last executing test programs:

25.906737583s ago: executing program 3 (id=3052):
socket(0x1d, 0x803, 0x400000)
syz_emit_ethernet(0x5e, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff00000000aabb86dd60122d9200283afffe8000000000000000000000010000bbff020000003d66c5c2cb14f363000000000000000158a6a43f1eaddfb9000000000000800000000000000001ff0000aafc0100"/102], 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r0, &(0x7f0000003a00)=[{{&(0x7f0000000580)={0xa, 0x20, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000200)="c5df6a3b", 0x34000}], 0x1}}, {{&(0x7f0000000b40)={0xa, 0x4e21, 0x900000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c, &(0x7f0000001600)=[{&(0x7f0000000e40)="af", 0x1}], 0x1}}], 0x2, 0xc0c0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x9, 0x0, 0x1, 0x4}, 0x50)
r6 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x0, @empty}, 0x10) (async)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x0, @empty}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f00000001c0), &(0x7f0000000340)=@tcp=r6}, 0x20)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$nci(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r3], 0x4)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100040000002c00048005000300010000000500030080ffffff05000300016900000500030080ffffff05000300050000000800020003"], 0x50}}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r8, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan1\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan3\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan3\x00', <r10=>0x0})
sendmsg$NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r7, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000051}, 0x24040085)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r11) (async)
r12 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r11)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000380)={0x38, r12, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x38}}, 0x20048840) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000380)={0x38, r12, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x38}}, 0x20048840)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000700), r13)
ioctl$sock_SIOCGIFINDEX_802154(r13, 0x8933, &(0x7f0000000800)={'wpan0\x00', <r15=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)={0x30, r14, 0x211, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r15}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40081}, 0x80) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)={0x30, r14, 0x211, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r15}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40081}, 0x80)

24.949376844s ago: executing program 3 (id=3058):
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x13, &(0x7f0000000400)=ANY=[@ANYBLOB="180000008b000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000ff7e00008500000086000000bf092000000000005509010000000080950000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000a00008500000086000000bf91000000000000b7020000030000008500000084000000b7000000000500009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xb, 0xfed, &(0x7f0000000780)=""/4077, 0x41100, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000d}, 0x94)

24.746047077s ago: executing program 3 (id=3059):
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000100)=<r4=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000140)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000180)=<r6=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, r3, 0x400, 0x70bd26, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000080}, 0xc000)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @random="5a01f3c2f136", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @local, @remote, @local, @remote}}}}, 0x0)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r8=>0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{0x0, 0xdd12}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff})
setsockopt$sock_int(r9, 0x1, 0x10, &(0x7f0000000380)=0x3, 0x4)
sendmmsg(r9, &(0x7f0000001c00), 0x400000000000159, 0x40840)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r8], 0x1c}}, 0x4008054)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

21.122492969s ago: executing program 3 (id=3076):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x38, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x1c, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x15, 0x0, 0x0, @uid}, @typed={0x8, 0x9, 0x0, 0x0, @fd}]}, @nested={0x4, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x48814}, 0xc000) (async)
ioctl$XFS_IOC_FREE_EOFBLOCKS(r0, 0x8080583a, &(0x7f0000000040)={0x1, 0x9, 0x8, 0x7, 0x6, 0x0, 0x3}) (async, rerun: 64)
r1 = gettid() (async, rerun: 64)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0, <r2=>0x0}, &(0x7f00000003c0)=0xc) (async, rerun: 64)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x4000) (async, rerun: 64)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\v\x00\x00\x00B\x00\x00\x00>'], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x7, &(0x7f0000001140)=ANY=[@ANYBLOB="180000001d6c68e98f0b00000000b8ea9b0c000000008120", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x1005, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94) (async)
r4 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000001080), 0x80000)
getsockname$packet(r4, &(0x7f00000010c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001100)=0x14) (async, rerun: 64)
getgid() (async, rerun: 64)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000400)=<r5=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, <r6=>0x0}, &(0x7f0000000480)=0xc) (async)
r7 = gettid() (async)
r8 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f0000000200)=0x10)
sendmsg$netlink(r8, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)={0x2c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0xc, 0x0, 0x0, @uid=r9}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0xf6}]}]}, 0x2c}], 0x1, 0x0, 0x0, 0x20080c5}, 0x0) (async)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000000500)=0xc) (async)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
gettid()
r11 = socket(0x1e, 0x80805, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r12, 0x1, 0x23, &(0x7f0000000000), 0x4) (async)
sendmsg$inet(r13, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x20000000) (async)
r14 = socket(0x10, 0x3, 0x0)
write(r14, &(0x7f00000000c0)="1c0000001e005f0214fffffffffffff8070000001700000000000000", 0x1c) (async)
recvmsg(r12, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/4098, 0x15}, 0x0)
getsockopt$bt_hci(r11, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) (async)
r15 = getuid()
sendmsg$netlink(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000012c0)={0x114, 0x1b, 0x4, 0x70bd2b, 0x25dfdbfe, "", [@nested={0x101, 0x77, 0x0, 0x1, [@generic="a78220031a9971c8ba31ea28d20361273c625deed9ddf0789921f48ffd49041f8b79234c77ae373d8891cc91c32fb8ef0e93d1a6e0a7c18778212aec2ff6e33bbbb26e1b636f534e7f1603ef299786a3f91ba3cd363ecae620c140dac82cc9557f17b0c5dc0134a85a3b0d7abfc6d1b966c28d8c807a205110035c132485caba4ed1d60941ef525b9c09c37476b3adf0f5f79670d410760d70a5866ff6af534a87edbb99f4099e2b10f2eaccb35b4f4323e64e2cfe4ba29890dbda1eaf5b22b4e7d48902bf03dc06746f379ac6a1c25e858b", @typed={0x8, 0x153, 0x0, 0x0, @u32=0x2}, @generic="b2e3d8b6be54d6472ac3f15b640f701d140f3349063a30b073412d409bf5d8", @generic, @nested={0x4, 0xf6}]}]}, 0x114}, {&(0x7f0000002500)=ANY=[@ANYBLOB="180000002a00010025bd70ee3126ccf95f5ea700", @ANYRES32=r0, @ANYBLOB="5a5f009b12fda17d81a59add2ab3e639dfb72b8a76f2ce0ec8d569ee95fc26a540b51dd1be1590f350003d24ac2204fe730948bce94e2249696ce1c6c24733621b880a4168508ec15542aecbf4b05efda0cef77c013fd25f3f3a6a27581fba5d2b337244956689f98124f19d72ea71bd28ca1c682f7ccb1ee6c40d7016f8db8de0daefd2b2aa2ef9c21116925bc11131eeaa04cfde147390e479acbceeabceef0ce4a927066a8693eec05b8c529527c512b841d2ac03fb72f5932532fe6fcbf6bac4b5cb09ac8a66a236c112261000f9c0023fd71decdd222fd25c3e811894df04c56c904729c24427aa2fea3489fcc974b60d7e78098276bf24a6eb6d1086535b5c0a7f07c4"], 0x18}], 0x2, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r10}}}, @cred={{0x1c, 0x1, 0x2, {r5, 0xee00, r6}}}, @cred={{0x1c, 0x1, 0x2, {r7, r9, r10}}}, @rights={{0x24, 0x1, 0x1, [r13, r0, r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r1, r15, 0xffffffffffffffff}}}], 0xa8, 0x44000}, 0x40011)

4.533478083s ago: executing program 2 (id=3152):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd1, &(0x7f0000000000)=0x9, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1, &(0x7f0000000540)=@raw=[@generic={0x2, 0xf, 0x8, 0x9, 0x10001}], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2}, 0xc)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000080)={0x1f, 0x4, 0x3f, 0x2003208, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x19}, @private=0xa010104}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4000000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}]}, &(0x7f0000000980)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) (async)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd1, &(0x7f0000000000)=0x9, 0x4) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r1}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1, &(0x7f0000000540)=@raw=[@generic={0x2, 0xf, 0x8, 0x9, 0x10001}], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2}, 0xc) (async)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000080)={0x1f, 0x4, 0x3f, 0x2003208, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x19}, @private=0xa010104}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4000000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}]}, &(0x7f0000000980)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)

4.383988686s ago: executing program 4 (id=3153):
close(0x3)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x6c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3, <r4=>0xffffffffffffffff}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000900)="8e5d0000000c5e86dcb1b74f78b843f39d211bf5cd4a5c10a081937a0376c7425b187e7bff0f00e96929187956368b7dbeebb68587e89b570f23fa8aa27edce84bdaf09cef9b090000d944d54696f1d563329ad566027d7056cbce08691acf3186fb94745a973023ddbe9d0051f89ef48d2e643c3cf97edd6708e149cddc566d93219d29d0b5d2155e76f89bed26392d45acfd24aa7f6f1fd85fd2b0220e3649952169791b375e679b2c5034ff196ae58c1a8d6bf2920000bd5d1834ea05290cf500652ce11dc94878b529eed8942255cb99bf8b00938d53e3f45c827583fa5343185ea823b719f3ae6021fe0ee900412950830bf94e9f4a2858096c4853825cbd1b2bd5926268925d5ba16205652679cfe8f9d2555e04eb692ff331d4379b517acb32db4e8b802b740c48285c1b3b237b46c2de53223173123e1dd504f67cc1bae8ebf08a7ec2bd18758169cf3cf4bb58496a5eabea531176319e8cb43278f7437d3227b59691df2e3f2a3e2492ff9dd0eafd4be945b27f9bce7fad86e83955657473fb2f331a9f72aefa358baeceb6105b6a90ad416a70ee1b23bd7701bf5caf33f3ed884b4c9e0949e4c1d31c874de98963f27c5f", 0x0, 0x37, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff}, 0x1e)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r6, 0x11c, 0xf4f422d5faf08caa, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r5, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0], 0x0, 0x20, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0xa, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000740)={@cgroup, 0xffffffffffffffff, 0x2a, 0x3028}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0x4, 0xa}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0xffe0}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

4.280053622s ago: executing program 2 (id=3155):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb9040a1d0800fe007c05e8fe55a115000100fc11142603600e12080005007a010401a80016002000024004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189ce16277ce06bbace8013cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4a53f5aeb4edbb57a5025ccca9e06dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010c3000000000300003e851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608fffffff30500180000000000000000000000000010009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)

4.08318427s ago: executing program 4 (id=3156):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000000, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2400e890)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
getgid()
getpid()
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f00000000c0))
ioctl$XFS_IOC_PATH_TO_FSHANDLE(r1, 0xc0385868, &(0x7f00000002c0)={<r3=>r0, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_congestion_control\x00', 0x10040, &(0x7f0000000200)={@align=0x7ffffffffffffffe, {0xe2, 0x1000, 0x4, 0x3}}, 0x80, &(0x7f0000000240)={@_ha_fsid}, &(0x7f0000000280)=0x80})
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="e874b743dea4df5abaa5148c5a901b2cc38169181b811b9f89f6d56139", 0x1d)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv4_newroute={0x24, 0x1a, 0x1, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0xa, 0x0, 0x1, 0xc8, 0x0, 0x1000}, [@RTA_UID={0x8}]}, 0x24}}, 0x24008800)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000018c0), 0x1, 0x0)
getpid()
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
r5 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000600))
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="0000001803010300ffffc4001000ffffffff4e204e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="d1800007907800091e59063bcc55e2fb4b662a463b24b28a4fafb428a89d60f9547d33690c48bf9581455479f14cea31faf5212327c508ed14d3cc9f1b20adaecc3b4c664e61295f92adc7b03928e6f24a8ee8e299effe97537d57096d808d21b4fe04f98900000013d3b3875dfd9a3f6328f33f09ceec09986b30406704e2560f04592cb4869c77658fcb3eca004c77b183c5840dbb0fd30bcd067737d3f07dff1755aac0e628d921d141b089c15306c066b177aab8"], 0xe4)
accept$inet(r3, &(0x7f0000000340)={0x2, 0x0, @multicast2}, &(0x7f0000000380)=0x10)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001780)={{{@in6=@private1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@local}, 0x0, @in=@private}}, &(0x7f0000001740)=0xe8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r7, @ANYBLOB="00000000195d190c40e2901212a49899b9ab82177eb036d51c76aad8d6c22ab6a5d22bcd6575d37a0af1cfd28b924d0ff129e023e8ac97233b11d66c429c32e9b613467f4013b497c796fdff9dc4db0ae0f2d2c935836405ea94db62f5f0686f28d2a079043b5da443c29a2204781aaebef271dcc781e5b001074a9c614dd64ca4dd37c3202734b568b8471dd341c9e46cd4a04581475a9c31c581ab905d84c2bef5184edee0d5c2fd8900e7582a1027664b70846780903d1daf4180034bd90342e5be0a559afbeb38efc5350aa5e3727bc60e06998f6117b82e11674154154c93672c3e076d9382768acda7d15c77eaf7dde07d653b7e08d5924a5578ed911c124057d2b601182caf470fb91f12a166ec047eecf2d52c25a9ba1c2984dcf675e9be5c9070a7012868bdbf6c79035e14e1771cd232bd30935913dca615c23d8b36d7e5c25643b68ec5a197b96291f49e5309ccb90512fadc542206daddb073e5fce8fb0f435076daf17f36cc51fc68c776499eb57a2a718597d8"], 0x18, 0x4004c}}], 0x1, 0x805)
sendmsg$rds(r3, &(0x7f0000003400)={&(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000002fc0)=[{&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/145, 0x91}, {&(0x7f0000001a40)=""/4096, 0x1000}, {&(0x7f0000002a40)=""/253, 0xfd}, {&(0x7f0000002b40)=""/246, 0xf6}, {&(0x7f0000002c40)=""/149, 0x95}, {&(0x7f0000002d00)=""/243, 0xf3}, {&(0x7f0000002e00)=""/227, 0xe3}, {&(0x7f0000002f00)=""/159, 0x9f}], 0x9, &(0x7f00000032c0)=[@rdma_dest={0x18, 0x114, 0x2, {0xb8, 0xffff}}, @fadd={0x58, 0x114, 0x6, {{0x0, 0x7}, &(0x7f0000003080)=0x6, &(0x7f00000030c0)=0x4, 0x45, 0x3, 0x4, 0x7fff, 0x13, 0x9}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000003100)=""/79, 0x4f}, &(0x7f0000003180), 0x25}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f00000031c0)=""/58, 0x3a}, &(0x7f0000003200), 0x49}}, @fadd={0x58, 0x114, 0x6, {{0x0, 0xfffffbff}, &(0x7f0000003240)=0x7, &(0x7f0000003280)=0x81, 0x3, 0x800, 0x5, 0x8f, 0x15, 0xfffffffffffffffc}}], 0x128, 0x40}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=ANY=[@ANYBLOB="680000001d00000326bd70e9fadbdf250200000064f1fd13000ff6b5e6d544e648e58c218d5876ba66a34eafe7802a79134e9e37c6c4bef8dccf4e6521d96ffe7cc6fa873507ac582baad3161696e16a943627a6d157c13e45e5dc7065a821113b39387c2f30a6a94e7b7453d3d4636224ee5b75bcd41c2aa6414467e452c37de99ebf814b36403b15f8e76fa1d09b068327cc75358d", @ANYRES32=r6, @ANYBLOB="0100480208000100ac1414aa14000300fbffffff9e00000002000000961affff08000d009403000020000e800500010005000000040002000500010008000000040002000400020005000c00b8000000"], 0x68}, 0x1, 0x0, 0x0, 0x81}, 0x40080)

2.499483835s ago: executing program 2 (id=3165):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={r1, 0x4}, &(0x7f0000000100)=0x2)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x44b, 0x70bd28, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x408c5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8, 0x1, 0x3}]}}}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xff}}]}, 0x48}}, 0x4)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, 0x0, &(0x7f0000000240)=0x5a)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)

2.382828911s ago: executing program 4 (id=3167):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000000)={@dev, <r2=>0x0}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001500000126bd7000fddbdf25023f04c8", @ANYRES32=r2, @ANYBLOB="080004000000000008000100e0400002"], 0x28}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000300)=ANY=[@ANYBLOB='0F'], 0x18)
sendmmsg$inet(r0, &(0x7f0000000680)=[{{&(0x7f0000000940)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000380)="00dd41dc115d27cf850a782da28375b561df298712d56b", 0x17}], 0x1}}, {{&(0x7f0000000c40)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="11000000000000000000000001000000c000006a17e98b00000000a2ea5d95578830000000000024000000000000000000000007000000df9404018fecab5e55f6e900890f05e0000001ac14e2669b"], 0x40}}, {{&(0x7f00000002c0)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f00000004c0)=[{&(0x7f00000003c0)="851ae1a12fb98bdd948cdfaa505e465615786b69e8e94de9eea51b5a7bb71326d0796e51a58b75d262d1587c368035247a9b", 0x32}, {&(0x7f0000000400)="72d45127f0b5ad36873ea7515658a91e50722e3e8aa04837448354372819c25deecc716efb8d2439b4ac040a5c8134bb3ac3945bbf4f9929fe1d57a6c8bca27fe15d2ba8adb8a38c444943399295d5b60003c848736580f37b0d18cb97f78cbc45231a73ef48a185bae56553850d946b00c03b831e860e6e0d73d3bf2a463f4d148e86471342d8a82e9d332fd053d78b626ceafdee356b1d001c0aa68103", 0x9e}], 0x2, &(0x7f0000000500)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_ttl={{0x14, 0x0, 0x2, 0x9}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x200}}, @ip_retopts={{0xdc, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x29, 0x3, [{0x1, 0x12, "6209f91bd5bb2555c3c1ec26cdce80fa"}, {0x6, 0x11, "c6e331b854f8987e2ff573a2b80e00"}]}, @noop, @ssrr={0x89, 0x17, 0x11, [@loopback, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @timestamp_addr={0x44, 0x34, 0xd2, 0x1, 0x7, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x210}, {@multicast1, 0x5}, {@loopback, 0x2}, {@multicast2, 0x2}, {@multicast1, 0x9a9}, {@local, 0x3f7}]}, @ssrr={0x89, 0xf, 0x30, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x3c}]}, @timestamp_addr={0x44, 0x44, 0xfa, 0x1, 0x4, [{@empty, 0x5}, {@empty, 0x6}, {@multicast1, 0x7}, {@local, 0xfffffc01}, {@local, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0xd5}, {@loopback}, {@broadcast, 0x2}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}], 0x158}}], 0x3, 0x40000)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=@delqdisc={0x70, 0x25, 0x800, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x9, 0x4}, {0x1c, 0x2}, {0xb, 0x3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x7fffffff}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x2}}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x80}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x10001}, @TCA_RATE={0x6, 0x5, {0x8, 0x5d}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000)

2.26488309s ago: executing program 1 (id=3168):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0) (async)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r5, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=<r7=>r6, @ANYBLOB="e0005a80dc0000801400030020380000080003000600000003000800040002004a00"], 0xfc}, 0x1, 0x0, 0x0, 0x4008821}, 0x8840) (async)
sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f00000008c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000880)={&(0x7f0000000d00)={0x210, r5, 0x20, 0x50bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xf2, 0xac, "5c78e1d10322f1f00dd57e70a20372f72e795f40d338aab7a23705523e094fa8139704e12ac16e4a5b828c7287a175df62af74cc8d3a178b0835866bd3fc1bda80dbedef847c7cc6ec82bf1d5dd9ae07f8216f74bf4bfda9f1b38e66d5e0d19053c0e4143a5e1994db522e877586ccd6abe8af8c51ce064e9ec5033db8e6bdd6e3cab43d93824fe5dcad82e79a2658c83f5eb1198b34e059cd91167e612616c9ea3b621aefd5d35986f808739b00c1e93dc7cb9ce144e71dd671f88bc9f20bbc919be1700e6a83125900314ac84d257b20925ac20c02e4c729f61ef7bbf37282d15715b6ec78938e4921565d3180"}, @NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_MFP={0x4}]}, @NL80211_ATTR_STA_WME={0x44, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xff}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xf7}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x2}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x40}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x9}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x8}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x2}]}, @NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0xc}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x7c, 0xbe, "45b9a3e31587784b8263df5be25eff06f80d8b15f63f9490d7e5c3cff75c3ec78a43bf2ea9691daaeee3304c8f75f7bf13f68c8bfdb5ad8864b47b2b82439a76fbf11a24b2155da629c8c233921bf5fd5928353e0c57f032eb728c35f71deedc686878c25ddfebaa2b5b644a2999eb5547c7801be4f73ee5"}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x15, 0x13, [{0x60}, {0x3b}, {0x9}, {0xb, 0x1}, {0x6c, 0x1}, {0x3, 0x1}, {0xc, 0x1}, {0x16}, {0xc, 0x1}, {0x6c, 0x1}, {0x4}, {0x16, 0x1}, {0x48}, {0x4}, {0x36, 0x1}, {0x48}, {0x1c}]}]}, 0x210}}, 0x20000000) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYRESDEC=r6, @ANYRESHEX=r2, @ANYRES64=r7, @ANYBLOB="a93f146172e930bab079f9294e6651d2131dab4bd0218bc035d0da370b8f48164314a438930e3f8b61c3b401e3ea4cd8c21a3350efa7e5f5f6fbd7acadf0a6ca9d021e585605b33d30fc47a7ccb5957db434d0916165924bde6973e36180ae0efabd496f1505ba9e3c6a397a82f34faed3be6b60", @ANYRESDEC=r8], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) (async)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a310000000014000480080002403cb140bb0800014000000003080005400000000014000000110001"], 0x70}, 0x1, 0x0, 0x0, 0xc840}, 0x1) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r9)
sendmsg$IEEE802154_ADD_IFACE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x14, r10, 0x1, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4c440}, 0x200000b0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a2c000000054a010100000000000000000a00000a0900010073797a31000000000900030073797a32000000001c000000120a01030000000000000000010000090800034000000003140000001100010000000000000000000100000aba9abe6615b693f7422f324fdcdde990f11692ece2d92bcc6b2994b31943a35a60159a96eefcb411ef75196ca0ece55578d9779fceaf03505ba11f67a32e3ca1dd2a776bb67084c6b34094fac3c44d660e0000cae62dc8e5ffc30b467700000000000000e9e359ff7236b7b169340f4f453ba2461db83741afdf9894696dbdca90941e9de1c6899e462565c89fa8a9017daaef75b0fc5d7ba50544055e39564ef1b5685324f7471cd9e7a501f85840"], 0x70}}, 0x0) (async)
clock_gettime(0x2, &(0x7f00000001c0)) (async)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r11, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
preadv(r2, &(0x7f0000000000), 0x0, 0x8, 0x1) (async)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r12, 0xc004743e, &(0x7f0000000140))
syz_emit_ethernet(0x36, &(0x7f0000000180)={@multicast, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0xe0, 0x0, 0x0, 0x0, 0x810001}}}}}, 0x0) (async)
r13 = socket(0x1e, 0x1, 0x0)
ioctl$sock_ifreq(r13, 0x8991, &(0x7f0000000040)={'bond0\x00', @ifru_names='bond_slave_1\x00'}) (async)
pwrite64(r12, &(0x7f00000000c0)="9a001e99f6112598fdd1ea3af65418af161c0314469dfbef59c6df84da92fe81324386579c22e9d0ad0e16af694168bc795cb9f31c9bc68b4f9f9d33339b403c9451bc868270c39f60586fd7b278e238670dcb50b2f806dee363766e135f8a190ce275f60398256352edc951c8e9fc77", 0x70, 0x4) (async)
ioctl$PPPIOCGDEBUG(r12, 0x80047441, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000041ffffff00000000080000009111b3000000000095"], &(0x7f0000000c40)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94)

2.187720601s ago: executing program 2 (id=3169):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000004680)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000004600)=ANY=[@ANYBLOB="18000000041401"], 0x18}}, 0x40)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
close(r0)

2.119195165s ago: executing program 0 (id=3170):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r0, 0x4058587a, &(0x7f0000001780)={{<r1=>r0, &(0x7f0000000580)='(^++*!\x00', 0x800, &(0x7f00000006c0)={@align=0x6ae0, {0x7, 0x0, 0x81, 0x380}}, 0x7f, &(0x7f0000000700), &(0x7f0000000740)=0x3}, {[0x6, 0x1, 0x2, 0x4]}, 0x9, 0x1000, &(0x7f0000000780)=""/4096})
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000001840)={'filter\x00', 0x7, 0x4, 0x4f0, 0x408, 0x1e8, 0x1e8, 0x408, 0x408, 0x408, 0x4, &(0x7f0000001800), {[{{@arp={@empty, @multicast2, 0xff, 0xff, 0xd, 0x3, {@mac=@broadcast, {[0x0, 0xff, 0x0, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, {[0x0, 0x0, 0xff]}}, 0x7fff, 0xb, 0x8, 0xff, 0xcc, 0x7fff, 'pimreg0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x0, 0x200}, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x6, 'system_u:object_r:auditctl_exec_t:s0\x00'}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @remote, @loopback, 0xf}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @remote, @multicast1, 0x8, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x540) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x54, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x28, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x9}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_DATA={0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20004090) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000000640)={{<r3=>r2, &(0x7f0000000180)='$\x00', 0x80180, &(0x7f00000001c0)={@_ha_fsid={[0x6, 0x5]}, {0xfffd, 0x3, 0x6, 0x7}}, 0x832b, &(0x7f0000000200), &(0x7f0000000240)=0x9}, 0x3, &(0x7f00000005c0)=[{0x3, 0x9, &(0x7f0000000280)='\x00', &(0x7f00000002c0)="9714c5d08358bf8bd1c7bf2f3fe04726cfee0a322101be3527702784fdd3dc332903edca47e926030d9f319dc9310684640d83485a792ed4caa10e88551a7affd0ad494036326c463d354fbdf1e9c72aa4862d3629469bb13b270f660a76afb880fa42a206c9b4b65b87fd7d23bc1cb7332832293d795faf3778704c133f74553b5460bfbd98d66ab96da4b8b2b2a9e786bb0be960c4f4b91c5e8852ca78c658fa7deb46cd8fbd1fe396228260a585a7a1403e94", 0xb4}, {0x3, 0xa, &(0x7f0000000440)='\x00', &(0x7f0000000480)="5279d85af9acc792c86aca683af7ff3c45295f33fda3474fea0abd5b8ba8f40b304d204d96a70cf983b4684f2aad6cdc8590365f2231ae2250d9efad5238c313d51f869574e6d6d4918ff7e66e5d16a2ac7d99b40ff2c224a665fb9d108a9dd89f4447b3ca06ff5f42c2043f99c4d596046ec3b0acedb2d4a4f1e3f5eb9dfe00269bd29f03a3f60690b8e68e1dd5de2b4f83f23fee8f68cadbb251486d433a4c645b5c7cb6c8ce95d21f0939fb2dc44bc55722eb25f1ab8d77ce80990de14135", 0xc0, 0x8}, {0x3, 0x5, &(0x7f0000000540)='-\xc1##}*\x00', &(0x7f0000000580), 0x0, 0x2}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x11, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, [@generic={0x6, 0x0, 0x0, 0x61ca, 0x6}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffa}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x84}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x2}, @generic={0x9, 0x2, 0x7, 0x6, 0xfffffc00}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x0, r3}, 0x94)

1.987807335s ago: executing program 2 (id=3171):
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8000)
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000180)={0x260, 0x14, 0x8, 0x70bd26, 0x25dfdbfd, {0x1e, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x6c, 0x1, "7c99c9c3a83b6cb0ecaa7232a69a3cf0527d499129a3fe48ce18626281efdc2631732efd3164cbd6f6f59ec0508f8dd307f80ffbb7109cd58cbe67391a1b955920458bdbc5068cba0fdeda070dee9aae24bfc9b088370da499b848a73401f8d4313c5c8bb6b6724c"}, @INET_DIAG_REQ_BYTECODE={0x8c, 0x1, "3959e54fefc12b0d212df94529d38e892fcd89789262bbd3ebe3cd17fab90d2001f1cae6c990a2a8f5c5d5695c6fbdd119a23317b1a2ca7b7a2f49bdbf48aa899ee11a294ae5bc1da3def80f31ca0978882bc09a21ab07fe7a9512112c4cbd54e89d02c6753de3497feadef6d777723a5ad56662c714072383afe4f929589c73fdd304bc5ff4f626"}, @INET_DIAG_REQ_BYTECODE={0xdc, 0x1, "facc6639a80ae7ceaf8b248b96fce229a40a61a48affce1514e8e018e950d370412c46cd808a81f522b8fbe82f9861de2f83f477c85cc3aa52ccdf95a134feea66d06c165204d128a703d7a9321d6cc8b64b17d4e4ba199903a18b4e2e70766a438cfcda434a2bcdf17b5f04cf522275688dba64f4b527a9fe45f3ca05519c11caef9006ce8159d381a5c1b1a5f6dfb730af6d6f935198f32588df87c0581eae9e02a02653497d72264b0f319acd705825836bc0b0705c4f639cea5e0a782ee156ec11897ebf82ef29f6f0be2b2159c52c15c074cfc8cb6c"}, @INET_DIAG_REQ_BYTECODE={0x75, 0x1, "d86e5c19b8bc072379b9167750be708e1d240a34cfca720aad3e24dd16a76661fe883f26e404ff7458ebf0aef7680f2d0af7b3e0df04f49ed2ac76f091dabe6a176c939ece1dcfae4930bfc12afdbe38182dc804614360c8c5d1b790f253479bf7ef0fc178b347be89622fb79d294902ad"}]}, 0x260}}, 0x8010)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000140)={0x1, 0xffffffff}, 0x8)
close(r1)
socket$netlink(0x10, 0x3, 0x0)

1.899870435s ago: executing program 1 (id=3172):
syz_open_procfs$namespace(0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@func_proto]}, {0x0, [0x61]}}, &(0x7f0000000f80)=""/4096, 0x27, 0x1000, 0x1, 0x7f}, 0x28)

1.899076348s ago: executing program 0 (id=3173):
r0 = socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)

1.797371386s ago: executing program 2 (id=3174):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r2, 0x4058587a, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r4, 0x0, 0x48a, &(0x7f0000000700)={0x7fff, 0x0, 0x2}, 0xc)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r3, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x40000000000018c, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
sendmmsg(r3, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x2}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000001800ddd000000000000000000200000000000d05000000000600150005000000280016802400010003"], 0x4c}}, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000fdffffff000000000a00000085000000750000009500000000000000facb0300000000000000834af0de010000000babe586c42cc7fa85912f4642154419cc54851738690fa2623c487ee683746f5f00665992441c3c21938dc87ba91cc0a8622db69df46a36efe7583a1491aa95bf026267cc1a02314e081c47348cdb3a94af0251b48a066e22a6e56ef62b5c"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x76}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3f0, 0x220, 0x308, 0x220, 0x308, 0x308, 0x308, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0xffffff00, 0x1, 0x0, {@empty, {[0x0, 0x0, 0xff]}}, {@mac=@local}, 0x0, 0x7, 0x2, 0x0, 0x800, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00', {}, {}, 0x0, 0x180}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @loopback, @broadcast, 0x6, 0xfffffffe}}}, {{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, 0x0, 0x0, 0x0, 0xfd, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00', {}, {}, 0x0, 0xc}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}, @broadcast, @dev={0xac, 0x14, 0x14, 0x12}, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x9}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r10, 0x6b, 0x1, &(0x7f0000000000)=[{}, {}, {0x0, 0x0, {0x0, 0x0, 0x4}}, {}, {}, {}, {}, {}, {}, {}], 0x140)

1.61408035s ago: executing program 1 (id=3175):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
socket(0x6e, 0x5, 0x9)
r3 = socket$kcm(0x2d, 0x2, 0x0)
pipe(&(0x7f0000019480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
vmsplice(r5, &(0x7f0000000480)=[{&(0x7f00000000c0)="c2", 0x1}], 0x1, 0x2)
splice(r4, 0x0, r3, 0x0, 0x10500, 0x8)
write$ppp(0xffffffffffffffff, &(0x7f0000000480)="1e08", 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r2, @ANYRESDEC=r5, @ANYRES64=r2, @ANYRESDEC=r1, @ANYBLOB="4734a9113ab5f266cfd13573ea51d980687de7115021f64fd90fe2ba8bc0077eb6726576af73c5a44d79c2acf06751ad7a3c84ac3a6fc1f067d01b8fecf86c1fde5d0666807453978116fc7a6b05d8e4b76f05c305850bd1e6a0b3f9878b1486f7709150db3e549f1163c0c4968f588e2e3ad488e8af3d9aa55896966b9b8a8e1d590df9135e818c65d9b52371d95f"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)

1.50358316s ago: executing program 1 (id=3176):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000000300)={0x3c, r1, 0x1, 0x70bd25, 0x25dfdc01, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24040050)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c004}, 0x24048840)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c000000100003040000fff30000ea0000000400", @ANYRES32=r6, @ANYBLOB="60bc010004a701003c00128009000100626f6e64000000002c"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000140)={0x3, 0x2}, 0x2)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000002c0)={0x0, 0x0, 0x6, 0x0, '\x00', [{0x3ff, 0x4, 0x9, 0x0, 0x9, 0x4}, {0x9, 0x298, 0x8, 0x7, 0x7, 0x5}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2a}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x40008d0}, 0x200c8800)
ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000100)='batadv0\x00')

1.3482574s ago: executing program 0 (id=3177):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes)\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nfc(0x0, r1)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000001c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100ffffffff0000000001000000100007800c00018008000100", @ANYRES32=r3, @ANYBLOB="0c0005006c010000000000000c000200ff", @ANYRES32=r3], 0x7c}}, 0x20000000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040), 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_emit_ethernet(0x4e, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6087fb8900180000fe880000000000000000000000000001fc0200000000000000000000000000005c020000000000000401000101"], 0x0)
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000000))
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1800000007140100000032c83a110000050042"], 0x18}}, 0x0)

1.307065361s ago: executing program 4 (id=3178):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0x1}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x6c}, 0x2, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000480)={'veth1_to_bond\x00'})
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r3, 0x8)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x472a01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
r9 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newtfilter={0x40, 0x2c, 0xd3f, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8, 0x6, r8}, @TCA_BPF_CLASSID={0x8, 0x3, {0x7, 0x6}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r11 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r11, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000001c0)="9a5be948f5fe13ee19cf97661a98fa33025197433e80884e3711ca03692a0ce9df1d", 0x22}, {&(0x7f0000000740)="3560d47a409202437c0f1c250ba1dcfaacbc7a3ffc16316eb7099ebebf06de2aa6982eb4c9ea4796ffdb6374357e9b41e530a9cbed389f9e2ec4dabb6749f93a839380c6efd2e4023f00fc728806c5ee76062a169419f29c2deae4ddd0db52926fa50c7a528225053856d335f079e35b4461ec08a4e89f29f21a88047d0959bf02af72b56c748fb7a16ded0fd1af33d1244d7a5132634a4649ebb4356e52afece560c0dbdfe88850351186d5d2c452292b8723a0d62ee71d218b3efefc0d626592569bb98974978dcda464d101343f0cc0931edb60929222018431e7f220da76bff2828e84765b56f53b526d21510e15668e1b84a8db49ac3f6d0451a5e2d129cd177bae098ae8a4efa62de4f39d14cc3a82887f799d5e809ce4ae4791d4285feaf55b8a34648f29539f03241257e1aa679421044da717853593bef60afa1a78b50dfbe20ee86834f78e3524d85c56edb05e82c6ab6cde4c639aeadb9cff0215fc797fce188b2abb62d256f99a3e76c436cbc10ab91ad48e0c4e6b284a304708b637642fa6d785fe9ed8a053273d2ff89e252e722a5e5c2650395dfad7b7e60ae8110ca6719fb3339b5340ee657a271f509478f3da279065da2942e9d3ee0cac478040fffb19980a965279071296ccb401cbb9cdb35a6f16809ee2a355643c4e551d032f689bde910464cd7cd9088bb750c9d638d3ef319c72db9a89546cb58b76f60f1d27df8cf7334d8abd2f0c19363b273151365c9531b37299ea1598c98aacd6e331ed10521ef230b561f0a856bd8e2716d073086cfd9b76395e0e5b4cdfbe55adf09bb4c2b08068950f8e4e399a0003450dad12529340e06d520e105a8b4e85d8c359aeb05b5c7fbff67c78faaed177b97be44afae2c40091160078681d5c64808af501b0d46a70c3a0a7e5712c38600351674676b3c37893089c2177b28b1fec1d450f619b264dace5019ca55c111227a0bf643ce01d7f3111cab70c97c45c0eca75002cc8bcae5f3363b649500e3488e4e79a438a251e57f7106b55ce6373802541421111846eaeb4538835619bd06e3693b3e2277cb89a3ccf88f5701710a5b5205b4067aef9b16c4ea696e1139997e64b0ffdae82724c86ca9272ac8cd6e0bbc5cee963d518439b1e55a58a1ecbb244c37f3254a22418a782ca1e16af11b69a46ce5f6139eee35bb01c71b36ddad955cbe461021d84b93bf15f7706b27bb24f9795b742396dc560f022dc950ed7055161b72e4c3f0ac751caa4d8e5a42d01ede074744e81c825a36de223cfb17d68cd320d87e6682866cd9ac15e273a3443123ad07a6e42f89d6c64f30e28100ee69889235bc436102849e403b1a2d690e1402cea1f9eb37479cb4f407c42628567c8e54a8f391627d7a964aabe008772632fbc6c99e163c6717e353f64f4f492e6aa849d68624ae168856b39931e72a777dfd546e67e7bbca6ffb6f7a845058f0380ddb0c11a91f0e2845a5a53de6253999200e41a9300fc795f1c9747737746a4931535e56a02b8bb99ff5ba3faa721fa1ae0a11036b870a1f1b00d816fe08549898a786bd13cd37738c866a8e7aa7df7013557dc9550a841e9470b95b22de4cce8ac2dc76bb4d258dbf9b9ad896bf108f261b4d6217df46bb8f92161660cbafd75f64c710fc4bb2733feb9c1e1255e6d0482f4bd074efd38f51cd45c", 0x4af}], 0x2, 0x0, 0x0, 0xc4}, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x4}, 0x8)
close(r11)
sendmsg$IPSET_CMD_LIST(r11, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="4000000007060300020000000058e7000700050000050900020073797a31000000000800064000000101050001000700000029000640000000100800064000000005"], 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x40c0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000140)={<r12=>0xffffffffffffffff})
close(r12)
bind$802154_dgram(r12, &(0x7f0000000040)={0x24, @short={0x2, 0x1}}, 0x14)

1.131741716s ago: executing program 1 (id=3179):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r3, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x1000)
mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0xfffff000)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000540)={0x1100, 0x1, 0x2e38, 0x11000})
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000ed6a000b2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2c000003"], 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000500)=0xd0)
recvmsg$can_raw(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1}, 0x40000003)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff87, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r8, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000019680)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000040)="630b008646dc3f0adf33c9f7b986", 0x0, 0xcf25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffff}, 0x50)
sendmmsg$alg(r4, &(0x7f0000004800)=[{0x0, 0x0, &(0x7f0000002380)=[{&(0x7f0000001180)="937ed53af62c83ae406275c8e57c8f3f", 0x10}], 0x1, &(0x7f0000002400)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @iv={0x1018, 0x117, 0x2, 0x1000, "8ad374a3701bc19ec3801122ecd0f9181929e26482c0027f25b9e9e7e5ce7a3ffdcf685cc716b689f288e9fa1135232743c80727f914412e3d52b8e1887b2f80ad39e4f810c5947a2108a5169eefb083b5f2b02ef7dc1c9863b5bda61b3ab8cc52e8470a5d014d35bcad4da3833c4b7ca41f11b8ac69eb1655d0b66822d78190b6c68240c2671c0a16d02d6e030b0d3cc53908ffce0abeeb1afb5c90e68119a198fdc2cb72349fca91f73d1e2873cb6a5020316e4e24486149eedf262c6c49287eb6cf885dc7198f22bad50f2469569933560ab3f5cf35888a28fdffcb21a7e75e26f9922d899fea1ab431800e1f04df2aaca42cc8f4a3b6e426afae55ffb973fd54c5df90991e35d52349755ed5bdc73970272758ee81716caa924972dda7175d3fce7667e7b37668e02af9c2dc22a6d48405bc9862f6a049f37a6a24e7a8d1dbdb5011bf23ace6bb2ea4689604ada2d8b0024f746a9a2b68760b052b12f9b1328dd64354964c38a5d504838541711eca506d863c5dd1bf15eccbdbd0ecbfdce2219b17f361b64cd0e607ce257fc82dcd88094bdf9b0529b7bafe3d58dc4cc8e73dacb5cc9490758ef3b089dd982d7721af71c4cb9907b6452986bac5c97a55ca81f5941866bcd37fb44888c041dfb064f92a014f622963c95bbc8dba11c2b27cbaffef475943057bf7b4e89b056bf73026b438dcaf82e14ce3d6c775b99f4e29da088b8616e28635b4678876aa6f447fa4f1042a71ef0dffd59d3e95fd11608c236b62e45c8befd3fbf41cc585b4ff6de8c7d08ee7b3f007032f6a55409968539753071b6496a83fde2dbb1c244ae26252bb6023a630d04ca1d4c37ac0d337754c53736a35085dac7a98f8d6252a13da15f25903561571f18ebce95200816eed33ac349cf2e7c448fee6dc11f41302a4e948942c358ff49f88c78f4954ff7567b1801910741626315cd19c2d095f02ba976ca491e92df42a4c9acbc495647f5f69b9cec619cfc36492cc0af611461f75db3aa1fd047c12a4351c6b6041d19577e73aed686c6c4034f6cabf99c84e87eb85b9cefa05445e00d7879a69b4a703f5f3f1276c7b7a14d98a01ff3b4023f06e5a4857afce782b7414db93f4c0d2edfa4e2c4ecb430111c7d4e4c1a8eb9745b797d7613219e41518d0fbbf3e6d6c1225667bf5592dd2cea538843d895920c414f8c31cfbbf1b7bcfee8c82bbd697483727324bfa42db06f49616329937880ca89c74ac61eca775073ec30ad67e3d8752a98c5940b7cd7e511b887fc674a656f3f2ef4597939330b7c2680ac3bac5efdef4fb08b8d81b4b2243f05d94f6f6d8256901f484aa9f7e9d3d62fcae26ba929091dbc03add21d2c92ecf1f0d35b42fd0cdeff62c98d9e4b02f6e9df6b6ed284011f32d03b4514cf8ab0441ea286e9f1d80321a886e9523fb3234229ce59035c5983a86628a7ad351b1616433972cc8b267b7bdc07332bf3d5f44c7c8b596ed7264ee61bd6ca2f7dfbd9d9bd4d37037e725507cb0f4a7ca6c83629fd36a9d13ffb6861eba751e600cccb897c5a9659c39da9e57a4db0e1fb17b00f9f629a8499e1d844a32dd45502f3677032d2a1b17ed282c5dbde94fdadb91d5ab30ab98153014ff5808ecdb7a71fb5b898f8a7daa6f1a791a41f4a8d4828186ddbf5fdcfaed47fa0baa2e3bd30ee47d852f0e9c274199541fafe8a868ecf6076b1e672e6c2579dc6c2a8d074bf835363822d83995a882ebdf16504f13608618211f8ea4a1627d028ce9135c21e3960b7f910ab8911289a61f6393a8f0d5c03a4d95ea9ed5519d9a428e9e94c780ccce612bfce84acd313dcb6f8f7ea520eb7c25fa98178c326c367dd6903796510a6a3bd80ed50cc9ac06ec653a7e462dfc28fddca668e81e2112b9e81c34dbc03643fb6721f28998b9858123ffd31f379467224c6dad5b902a020bd31fefe8a9b27a3b3a1a1917a3e7753319aa09ba650bc96bc4001816661a76f7a1befa17afc0527d96c7f04fac07753271ed02f34a6cbb99f7fc9da310eb0fd24814c24d0d06be1037df23f1f2b163f6cac5a90bc29a67395cc657d44f74e54f618aef9cfe0329a1a2a774d70899253d58d2020f8abc400cb65f608b3f34dc2c96e3cea12fe805de96c6e5989452c2991f7d4313e34ca1cf3a57f997860d925ef77edfca34c51dcf438cc2c43f52921eed2e1d3205e3c97d88e68e79dca9f278a9916147d4ef0b8a5baec8e75921636215af74e7c6c0a860f1c637161dbcda09a0b68777f2313d12264b458668503c9b277d40300df559e0e1f757b821d33fe70b9ed325d099f89bb9783660c247e7c27f06de2c47ed7943f1d1088b7b924833a0bba2e97702a69e3f3537ff3bb69626ec4888679a115f25e733daf00633252fa78f4d0fc0030381435c99d67daf43b4ae573374c90d00b539e029c20f76fb95d40f15d941399e946377dd44fc7bd1a238b165cb2dd3ae594c3bbda4eb08f22e2a344c730be646d0963409cfa6b94f1e203eb85022b5c6c53e73c0d2df8f5d6cc75b5052f861d1d1ded77f3b31da2d4147a0e7ccc13b303c3672f8e83d1bbebcabf57a15673b1ceb56c17c36fcc78808c8f8a4c2cdec112b19ff502a645bad4c7672d0577ed23f3a6aa957499fc3db3d9d48a75c372d7ed3fcc42196230293ca39bc45c0fcdc5785dcc94124ea5f9eaf768943f3114dbef333d00468ccf8c5be52b69c3037b1285252c6ddd137817ead6d1f02cfe59f008344a81d55214e707e432123499ede0cc647dabd73aa8bb4492f7baf85a327254feef0b729007fba17d39d3fdc2744483ad053f7cda984aa1440ddca7be40ba462957b8d445f7273726133c8158b805144203c8a6aab603a631b2d2797e0c77f3dcc33d719bab58c9832e38cc557e1c6fea46265b38342852832706612ed5f9a2d9736abcfaf162a8ecc363de5cfebdcd3e4aa4901826359168eae0504d2a847d24ab64dbb6bd9f31fec9799d3abd3cba8f1fe97e57d26f5cdc9ba85b4a320a17a916440de573222d3bc7c13db2255fcc260bf8860e8b62181f956ee4aa4c659df6b6b431dcedcd74840d8d017e31cd71aa1fbb75e892f5bdb6ec79e63f0df12191889dcfb8e128b1f64f597f40123b226cf892e85a65dea98fc8351313ff7beedbe9e92de46e973c0e702a07f1e9cc2dfc824507a70e842391db2ca87caa087390cd8de725ff2b74bcfe2c6417e8aaae497cc7bc9faf5995fbbea9a6326eba63878fb2d919dd190e2f3683ce89be448c399660a55c9fe693aef665855d25797ffdece25742a7fd85937484aa84b8bf4fea4757ba74a81b9624032016ab97d44290ea14f340a7492844bdb2210ea1878de065485f375bbf7135ea5e8bc8971980a1bb2d17774da93bc281a0c7d1575f18051109f71b984736973a348d5175392323558a8c67ba772cd76736c5686c0b2b0a1e8a23fe456e49f40e49a9e04f547f019f2261cba377cd14d3e1f1d3530197dc370d37cbf694f28680b52ce2180f7afebf12052883a28245442444e0e967c9ab7ffc37c3ee599ea492af6b2ccdd8ff6afcd8c1d7236a795f0bae20139f3f2da00eaaa16f4de9f256bd2b2ace17e0eee8cb4229c186b74dc80de34394133b2ed13356fd71c521abf5da2eee00fc03437b4518f0bd583153dd82f427f991b916753d69bcff9d593183701c32eb4f0ee897a32b9da1abef41b9508478deb0ac26565990bfb9545d8adb1737202d86a554512de6e40a901532af7ea6a3f9d4f703d6d816655b9f902c52d8f2cf9ddafa389b6fcdf4f88e313409fb18917c0f32776dd7f592a2ad4be017b7c783efecd93fd66efa40d18d875d137dab84572cf9d39efb1d7a342af05468bd3f3c33dd6aaaae1044e2aaee13d0ba47be675241e43576e74510908a9bb217a438ce8146876e805fa1d9158152dd9c21a42d9cfa3f731f2672b164dcd11155d8e1dd3e04b0d0b64dce538297ffd041b02c6b3cf93a5de78ba3ac9fa0203705fd1107331ff20708ba514b5c1901202c1fe220c7cd29ffc5b05cb00f417bd32efa2b70d1f21549e3f3249fac1b12163fbfd4341b95ed58556f5fbb4cfb31daf05306b6d7991433b60922aa9cc2527cc16ee5b0ee6202eefab1c33373e133b43904f3f3d96344f4f0b92f591d492533a0d77387885d1ae48ff31a42ad042455372a11c4295041d35182cb3639fbc5809dc9d8d635777ac9a51ece319c810ecd3761f9642b70ad9b9ebc0294b7ed66c2e60975008392f57fbbb817607ae224bb1aeed50fdc8b75078af163acdb07b773295e79913a8c71817d0a73a02e83db56ebe5db846ce169411231883e64dca9e5f547cac5204fac9d07b3759a5a178a7650f6ed1e833c64290cf980dc303222658b2a3201e0aae9ad8704f22539b5a7a5c2db7b0eee90cc84fc9e8223e369badaeecd2a4f00012fc5488e9483dd960d78c35ada924c0c74c613a7992131f44909e8e3969ada02c7e5671cf6947fce7e5856f04cf6bce1a58e2403a2708bb54501372d3ced958289ba225a661ef6768ab8a3cd1a6ec68735b287ab80cbee8c45dda5bb92f074d576982ce232749a878690a7c4fa065ceacbcbe78bf2d8c1a1c3be3bee15f33922748463a5115e344809c99bd8c912eb7dcb90ef89ad0ffeac262eb62380411f1f02d2ef7094165a26e7cf3ae0e2698e13bc47e0774b553da5d0fec4877a32a156c5083c2fabcc69552102a32473fea29aea4aad5c9610787de834ce1f6e3f606771db10420a1156dbe44a19b3f8c348780979fd28ee07a68c8333c766f917f92e03dbab7f5fe700b48b00a3c09a5853c0d1e60316e2172bdd665f28efc6179b865a5c51c75428c1523b4ef709ead9bacc19c0afc86852ad70feaa68391104b3d6e17b3e70c3b1b20788640b629e0eefbadc6dbd46ea122a088cca68780135f4a3df9b21e766ddc710673630bc727a8989093ca15f9cdf46ed04480f9d75d8685fc9c67dbabf66ca0555fcb33fd1ef568e17653d930e3ea7597bbaa11f50416006524b8409cc4a0412f15d48d7e7a9a160e25455aab6de121fb7859903b717d0f8dd5156aea8e7e63c631850cdfb95a35ef253b44ec463a9d018070c1834f781980aa5f2b4cd1102ad38f323a32f4acad57efcdc83fee5291e4f1da88355234fb9f9867470d90c8b81d37f19a2fb55f9627f161d33adb4c3aaaa70486e95ca97f05de99978a13c3ea653c746060e5953ffaf6745e293845af3c7b679390bdb74946990d591ed92085516b175e347ffa5806bde09c0a4a71b7cd2673125a1ae101f7024ec51dac7a837714015431a4d327979f342bb0898d2002a5019c7474c7d417e7049a7f40c9dc5355b385c8422ca1dededda202b4b1c0f069d19f02d7761d04849cfa3a1f4a522122f87bb7e26d8a5b8e9f704c5aad659f0a718ebc85c8f28091f46982f416598b05f4a931a0402acb4b4ed59777a89a9eaaef676b134c827d36608d5acf8bbb399b3efd53b10755d38ea3fafc4bbbd28dbef26a3e43e59cda85e7d70aa490c10ed79fe8afcd3370c01d9fdcfd606b26c70a80693d5acbcce6abb45b8f01709f4ad4d94cc6d3855823b0b463f9929ba26eb11e6a4456eb0c5dacfb95003fa503f4dd16a71fc54437e0e66c9b3a9941e9b88ee186f0b412da95c175d69a7a55ba67d7637db8df56ee1f5733bce78f6951e86aa3feb6aa5d38cd5dbbaa6d3d9fb0d5f115a0491021897121e38a1faa17d8c6fad9459514809ab892c6e9dd1ed42a46311ffb7ff1d224e4e0580b9c5dc0"}, @op={0x18, 0x117, 0x3, 0x1}], 0xfffffffffffffd86, 0x840}], 0x1, 0x40)
read(r4, &(0x7f00000006c0)=""/32, 0x20)
epoll_create1(0x0)

940.99872ms ago: executing program 0 (id=3180):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') (async)
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x40400)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r1, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) (async)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r1, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, r2, 0x11, 0x0, 0x0, @void, @value=0x0}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1000"/12, @ANYRES32, @ANYBLOB="dcef96803258be9fd8dc3d8c09b2f9e0b9a834d93d86769ffc5b0f0ff1d024559c68c6030501e5791ab5008cd0b9f997a75309000000592fe1dd2b641006cd73e95d2a6761dafba0ddc13af5ddc97664d48276c61f267a118c848ddf7d203067659179f9", @ANYRES64=0x0], 0x20)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x3, 0x80}, {0x94, 0x0, 0x0, 0xffffff81}, {0x6}]}, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) (async)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01060000000000000000090000003c0004801300010062726f6164636173742d6c696e6b000024000780080005000000000008000300ff00"], 0x50}}, 0x0)

668.980253ms ago: executing program 3 (id=3079):
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x13, &(0x7f0000000400)=ANY=[@ANYBLOB="180000008b000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000ff7e00008500000086000000bf092000000000005509010000000080950000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000a00008500000086000000bf91000000000000b7020000030000008500000084000000b7000000000500009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xb, 0xfed, &(0x7f0000000780)=""/4077, 0x41100, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000d}, 0x94)

531.641797ms ago: executing program 0 (id=3181):
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000140), 0x4) (async)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) (async)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (async)
socket$unix(0x1, 0x1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x1000}, 0x4) (async)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], 0x0, 0x26}, 0x20) (async)
openat$cgroup_ro(r3, &(0x7f0000000340)='freezer.self_freezing\x00', 0x0, 0x0) (async, rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x48}, 0x94) (rerun: 64)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000780)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xe, 0x0, &(0x7f0000000380)="fc5cc45c490704289349a8af1d25", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x7fffffff}, 0x0, 0x0) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000180)='veno', 0x4) (async)
sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001000)="98", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000a00)="449f6aed247d197178", 0x9}, {&(0x7f0000000780)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351050b828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb9556a649fb246dd788930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d5637f61d05401a64482860fc94a6311097055383c1d39604895eac4f83a498251f71485b91b9b091354c0d70b5058755b701b57a992f5012829db80bb04ecbc7663de9c8fad1a822cc061166f1cfebc8c45cc776ebf8e5147e66c1acd96eb77ae8020e14bf11a2d4207e684984f4e94fc16a52975713358927efef5921b8bf843aadd9fc96939a06efab6526fe5a8de5870fabaaa896a98b9e81c862259767880aee29a30c7ffe", 0x173}], 0x2}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000480)="bae4", 0x2}, {&(0x7f00000000c0)="d825079a98f00eedab87b0af330c7e2d626924216763b5579a3c85b2d1d46bc5b3ec13932a25cc7486d10c7a582a9d573d6807ca73ae27ac0c656b8ff80c5277da81f2bd35f1070706da1c17f225db1a5b84ae6628b081dafe87bf4de0728e1c2b76e0c0d91e622fc1c716", 0x6b}], 0x2}}], 0x3, 0x4004)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r6, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x24}}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)='u', 0x1}], 0x1}, 0x4040001)
recvmsg$unix(r7, &(0x7f00000038c0)={&(0x7f0000000280)=@abs, 0x6e, &(0x7f0000000580)=[{&(0x7f00000000c0)=""/34, 0x22}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000200)=""/5, 0x5}], 0xa}, 0x40010163)

408.049891ms ago: executing program 3 (id=3183):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)=@in6={0xa, 0x4e23, 0x40, @mcast2, 0xfff}, 0x80, 0x0, 0x0, &(0x7f00000008c0)=[{0xe8, 0x10b, 0x3, "b38ad0fa5344f86392a8a624588a9ebd811192cbcbc48c43148a7cc729a98cdc74f191ae2cd62d2652d78d6acf62b5eb8f161c8b04b3b2b547119b38e2badd726674a4693c080fe5c3492cb155656387a02c999695975d3d6137c986cb152d529c9225c772f2f854bf5ab89e259312dacf6b9debd2bf43be3dc19840f0c35b2d960ac50a9f2bcf98156f76700462166d7eb6416b2a7510be974b3f7a06c8927e28a62f708cce515c9c922c8c0c8daf4646e725d7282571b819097b58963d71992c2938f34c3516c547423d99a2f90f3a146a04"}, {0x28, 0x0, 0x800, "c133a12a91872b3730467c92a3a5050f02b82b"}, {0x50, 0x112, 0x3ff, "ae15b1a3e016bb782adb738fa764d4487026530ac6f50e3b31ec875a38f17bac40e87117dbd6ba47cf721b216e5b8cb28d424f1b5ed9793f516733"}, {0x30, 0x10a, 0xa63, "fa08ab919987305c8ad63785f4a4bc842436d5cb79f70a5d76"}, {0x10, 0x113, 0x9}, {0x10, 0x110, 0x4}], 0x1b0}, 0x4000c010)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8982, &(0x7f0000000180)={0x8, 'bond_slave_1\x00', {'veth0_to_hsr\x00'}, 0xfe7e})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000fd0900008400020005010000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xff51, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010105}]}, &(0x7f0000000080)=0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r1}, 0x38)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0x20, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x28}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r1}, 0x38)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
r6 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
sendmmsg$unix(r8, &(0x7f0000000cc0)=[{{&(0x7f0000000200)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000300)="dd63469252b8b1faedad9360b92bf2e02ebc0185398df5cddcdcf2dc0336ee13b817b6201c55c7306ccffab25956ec93cc0c071fd90289051bb189fa6f9523c0827ab0e8caa9c3841dbeb88f5ecf4c5560ab5708f61f843ab33beab53ea0b0e8e4a7c09204a5ccf350f0edb17916edf3df8747c3622ab3e5e1f85a96dad9", 0x7e}, {&(0x7f0000000380)="16eedc2668c226a597e5cf1464fc0d8299ecc2b504f5810df4b8f6898c57d0", 0x1f}, {&(0x7f0000000500)="cc7255becaae91054e49e1c4e9a86dbbc98f335d002cdd23077f69df951a8556cb12cf61c457c35840ec5a80aa83cf61a7a243523ddabf2c42308882e1f8127e1b98dd5343d72ba16b5a772f09aca76eafdec789bf49468ad5360c6a", 0x5c}, {&(0x7f0000000580)="cd7dca22ce1b4b3670c73b8bb2606ab379d494fbd783805f6adafc6297a13ad5f410259c0be67ba7d187d720cb0b32fb376ac2c885c3665c1e94e946cd7d715cd07b9a8945c9c9e1b9c13263602db1a50c498e003e4c382216bf25d1eea18870885493dc2b8af047a6caff0703fff1e8332000c1cda54d311eaa7f582db4c7cb6701206784bb3b3c20d6fdd8a58ebd887e0b33daee040560b703e6819a06223a44e82ead0426a0fb2fa621f56e38c02679d8950a4d73ce2d17cec89a959df450dbc731344681ad989f96c06ba8cb7194509ccb5cb94ec02a36eba35c5c28348e0416a6", 0xe3}, {&(0x7f0000000680)="2eb8c3947e6edc9f4951b0", 0xb}, {&(0x7f00000006c0)="4cf7e435bb0d417ff4077697291de1b498f7aa141072296ec30146608dc88e469d589ace8fca3963543f09f7cc4637930ff4c3e938327b5524a99b0df39a9e1560c73be6b4bcb516ca49e99641c9bc7a7a7fb013f07f4e1438aeab2e5d56b4287e13a6a5d396c4695173e5c85c2c65e3c76eb8071dc9187cbe816e9577a72e956530a5a2d0a13a942bc4826c991ceaaa8552c30be9ad084fa4821473236ff83fecbe6f7726d5159d888e736549100fd9a7e254f54d697cfc6e8de5aa81074b5961e9079955c681", 0xc7}], 0x6, &(0x7f0000000840), 0x0, 0x1}}, {{&(0x7f0000000880)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32=r7, @ANYRES32=r6, @ANYRES32=r8, @ANYRES32=r5, @ANYRES32, @ANYRES32=r8, @ANYRES32=r5, @ANYBLOB="0000fca5ecf1800005000000000000400100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r6, @ANYRES32=r8, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="000000001400000000000000010000000100", @ANYRES32=r6], 0xe0, 0x891}}], 0x2, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="180000002e0001ff070000000000000006"], 0x18}], 0x1, 0x0, 0x0, 0x84}, 0x300)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00.'], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
epoll_create1(0x0)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001d00010000000000000000000a00100018"], 0x1c}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000000100)={0x20000014})

270.816122ms ago: executing program 4 (id=3184):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40054}, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380100001800400"], 0x44}}, 0x20008000)

127.523926ms ago: executing program 1 (id=3185):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000006800010027bd70be6800000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000018000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001c006000100d9030000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, &(0x7f0000000440)=0x1, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000980), r5)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r5, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002480)={&(0x7f00000009c0)={0x40, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x7fff, 0x2f}}}}, [@NL80211_ATTR_PEER_MEASUREMENTS={0x20, 0x111, 0x0, 0x1, {0x1c, 0x5, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x14, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xfb}]}]}]}]}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40880}, 0x4000000)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0, @ANYBLOB="480000000000000024003f00000001006272696467650000140002800800080f00000000060027"], 0x44}}, 0x4)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)={0x118, 0x2, 0x1, 0x5, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_NAT_SRC={0xe8, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @multicast1}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x5}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast2}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_PROTO={0x3c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @loopback}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}]}, 0x118}, 0x1, 0x0, 0x0, 0x2000c880}, 0x20000000)
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080), 0x10)

127.165629ms ago: executing program 0 (id=3186):
r0 = socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)

0s ago: executing program 4 (id=3187):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@cb_func={0x18, 0x4, 0x4, 0x0, 0x4}, @map_fd={0x18, 0x3, 0x1, 0x0, r0}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0xf, 0x0, 0x0, 0x40f00, 0x4d}, 0x94)
r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, &(0x7f0000000080)=0x10, 0x800)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=0x4)
setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000200)={@rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}, r2}, 0xc)

kernel console output (not intermixed with test programs):

 Flow actions may not be safe on all matching packets.
[  372.362831][T11789] FAULT_INJECTION: forcing a failure.
[  372.362831][T11789] name failslab, interval 1, probability 0, space 0, times 0
[  372.411072][T11789] CPU: 0 UID: 0 PID: 11789 Comm: syz.3.1531 Not tainted syzkaller #0 PREEMPT(full) 
[  372.411103][T11789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  372.411116][T11789] Call Trace:
[  372.411124][T11789]  <TASK>
[  372.411134][T11789]  dump_stack_lvl+0xe8/0x150
[  372.411166][T11789]  should_fail_ex+0x40c/0x560
[  372.411210][T11789]  should_failslab+0xa8/0x100
[  372.411234][T11789]  __kmalloc_cache_noprof+0x88/0x660
[  372.411261][T11789]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  372.411290][T11789]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  372.411318][T11789]  ? genl_start+0x1c9/0x6d0
[  372.411350][T11789]  genl_start+0x1c9/0x6d0
[  372.411386][T11789]  __netlink_dump_start+0x442/0x7b0
[  372.411416][T11789]  genl_family_rcv_msg_dumpit+0x213/0x310
[  372.411448][T11789]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  372.411474][T11789]  ? genl_get_cmd+0x6cc/0x960
[  372.411506][T11789]  ? __pfx_genl_start+0x10/0x10
[  372.411531][T11789]  ? __pfx_genl_dumpit+0x10/0x10
[  372.411556][T11789]  ? __pfx_genl_done+0x10/0x10
[  372.411585][T11789]  ? __dev_queue_xmit+0x29b/0x37f0
[  372.411714][T11789]  genl_rcv_msg+0x5e1/0x7a0
[  372.411749][T11789]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.411774][T11789]  ? __pfx_ethnl_default_start+0x10/0x10
[  372.411797][T11789]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  372.411820][T11789]  ? __pfx_ethnl_default_done+0x10/0x10
[  372.411845][T11789]  ? __pfx_ref_tracker_free+0x10/0x10
[  372.411922][T11789]  netlink_rcv_skb+0x226/0x4a0
[  372.411952][T11789]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.411981][T11789]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  372.412021][T11789]  ? down_read+0x270/0x2e0
[  372.412046][T11789]  ? genl_rcv+0xd/0x40
[  372.412074][T11789]  genl_rcv+0x28/0x40
[  372.412097][T11789]  netlink_unicast+0x7bb/0x940
[  372.412141][T11789]  netlink_sendmsg+0x813/0xb40
[  372.412174][T11789]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.412200][T11789]  ? aa_sock_msg_perm+0xf1/0x1b0
[  372.412232][T11789]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  372.412256][T11789]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.412280][T11789]  ____sys_sendmsg+0x9b9/0xa20
[  372.412301][T11789]  ? __might_fault+0xaf/0x130
[  372.412334][T11789]  ? __pfx_____sys_sendmsg+0x10/0x10
[  372.412367][T11789]  ? import_iovec+0x73/0xa0
[  372.412395][T11789]  ___sys_sendmsg+0x2a5/0x360
[  372.412415][T11789]  ? __lock_acquire+0x683/0x2cd0
[  372.412442][T11789]  ? __pfx____sys_sendmsg+0x10/0x10
[  372.412506][T11789]  ? __fget_files+0x2a/0x420
[  372.412530][T11789]  ? __fget_files+0x3a2/0x420
[  372.412567][T11789]  __x64_sys_sendmsg+0x1bd/0x2a0
[  372.412593][T11789]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  372.412627][T11789]  ? __pfx_ksys_write+0x10/0x10
[  372.412667][T11789]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.412690][T11789]  do_syscall_64+0x174/0x580
[  372.412713][T11789]  ? trace_irq_disable+0x3b/0x140
[  372.412742][T11789]  ? clear_bhb_loop+0x40/0x90
[  372.412768][T11789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.412788][T11789] RIP: 0033:0x7f1ad1d9ce59
[  372.412809][T11789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  372.412826][T11789] RSP: 002b:00007f1ad2c33028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  372.412849][T11789] RAX: ffffffffffffffda RBX: 00007f1ad2015fa0 RCX: 00007f1ad1d9ce59
[  372.412863][T11789] RDX: 0000000000004000 RSI: 00002000000000c0 RDI: 0000000000000003
[  372.412877][T11789] RBP: 00007f1ad2c33090 R08: 0000000000000000 R09: 0000000000000000
[  372.412889][T11789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.412901][T11789] R13: 00007f1ad2016038 R14: 00007f1ad2015fa0 R15: 00007fff01be3248
[  372.412937][T11789]  </TASK>
[  373.802046][T11818] bond0: (slave team0): Releasing backup interface
[  373.864920][T11818] bond0: (slave bond_slave_0): Releasing backup interface
[  373.912101][T11818] bond0: (slave bond_slave_1): Releasing backup interface
[  373.960884][T11818] team0: Port device team_slave_0 removed
[  373.984471][T11818] team0: Port device team_slave_1 removed
[  373.994850][T11818] batman_adv: batadv0: Removing interface: batadv_slave_0
[  374.023012][T11818] batman_adv: batadv0: Removing interface: batadv_slave_1
[  374.035984][T11818] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  374.076560][T11837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1544'.
[  374.290186][T11844] FAULT_INJECTION: forcing a failure.
[  374.290186][T11844] name failslab, interval 1, probability 0, space 0, times 0
[  374.334802][T11845] netlink: 'syz.4.1545': attribute type 1 has an invalid length.
[  374.334895][T11844] CPU: 0 UID: 0 PID: 11844 Comm: syz.3.1546 Not tainted syzkaller #0 PREEMPT(full) 
[  374.334919][T11844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  374.334929][T11844] Call Trace:
[  374.334937][T11844]  <TASK>
[  374.334945][T11844]  dump_stack_lvl+0xe8/0x150
[  374.334973][T11844]  should_fail_ex+0x40c/0x560
[  374.335008][T11844]  should_failslab+0xa8/0x100
[  374.335029][T11844]  __kmalloc_noprof+0xe8/0x750
[  374.335055][T11844]  ? ethnl_default_start+0x118/0x610
[  374.335079][T11844]  ? __kasan_kmalloc+0x93/0xb0
[  374.335108][T11844]  ethnl_default_start+0x118/0x610
[  374.335138][T11844]  genl_start+0x4c1/0x6d0
[  374.335171][T11844]  __netlink_dump_start+0x442/0x7b0
[  374.335197][T11844]  genl_family_rcv_msg_dumpit+0x213/0x310
[  374.335227][T11844]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  374.335251][T11844]  ? genl_get_cmd+0x6cc/0x960
[  374.335280][T11844]  ? __pfx_genl_start+0x10/0x10
[  374.335306][T11844]  ? __pfx_genl_dumpit+0x10/0x10
[  374.335328][T11844]  ? __pfx_genl_done+0x10/0x10
[  374.335354][T11844]  ? __dev_queue_xmit+0x29b/0x37f0
[  374.335386][T11844]  genl_rcv_msg+0x5e1/0x7a0
[  374.335417][T11844]  ? __pfx_genl_rcv_msg+0x10/0x10
[  374.335440][T11844]  ? __pfx_ethnl_default_start+0x10/0x10
[  374.335460][T11844]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  374.335482][T11844]  ? __pfx_ethnl_default_done+0x10/0x10
[  374.335504][T11844]  ? __pfx_ref_tracker_free+0x10/0x10
[  374.335535][T11844]  netlink_rcv_skb+0x226/0x4a0
[  374.335556][T11844]  ? __pfx_genl_rcv_msg+0x10/0x10
[  374.335582][T11844]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  374.335618][T11844]  ? down_read+0x270/0x2e0
[  374.335640][T11844]  ? genl_rcv+0xd/0x40
[  374.335666][T11844]  genl_rcv+0x28/0x40
[  374.335688][T11844]  netlink_unicast+0x7bb/0x940
[  374.335736][T11844]  netlink_sendmsg+0x813/0xb40
[  374.335765][T11844]  ? __pfx_netlink_sendmsg+0x10/0x10
[  374.335787][T11844]  ? lockdep_hardirqs_on+0x7a/0x110
[  374.335807][T11844]  ? aa_sock_msg_perm+0xf1/0x1b0
[  374.335835][T11844]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  374.335858][T11844]  ? __pfx_netlink_sendmsg+0x10/0x10
[  374.335880][T11844]  ____sys_sendmsg+0x9b9/0xa20
[  374.335900][T11844]  ? __might_fault+0xaf/0x130
[  374.335930][T11844]  ? __pfx_____sys_sendmsg+0x10/0x10
[  374.335960][T11844]  ? import_iovec+0x73/0xa0
[  374.335984][T11844]  ___sys_sendmsg+0x2a5/0x360
[  374.336003][T11844]  ? __lock_acquire+0x683/0x2cd0
[  374.336027][T11844]  ? __pfx____sys_sendmsg+0x10/0x10
[  374.336083][T11844]  ? __fget_files+0x2a/0x420
[  374.336105][T11844]  ? __fget_files+0x3a2/0x420
[  374.336138][T11844]  __x64_sys_sendmsg+0x1bd/0x2a0
[  374.336161][T11844]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  374.336190][T11844]  ? rcu_is_watching+0x15/0xb0
[  374.336229][T11844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.336249][T11844]  do_syscall_64+0x174/0x580
[  374.336271][T11844]  ? trace_irq_disable+0x3b/0x140
[  374.336297][T11844]  ? clear_bhb_loop+0x40/0x90
[  374.336319][T11844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.336338][T11844] RIP: 0033:0x7f1ad1d9ce59
[  374.336356][T11844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  374.336372][T11844] RSP: 002b:00007f1ad2c33028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  374.336392][T11844] RAX: ffffffffffffffda RBX: 00007f1ad2015fa0 RCX: 00007f1ad1d9ce59
[  374.336406][T11844] RDX: 0000000000004000 RSI: 00002000000000c0 RDI: 0000000000000003
[  374.336417][T11844] RBP: 00007f1ad2c33090 R08: 0000000000000000 R09: 0000000000000000
[  374.336428][T11844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.336439][T11844] R13: 00007f1ad2016038 R14: 00007f1ad2015fa0 R15: 00007fff01be3248
[  374.336471][T11844]  </TASK>
[  374.783869][T11845] 8021q: adding VLAN 0 to HW filter on device bond5
[  374.849325][T11858] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1551'.
[  374.858965][T11858] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1551'.
[  374.870670][T11858] netlink: 'syz.2.1551': attribute type 4 has an invalid length.
[  375.036040][T11866] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1552'.
[  375.218546][T11882] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  375.606270][ T7055] IPVS: starting estimator thread 0...
[  375.725096][T11901] IPVS: using max 25 ests per chain, 60000 per kthread
[  375.736506][T11914] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1562'.
[  375.777309][T11909] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  375.872808][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1562'.
[  375.962759][T11921] netlink: 'syz.3.1564': attribute type 1 has an invalid length.
[  375.976921][T11921] netlink: 'syz.3.1564': attribute type 2 has an invalid length.
[  375.984761][T11921] netlink: 'syz.3.1564': attribute type 1 has an invalid length.
[  375.992507][T11921] netlink: 'syz.3.1564': attribute type 3 has an invalid length.
[  376.000417][T11921] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1564'.
[  378.620094][T11928] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  378.677494][T11928] ipt_ECN: cannot use operation on non-tcp rule
[  378.950619][T11945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1571'.
[  379.030526][T11945] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1571'.
[  379.088916][T11945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1571'.
[  379.104688][T11945] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1571'.
[  379.153659][T11945] netlink: 'syz.0.1571': attribute type 6 has an invalid length.
[  379.652607][T11970] sctp: [Deprecated]: syz.2.1576 (pid 11970) Use of struct sctp_assoc_value in delayed_ack socket option.
[  379.652607][T11970] Use struct sctp_sack_info instead
[  379.911234][T11976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1580'.
[  379.950534][T11976] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  380.010892][T11976] netlink: 212892 bytes leftover after parsing attributes in process `syz.2.1580'.
[  380.312362][T11986] netlink: 516 bytes leftover after parsing attributes in process `syz.1.1583'.
[  380.383595][T11986] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1583'.
[  380.462929][T11988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1584'.
[  380.605040][T11991] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  380.991248][T12010] netlink: 'syz.1.1589': attribute type 4 has an invalid length.
[  381.047957][T12013] netlink: 'syz.1.1589': attribute type 4 has an invalid length.
[  381.567315][T12026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1595'.
[  381.760791][   T29] audit: type=1800 audit(1781625261.680:11): pid=12036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1597" name="r" dev="tmpfs" ino=1718 res=0 errno=0
[  381.975902][T12041] bridge3: entered promiscuous mode
[  381.982485][T12041] bridge3: entered allmulticast mode
[  382.012386][T12041] team0: Port device bridge3 added
[  382.180375][T12048] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  382.241235][T12053] veth9: entered allmulticast mode
[  382.426027][T12063] netlink: 'syz.4.1603': attribute type 13 has an invalid length.
[  382.462846][T12061] netlink: 'syz.4.1603': attribute type 13 has an invalid length.
[  384.478207][T12026] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  384.737956][T12076] __nla_validate_parse: 4 callbacks suppressed
[  384.737975][T12076] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1606'.
[  384.770746][T12076] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1606'.
[  384.830042][T12085] netlink: 'syz.0.1609': attribute type 13 has an invalid length.
[  384.896719][T12073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1605'.
[  385.014067][T12091] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1608'.
[  385.225186][T12102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1612'.
[  385.567613][T12109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1611'.
[  387.828075][T12099] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  387.832406][T12104] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1611'.
[  387.897140][T12104] tipc: Invalid UDP bearer configuration
[  387.897203][T12104] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  388.211904][T12128] netlink: 'syz.2.1617': attribute type 1 has an invalid length.
[  388.228996][T12128] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1617'.
[  388.259361][T12129] IPVS: set_ctl: invalid protocol: 43 172.20.20.65:20001
[  388.728800][T12144] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  388.740936][T12144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1621'.
[  389.586891][T12170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1627'.
[  389.984733][T12180] syzkaller0: entered promiscuous mode
[  390.007538][T12180] syzkaller0: entered allmulticast mode
[  390.068436][T12183] syzkaller1: entered allmulticast mode
[  390.089909][T12183] netlink: 'syz.4.1631': attribute type 89 has an invalid length.
[  390.095958][T12185] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1632'.
[  390.392248][T12189] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1633'.
[  390.702928][T12203] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  390.758242][T12208] netlink: 'syz.1.1638': attribute type 2 has an invalid length.
[  390.838545][T12208] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1638'.
[  390.888732][T12212] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  390.902224][T12212] syzkaller0: entered promiscuous mode
[  390.913826][T12212] syzkaller0: entered allmulticast mode
[  390.967522][T12212] tipc: Resetting bearer <eth:syzkaller0>
[  391.031785][T12211] tipc: Resetting bearer <eth:syzkaller0>
[  391.108931][T12211] tipc: Disabling bearer <eth:syzkaller0>
[  391.119780][T12218] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1642'.
[  391.127862][T12220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1644'.
[  391.567606][T12235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1648'.
[  391.768729][T12240] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1651'.
[  391.806518][T12240] netlink: 'syz.4.1651': attribute type 1 has an invalid length.
[  391.921236][T12249] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1654'.
[  392.040494][T12240] 8021q: adding VLAN 0 to HW filter on device bond6
[  392.214206][T12252] 8021q: adding VLAN 0 to HW filter on device bond6
[  392.223028][T12252] bond6: (slave gre4): The slave device specified does not support setting the MAC address
[  392.246418][T12252] bond6: (slave gre4): Error -95 calling set_mac_address
[  392.345327][T12256] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1653'.
[  392.398051][T12245] gretap1: entered promiscuous mode
[  392.428022][T12245] bond6: (slave gretap1): making interface the new active one
[  392.437559][T12245] bond6: (slave gretap1): Enslaving as an active interface with an up link
[  392.856589][T12278] TCP: TCP_TX_DELAY enabled
[  392.870552][T12269] sctp: [Deprecated]: syz.0.1658 (pid 12269) Use of int in max_burst socket option.
[  392.870552][T12269] Use struct sctp_assoc_value instead
[  392.890366][T12269] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1658'.
[  392.953038][T12287] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  392.966040][T12287] netlink: 'syz.2.1660': attribute type 1 has an invalid length.
[  393.036232][T12275] tipc: Disabling bearer <eth:syzkaller0>
[  393.119160][T12292] lo: Caught tx_queue_len zero misconfig
[  393.346569][T12303] netlink: 'syz.4.1666': attribute type 4 has an invalid length.
[  393.404818][T12306] netlink: 'syz.4.1666': attribute type 4 has an invalid length.
[  394.138430][T12332] ip6tnl1: entered allmulticast mode
[  394.416597][T12343] netlink: zone id is out of range
[  394.442148][T12343] netlink: zone id is out of range
[  394.448759][T12349] netlink: 'syz.3.1679': attribute type 2 has an invalid length.
[  394.467960][T12343] netlink: zone id is out of range
[  394.500881][T12343] netlink: zone id is out of range
[  394.521828][T12343] netlink: zone id is out of range
[  394.543537][T12343] netlink: zone id is out of range
[  394.567052][T12343] netlink: zone id is out of range
[  394.582532][T12343] netlink: zone id is out of range
[  394.603611][T12343] netlink: zone id is out of range
[  394.642426][T12343] netlink: zone id is out of range
[  394.826714][   T47] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  394.870566][ T7056] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  394.885184][   T47] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  395.073740][ T5732] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  395.578336][T12390] __nla_validate_parse: 4 callbacks suppressed
[  395.578356][T12390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1687'.
[  395.722590][T12395] tipc: Resetting bearer <eth:team0>
[  395.782822][T12395] team0: Port device dummy0 removed
[  395.834042][ T7056] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  395.983512][T12408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1695'.
[  397.224326][T12447] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1706'.
[  397.475440][T12450] hmó3)ó: entered promiscuous mode
[  398.122503][T12453] netlink: 'syz.2.1707': attribute type 3 has an invalid length.
[  399.123103][T12522] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  399.273669][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  399.585238][T12535] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1727'.
[  399.644917][T12535] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1727'.
[  400.089868][T12555] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1733'.
[  400.270021][T12564] netlink: 1084 bytes leftover after parsing attributes in process `syz.4.1735'.
[  400.390210][T12566] tipc: Enabling of bearer <eth:syzkaller0
> rejected, failed to enable media
[  400.470235][T12569] syzkaller0: entered promiscuous mode
[  400.506294][T12569] syzkaller0: entered allmulticast mode
[  401.426932][T12589] veth9: entered allmulticast mode
[  401.712547][T12599] --map-set only usable from mangle table
[  402.012750][T12603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1751'.
[  402.044773][T12603] netlink: 'syz.3.1751': attribute type 15 has an invalid length.
[  402.066234][T12603] netlink: 'syz.3.1751': attribute type 25 has an invalid length.
[  402.091911][T12603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1751'.
[  402.175550][T12608] dummy0: entered allmulticast mode
[  402.190932][T12602] dummy0: left allmulticast mode
[  402.241960][T12610] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  402.297208][T12610] syzkaller0: entered promiscuous mode
[  402.335745][T12610] syzkaller0: entered allmulticast mode
[  402.499298][T12610] tipc: Resetting bearer <eth:syzkaller0>
[  402.529021][T12609] tipc: Resetting bearer <eth:syzkaller0>
[  402.646509][T12609] tipc: Disabling bearer <eth:syzkaller0>
[  402.987478][T12644] net_ratelimit: 388 callbacks suppressed
[  402.987569][T12644] openvswitch: netlink: Unknown key attributes 2
[  403.594976][T12662] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1765'.
[  403.891183][T12672] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1768'.
[  403.998034][T12671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1769'.
[  404.049522][T12671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1769'.
[  407.028809][T12716] bond0: (slave bond_slave_0): Releasing backup interface
[  407.166967][T12716] bond0: (slave bond_slave_1): Releasing backup interface
[  407.336490][T12716] team0: Port device team_slave_0 removed
[  407.404048][T12716] team0: Port device team_slave_1 removed
[  407.450177][T12716] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  408.233579][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  408.714611][T12759] bridge0: port 3(batadv1) entered disabled state
[  408.780975][T12759] bridge0: port 4(vlan2) entered disabled state
[  408.891419][T12769] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1789'.
[  408.910742][   T10] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  409.058446][T12776] netlink: 'syz.3.1790': attribute type 13 has an invalid length.
[  409.100783][T12776] gretap0: refused to change device tx_queue_len
[  409.144006][T12776] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  409.177132][   T10] lo speed is unknown, defaulting to 1000
[  409.344474][   T10] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  409.415991][T12782] vlan3: entered promiscuous mode
[  409.427976][T12782] vlan3: entered allmulticast mode
[  409.441152][T12786] netlink: 'syz.3.1794': attribute type 10 has an invalid length.
[  409.448895][T12782] hsr0: entered allmulticast mode
[  409.473577][T12782] hsr_slave_0: entered allmulticast mode
[  409.475585][T12786] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1794'.
[  409.492314][T12782] hsr_slave_1: entered allmulticast mode
[  409.527099][T12782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1793'.
[  409.606295][T12786] dummy0: entered promiscuous mode
[  409.619304][T12786] bond0: (slave dummy0): Releasing backup interface
[  409.633561][T12786] bond0: (slave dummy0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:24 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  409.668562][T12782] hsr_slave_0: left promiscuous mode
[  409.685985][T12782] hsr_slave_1: left promiscuous mode
[  410.123811][T12807] FAULT_INJECTION: forcing a failure.
[  410.123811][T12807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.211579][T12807] CPU: 1 UID: 0 PID: 12807 Comm: syz.0.1798 Not tainted syzkaller #0 PREEMPT(full) 
[  410.211614][T12807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  410.211625][T12807] Call Trace:
[  410.211633][T12807]  <TASK>
[  410.211643][T12807]  dump_stack_lvl+0xe8/0x150
[  410.211674][T12807]  should_fail_ex+0x40c/0x560
[  410.211713][T12807]  _copy_from_user+0x2d/0xb0
[  410.211802][T12807]  sk_setsockopt+0x2b5/0x2f10
[  410.211833][T12807]  ? get_pid_task+0x20/0x1f0
[  410.211880][T12807]  ? get_pid_task+0x20/0x1f0
[  410.211903][T12807]  ? get_pid_task+0x20/0x1f0
[  410.211929][T12807]  ? __pfx_sk_setsockopt+0x10/0x10
[  410.211967][T12807]  ? __lock_acquire+0x683/0x2cd0
[  410.212008][T12807]  ? aa_sk_perm+0x6d5/0x900
[  410.212069][T12807]  udp_lib_setsockopt+0xbc/0x6b0
[  410.212149][T12807]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[  410.212176][T12807]  ? __fget_files+0x2a/0x420
[  410.212200][T12807]  ? aa_sock_opt_perm+0xff/0x1a0
[  410.212232][T12807]  udpv6_setsockopt+0x67/0xb0
[  410.212306][T12807]  ? __pfx_udp_v6_push_pending_frames+0x10/0x10
[  410.212330][T12807]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  410.212360][T12807]  do_sock_setsockopt+0x17c/0x1b0
[  410.212387][T12807]  __x64_sys_setsockopt+0x13d/0x1b0
[  410.212411][T12807]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.212433][T12807]  do_syscall_64+0x174/0x580
[  410.212457][T12807]  ? trace_irq_disable+0x3b/0x140
[  410.212486][T12807]  ? clear_bhb_loop+0x40/0x90
[  410.212512][T12807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.212532][T12807] RIP: 0033:0x7f163959ce59
[  410.212552][T12807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  410.212570][T12807] RSP: 002b:00007f163a3dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  410.212592][T12807] RAX: ffffffffffffffda RBX: 00007f1639815fa0 RCX: 00007f163959ce59
[  410.212607][T12807] RDX: 000000000000003c RSI: 0000000000000001 RDI: 0000000000000003
[  410.212619][T12807] RBP: 00007f163a3dd090 R08: 0000000000000008 R09: 0000000000000000
[  410.212632][T12807] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  410.212644][T12807] R13: 00007f1639816038 R14: 00007f1639815fa0 R15: 00007ffc3af83208
[  410.212676][T12807]  </TASK>
[  410.650468][T12805] syzkaller1: entered promiscuous mode
[  410.724454][T12805] syzkaller1: entered allmulticast mode
[  411.327247][T12836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1806'.
[  411.638830][T12846] xfrm1: entered promiscuous mode
[  411.640445][T12847] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  412.043859][T12852] netlink: 1544 bytes leftover after parsing attributes in process `syz.0.1811'.
[  412.085611][T12852] hsr0: entered promiscuous mode
[  412.289687][T12856] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1813'.
[  412.450924][T12873] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1816'.
[  413.334756][T12900] netlink: 'syz.3.1824': attribute type 1 has an invalid length.
[  413.439336][T12900] 8021q: adding VLAN 0 to HW filter on device bond4
[  413.471317][T12906] bond4: (slave geneve3): making interface the new active one
[  413.482385][T12906] bond4: (slave geneve3): Enslaving as an active interface with an up link
[  413.546427][T12905] gretap0: entered promiscuous mode
[  413.554718][T12905] macsec1: entered allmulticast mode
[  413.560146][T12905] gretap0: entered allmulticast mode
[  413.568460][T12905] gretap0: left allmulticast mode
[  413.574924][T12905] gretap0: left promiscuous mode
[  413.932325][T12914] bond0: left allmulticast mode
[  413.937597][T12914] gretap1: left allmulticast mode
[  413.952731][   T35] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  413.962524][   T35] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  413.971901][   T35] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  413.981803][   T35] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.201713][T12856] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  415.850830][T12946] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1835'.
[  416.426971][T12965] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1841'.
[  416.439147][T12965] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1841'.
[  416.462610][T12965] netlink: 'syz.4.1841': attribute type 5 has an invalid length.
[  416.473701][T12965] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1841'.
[  416.484160][T12967] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1841'.
[  416.493993][T12967] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1841'.
[  416.503191][T12967] netlink: 'syz.4.1841': attribute type 5 has an invalid length.
[  416.511267][T12967] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1841'.
[  416.741703][T12969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1843'.
[  416.894704][T12989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1845'.
[  416.920624][T12986] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.1844'.
[  416.946828][T12989] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  416.992596][T12989] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[  417.815730][T13033] lo speed is unknown, defaulting to 1000
[  418.153303][T13041] vlan4: entered promiscuous mode
[  418.158984][T13041] erspan0: entered promiscuous mode
[  419.641071][T12969] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  420.181060][T13063] syzkaller0: entered promiscuous mode
[  420.203976][T13063] syzkaller0: entered allmulticast mode
[  420.243066][T13063] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  420.299579][T13061] tipc: Resetting bearer <eth:syzkaller0>
[  420.360685][T13061] tipc: Disabling bearer <eth:syzkaller0>
[  420.595486][T13076] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:20001
[  421.443429][T13087] netlink: 'syz.0.1871': attribute type 1 has an invalid length.
[  421.464090][T13094] __nla_validate_parse: 3 callbacks suppressed
[  421.464111][T13094] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1874'.
[  421.577584][T13096] dummy0: left promiscuous mode
[  421.641896][T13096] bond6: (slave dummy0): making interface the new active one
[  421.666958][T13096] bond6: (slave dummy0): Enslaving as an active interface with an up link
[  421.689445][T13098] veth0: entered promiscuous mode
[  421.701114][T13099] bond6: entered promiscuous mode
[  421.710820][T13099] dummy0: entered promiscuous mode
[  422.741023][T13087] bond6: (slave dummy0): Releasing active interface
[  422.758394][T13087] dummy0: left promiscuous mode
[  422.960823][T13087] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  422.977712][T13093] veth0: left promiscuous mode
[  423.109734][T13087] bond6: left promiscuous mode
[  423.586321][T13149] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1889'.
[  423.848647][T13160] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1893'.
[  424.032185][T13163] lo speed is unknown, defaulting to 1000
[  425.572045][T13222] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1911'.
[  425.682488][T13227] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1910'.
[  425.867776][T13235] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  426.537980][T13264] geneve1: entered promiscuous mode
[  427.390586][T13290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1926'.
[  427.433623][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  428.769989][T13231] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  429.020586][T13293] syzkaller0: entered promiscuous mode
[  429.048497][T13293] syzkaller0: entered allmulticast mode
[  429.269020][T13300] syzkaller0: entered promiscuous mode
[  429.276540][T13300] syzkaller0: entered allmulticast mode
[  429.304839][T13303] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  429.429518][T13300] tipc: Resetting bearer <eth:syzkaller0>
[  429.471064][T13300] tipc: Disabling bearer <eth:syzkaller0>
[  429.770990][T13318] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  429.855845][T13295] tipc: Disabling bearer <eth:syzkaller0>
[  430.366937][T13327] syzkaller1: entered promiscuous mode
[  430.382422][T13327] syzkaller1: entered allmulticast mode
[  430.582535][T13339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1940'.
[  430.596209][T13339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1940'.
[  430.607145][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1940'.
[  431.183212][T13361] netlink: 'syz.4.1947': attribute type 6 has an invalid length.
[  431.238073][T13361] netlink: 'syz.4.1947': attribute type 23 has an invalid length.
[  431.296493][T13361] IPv6: NLM_F_CREATE should be specified when creating new route
[  431.469186][T13363] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1948'.
[  431.581264][T13363] tc action pedit offset must be on 32 bit boundaries
[  432.043082][T13382] netlink: 'syz.2.1955': attribute type 1 has an invalid length.
[  432.072043][T13382] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1955'.
[  432.532607][T13399] tipc: New replicast peer: 255.255.255.255
[  432.570278][T13399] tipc: Enabled bearer <udp:syz2>, priority 10
[  432.614461][T13398] netlink: 'syz.3.1961': attribute type 1 has an invalid length.
[  432.631262][T13398] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1961'.
[  433.361382][T13424] netlink: 'syz.1.1967': attribute type 1 has an invalid length.
[  433.382505][T13422] syzkaller0: entered promiscuous mode
[  433.396807][T13422] syzkaller0: entered allmulticast mode
[  433.535811][T13433] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1968'.
[  433.659796][T13426] gretap2: entered allmulticast mode
[  433.716448][T13426] bond5: (slave gretap2): making interface the new active one
[  433.727200][T13426] bond5: (slave gretap2): Enslaving as an active interface with an up link
[  433.739197][T13422] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  433.756406][T13440] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1968'.
[  433.783019][T13421] tipc: Resetting bearer <eth:syzkaller0>
[  433.849211][T13421] tipc: Disabling bearer <eth:syzkaller0>
[  433.941087][T13443] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1970'.
[  433.970664][T13442] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1970'.
[  434.228091][T13454] netlink: 'syz.4.1972': attribute type 4 has an invalid length.
[  434.272268][T13454] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1972'.
[  434.305953][T13461] netlink: 'syz.1.1974': attribute type 2 has an invalid length.
[  434.346111][T13461] netlink: 'syz.1.1974': attribute type 9 has an invalid length.
[  434.358117][T13461] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1974'.
[  434.382751][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1974'.
[  434.384369][T13463] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1975'.
[  434.662176][T13471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1977'.
[  434.972643][T13473] bond6: entered promiscuous mode
[  435.293513][T13488] xt_CT: No such helper "snmp_trap"
[  436.670114][T13545] xt_l2tp: missing protocol rule (udp|l2tpip)
[  436.682895][T13545] netlink: 'syz.2.1995': attribute type 1 has an invalid length.
[  436.762377][T13545] geneve4: entered promiscuous mode
[  437.352168][T13565] netlink: 'syz.0.2000': attribute type 1 has an invalid length.
[  437.407217][T13565] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  437.715363][T13571] netlink: 'syz.1.2003': attribute type 13 has an invalid length.
[  437.754096][T13571] netlink: 'syz.1.2003': attribute type 17 has an invalid length.
[  437.827687][T13580] netlink: 'syz.2.2005': attribute type 1 has an invalid length.
[  438.277677][T13571] 8021q: adding VLAN 0 to HW filter on device team0
[  438.337864][T13571] dummy0: left promiscuous mode
[  438.392659][T13571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  438.461777][T13606] netlink: 'syz.0.2011': attribute type 4 has an invalid length.
[  438.622237][T13571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  438.656575][T13571] batman_adv: batadv0: Interface activated: 
€Â0
[  438.719130][T13571] veth1_vlan: left promiscuous mode
[  438.750240][T13571] veth0_vlan: left promiscuous mode
[  438.757684][T13571] veth0_vlan: entered promiscuous mode
[  438.790067][T13571] veth1_vlan: entered promiscuous mode
[  438.827029][T13571] veth1_macvtap: left promiscuous mode
[  438.845100][T13571] veth0_macvtap: left promiscuous mode
[  438.855548][T13571] veth0_macvtap: entered promiscuous mode
[  438.889853][T13571] veth1_macvtap: entered promiscuous mode
[  438.922166][T13571] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  438.941689][T13571] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  438.967194][T13571] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  438.990621][T13571] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  439.019993][T13571] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  439.038376][T13571] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  439.076146][ T6742] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.084799][ T6742] bridge0: port 1(bridge_slave_0) entered forwarding state
[  439.107481][ T6742] bridge0: port 2(bridge_slave_1) entered blocking state
[  439.114730][ T6742] bridge0: port 2(bridge_slave_1) entered forwarding state
[  439.226111][ T6746] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  439.244570][ T3384] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  439.275296][ T3384] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  439.321760][ T3384] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.939364][T13649] __nla_validate_parse: 2 callbacks suppressed
[  439.939386][T13649] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2020'.
[  440.452938][T13654] netlink: 'syz.4.2021': attribute type 11 has an invalid length.
[  440.519819][T13659] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2023'.
[  440.815665][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2024'.
[  440.845291][T13666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2024'.
[  440.905895][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2024'.
[  441.191125][T13669] syzkaller0: entered promiscuous mode
[  441.207758][T13669] syzkaller0: entered allmulticast mode
[  441.291193][T13673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2026'.
[  441.315702][T13672] netlink: 65051 bytes leftover after parsing attributes in process `syz.0.2026'.
[  441.798987][T13688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2033'.
[  442.448228][T13714] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20002
[  442.519949][T13717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2036'.
[  442.666633][T13717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2036'.
[  442.784082][T13727] openvswitch: netlink: Unknown nsh attribute 0
[  442.820747][T13727] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  443.145953][T13743] openvswitch: netlink: Unexpected mask (mask=240040, allowed=10048)
[  443.296129][T13745] IPVS: ip_vs_add_dest(): server weight less than zero
[  444.864645][T13806] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  445.155084][T13810] __nla_validate_parse: 3 callbacks suppressed
[  445.155104][T13810] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2063'.
[  445.487749][T13828] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2067'.
[  445.489579][T13825] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2068'.
[  445.515477][T13828] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2067'.
[  445.570865][T13832] IPv6: NLM_F_REPLACE set, but no existing node found!
[  445.609833][T13825] gretap0: entered promiscuous mode
[  445.624369][T13835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2067'.
[  445.632674][T13825] macvlan3: entered allmulticast mode
[  445.649169][T13825] gretap0: entered allmulticast mode
[  445.761412][T13828] geneve4: entered promiscuous mode
[  445.934157][T13835] geneve0: entered promiscuous mode
[  445.991798][T13835] geneve0: left promiscuous mode
[  446.052664][T13832] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2067'.
[  446.363057][T13855] netlink: 'syz.3.2074': attribute type 26 has an invalid length.
[  446.847704][T13875] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  446.868230][T13875] netlink: 204 bytes leftover after parsing attributes in process `syz.4.2081'.
[  446.892968][T13875] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2081'.
[  447.059457][T13883] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2084'.
[  447.186503][T13884] bond7 (unregistering): Released all slaves
[  447.554027][T13897] netlink: 'syz.4.2088': attribute type 7 has an invalid length.
[  447.857656][T13915] IPv6: NLM_F_CREATE should be specified when creating new route
[  448.321570][T13935] syzkaller1: entered promiscuous mode
[  448.351548][T13935] syzkaller1: entered allmulticast mode
[  448.738049][ T6744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  448.776675][ T6744] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.002845][T13957] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2102'.
[  450.261301][T14002] lo speed is unknown, defaulting to 1000
[  450.395623][T14004] __nla_validate_parse: 1 callbacks suppressed
[  450.395644][T14004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2113'.
[  450.796033][T14023] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2116'.
[  450.987172][T14034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2121'.
[  451.141496][T14040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2122'.
[  451.184779][T14043] xt_l2tp: invalid flags combination: 8
[  451.215098][T14044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2122'.
[  451.521486][T14059] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2122'.
[  452.150335][T14075] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  452.200626][T14078] Bluetooth: MGMT ver 1.23
[  452.371146][T14085] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2131'.
[  452.447773][T14085] nbd: must specify a size in bytes for the device
[  452.542353][T14085] netlink: 'syz.4.2131': attribute type 1 has an invalid length.
[  452.589206][T14085] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2131'.
[  452.894918][T14112] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2135'.
[  453.039532][   T12] wlan1: Trigger new scan to find an IBSS to join
[  453.099529][T14112] 8021q: adding VLAN 0 to HW filter on device bond11
[  453.197042][T14116] gretap2: entered allmulticast mode
[  453.261010][T14116] bond11: (slave gretap2): Enslaving as an active interface with an up link
[  453.325547][T14122] bond11 (unregistering): (slave gretap2): Releasing backup interface
[  453.356644][T14124] netlink: 264 bytes leftover after parsing attributes in process `syz.1.2137'.
[  453.397134][T14122] bond11 (unregistering): Released all slaves
[  453.530739][T14128] syzkaller1: entered promiscuous mode
[  453.559849][T14128] syzkaller1: entered allmulticast mode
[  454.637106][T14165] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  454.742898][T14165] tipc: Disabling bearer <eth:syzkaller0>
[  455.059761][T14179] syzkaller1: entered promiscuous mode
[  455.098869][T14179] syzkaller1: entered allmulticast mode
[  455.175314][T14190] netlink: 'syz.1.2157': attribute type 1 has an invalid length.
[  455.390308][T14190] 8021q: adding VLAN 0 to HW filter on device bond7
[  455.421922][T14199] bond7: (slave gretap3): making interface the new active one
[  455.432305][T14199] bond7: (slave gretap3): Enslaving as an active interface with an up link
[  455.819758][T14211] netlink: 'syz.0.2161': attribute type 1 has an invalid length.
[  455.978634][T14215] netlink: 'syz.2.2163': attribute type 1 has an invalid length.
[  456.051917][T14215] __nla_validate_parse: 5 callbacks suppressed
[  456.051938][T14215] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2163'.
[  456.084165][ T6753] wlan1: Trigger new scan to find an IBSS to join
[  456.145872][T14233] netlink: 'syz.2.2163': attribute type 10 has an invalid length.
[  456.166252][T14211] 8021q: adding VLAN 0 to HW filter on device bond7
[  456.209975][T14220] dummy0: entered allmulticast mode
[  456.215840][T14236] netlink: 'syz.2.2163': attribute type 10 has an invalid length.
[  456.221518][T14223] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  456.561029][T14233] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  456.701043][T14233] team0: Port device netdevsim1 added
[  456.786174][T14236] team0: Port device netdevsim1 removed
[  456.812905][T14236] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  456.841211][T14236] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[  456.855609][T14259] netlink: 'syz.1.2169': attribute type 2 has an invalid length.
[  456.903013][T14261] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2170'.
[  456.918776][T14263] netlink: 'syz.1.2169': attribute type 2 has an invalid length.
[  456.920411][T14211] macvlan0: entered promiscuous mode
[  456.941689][T14211] macvlan0: entered allmulticast mode
[  456.948878][T14211] bond7: entered allmulticast mode
[  456.955390][T14211] bond7: entered promiscuous mode
[  456.971558][T14211] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  457.015370][T14211] team0: Port device macvlan0 added
[  457.052129][  T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  457.078869][T14268] netlink: 'syz.1.2172': attribute type 1 has an invalid length.
[  457.419869][T14283] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2175'.
[  457.455865][T14283] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2175'.
[  457.517583][T14280] block nbd3: server does not support multiple connections per device.
[  457.566179][T14280] block nbd3: shutting down sockets
[  457.646788][T14280] netlink: 'syz.2.2174': attribute type 2 has an invalid length.
[  457.696998][   T29] audit: type=1800 audit(1781625337.610:12): pid=14296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2177" name=20 dev="tmpfs" ino=2155 res=0 errno=0
[  458.785345][ T5632] Bluetooth: hci4: link tx timeout
[  458.796586][ T5632] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  458.809219][ T5632] Bluetooth: hci4: link tx timeout
[  458.815030][ T5632] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  458.988949][T14351] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2189'.
[  459.046003][T14354] netlink: 'syz.3.2188': attribute type 1 has an invalid length.
[  459.096015][T14354] netlink: 'syz.3.2188': attribute type 1 has an invalid length.
[  459.650063][T14377] syzkaller1: entered promiscuous mode
[  459.676426][T14377] syzkaller1: entered allmulticast mode
[  459.690583][T14384] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2196'.
[  459.842783][T14385] syzkaller0: Caught tx_queue_len zero misconfig
[  460.219437][T14400] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2198'.
[  460.589130][T14420] bridge_slave_1: Caught tx_queue_len zero misconfig
[  460.610831][T14420] sch_fq: defrate 8 ignored.
[  460.712475][T14420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2203'.
[  460.874432][ T5632] Bluetooth: hci4: command 0x0405 tx timeout
[  461.076517][T14442] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2205'.
[  461.482838][T14457] xt_hashlimit: size too large, truncated to 1048576
[  461.630513][T14459] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2211'.
[  461.667436][T14459] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2211'.
[  461.706486][T14459] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2211'.
[  462.184461][T14473] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2215'.
[  462.383013][T14473] bond5: entered promiscuous mode
[  462.396199][T14473] 8021q: adding VLAN 0 to HW filter on device bond5
[  462.422695][T14483] netlink: 'syz.1.2216': attribute type 1 has an invalid length.
[  462.457581][T14483] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  462.523648][T14478] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2215'.
[  462.535106][T14486] sctp: [Deprecated]: syz.2.2218 (pid 14486) Use of int in max_burst socket option deprecated.
[  462.535106][T14486] Use struct sctp_assoc_value instead
[  463.071817][T14509] ip6tnl0: Caught tx_queue_len zero misconfig
[  463.118286][T14510] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2223'.
[  463.165070][T14509] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2223'.
[  463.273587][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  463.307624][T14517] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2224'.
[  463.543722][T14522] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2224'.
[  463.986600][T14542] ip6gre3: entered promiscuous mode
[  464.036804][T14542] ip6gre3: entered allmulticast mode
[  464.334801][T14560] netlink: 'syz.3.2236': attribute type 9 has an invalid length.
[  464.365856][T14560] netlink: 'syz.3.2236': attribute type 6 has an invalid length.
[  464.563649][T14565] syzkaller1: tun_chr_ioctl cmd 1074025677
[  464.594200][T14565] syzkaller1: linktype set to 825
[  464.926136][T14564] tipc: Resetting bearer <eth:team0>
[  464.995058][T14564] tipc: Resetting bearer <eth:team0>
[  465.467572][T14595] netlink: 'syz.1.2246': attribute type 1 has an invalid length.
[  465.769139][T14603] netlink: 'syz.4.2248': attribute type 12 has an invalid length.
[  466.104713][T14610] syzkaller0: entered promiscuous mode
[  466.122264][T14610] syzkaller0: entered allmulticast mode
[  466.160189][T14607] __nla_validate_parse: 7 callbacks suppressed
[  466.160210][T14607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2251'.
[  466.180597][T14610] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  466.214735][T14610] netlink: 332 bytes leftover after parsing attributes in process `syz.4.2252'.
[  466.235013][T14610] netlink: 'syz.4.2252': attribute type 9 has an invalid length.
[  466.260022][T14610] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2252'.
[  466.284934][T14610] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2252'.
[  466.425972][T14610] tipc: Resetting bearer <eth:syzkaller0>
[  466.459065][T14608] tipc: Resetting bearer <eth:syzkaller0>
[  466.579113][T14608] tipc: Disabling bearer <eth:syzkaller0>
[  466.667020][T14612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2249'.
[  466.971656][T14637] netlink: 'syz.4.2257': attribute type 2 has an invalid length.
[  467.039329][T14637] ip6tnl0: entered promiscuous mode
[  467.068200][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2257'.
[  467.115151][ T5640] Bluetooth: hci4: command 0x0405 tx timeout
[  467.184771][T14643] netlink: 'syz.1.2258': attribute type 13 has an invalid length.
[  467.230783][T14645] netlink: 'syz.2.2259': attribute type 11 has an invalid length.
[  467.243916][T14643] netlink: 'syz.1.2258': attribute type 17 has an invalid length.
[  467.431057][T14640] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.438557][T14640] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.602669][T14640] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.639682][T14640] batman_adv: batadv0: Interface deactivated: 
€Â0
[  468.002656][T14643] 8021q: adding VLAN 0 to HW filter on device team0
[  468.038469][T14659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2261'.
[  468.050242][T14643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  468.069296][T14643] bridge0: port 1(bridge_slave_0) entered blocking state
[  468.072149][T14661] netlink: 208 bytes leftover after parsing attributes in process `syz.0.2262'.
[  468.076623][T14643] bridge0: port 1(bridge_slave_0) entered forwarding state
[  468.099045][T14643] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.099883][T14661] netlink: 'syz.0.2262': attribute type 2 has an invalid length.
[  468.106296][T14643] bridge0: port 2(bridge_slave_1) entered forwarding state
[  468.122942][T14643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  468.137914][T14643] batman_adv: batadv0: Interface activated: 
€Â0
[  468.170599][T14643] veth1_vlan: left promiscuous mode
[  468.178367][T14643] veth0_vlan: left promiscuous mode
[  468.187260][T14643] veth0_vlan: entered promiscuous mode
[  468.201784][T14643] veth1_vlan: entered promiscuous mode
[  468.255465][T14643] veth1_macvtap: left promiscuous mode
[  468.268696][T14643] veth0_macvtap: left promiscuous mode
[  468.281494][T14643] veth0_macvtap: entered promiscuous mode
[  468.305797][T14643] veth1_macvtap: entered promiscuous mode
[  468.356795][T14643] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  468.367269][T14643] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  468.377518][T14643] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  468.414324][T14643] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  468.428931][T14643] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  468.461365][T14646] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.731896][T14669] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  468.763544][T14669] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  468.781958][T14669] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  469.002238][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  469.036947][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  469.248391][T14697] netlink: 'syz.0.2274': attribute type 1 has an invalid length.
[  469.313092][T14702] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2274'.
[  469.349516][T14702] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2274'.
[  469.365617][T14703] IPVS: set_ctl: invalid protocol: 92 172.20.20.170:0
[  469.368937][T14685] block nbd3: not configured, cannot reconfigure
[  469.404553][T14697] 8021q: adding VLAN 0 to HW filter on device bond8
[  470.839744][T14754] bond7: Unable to set up delay as MII monitoring is disabled
[  470.866915][T14754] bond7 (unregistering): Released all slaves
[  471.059876][T14771] netlink: 'syz.2.2296': attribute type 1 has an invalid length.
[  471.147127][T14771] bond11: entered promiscuous mode
[  471.152895][T14771] 8021q: adding VLAN 0 to HW filter on device bond11
[  471.199719][T14775] bond11: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  471.235059][T14775] bond11: (slave ipvlan3): The slave device specified does not support setting the MAC address
[  471.257435][T14775] bond11: (slave ipvlan3): Setting fail_over_mac to active for active-backup mode
[  471.497392][T14774] bond7: option coupled_control: mode dependency failed, not supported in mode balance-rr(0)
[  471.567189][T14774] bond7 (unregistering): Released all slaves
[  471.676467][T14768] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  471.917445][T14810] xt_ecn: cannot match TCP bits for non-tcp packets
[  472.144687][T14813] __nla_validate_parse: 6 callbacks suppressed
[  472.144708][T14813] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2303'.
[  472.174599][T14816] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2305'.
[  472.229583][T14823] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2303'.
[  472.309979][T14816] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2305'.
[  472.378651][T14830] veth0: entered promiscuous mode
[  472.439506][T14830] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2308'.
[  472.577802][T14830] veth0: left promiscuous mode
[  472.875836][ T5640] Bluetooth: hci4: command 0x0405 tx timeout
[  472.910444][T14858] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2314'.
[  472.938611][T14858] vlan3: entered allmulticast mode
[  472.943963][T14858] macvtap0: entered allmulticast mode
[  473.506960][T14877] bridge0: entered allmulticast mode
[  474.861796][T14932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2333'.
[  476.073826][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  479.675487][T15002] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2350'.
[  480.230125][T15011] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2354'.
[  481.412908][T15002] vlan2: entered promiscuous mode
[  481.418754][T15002] geneve1: entered promiscuous mode
[  481.425269][T15002] vlan2: entered allmulticast mode
[  481.430549][T15002] geneve1: entered allmulticast mode
[  481.740833][T15033] ªªªªª!: renamed from virt_wifi0
[  481.848548][T15041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2364'.
[  481.894250][T15041] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2364'.
[  481.945475][T15044] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2364'.
[  482.031915][T15041] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2364'.
[  482.045700][T15052] netlink: 'syz.4.2366': attribute type 10 has an invalid length.
[  482.367918][T15056] macvtap2: entered allmulticast mode
[  483.019462][ T5732] hsr0: entered promiscuous mode
[  483.027528][T15084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2374'.
[  483.041009][T15082] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2373'.
[  483.105100][T15086] vlan4: entered promiscuous mode
[  483.119310][T15086] bond0: entered promiscuous mode
[  483.193157][T15091] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2376'.
[  483.229326][T15082] vlan3: entered allmulticast mode
[  483.256563][T15082] bridge11: entered allmulticast mode
[  483.299485][T15088] bridge11: port 1(erspan0) entered blocking state
[  483.329064][T15088] bridge11: port 1(erspan0) entered disabled state
[  483.356713][T15088] erspan0: entered allmulticast mode
[  483.396506][T15088] erspan0: entered promiscuous mode
[  483.420625][T15088] bridge11: port 1(erspan0) entered blocking state
[  483.427496][T15088] bridge11: port 1(erspan0) entered forwarding state
[  483.793008][T15111] netlink: 'syz.4.2381': attribute type 15 has an invalid length.
[  483.836175][T15106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2380'.
[  484.722024][T15144] __nla_validate_parse: 1 callbacks suppressed
[  484.722047][T15144] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2392'.
[  484.747652][T15138] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  484.938607][T15151] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2394'.
[  485.076666][T15156] netlink: 'syz.0.2391': attribute type 26 has an invalid length.
[  485.883262][T15177] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2399'.
[  486.008924][T15177] bond12: option miimon: invalid value (18446744073709551607)
[  486.044439][T15177] bond12: option miimon: allowed values 0 - 2147483647
[  486.054568][T15177] bond12 (unregistering): Released all slaves
[  486.101300][T15196] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2403'.
[  486.131109][ T5640] block nbd3: Receive control failed (result -32)
[  486.490469][T15210] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  486.722871][T15217] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2410'.
[  486.807949][T15217] netlink: 'syz.0.2410': attribute type 3 has an invalid length.
[  486.931022][T15228] netlink: 'syz.2.2414': attribute type 1 has an invalid length.
[  487.005752][T15228] bond12: entered promiscuous mode
[  487.011672][T15228] 8021q: adding VLAN 0 to HW filter on device bond12
[  487.098408][T15228] bond12: (slave veth13): making interface the new active one
[  487.098763][T15231] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2414'.
[  487.128845][T15228] veth13: entered promiscuous mode
[  487.149265][T15228] bond12: (slave veth13): Enslaving as an active interface with an up link
[  487.275890][T15210] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  488.074040][   T12] wlan1: Trigger new scan to find an IBSS to join
[  488.895694][T15286] netlink: 'syz.4.2429': attribute type 1 has an invalid length.
[  488.914437][T15286] netlink: 'syz.4.2429': attribute type 4 has an invalid length.
[  488.934403][T15294] xt_hashlimit: size too large, truncated to 1048576
[  488.939819][T15286] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.2429'.
[  488.955525][T15295] xt_hashlimit: size too large, truncated to 1048576
[  489.008296][T15299] netlink: 'syz.1.2434': attribute type 1 has an invalid length.
[  489.038224][T15299] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2434'.
[  489.107561][T15300] syzkaller0: entered promiscuous mode
[  489.141514][T15300] syzkaller0: entered allmulticast mode
[  489.415970][T15310] macsec1: entered allmulticast mode
[  489.425727][T15310] gretap0: entered allmulticast mode
[  489.467266][T15310] gretap0: left allmulticast mode
[  489.691919][T15321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2439'.
[  489.730643][T15317] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2441'.
[  489.944712][T15329] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2443'.
[  490.366659][T15341] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  490.669684][T15359] netlink: 'syz.3.2451': attribute type 12 has an invalid length.
[  490.723830][T15361] netlink: 'syz.1.2453': attribute type 21 has an invalid length.
[  490.766474][T15361] netlink: 'syz.1.2453': attribute type 6 has an invalid length.
[  490.794424][T15361] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2453'.
[  491.013409][T15359] block nbd4: server does not support multiple connections per device.
[  491.064525][T15359] block nbd4: shutting down sockets
[  491.133459][ T1161] wlan1: Trigger new scan to find an IBSS to join
[  491.298705][T15375] xt_hl: Unknown TTL match mode: 237
[  491.315521][T15376] xt_hl: Unknown TTL match mode: 237
[  491.789404][T15384] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2459'.
[  492.258718][T15402] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  492.935394][T15422] netlink: 'syz.3.2468': attribute type 1 has an invalid length.
[  492.971460][T15422] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2468'.
[  493.394734][T15439] FAULT_INJECTION: forcing a failure.
[  493.394734][T15439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.399045][T15437] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap4
[  493.422704][T15439] CPU: 1 UID: 0 PID: 15439 Comm: syz.3.2474 Not tainted syzkaller #0 PREEMPT(full) 
[  493.422734][T15439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  493.422747][T15439] Call Trace:
[  493.422753][T15439]  <TASK>
[  493.422760][T15439]  dump_stack_lvl+0xe8/0x150
[  493.422789][T15439]  should_fail_ex+0x40c/0x560
[  493.422801][T15437] batman_adv: batadv0: Adding interface: gretap4
[  493.422830][T15439]  _copy_from_user+0x2d/0xb0
[  493.422852][T15439]  __sys_bpf+0x229/0x950
[  493.422884][T15439]  ? __pfx___sys_bpf+0x10/0x10
[  493.422926][T15439]  ? ksys_write+0x242/0x270
[  493.422958][T15439]  ? __pfx_ksys_write+0x10/0x10
[  493.422990][T15439]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.423012][T15439]  __x64_sys_bpf+0x7c/0x90
[  493.423038][T15439]  do_syscall_64+0x174/0x580
[  493.423065][T15439]  ? trace_irq_disable+0x3b/0x140
[  493.423102][T15439]  ? clear_bhb_loop+0x40/0x90
[  493.423127][T15439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.423146][T15439] RIP: 0033:0x7f1ad1d9ce59
[  493.423166][T15439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  493.423182][T15439] RSP: 002b:00007f1ad2c33028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  493.423204][T15439] RAX: ffffffffffffffda RBX: 00007f1ad2015fa0 RCX: 00007f1ad1d9ce59
[  493.423219][T15439] RDX: 000000000000004c RSI: 0000200000000340 RDI: 000000000000000a
[  493.423232][T15439] RBP: 00007f1ad2c33090 R08: 0000000000000000 R09: 0000000000000000
[  493.423245][T15439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.423257][T15439] R13: 00007f1ad2016038 R14: 00007f1ad2015fa0 R15: 00007fff01be3248
[  493.423292][T15439]  </TASK>
[  493.659964][T15437] batman_adv: batadv0: The MTU of interface gretap4 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  493.774944][T15443] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2475'.
[  493.803929][T15437] batman_adv: batadv0: Interface activated: gretap4
[  493.864213][T15443] netlink: 'syz.3.2475': attribute type 7 has an invalid length.
[  493.889742][T15446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2476'.
[  493.898903][T15443] netlink: 'syz.3.2475': attribute type 8 has an invalid length.
[  493.898928][T15443] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2475'.
[  494.073790][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  494.170677][T15450] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2477'.
[  494.220842][T15450] veth0: entered promiscuous mode
[  494.324988][T15450] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  494.480128][T15448] veth0: left promiscuous mode
[  494.877524][T15477] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2487'.
[  495.450833][T15495] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2490'.
[  495.680811][T15498] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2492'.
[  496.355706][T15518] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2499'.
[  497.018680][T15532] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2504'.
[  497.512112][T15540] bond2: (slave bridge1): Releasing backup interface
[  497.585081][T15540] team0: Port device bridge3 removed
[  497.626612][T15544] netlink: 'syz.4.2507': attribute type 3 has an invalid length.
[  497.646793][T15540] bond6: (slave gretap1): Releasing active interface
[  497.670790][T15544] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2507'.
[  498.225900][T15559] netlink: 'syz.1.2512': attribute type 1 has an invalid length.
[  498.271303][T15559] netlink: 16150 bytes leftover after parsing attributes in process `syz.1.2512'.
[  500.037759][T15628] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2527'.
[  500.070534][T15628] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2527'.
[  500.338846][T15641] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2531'.
[  500.364282][T15640] netlink: 212340 bytes leftover after parsing attributes in process `syz.0.2530'.
[  500.397225][T15640] openvswitch: netlink: Port 167772160 exceeds max allowable 65535
[  500.654653][T15653] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2534'.
[  500.908278][T15661] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8
[  501.305304][T15661] RDS: rds_bind could not find a transport for ::ffff:10.1.1.3, load rds_tcp or rds_rdma?
[  501.530461][   T29] audit: type=1800 audit(1781625381.450:13): pid=15680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2540" name=CB dev="tmpfs" ino=2559 res=0 errno=0
[  502.758385][T15715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2544'.
[  502.794172][T15719] FAULT_INJECTION: forcing a failure.
[  502.794172][T15719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  502.831316][T15719] CPU: 0 UID: 0 PID: 15719 Comm: syz.4.2551 Not tainted syzkaller #0 PREEMPT(full) 
[  502.831348][T15719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  502.831360][T15719] Call Trace:
[  502.831368][T15719]  <TASK>
[  502.831377][T15719]  dump_stack_lvl+0xe8/0x150
[  502.831410][T15719]  should_fail_ex+0x40c/0x560
[  502.831449][T15719]  _copy_from_user+0x2d/0xb0
[  502.831475][T15719]  ___sys_sendmsg+0x1c6/0x360
[  502.831501][T15719]  ? __lock_acquire+0x683/0x2cd0
[  502.831539][T15719]  ? __pfx____sys_sendmsg+0x10/0x10
[  502.831601][T15719]  ? __fget_files+0x2a/0x420
[  502.831627][T15719]  ? __fget_files+0x3a2/0x420
[  502.831665][T15719]  __x64_sys_sendmsg+0x1bd/0x2a0
[  502.831691][T15719]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  502.831724][T15719]  ? __pfx_ksys_write+0x10/0x10
[  502.831765][T15719]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.831788][T15719]  do_syscall_64+0x174/0x580
[  502.831813][T15719]  ? trace_irq_disable+0x3b/0x140
[  502.831844][T15719]  ? clear_bhb_loop+0x40/0x90
[  502.831870][T15719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.831891][T15719] RIP: 0033:0x7fd991d9ce59
[  502.831911][T15719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  502.831930][T15719] RSP: 002b:00007fd992c42028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  502.831954][T15719] RAX: ffffffffffffffda RBX: 00007fd992015fa0 RCX: 00007fd991d9ce59
[  502.831969][T15719] RDX: 0000000020000010 RSI: 00002000000018c0 RDI: 0000000000000004
[  502.831983][T15719] RBP: 00007fd992c42090 R08: 0000000000000000 R09: 0000000000000000
[  502.831995][T15719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.832007][T15719] R13: 00007fd992016038 R14: 00007fd992015fa0 R15: 00007ffd5c6b4098
[  502.832038][T15719]  </TASK>
[  504.024490][T15733] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  504.116726][T15739] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.2557'.
[  504.126523][T15736] netlink: 'syz.3.2556': attribute type 1 has an invalid length.
[  504.158845][T15739] netlink: Unknown conntrack attr (type=2304, max=9)
[  504.278258][T15749] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2560'.
[  504.350416][T15736] 8021q: adding VLAN 0 to HW filter on device bond6
[  504.418047][T15755] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2560'.
[  504.583053][T15758] nbd: must specify a size in bytes for the device
[  504.633826][T15743] bond6: (slave veth15): Enslaving as an active interface with a down link
[  504.712709][T15746] 8021q: adding VLAN 0 to HW filter on device batadv0
[  504.744594][T15746] bond6: (slave batadv0): making interface the new active one
[  504.755855][T15746] batadv0: entered promiscuous mode
[  504.761749][T15746] bond6: (slave batadv0): Enslaving as an active interface with an up link
[  504.954443][T15765] FAULT_INJECTION: forcing a failure.
[  504.954443][T15765] name failslab, interval 1, probability 0, space 0, times 0
[  504.979419][T15764] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2563'.
[  505.001609][T15765] CPU: 1 UID: 0 PID: 15765 Comm: syz.2.2562 Not tainted syzkaller #0 PREEMPT(full) 
[  505.001640][T15765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  505.001653][T15765] Call Trace:
[  505.001662][T15765]  <TASK>
[  505.001671][T15765]  dump_stack_lvl+0xe8/0x150
[  505.001702][T15765]  should_fail_ex+0x40c/0x560
[  505.001740][T15765]  should_failslab+0xa8/0x100
[  505.001764][T15765]  kmem_cache_alloc_node_noprof+0x8f/0x680
[  505.001792][T15765]  ? __alloc_skb+0x189/0x7a0
[  505.001823][T15765]  ? __alloc_skb+0x1d7/0x7a0
[  505.001849][T15765]  ? __local_bh_enable_ip+0xd0/0x130
[  505.001877][T15765]  __alloc_skb+0x1d7/0x7a0
[  505.001925][T15765]  netlink_sendmsg+0x5d4/0xb40
[  505.001960][T15765]  ? __pfx_netlink_sendmsg+0x10/0x10
[  505.001988][T15765]  ? aa_sock_msg_perm+0xf1/0x1b0
[  505.002021][T15765]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  505.002051][T15765]  ? __pfx_netlink_sendmsg+0x10/0x10
[  505.002076][T15765]  ____sys_sendmsg+0x9b9/0xa20
[  505.002098][T15765]  ? __might_fault+0xaf/0x130
[  505.002131][T15765]  ? __pfx_____sys_sendmsg+0x10/0x10
[  505.002163][T15765]  ? import_iovec+0x73/0xa0
[  505.002191][T15765]  ___sys_sendmsg+0x2a5/0x360
[  505.002212][T15765]  ? __lock_acquire+0x683/0x2cd0
[  505.002238][T15765]  ? __pfx____sys_sendmsg+0x10/0x10
[  505.002299][T15765]  ? __fget_files+0x2a/0x420
[  505.002322][T15765]  ? __fget_files+0x3a2/0x420
[  505.002358][T15765]  __x64_sys_sendmsg+0x1bd/0x2a0
[  505.002383][T15765]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  505.002415][T15765]  ? __pfx_ksys_write+0x10/0x10
[  505.002454][T15765]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.002476][T15765]  do_syscall_64+0x174/0x580
[  505.002500][T15765]  ? trace_irq_disable+0x3b/0x140
[  505.002530][T15765]  ? clear_bhb_loop+0x40/0x90
[  505.002555][T15765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.002575][T15765] RIP: 0033:0x7f702599ce59
[  505.002595][T15765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  505.002613][T15765] RSP: 002b:00007f70267d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  505.002637][T15765] RAX: ffffffffffffffda RBX: 00007f7025c15fa0 RCX: 00007f702599ce59
[  505.002652][T15765] RDX: 0000000020000010 RSI: 00002000000018c0 RDI: 0000000000000004
[  505.002666][T15765] RBP: 00007f70267d6090 R08: 0000000000000000 R09: 0000000000000000
[  505.002678][T15765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  505.002691][T15765] R13: 00007f7025c16038 R14: 00007f7025c15fa0 R15: 00007ffc1042e6a8
[  505.002724][T15765]  </TASK>
[  505.430089][T15771] netlink: 'syz.4.2566': attribute type 15 has an invalid length.
[  505.479334][T15771] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2566'.
[  506.184889][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  506.217554][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  506.259067][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  506.289905][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  506.359401][T15805] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2574'.
[  506.458705][T15805] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2574'.
[  507.602139][T15838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2581'.
[  509.222307][T15805] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  509.356074][T15855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2582'.
[  509.571839][T15862] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2586'.
[  509.614452][T15862] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2586'.
[  509.643172][T15862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2586'.
[  509.727631][T15866] netlink: 'syz.3.2587': attribute type 1 has an invalid length.
[  509.807900][T15866] 8021q: adding VLAN 0 to HW filter on device bond7
[  510.087723][T15887] netlink: 'syz.3.2587': attribute type 10 has an invalid length.
[  510.118288][T15871] bond7: (slave veth17): Enslaving as a backup interface with a down link
[  510.137654][T15887] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2587'.
[  510.221076][T15888] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode
[  510.234075][T15888] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode
[  511.185489][T15932] xt_CT: You must specify a L4 protocol and not use inversions on it
[  511.211196][T15934] openvswitch: netlink: IP tunnel dst address not specified
[  511.243461][T15934] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  511.429661][T15898] sit0: entered promiscuous mode
[  511.442544][T15898] netlink: 'syz.0.2592': attribute type 1 has an invalid length.
[  511.461847][T15898] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2592'.
[  512.242669][T15948] netlink: 'syz.1.2601': attribute type 26 has an invalid length.
[  512.888574][T15975] lo: entered allmulticast mode
[  513.119038][T15987] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2615'.
[  513.447024][T16005] netlink: 'syz.2.2620': attribute type 58 has an invalid length.
[  513.640198][T16013] syzkaller1: entered promiscuous mode
[  513.652010][T16013] syzkaller1: entered allmulticast mode
[  514.172803][T16025] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2628'.
[  514.221958][T16039] syzkaller0: entered promiscuous mode
[  514.262691][T16039] syzkaller0: entered allmulticast mode
[  514.686730][T16050] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2633'.
[  515.425396][T16082] gre4: entered allmulticast mode
[  515.934644][ T1161] batadv0: left promiscuous mode
[  517.203013][T16146] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2661'.
[  517.287870][T16146] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2661'.
[  517.501548][T16159] IPv6: NLM_F_CREATE should be specified when creating new route
[  517.529459][T16158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2664'.
[  518.593080][T16189] xt_NFQUEUE: number of total queues is 0
[  519.071718][T16197] smbdirect: ib_dev[syz2] removed
[  519.867897][T16234] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2682'.
[  520.038929][T16228] bond9: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  520.061351][T16237] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2681'.
[  520.062746][T16228] bond9 (unregistering): Released all slaves
[  520.101386][T16234] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  520.178530][T16237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2681'.
[  520.758772][T16263] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  520.810197][T16262] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  521.056804][T16284] syzkaller1: entered promiscuous mode
[  521.098138][T16284] syzkaller1: entered allmulticast mode
[  521.175193][T16284] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2691'.
[  521.224283][T16284] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  521.574551][T16299] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2695'.
[  521.617098][T16299] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2695'.
[  521.651240][T16299] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2695'.
[  522.299245][T16331] netlink: 'syz.3.2702': attribute type 13 has an invalid length.
[  522.362722][T16331] netlink: 'syz.3.2702': attribute type 17 has an invalid length.
[  522.416280][T16331] netlink: 'syz.3.2702': attribute type 27 has an invalid length.
[  522.732591][T16345] __nla_validate_parse: 2 callbacks suppressed
[  522.732610][T16345] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2704'.
[  522.859960][T16347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2704'.
[  522.885728][T16347] netlink: 'syz.1.2704': attribute type 1 has an invalid length.
[  522.908274][T16347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2704'.
[  523.019371][T16350] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2706'.
[  523.052243][T16350] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  523.118906][T16347] veth13: entered promiscuous mode
[  523.155999][ T1061] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  523.191334][ T1061] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  523.231598][ T1061] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  523.247074][ T1061] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  523.258495][ T1061] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  523.269340][ T1061] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  523.292029][T16360] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2709'.
[  523.330831][ T1061] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  523.351154][ T1061] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  523.403964][T16363] bridge0: port 1(bridge_slave_0) entered disabled state
[  523.671071][T16370] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2712'.
[  523.807845][T16370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2712'.
[  523.933135][T16375] openvswitch: netlink: VXLAN extension 1 has unexpected len 8 expected 4
[  524.155381][T16379] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2715'.
[  524.671103][T16401] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2721'.
[  524.912004][T16407] bond7: entered allmulticast mode
[  524.929508][T16407] macvlan3: entered promiscuous mode
[  524.953352][T16407] macvlan3: entered allmulticast mode
[  524.960385][T16407] bond7: entered promiscuous mode
[  524.979477][T16407] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  525.025698][T16407] bond7: left promiscuous mode
[  525.427679][T16420] netlink: 'syz.4.2727': attribute type 228 has an invalid length.
[  525.506976][T16425] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2729'.
[  525.590942][T16425] SET target dimension over the limit!
[  526.786274][T16473] syzkaller1: entered promiscuous mode
[  526.816434][T16473] syzkaller1: entered allmulticast mode
[  526.911488][T16473] Bluetooth: MGMT ver 1.23
[  527.382957][T16489] sctp: [Deprecated]: syz.0.2744 (pid 16489) Use of int in max_burst socket option.
[  527.382957][T16489] Use struct sctp_assoc_value instead
[  527.569999][T16495] sctp: [Deprecated]: syz.1.2746 (pid 16495) Use of struct sctp_assoc_value in delayed_ack socket option.
[  527.569999][T16495] Use struct sctp_sack_info instead
[  527.739486][T16498] __nla_validate_parse: 3 callbacks suppressed
[  527.739507][T16498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2748'.
[  527.804911][T16499] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2747'.
[  527.901643][T16498] 8021q: adding VLAN 0 to HW filter on device bond0
[  528.049537][T16507] netlink: 'syz.2.2751': attribute type 4 has an invalid length.
[  528.091509][T16507] netlink: 'syz.2.2751': attribute type 4 has an invalid length.
[  528.300171][ T6742] tipc: Subscription rejected, illegal request
[  528.604902][T16529] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2755'.
[  528.688707][T16529] ip6gre4: entered promiscuous mode
[  528.746619][T16529] ip6gre4: entered allmulticast mode
[  528.750353][T16545] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2761'.
[  528.822838][T16545] bridge5: entered promiscuous mode
[  528.828805][T16545] bridge5: entered allmulticast mode
[  528.839148][T16545] team0: Port device bridge5 added
[  528.849887][   T75] tipc: Resetting bearer <eth:team0>
[  528.860952][T16549] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2763'.
[  528.873071][T16545] bridge0: port 1(team0) entered blocking state
[  528.905154][T16545] bridge0: port 1(team0) entered disabled state
[  528.949299][T16545] team0: entered allmulticast mode
[  528.954826][ T5640] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  528.959590][T16553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2761'.
[  528.963894][T16545] macvlan2: entered allmulticast mode
[  528.977138][T16545] bond3: entered allmulticast mode
[  528.996424][T16545] team0: entered promiscuous mode
[  529.001706][T16545] macvlan2: entered promiscuous mode
[  529.007722][T16545] bond3: entered promiscuous mode
[  529.033507][ T5640] Bluetooth: hci2: command 0x0406 tx timeout
[  529.529873][T16577] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2771'.
[  529.617151][T16581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2773'.
[  529.656304][T16582] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2774'.
[  529.752289][T16584] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2774'.
[  529.875290][T16584] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  531.229526][T16519] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  531.759830][T16624] bridge6: the hash_elasticity option has been deprecated and is always 16
[  532.160642][T16642] sctp: [Deprecated]: syz.4.2788 (pid 16642) Use of struct sctp_assoc_value in delayed_ack socket option.
[  532.160642][T16642] Use struct sctp_sack_info instead
[  532.393547][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  532.405677][T16653] netlink: zone id is out of range
[  532.416103][T16653] netlink: zone id is out of range
[  532.464414][T16653] netlink: zone id is out of range
[  532.507231][T16653] netlink: zone id is out of range
[  532.639645][T16653] netlink: set zone limit has 4 unknown bytes
[  533.049949][T16673] netlink: 'syz.3.2797': attribute type 1 has an invalid length.
[  533.306563][T16683] __nla_validate_parse: 1 callbacks suppressed
[  533.306586][T16683] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2799'.
[  533.409106][T16683] netlink: 'syz.0.2799': attribute type 1 has an invalid length.
[  533.887141][T16711] sctp: [Deprecated]: syz.3.2806 (pid 16711) Use of int in maxseg socket option.
[  533.887141][T16711] Use struct sctp_assoc_value instead
[  534.062722][T16705] dvmrp0: entered allmulticast mode
[  534.556657][T16738] sctp: [Deprecated]: syz.3.2810 (pid 16738) Use of int in max_burst socket option.
[  534.556657][T16738] Use struct sctp_assoc_value instead
[  534.668604][T16744] netlink: 'syz.4.2811': attribute type 1 has an invalid length.
[  534.710427][T16741] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2811'.
[  534.783875][T16741] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2811'.
[  534.900340][T16746] netlink: 'syz.4.2811': attribute type 1 has an invalid length.
[  534.921042][T16746] netlink: 'syz.4.2811': attribute type 2 has an invalid length.
[  535.340575][T16765] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2815'.
[  535.363443][T16765] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2815'.
[  535.522479][T16768] xt_CT: No such helper "syz1"
[  535.824468][T16782] nbd: must specify a size in bytes for the device
[  536.239154][T16800] vlan4: entered promiscuous mode
[  536.266498][T16800] vlan1: entered promiscuous mode
[  536.812947][T16811] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2824'.
[  536.912720][T16816] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.2823'.
[  537.549937][T16836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2828'.
[  537.598817][T16842] netlink: 'syz.3.2829': attribute type 1 has an invalid length.
[  537.639855][T16842] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2829'.
[  537.678954][T16842] netlink: 658 bytes leftover after parsing attributes in process `syz.3.2829'.
[  537.870098][T16854] nbd: must specify a size in bytes for the device
[  538.111938][T16858] netlink: 'syz.0.2832': attribute type 1 has an invalid length.
[  538.329948][T16858] 8021q: adding VLAN 0 to HW filter on device bond9
[  538.481209][T16859] bond9: (slave veth7): Enslaving as an active interface with a down link
[  539.008662][T16898] team_slave_1: Caught tx_queue_len zero misconfig
[  539.339004][T16913] netlink: 'syz.0.2840': attribute type 1 has an invalid length.
[  539.482938][T16922] __nla_validate_parse: 1 callbacks suppressed
[  539.482959][T16922] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2843'.
[  539.615197][T16913] bond10: entered allmulticast mode
[  539.686589][T16918] bond10: (slave ip6gretap2): making interface the new active one
[  539.711452][T16930] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2844'.
[  539.723524][T16918] ip6gretap2: entered allmulticast mode
[  539.747965][T16918] bond10: (slave ip6gretap2): Enslaving as an active interface with an up link
[  540.037583][T16944] nbd: must specify a size in bytes for the device
[  540.096978][T16947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2849'.
[  540.217744][T16952] netlink: 'syz.1.2850': attribute type 1 has an invalid length.
[  540.262877][T16952] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR
[  540.817972][T16975] syzkaller1: entered promiscuous mode
[  540.884337][T16975] syzkaller1: entered allmulticast mode
[  541.392826][T16996] netlink: 'syz.0.2860': attribute type 13 has an invalid length.
[  541.408338][T17002] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2862'.
[  541.422826][T16996] netlink: 'syz.0.2860': attribute type 17 has an invalid length.
[  541.433571][T17002] netlink: 'syz.2.2862': attribute type 13 has an invalid length.
[  541.457032][T17002] netlink: 'syz.2.2862': attribute type 17 has an invalid length.
[  541.576566][T16996] sit0: left promiscuous mode
[  541.626760][T16996] bridge0: left allmulticast mode
[  541.669632][T16996] 8021q: adding VLAN 0 to HW filter on device bond0
[  541.699697][T16996] 8021q: adding VLAN 0 to HW filter on device team0
[  541.820962][T16996] syzkaller0: left promiscuous mode
[  541.833494][T16996] syzkaller0: left allmulticast mode
[  541.863675][T16996] hsr0: left promiscuous mode
[  541.881877][T16996] geneve1: left promiscuous mode
[  541.894637][T16996] bond1: left promiscuous mode
[  541.899512][T16996] bond1: left allmulticast mode
[  541.959530][T16999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2861'.
[  541.997187][T16996] bond3: left promiscuous mode
[  542.002209][T16996] bridge3: left promiscuous mode
[  542.008200][T16996] bond3: left allmulticast mode
[  542.015106][T16996] bridge3: left allmulticast mode
[  542.025829][T16996] bond4: left promiscuous mode
[  542.031240][T16996] bond4: left allmulticast mode
[  542.055225][T16996] ip6gre1: left promiscuous mode
[  542.067091][T16996] ip6gre1: left allmulticast mode
[  542.107698][T16996] ip6tnl1: left allmulticast mode
[  542.125406][T16996] 8021q: adding VLAN 0 to HW filter on device bond6
[  542.148736][T16996] macvlan0: left promiscuous mode
[  542.154508][T16996] bond7: left promiscuous mode
[  542.159926][T16996] macvlan0: left allmulticast mode
[  542.165925][T16996] bond7: left allmulticast mode
[  542.189407][T16996] bond10: left allmulticast mode
[  542.195031][T16996] ip6gretap2: left allmulticast mode
[  542.201326][T16996] 8021q: adding VLAN 0 to HW filter on device bond10
[  542.238925][T17002] ip_vti0: left allmulticast mode
[  542.265383][T17002] tipc: Resetting bearer <eth:team0>
[  542.291460][T17002] hsr0: left promiscuous mode
[  542.319617][T17002] geneve1: left promiscuous mode
[  542.328210][T17002] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  542.336904][T17015] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2865'.
[  542.345081][T17002] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  542.367805][T17002] 8021q: adding VLAN 0 to HW filter on device bond7
[  542.400909][T17017] netlink: 472 bytes leftover after parsing attributes in process `syz.0.2865'.
[  543.517767][T17002] geneve4: left promiscuous mode
[  543.523843][T17002] macvlan3: left allmulticast mode
[  543.529182][T17002] gretap0: left allmulticast mode
[  543.535591][T17002] gretap2: left allmulticast mode
[  543.547474][T17002] bond11: left promiscuous mode
[  543.553889][T17002] bond12: left promiscuous mode
[  543.558806][T17002] veth13: left promiscuous mode
[  543.631191][T17016] workqueue: Failed to create a rescuer kthread for wq "bond11": -EINTR
[  543.667786][   T75] bond9: (slave veth7): link status definitely up, 10000 Mbps full duplex
[  543.780838][   T75] bond9: (slave veth7): making interface the new active one
[  543.788866][T17022] nbd: must specify a size in bytes for the device
[  543.822696][   T75] bond9: active interface up!
[  543.837026][ T3384] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  543.963881][ T6742] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  544.496674][T17047] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2875'.
[  544.518192][T17047] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2875'.
[  544.548420][T17050] netlink: 'syz.4.2877': attribute type 1 has an invalid length.
[  544.684696][T17050] 8021q: adding VLAN 0 to HW filter on device bond8
[  544.837274][T17058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2879'.
[  545.016681][T17066] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2880'.
[  545.382750][T17077] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2882'.
[  545.749133][T17092] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2886'.
[  546.172589][T17108] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  546.424434][T17114] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2892'.
[  546.436304][T17114] netlink: 'syz.3.2892': attribute type 7 has an invalid length.
[  546.444232][T17114] netlink: 'syz.3.2892': attribute type 8 has an invalid length.
[  546.452075][T17114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2892'.
[  546.536024][T17116] syzkaller0: entered promiscuous mode
[  546.541578][T17116] syzkaller0: entered allmulticast mode
[  546.570340][T17116] vlan0: entered promiscuous mode
[  546.577450][T17116] gretap0: entered promiscuous mode
[  546.805349][T17118] bridge0: port 1(vlan0) entered blocking state
[  546.811803][T17118] bridge0: port 1(vlan0) entered disabled state
[  546.819010][T17118] vlan0: entered allmulticast mode
[  546.824625][T17118] geneve0: entered allmulticast mode
[  548.233716][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  548.301152][T17077] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  548.393931][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  548.877077][T17146] sctp: [Deprecated]: syz.0.2901 (pid 17146) Use of struct sctp_assoc_value in delayed_ack socket option.
[  548.877077][T17146] Use struct sctp_sack_info instead
[  549.017816][T17146] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2901'.
[  549.055632][T17146] tipc: Invalid UDP bearer configuration
[  549.055705][T17146] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  549.495897][T17159] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  549.507082][T17159] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  549.517526][T17159] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  549.546160][T17165] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2907'.
[  549.608966][T17167] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2909'.
[  549.630280][T17167] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2909'.
[  549.641853][T17167] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2909'.
[  550.145344][T17178] netlink: 236 bytes leftover after parsing attributes in process `syz.0.2913'.
[  550.547025][T17194] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2917'.
[  551.322751][T17215] bond8: option tlb_dynamic_lb: invalid value (5)
[  551.549283][T17215] bond8 (unregistering): Released all slaves
[  551.975621][T17249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2926'.
[  552.047980][T17254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2929'.
[  552.363746][T17271] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2928'.
[  553.084363][T17291] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2936'.
[  553.166863][T17291] 8021q: adding VLAN 0 to HW filter on device bond9
[  553.479754][T17303] netlink: 'syz.0.2938': attribute type 1 has an invalid length.
[  553.762753][T17303] 8021q: adding VLAN 0 to HW filter on device bond11
[  553.881729][T17307] bond11: (slave ip6gretap4): making interface the new active one
[  553.930114][T17307] bond11: (slave ip6gretap4): Enslaving as an active interface with an up link
[  554.242382][T17324] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  554.274312][T17324] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  554.304101][T17324] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  554.307110][T17329] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  555.115489][T17349] syzkaller0: entered promiscuous mode
[  555.131860][T17349] syzkaller0: entered allmulticast mode
[  555.289846][T17354] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2950'.
[  556.551488][T16479] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  556.587265][T16479] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  556.597059][T16479] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  556.620502][T16479] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  556.630349][T16479] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  557.364098][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  557.372883][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  558.719579][T16479] Bluetooth: hci5: command tx timeout
[  559.112241][T17379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2957'.
[  559.811055][ T6746] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  559.866018][ T6746] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.875015][T17402] netlink: 'syz.1.2962': attribute type 89 has an invalid length.
[  560.287712][ T6746] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  560.324118][ T6746] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.484298][T17418] bond13: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  560.567738][T17418] bond13 (unregistering): Released all slaves
[  560.802496][T16479] Bluetooth: hci5: command tx timeout
[  560.857506][ T6746] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  560.872720][ T6746] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.357258][ T6746] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.410365][ T6746] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.509889][T17455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2973'.
[  561.710748][T17463] xt_hashlimit: size too large, truncated to 1048576
[  561.872860][T17470] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2976'.
[  561.985455][T17479] xt_hashlimit: size too large, truncated to 1048576
[  562.258516][T17482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2978'.
[  562.637486][ T6746] vlan2: left allmulticast mode
[  562.647471][ T6746] geneve0: left allmulticast mode
[  562.658533][ T6746] vlan2: left promiscuous mode
[  562.667550][ T6746] geneve0: left promiscuous mode
[  562.678393][ T6746] bridge0: port 4(vlan2) entered disabled state
[  562.696257][ T6746] batadv1: left allmulticast mode
[  562.702876][ T6746] batadv1: left promiscuous mode
[  562.710261][ T6746] bridge0: port 3(batadv1) entered disabled state
[  562.822993][ T6746] pim6reg: left allmulticast mode
[  562.839474][ T6746] dvmrp0: left allmulticast mode
[  562.873986][T16479] Bluetooth: hci5: command tx timeout
[  563.309468][ T6746] bond10 (unregistering): (slave ip6gretap2): Releasing active interface
[  563.377552][ T6746] bond11 (unregistering): (slave ip6gretap4): Releasing active interface
[  563.675957][ T6746] bond3 (unregistering): (slave bridge3): Releasing backup interface
[  563.771383][ T6746] bond0 (unregistering): Released all slaves
[  563.783943][ T6746] bond1 (unregistering): Released all slaves
[  563.799431][ T6746] bond2 (unregistering): (slave veth3): Releasing active interface
[  563.809735][ T6746] bond2 (unregistering): Released all slaves
[  563.829951][ T6746] bond3 (unregistering): Released all slaves
[  563.854112][ T6746] team0: Port device bond4 removed
[  563.870179][ T6746] bond4 (unregistering): Released all slaves
[  563.891551][ T6746] bond5 (unregistering): Released all slaves
[  563.904761][ T6746] bond6 (unregistering): Released all slaves
[  563.921647][ T6746] team0: Port device macvlan0 removed
[  563.946436][ T6746] bond7 (unregistering): Released all slaves
[  563.967348][ T6746] bond8 (unregistering): Released all slaves
[  563.982845][ T6746] bond9 (unregistering): (slave veth7): Releasing active interface
[  563.995043][ T6746] bond9 (unregistering): Released all slaves
[  564.025459][ T6746] bond10 (unregistering): Released all slaves
[  564.040481][ T6746] bond11 (unregistering): Released all slaves
[  564.508276][ T6746] : left promiscuous mode
[  564.803621][T17523] veth1_to_bond: entered promiscuous mode
[  564.817763][T17524] veth1_to_bond: entered allmulticast mode
[  564.951353][ T6746] hmó3)ó: left promiscuous mode
[  564.959680][T16479] Bluetooth: hci5: command tx timeout
[  565.108743][T17524] veth1_to_bond: left allmulticast mode
[  565.130210][T17524] veth1_to_bond: left promiscuous mode
[  565.188408][ T6746] tipc: Left network mode
[  565.299208][T17556] netlink: 'syz.1.2991': attribute type 5 has an invalid length.
[  565.933003][T17367] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.959068][T17367] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.995192][T17367] bridge_slave_0: entered allmulticast mode
[  566.045464][T17367] bridge_slave_0: entered promiscuous mode
[  566.246187][T17367] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.277727][T17578] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2996'.
[  566.284942][T17367] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.315213][T17367] bridge_slave_1: entered allmulticast mode
[  566.360430][T17367] bridge_slave_1: entered promiscuous mode
[  566.391187][ T5294] 8021q: adding VLAN 0 to HW filter on device eth1
[  567.567732][T17367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  567.600157][T17367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  567.860789][T17367] team0: Port device team_slave_0 added
[  567.891647][T17367] team0: Port device team_slave_1 added
[  567.905973][T17608] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3000'.
[  567.917158][T17608] netlink: 'syz.3.3000': attribute type 1 has an invalid length.
[  567.985937][T17614] Unsupported ieee802154 address type: 0
[  568.319202][T17367] batman_adv: batadv0: Adding interface: batadv_slave_0
[  568.365496][T17367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  568.479028][T17367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  568.495413][T17636] netlink: 'syz.1.3006': attribute type 26 has an invalid length.
[  568.589021][T17367] batman_adv: batadv0: Adding interface: batadv_slave_1
[  568.625562][T17367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  568.680408][T17367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  568.685808][T17644] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.3007'.
[  568.722437][ T6742] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  568.764338][ T6742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  568.771677][T17648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3007'.
[  568.905967][T17644] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3007'.
[  569.371867][T17367] hsr_slave_0: entered promiscuous mode
[  569.386584][T17367] hsr_slave_1: entered promiscuous mode
[  569.528487][T17675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3010'.
[  569.551362][T17675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3010'.
[  569.571550][T17675] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3010'.
[  570.037618][ T5294] 8021q: adding VLAN 0 to HW filter on device eth2
[  570.109552][T17696] IPv6: Can't replace route, no match found
[  571.541735][ T6746] hsr_slave_0: left promiscuous mode
[  571.578247][ T6746] hsr_slave_1: left promiscuous mode
[  571.807941][T17745] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3020'.
[  574.747894][ T5294] 8021q: adding VLAN 0 to HW filter on device eth3
[  575.283714][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  575.688470][T17780] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3023'.
[  576.627597][ T6746] IPVS: stop unused estimator thread 0...
[  576.661018][T17806] ip6gre2: entered promiscuous mode
[  576.671523][T17806] ip6gre2: entered allmulticast mode
[  576.818482][  T140] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  576.876427][ T5732] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  576.884590][  T140] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  576.925444][T17822] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3031'.
[  576.997930][T17824] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3032'.
[  577.094462][T17828] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3033'.
[  577.177688][T17820] syzkaller1: entered promiscuous mode
[  577.198125][T17820] syzkaller1: entered allmulticast mode
[  577.210842][T17824] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3032'.
[  577.304253][ T5732] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  577.849908][T17844] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3036'.
[  577.914289][ T5855] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  578.001937][T17367] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  578.077650][T17367] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  578.115052][T17367] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  578.178283][T17367] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  578.218890][T17367] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  578.257368][T17367] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  578.285240][T17367] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  578.345062][T17367] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  578.511762][T17869] netlink: 'syz.4.3041': attribute type 1 has an invalid length.
[  578.824162][T17367] 8021q: adding VLAN 0 to HW filter on device bond0
[  578.919523][T17367] 8021q: adding VLAN 0 to HW filter on device team0
[  578.967634][ T3348] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.974899][ T3348] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.045230][ T3348] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.052527][ T3348] bridge0: port 2(bridge_slave_1) entered forwarding state
[  579.469737][T17883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3046'.
[  579.540491][T17888] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3048'.
[  579.551036][T17883] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3046'.
[  579.600689][T17894] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3048'.
[  579.611090][T17883] geneve5: entered promiscuous mode
[  579.638128][T17883] geneve5: entered allmulticast mode
[  580.142185][T17904] x_tables: ip6_tables: mh match: only valid for protocol 135
[  580.864100][T17939] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3057'.
[  580.916090][T17940] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3057'.
[  580.953451][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  581.761540][T17367] 8021q: adding VLAN 0 to HW filter on device batadv0
[  582.029890][T17367] veth0_vlan: entered promiscuous mode
[  582.104807][T17367] veth1_vlan: entered promiscuous mode
[  582.251931][T17367] veth0_macvtap: entered promiscuous mode
[  582.300560][T17367] veth1_macvtap: entered promiscuous mode
[  582.399711][T17367] batman_adv: batadv0: Interface activated: batadv_slave_0
[  582.445939][T17367] batman_adv: batadv0: Interface activated: batadv_slave_1
[  582.508507][ T3348] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  582.546305][ T3348] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  582.600657][ T3348] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  582.661050][ T3348] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  582.798467][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3065'.
[  582.798531][T17982] xt_cgroup: invalid path, errno=-2
[  582.842934][T17983] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3065'.
[  582.891425][T17982] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3064'.
[  582.928616][T17982] netlink: 'syz.4.3064': attribute type 5 has an invalid length.
[  582.961361][T17982] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3064'.
[  583.017967][T17982] geneve2: entered promiscuous mode
[  583.029270][T17982] geneve2: entered allmulticast mode
[  583.067210][ T1161] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 57334 - 0
[  583.093144][ T1161] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 57334 - 0
[  583.140063][ T1161] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 57334 - 0
[  583.167365][ T1161] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 57334 - 0
[  583.493908][T17997] ip6tnl2: entered allmulticast mode
[  583.501483][ T6744] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  583.520983][ T6744] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  583.529041][ T5855] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  583.676114][ T7056] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  583.712868][T17999] can: request_module (can-proto-0) failed.
[  583.739600][ T7056] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  584.173915][T17950] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  584.414800][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  584.496944][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  584.766409][ T3348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  584.817372][ T3348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  584.980488][T18031] openvswitch: netlink: Unexpected mask (mask=200240, allowed=10048)
[  585.067975][T18037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3077'.
[  585.719911][T18052] nbd: must specify a size in bytes for the device
[  585.998990][T18050] hmac(sha2: entered promiscuous mode
[  586.185560][ T5640] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  586.198808][ T5640] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  586.209844][ T5640] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  586.222738][ T5640] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  586.235714][ T5640] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  586.374881][T18068] IPVS: set_ctl: invalid protocol: 19 10.1.1.2:20003
[  586.386319][T18066] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  586.708079][T18078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3085'.
[  586.996735][T18083] syzkaller1: entered promiscuous mode
[  587.078517][T18083] syzkaller1: entered allmulticast mode
[  587.353613][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  587.807865][T18101] netlink: 'syz.0.3089': attribute type 1 has an invalid length.
[  587.879660][T18101] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3089'.
[  587.975218][T18101] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3089'.
[  588.151154][T18107] bond0: (slave gretap1): Enslaving as an active interface with an up link
[  588.172924][T18115] netlink: 'syz.1.3091': attribute type 1 has an invalid length.
[  588.319226][T16479] Bluetooth: hci0: command tx timeout
[  588.443025][T18122] nbd: must specify a size in bytes for the device
[  588.611498][T18124] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3093'.
[  588.674481][T18115] 8021q: adding VLAN 0 to HW filter on device bond8
[  588.990677][T18120] bond8: (slave geneve3): making interface the new active one
[  589.045515][T18120] bond8: (slave geneve3): Enslaving as an active interface with an up link
[  589.297714][T18144] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3097'.
[  589.353536][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  589.740581][T18154] xt_connbytes: Forcing CT accounting to be enabled
[  590.394191][T16479] Bluetooth: hci0: command tx timeout
[  591.130819][T18186] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3107'.
[  591.442302][T18189] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3109'.
[  591.487263][T18189] netlink: 5384 bytes leftover after parsing attributes in process `syz.0.3109'.
[  591.561679][T18191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3108'.
[  592.000091][T18059] bridge0: port 1(bridge_slave_0) entered blocking state
[  592.026878][T18059] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.064694][T18059] bridge_slave_0: entered allmulticast mode
[  592.098839][T18059] bridge_slave_0: entered promiscuous mode
[  592.125467][T18059] bridge0: port 2(bridge_slave_1) entered blocking state
[  592.149730][T18059] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.185923][T18059] bridge_slave_1: entered allmulticast mode
[  592.235609][T18059] bridge_slave_1: entered promiscuous mode
[  592.260586][T18212] SET target dimension over the limit!
[  592.370516][T18059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  592.388053][T18215] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  592.422915][T18059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  592.451851][T18215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3115'.
[  592.475158][T16479] Bluetooth: hci0: command tx timeout
[  592.546261][T18217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3116'.
[  592.599302][T18059] team0: Port device team_slave_0 added
[  592.626826][T18059] team0: Port device team_slave_1 added
[  592.739691][T18059] batman_adv: batadv0: Adding interface: batadv_slave_0
[  592.764575][T18059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  592.817759][T18059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  592.900107][T18059] batman_adv: batadv0: Adding interface: batadv_slave_1
[  592.911931][T18059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  592.978292][T18059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  593.165564][T18214] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  593.470737][T18059] hsr_slave_0: entered promiscuous mode
[  593.521176][T18059] hsr_slave_1: entered promiscuous mode
[  593.559707][T18059] debugfs: 'hsr0' already exists in 'hsr'
[  593.590573][T18059] Cannot create hsr debugfs directory
[  594.473498][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  594.555005][T16479] Bluetooth: hci0: command 0x0419 tx timeout
[  594.935257][T18258] netlink: 'syz.2.3127': attribute type 2 has an invalid length.
[  595.950498][T18269] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3131'.
[  596.633946][T16479] Bluetooth: hci0: command 0x0419 tx timeout
[  596.787444][T18293] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3134'.
[  597.305477][T18295] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3136'.
[  597.458697][T18296] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3136'.
[  597.566278][T18299] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3137'.
[  599.402875][T18280] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  599.435454][T18059] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  599.488281][T18059] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  599.539686][T18059] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  599.658027][T18059] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  599.709245][T18059] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  599.759845][T18059] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  599.823203][T18059] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  599.845562][T18059] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  599.954111][T18331] netlink: 'syz.2.3144': attribute type 1 has an invalid length.
[  600.007624][T18331] netlink: 'syz.2.3144': attribute type 2 has an invalid length.
[  600.078113][T18331] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3144'.
[  600.115002][T18339] netlink: 'syz.0.3146': attribute type 13 has an invalid length.
[  600.609445][T18350] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3148'.
[  600.684587][T18355] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3148'.
[  600.840073][T18059] 8021q: adding VLAN 0 to HW filter on device bond0
[  601.169461][T18367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3151'.
[  601.410318][T18059] 8021q: adding VLAN 0 to HW filter on device team0
[  601.526914][ T6746] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.534170][ T6746] bridge0: port 1(bridge_slave_0) entered forwarding state
[  601.614392][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.621659][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.608740][T18397] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3155'.
[  603.111946][T18416] netlink: 11 bytes leftover after parsing attributes in process `syz.1.3163'.
[  603.159437][T18416] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3163'.
[  603.286932][T18419] tipc: Started in network mode
[  603.310858][T18419] tipc: Node identity ac1414aa, cluster identity 4711
[  603.342732][T18419] tipc: Enabled bearer <udp:s>, priority 10
[  603.361289][T18422] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3164'.
[  603.410287][T18059] 8021q: adding VLAN 0 to HW filter on device batadv0
[  603.660008][T18433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3169'.
[  603.675488][T18059] veth0_vlan: entered promiscuous mode
[  603.736112][T18059] veth1_vlan: entered promiscuous mode
[  603.842898][T18059] veth0_macvtap: entered promiscuous mode
[  603.909764][T18059] veth1_macvtap: entered promiscuous mode
[  603.943093][T18059] batman_adv: batadv0: Interface activated: batadv_slave_0
[  604.012161][T18059] batman_adv: batadv0: Interface activated: batadv_slave_1
[  604.049752][ T6744] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  604.071033][ T6744] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  604.121069][ T6744] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  604.262774][ T6744] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  604.357129][T18456] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3176'.
[  604.465361][ T5855] tipc: Node number set to 2886997162
[  604.610546][T18461] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3177'.
[  604.626127][ T1161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  604.635525][ T1161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.694377][T18461] nbd4: detected capacity change from 0 to 2
[  604.704487][T16479] block nbd4: Receive control failed (result -32)
[  604.727677][T17786] block nbd4: Dead connection, failed to find a fallback
[  604.737128][T17786] block nbd4: shutting down sockets
[  604.745057][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  604.756869][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  604.765912][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  604.775990][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  604.784801][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  604.795434][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  604.816939][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  604.829798][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  604.845762][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  604.866917][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  604.890387][ T6741] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  604.905332][T17786] ldm_validate_partition_table(): Disk read failed.
[  604.938652][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  604.948319][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  604.978022][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.999428][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  605.054346][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  605.071168][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  605.081751][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  605.110938][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  605.137539][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  605.147677][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  605.158136][T17786] Dev nbd4: unable to read RDB block 0
[  605.165595][T17786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  605.176691][T17786] Buffer I/O error on dev nbd4, logical block 0, async page read
[  605.187608][T17786]  nbd4: unable to read partition table
[  605.204484][T17786] nbd4: partition table beyond EOD, truncated
[  605.228789][T17786] ldm_validate_partition_table(): Disk read failed.
[  605.251493][T17786] Dev nbd4: unable to read RDB block 0
[  605.271809][T17786]  nbd4: unable to read partition table
[  605.300388][T17786] nbd4: partition table beyond EOD, truncated
[  605.353685][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  605.937686][ T5640] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  605.951962][ T5640] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  605.960824][ T5640] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  605.971867][ T5640] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  605.989123][ T5640] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  606.016765][T16479] 
[  606.019163][T16479] ======================================================
[  606.026220][T16479] WARNING: possible circular locking dependency detected
[  606.033358][T16479] syzkaller #0 Not tainted
[  606.037807][T16479] ------------------------------------------------------
[  606.044871][T16479] kworker/u9:0/16479 is trying to acquire lock:
[  606.051127][T16479] ffff88801be85210 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_link_sibling+0x4c7/0x5a0
[  606.061665][T16479] 
[  606.061665][T16479] but task is already holding lock:
[  606.069028][T16479] ffff88801be85180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_add_one+0x41/0x5d0
[  606.078522][T16479] 
[  606.078522][T16479] which lock already depends on the new lock.
[  606.078522][T16479] 
[  606.088921][T16479] 
[  606.088921][T16479] the existing dependency chain (in reverse order) is:
[  606.097930][T16479] 
[  606.097930][T16479] -> #10 (&root->kernfs_rwsem){++++}-{4:4}:
[  606.106090][T16479]        down_write+0x96/0x200
[  606.110873][T16479]        kernfs_add_one+0x41/0x5d0
[  606.115993][T16479]        kernfs_create_dir_ns+0xde/0x130
[  606.121634][T16479]        internal_create_group+0x440/0x1180
[  606.127530][T16479]        cpuhp_invoke_callback+0x448/0x860
[  606.133517][T16479]        cpuhp_issue_call+0x3f0/0x750
[  606.138891][T16479]        __cpuhp_setup_state_cpuslocked+0x3f4/0x6f0
[  606.145479][T16479]        __cpuhp_setup_state+0x3f/0x60
[  606.150945][T16479]        do_one_initcall+0x250/0x870
[  606.156253][T16479]        do_initcall_level+0x10a/0x1a0
[  606.161790][T16479]        do_initcalls+0x59/0xa0
[  606.166650][T16479]        kernel_init_freeable+0x29d/0x3e0
[  606.172378][T16479]        kernel_init+0x1d/0x1d0
[  606.177269][T16479]        ret_from_fork+0x514/0xb70
[  606.182412][T16479]        ret_from_fork_asm+0x1a/0x30
[  606.187700][T16479] 
[  606.187700][T16479] -> #9 (cpuhp_state_mutex){+.+.}-{4:4}:
[  606.195524][T16479] 
[  606.195524][T16479] -> #8 (cpu_hotplug_lock){++++}-{0:0}:
[  606.203264][T16479]        cpus_read_lock+0x42/0x160
[  606.208389][T16479]        static_key_slow_inc+0x12/0x30
[  606.213886][T16479]        setup_udp_tunnel_sock+0x2df/0x4f0
[  606.219763][T16479]        l2tp_tunnel_register+0xe77/0x1570
[  606.225621][T16479]        pppol2tp_connect+0x8e3/0x18b0
[  606.231087][T16479]        __sys_connect+0x323/0x460
[  606.236210][T16479]        __x64_sys_connect+0x7a/0x90
[  606.241501][T16479]        do_syscall_64+0x174/0x580
[  606.246614][T16479]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.253047][T16479] 
[  606.253047][T16479] -> #7 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  606.260813][T16479]        lock_sock_nested+0x41/0x100
[  606.266109][T16479]        inet_shutdown+0x6a/0x390
[  606.271187][T16479]        nbd_mark_nsock_dead+0x2cb/0x550
[  606.276885][T16479]        sock_shutdown+0x15e/0x260
[  606.282001][T16479]        nbd_clear_sock+0x24/0x170
[  606.287121][T16479]        nbd_config_put+0x35b/0x660
[  606.292330][T16479]        nbd_genl_connect+0x18f7/0x1c10
[  606.297886][T16479]        genl_family_rcv_msg_doit+0x233/0x340
[  606.303960][T16479]        genl_rcv_msg+0x614/0x7a0
[  606.309339][T16479]        netlink_rcv_skb+0x226/0x4a0
[  606.314621][T16479]        genl_rcv+0x28/0x40
[  606.319125][T16479]        netlink_unicast+0x7bb/0x940
[  606.324417][T16479]        netlink_sendmsg+0x813/0xb40
[  606.329705][T16479]        ____sys_sendmsg+0x9b9/0xa20
[  606.334996][T16479]        ___sys_sendmsg+0x2a5/0x360
[  606.340197][T16479]        __x64_sys_sendmsg+0x1bd/0x2a0
[  606.345653][T16479]        do_syscall_64+0x174/0x580
[  606.350769][T16479]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.357195][T16479] 
[  606.357195][T16479] -> #6 (&nsock->tx_lock){+.+.}-{4:4}:
[  606.364846][T16479]        __mutex_lock+0x19d/0x1590
[  606.369966][T16479]        nbd_queue_rq+0x373/0x1150
[  606.375083][T16479]        blk_mq_dispatch_rq_list+0x499/0x1990
[  606.381208][T16479]        __blk_mq_sched_dispatch_requests+0xd36/0x1580
[  606.388106][T16479]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  606.394610][T16479]        blk_mq_run_hw_queue+0x348/0x4f0
[  606.400241][T16479]        blk_mq_dispatch_list+0xd11/0xe10
[  606.405973][T16479]        blk_mq_flush_plug_list+0x45f/0x540
[  606.411903][T16479]        __blk_flush_plug+0x3ed/0x4d0
[  606.417343][T16479]        __submit_bio+0x465/0x560
[  606.422385][T16479]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  606.428550][T16479]        block_read_full_folio+0x7b7/0x830
[  606.434380][T16479]        filemap_read_folio+0x12c/0x3a0
[  606.439933][T16479]        do_read_cache_folio+0x354/0x590
[  606.445578][T16479]        read_part_sector+0xb6/0x2b0
[  606.451251][T16479]        adfspart_check_ICS+0xb1/0x960
[  606.456712][T16479]        bdev_disk_changed+0x82b/0x1780
[  606.462266][T16479]        blkdev_get_whole+0x372/0x510
[  606.467672][T16479]        bdev_open+0x324/0xd70
[  606.472439][T16479]        blkdev_open+0x461/0x600
[  606.477383][T16479]        do_dentry_open+0x816/0x1380
[  606.482673][T16479]        vfs_open+0x3b/0x340
[  606.487275][T16479]        path_openat+0x2e3b/0x3890
[  606.492394][T16479]        do_file_open+0x23e/0x4a0
[  606.497447][T16479]        do_sys_openat2+0x113/0x200
[  606.502657][T16479]        __x64_sys_openat+0x138/0x170
[  606.508030][T16479]        do_syscall_64+0x174/0x580
[  606.513143][T16479]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.519556][T16479] 
[  606.519556][T16479] -> #5 (&cmd->lock){+.+.}-{4:4}:
[  606.526782][T16479]        __mutex_lock+0x19d/0x1590
[  606.531901][T16479]        nbd_queue_rq+0xc1/0x1150
[  606.536931][T16479]        blk_mq_dispatch_rq_list+0x499/0x1990
[  606.543001][T16479]        __blk_mq_sched_dispatch_requests+0xd36/0x1580
[  606.549852][T16479]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  606.556358][T16479]        blk_mq_run_hw_queue+0x348/0x4f0
[  606.561991][T16479]        blk_mq_dispatch_list+0xd11/0xe10
[  606.567712][T16479]        blk_mq_flush_plug_list+0x45f/0x540
[  606.573617][T16479]        __blk_flush_plug+0x3ed/0x4d0
[  606.579004][T16479]        __submit_bio+0x465/0x560
[  606.584035][T16479]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  606.590218][T16479]        block_read_full_folio+0x7b7/0x830
[  606.596027][T16479]        filemap_read_folio+0x12c/0x3a0
[  606.601579][T16479]        do_read_cache_folio+0x354/0x590
[  606.607217][T16479]        read_part_sector+0xb6/0x2b0
[  606.612505][T16479]        adfspart_check_ICS+0xb1/0x960
[  606.617965][T16479]        bdev_disk_changed+0x82b/0x1780
[  606.623637][T16479]        blkdev_get_whole+0x372/0x510
[  606.629013][T16479]        bdev_open+0x324/0xd70
[  606.633787][T16479]        blkdev_open+0x461/0x600
[  606.638729][T16479]        do_dentry_open+0x816/0x1380
[  606.644023][T16479]        vfs_open+0x3b/0x340
[  606.648612][T16479]        path_openat+0x2e3b/0x3890
[  606.653729][T16479]        do_file_open+0x23e/0x4a0
[  606.658768][T16479]        do_sys_openat2+0x113/0x200
[  606.663968][T16479]        __x64_sys_openat+0x138/0x170
[  606.669344][T16479]        do_syscall_64+0x174/0x580
[  606.674462][T16479]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.680973][T16479] 
[  606.680973][T16479] -> #4 (set->srcu){.+.+}-{0:0}:
[  606.688104][T16479]        __synchronize_srcu+0xc9/0x2f0
[  606.693566][T16479]        elevator_switch+0x1e8/0x7b0
[  606.698903][T16479]        elevator_change+0x2fa/0x480
[  606.704187][T16479]        elevator_set_default+0x375/0x440
[  606.709905][T16479]        blk_register_queue+0x3f3/0x4e0
[  606.715457][T16479]        __add_disk+0x6cb/0xe30
[  606.720314][T16479]        add_disk_fwnode+0xfb/0x4b0
[  606.725518][T16479]        nbd_dev_add+0x733/0xb60
[  606.730463][T16479]        nbd_init+0x15f/0x1e0
[  606.735196][T16479]        do_one_initcall+0x250/0x870
[  606.740483][T16479]        do_initcall_level+0x10a/0x1a0
[  606.745941][T16479]        do_initcalls+0x59/0xa0
[  606.750792][T16479]        kernel_init_freeable+0x29d/0x3e0
[  606.756511][T16479]        kernel_init+0x1d/0x1d0
[  606.761366][T16479]        ret_from_fork+0x514/0xb70
[  606.766477][T16479]        ret_from_fork_asm+0x1a/0x30
[  606.771772][T16479] 
[  606.771772][T16479] -> #3 (&q->elevator_lock){+.+.}-{4:4}:
[  606.779596][T16479]        __mutex_lock+0x19d/0x1590
[  606.784713][T16479]        elevator_change+0x1af/0x480
[  606.790007][T16479]        elevator_set_none+0xb5/0x140
[  606.795379][T16479]        blk_mq_update_nr_hw_queues+0x5ef/0x19f0
[  606.801711][T16479]        nbd_start_device+0x189/0xb30
[  606.807093][T16479]        nbd_genl_connect+0x1597/0x1c10
[  606.812641][T16479]        genl_family_rcv_msg_doit+0x233/0x340
[  606.818715][T16479]        genl_rcv_msg+0x614/0x7a0
[  606.823755][T16479]        netlink_rcv_skb+0x226/0x4a0
[  606.829051][T16479]        genl_rcv+0x28/0x40
[  606.833561][T16479]        netlink_unicast+0x7bb/0x940
[  606.838855][T16479]        netlink_sendmsg+0x813/0xb40
[  606.844141][T16479]        ____sys_sendmsg+0x9b9/0xa20
[  606.849428][T16479]        ___sys_sendmsg+0x2a5/0x360
[  606.854627][T16479]        __x64_sys_sendmsg+0x1bd/0x2a0
[  606.860087][T16479]        do_syscall_64+0x174/0x580
[  606.865203][T16479]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.871645][T16479] 
[  606.871645][T16479] -> #2 (&q->q_usage_counter(io)#50){++++}-{0:0}:
[  606.880313][T16479]        blk_alloc_queue+0x544/0x690
[  606.885621][T16479]        __blk_mq_alloc_disk+0x194/0x390
[  606.891260][T16479]        nbd_dev_add+0x494/0xb60
[  606.896206][T16479]        nbd_init+0x15f/0x1e0
[  606.900889][T16479]        do_one_initcall+0x250/0x870
[  606.906183][T16479]        do_initcall_level+0x10a/0x1a0
[  606.911645][T16479]        do_initcalls+0x59/0xa0
[  606.916496][T16479]        kernel_init_freeable+0x29d/0x3e0
[  606.922217][T16479]        kernel_init+0x1d/0x1d0
[  606.927076][T16479]        ret_from_fork+0x514/0xb70
[  606.932193][T16479]        ret_from_fork_asm+0x1a/0x30
[  606.937490][T16479] 
[  606.937490][T16479] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  606.944707][T16479]        fs_reclaim_acquire+0x71/0x100
[  606.950182][T16479]        kmem_cache_alloc_noprof+0x40/0x650
[  606.956080][T16479]        __kernfs_iattrs+0xdd/0x340
[  606.961320][T16479]        kernfs_iop_setattr+0xe6/0x3f0
[  606.966785][T16479]        notify_change+0xbba/0xea0
[  606.971897][T16479]        do_truncate+0x1c2/0x250
[  606.976843][T16479]        path_openat+0x2fbd/0x3890
[  606.981965][T16479]        do_file_open+0x23e/0x4a0
[  606.987003][T16479]        do_sys_openat2+0x113/0x200
[  606.992203][T16479]        __x64_sys_openat+0x138/0x170
[  606.997596][T16479]        do_syscall_64+0x174/0x580
[  607.002711][T16479]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.009131][T16479] 
[  607.009131][T16479] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[  607.017736][T16479]        __lock_acquire+0x1520/0x2cd0
[  607.023116][T16479]        lock_acquire+0x106/0x350
[  607.028143][T16479]        down_write+0x96/0x200
[  607.032912][T16479]        kernfs_link_sibling+0x4c7/0x5a0
[  607.038553][T16479]        kernfs_add_one+0x1d2/0x5d0
[  607.043765][T16479]        kernfs_create_dir_ns+0xde/0x130
[  607.049405][T16479]        sysfs_create_dir_ns+0x12f/0x2a0
[  607.055040][T16479]        kobject_add_internal+0x622/0xcd0
[  607.060815][T16479]        kobject_add+0x163/0x240
[  607.065764][T16479]        device_add+0x3fa/0xb90
[  607.070684][T16479]        hci_conn_add_sysfs+0xd5/0x210
[  607.076212][T16479]        hci_conn_complete_evt+0x8a8/0x1350
[  607.082157][T16479]        hci_event_packet+0x6cd/0xf10
[  607.087533][T16479]        hci_rx_work+0x3ee/0x1020
[  607.092583][T16479]        process_scheduled_works+0xa8e/0x14e0
[  607.098661][T16479]        worker_thread+0xa47/0xfb0
[  607.103778][T16479]        kthread+0x389/0x470
[  607.108375][T16479]        ret_from_fork+0x514/0xb70
[  607.113488][T16479]        ret_from_fork_asm+0x1a/0x30
[  607.118783][T16479] 
[  607.118783][T16479] other info that might help us debug this:
[  607.118783][T16479] 
[  607.129008][T16479] Chain exists of:
[  607.129008][T16479]   &root->kernfs_iattr_rwsem --> cpuhp_state_mutex --> &root->kernfs_rwsem
[  607.129008][T16479] 
[  607.143482][T16479]  Possible unsafe locking scenario:
[  607.143482][T16479] 
[  607.150983][T16479]        CPU0                    CPU1
[  607.156371][T16479]        ----                    ----
[  607.161746][T16479]   lock(&root->kernfs_rwsem);
[  607.166520][T16479]                                lock(cpuhp_state_mutex);
[  607.173640][T16479]                                lock(&root->kernfs_rwsem);
[  607.180968][T16479]   lock(&root->kernfs_iattr_rwsem);
[  607.186268][T16479] 
[  607.186268][T16479]  *** DEADLOCK ***
[  607.186268][T16479] 
[  607.194487][T16479] 4 locks held by kworker/u9:0/16479:
[  607.199889][T16479]  #0: ffff88807e410940 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0
[  607.210884][T16479]  #1: ffffc90005257c40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0
[  607.222894][T16479]  #2: ffff888060afc0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_conn_complete_evt+0xba/0x1350
[  607.232752][T16479]  #3: ffff88801be85180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_add_one+0x41/0x5d0
[  607.242603][T16479] 
[  607.242603][T16479] stack backtrace:
[  607.248491][T16479] CPU: 0 UID: 0 PID: 16479 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  607.248510][T16479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  607.248523][T16479] Workqueue: hci3 hci_rx_work
[  607.248540][T16479] Call Trace:
[  607.248547][T16479]  <TASK>
[  607.248554][T16479]  dump_stack_lvl+0xe8/0x150
[  607.248573][T16479]  print_circular_bug+0x2e1/0x300
[  607.248595][T16479]  check_noncircular+0x12e/0x150
[  607.248618][T16479]  __lock_acquire+0x1520/0x2cd0
[  607.248637][T16479]  ? __lock_acquire+0x683/0x2cd0
[  607.248658][T16479]  ? kernfs_link_sibling+0x4c7/0x5a0
[  607.248679][T16479]  lock_acquire+0x106/0x350
[  607.248695][T16479]  ? kernfs_link_sibling+0x4c7/0x5a0
[  607.248721][T16479]  down_write+0x96/0x200
[  607.248742][T16479]  ? kernfs_link_sibling+0x4c7/0x5a0
[  607.248764][T16479]  ? __pfx_down_write+0x10/0x10
[  607.248791][T16479]  ? kernfs_root+0x1c/0x230
[  607.248810][T16479]  ? kernfs_root+0x1c/0x230
[  607.248830][T16479]  ? kernfs_root+0x1ea/0x230
[  607.248850][T16479]  kernfs_link_sibling+0x4c7/0x5a0
[  607.248875][T16479]  kernfs_add_one+0x1d2/0x5d0
[  607.248898][T16479]  kernfs_create_dir_ns+0xde/0x130
[  607.248922][T16479]  sysfs_create_dir_ns+0x12f/0x2a0
[  607.248943][T16479]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  607.248963][T16479]  ? do_raw_spin_unlock+0xf5/0x210
[  607.248987][T16479]  kobject_add_internal+0x622/0xcd0
[  607.249012][T16479]  kobject_add+0x163/0x240
[  607.249034][T16479]  ? __pfx_kobject_add+0x10/0x10
[  607.249056][T16479]  ? get_device_parent+0x366/0x3a0
[  607.249082][T16479]  device_add+0x3fa/0xb90
[  607.249105][T16479]  hci_conn_add_sysfs+0xd5/0x210
[  607.249131][T16479]  hci_conn_complete_evt+0x8a8/0x1350
[  607.249150][T16479]  ? __pfx_hci_conn_complete_evt+0x10/0x10
[  607.249167][T16479]  ? skb_pull_data+0xf0/0x200
[  607.249187][T16479]  hci_event_packet+0x6cd/0xf10
[  607.249205][T16479]  ? __pfx_hci_conn_complete_evt+0x10/0x10
[  607.249220][T16479]  ? __pfx_hci_event_packet+0x10/0x10
[  607.249237][T16479]  ? tag_mounts+0x14f0/0x1600
[  607.249276][T16479]  ? hci_send_to_monitor+0xe2/0x590
[  607.249299][T16479]  hci_rx_work+0x3ee/0x1020
[  607.249317][T16479]  ? process_scheduled_works+0xa20/0x14e0
[  607.249332][T16479]  process_scheduled_works+0xa8e/0x14e0
[  607.249357][T16479]  ? __pfx_process_scheduled_works+0x10/0x10
[  607.249375][T16479]  ? assign_work+0x3cf/0x5d0
[  607.249391][T16479]  worker_thread+0xa47/0xfb0
[  607.249412][T16479]  ? __kthread_parkme+0x71/0x1f0
[  607.249432][T16479]  kthread+0x389/0x470
[  607.249452][T16479]  ? __pfx_worker_thread+0x10/0x10
[  607.249467][T16479]  ? __pfx_kthread+0x10/0x10
[  607.249487][T16479]  ret_from_fork+0x514/0xb70
[  607.249504][T16479]  ? __pfx_ret_from_fork+0x10/0x10
[  607.249520][T16479]  ? __switch_to+0xc89/0x1420
[  607.249543][T16479]  ? __pfx_kthread+0x10/0x10
[  607.249563][T16479]  ret_from_fork_asm+0x1a/0x30
[  607.249588][T16479]  </TASK>
[  607.303544][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  607.563274][ T1161] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  607.723387][  T809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  608.424540][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.467879][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.518772][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.553643][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  608.578258][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.677118][   T12] bridge_slave_1: left allmulticast mode
[  608.683076][   T12] bridge_slave_1: left promiscuous mode
[  608.689064][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.699192][   T12] bridge_slave_0: left allmulticast mode
[  608.706119][   T12] bridge_slave_0: left promiscuous mode
[  608.711858][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.734304][ T6741] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  608.770532][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  608.782062][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  608.794284][   T12] bond0 (unregistering): Released all slaves
[  609.020280][   T12] hsr_slave_0: left promiscuous mode
[  609.026791][   T12] hsr_slave_1: left promiscuous mode
[  609.032809][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  609.049438][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  609.059440][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  609.067170][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  609.094308][   T12] veth1_macvtap: left promiscuous mode
[  609.099914][   T12] veth0_macvtap: left promiscuous mode
[  609.105561][   T12] veth1_vlan: left promiscuous mode
[  609.110851][   T12] veth0_vlan: left promiscuous mode
[  609.204200][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  609.237682][   T12] team0 (unregistering): Port device team_slave_1 removed
[  609.248332][   T12] team0 (unregistering): Port device team_slave_0 removed
[  609.299941][ T5294] 8021q: adding VLAN 0 to HW filter on device eth1
[  609.653649][ T5294] 8021q: adding VLAN 0 to HW filter on device eth2
[  609.843468][ T1161] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  609.907120][ T5294] 8021q: adding VLAN 0 to HW filter on device eth3
[  610.166536][ T5294] 8021q: adding VLAN 0 to HW filter on device eth4
[  610.943668][ T6753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  612.053838][ T3348] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  613.163746][ T3348] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  614.264014][ T6753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  614.314119][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  615.364224][ T6753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog