359957][T12112]  do_syscall_64+0xfa/0x3b0
[  264.359969][T12112]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.359988][T12112]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.360001][T12112]  ? clear_bhb_loop+0x60/0xb0
[  264.360018][T12112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.360033][T12112] RIP: 0033:0x7fe1c5f8e929
[  264.360046][T12112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.360057][T12112] RSP: 002b:00007fe1c6d89038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  264.360071][T12112] RAX: ffffffffffffffda RBX: 00007fe1c61b5fa0 RCX: 00007fe1c5f8e929
[  264.360081][T12112] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  264.360091][T12112] RBP: 00007fe1c6d89090 R08: 0000200000003700 R09: 0000000000000000
[  264.360100][T12112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.360108][T12112] R13: 0000000000000000 R14: 00007fe1c61b5fa0 R15: 00007ffe1f9f7cb8
[  264.360132][T12112]  </TASK>
[  264.973064][T12123] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2387'.
[  264.992880][T12119] syzkaller1: tun_chr_ioctl cmd 1074025677
[  265.002809][T12119] syzkaller1: linktype set to 804
[  265.011465][T12123] macvlan0: entered allmulticast mode
[  265.071592][T12123] macvlan0 (unregistering): left allmulticast mode
[  265.092460][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.104929][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2388'.
[  265.114002][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.132064][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2388'.
[  265.151312][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.187709][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2388'.
[  265.230927][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.242770][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2388'.
[  265.257126][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.266242][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.274076][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.281977][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.289972][T12126] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  265.975313][T12160] openvswitch: netlink: Key 6 has unexpected len 4 expected 2
[  266.220134][T12168] __nla_validate_parse: 81 callbacks suppressed
[  266.220152][T12168] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2401'.
[  266.239189][ T5156] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  266.250006][ T5156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  266.288764][ T5156] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  266.296929][ T5156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  266.318602][ T5156] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  266.436435][T12177] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2402'.
[  266.455057][T12171] lo speed is unknown, defaulting to 1000
[  266.468672][T12181] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2406'.
[  266.534842][T12177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2402'.
[  266.602997][T12186] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2407'.
[  266.705475][T12190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  266.980572][T12201] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2411'.
[  267.106975][T12171] chnl_net:caif_netlink_parms(): no params data found
[  267.644622][T12171] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.666140][T12171] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.681675][T12171] bridge_slave_0: entered allmulticast mode
[  267.700199][T12171] bridge_slave_0: entered promiscuous mode
[  267.741964][T12171] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.766703][T12171] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.777432][T12171] bridge_slave_1: entered allmulticast mode
[  267.843368][T12171] bridge_slave_1: entered promiscuous mode
[  268.066296][T12171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  268.121554][T12171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.355976][T12171] team0: Port device team_slave_0 added
[  268.378238][ T5847] Bluetooth: hci4: command tx timeout
[  268.381699][T12171] team0: Port device team_slave_1 added
[  268.620505][T12171] batman_adv: batadv0: Adding interface: batadv_slave_0
[  268.637966][T12171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.681695][T12273] validate_nla: 75 callbacks suppressed
[  268.681712][T12273] netlink: 'syz.1.2432': attribute type 9 has an invalid length.
[  268.693046][T12274] netlink: 'syz.0.2433': attribute type 1 has an invalid length.
[  268.705494][T12171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.730146][T12171] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.737230][T12171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.775093][T12171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  268.862569][T12274] 8021q: adding VLAN 0 to HW filter on device bond1
[  269.107859][T12171] hsr_slave_0: entered promiscuous mode
[  269.127971][T12171] hsr_slave_1: entered promiscuous mode
[  269.147582][T12296] netlink: 192 bytes leftover after parsing attributes in process `syz.0.2435'.
[  269.165314][T12171] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  269.200523][T12171] Cannot create hsr debugfs directory
[  269.383268][T12307] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2439'.
[  269.835830][T12171] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.050310][T12171] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.071727][T12327] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2444'.
[  270.103293][T12323] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2444'.
[  270.236532][T12333] vlan2: entered promiscuous mode
[  270.424638][T12171] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.462023][ T5847] Bluetooth: hci4: command tx timeout
[  270.660403][T12171] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.582806][T12357] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  271.816693][T12353] lo speed is unknown, defaulting to 1000
[  271.897419][T12171] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  272.042491][T12373] openvswitch: netlink: Message has 8 unknown bytes.
[  272.117757][T12357] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  272.276543][T12171] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  272.277984][T12382] __nla_validate_parse: 1 callbacks suppressed
[  272.278001][T12382] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2453'.
[  272.394795][T12357] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  272.455212][T12391] netlink: 'syz.3.2455': attribute type 2 has an invalid length.
[  272.479642][T12171] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  272.519991][T12171] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  272.541287][ T5847] Bluetooth: hci4: command tx timeout
[  272.612288][T12391] netlink: zone id is out of range
[  272.617446][T12391] netlink: zone id is out of range
[  272.656827][T12391] netlink: zone id is out of range
[  272.679198][T12391] netlink: zone id is out of range
[  272.684528][T12391] netlink: zone id is out of range
[  272.706913][T12357] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  272.785654][T12391] netlink: zone id is out of range
[  272.807222][T12391] netlink: zone id is out of range
[  273.041944][T12391] netlink: set zone limit has 4 unknown bytes
[  273.167124][T12397] lo speed is unknown, defaulting to 1000
[  273.297358][T12357] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  273.361404][T12357] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  273.422753][T12357] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  273.473780][T12357] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  273.748939][T12171] 8021q: adding VLAN 0 to HW filter on device bond0
[  273.840375][T12171] 8021q: adding VLAN 0 to HW filter on device team0
[  273.898063][ T1008] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.905298][ T1008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  273.950862][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.958125][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  273.998295][T12443] FAULT_INJECTION: forcing a failure.
[  273.998295][T12443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.069167][T12443] CPU: 0 UID: 0 PID: 12443 Comm: syz.0.2466 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  274.069194][T12443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.069205][T12443] Call Trace:
[  274.069212][T12443]  <TASK>
[  274.069219][T12443]  dump_stack_lvl+0x189/0x250
[  274.069249][T12443]  ? __pfx____ratelimit+0x10/0x10
[  274.069271][T12443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.069292][T12443]  ? __pfx__printk+0x10/0x10
[  274.069309][T12443]  ? __might_fault+0xb0/0x130
[  274.069336][T12443]  should_fail_ex+0x414/0x560
[  274.069361][T12443]  _copy_from_user+0x2d/0xb0
[  274.069380][T12443]  get_timespec64+0x8e/0x1a0
[  274.069402][T12443]  ? __pfx_get_timespec64+0x10/0x10
[  274.069433][T12443]  __x64_sys_recvmmsg+0x143/0x240
[  274.069461][T12443]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  274.069481][T12443]  ? rcu_is_watching+0x15/0xb0
[  274.069510][T12443]  ? do_syscall_64+0xbe/0x3b0
[  274.069530][T12443]  do_syscall_64+0xfa/0x3b0
[  274.069544][T12443]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.069568][T12443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.069584][T12443]  ? clear_bhb_loop+0x60/0xb0
[  274.069603][T12443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.069619][T12443] RIP: 0033:0x7fd3f838e929
[  274.069634][T12443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.069648][T12443] RSP: 002b:00007fd3f91af038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  274.069666][T12443] RAX: ffffffffffffffda RBX: 00007fd3f85b5fa0 RCX: 00007fd3f838e929
[  274.069679][T12443] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  274.069691][T12443] RBP: 00007fd3f91af090 R08: 0000200000003700 R09: 0000000000000000
[  274.069702][T12443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.069712][T12443] R13: 0000000000000000 R14: 00007fd3f85b5fa0 R15: 00007fff68c6eb78
[  274.069741][T12443]  </TASK>
[  274.083482][T12447] FAULT_INJECTION: forcing a failure.
[  274.083482][T12447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.296484][T12451] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  274.308175][T12447] CPU: 0 UID: 0 PID: 12447 Comm: syz.4.2468 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  274.308199][T12447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.308211][T12447] Call Trace:
[  274.308217][T12447]  <TASK>
[  274.308225][T12447]  dump_stack_lvl+0x189/0x250
[  274.308253][T12447]  ? __pfx____ratelimit+0x10/0x10
[  274.308278][T12447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.308301][T12447]  ? __pfx__printk+0x10/0x10
[  274.308319][T12447]  ? __might_fault+0xb0/0x130
[  274.308346][T12447]  should_fail_ex+0x414/0x560
[  274.308372][T12447]  _copy_from_user+0x2d/0xb0
[  274.308389][T12447]  sock_do_ioctl+0x182/0x300
[  274.308410][T12447]  ? __pfx_sock_do_ioctl+0x10/0x10
[  274.308425][T12447]  ? __lock_acquire+0xab9/0xd20
[  274.308465][T12447]  sock_ioctl+0x576/0x790
[  274.308484][T12447]  ? __pfx_sock_ioctl+0x10/0x10
[  274.308501][T12447]  ? __fget_files+0x2a/0x420
[  274.308518][T12447]  ? __fget_files+0x3a0/0x420
[  274.308535][T12447]  ? __fget_files+0x2a/0x420
[  274.308556][T12447]  ? bpf_lsm_file_ioctl+0x9/0x20
[  274.308579][T12447]  ? __pfx_sock_ioctl+0x10/0x10
[  274.308595][T12447]  __se_sys_ioctl+0xf9/0x170
[  274.308621][T12447]  do_syscall_64+0xfa/0x3b0
[  274.308637][T12447]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.308661][T12447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.308678][T12447]  ? clear_bhb_loop+0x60/0xb0
[  274.308699][T12447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.308716][T12447] RIP: 0033:0x7f4f38b8e929
[  274.308732][T12447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.308746][T12447] RSP: 002b:00007f4f3995f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  274.308765][T12447] RAX: ffffffffffffffda RBX: 00007f4f38db5fa0 RCX: 00007f4f38b8e929
[  274.308779][T12447] RDX: 0000200000000000 RSI: 0000000000008932 RDI: 0000000000000003
[  274.308790][T12447] RBP: 00007f4f3995f090 R08: 0000000000000000 R09: 0000000000000000
[  274.308801][T12447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.308811][T12447] R13: 0000000000000000 R14: 00007f4f38db5fa0 R15: 00007ffc1b988f38
[  274.308841][T12447]  </TASK>
[  274.620249][ T5847] Bluetooth: hci4: command tx timeout
[  275.123780][T12171] 8021q: adding VLAN 0 to HW filter on device batadv0
[  275.226847][T12171] veth0_vlan: entered promiscuous mode
[  275.240486][T12171] veth1_vlan: entered promiscuous mode
[  275.355812][T12171] veth0_macvtap: entered promiscuous mode
[  275.379990][T12171] veth1_macvtap: entered promiscuous mode
[  275.413143][T12485] tipc: Started in network mode
[  275.432659][T12485] tipc: Node identity e6a04c1e7a21, cluster identity 4711
[  275.449938][T12485] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  275.553183][T12489] syzkaller0: entered promiscuous mode
[  275.558883][T12489] syzkaller0: entered allmulticast mode
[  275.564995][T12489] tipc: Resetting bearer <eth:syzkaller0>
[  275.580999][T12171] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.625394][T12171] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.714754][T12481] tipc: Resetting bearer <eth:syzkaller0>
[  275.755602][T12501] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2490'.
[  276.559315][ T5924] tipc: Node number set to 2625719326
[  277.038015][T12481] tipc: Disabling bearer <eth:syzkaller0>
[  277.046853][T12497] netlink: 'syz.1.2487': attribute type 5 has an invalid length.
[  277.057438][T12171] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.066573][T12171] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.075410][T12171] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.084144][T12171] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.105335][T12494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2487'.
[  277.152386][T12506] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  277.164189][T12506] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.199418][T12494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2487'.
[  277.351968][T12512] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2493'.
[  277.365142][T12506] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  277.376435][T12506] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.533325][T12506] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  277.543204][T12521] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2497'.
[  277.544620][T12506] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.575832][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.589289][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.659580][T12506] bond0: (slave netdevsim0): Releasing backup interface
[  277.678213][T12506] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  277.690328][T12506] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.729436][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.737731][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.804511][T12532] Cannot find del_set index 4 as target
[  277.852169][T12536] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2502'.
[  277.870922][T12536] 0·: renamed from hsr0
[  277.891821][T12536] 0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  277.914052][T12536] 0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  277.935178][T12540] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.2503'.
[  277.940741][T12542] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2502'.
[  277.945060][T12536] 0·: entered allmulticast mode
[  277.960943][T12536] hsr_slave_0: entered allmulticast mode
[  277.966815][T12536] hsr_slave_1: entered allmulticast mode
[  277.976114][T12536] A link change request failed with some changes committed already. Interface 
70· may have been left with an inconsistent configuration, please check.
[  278.013274][T12506] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  278.022298][T12506] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.093120][T12506] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  278.118218][T12506] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.154652][T12506] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  278.184062][T12506] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.210523][T12506] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  278.223256][T12506] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  278.346658][T12552] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  278.447520][T12552] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  278.735179][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.763210][T12552] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  278.870702][T12552] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  278.968520][T12573] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.2513'.
[  279.113597][T12552] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  279.219625][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.255683][T12552] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  279.276274][T12582] vlan2: entered promiscuous mode
[  279.298699][T12580] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2516'.
[  279.373657][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.383019][T12585] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2518'.
[  279.432365][T12552] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  279.450583][ T5156] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  279.463556][ T5156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  279.484351][ T5156] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  279.502422][ T5156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  279.510220][ T5156] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  279.585689][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.617994][T12552] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  279.697930][T12587] lo speed is unknown, defaulting to 1000
[  279.852236][T12602] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.2523'.
[  279.937842][T12606] netlink: 'syz.4.2524': attribute type 62 has an invalid length.
[  280.026867][   T13] bridge_slave_1: left allmulticast mode
[  280.041568][   T13] bridge_slave_1: left promiscuous mode
[  280.064503][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  280.107213][   T13] bridge_slave_0: left allmulticast mode
[  280.122215][   T13] bridge_slave_0: left promiscuous mode
[  280.138686][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.686763][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  280.697840][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  280.709639][   T13] bond0 (unregistering): Released all slaves
[  280.962605][T12625] x_tables: duplicate underflow at hook 1
[  281.260797][T12639] xt_CT: You must specify a L4 protocol and not use inversions on it
[  281.491868][T12587] chnl_net:caif_netlink_parms(): no params data found
[  281.523277][T12649] netlink: 'syz.3.2536': attribute type 1 has an invalid length.
[  281.578427][ T5846] Bluetooth: hci4: command tx timeout
[  281.750222][   T13] hsr_slave_0: left promiscuous mode
[  281.766767][   T13] hsr_slave_1: left promiscuous mode
[  281.778052][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  281.786065][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  281.796219][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  281.804973][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.861160][   T13] veth1_macvtap: left promiscuous mode
[  281.867251][   T13] veth0_macvtap: left promiscuous mode
[  281.879705][   T13] veth1_vlan: left promiscuous mode
[  281.885163][   T13] veth0_vlan: left promiscuous mode
[  281.979054][ T1107] wlan1: Trigger new scan to find an IBSS to join
[  282.315743][   T13] team0 (unregistering): Port device team_slave_1 removed
[  282.356318][   T13] team0 (unregistering): Port device team_slave_0 removed
[  282.871642][T12669] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2541'.
[  282.907156][T12587] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.928497][T12587] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.936695][T12587] bridge_slave_0: entered allmulticast mode
[  282.945245][T12587] bridge_slave_0: entered promiscuous mode
[  282.969538][T12587] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.990213][T12587] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.009859][T12587] bridge_slave_1: entered allmulticast mode
[  283.032423][T12587] bridge_slave_1: entered promiscuous mode
[  283.152724][T12587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.192764][T12587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  283.272971][T12685] netlink: 'syz.0.2544': attribute type 282 has an invalid length.
[  283.356815][T12587] team0: Port device team_slave_0 added
[  283.371597][T12587] team0: Port device team_slave_1 added
[  283.422008][ T5156] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  283.633955][T12587] batman_adv: batadv0: Adding interface: batadv_slave_0
[  283.645108][T12587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.671125][ T5156] Bluetooth: hci4: command 0x041b tx timeout
[  283.686514][T12587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.701772][T12698] syz_tun: entered allmulticast mode
[  283.765674][T12686] syz_tun: left allmulticast mode
[  283.776872][T12711] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2549'.
[  283.804145][T12587] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.818252][T12587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.867642][T12587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  284.122871][T12587] hsr_slave_0: entered promiscuous mode
[  284.132629][T12587] hsr_slave_1: entered promiscuous mode
[  284.262735][T12728] syz_tun: entered allmulticast mode
[  284.305743][T12727] syz_tun: left allmulticast mode
[  284.875384][T12754] syz_tun: entered allmulticast mode
[  284.920061][T12749] syz_tun: left allmulticast mode
[  285.053823][T12768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2569'.
[  285.117941][T12766] ip6gre1: entered promiscuous mode
[  285.151052][T12763] syz_tun: entered allmulticast mode
[  285.157972][T12762] syz_tun: left allmulticast mode
[  285.738417][ T5847] Bluetooth: hci4: command 0x041b tx timeout
[  286.028624][T12587] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  286.082092][T12587] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  286.110752][T12587] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  286.144279][T12587] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  286.187180][T12807] syz_tun: entered allmulticast mode
[  286.214727][T12806] syz_tun: left allmulticast mode
[  286.363982][T12820] netlink: 'syz.4.2582': attribute type 9 has an invalid length.
[  286.388399][T12820] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2582'.
[  286.441967][T12820] macvlan6: entered promiscuous mode
[  286.582005][T12587] 8021q: adding VLAN 0 to HW filter on device bond0
[  286.636651][T12587] 8021q: adding VLAN 0 to HW filter on device team0
[  286.674127][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.681321][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  286.725158][T12835] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2587'.
[  286.735819][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.743021][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  286.939058][   T36] wlan1: Trigger new scan to find an IBSS to join
[  287.524659][T12587] 8021q: adding VLAN 0 to HW filter on device batadv0
[  287.687367][T12587] veth0_vlan: entered promiscuous mode
[  287.732786][T12876] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2599'.
[  287.741803][T12587] veth1_vlan: entered promiscuous mode
[  287.764113][T12876] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2599'.
[  287.817362][T12587] veth0_macvtap: entered promiscuous mode
[  287.829453][ T5847] Bluetooth: hci4: command 0x041b tx timeout
[  287.840908][T12587] veth1_macvtap: entered promiscuous mode
[  287.911112][T12587] batman_adv: batadv0: Interface activated: batadv_slave_0
[  287.918826][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  287.982320][T12587] batman_adv: batadv0: Interface activated: batadv_slave_1
[  288.046735][T12587] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  288.067175][T12587] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  288.077886][T12587] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  288.086840][T12587] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  288.128708][T12889] tipc: MTU too low for tipc bearer
[  288.364778][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.396578][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.471285][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.510754][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  289.212833][T12935] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2616'.
[  289.240145][T12935] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  289.460873][T12938] can: request_module (can-proto-3) failed.
[  289.835446][ T1008] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.229766][ T1008] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.395166][ T1008] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.724667][ T1008] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.802021][T13015] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2627'.
[  291.232352][ T5156] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  291.241851][ T5156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  291.250845][ T5156] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  291.264254][ T5156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  291.279163][ T5156] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  291.320486][T13029] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  291.354672][T13027] lo speed is unknown, defaulting to 1000
[  291.404614][ T1008] bridge_slave_1: left allmulticast mode
[  291.419943][ T1008] bridge_slave_1: left promiscuous mode
[  291.429514][ T1008] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.454135][ T1008] bridge_slave_0: left allmulticast mode
[  291.468270][ T1008] bridge_slave_0: left promiscuous mode
[  291.493601][ T1008] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.097162][ T1008] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  292.113601][ T1008] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  292.125276][ T1008] bond0 (unregistering): Released all slaves
[  292.182295][T13057] syz_tun: entered allmulticast mode
[  292.508296][T13063] syz_tun: left allmulticast mode
[  292.993674][T13101] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2643'.
[  293.077289][ T1008] hsr_slave_0: left promiscuous mode
[  293.090843][ T1008] hsr_slave_1: left promiscuous mode
[  293.097012][ T1008] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  293.110088][ T1008] batman_adv: batadv0: Removing interface: batadv_slave_0
[  293.129166][ T1008] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  293.136657][ T1008] batman_adv: batadv0: Removing interface: batadv_slave_1
[  293.160345][ T1008] veth1_macvtap: left promiscuous mode
[  293.165887][ T1008] veth0_macvtap: left promiscuous mode
[  293.171796][ T1008] veth1_vlan: left promiscuous mode
[  293.177061][ T1008] veth0_vlan: left promiscuous mode
[  293.252946][T13114] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2646'.
[  293.268615][T13114] openvswitch: netlink: Flow actions attr not present in new flow.
[  293.339902][ T5847] Bluetooth: hci4: command tx timeout
[  293.465783][T13117] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  293.674588][ T1008] team0 (unregistering): Port device team_slave_1 removed
[  293.712768][ T1008] team0 (unregistering): Port device team_slave_0 removed
[  294.198836][T13027] chnl_net:caif_netlink_parms(): no params data found
[  294.271211][T13119] xt_CT: You must specify a L4 protocol and not use inversions on it
[  294.860424][T13027] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.867961][T13027] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.883218][T13027] bridge_slave_0: entered allmulticast mode
[  294.910290][T13027] bridge_slave_0: entered promiscuous mode
[  294.972524][T13027] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.018829][T13027] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.037168][T13027] bridge_slave_1: entered allmulticast mode
[  295.059505][T13027] bridge_slave_1: entered promiscuous mode
[  295.157008][T13027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.202583][T13027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  295.420277][ T5847] Bluetooth: hci4: command tx timeout
[  295.485470][T13027] team0: Port device team_slave_0 added
[  295.516748][T13027] team0: Port device team_slave_1 added
[  295.524459][T13182] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2660'.
[  295.543259][T13182] openvswitch: netlink: Flow actions attr not present in new flow.
[  295.646522][T13175] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  295.647154][T13027] batman_adv: batadv0: Adding interface: batadv_slave_0
[  295.677098][T13027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.704417][T13027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.784067][T13027] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.791335][T13027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.835039][T13027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  296.097259][T13027] hsr_slave_0: entered promiscuous mode
[  296.116228][T13205] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2668'.
[  296.132292][T13027] hsr_slave_1: entered promiscuous mode
[  296.302425][T13201] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[  296.317074][T13201] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[  296.333528][T13201] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[  296.346498][T13201] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[  296.387722][T13197] syzkaller1: entered promiscuous mode
[  296.393770][T13197] syzkaller1: entered allmulticast mode
[  296.505415][T13212] syz_tun: entered allmulticast mode
[  296.703675][T13226] bridge_slave_0: left allmulticast mode
[  296.721922][T13226] bridge_slave_0: left promiscuous mode
[  296.737785][T13226] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.757229][T13232] netlink: 'syz.0.2672': attribute type 4 has an invalid length.
[  296.772486][T13226] bridge_slave_1: left allmulticast mode
[  296.779444][T13226] bridge_slave_1: left promiscuous mode
[  296.785363][T13226] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.803728][T13226] bond0: (slave bond_slave_0): Releasing backup interface
[  296.815644][T13226] bond0: (slave bond_slave_1): Releasing backup interface
[  296.831117][T13226] team_slave_0: left promiscuous mode
[  296.845286][T13226] team0: Port device team_slave_0 removed
[  296.855074][T13226] team_slave_1: left promiscuous mode
[  296.868954][T13226] team0: Port device team_slave_1 removed
[  296.875156][T13226] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.884727][T13226] batman_adv: batadv0: Removing interface: batadv_slave_1
[  297.299091][T13246] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2678'.
[  297.328458][T13246] openvswitch: netlink: Flow actions attr not present in new flow.
[  297.432781][T13254] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  297.508339][ T5847] Bluetooth: hci4: command tx timeout
[  297.955645][T13279] netlink: 212 bytes leftover after parsing attributes in process `syz.3.2688'.
[  298.077298][T13279] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  298.209774][T13297] netlink: 'syz.1.2691': attribute type 33 has an invalid length.
[  298.217903][T13297] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2691'.
[  298.298475][T13027] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  298.360861][T13301] sock: sock_set_timeout: `syz.3.2693' (pid 13301) tries to set negative timeout
[  298.381989][T13027] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  298.413241][T13027] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  298.444657][T13027] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  298.595244][T13316] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2697'.
[  298.610149][T13316] netlink: zone id is out of range
[  298.615373][T13316] netlink: zone id is out of range
[  298.626423][T13316] netlink: zone id is out of range
[  298.632665][T13316] netlink: zone id is out of range
[  298.637944][T13316] netlink: zone id is out of range
[  298.647422][T13316] netlink: zone id is out of range
[  298.756090][T13027] 8021q: adding VLAN 0 to HW filter on device bond0
[  298.807007][T13027] 8021q: adding VLAN 0 to HW filter on device team0
[  298.842429][T12983] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.849690][T12983] bridge0: port 1(bridge_slave_0) entered forwarding state
[  298.885787][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  298.893026][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  298.978522][T13327] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2700'.
[  299.444546][T13327] syz.0.2700 (13327) used greatest stack depth: 16808 bytes left
[  299.584402][ T5847] Bluetooth: hci4: command tx timeout
[  299.777416][T13027] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.964420][T13370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.983572][T13027] veth0_vlan: entered promiscuous mode
[  299.999025][T13369] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2710'.
[  300.006365][T13373] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2712'.
[  300.047133][T13027] veth1_vlan: entered promiscuous mode
[  300.245467][T13027] veth0_macvtap: entered promiscuous mode
[  300.272943][T13027] veth1_macvtap: entered promiscuous mode
[  300.328496][T13027] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.405585][T13393] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2717'.
[  300.417816][T13027] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.428650][T13391] syz_tun: entered allmulticast mode
[  300.435753][T13388] syz_tun: left allmulticast mode
[  300.459363][T13027] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.476114][T13027] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.495153][T13027] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.504885][T13027] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.679637][  T977] IPVS: starting estimator thread 0...
[  300.772763][T13407] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2721'.
[  300.788659][T13405] IPVS: using max 32 ests per chain, 76800 per kthread
[  300.914536][T12977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.961364][T12977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.069038][T12981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.097864][T12981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.216486][T13422] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2726'.
[  301.601538][T13444] netlink: 'syz.3.2733': attribute type 1 has an invalid length.
[  301.633420][T13438] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2733'.
[  301.651400][T13438] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2733'.
[  301.672795][T13438] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2733'.
[  301.700053][T13438] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2733'.
[  302.116887][T12981] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.184299][T13459] batadv_slave_1: entered allmulticast mode
[  302.211477][T13453] batadv_slave_1: left allmulticast mode
[  302.336297][T12981] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.434915][T12981] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.524300][T12981] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.655190][T12981] bridge_slave_1: left allmulticast mode
[  302.661373][T12981] bridge_slave_1: left promiscuous mode
[  302.667084][T12981] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.679884][T12981] bridge_slave_0: left allmulticast mode
[  302.685540][T12981] bridge_slave_0: left promiscuous mode
[  302.692527][T12981] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.336853][T12981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  303.337517][ T5156] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  303.356891][T12981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.367528][ T5156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  303.368826][T12981] bond0 (unregistering): Released all slaves
[  303.382193][ T5156] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  303.391753][ T5156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  303.405108][ T5156] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  303.601060][T13496] vlan2: entered promiscuous mode
[  303.805548][T13491] lo speed is unknown, defaulting to 1000
[  304.043819][T13516] batman_adv: batadv0: Adding interface: dummy0
[  304.069651][T13516] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 20160.
[  304.099021][T13516] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  304.154904][T13516] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2748'.
[  304.197707][T13525] syz.4.2750 uses old SIOCAX25GETINFO
[  304.288546][T12981] hsr_slave_0: left promiscuous mode
[  304.296495][T12981] hsr_slave_1: left promiscuous mode
[  304.339580][T12981] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.347704][T12981] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.356881][T12981] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.365266][T12981] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.419889][T12981] veth1_macvtap: left promiscuous mode
[  304.425588][T12981] veth0_macvtap: left promiscuous mode
[  304.434667][T12981] veth1_vlan: left promiscuous mode
[  304.440654][T12981] veth0_vlan: left promiscuous mode
[  305.117854][T12981] team0 (unregistering): Port device team_slave_1 removed
[  305.162515][T12981] team0 (unregistering): Port device team_slave_0 removed
[  305.502470][ T5156] Bluetooth: hci4: command tx timeout
[  305.682124][T13526] lo speed is unknown, defaulting to 1000
[  305.786165][T13555] batadv_slave_1: entered allmulticast mode
[  305.838818][T13554] batadv_slave_1: left allmulticast mode
[  305.950453][T13491] chnl_net:caif_netlink_parms(): no params data found
[  306.103184][T13567] IPVS: Error joining to the multicast group
[  306.308880][T13491] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.316254][T13491] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.324595][T13491] bridge_slave_0: entered allmulticast mode
[  306.332949][T13491] bridge_slave_0: entered promiscuous mode
[  306.342227][T13491] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.353358][T13491] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.361239][T13491] bridge_slave_1: entered allmulticast mode
[  306.369313][T13491] bridge_slave_1: entered promiscuous mode
[  306.464629][T13491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  306.493235][T13491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  306.696999][T13596] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2765'.
[  306.744337][T13491] team0: Port device team_slave_0 added
[  306.761827][T13596] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.2765'.
[  306.785823][T13491] team0: Port device team_slave_1 added
[  306.950173][T13491] batman_adv: batadv0: Adding interface: batadv_slave_0
[  306.956019][T13606] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2767'.
[  306.958158][T13491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.005147][T13491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  307.022270][T13491] batman_adv: batadv0: Adding interface: batadv_slave_1
[  307.029743][T13491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.057563][T13491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  307.123499][T13613] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2767'.
[  307.215913][T13609] syz_tun: entered allmulticast mode
[  307.223683][T13607] syz_tun: left allmulticast mode
[  307.254701][T13491] hsr_slave_0: entered promiscuous mode
[  307.265715][T13491] hsr_slave_1: entered promiscuous mode
[  307.526043][T13627] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2774'.
[  307.585396][ T5156] Bluetooth: hci4: command tx timeout
[  307.839352][T13643] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  307.876654][T13646] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2778'.
[  308.250406][T13665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2783'.
[  308.302712][T13666] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2783'.
[  308.341447][T13663] netlink: 'syz.1.2783': attribute type 2 has an invalid length.
[  308.451005][T13652] lo speed is unknown, defaulting to 1000
[  308.859248][T13684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2787'.
[  309.026787][T13491] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  309.035479][T13687] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2790'.
[  309.053921][T13491] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  309.078755][T13690] netlink: 'syz.4.2789': attribute type 1 has an invalid length.
[  309.266076][T13491] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  309.288836][T13491] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  309.441879][T13696] bond4: (slave gretap1): making interface the new active one
[  309.477504][T13696] bond4: (slave gretap1): Enslaving as an active interface with an up link
[  309.509744][T13708] net_ratelimit: 80 callbacks suppressed
[  309.509763][T13708] netlink: zone id is out of range
[  309.520997][T13690] vlan2: entered allmulticast mode
[  309.526696][T13708] netlink: zone id is out of range
[  309.534300][T13708] netlink: zone id is out of range
[  309.540202][T13690] bond4: entered allmulticast mode
[  309.542548][T13708] netlink: zone id is out of range
[  309.555810][T13690] gretap1: entered allmulticast mode
[  309.577375][T13708] netlink: zone id is out of range
[  309.583607][T13708] netlink: zone id is out of range
[  309.591601][T13690] bond4: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  309.639850][T13708] netlink: zone id is out of range
[  309.659286][ T5156] Bluetooth: hci4: command tx timeout
[  309.692860][T13708] netlink: set zone limit has 4 unknown bytes
[  309.950933][T13729] siw: device registration error -23
[  310.143696][T13491] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.254673][T13735] SET target dimension over the limit!
[  310.263449][T13491] 8021q: adding VLAN 0 to HW filter on device team0
[  310.315437][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.322655][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.389333][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.396532][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.589769][T13491] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  310.642853][T13491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  310.963074][T13764] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  311.003711][T13756] tipc: Resetting bearer <eth:syzkaller0>
[  311.188458][T13776] netlink: 'syz.4.2811': attribute type 3 has an invalid length.
[  311.222201][T13776] siw: device registration error -23
[  311.741223][ T5156] Bluetooth: hci4: command tx timeout
[  312.148381][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.725394][T13756] tipc: Disabling bearer <eth:syzkaller0>
[  312.749426][T13792] syz_tun: entered allmulticast mode
[  312.770534][T13795] syz_tun: left allmulticast mode
[  313.056317][T13491] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.108990][T13491] veth0_vlan: entered promiscuous mode
[  313.122522][T13491] veth1_vlan: entered promiscuous mode
[  313.189424][T13491] veth0_macvtap: entered promiscuous mode
[  313.239227][T13811] __nla_validate_parse: 4 callbacks suppressed
[  313.239244][T13811] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2820'.
[  313.239989][T13491] veth1_macvtap: entered promiscuous mode
[  313.416053][T13491] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.434469][T13491] batman_adv: batadv0: Interface activated: batadv_slave_1
[  313.484928][T13819] syz_tun: entered allmulticast mode
[  313.531341][T13491] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.569655][T13491] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.601840][T13491] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.616453][T13491] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  313.634072][T13818] syz_tun: left allmulticast mode
[  313.665463][T13831] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2826'.
[  313.937027][T12977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.968839][T12977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.026150][T13845] xt_connbytes: Forcing CT accounting to be enabled
[  314.035527][ T1008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.038778][T13845] Cannot find set identified by id 0 to match
[  314.057522][ T1008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.243359][T13849] netlink: 'syz.4.2828': attribute type 1 has an invalid length.
[  314.279000][T13849] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2828'.
[  314.616419][T13868] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.2833'.
[  314.943170][T12977] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.147101][T12977] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.453127][T12977] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.513336][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  315.523269][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  315.532222][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  315.543352][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  315.553210][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  315.626575][T12977] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.654855][T13881] lo speed is unknown, defaulting to 1000
[  316.049506][T13900] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2838'.
[  316.293432][T12977] bridge_slave_1: left allmulticast mode
[  316.310153][T12977] bridge_slave_1: left promiscuous mode
[  316.315985][T12977] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.332088][ T5156] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  316.341929][ T5156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  316.356550][ T5156] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  316.373886][ T5156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  316.385009][ T5156] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  316.564845][T12977] bridge_slave_0: left allmulticast mode
[  316.599032][T12977] bridge_slave_0: left promiscuous mode
[  316.616392][T12977] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.185832][T12977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  317.196890][T12977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  317.208489][T12977] bond0 (unregistering): Released all slaves
[  317.259509][T13881] chnl_net:caif_netlink_parms(): no params data found
[  317.278878][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  317.460082][T13937] ieee802154 phy1 wpan1: encryption failed: -22
[  317.480735][T13937] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2845'.
[  317.521200][T13911] lo speed is unknown, defaulting to 1000
[  317.579251][ T5847] Bluetooth: hci3: command tx timeout
[  317.917427][T13881] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.933181][T13881] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.941223][T13881] bridge_slave_0: entered allmulticast mode
[  317.949276][T13881] bridge_slave_0: entered promiscuous mode
[  317.993332][T12977] hsr_slave_0: left promiscuous mode
[  318.017665][T12977] hsr_slave_1: left promiscuous mode
[  318.025085][T12977] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  318.037790][T12977] batman_adv: batadv0: Removing interface: batadv_slave_0
[  318.046439][T12977] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  318.067765][T12977] batman_adv: batadv0: Removing interface: batadv_slave_1
[  318.123043][T12977] veth1_macvtap: left promiscuous mode
[  318.129196][T12977] veth0_macvtap: left promiscuous mode
[  318.134952][T12977] veth1_vlan: left promiscuous mode
[  318.141302][T12977] veth0_vlan: left promiscuous mode
[  318.463143][T13974] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2850'.
[  318.473295][ T5847] Bluetooth: hci4: command tx timeout
[  318.833047][T12977] team0 (unregistering): Port device team_slave_1 removed
[  318.877053][T12977] team0 (unregistering): Port device team_slave_0 removed
[  319.300853][T13881] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.310448][T13881] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.317641][T13881] bridge_slave_1: entered allmulticast mode
[  319.326952][T13881] bridge_slave_1: entered promiscuous mode
[  319.516863][T13881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.574328][T13881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.659114][ T5847] Bluetooth: hci3: command tx timeout
[  319.723906][T13881] team0: Port device team_slave_0 added
[  319.791213][T13881] team0: Port device team_slave_1 added
[  319.923859][T13993] vlan2: entered promiscuous mode
[  319.965904][T13881] batman_adv: batadv0: Adding interface: batadv_slave_0
[  319.978343][T13881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.017434][T13881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.035325][T13881] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.043726][T13881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.141135][T13881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.200060][T13994] syz_tun: left allmulticast mode
[  320.225023][T13911] chnl_net:caif_netlink_parms(): no params data found
[  320.396664][T14009] batman_adv: batadv0: Adding interface: dummy0
[  320.403557][T14009] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  320.420761][T14015] netlink: 'syz.4.2859': attribute type 2 has an invalid length.
[  320.462066][T12983] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  320.553489][ T5847] Bluetooth: hci4: command tx timeout
[  320.588062][T14011] lo speed is unknown, defaulting to 1000
[  320.622688][T13881] hsr_slave_0: entered promiscuous mode
[  320.629800][T13881] hsr_slave_1: entered promiscuous mode
[  320.814524][T13911] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.826745][T13911] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.834925][T13911] bridge_slave_0: entered allmulticast mode
[  320.845714][T13911] bridge_slave_0: entered promiscuous mode
[  320.932758][T13911] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.946110][T13911] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.967507][T13911] bridge_slave_1: entered allmulticast mode
[  320.977507][T13911] bridge_slave_1: entered promiscuous mode
[  321.162424][T13911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  321.176492][T13911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  321.215031][T14037] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2865'.
[  321.396351][T13911] team0: Port device team_slave_0 added
[  321.525321][T13911] team0: Port device team_slave_1 added
[  321.738398][ T5847] Bluetooth: hci3: command tx timeout
[  321.792521][T13911] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.800341][T13911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.828580][T13911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.844734][T13911] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.868242][T13911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.938194][T13911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.957276][T14067] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2872'.
[  322.013717][T14067] openvswitch: netlink: Flow actions attr not present in new flow.
[  322.086269][T14071] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2874'.
[  322.117757][T14071] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[  322.152820][T14064] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  322.411552][T13911] hsr_slave_0: entered promiscuous mode
[  322.442973][T13911] hsr_slave_1: entered promiscuous mode
[  322.454355][T13911] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  322.479002][T13911] Cannot create hsr debugfs directory
[  322.500923][T14087] FAULT_INJECTION: forcing a failure.
[  322.500923][T14087] name failslab, interval 1, probability 0, space 0, times 0
[  322.514770][T14087] CPU: 1 UID: 0 PID: 14087 Comm: syz.0.2877 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  322.514797][T14087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  322.514822][T14087] Call Trace:
[  322.514830][T14087]  <TASK>
[  322.514836][T14087]  dump_stack_lvl+0x189/0x250
[  322.514866][T14087]  ? __pfx____ratelimit+0x10/0x10
[  322.514890][T14087]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.514914][T14087]  ? __pfx__printk+0x10/0x10
[  322.514937][T14087]  ? __pfx___might_resched+0x10/0x10
[  322.514961][T14087]  ? fs_reclaim_acquire+0x7d/0x100
[  322.514986][T14087]  should_fail_ex+0x414/0x560
[  322.515013][T14087]  should_failslab+0xa8/0x100
[  322.515035][T14087]  __kmalloc_noprof+0xcb/0x4f0
[  322.515051][T14087]  ? kfree+0x4d/0x440
[  322.515071][T14087]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  322.515101][T14087]  tomoyo_realpath_from_path+0xe3/0x5d0
[  322.515126][T14087]  ? tomoyo_domain+0xd9/0x130
[  322.515155][T14087]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  322.515176][T14087]  tomoyo_path_number_perm+0x1e8/0x5a0
[  322.515207][T14087]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  322.515246][T14087]  ? __lock_acquire+0xab9/0xd20
[  322.515291][T14087]  ? __fget_files+0x2a/0x420
[  322.515313][T14087]  ? __fget_files+0x2a/0x420
[  322.515328][T14087]  ? __fget_files+0x3a0/0x420
[  322.515342][T14087]  ? __fget_files+0x2a/0x420
[  322.515363][T14087]  security_file_ioctl+0xcb/0x2d0
[  322.515385][T14087]  __se_sys_ioctl+0x47/0x170
[  322.515408][T14087]  do_syscall_64+0xfa/0x3b0
[  322.515421][T14087]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.515443][T14087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.515458][T14087]  ? clear_bhb_loop+0x60/0xb0
[  322.515479][T14087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.515496][T14087] RIP: 0033:0x7fd3f838e929
[  322.515512][T14087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.515527][T14087] RSP: 002b:00007fd3f91af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  322.515546][T14087] RAX: ffffffffffffffda RBX: 00007fd3f85b5fa0 RCX: 00007fd3f838e929
[  322.515559][T14087] RDX: 0000200000000340 RSI: 0000000000008955 RDI: 0000000000000003
[  322.515571][T14087] RBP: 00007fd3f91af090 R08: 0000000000000000 R09: 0000000000000000
[  322.515580][T14087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.515589][T14087] R13: 0000000000000000 R14: 00007fd3f85b5fa0 R15: 00007fff68c6eb78
[  322.515613][T14087]  </TASK>
[  322.515621][T14087] ERROR: Out of memory at tomoyo_realpath_from_path.
[  322.640326][ T5847] Bluetooth: hci4: command tx timeout
[  322.646070][T14093] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  322.692288][T14090] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.2878'.
[  322.838706][T12977] bridge_slave_1: left allmulticast mode
[  322.844591][T12977] bridge_slave_1: left promiscuous mode
[  322.865477][T12977] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.896150][T12977] bridge_slave_0: left allmulticast mode
[  322.915707][T12977] bridge_slave_0: left promiscuous mode
[  322.948940][T12977] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.387224][T12977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  323.397691][T12977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  323.408610][T12977] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  323.417386][T12977] bond0 (unregistering): Released all slaves
[  323.436694][T12977] bond1 (unregistering): Released all slaves
[  323.605412][T12977] þ`Ì: left promiscuous mode
[  323.724743][T12977] tipc: Left network mode
[  323.818574][ T5847] Bluetooth: hci3: command tx timeout
[  323.856121][T14112] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2882'.
[  324.185314][T14107] 8021q: adding VLAN 0 to HW filter on device bond2
[  324.470256][T12977] ------------[ cut here ]------------
[  324.475769][T12977] Have pending ack frames!
[  324.529045][T12977] WARNING: CPU: 1 PID: 12977 at net/mac80211/main.c:1715 ieee80211_free_ack_frame+0x4d/0x60
[  324.539712][T12977] Modules linked in:
[  324.543931][T12977] CPU: 1 UID: 0 PID: 12977 Comm: kworker/u8:12 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  324.557232][T12977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  324.568249][T12977] Workqueue: netns cleanup_net
[  324.573043][T12977] RIP: 0010:ieee80211_free_ack_frame+0x4d/0x60
[  324.579295][T12977] Code: 00 00 e8 36 b4 71 fe 31 c0 5b e9 3e 84 94 00 cc e8 88 19 ec f6 c6 05 ac d1 b6 04 01 90 48 c7 c7 20 27 ae 8c e8 84 c4 af f6 90 <0f> 0b 90 90 eb c8 cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90
[  324.599018][T12977] RSP: 0018:ffffc9000421f610 EFLAGS: 00010246
[  324.605120][T12977] RAX: 982b1a572e810900 RBX: ffff888069cdd3c0 RCX: ffff88803105bc00
[  324.613179][T12977] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  324.622779][T12977] RBP: ffffc9000421f718 R08: 0000000000000003 R09: 0000000000000004
[  324.631163][T12977] R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: ffffc9000421f680
[  324.639244][T12977] R13: ffff888077f97730 R14: ffff8880277f2fa8 R15: 0000000000000001
[  324.647227][T12977] FS:  0000000000000000(0000) GS:ffff888125d52000(0000) knlGS:0000000000000000
[  324.656936][T12977] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  324.664157][T12977] CR2: 0000200000ff5000 CR3: 000000007f440000 CR4: 00000000003526f0
[  324.672217][T12977] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  324.680272][T12977] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  324.688339][T12977] Call Trace:
[  324.691636][T12977]  <TASK>
[  324.694576][T12977]  idr_for_each+0x1b5/0x290
[  324.699165][T12977]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  324.705250][T12977]  ? __pfx_idr_for_each+0x10/0x10
[  324.710352][T12977]  ? kobject_put+0x270/0x480
[  324.710642][ T5847] Bluetooth: hci4: command tx timeout
[  324.714940][T12977]  ? kfree+0x18e/0x440
[  324.724463][T12977]  ieee80211_free_hw+0xc6/0x480
[  324.729386][T12977]  mac80211_hwsim_del_radio+0x2de/0x460
[  324.734950][T12977]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  324.741115][T12977]  hwsim_exit_net+0x584/0x640
[  324.745804][T12977]  ? __pfx_hwsim_exit_net+0x10/0x10
[  324.751104][T12977]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  324.757614][T12977]  ops_undo_list+0x49a/0x990
[  324.762771][T12977]  ? __pfx_ops_undo_list+0x10/0x10
[  324.767923][T12977]  cleanup_net+0x4c5/0x800
[  324.772429][T12977]  ? __pfx_cleanup_net+0x10/0x10
[  324.777382][T12977]  ? _raw_spin_unlock_irq+0x23/0x50
[  324.782735][T12977]  ? process_scheduled_works+0x9ef/0x17b0
[  324.788533][T12977]  ? process_scheduled_works+0x9ef/0x17b0
[  324.794271][T12977]  process_scheduled_works+0xae1/0x17b0
[  324.799959][T12977]  ? __pfx_process_scheduled_works+0x10/0x10
[  324.805981][T12977]  worker_thread+0x8a0/0xda0
[  324.810760][T12977]  kthread+0x70e/0x8a0
[  324.814848][T12977]  ? __pfx_worker_thread+0x10/0x10
[  324.820063][T12977]  ? __pfx_kthread+0x10/0x10
[  324.824670][T12977]  ? _raw_spin_unlock_irq+0x23/0x50
[  324.829955][T12977]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.835176][T12977]  ? __pfx_kthread+0x10/0x10
[  324.839873][T12977]  ret_from_fork+0x3fc/0x770
[  324.844490][T12977]  ? __pfx_ret_from_fork+0x10/0x10
[  324.849691][T12977]  ? __switch_to_asm+0x39/0x70
[  324.854473][T12977]  ? __switch_to_asm+0x33/0x70
[  324.860014][T12977]  ? __pfx_kthread+0x10/0x10
[  324.864626][T12977]  ret_from_fork_asm+0x1a/0x30
[  324.869964][T12977]  </TASK>
[  324.872997][T12977] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  324.880277][T12977] CPU: 1 UID: 0 PID: 12977 Comm: kworker/u8:12 Not tainted 6.16.0-rc1-syzkaller-00305-gd74520f39cdb #0 PREEMPT(full) 
[  324.892604][T12977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  324.902670][T12977] Workqueue: netns cleanup_net
[  324.907517][T12977] Call Trace:
[  324.910803][T12977]  <TASK>
[  324.913738][T12977]  dump_stack_lvl+0x99/0x250
[  324.918343][T12977]  ? __asan_memcpy+0x40/0x70
[  324.922947][T12977]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.928160][T12977]  ? __pfx__printk+0x10/0x10
[  324.932771][T12977]  panic+0x2db/0x790
[  324.936672][T12977]  ? __pfx_panic+0x10/0x10
[  324.941093][T12977]  ? ret_from_fork_asm+0x1a/0x30
[  324.946020][T12977]  __warn+0x31b/0x4b0
[  324.949992][T12977]  ? ieee80211_free_ack_frame+0x4d/0x60
[  324.955548][T12977]  ? ieee80211_free_ack_frame+0x4d/0x60
[  324.961195][T12977]  report_bug+0x2be/0x4f0
[  324.965528][T12977]  ? ieee80211_free_ack_frame+0x4d/0x60
[  324.971074][T12977]  ? ieee80211_free_ack_frame+0x4d/0x60
[  324.976623][T12977]  ? ieee80211_free_ack_frame+0x4f/0x60
[  324.982166][T12977]  handle_bug+0x84/0x160
[  324.986404][T12977]  exc_invalid_op+0x1a/0x50
[  324.990892][T12977]  asm_exc_invalid_op+0x1a/0x20
[  324.995729][T12977] RIP: 0010:ieee80211_free_ack_frame+0x4d/0x60
[  325.001879][T12977] Code: 00 00 e8 36 b4 71 fe 31 c0 5b e9 3e 84 94 00 cc e8 88 19 ec f6 c6 05 ac d1 b6 04 01 90 48 c7 c7 20 27 ae 8c e8 84 c4 af f6 90 <0f> 0b 90 90 eb c8 cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90
[  325.021470][T12977] RSP: 0018:ffffc9000421f610 EFLAGS: 00010246
[  325.027530][T12977] RAX: 982b1a572e810900 RBX: ffff888069cdd3c0 RCX: ffff88803105bc00
[  325.035490][T12977] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  325.043447][T12977] RBP: ffffc9000421f718 R08: 0000000000000003 R09: 0000000000000004
[  325.051419][T12977] R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: ffffc9000421f680
[  325.059383][T12977] R13: ffff888077f97730 R14: ffff8880277f2fa8 R15: 0000000000000001
[  325.067356][T12977]  idr_for_each+0x1b5/0x290
[  325.071885][T12977]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  325.077949][T12977]  ? __pfx_idr_for_each+0x10/0x10
[  325.082980][T12977]  ? kobject_put+0x270/0x480
[  325.087556][T12977]  ? kfree+0x18e/0x440
[  325.091630][T12977]  ieee80211_free_hw+0xc6/0x480
[  325.096476][T12977]  mac80211_hwsim_del_radio+0x2de/0x460
[  325.102014][T12977]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  325.108081][T12977]  hwsim_exit_net+0x584/0x640
[  325.112751][T12977]  ? __pfx_hwsim_exit_net+0x10/0x10
[  325.117937][T12977]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  325.123740][T12977]  ops_undo_list+0x49a/0x990
[  325.128330][T12977]  ? __pfx_ops_undo_list+0x10/0x10
[  325.133451][T12977]  cleanup_net+0x4c5/0x800
[  325.137857][T12977]  ? __pfx_cleanup_net+0x10/0x10
[  325.142785][T12977]  ? _raw_spin_unlock_irq+0x23/0x50
[  325.147973][T12977]  ? process_scheduled_works+0x9ef/0x17b0
[  325.153683][T12977]  ? process_scheduled_works+0x9ef/0x17b0
[  325.159396][T12977]  process_scheduled_works+0xae1/0x17b0
[  325.164965][T12977]  ? __pfx_process_scheduled_works+0x10/0x10
[  325.170960][T12977]  worker_thread+0x8a0/0xda0
[  325.175565][T12977]  kthread+0x70e/0x8a0
[  325.179625][T12977]  ? __pfx_worker_thread+0x10/0x10
[  325.184727][T12977]  ? __pfx_kthread+0x10/0x10
[  325.189308][T12977]  ? _raw_spin_unlock_irq+0x23/0x50
[  325.194498][T12977]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.199690][T12977]  ? __pfx_kthread+0x10/0x10
[  325.204271][T12977]  ret_from_fork+0x3fc/0x770
[  325.208854][T12977]  ? __pfx_ret_from_fork+0x10/0x10
[  325.213966][T12977]  ? __switch_to_asm+0x39/0x70
[  325.218713][T12977]  ? __switch_to_asm+0x33/0x70
[  325.223465][T12977]  ? __pfx_kthread+0x10/0x10
[  325.228044][T12977]  ret_from_fork_asm+0x1a/0x30
[  325.232816][T12977]  </TASK>
[  325.236083][T12977] Kernel Offset: disabled
[  325.240397][T12977] Rebooting in 86400 seconds..