last executing test programs:

7.249124439s ago: executing program 2 (id=6595):
r0 = socket(0xa, 0xb, 0x2000003a)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x7800, 0x700, 0x1, 0x0, {{0x5, 0x4, 0x2, 0x0, 0x14, 0x66, 0x0, 0xe, 0x4, 0x0, @multicast1, @local}}}})

2.637050949s ago: executing program 0 (id=6656):
r0 = socket(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r1, 0x107, 0xb, 0x0, &(0x7f0000000040))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x7, 0x0, 0x0)
write(r0, &(0x7f0000000040)="effd00001000ff00fd4344c007110000f3050a00dbfd010000000001ffdf00", 0xfe00)

2.375674359s ago: executing program 0 (id=6662):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x304}, "e8ffff0700", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0x2)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4}, 0x68)

1.860946876s ago: executing program 4 (id=6667):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2711, @host}, 0x10)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000340)={0x28, 0x0, 0x2616}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x8, &(0x7f0000000100), 0x12d)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5, 0x2010, r2, 0xb70a000)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x8, 0x401, 0x0, 0x0, {0x3, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8884}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x800}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000340)={0x23, {{0x2, 0x0, @private=0xa010101}}, {{0x2, 0x0, @multicast2}}}, 0x108)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05fa651ba00000000000010000000900010073797a30000000002c000000030a03000000000000400000010000000900030073797a32000000000900010073797a300000000054000000060a01040000000000000000010000002c00048028000180080001006e6174001c00028008000540000000040800014000000001080002404d89000208000b40000000000900010073797a30"], 0xc8}}, 0x0)

1.841363325s ago: executing program 0 (id=6668):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x4}]}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0x3, 0x2)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000000)={r6, 0x4}, 0x8)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f00000000c0)={r9, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r10 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x20008045)
sendmsg$NL80211_CMD_SET_WIPHY(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x41000)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r2, &(0x7f00000000c0)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x2, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x4, 0x28, 0x0, 0x0, 0x8, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x8100, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x5}}}}, 0x36)
r11 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r11, 0x1, 0x28, &(0x7f0000000540)=0x8, 0x4)
r12 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[], 0x188}}, 0x0)
r13 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r13, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x0, 0x1}, 0x20)

1.716951483s ago: executing program 1 (id=6670):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010016000000000000000000000a640002000000000200000038000480340001800c0001007061796c6f6164002400028008e90340000000020800024000000000080003400000000008000540000000030900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000aace79fc879242398d09dbe3a11717660f67d455a25091d0f1ffa72"], 0x8c}, 0x1, 0x0, 0x0, 0x4800}, 0x84) (async)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="3b000000010006", 0x7) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0500000081000000810000000900000000000000", @ANYBLOB="f73698cb5bf1f9fc168fee2a208218282bb0345ae8faab6fbe1a2192f2596bfa64c2302f059b8e91ba46155208fdd3dfdb7cde8d0c0d68ef1a683ffe305121a79c05ee7a56cd1ea70fedf491fcfe8aab0ca0bde03363f6b1f25c405de57cc48602110031b8e0af5cece6b12d0b736a034435b298d79019a411ba62874f641574b2f4b5a4e8d80b76cdd6e66a8832d7d45919198f5bec49d44b6ebff1245be5", @ANYRESHEX, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000007c0), 0x402, r2}, 0x38) (async, rerun: 64)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x5, r2}, 0x38) (async, rerun: 64)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000880), r3) (async)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290) (async)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000a40)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000200000002000004ffffffff000000000000000000fbffffff0000000000a8db07432ec839be000000000000000000000000000000000000005c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a72316cf1e2e469a019d29793f3232978d70d3b8e9373b22e75656e72c11c7d74250cd157733c3e09708be1952541611f25f7e82ecf64783a1c2f487c68b6e0482aff9dfe6dcd8176a06cb87496d3ffd677496a2c34f4b130a9db1734fbe2e93462a0abe436d17f0bca6a2f56781997386810045fd02ca52702afffaa02822bcdf382abf5f01b108e68f227c6f2e83e502eae482b25a5908d4e1f01c8de8746042b76079b104d504ac26bfa9c154c8f7237577fd81d433d033113a06a000d7cf138ce7cdf3870f1c58fb93c2bd1b469fff429fe2c6265bdf7fee318936025a26c634f99d6e3087ae717a7d0b156cd0c6477151f522e00634b096ed3704d2b2ccc69ac5a7d897c80f66e8a35b80a24750836cb33d3bc0bb4764d47c7663a08b2ab8efd9c14fc4f33d20ce8e930ddbacb077b4a408ec8f3f6156fa3414fc495e5aee87a8b76ac3da5b02a8296232079872addcbf7da4902a406fc6b7f422f752d1d6c09da603275e790fcfd98f50b8ceddf2629dcbeec8c13d4102214a15fab2a008cecd7a26790fdb59d53e7d07751cb65ab3de20310c12df52d1b25e9fa36c9de24074ebec00757a36ab49dcb6662b360f486c3fc4c9d4bece42a66163fef34cc102958c99472ed7192dbb617647d1a84970f12bec59b8123eb186f670a3cffb277b7336240c704850aa92c92e743097d78eac02301de12a55674399ae56a7a8aada0709556c000cfe22ada872dc195e81b2a116eaec1d2c1249912e192d083a56fa2af59a153a46a0edb3d996fcd81fe22183bacf2bbc861bdfe20e4115dba478779d79e18a6be4756f22c5caf884803b0d1fe33f31204b59ed89becf1efc267d2187f36779e9aabdde3fdb424d9fe20d3a512639df5bd8013c1cf0c91162908b1089546ab0f1757009448df8cb128d11e83d6acb81fccaa6ffa1e9a23764f9dc22fb5e820952cc5386c1604cd60cffd3ec9d095c0a5927b90a394b2d20f3ca1f9a1dd2a8a0bf5e344ad85e3603fed8d67cb53f3ef41ec06d72323b855efe93bfb2ac05f088e1cfd888a86d368adefc8a778a15a2568bf6d40286322aba6f2d8b2b2c36562695249a12ba22924202b9aa4b20b1218a7264287adaae34d8a80763cb118c3010e0546319d6e95b7ed118956c6722ad77042d60ce539c01c6e5988d4d6250340464f5e2d8290d8ab0e65d1eb03c0ae86da3904d90a1f6c33ec0d4679cdd593dfb0adeb86ee1f50469cb1975d476cd189c921193202d08dfba47bb078879f0c1f8b5a0a2f2e10abe6967f94fcf5e91ec45638fede8139066ccfd88953d53dc606747c88e394c"], 0x190)
sendmsg$NLBL_UNLABEL_C_ACCEPT(r3, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r3, @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf25010000000500010006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000800) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'ipvlan1\x00', <r7=>0x0}) (async)
gettid() (async)
r8 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) (async)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000f80)=ANY=[@ANYBLOB="fc00000650fd6a78e3bc76001300000427bd7000fddbdf2507000000", @ANYRES32=r7, @ANYBLOB="020000000447010008000a00", @ANYRES32=r7, @ANYBLOB="14001400776c616e310000000000000000000000b8001a8074000a8014000700fc0200000000000000000000000000001400070000000000000000000000ffffac1e01010500080004000000050008000600000014000700fc01000000000000000000000000000014000700fe8000000000000000000000000000aa0500080000000000050008000000000004001c0004001c0018000280140001800800200001000000080008004000000004001c000400070018000a8014000700fe8000000000000000000000000000aa08000f0001000080"], 0xfc}, 0x1, 0x0, 0x0, 0x4802}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000001580), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r9, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000015c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="0503273bfc5b8878564fe4040000"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x400, 0x0)
write$ppp(r12, &(0x7f0000000300)="542917be5eb3", 0x6) (async)
syz_genetlink_get_family_id$nfc(&(0x7f00000005c0), r11)

1.716282483s ago: executing program 4 (id=6671):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b09"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4004880)
sendto$isdn(0xffffffffffffffff, 0x0, 0x0, 0x814, &(0x7f00000002c0)={0x22, 0xe, 0x1, 0xb5, 0xe7}, 0x6)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r1, 0x8918, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f0000000740)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x4000011)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x28, 0x30, 0x201, 0x8000, 0x0, {0x1}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @u32}]}, 0x28}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0xe, 0x6, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="0000000000ce6e34a4bf842d3800000095000000000000005b1680e373934f3426e84c1f665987a59da08388"], &(0x7f0000000300)='syzkaller\x00'}, 0x94)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

1.431343483s ago: executing program 4 (id=6673):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x49920d862a921d1b, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0xfff}]}, 0x40}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a40000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001280)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x2720, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)

1.431168465s ago: executing program 1 (id=6674):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@loopback}, {@in, 0x0, 0x33}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

1.337060014s ago: executing program 4 (id=6676):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000680)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newtfilter={0x40, 0x28, 0x575ac7824d421509, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r3, {0x9}, {0xffff}, {0xfff1, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x6}}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x40)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
sendmsg$NL80211_CMD_LEAVE_IBSS(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000c}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r4, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24004000}, 0x20004041)
r5 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r5, &(0x7f0000000140), 0x4924b68, 0x0)

1.336772067s ago: executing program 1 (id=6677):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x3}, 0x4)
getsockopt$packet_int(r1, 0x107, 0x15, 0x0, &(0x7f0000001600))
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r3)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newlink={0x58, 0x10, 0x437, 0x4, 0x0, {0x0, 0x0, 0x0, r4, 0x50483}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x1f}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x9005}, 0x4000000)
sendmmsg$inet(r2, &(0x7f0000000880)=[{{&(0x7f0000000580)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

1.170807166s ago: executing program 4 (id=6679):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xcc, 0x30, 0xffff, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x8}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xcc}}, 0x0)
r1 = socket(0x840000000002, 0x3, 0xff)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x3, 0xd}, {0x0, 0x4}, {0x3, 0xfff1}}}, 0x24}}, 0x40004)
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r7, 0x101, 0x4, &(0x7f0000000040), 0x4)
recvmmsg(r6, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000040)=""/52, 0x34}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4079, 0xfef}, {&(0x7f00000002c0)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1, 0x10022, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r2, 0x8002f515, &(0x7f0000000180))
getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000100), &(0x7f0000000140)=0x30)
setsockopt$inet_int(r1, 0x0, 0xc, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r1, &(0x7f0000000040)=[{{&(0x7f00000001c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640006000000003552bde5c064c6", 0x15}, {&(0x7f0000000600)="174640b6d80fb2eedc81ba60cc0800", 0xf}], 0x2}}], 0x1, 0x0)

1.060558534s ago: executing program 1 (id=6680):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) (async)
r2 = socket(0x840000000002, 0x3, 0xfa)
setsockopt$inet_int(r2, 0x0, 0x20, &(0x7f0000000180)=0xb51, 0x4)
r3 = socket$vsock_stream(0x28, 0x1, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="9feb0100180000000000000018fbffff17000000020000000000000001003aea000000000100"/50], 0x0, 0x32}, 0x20) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) (async)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000100)={'erspan0\x00', <r6=>0x0, 0x19, 0x7800, 0x3, 0x101, {{0xd, 0x4, 0x3, 0x7, 0x34, 0x68, 0x0, 0x1, 0x4, 0x0, @multicast1, @multicast2, {[@timestamp={0x44, 0x18, 0x55, 0x0, 0x8, [0x0, 0x7, 0xff, 0xffff7fff, 0x2]}, @ssrr={0x89, 0x7, 0x5b, [@multicast1]}]}}}}}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000400)={'vcan0\x00', <r7=>0x0})
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r2, &(0x7f00000005c0)={&(0x7f0000000080), 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0xb4, r5, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR={0x4c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24000000}, 0x40) (async)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000000)={0x7, [0x0, 0x5, 0xa5b, 0x9, 0x6, 0xf6a8, 0x4]}, &(0x7f0000000040)=0x12) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001dc0)={'wlan0\x00', <r8=>0x0})
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_DSTOPTS(r9, 0x29, 0x3b, &(0x7f0000000080)={0xc}, 0x8) (async)
shutdown(r9, 0x0) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e27, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r9, 0x84, 0x7a, &(0x7f0000000340)={r10, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r2)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r11, &(0x7f0000000780)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, r12, 0x908, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) (async)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000740)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000200)={0x1c8, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x44, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "1f122a143185124f"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="cadb321a73f45e4893f174e4bbe0abf0c3e12f13725b9e1a"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "8b548353d79d15b3"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "32a665bda027dc0e"}]}, @NL80211_ATTR_REKEY_DATA={0x68, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "8650d00297e42c9d"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "cc168570c1f19f87"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="e08297be6800cd196edbddc0f3ce5364"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="965c65e1941b1ec743695b9b7ca4e73720c52152f85565fb"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="33fece824b9c2d07282d907d6b8adb38"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xb375}]}, @NL80211_ATTR_REKEY_DATA={0x2c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="015736ec6dc37518cdee2f3cbd20d964"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="11413d44081571ac0e8de05c83a3a4a7"}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "cbbf5c43150a5106"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "f8e0034204bf7583"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "eab6d1393c8855dc"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="e8cd0b4f6b6824137e5287a9cfcc3966"}]}, @NL80211_ATTR_REKEY_DATA={0x4}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfffffffe}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c426e7add353b2d6"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="96a0bb70471db42307bfd0b097a37d10"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x76e}]}, @NL80211_ATTR_REKEY_DATA={0x38, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7d8a4e8ea6956fdebb4dde8dc491dbf5ff32c3e9a848b886"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}]}, @NL80211_ATTR_REKEY_DATA={0x20, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x10}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="879b083e405a995f295d35fc9f58eabc"}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x844}, 0x0)

1.008420254s ago: executing program 1 (id=6681):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x84, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x58, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_MARK={0x10, 0xa, {0x0, 0x6}}]}}]}, 0x84}}, 0x24040084)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000001700)={0x0, 0xf}, &(0x7f0000001740)=0x8)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="6f9c1884c62c35b6d952850e31de63b94c4282a62b7de29d9f90a192ad0e4a9e04a830056f769a4805c8af2a55d5a3fc3e46ba313295bc37e5effe45a5a0dd7d1aae851a9533ef90", 0x48}], 0x1, 0x0, 0x14}, 0x1)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f00000002c0)={0x0, ""/256, 0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000500)={0x0, ""/256, <r6=>0x0})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f0000000700)={r5, r6, "a192f05a3fc33ef9c4278c5d97f2a3b6673a7b2ee0ec35a8f77cfa270200261cc1adb89689a237274f33f8d7ebef2698afd11c81a98f9b3cbeb41c1deb1245ec30ae32c0af20c0631741be33bccdd53697b112b9e4c06eea90ba4d05a91056a8bce4a0b2a8bb5cd56a936728e22c819ed19f71b2f385e00a80c49d015d74360698fb3f1fb086d5ffc06eec8f294399850dec54ef08ffcdfe1bed5e5be6c2c4bb71b282f8af1b806926fd72e9c8c1af60508e35f5eb71824a3c35399dfedd8ed4885cd8f23d43e864fbcfb9eaf89ae6799c94503b5a4724a5539c3379eea4a7872160a66abf00f673527c5b18569a7933391a6fb888470715350ba14966f91372", "11805351ca6426f3ed7fcd6e0cad24db244fc27dc8959996202a7711173cbca7695007392b594eb36e3a4de748302a06d624b73ea6771050d29ce776e8e9f62f901391bda1b11fa162e068cc2a965e71f3cb6e03b033078e388884df28074518b5b0be55e5f1109aeef0a50438400d9719b9da49bb77ef6ef393094e415fc5265aaa5e3701875df9950fa7c14ef1eeca1e3dd825c824e748e62f8dffc4a2b58b4765784c29a9b241f92ebe88fded197f46cbce7519c559d4ed24e52b4192e10ef827e796ad62d956c37cf010d9b0e0732691cf08770cabbb844be3436642f7d7d687dac0960a1b2a80384f261d028202272ec2012459d64ae1c580c16d00c10bb75083626c818a0245d13f7578c58d680f830e504a4752f07226aec90c8fbed0cddfc4d5c6609b205dce5a6263e4248da06ea2674c0d5c1903a80642300e69a7cf78e203f5db009d9b67d4bd59549032c97feedda08fd210f4c90b8b6dbc87b9b1b70967c8d7bf65262b2c3b46628274f8a1e5674c62eb389dee17c1c5e5f8a321bbf10299ef6fc759e3baa1fe127b46cfea459bf6b6a47be4a85493f2fd24af793efe3c3d0ae31b04b405c39675b46f7007d462dde4f6b7eb0a846745e28dcc270127a4e0ac2c81b719a584fde00493027e08f21772ffdbb438b3f6a8d4ef0023ad67cfc8e6f83be5c8e468505397e6e0d555d9dc8469771042fc0b97cf857bb242af2c2821cbbf12a275e112fb36b7f629d3ce9ea1ba2801226014fdd59d80a6536b734c1a013de80c0c2865a0e0f92a15046a296393140e0275e283c48a8f4ca16416b9c86875709d213a7b4a7d222f1780f739017c4a04947b4739d687a1b21dd1b842c782c08fc23818399297ab097434d2fd626edf909d3c4378030aebc400da11c19b165a73ead560f1f0eccfc7d9f9987aa9404264405aa38af5420c5a60a7e74c1558065b4d757e2a516f177ae841ae6f44991ca389932dcadc8d6a1f2f5db953ee7fe4a8900ebda85279a686024be31bcf1a2015c068e7e3c2075e3d60b60a7a746b95ea5cf901e8969e0d3efcd22ff3af2ede6a73c7a90b06dfde4b58227e828ec662a5cfcbf9f8b04ecb4680b8c8f281f6b8e4f8cdb773f3092fdedebf803078f87ea5f13339c4de48c311755be37ff8d58688cc50736b5c78b68105d69b75448d134d5e2893e406c6b2be0fa2886f9013493af15e8e3b3c553572b279ec79c404c21b4409f40cc73f9725c16e1c0095b7f4e63e8b44a7f762658bcd4afa329883ccaeeaffa0289d90ab5a6767261e1db419027a2d056e5b97bc48aadcef737a47dba938feb3f71b270c8b483e48761f254dd066d9e23bb10a20ce844f0a862eaabf47cfc5da904d50850b0597aa1b3f261cd2bf52d4a2a0f69b627704e5d28b967303d06266fa5e09d64983fcacc01eef503e3eefebff0d46174b3c380f3ad7cb339370375e1fbf764fe61fba00637845b26d2a3610dc867d75cd6d2598741e03aed28a7cca9777860cade6d1d7f22f54acb658e8db0db4df6c70784424ca7734bb4e6d35a1c60242588bd6deb21fdebb9d56496abf626a8178f46d3ccbaa3a5025ecb0d2708a71f34c5e4580188d34ec05e47b5807c9a947e5eb9134bb3602d2a001f367f0e487f18d7a8f38735ec6ad92ce24cd8265b32cdd4cbe7d21ef879225b624b4a94fec7dc6d3c8a216f0f0c54b6f2580378a7fbdda2a5d01810ff9dfb50f087e1274d35d139403564d6df40e3a5c84133ddd9b391585e6165845319a9907a81f43c48f70bd745c0f7e8f13cdfab45e73ed5c3d6a6337f06a49c219254b9db3bd1a3c6e25c0ff8deaa754d4f36ebd269d023aac29967e43d80eeee25ded437be7df63562d0378185140678f3f196f3b715f8d9ed6c46d63f04b4c5ec53e09b05ad172acc11d6943a838d3f8569f2e161640a7a5e08db1ae556040e541616c21436270b035c7f9ad362e4ca0f3341eb967466494a0d22b1ec6b09085b292f717b51de6126d585b4775b4b40c885a6c5166d24d5d3e7392512aadb7ebdafbf0f7b7b1892b65ebedef47ecb102d1cd1615b3f0e5a521ef794cb41bdaf4b2e18f79198cfec917e29b98790116c7eec5f49a4d260ad638e8e1defe89e6f0c1bc255c243bda6e46937ced0d3576fa4b9c1334ad8d9f5c4cb868514b82f9d6ef7733b2126b088349f6ab7639e168e866f5b27696f8cb478ef4444f9870d6fe933b3e82002e4f8b32359b15edf44e15ff2fac95508a8059f18f7a7dfd24ccfe0243e9d1a26bbe967520476910b1693cae047df99b59deb8c30d59a153e3109f2ce90f657435ff1df4c7ad6caeb8d98597ae8ca33220e9ed2602351e45aa4d4f4fc6be9a84ffbeeba04eb9fcf6b9e0e43269eae0f3c2d1c57fded1a06b3f2ce8c7d7c7a1f22dd48fb5c9497003498b738930445ab6191c0aa459592abaf1270128bd7ee8863d61d9f18035f9654250c7fa965de881e23646af0374d053af04e967efb85b8b32aefc64b37819525c4f938290e1f2df89ef074b9351f90efcbc091f01c1c8ddfd791c221f800a673b72be215f9cb3ea9ceac55e7453adf848da489d75fe31890acb285a23f79b9d0565e438f0bf52c0dec989a0b81bb26e3326e8af06d7ccd9141af01766eb8afc8c379af8b7a15cbffea829faac11b2b2d2ca8f874cb73a13d8c70379c39b4349a7b7030de910ad68afe229b4730b857a9c9a3673db2a7382957616f09e1b865fad398d68be0130fa129e95af0db2aa484217a6233c1945b2666e93e2e8217ad93f378387f6eddee19ad2b51d67789fd0432fccd5f55188bd26c951d29d078f5807921a364677e52eead102ac1c9efbaaf5c80259f1ae120567f5a39e0a4ae98508bc8c43d4401f2dd88fec6ff604a3c60a48298e738798a468b554f3398298e5c0ff8ed7361674b8c3a29b0c9b6c3526413025a0b0d9b53fe86602a8fa0cccaf0f10c80d910f4c5794e104113c02f52483f526a15d4ce48e9a4c0f1c1ca628e7e52d7185c23b855a787066a87fb7360df56327112c6ab3c7c882f220a6224a941bba308439c24d33de1f56f7be1333b41fa64b3e4c6b11dbb73b155f4f89f97ac8b2996620707afe02ef68a56b1b19aa2bac3cd05290a39bb9a913b5f776c25bb27ec5aaa035b59e911f32a03b8a755de9de636d975c6214e1b7c77ccad32657aac9c77b619984a8a614f05407bc4c39a656e1e0f4e1fbe4ecd67150651995b48bdafb6c44d2a1d4d72c748270abb528b1f084640b76334c016845b6b96607ed527dd15ad3cd3db2c07259ae4c633d8a0cc2274b551e9cb21a9d941b4195d17776082abbfd985a98762e16061cca607cb3f877b8c6ed9b7e069045b789565452741677b6824f2b6e7da298a26e16b425a4ee4d73468b1982d4959385298a1f7280b48486aedf5450b28de06673531b936e6358a6836a4c58ff077a7aef59b0381a04df3cfe9e2befa541dbce7a02f72ca1b161a03eec4a8f18f306ce91f617a6e2c6a5f472ae4fa244e2a3c0c6aa29952641061162db488d669498f53b7fd31d14edeb4d7d44c412f60b6c3b88504dc3f2e03da2a5d51b191fbd058e708e1bfa7333bf9fe225dc0d8381867f020f61d7cb31fd3785898408436a0e5ca4ea84f46035787a52e958cd1fb785ac2e58374b1c1f53c6ac5c8b647c1244f7b5dbbc441c27f86ec23a4d87831d49b1ba3d40c73f79611c6a0f9ec18e1acd2150055068393f3b4cf9e61a730df3ff3bbb2c1d5e9a9ea5eb3e1bf39423d295d12507fb752432c58389bb44dc256fa12ff25eb160a3a554355f641f3cb7b536da7340022aa33771eab5cfc2e0390318b77ce57e332e40a53d89e22dc63cb45df874a3e9dc5a123623dbc347c2007e9b8686c8030d0909d8d15e26751724370349e3103e455057c640d4b00f27adbc8c56096f34f2c3602b38b88f207c4d0c6abcc481cb16758c475d1320d31e08876371aa893947a6b004112f85c095b696377df5c56b135691dc9e6c3b271527760b4ae619476dd2c4a20fd6b4fd3a85e7344f7f55b0e214e49ab460300532796c664cb30215629bfd08ed50be1f3a5df56dafcb4ff1cba13be5a5ef0ce475ee029c3dcc062d0259bda446c22c321cdb53aab9a2c3196fdc6bf979b87cceb4067d80e135639208374c7e1ba2266e5e7aba8be2c5c3d62769cd6152cdb9fd966bcdbb52a5d4bdb5221bf038d7514ec9707fbaa10dd037f34aa6f7288cb550aa69d457cc0e29c88ecba7857daff4461b579304c511a53b84c28d9086b1b27628a5059e769dfea4ada8a8fd49aa20090e2e28367cb0b9a74ef6a39c29d7e47ec5bd29dae5bebcad6cc8d62c854a5dafeb110f55f467c22f1c0d4ba576c07f2805785a57fd281f5a91545ca33f79b5c98daabf6b46c9ba375c5abe1120539bc7f445f122bca0cd18a3c2518640897c4a24ef7efbd6dbcffc89965a9dea122ccca3bce37470bf2c27bdfd9e726b2f731427dffc5f402850fb8d37d137f62f1bfa52d461ffd811da0e368e2f32a5d644e04bc64b7535bdf1a7ae3030bb4056efaef17bc46c461f058b16a1cbe9cb616b7b8bb039ee0c57f53cf6f55d68e91ef2c45bbc70bb76ce2a2fd192f09135448049747cffa57dd40a9eedc0912a0f39f3d16c8bf9c3f724c206de2917c2efebd1ef2ddddbe011b79f2847e51992b2196d01431146dfb3612fecd68e9ce0250c04abbb7a1a224e88a899077ffefa08499120b06aad96dcbd6bd03826e51d039c35964c3c7ba43a0e6664aae81b9c78ef89dc764a371675b6fdacfabd86f7caaf74171400b0ade73d6be48d2f09af99605c9a53ac53efa6601416a3399a6ccd70d3c28339f3616a352a407d4fd93ddea656893b9dea47465a6fbecd51d9e00eab2d557f3908b17f2dc2bc231a29e492d6db765ab72d982838d25342ac381d0bff76290be7e973379511d12c518671d8d745e1698d4c77bb1285f796b499a42b15510ea0ae66295e3ae7990b3c8b694ab1133550f1fde0dae06613d6393eaccc36a7524c2617dc88bbfaea70ab8a6990a8e8675bfb982d85e574554a63d5516a04673671c2cce8ec839823377c86c46dda5caf158fd2e73077503665af047ca9fd8fad78446f72a781f8ef93c6b66cceb6135d3b52daf24138b2130d52e5644799f8970a9e81b3c72e5d4ba39d59b0ceaf2e3ad43edb956ba3ebd7ac645c8ff9f71048ac62024857698f3123efde112c4c98d83add91f0898a90bc95daf218b7946fe434fb0931100091cc198c62f934a972219b705bc4514d46657f75a0696e0e200066d8b30473f8355bea9d49223038cb19e5ef5c5a3263bdcfcecbc3f1a04ceb6dc066ed8d9f0b0d132e67eb90d4460fa3e202ae3f3b39491e283b6f30408e925efb9c67329ecc"})
bind$bt_l2cap(r4, &(0x7f00000004c0)={0x1f, 0x4, @none, 0x0, 0x2}, 0xe)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f00000000c0)={r4, r7, 0x4, 0x0, 0x0, 0xe, 0x0, 0x5f, 0x1, 0x81, 0x1, 0x2, 'syz0\x00'})
recvmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000002300)=""/4080, 0xff0}, {&(0x7f00000001c0)=""/156, 0x9c}, {&(0x7f0000000280)=""/31, 0x1f}], 0x3}, 0x12100)

757.070425ms ago: executing program 3 (id=6683):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492aba0883783d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504ba96446e1437af6fa875d9d32fdaaae01e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4858fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f80fdef113a145ace522e8379474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48)
socketpair(0x18, 0x6, 0x6, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080))

711.634142ms ago: executing program 3 (id=6684):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ifreq(r1, 0x89b1, &(0x7f0000000f00)={'team0\x00', @ifru_ivalue=0x6})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x8, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000080)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000002d00010026bdf000fcdbdf25041a0000040010"], 0x18}, 0x1, 0x0, 0x0, 0x48800}, 0x20000000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)

678.546395ms ago: executing program 2 (id=6598):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x23}, [@ldst={0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd606712e900320400000000000000eaebfd2607eef2", 0x27}, {&(0x7f0000000100)="051ae2ff0d8c60c2730369b7", 0xc}, {&(0x7f0000000040)="37a8a6c41e646a566a4ce01f972bef63842ee3b291da39d1977010", 0x1b}], 0x3) (async)
close(r1) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f00000000c0)=ANY=[@ANYBLOB="61106f000000000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)

492.476061ms ago: executing program 2 (id=6685):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000340)={'geneve0\x00', 0x1000}) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r1=>0x0}) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0001206970768a616e08000c0002800600010000000000050027", @ANYRES64=r0], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x8044)

479.720879ms ago: executing program 3 (id=6686):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000040)=0x81, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x25dfdbfe, {0x1d, 0x1, 0x6}, [@CGW_SRC_IF={0x8, 0x9, r5}, @CGW_DST_IF={0x8, 0xa, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES64=r6, @ANYBLOB="ac49405c2486dcf30dab8e4b90c522c3734aa10b47f55e7b32a5c12a6046c270ae615e61b2953a80614ec930a034820d9284a356307b40f0ee188fc7d98646299c978e848a6c851dc5a55add536c512ca9d0686d7c9e34b52db4af583ec6434f2025aba94b7725acbec56639df63e98e1ea39eb72a", @ANYRESHEX=r2, @ANYRES8=r7], 0x54}}, 0x50)

451.198896ms ago: executing program 0 (id=6687):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
syz_emit_ethernet(0x82, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb8100000086dd60fec00000483a00fc000000000000000000000000000000ff02000000000000000000000000000102009078000000006018b08800000000fe8000000000000000000000aafe8000000000000000000000000000aa1100000000000000fafb17c133d11e59bb99c35bdfcf89f5000000"], 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000004, 0x13, r1, 0xf45f2000) (async)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000300)={0x1, 0x1000}, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) (async, rerun: 64)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFNL_MSG_CTHELPER_GET(r3, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f0000000240)=ANY=[@ANYBLOB="1450f8a9b60000000108f103000100005ef49b4ab21e76cbd18b86dea9a1c8b5c85d6bed76a9aebb"], 0x14}}, 0x0) (async, rerun: 32)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94) (rerun: 32)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000200)={0x5, &(0x7f0000000180)=[{0x8, 0x5, 0x7f, 0x3}, {0xa, 0x7, 0x63, 0x6}, {0x8, 0x9, 0x6, 0x7}, {0x0, 0x6, 0x30, 0x3}, {0x0, 0x7f, 0x80, 0xb230}]}, 0x10) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r4, 0x0, 0xcf, 0xd6, &(0x7f00000006c0)="0607323e0698f47acd01906e6749ec9d06c90e545504820dcda3c9600fc13b33443c7c3fba016287035dcdda680a9d25c5426b4c6ba0e79de261d7c1b45c66072a96eeb3faddbeda580861fc09419b8de9a1857ec27f647e7a197ca1449273033d9f390d2075eb95c93d152284a650daf4499827794ef4ca4708551f136e589b79067702a7b06c95a382ab7c64719b05492d3b65d2f71036d037dcab7f4489dd4e8cdc91a03d149a673b560194c07111eb4422780ee4be390d8f7aeda89c2553439cd7ed13595b935bd2e9792c10c0", &(0x7f00000007c0)=""/214, 0x6, 0x0, 0xf0, 0x63, &(0x7f00000008c0)="03d382b264a21d86297066c3ef363968e7aa10c0bcbcc319b7c253a9ae1c0f718ec16f246e87f555df9f6b93166a99cadf3acdf919eb155fb82186d2662cfab3f37b64eb5b91571d24605dae619cc7946f75debcfb76e690717e2e43f7b476efc92f7f8a544bf43f0ce312d49887e90272c24edd771730f78a98bfdf3a3d5c642de26832d8c5087c3188a51fbbe824940bdeb56d7b76c5c40d56776d280f2a05441d2079eb3485be503571aedc5b958a72b2fccbe77d31670094b1df83c9bc90137bd33dfab4d5f6e24945c6064270c80795121c273238cc9c352fd951d53094d446f0911c668fc2837e78bae18ec8d2", &(0x7f0000000340)="c42e8b86daa098b06fd54caea272843773e86de8ac4294975d592461f126b7708d133cc3c10611f5040fbf1d79fec0f9cb0b9712d5ac51800832373d63da73e891c43919ab6846e643323b10153b315f69562a739d2c3dbf73cb750f0a4464a7a2b39c", 0x3, 0x0, 0x1}, 0x50) (async)
r5 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$inet_msfilter(r5, 0x0, 0x29, 0x0, 0x0)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/27, 0x1b}], 0x1}, 0x7}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x0, 0x0) (async, rerun: 32)
ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000040)='ip6_vti0\x00') (async, rerun: 32)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYRES64=r1, @ANYRESHEX=r0, @ANYBLOB="be360d87f17fc7603ad5c016970ab5b9341bbc232c6ca3e1fe3eb8668b101adaf7a66694e4a67503492fb8eb6ae65c025b4ef04abf7721a3e431221bb5790bc0524e2be78f40707ae00b56678e35e45becd887620da1c02aa9a6acd30ed9cb878d3adddb1950fa70f827c195433af0991b0961344b609136", @ANYRESHEX=r1], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x50)

364.988559ms ago: executing program 2 (id=6688):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x57, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xa)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r2=>0x0}, 0x8)
r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r2, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000340)=r3, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r3, 0x4)

364.334228ms ago: executing program 3 (id=6689):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x5)
setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000000)=0xfffffffd, 0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000440)='kmem_cache_free\x00', r3}, 0x18)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r5], 0x4)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r8, 0x104, 0x1, 0x0, &(0x7f00000001c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000017c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)

334.17654ms ago: executing program 2 (id=6690):
socket$inet(0x10, 0x3, 0x0) (async)
r0 = socket$inet(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x1c, 0x20, 0x809, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0xffffffe1}]}}}]}, 0x3c}}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0xffffffe1}]}}}]}, 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
clock_gettime(0xb, &(0x7f0000000980))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000003e000701fcfffff7fddbdff6037c0000040036800c0001"], 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x50, 0x24, 0x4, 0x70bd2f, 0x25dfdbfc, {0x0, 0x0, 0x12, r3, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x24, 0x2, [@TCA_FQ_RATE_ENABLE={0x8}, @TCA_FQ_FLOW_REFILL_DELAY={0x8}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x5}, @TCA_FQ_FLOW_REFILL_DELAY={0x8, 0x9, 0x5}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0xc850}, 0x0)

270.781637ms ago: executing program 3 (id=6691):
r0 = socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x7ea795f478b67192, 0x0) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x6a, 0x2, 0x0, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=@newqdisc={0x64, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_LOSS={0x4}, @TCA_NETEM_RATE={0x14, 0x6, {0xdd07, 0x8, 0x9, 0x9}}]}}}]}, 0x64}}, 0x0)
sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c286dd", 0xe, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)

200.808083ms ago: executing program 0 (id=6692):
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
ppoll(0x0, 0x0, 0x0, &(0x7f0000000500)={[0xfe9]}, 0x8) (async)
ppoll(0x0, 0x0, 0x0, &(0x7f0000000500)={[0xfe9]}, 0x8)
poll(&(0x7f00000044c0)=[{r0, 0x209}], 0x1, 0x8000)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, r4}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x304}, "38b1acb1812aceed", "be6be3349bf6781aa925736d4238a19268a4f736feceb0837781f81ad518bb6e", "05ba26bf", "fe88a6a36f8d00"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x304}, '\x00', "a9278f3ab260114cd25785b88d07ca2cd6c41c0be6e971d93fb4aceeb61f4159", "4e892c6f", "ddd659814d8a24be"}, 0x38)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x89b0, &(0x7f0000000080)={'bridge0\x00', 0x2000})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000df251700000008000300", @ANYRES32=r9, @ANYBLOB="2c00308014000400403a050c5baee213459a7a00000000000c00018008000100000000000500020000000000", @ANYRESHEX, @ANYRESOCT=r3, @ANYBLOB="e5b31cbdfdc2ffba2a049fc541e04f1d83e2054932a05aade56cce03900f7603115865e07a12f7f46ccdeba0567e000154a75cffae9b8fc18c58130d6df6fb847c8243afb7a97f0b6bcfc976c2a0b576390c3e04cc6eb4a0b065ed2374ba51198dd4c3cf8a3b4f11334f77c28bb81c7eba462c464c773ecc7f147a420f21a7853251b1d9246a299e105e3bafee1408fca3523b0d5f904db7200556872a50d53e8ec198c09cc0b9147d23fe20a93c3b946bf8958ff1e787060e1b9fcc424c501bf97bcfd87c1e7e405647c071b7cd36b47f545025737568", @ANYRESOCT=r6], 0x48}}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000df251700000008000300", @ANYRES32=r9, @ANYBLOB="2c00308014000400403a050c5baee213459a7a00000000000c00018008000100000000000500020000000000", @ANYRESHEX, @ANYRESOCT=r3, @ANYBLOB="e5b31cbdfdc2ffba2a049fc541e04f1d83e2054932a05aade56cce03900f7603115865e07a12f7f46ccdeba0567e000154a75cffae9b8fc18c58130d6df6fb847c8243afb7a97f0b6bcfc976c2a0b576390c3e04cc6eb4a0b065ed2374ba51198dd4c3cf8a3b4f11334f77c28bb81c7eba462c464c773ecc7f147a420f21a7853251b1d9246a299e105e3bafee1408fca3523b0d5f904db7200556872a50d53e8ec198c09cc0b9147d23fe20a93c3b946bf8958ff1e787060e1b9fcc424c501bf97bcfd87c1e7e405647c071b7cd36b47f545025737568", @ANYRESOCT=r6], 0x48}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x1a, &(0x7f0000000ac0)={0x3, &(0x7f0000000a80)=[{0x40}, {0x20, 0x0, 0x0, 0x9}, {0x16}]}, 0x10)
sendmmsg(r10, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c00)="26f2d136", 0x4}], 0x1}}], 0x1, 0x0) (async)
sendmmsg(r10, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c00)="26f2d136", 0x4}], 0x1}}], 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000140)={'veth1_to_hsr\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000140)={'veth1_to_hsr\x00'})
r12 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r12, &(0x7f0000000400)={&(0x7f0000000580)=@isdn={0x22, 0xd, 0x0, 0x8, 0x39}, 0x80, 0x0, 0x0, &(0x7f0000000000)}, 0x8000)
sendfile(r4, r12, &(0x7f0000000040)=0x2, 0xa) (async)
sendfile(r4, r12, &(0x7f0000000040)=0x2, 0xa)

151.94117ms ago: executing program 4 (id=6693):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xa, 0x4, 0x9}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYRES8=r1, @ANYRES32=0x0, @ANYBLOB="00000000408000001800128008000100736974000c00028008000100", @ANYRES32=r1], 0x38}}, 0x0)

105.729359ms ago: executing program 2 (id=6694):
socket$kcm(0x2, 0xa, 0x73) (async)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3100000000140004800800024000000000080001400000000074000000060a010400000000000000000100000008000b40000000004c0004804800018007000100727400003c0002800800014000000004080002400000000208000140000000110800014000000015080001400000001e080001400000000408000140000000020900010073797a300000000014000000110001"], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

931.832µs ago: executing program 0 (id=6695):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0xbc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90) (async)
r0 = socket$vsock_stream(0x28, 0x1, 0x0) (async)
r1 = gettid()
syz_open_procfs$namespace(r1, &(0x7f0000000040)='ns/cgroup\x00') (async)
r2 = accept$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14) (async)
r3 = socket(0x1, 0x80802, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'caif0\x00', <r4=>0x0}) (async)
r5 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r5, &(0x7f00000001c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) (async)
connect$packet(r2, &(0x7f0000000340)={0x11, 0xf6, r4, 0x1, 0x8, 0x6, @multicast}, 0x14) (async)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=r1) (async)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000080)={0x0, 'vlan0\x00', {}, 0x2}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40200005000000061114c0000000000850000001c0000009500000000450400"], &(0x7f0000000380)='GPL\x00', 0x5, 0xc3, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0xffffffffffffff99)

239.455µs ago: executing program 1 (id=6696):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b05, &(0x7f00000000c0)={'wlan0\x00'})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)

0s ago: executing program 3 (id=6697):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000009000000080000000200000000000000", @ANYRES32, @ANYBLOB="000000000800000000f30fdcba8a7545c46803000000cd04000000f4a87ed1ae12e6d66992f10605406575005d5ad6c70b32a947a746c949a19f7075c29b6ff0f90000000000000000000100"/89, @ANYRES16, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@cgroup=r1, 0xf, 0x0, 0xf, &(0x7f00000001c0)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="00000200079d6c339fcec3ab92809ad81d00"/33, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCOUTQ(r6, 0x5411, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c0000001000030400ab19ae674b540d753bde83ffda9b4bedf394c8c5a0d0009377a2cf20b8998d19fd84d57ffa8e9f80330a", @ANYRES32=0x0, @ANYBLOB="00000000100004001c00128009000100626f6e64000000000c0002800800090000000000"], 0x3c}, 0x1, 0xba01}, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r4, &(0x7f0000000840), &(0x7f0000004880)=@udp=r3}, 0x20)
ioctl$int_in(r3, 0x5452, &(0x7f00000000c0)=0x14f)
recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/149, 0x95}], 0x1}, 0x22)
r7 = socket(0x14, 0x2, 0x4)
shutdown(r7, 0x1)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000040)=0x8e, 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000080)={@local, 0x1, 0x0, 0x60, 0x0, [{@private}, {@multicast1}, {}, {@initdev}, {@initdev}, {@remote}]}})
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000180)=0x3ff, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

kernel console output (not intermixed with test programs):

fter dequeue, screwing up backlog
[  555.223049][T23912] erspan0: entered promiscuous mode
[  555.224648][T23914] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5199'.
[  555.460106][T23932] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5204'.
[  555.521740][T23936] erspan0: entered promiscuous mode
[  555.711152][T23941] bond7 (unregistering): Released all slaves
[  555.735228][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.766776][T23955] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5209'.
[  555.805132][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.824491][T23946] 8021q: VLANs not supported on ip_vti0
[  556.150226][T23980] netlink: 80 bytes leftover after parsing attributes in process `syz.1.5216'.
[  556.187795][T23985] netlink: 'syz.4.5218': attribute type 4 has an invalid length.
[  556.240996][T23985] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5218'.
[  556.361856][T23998] ip6t_REJECT: ECHOREPLY is not supported
[  556.528907][T24013] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5226'.
[  556.551992][T24016] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  556.683155][T24013] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  556.708697][T24013] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  556.762520][T24013] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  556.879699][T24013] bond0 (unregistering): Released all slaves
[  556.924785][T19187] Bluetooth: hci0: command 0x0406 tx timeout
[  556.931054][ T5841] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  556.943334][T24036] netlink: 'syz.0.5233': attribute type 8 has an invalid length.
[  557.107112][T24048] nbd: nbd3 already in use
[  557.112036][T24048] block nbd3: NBD_DISCONNECT
[  557.118954][T24048] block nbd3: Send disconnect failed -32
[  557.126846][T24048] block nbd3: shutting down sockets
[  557.179481][T24050] block nbd3: NBD_DISCONNECT
[  557.321140][T24062] netlink: 'syz.3.5239': attribute type 6 has an invalid length.
[  557.330058][T24062] netlink: 'syz.3.5239': attribute type 5 has an invalid length.
[  557.380231][T24062] team0: Device veth7 is up. Set it down before adding it as a team port
[  558.091090][T24120] netlink: 'syz.3.5256': attribute type 17 has an invalid length.
[  558.091379][T24121] netlink: 'syz.2.5255': attribute type 2 has an invalid length.
[  558.133358][T24121] netlink: 'syz.2.5255': attribute type 8 has an invalid length.
[  558.151316][T24124] netlink: 'syz.3.5256': attribute type 17 has an invalid length.
[  558.367563][T24130] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  558.387584][T24130] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.494053][T24130] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  558.506395][T24130] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.581956][T24146] Cannot find add_set index 0 as target
[  558.630531][T24130] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  558.659170][T24130] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.837795][T24130] bond0: (slave netdevsim0): Releasing backup interface
[  558.856217][T24130] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  558.878233][T24130] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.021781][T16614] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  559.030488][T16614] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  559.131315][T16614] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  559.142311][T16614] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  559.152525][T16614] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  559.168866][T16614] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  559.209679][T16614] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  559.228022][T16614] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  559.315136][T24191] __nla_validate_parse: 15 callbacks suppressed
[  559.315154][T24191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5277'.
[  559.333848][T24192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5277'.
[  559.382157][T24192] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5277'.
[  559.571659][T24210] FAULT_INJECTION: forcing a failure.
[  559.571659][T24210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.598024][T24212] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5284'.
[  559.642132][T24210] CPU: 1 UID: 0 PID: 24210 Comm: syz.1.5282 Not tainted syzkaller #0 PREEMPT(full) 
[  559.642158][T24210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  559.642171][T24210] Call Trace:
[  559.642180][T24210]  <TASK>
[  559.642188][T24210]  dump_stack_lvl+0x189/0x250
[  559.642214][T24210]  ? __pfx____ratelimit+0x10/0x10
[  559.642237][T24210]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.642257][T24210]  ? __pfx__printk+0x10/0x10
[  559.642277][T24210]  ? __might_fault+0xb0/0x130
[  559.642315][T24210]  should_fail_ex+0x414/0x560
[  559.642345][T24210]  _copy_from_user+0x2d/0xb0
[  559.642364][T24210]  ___sys_sendmsg+0x158/0x2a0
[  559.642391][T24210]  ? __pfx____sys_sendmsg+0x10/0x10
[  559.642446][T24210]  ? __fget_files+0x2a/0x420
[  559.642463][T24210]  ? __fget_files+0x3a0/0x420
[  559.642492][T24210]  __x64_sys_sendmsg+0x19b/0x260
[  559.642518][T24210]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  559.642551][T24210]  ? __pfx_ksys_write+0x10/0x10
[  559.642582][T24210]  ? do_syscall_64+0xbe/0xfa0
[  559.642609][T24210]  do_syscall_64+0xfa/0xfa0
[  559.642629][T24210]  ? lockdep_hardirqs_on+0x9c/0x150
[  559.642652][T24210]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.642671][T24210]  ? clear_bhb_loop+0x60/0xb0
[  559.642695][T24210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.642714][T24210] RIP: 0033:0x7fdbb718eec9
[  559.642731][T24210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.642749][T24210] RSP: 002b:00007fdbb7f57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  559.642770][T24210] RAX: ffffffffffffffda RBX: 00007fdbb73e5fa0 RCX: 00007fdbb718eec9
[  559.642785][T24210] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[  559.642797][T24210] RBP: 00007fdbb7f57090 R08: 0000000000000000 R09: 0000000000000000
[  559.642810][T24210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.642821][T24210] R13: 00007fdbb73e6038 R14: 00007fdbb73e5fa0 R15: 00007fff3f75bce8
[  559.642861][T24210]  </TASK>
[  559.935046][    C0] net_ratelimit: 6 callbacks suppressed
[  559.935064][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  559.945273][T24223] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  559.960188][T24223] syzkaller0: MTU too low for tipc bearer
[  559.967066][T24223] tipc: Disabling bearer <eth:syzkaller0>
[  560.134469][T24237] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  560.141780][T24237] IPv6: NLM_F_CREATE should be set when creating new route
[  560.463131][T24263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5294'.
[  560.476047][T24263] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5294'.
[  560.510878][T24266] FAULT_INJECTION: forcing a failure.
[  560.510878][T24266] name failslab, interval 1, probability 0, space 0, times 0
[  560.523823][T24266] CPU: 1 UID: 0 PID: 24266 Comm: syz.1.5300 Not tainted syzkaller #0 PREEMPT(full) 
[  560.523849][T24266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  560.523861][T24266] Call Trace:
[  560.523868][T24266]  <TASK>
[  560.523876][T24266]  dump_stack_lvl+0x189/0x250
[  560.523899][T24266]  ? __pfx____ratelimit+0x10/0x10
[  560.523919][T24266]  ? __pfx_dump_stack_lvl+0x10/0x10
[  560.523939][T24266]  ? __pfx__printk+0x10/0x10
[  560.523962][T24266]  ? __pfx___might_resched+0x10/0x10
[  560.523981][T24266]  ? fs_reclaim_acquire+0x7d/0x100
[  560.524011][T24266]  should_fail_ex+0x414/0x560
[  560.524036][T24266]  should_failslab+0xa8/0x100
[  560.524055][T24266]  kmem_cache_alloc_node_noprof+0x77/0x710
[  560.524081][T24266]  ? __alloc_skb+0x112/0x2d0
[  560.524097][T24266]  ? netlink_autobind+0xdb/0x300
[  560.524122][T24266]  __alloc_skb+0x112/0x2d0
[  560.524145][T24266]  netlink_sendmsg+0x5c6/0xb30
[  560.524172][T24266]  ? __pfx_netlink_sendmsg+0x10/0x10
[  560.524197][T24266]  ? aa_sock_msg_perm+0xf1/0x1d0
[  560.524225][T24266]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  560.524241][T24266]  ? __pfx_netlink_sendmsg+0x10/0x10
[  560.524253][T24266]  __sock_sendmsg+0x21c/0x270
[  560.524270][T24266]  ____sys_sendmsg+0x505/0x830
[  560.524285][T24266]  ? __pfx_____sys_sendmsg+0x10/0x10
[  560.524302][T24266]  ? import_iovec+0x74/0xa0
[  560.524314][T24266]  ___sys_sendmsg+0x21f/0x2a0
[  560.524327][T24266]  ? __pfx____sys_sendmsg+0x10/0x10
[  560.524358][T24266]  ? __fget_files+0x2a/0x420
[  560.524367][T24266]  ? __fget_files+0x3a0/0x420
[  560.524381][T24266]  __x64_sys_sendmsg+0x19b/0x260
[  560.524395][T24266]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  560.524412][T24266]  ? __pfx_ksys_write+0x10/0x10
[  560.524428][T24266]  ? do_syscall_64+0xbe/0xfa0
[  560.524443][T24266]  do_syscall_64+0xfa/0xfa0
[  560.524456][T24266]  ? lockdep_hardirqs_on+0x9c/0x150
[  560.524468][T24266]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.524478][T24266]  ? clear_bhb_loop+0x60/0xb0
[  560.524491][T24266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.524500][T24266] RIP: 0033:0x7fdbb718eec9
[  560.524510][T24266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.524519][T24266] RSP: 002b:00007fdbb7f57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  560.524532][T24266] RAX: ffffffffffffffda RBX: 00007fdbb73e5fa0 RCX: 00007fdbb718eec9
[  560.524539][T24266] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[  560.524546][T24266] RBP: 00007fdbb7f57090 R08: 0000000000000000 R09: 0000000000000000
[  560.524552][T24266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  560.524558][T24266] R13: 00007fdbb73e6038 R14: 00007fdbb73e5fa0 R15: 00007fff3f75bce8
[  560.524576][T24266]  </TASK>
[  560.944884][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  561.308404][T24287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5306'.
[  561.909805][T24331] validate_nla: 3 callbacks suppressed
[  561.909824][T24331] netlink: 'syz.3.5322': attribute type 10 has an invalid length.
[  561.915128][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  561.924788][T24331] team0: Device veth1_macvtap failed to register rx_handler
[  561.943918][T24333] Cannot find add_set index 0 as target
[  562.024439][T24337] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5324'.
[  562.057148][T24345] tls_set_device_offload: netdev not found
[  562.109583][T24348] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5327'.
[  562.127983][T24338] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5324'.
[  562.412025][T24370] netlink: 'syz.1.5334': attribute type 8 has an invalid length.
[  562.461490][T24368] netlink: 'syz.4.5333': attribute type 2 has an invalid length.
[  562.564354][T24378] : entered promiscuous mode
[  562.774060][T24393] netlink: 'syz.0.5342': attribute type 39 has an invalid length.
[  563.014811][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  563.214487][T24422] netlink: 'syz.2.5347': attribute type 1 has an invalid length.
[  563.356237][T24437] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  563.363547][T24437] IPv6: NLM_F_CREATE should be set when creating new route
[  563.371751][T24430] syz.4.5352: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  563.396359][T24430] CPU: 1 UID: 0 PID: 24430 Comm: syz.4.5352 Not tainted syzkaller #0 PREEMPT(full) 
[  563.396387][T24430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  563.396400][T24430] Call Trace:
[  563.396408][T24430]  <TASK>
[  563.396416][T24430]  dump_stack_lvl+0x189/0x250
[  563.396456][T24430]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.396478][T24430]  ? __pfx__printk+0x10/0x10
[  563.396500][T24430]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  563.396528][T24430]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  563.396557][T24430]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  563.396587][T24430]  warn_alloc+0x214/0x310
[  563.396616][T24430]  ? stack_depot_save_flags+0x40/0x860
[  563.396645][T24430]  ? __pfx_warn_alloc+0x10/0x10
[  563.396676][T24430]  ? kasan_save_track+0x3e/0x80
[  563.396702][T24430]  ? __kasan_kmalloc+0x93/0xb0
[  563.396731][T24430]  ? xsk_setsockopt+0x4dc/0x8d0
[  563.396750][T24430]  ? do_sock_setsockopt+0x179/0x1b0
[  563.396770][T24430]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  563.396790][T24430]  ? do_syscall_64+0xfa/0xfa0
[  563.396812][T24430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.396843][T24430]  __vmalloc_node_range_noprof+0x125/0x12d0
[  563.396905][T24430]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  563.396938][T24430]  ? __kasan_kmalloc+0x93/0xb0
[  563.396973][T24430]  vmalloc_user_noprof+0xad/0xf0
[  563.397001][T24430]  ? xskq_create+0xbf/0x170
[  563.397029][T24430]  xskq_create+0xbf/0x170
[  563.397054][T24430]  xsk_init_queue+0xb0/0x110
[  563.397080][T24430]  xsk_setsockopt+0x4dc/0x8d0
[  563.397104][T24430]  ? __pfx_xsk_setsockopt+0x10/0x10
[  563.397128][T24430]  ? __pfx_aa_sk_perm+0x10/0x10
[  563.397156][T24430]  ? aa_sock_opt_perm+0xff/0x1b0
[  563.397185][T24430]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  563.397204][T24430]  ? __pfx_xsk_setsockopt+0x10/0x10
[  563.397226][T24430]  do_sock_setsockopt+0x179/0x1b0
[  563.397253][T24430]  __x64_sys_setsockopt+0x13f/0x1b0
[  563.397282][T24430]  do_syscall_64+0xfa/0xfa0
[  563.397305][T24430]  ? lockdep_hardirqs_on+0x9c/0x150
[  563.397328][T24430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.397348][T24430]  ? clear_bhb_loop+0x60/0xb0
[  563.397372][T24430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.397392][T24430] RIP: 0033:0x7fed8ef8eec9
[  563.397410][T24430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.397434][T24430] RSP: 002b:00007fed8ff06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  563.397455][T24430] RAX: ffffffffffffffda RBX: 00007fed8f1e5fa0 RCX: 00007fed8ef8eec9
[  563.397470][T24430] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005
[  563.397483][T24430] RBP: 00007fed8f011f91 R08: 0000000000000004 R09: 0000000000000000
[  563.397496][T24430] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[  563.397509][T24430] R13: 00007fed8f1e6038 R14: 00007fed8f1e5fa0 R15: 00007ffec9747ac8
[  563.397544][T24430]  </TASK>
[  563.397654][T24430] Mem-Info:
[  563.630502][T24440] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  563.727948][T24430] active_anon:6543 inactive_anon:0 isolated_anon:0
[  563.727948][T24430]  active_file:3404 inactive_file:40068 isolated_file:0
[  563.727948][T24430]  unevictable:768 dirty:261 writeback:0
[  563.727948][T24430]  slab_reclaimable:13013 slab_unreclaimable:148606
[  563.727948][T24430]  mapped:31190 shmem:3139 pagetables:1118
[  563.727948][T24430]  sec_pagetables:0 bounce:0
[  563.727948][T24430]  kernel_misc_reclaimable:0
[  563.727948][T24430]  free:1273872 free_pcp:9833 free_cma:0
[  563.834764][T24430] Node 0 active_anon:27448kB inactive_anon:0kB active_file:13616kB inactive_file:160068kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126520kB dirty:1044kB writeback:0kB shmem:12608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14476kB pagetables:4080kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  563.921357][T24430] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  563.929447][T24440] tipc: Disabling bearer <eth:syzkaller0>
[  563.958663][T24430] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  563.994765][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  563.999528][T24430] lowmem_reserve[]: 0 2501 2503 2503 2503
[  564.009250][T24430] Node 0 DMA32 free:1179712kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30148kB inactive_anon:0kB active_file:13616kB inactive_file:160068kB unevictable:1536kB writepending:1044kB zspages:0kB present:3129332kB managed:2561672kB mlocked:0kB bounce:0kB free_pcp:26944kB local_pcp:14816kB free_cma:0kB
[  564.047040][T24430] lowmem_reserve[]: 0 0 1 1 1
[  564.052126][T24430] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  564.088647][T24430] lowmem_reserve[]: 0 0 0 0 0
[  564.093576][T24430] Node 1 Normal free:3896568kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:14040kB local_pcp:5864kB free_cma:0kB
[  564.153208][T24430] lowmem_reserve[]: 0 0 0 0 0
[  564.159250][T24430] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  564.173142][T24430] Node 0 DMA32: 3124*4kB (UM) 1537*8kB (UME) 671*16kB (UME) 1051*32kB (UME) 440*64kB (UME) 84*128kB (UME) 26*256kB (UM) 18*512kB (UME) 7*1024kB (UME) 4*2048kB (UM) 254*4096kB (UM) = 1179688kB
[  564.193033][T24430] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  564.207657][T24430] Node 1 Normal: 210*4kB (UME) 54*8kB (UME) 30*16kB (UME) 213*32kB (UME) 58*64kB (UME) 12*128kB (UME) 5*256kB (UM) 5*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3896568kB
[  564.274787][T24430] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  564.307930][T24430] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  564.318361][T24430] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  564.330132][T24430] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  564.339860][T24430] 46980 total pagecache pages
[  564.344616][T24430] 0 pages in swap cache
[  564.351692][T24430] Free swap  = 124996kB
[  564.357589][T24430] Total swap = 124996kB
[  564.361895][T24430] 2097051 pages RAM
[  564.366182][T24430] 0 pages HighMem/MovableOnly
[  564.371191][T24430] 424543 pages reserved
[  564.377233][T24430] 0 pages cma reserved
[  564.532775][T24476] bond5: option packets_per_slave: mode dependency failed, not supported in mode active-backup(1)
[  564.548537][T24476] bond5 (unregistering): Released all slaves
[  564.623851][T24485] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.631369][T24485] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.737859][T24488] netlink: 'syz.4.5367': attribute type 2 has an invalid length.
[  564.903190][T24495] __nla_validate_parse: 15 callbacks suppressed
[  564.903211][T24495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5369'.
[  564.919755][T24495] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  564.927864][T24495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.024795][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  565.191821][T24508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5372'.
[  565.469226][T24513] netlink: 'syz.3.5374': attribute type 1 has an invalid length.
[  565.478337][T24513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5374'.
[  566.167572][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  566.622806][T24521] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5377'.
[  566.644459][T24522] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5376'.
[  566.656340][T24522] sctp: [Deprecated]: syz.4.5376 (pid 24522) Use of struct sctp_assoc_value in delayed_ack socket option.
[  566.656340][T24522] Use struct sctp_sack_info instead
[  566.995201][T24549] 8021q: VLANs not supported on ip_vti0
[  567.136397][T24561] netlink: 'syz.4.5390': attribute type 6 has an invalid length.
[  567.184988][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  567.332385][T24570] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  567.516076][T24590] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5397'.
[  567.778625][T24609] netlink: 'syz.0.5402': attribute type 1 has an invalid length.
[  567.796570][T24609] netlink: 'syz.0.5402': attribute type 4 has an invalid length.
[  567.804336][T24609] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.5402'.
[  567.880356][T24614] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5403'.
[  567.911454][T24613] netlink: 'syz.4.5403': attribute type 1 has an invalid length.
[  567.925843][T24616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5402'.
[  567.925843][T24615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5402'.
[  567.966034][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  567.978598][T24613] bond7: (slave gretap1): making interface the new active one
[  567.987648][T24613] bond7: (slave gretap1): Enslaving as an active interface with an up link
[  568.008021][T24616] bond3: left promiscuous mode
[  568.037695][T24616] bridge0: port 4(bond3) entered disabled state
[  568.069889][T24616] team0: left allmulticast mode
[  568.078564][T24616] team_slave_0: left allmulticast mode
[  568.089907][T24616] team_slave_1: left allmulticast mode
[  568.101361][T24616] team0: left promiscuous mode
[  568.115436][T24616] team_slave_0: left promiscuous mode
[  568.128930][T24616] team_slave_1: left promiscuous mode
[  568.135113][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  568.135988][T24616] bridge0: port 3(team0) entered disabled state
[  568.156638][T24616] bridge_slave_1: left allmulticast mode
[  568.162320][T24616] bridge_slave_1: left promiscuous mode
[  568.168497][T24616] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.180443][T24616] bridge_slave_0: left allmulticast mode
[  568.186792][T24616] bridge_slave_0: left promiscuous mode
[  568.192704][T24616] bridge0: port 1(bridge_slave_0) entered disabled state
[  568.271655][T24613] 8021q: adding VLAN 0 to HW filter on device bond7
[  568.385368][T24640] netlink: 'syz.2.5407': attribute type 9 has an invalid length.
[  568.666535][T24657] bridge6: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  568.796133][T24664] bond5 (unregistering): Released all slaves
[  568.815068][T24677] netlink: 'syz.0.5417': attribute type 4 has an invalid length.
[  568.842931][T24667] netlink: 'syz.3.5416': attribute type 3 has an invalid length.
[  568.862212][T24677] netlink: 'syz.0.5417': attribute type 4 has an invalid length.
[  569.284859][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  569.906705][T24743] __nla_validate_parse: 7 callbacks suppressed
[  569.906724][T24743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5435'.
[  569.959643][T24747] bond8 (unregistering): Released all slaves
[  569.986934][T24750] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5437'.
[  570.129734][T24743] hsr_slave_1 (unregistering): left promiscuous mode
[  570.265096][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  570.292375][T24750] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5437'.
[  570.376742][T24776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5443'.
[  570.400845][T24776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5443'.
[  570.556540][T24786] bridge5: entered promiscuous mode
[  570.561940][T24786] bridge5: entered allmulticast mode
[  570.613495][T24792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5450'.
[  570.873018][T24783] bond1: left promiscuous mode
[  570.878433][T24783] bond1: left allmulticast mode
[  570.884615][T24783] bond2: left promiscuous mode
[  570.890080][T24783] bond2: left allmulticast mode
[  570.913153][T24783] veth0_macvtap: left allmulticast mode
[  570.919115][T24783] macvtap1: left allmulticast mode
[  570.935923][ T6021] vxcan1 speed is unknown, defaulting to 1000
[  570.944627][ T6021] syz2: Port: 1 Link DOWN
[  570.956254][ T5887] vxcan1 speed is unknown, defaulting to 1000
[  570.969742][T16614] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  570.994505][T16614] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  571.026405][T16614] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  571.046880][T16614] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  571.054040][T24811] netlink: 'syz.1.5456': attribute type 2 has an invalid length.
[  571.064199][T24812] netlink: 'syz.1.5456': attribute type 2 has an invalid length.
[  571.086792][T24811] netlink: 119 bytes leftover after parsing attributes in process `syz.1.5456'.
[  571.104579][T24812] netlink: 119 bytes leftover after parsing attributes in process `syz.1.5456'.
[  571.115321][T16614] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  571.123290][T24818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5455'.
[  571.128719][T16614] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  571.147157][T16614] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  571.156532][T16614] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  571.360849][T15191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.371229][T15191] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.590371][T24843] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5466'.
[  571.600961][T24850] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  571.669443][T24850] tipc: Disabling bearer <eth:syzkaller0>
[  572.177582][T24894] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  572.478783][T24907] syzkaller1: entered promiscuous mode
[  572.484294][T24907] syzkaller1: entered allmulticast mode
[  572.658891][T24921] delete_channel: no stack
[  573.000417][T24946] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  573.135573][T24951] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[  573.795269][T25004] netlink: 'syz.4.5508': attribute type 1 has an invalid length.
[  573.870961][T25006] IPVS: Unknown mcast interface: netpci0
[  574.050859][T25009] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  574.842448][T25046] netlink: 'syz.0.5522': attribute type 1 has an invalid length.
[  574.998812][T25049] veth5: entered promiscuous mode
[  575.077304][T25058] __nla_validate_parse: 6 callbacks suppressed
[  575.077322][T25058] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5524'.
[  575.078936][T25057] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5524'.
[  575.393051][T25075] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5528'.
[  575.551037][T25078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5530'.
[  575.583478][T25077] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5530'.
[  575.703250][T25090] netlink: 'syz.2.5533': attribute type 2 has an invalid length.
[  575.733620][T25090] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5533'.
[  575.744638][T25092] netlink: 'syz.1.5534': attribute type 1 has an invalid length.
[  575.788519][T25094] netlink: 'syz.3.5536': attribute type 1 has an invalid length.
[  575.798564][T25101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5538'.
[  575.848707][T25092] 8021q: adding VLAN 0 to HW filter on device bond5
[  575.866217][T25094] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR
[  575.977598][T25105] bond5: (slave veth5): Enslaving as an active interface with a down link
[  576.002513][T25115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  576.040750][T25108] syzkaller0: entered promiscuous mode
[  576.054812][T25108] syzkaller0: entered allmulticast mode
[  576.131351][T25108] tipc: Resetting bearer <eth:syzkaller0>
[  576.188812][T25130] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  576.216211][T25106] tipc: Resetting bearer <eth:syzkaller0>
[  576.293919][T25106] tipc: Disabling bearer <eth:syzkaller0>
[  576.306899][T25139] netlink: 'syz.4.5547': attribute type 1 has an invalid length.
[  576.323734][T25139] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5547'.
[  576.690975][T25165] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5555'.
[  576.770629][T25173] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5556'.
[  577.126860][T25194] nbd: must specify an index to disconnect
[  577.206495][T25197] netlink: 'syz.2.5563': attribute type 10 has an invalid length.
[  577.297200][T25197] netlink: 'syz.2.5563': attribute type 10 has an invalid length.
[  577.327600][T25197] netlink: 'syz.2.5563': attribute type 10 has an invalid length.
[  577.352893][T25203] 8�: entered promiscuous mode
[  577.370261][T25197] netlink: 'syz.2.5563': attribute type 10 has an invalid length.
[  577.686390][T25221] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  577.707881][T25221] bond0 (unregistering): Released all slaves
[  577.911541][T25237] erspan0: left promiscuous mode
[  578.078284][T25246] syz_tun (unregistering): left allmulticast mode
[  578.090582][T25246] syz_tun (unregistering): left promiscuous mode
[  578.104117][T25246] bridge0: port 3(syz_tun) entered disabled state
[  578.478428][T25263] bond6 (unregistering): Released all slaves
[  579.598168][   T24] IPVS: starting estimator thread 0...
[  579.643604][T25309] 8021q: VLANs not supported on ip_vti0
[  579.714825][T25310] IPVS: using max 28 ests per chain, 67200 per kthread
[  580.040503][T25336] vlan0: left promiscuous mode
[  580.091332][T25338] __nla_validate_parse: 6 callbacks suppressed
[  580.091352][T25338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5609'.
[  580.125889][T25338] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5609'.
[  580.147081][T25340] validate_nla: 33 callbacks suppressed
[  580.147102][T25340] netlink: 'syz.3.5609': attribute type 12 has an invalid length.
[  580.171531][T25340] netlink: 'syz.3.5609': attribute type 29 has an invalid length.
[  580.193677][T25340] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5609'.
[  580.220331][T25340] netlink: 'syz.3.5609': attribute type 1 has an invalid length.
[  580.243055][T25340] netlink: 'syz.3.5609': attribute type 2 has an invalid length.
[  580.259493][T25343] netlink: 548 bytes leftover after parsing attributes in process `syz.0.5610'.
[  580.268865][T25340] netlink: 3 bytes leftover after parsing attributes in process `syz.3.5609'.
[  580.287344][T19187] Bluetooth: hci1: command 0x0405 tx timeout
[  580.324003][T25322] vxcan1 speed is unknown, defaulting to 1000
[  580.463274][T25350] xt_TPROXY: Can be used only with -p tcp or -p udp
[  580.570138][T25353] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5612'.
[  580.926506][T25366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5615'.
[  580.995868][T25371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5618'.
[  581.038082][T25371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5618'.
[  581.112415][T25371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5618'.
[  582.052248][T25427] netlink: 'syz.1.5632': attribute type 1 has an invalid length.
[  582.075345][T25427] netlink: 'syz.1.5632': attribute type 1 has an invalid length.
[  582.106697][T25432] xt_CONNSECMARK: invalid mode: 0
[  582.432299][T25453] netlink: 'syz.1.5641': attribute type 30 has an invalid length.
[  582.774594][T25479] IPVS: set_ctl: invalid protocol: 51 100.1.1.1:20003
[  582.894362][T25484] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  582.940778][T25487] netlink: 'syz.0.5651': attribute type 1 has an invalid length.
[  583.327443][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  584.004368][T25498] gtp0: entered promiscuous mode
[  584.019240][T25498] gtp0: entered allmulticast mode
[  584.564577][T25500] vxcan1 speed is unknown, defaulting to 1000
[  584.587309][T25530] xt_TCPMSS: Only works on TCP SYN packets
[  584.748332][T25535] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  584.763449][T25535] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  584.773139][T25535] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  585.542857][T25586] netlink: 'syz.0.5684': attribute type 33 has an invalid length.
[  585.595992][T25586] __nla_validate_parse: 18 callbacks suppressed
[  585.596010][T25586] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5684'.
[  585.924370][T25604] gtp1: entered promiscuous mode
[  585.947792][T25604] gtp1: entered allmulticast mode
[  586.413709][T25647] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5703'.
[  586.451846][T25648] macvtap2: entered allmulticast mode
[  586.466734][T25648] veth0_macvtap: entered allmulticast mode
[  586.578480][T25655] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5705'.
[  586.640391][T25657] netlink: 'syz.0.5704': attribute type 33 has an invalid length.
[  586.649262][T25657] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5704'.
[  586.844537][T25668] netlink: 'syz.2.5708': attribute type 11 has an invalid length.
[  586.857468][T25668] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5708'.
[  586.870275][T25668] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5708'.
[  586.909860][T25670] netlink: 'syz.0.5709': attribute type 21 has an invalid length.
[  587.068414][T25684] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5715'.
[  587.091392][T25684] sctp: [Deprecated]: syz.0.5715 (pid 25684) Use of int in max_burst socket option.
[  587.091392][T25684] Use struct sctp_assoc_value instead
[  587.127447][T25684] sctp: [Deprecated]: syz.0.5715 (pid 25684) Use of struct sctp_assoc_value in delayed_ack socket option.
[  587.127447][T25684] Use struct sctp_sack_info instead
[  587.177722][T25689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5715'.
[  587.319738][T25703] netlink: 'syz.3.5719': attribute type 2 has an invalid length.
[  587.341274][T25702] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  587.366289][T25702] syzkaller0: entered promiscuous mode
[  587.371787][T25702] syzkaller0: entered allmulticast mode
[  587.403565][T25702] tipc: Resetting bearer <eth:syzkaller0>
[  587.662299][T25726] sctp: [Deprecated]: syz.2.5729 (pid 25726) Use of struct sctp_assoc_value in delayed_ack socket option.
[  587.662299][T25726] Use struct sctp_sack_info instead
[  587.711973][T25728] bridge5: the hash_elasticity option has been deprecated and is always 16
[  587.845741][T25735] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5731'.
[  587.864801][T25735] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5731'.
[  587.975825][T25740] lo: left promiscuous mode
[  587.988894][T25740] tipc: Resetting bearer <ib:gretap0>
[  588.046358][T25740] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.054149][T25740] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.068185][T25740] bond0: left allmulticast mode
[  588.073045][T25740] bond_slave_0: left allmulticast mode
[  588.079679][T25740] bond_slave_1: left allmulticast mode
[  588.127436][T25740] veth0_to_team: left promiscuous mode
[  588.132927][T25740] veth0_to_team: left allmulticast mode
[  588.227135][T25740] ip6gre1: left allmulticast mode
[  588.234007][T25740] vlan2: left allmulticast mode
[  588.239774][T25740] hsr0: left allmulticast mode
[  588.244535][T25740] hsr_slave_0: left allmulticast mode
[  588.252156][T25740] hsr_slave_1: left allmulticast mode
[  588.330313][T25744] geneve3: entered promiscuous mode
[  588.344474][T25744] geneve3: entered allmulticast mode
[  588.364538][T25701] tipc: Resetting bearer <eth:syzkaller0>
[  588.467136][T25701] tipc: Disabling bearer <eth:syzkaller0>
[  588.523124][T25759] netlink: ct family unspecified
[  588.545969][T25759] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  588.916819][T25778] xt_SECMARK: invalid mode: 9
[  589.648453][T25827] xt_TCPMSS: Only works on TCP SYN packets
[  589.966447][T19187] Bluetooth: hci0: command 0x0406 tx timeout
[  589.973146][ T5841] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  590.016694][T25853] tc_dump_action: action bad kind
[  590.041879][T25853] netlink: ct family unspecified
[  590.060271][T25853] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  590.178523][T16611] smc: removing ib device syz2
[  590.216824][T25862] openvswitch: netlink: Flow key attr not present in new flow.
[  590.253542][T25870] netlink: 'syz.3.5774': attribute type 1 has an invalid length.
[  590.468257][T25873] bond9: (slave bridge8): making interface the new active one
[  590.493718][T25873] bond9: (slave bridge8): Enslaving as an active interface with an up link
[  590.510021][T25875] netlink: 'syz.1.5778': attribute type 1 has an invalid length.
[  590.812241][T25893] netlink: 'syz.2.5783': attribute type 1 has an invalid length.
[  590.843748][T25903] __nla_validate_parse: 22 callbacks suppressed
[  590.843767][T25903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5784'.
[  590.917677][T25904] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5784'.
[  590.929424][T25904] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5784'.
[  591.095138][T25917] Bluetooth: hci0: invalid length 39, exp 2 for type 19
[  591.106266][T25917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5789'.
[  591.129292][T25917] bridge_slave_1: left allmulticast mode
[  591.146496][T25917] bridge_slave_1: left promiscuous mode
[  591.156859][T25917] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.187975][T25917] bridge_slave_0: left allmulticast mode
[  591.193659][T25917] bridge_slave_0: left promiscuous mode
[  591.215734][T25917] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.270182][T25928] netlink: 'syz.1.5792': attribute type 1 has an invalid length.
[  591.332660][T25930] xt_policy: too many policy elements
[  591.536726][T25928] 8021q: adding VLAN 0 to HW filter on device bond7
[  591.649723][T25933] bond7: (slave ip6erspan0): making interface the new active one
[  591.679648][T25933] bond7: (slave ip6erspan0): Enslaving as an active interface with an up link
[  591.724063][T25940] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  592.149812][T25958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5801'.
[  592.187020][T25958] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5801'.
[  592.483450][T25976] netlink: 'syz.1.5808': attribute type 1 has an invalid length.
[  592.522285][T25974] netlink: 'syz.0.5806': attribute type 1 has an invalid length.
[  592.559830][T25976] bond8: entered promiscuous mode
[  592.575789][T25976] 8021q: adding VLAN 0 to HW filter on device bond8
[  592.624558][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5809'.
[  592.797477][T25994] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5814'.
[  592.828087][T25994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5814'.
[  592.860844][T16611] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  592.860864][T25994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5814'.
[  592.921140][T16611] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  592.952230][T16611] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  592.966478][T16611] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  593.063552][T26013] macsec0: entered promiscuous mode
[  593.071464][T26013] macsec0: entered allmulticast mode
[  593.078494][T26013] veth1_macvtap: entered allmulticast mode
[  593.084567][T26013] macsec0: left promiscuous mode
[  593.090877][T26013] macsec0: left allmulticast mode
[  593.097111][T26013] veth1_macvtap: left allmulticast mode
[  593.114649][T26015] bond0: option ad_select: unable to set because the bond device is up
[  593.244124][T26020] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  593.587199][T26044] netlink: 'syz.1.5826': attribute type 2 has an invalid length.
[  593.841509][T26062] dvmrp0: entered allmulticast mode
[  593.891309][T26068] netlink: 'syz.2.5833': attribute type 1 has an invalid length.
[  593.925362][T26071] netlink: 'syz.0.5836': attribute type 11 has an invalid length.
[  594.009705][T26066] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  594.297587][T26084] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  594.305207][T26084] syzkaller0: entered promiscuous mode
[  594.310794][T26084] syzkaller0: entered allmulticast mode
[  594.323692][T26084] tipc: Resetting bearer <eth:syzkaller0>
[  594.336299][T26083] tipc: Resetting bearer <eth:syzkaller0>
[  594.352306][T19187] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  594.367447][T26083] tipc: Disabling bearer <eth:syzkaller0>
[  594.377303][T19187] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  594.389292][T19187] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  594.407514][T19187] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  594.417067][T19187] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  594.443704][T26087] bond0 (unregistering): Released all slaves
[  594.738847][T26107] team0 (unregistering): Port device team_slave_0 removed
[  594.757599][T26107] team0 (unregistering): Port device team_slave_1 removed
[  594.888651][T26111] x_tables: duplicate underflow at hook 2
[  595.061931][T26123] FAULT_INJECTION: forcing a failure.
[  595.061931][T26123] name failslab, interval 1, probability 0, space 0, times 0
[  595.105381][T26123] CPU: 1 UID: 0 PID: 26123 Comm: syz.2.5849 Not tainted syzkaller #0 PREEMPT(full) 
[  595.105409][T26123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  595.105421][T26123] Call Trace:
[  595.105429][T26123]  <TASK>
[  595.105438][T26123]  dump_stack_lvl+0x189/0x250
[  595.105464][T26123]  ? __pfx____ratelimit+0x10/0x10
[  595.105486][T26123]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.105506][T26123]  ? __pfx__printk+0x10/0x10
[  595.105529][T26123]  ? __pfx___might_resched+0x10/0x10
[  595.105548][T26123]  ? fs_reclaim_acquire+0x7d/0x100
[  595.105579][T26123]  should_fail_ex+0x414/0x560
[  595.105606][T26123]  should_failslab+0xa8/0x100
[  595.105626][T26123]  kmem_cache_alloc_node_noprof+0x77/0x710
[  595.105651][T26123]  ? __alloc_skb+0x112/0x2d0
[  595.105669][T26123]  ? netlink_autobind+0xdb/0x300
[  595.105694][T26123]  __alloc_skb+0x112/0x2d0
[  595.105717][T26123]  netlink_sendmsg+0x5c6/0xb30
[  595.105746][T26123]  ? __pfx_netlink_sendmsg+0x10/0x10
[  595.105769][T26123]  ? aa_sock_msg_perm+0xf1/0x1d0
[  595.105796][T26123]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  595.105813][T26123]  ? __pfx_netlink_sendmsg+0x10/0x10
[  595.105833][T26123]  __sock_sendmsg+0x21c/0x270
[  595.105861][T26123]  ____sys_sendmsg+0x505/0x830
[  595.105887][T26123]  ? __pfx_____sys_sendmsg+0x10/0x10
[  595.105927][T26123]  ? import_iovec+0x74/0xa0
[  595.105949][T26123]  ___sys_sendmsg+0x21f/0x2a0
[  595.105974][T26123]  ? __pfx____sys_sendmsg+0x10/0x10
[  595.106031][T26123]  ? __fget_files+0x2a/0x420
[  595.106046][T26123]  ? __fget_files+0x3a0/0x420
[  595.106072][T26123]  __x64_sys_sendmsg+0x19b/0x260
[  595.106096][T26123]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  595.106126][T26123]  ? __pfx_ksys_write+0x10/0x10
[  595.106155][T26123]  ? do_syscall_64+0xbe/0xfa0
[  595.106179][T26123]  do_syscall_64+0xfa/0xfa0
[  595.106199][T26123]  ? lockdep_hardirqs_on+0x9c/0x150
[  595.106222][T26123]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.106240][T26123]  ? clear_bhb_loop+0x60/0xb0
[  595.106264][T26123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.106283][T26123] RIP: 0033:0x7efe5698eec9
[  595.106301][T26123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.106318][T26123] RSP: 002b:00007efe57754038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  595.106340][T26123] RAX: ffffffffffffffda RBX: 00007efe56be5fa0 RCX: 00007efe5698eec9
[  595.106355][T26123] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003
[  595.106367][T26123] RBP: 00007efe57754090 R08: 0000000000000000 R09: 0000000000000000
[  595.106379][T26123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.106391][T26123] R13: 00007efe56be6038 R14: 00007efe56be5fa0 R15: 00007ffd5e8bd878
[  595.106422][T26123]  </TASK>
[  595.693624][T26086] chnl_net:caif_netlink_parms(): no params data found
[  595.858681][T26086] bridge0: port 1(bridge_slave_0) entered blocking state
[  595.869106][T26086] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.877048][T26086] bridge_slave_0: entered allmulticast mode
[  595.885722][T26086] bridge_slave_0: entered promiscuous mode
[  595.900222][T26086] bridge0: port 2(bridge_slave_1) entered blocking state
[  595.915410][T26086] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.922680][T26086] bridge_slave_1: entered allmulticast mode
[  595.940350][T26086] bridge_slave_1: entered promiscuous mode
[  595.997433][T26168] __nla_validate_parse: 10 callbacks suppressed
[  595.997451][T26168] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5857'.
[  595.997909][T26086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  596.028048][T26168] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  596.048883][T26086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  596.114511][T26086] team0: Port device team_slave_0 added
[  596.115990][T26173] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  596.123298][T26086] team0: Port device team_slave_1 added
[  596.152765][T26175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5860'.
[  596.222303][T26179] x_tables: ip6_tables: mh match: only valid for protocol 135
[  596.231879][T26175] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.5860'.
[  596.253903][T26086] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.265372][T26086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  596.272947][T26182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5863'.
[  596.292474][T26086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.312295][T26175] netlink: 'syz.1.5860': attribute type 4 has an invalid length.
[  596.326328][T26086] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.334951][T26086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  596.363567][T26086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.446171][ T5841] Bluetooth: hci2: command tx timeout
[  596.501411][T26086] hsr_slave_0: entered promiscuous mode
[  596.508525][T26086] hsr_slave_1: entered promiscuous mode
[  596.516213][T26086] debugfs: 'hsr0' already exists in 'hsr'
[  596.522071][T26086] Cannot create hsr debugfs directory
[  596.818253][   T30] audit: type=1107 audit(1760562391.509:4): pid=26202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً�5����%��U�A����٠�0���l�t�ݕ/�� �6򊨊�'
[  596.841370][   T30] audit: type=1107 audit(1760562391.539:5): pid=26202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً�5����%��U�A����٠�0���l�t�ݕ/�� �6򊨊�'
[  596.921618][T26211] FAULT_INJECTION: forcing a failure.
[  596.921618][T26211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  596.947884][T26211] CPU: 0 UID: 0 PID: 26211 Comm: syz.0.5872 Not tainted syzkaller #0 PREEMPT(full) 
[  596.947911][T26211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  596.947922][T26211] Call Trace:
[  596.947930][T26211]  <TASK>
[  596.947938][T26211]  dump_stack_lvl+0x189/0x250
[  596.947962][T26211]  ? __pfx____ratelimit+0x10/0x10
[  596.947985][T26211]  ? __pfx_dump_stack_lvl+0x10/0x10
[  596.948011][T26211]  ? __pfx__printk+0x10/0x10
[  596.948030][T26211]  ? __might_fault+0xb0/0x130
[  596.948066][T26211]  should_fail_ex+0x414/0x560
[  596.948092][T26211]  _copy_from_iter+0x1de/0x1790
[  596.948122][T26211]  ? rcu_is_watching+0x15/0xb0
[  596.948144][T26211]  ? kmalloc_reserve+0xbd/0x290
[  596.948164][T26211]  ? __pfx__copy_from_iter+0x10/0x10
[  596.948193][T26211]  ? __build_skb_around+0x262/0x3f0
[  596.948216][T26211]  ? netlink_sendmsg+0x642/0xb30
[  596.948234][T26211]  ? skb_put+0x11b/0x210
[  596.948257][T26211]  netlink_sendmsg+0x6b2/0xb30
[  596.948285][T26211]  ? __pfx_netlink_sendmsg+0x10/0x10
[  596.948309][T26211]  ? aa_sock_msg_perm+0xf1/0x1d0
[  596.948334][T26211]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  596.948350][T26211]  ? __pfx_netlink_sendmsg+0x10/0x10
[  596.948369][T26211]  __sock_sendmsg+0x21c/0x270
[  596.948397][T26211]  ____sys_sendmsg+0x505/0x830
[  596.948423][T26211]  ? __pfx_____sys_sendmsg+0x10/0x10
[  596.948453][T26211]  ? import_iovec+0x74/0xa0
[  596.948474][T26211]  ___sys_sendmsg+0x21f/0x2a0
[  596.948497][T26211]  ? __pfx____sys_sendmsg+0x10/0x10
[  596.948554][T26211]  ? __fget_files+0x2a/0x420
[  596.948570][T26211]  ? __fget_files+0x3a0/0x420
[  596.948598][T26211]  __x64_sys_sendmsg+0x19b/0x260
[  596.948623][T26211]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  596.948657][T26211]  ? __pfx_ksys_write+0x10/0x10
[  596.948683][T26211]  ? do_syscall_64+0xbe/0xfa0
[  596.948709][T26211]  do_syscall_64+0xfa/0xfa0
[  596.948729][T26211]  ? lockdep_hardirqs_on+0x9c/0x150
[  596.948748][T26211]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.948767][T26211]  ? clear_bhb_loop+0x60/0xb0
[  596.948789][T26211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.948807][T26211] RIP: 0033:0x7f49ee18eec9
[  596.948824][T26211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.948841][T26211] RSP: 002b:00007f49eef9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  596.948862][T26211] RAX: ffffffffffffffda RBX: 00007f49ee3e5fa0 RCX: 00007f49ee18eec9
[  596.948877][T26211] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003
[  596.948889][T26211] RBP: 00007f49eef9e090 R08: 0000000000000000 R09: 0000000000000000
[  596.948901][T26211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  596.948912][T26211] R13: 00007f49ee3e6038 R14: 00007f49ee3e5fa0 R15: 00007ffc2209ad38
[  596.948944][T26211]  </TASK>
[  597.285336][T26215] xt_CT: You must specify a L4 protocol and not use inversions on it
[  597.357250][T26220] xt_CT: You must specify a L4 protocol and not use inversions on it
[  597.430033][T26086] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.512984][T26086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.597120][T26086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.710288][T26247] FAULT_INJECTION: forcing a failure.
[  597.710288][T26247] name failslab, interval 1, probability 0, space 0, times 0
[  597.723513][T26247] CPU: 0 UID: 0 PID: 26247 Comm: syz.0.5884 Not tainted syzkaller #0 PREEMPT(full) 
[  597.723539][T26247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  597.723550][T26247] Call Trace:
[  597.723558][T26247]  <TASK>
[  597.723566][T26247]  dump_stack_lvl+0x189/0x250
[  597.723592][T26247]  ? __pfx____ratelimit+0x10/0x10
[  597.723614][T26247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  597.723634][T26247]  ? __pfx__printk+0x10/0x10
[  597.723658][T26247]  ? __lock_acquire+0xab9/0xd20
[  597.723684][T26247]  should_fail_ex+0x414/0x560
[  597.723711][T26247]  should_failslab+0xa8/0x100
[  597.723732][T26247]  kmem_cache_alloc_noprof+0x74/0x6e0
[  597.723758][T26247]  ? skb_clone+0x212/0x3a0
[  597.723787][T26247]  skb_clone+0x212/0x3a0
[  597.723814][T26247]  __netlink_deliver_tap+0x404/0x850
[  597.723849][T26247]  ? netlink_deliver_tap+0x2e/0x1b0
[  597.723879][T26247]  netlink_deliver_tap+0x19c/0x1b0
[  597.723900][T26247]  netlink_unicast+0x7fa/0x9e0
[  597.723938][T26247]  ? __pfx_netlink_unicast+0x10/0x10
[  597.723969][T26247]  ? netlink_sendmsg+0x642/0xb30
[  597.723987][T26247]  ? skb_put+0x11b/0x210
[  597.724012][T26247]  netlink_sendmsg+0x805/0xb30
[  597.724042][T26247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  597.724066][T26247]  ? aa_sock_msg_perm+0xf1/0x1d0
[  597.724094][T26247]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  597.724112][T26247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  597.724134][T26247]  __sock_sendmsg+0x21c/0x270
[  597.724165][T26247]  ____sys_sendmsg+0x505/0x830
[  597.724194][T26247]  ? __pfx_____sys_sendmsg+0x10/0x10
[  597.724227][T26247]  ? import_iovec+0x74/0xa0
[  597.724249][T26247]  ___sys_sendmsg+0x21f/0x2a0
[  597.724275][T26247]  ? __pfx____sys_sendmsg+0x10/0x10
[  597.724337][T26247]  ? __fget_files+0x2a/0x420
[  597.724353][T26247]  ? __fget_files+0x3a0/0x420
[  597.724381][T26247]  __x64_sys_sendmsg+0x19b/0x260
[  597.724407][T26247]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  597.724440][T26247]  ? __pfx_ksys_write+0x10/0x10
[  597.724471][T26247]  ? do_syscall_64+0xbe/0xfa0
[  597.724499][T26247]  do_syscall_64+0xfa/0xfa0
[  597.724520][T26247]  ? lockdep_hardirqs_on+0x9c/0x150
[  597.724543][T26247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.724562][T26247]  ? clear_bhb_loop+0x60/0xb0
[  597.724586][T26247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.724604][T26247] RIP: 0033:0x7f49ee18eec9
[  597.724622][T26247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  597.724639][T26247] RSP: 002b:00007f49eef9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  597.724662][T26247] RAX: ffffffffffffffda RBX: 00007f49ee3e5fa0 RCX: 00007f49ee18eec9
[  597.724676][T26247] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003
[  597.724687][T26247] RBP: 00007f49eef9e090 R08: 0000000000000000 R09: 0000000000000000
[  597.724698][T26247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  597.724708][T26247] R13: 00007f49ee3e6038 R14: 00007f49ee3e5fa0 R15: 00007ffc2209ad38
[  597.724741][T26247]  </TASK>
[  598.021822][T26086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.345128][T26262] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5889'.
[  598.359182][T26269] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5891'.
[  598.360524][T26086] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  598.385050][T26271] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5891'.
[  598.401234][T26086] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  598.427794][T26269] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5891'.
[  598.444925][T26086] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  598.492955][T26269] 0��{X��: renamed from gretap0
[  598.514233][T26269] 0��{X��: entered allmulticast mode
[  598.529546][ T5841] Bluetooth: hci2: command tx timeout
[  598.541837][T26281] FAULT_INJECTION: forcing a failure.
[  598.541837][T26281] name failslab, interval 1, probability 0, space 0, times 0
[  598.549450][T26269] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  598.558697][T26281] CPU: 0 UID: 0 PID: 26281 Comm: syz.0.5894 Not tainted syzkaller #0 PREEMPT(full) 
[  598.558723][T26281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  598.558735][T26281] Call Trace:
[  598.558742][T26281]  <TASK>
[  598.558755][T26281]  dump_stack_lvl+0x189/0x250
[  598.558786][T26281]  ? __pfx____ratelimit+0x10/0x10
[  598.558809][T26281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  598.558829][T26281]  ? __pfx__printk+0x10/0x10
[  598.558854][T26281]  ? __pfx___might_resched+0x10/0x10
[  598.558879][T26281]  should_fail_ex+0x414/0x560
[  598.558906][T26281]  should_failslab+0xa8/0x100
[  598.558926][T26281]  kmem_cache_alloc_node_noprof+0x77/0x710
[  598.558952][T26281]  ? __alloc_skb+0x112/0x2d0
[  598.558977][T26281]  __alloc_skb+0x112/0x2d0
[  598.558999][T26281]  netlink_ack+0x146/0xa50
[  598.559036][T26281]  netlink_rcv_skb+0x28c/0x470
[  598.559052][T26281]  ? lockdep_hardirqs_on+0x9c/0x150
[  598.559075][T26281]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  598.559105][T26281]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  598.559136][T26281]  ? bpf_lsm_capable+0x9/0x20
[  598.559157][T26281]  ? security_capable+0x7e/0x2e0
[  598.559188][T26281]  nfnetlink_rcv+0x282/0x2590
[  598.559217][T26281]  ? __dev_queue_xmit+0x27b/0x3b50
[  598.559243][T26281]  ? __dev_queue_xmit+0x1d79/0x3b50
[  598.559264][T26281]  ? kasan_save_track+0x3e/0x80
[  598.559287][T26281]  ? __kasan_slab_alloc+0x6c/0x80
[  598.559322][T26281]  ? __dev_queue_xmit+0x27b/0x3b50
[  598.559357][T26281]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  598.559384][T26281]  ? __pfx___dev_queue_xmit+0x10/0x10
[  598.559421][T26281]  ? ref_tracker_free+0x63a/0x7d0
[  598.559445][T26281]  ? __asan_memcpy+0x40/0x70
[  598.559467][T26281]  ? __pfx_ref_tracker_free+0x10/0x10
[  598.559506][T26281]  ? skb_clone+0x246/0x3a0
[  598.559531][T26281]  ? __netlink_deliver_tap+0x807/0x850
[  598.559550][T26281]  ? netlink_deliver_tap+0x2e/0x1b0
[  598.559576][T26281]  ? netlink_deliver_tap+0x2e/0x1b0
[  598.559602][T26281]  netlink_unicast+0x82c/0x9e0
[  598.559639][T26281]  ? __pfx_netlink_unicast+0x10/0x10
[  598.559668][T26281]  ? netlink_sendmsg+0x642/0xb30
[  598.559686][T26281]  ? skb_put+0x11b/0x210
[  598.559709][T26281]  netlink_sendmsg+0x805/0xb30
[  598.559738][T26281]  ? __pfx_netlink_sendmsg+0x10/0x10
[  598.559761][T26281]  ? aa_sock_msg_perm+0xf1/0x1d0
[  598.559793][T26281]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  598.559811][T26281]  ? __pfx_netlink_sendmsg+0x10/0x10
[  598.559832][T26281]  __sock_sendmsg+0x21c/0x270
[  598.559861][T26281]  ____sys_sendmsg+0x505/0x830
[  598.559889][T26281]  ? __pfx_____sys_sendmsg+0x10/0x10
[  598.559920][T26281]  ? import_iovec+0x74/0xa0
[  598.559941][T26281]  ___sys_sendmsg+0x21f/0x2a0
[  598.559965][T26281]  ? __pfx____sys_sendmsg+0x10/0x10
[  598.560023][T26281]  ? __fget_files+0x2a/0x420
[  598.560038][T26281]  ? __fget_files+0x3a0/0x420
[  598.560065][T26281]  __x64_sys_sendmsg+0x19b/0x260
[  598.560089][T26281]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  598.560121][T26281]  ? __pfx_ksys_write+0x10/0x10
[  598.560150][T26281]  ? do_syscall_64+0xbe/0xfa0
[  598.560176][T26281]  do_syscall_64+0xfa/0xfa0
[  598.560197][T26281]  ? lockdep_hardirqs_on+0x9c/0x150
[  598.560218][T26281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.560237][T26281]  ? clear_bhb_loop+0x60/0xb0
[  598.560259][T26281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.560277][T26281] RIP: 0033:0x7f49ee18eec9
[  598.560293][T26281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.560309][T26281] RSP: 002b:00007f49eef9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  598.560329][T26281] RAX: ffffffffffffffda RBX: 00007f49ee3e5fa0 RCX: 00007f49ee18eec9
[  598.560343][T26281] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003
[  598.560355][T26281] RBP: 00007f49eef9e090 R08: 0000000000000000 R09: 0000000000000000
[  598.560367][T26281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.560378][T26281] R13: 00007f49ee3e6038 R14: 00007f49ee3e5fa0 R15: 00007ffc2209ad38
[  598.560409][T26281]  </TASK>
[  598.745683][T26286] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  598.755934][T26086] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  598.890456][T26290] netlink: 'syz.2.5897': attribute type 10 has an invalid length.
[  598.917010][T26292] netlink: 'syz.1.5898': attribute type 21 has an invalid length.
[  598.990029][T26294] IPv6: NLM_F_REPLACE set, but no existing node found!
[  598.995662][T26292] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5898'.
[  599.209527][T26310] veth0_to_team: entered promiscuous mode
[  599.215546][T26310] veth0_to_team: entered allmulticast mode
[  599.302029][T26086] 8021q: adding VLAN 0 to HW filter on device bond0
[  599.360420][T26086] 8021q: adding VLAN 0 to HW filter on device team0
[  599.410986][T16611] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.418208][T16611] bridge0: port 1(bridge_slave_0) entered forwarding state
[  599.443852][T26319] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  599.455459][T26317] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  599.482427][ T6053] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.489617][ T6053] bridge0: port 2(bridge_slave_1) entered forwarding state
[  599.518278][T26325] netlink: ct family unspecified
[  599.523563][T26325] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  599.523714][T26319] syzkaller0: entered promiscuous mode
[  599.549473][T26319] syzkaller0: entered allmulticast mode
[  599.583533][T26317] tipc: Resetting bearer <eth:syzkaller0>
[  599.599822][T26316] tipc: Resetting bearer <eth:syzkaller0>
[  599.621355][T26316] tipc: Disabling bearer <eth:syzkaller0>
[  599.957267][T26086] 8021q: adding VLAN 0 to HW filter on device batadv0
[  600.019816][T26086] veth0_vlan: entered promiscuous mode
[  600.036607][T26086] veth1_vlan: entered promiscuous mode
[  600.082791][T26086] veth0_macvtap: entered promiscuous mode
[  600.101121][T26086] veth1_macvtap: entered promiscuous mode
[  600.143547][T26086] batman_adv: batadv0: Interface activated: batadv_slave_0
[  600.167246][T26086] batman_adv: batadv0: Interface activated: batadv_slave_1
[  600.183240][ T6053] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  600.301547][ T6053] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  600.329955][ T6053] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  600.367507][T26360] FAULT_INJECTION: forcing a failure.
[  600.367507][T26360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  600.387310][T26360] CPU: 1 UID: 0 PID: 26360 Comm: syz.4.5916 Not tainted syzkaller #0 PREEMPT(full) 
[  600.387336][T26360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  600.387348][T26360] Call Trace:
[  600.387355][T26360]  <TASK>
[  600.387364][T26360]  dump_stack_lvl+0x189/0x250
[  600.387389][T26360]  ? __pfx____ratelimit+0x10/0x10
[  600.387413][T26360]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.387433][T26360]  ? __pfx__printk+0x10/0x10
[  600.387453][T26360]  ? __might_fault+0xb0/0x130
[  600.387490][T26360]  should_fail_ex+0x414/0x560
[  600.387520][T26360]  _copy_from_user+0x2d/0xb0
[  600.387540][T26360]  kstrtouint_from_user+0xc4/0x170
[  600.387575][T26360]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  600.387621][T26360]  proc_fail_nth_write+0x88/0x200
[  600.387645][T26360]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  600.387675][T26360]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  600.387700][T26360]  vfs_write+0x27b/0xb30
[  600.387735][T26360]  ? __pfx_vfs_write+0x10/0x10
[  600.387763][T26360]  ? __fget_files+0x2a/0x420
[  600.387789][T26360]  ? __fget_files+0x3a0/0x420
[  600.387805][T26360]  ? __fget_files+0x2a/0x420
[  600.387832][T26360]  ksys_write+0x145/0x250
[  600.387861][T26360]  ? __pfx_ksys_write+0x10/0x10
[  600.387891][T26360]  ? do_syscall_64+0xbe/0xfa0
[  600.387919][T26360]  do_syscall_64+0xfa/0xfa0
[  600.387941][T26360]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.387963][T26360]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.387983][T26360]  ? clear_bhb_loop+0x60/0xb0
[  600.388007][T26360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.388026][T26360] RIP: 0033:0x7fed8ef8d97f
[  600.388044][T26360] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  600.388061][T26360] RSP: 002b:00007fed8ff06030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  600.388082][T26360] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fed8ef8d97f
[  600.388097][T26360] RDX: 0000000000000001 RSI: 00007fed8ff060a0 RDI: 0000000000000004
[  600.388110][T26360] RBP: 00007fed8ff06090 R08: 0000000000000000 R09: 0000000000000000
[  600.388123][T26360] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  600.388134][T26360] R13: 00007fed8f1e6038 R14: 00007fed8f1e5fa0 R15: 00007ffec9747ac8
[  600.388171][T26360]  </TASK>
[  600.407155][ T6053] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  600.630545][ T5841] Bluetooth: hci2: command tx timeout
[  600.818946][T26374] netlink: 'syz.4.5920': attribute type 1 has an invalid length.
[  600.885318][T16591] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.925255][T16591] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.955887][T26381] 8021q: adding VLAN 0 to HW filter on device bond10
[  600.967645][T26381] bond9: (slave bond10): making interface the new active one
[  600.978243][T26387] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5920'.
[  600.978681][T26381] bond9: (slave bond10): Enslaving as an active interface with an up link
[  600.998744][T26387] 8021q: adding VLAN 0 to HW filter on device bond9
[  601.007400][T26388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5923'.
[  601.047567][T26374] bond9: (slave gretap2): Enslaving as a backup interface with an up link
[  601.123269][ T6053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.132052][ T6053] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.221617][T26394] netlink: 'syz.2.5927': attribute type 23 has an invalid length.
[  601.278196][T26396] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5926'.
[  601.327887][T26402] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5928'.
[  601.379175][T26405] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5929'.
[  601.406758][T26405] netlink: 'syz.1.5929': attribute type 3 has an invalid length.
[  601.458173][T26408] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  601.599118][T26417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5934'.
[  601.626775][T26421] xt_l2tp: missing protocol rule (udp|l2tpip)
[  601.698740][T26428] sctp: [Deprecated]: syz.2.5935 (pid 26428) Use of struct sctp_assoc_value in delayed_ack socket option.
[  601.698740][T26428] Use struct sctp_sack_info instead
[  602.076924][T26443] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5942'.
[  602.088590][T26444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5940'.
[  602.118294][T26444] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  602.371310][T19187] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  602.386461][T19187] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  602.397489][T19187] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  602.409755][T19187] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  602.418478][T19187] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  602.687029][ T5841] Bluetooth: hci2: command tx timeout
[  602.749579][T26480] netlink: 'syz.1.5951': attribute type 19 has an invalid length.
[  602.822341][T26482] netlink: 'syz.3.5952': attribute type 4 has an invalid length.
[  602.878866][T26484] netlink: 'syz.3.5952': attribute type 4 has an invalid length.
[  603.040221][ T6053] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  603.080864][ T6053] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  603.125902][T26493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5954'.
[  603.135815][T26493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5954'.
[  603.144974][T26493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5954'.
[  603.213005][T26460] lec:lec_atm_close: lec0: Shut down!
[  603.220950][ T6053] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  603.267011][ T6053] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  603.370246][ T6053] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  603.395969][ T6053] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  603.407530][T26510] netlink: 'syz.3.5959': attribute type 1 has an invalid length.
[  603.418582][T26510] nbd: couldn't find a device at index 1
[  603.543452][ T6053] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0
[  603.563941][ T6053] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  604.062298][T26456] chnl_net:caif_netlink_parms(): no params data found
[  604.385426][T26549] dvmrp1: entered allmulticast mode
[  604.536069][ T5841] Bluetooth: hci4: command tx timeout
[  604.672338][T26456] bridge0: port 1(bridge_slave_0) entered blocking state
[  604.691399][T26456] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.709753][T26456] bridge_slave_0: entered allmulticast mode
[  604.723327][T26456] bridge_slave_0: entered promiscuous mode
[  604.759034][T26456] bridge0: port 2(bridge_slave_1) entered blocking state
[  604.773172][T26456] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.782333][T26456] bridge_slave_1: entered allmulticast mode
[  604.791960][T26456] bridge_slave_1: entered promiscuous mode
[  605.382389][ T6053] dvmrp1 (unregistering): left allmulticast mode
[  605.525656][ T6053] bond1 (unregistering): (slave bridge2): Releasing active interface
[  605.881343][ T6053] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.892412][ T6053] bond0 (unregistering): Released all slaves
[  605.905488][ T6053] bond1 (unregistering): Released all slaves
[  605.921692][ T6053] bond2 (unregistering): Released all slaves
[  606.018923][ T6053] bond3 (unregistering): Released all slaves
[  606.033483][T26456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  606.100751][T26616] lo: entered allmulticast mode
[  606.140298][T26456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  606.234072][ T6053] tipc: Left network mode
[  606.290992][T26456] team0: Port device team_slave_0 added
[  606.307546][T26624] __nla_validate_parse: 7 callbacks suppressed
[  606.307563][T26624] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5984'.
[  606.326580][T26456] team0: Port device team_slave_1 added
[  606.422395][T26456] batman_adv: batadv0: Adding interface: batadv_slave_0
[  606.443439][T26456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  606.507826][T26456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  606.567946][T26644] netlink: 364 bytes leftover after parsing attributes in process `syz.2.5991'.
[  606.599128][T26644] netlink: 'syz.2.5991': attribute type 32 has an invalid length.
[  606.608467][ T5841] Bluetooth: hci4: command tx timeout
[  606.638896][T26644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5991'.
[  606.688890][T26456] batman_adv: batadv0: Adding interface: batadv_slave_1
[  606.705793][T26456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  606.733225][T26456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  606.783706][T26644] bond0: Setting coupled_control to off (0)
[  607.051400][T26456] hsr_slave_0: entered promiscuous mode
[  607.082021][T26456] hsr_slave_1: entered promiscuous mode
[  607.091682][T26456] debugfs: 'hsr0' already exists in 'hsr'
[  607.098390][T26456] Cannot create hsr debugfs directory
[  607.199351][ T6053] hsr_slave_0: left promiscuous mode
[  607.206686][ T6053] hsr_slave_1: left promiscuous mode
[  607.212423][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  607.220205][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_0
[  607.236317][ T6053] veth1_macvtap: left promiscuous mode
[  607.241825][ T6053] veth0_macvtap: left promiscuous mode
[  607.247630][ T6053] veth1_vlan: left promiscuous mode
[  607.252963][ T6053] veth0_vlan: left promiscuous mode
[  608.347189][T26666] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5995'.
[  608.364449][T26667] tipc: Trying to set illegal importance in message
[  608.389350][T26672] sctp: [Deprecated]: syz.3.5996 (pid 26672) Use of struct sctp_assoc_value in delayed_ack socket option.
[  608.389350][T26672] Use struct sctp_sack_info instead
[  608.413388][T26672] sctp: [Deprecated]: syz.3.5996 (pid 26672) Use of struct sctp_assoc_value in delayed_ack socket option.
[  608.413388][T26672] Use struct sctp_sack_info instead
[  608.434435][T26456] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  608.492546][T26456] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  608.513049][ T6053] IPVS: stop unused estimator thread 0...
[  608.533054][T26456] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  608.554565][T26456] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  608.650932][T26684] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6001'.
[  608.666211][T26691] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6002'.
[  608.684938][ T5841] Bluetooth: hci4: command tx timeout
[  608.713263][T26693] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6002'.
[  608.884220][T26456] 8021q: adding VLAN 0 to HW filter on device bond0
[  608.921783][T26702] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6005'.
[  609.032828][T26456] 8021q: adding VLAN 0 to HW filter on device team0
[  609.063306][T16590] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.070525][T16590] bridge0: port 1(bridge_slave_0) entered forwarding state
[  609.097874][T26714] netlink: 'syz.3.6008': attribute type 1 has an invalid length.
[  609.116396][T26714] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6008'.
[  609.130397][T16590] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.137591][T16590] bridge0: port 2(bridge_slave_1) entered forwarding state
[  609.148431][T26714] netlink: 'syz.3.6008': attribute type 1 has an invalid length.
[  609.162870][T26714] netlink: 'syz.3.6008': attribute type 2 has an invalid length.
[  609.177355][T26714] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6008'.
[  609.293534][T26720] veth0: entered promiscuous mode
[  609.310217][T26719] veth0: left promiscuous mode
[  609.452565][T26731] xt_ecn: cannot match TCP bits for non-tcp packets
[  609.613520][T26456] 8021q: adding VLAN 0 to HW filter on device batadv0
[  609.734007][T26456] veth0_vlan: entered promiscuous mode
[  609.767213][T26456] veth1_vlan: entered promiscuous mode
[  609.859736][T26456] veth0_macvtap: entered promiscuous mode
[  609.877931][T26456] veth1_macvtap: entered promiscuous mode
[  609.919060][T26456] batman_adv: batadv0: Interface activated: batadv_slave_0
[  609.959124][T26456] batman_adv: batadv0: Interface activated: batadv_slave_1
[  609.998532][T25279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  610.011511][T25279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  610.037981][T25279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  610.049282][T25279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  610.076178][T26763] netlink: 'syz.3.6022': attribute type 29 has an invalid length.
[  610.164466][   T30] audit: type=1107 audit(1760562404.859:6): pid=26766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='��'3\5#
QG�U�$p�_���_)�<�����WDi�n��,��b���x	
[  610.164466][   T30] ����ʔl���a˺7�t,��L��RX��L?zL�0>$�0�}����	�wU'�@��QWw��o^��5'
[  610.203300][T26769] netlink: 'syz.3.6022': attribute type 3 has an invalid length.
[  610.263747][T26763] netlink: 'syz.3.6022': attribute type 29 has an invalid length.
[  610.303814][T26763] netlink: 'syz.3.6022': attribute type 29 has an invalid length.
[  610.313441][T26763] netlink: 'syz.3.6022': attribute type 29 has an invalid length.
[  610.332306][T25279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  610.354921][T25279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  610.412103][T16590] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  610.428766][T16590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  610.455747][T26777] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  610.512358][T26778] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  610.693404][T26795] erspan0: entered allmulticast mode
[  610.765411][ T5841] Bluetooth: hci4: command tx timeout
[  610.840544][T26798] delete_channel: no stack
[  611.099064][T26820] dvmrp1: entered allmulticast mode
[  611.307729][T26836] netlink: 'syz.2.6040': attribute type 1 has an invalid length.
[  611.316055][T26836] __nla_validate_parse: 5 callbacks suppressed
[  611.316092][T26836] netlink: 240 bytes leftover after parsing attributes in process `syz.2.6040'.
[  611.672561][T26849] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6048'.
[  611.823289][T26854] Cannot find add_set index 1 as target
[  612.006268][T19187] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  612.016543][T19187] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  612.024447][T19187] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  612.033331][T19187] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  612.041060][T19187] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  612.210157][T26870] bridge_slave_0: left allmulticast mode
[  612.216612][T26870] bridge_slave_0: left promiscuous mode
[  612.222665][T26870] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.232749][T26870] bridge_slave_1: left allmulticast mode
[  612.239126][T26870] bridge_slave_1: left promiscuous mode
[  612.245100][T26870] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.259238][T26870] bond0: (slave bond_slave_0): Releasing backup interface
[  612.282616][T26871] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6056'.
[  612.294213][T26870] bond0: (slave bond_slave_1): Releasing backup interface
[  612.323727][T26870] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  612.384124][T26870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6056'.
[  612.892576][T26858] chnl_net:caif_netlink_parms(): no params data found
[  612.987820][T26898] netlink: 72 bytes leftover after parsing attributes in process `syz.2.6065'.
[  613.109910][T26858] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.117649][T26858] bridge0: port 1(bridge_slave_0) entered disabled state
[  613.125597][T26858] bridge_slave_0: entered allmulticast mode
[  613.136093][T26858] bridge_slave_0: entered promiscuous mode
[  613.147646][T26858] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.156463][T26858] bridge0: port 2(bridge_slave_1) entered disabled state
[  613.167908][T26858] bridge_slave_1: entered allmulticast mode
[  613.195759][T26858] bridge_slave_1: entered promiscuous mode
[  613.239406][T26913] netlink: 'syz.0.6070': attribute type 1 has an invalid length.
[  613.248097][T26913] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6070'.
[  613.259046][T26913] nbd: illegal input index 1048576
[  613.356384][T26858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  613.368421][T26920] Bluetooth: MGMT ver 1.23
[  613.389972][T26858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  613.419646][T26926] "syz.4.6073" (26926) uses obsolete ecb(arc4) skcipher
[  613.429230][T26915] syzkaller1: entered promiscuous mode
[  613.429657][T26926] netlink: 'syz.4.6073': attribute type 1 has an invalid length.
[  613.437331][T26915] syzkaller1: entered allmulticast mode
[  613.447503][T26926] netlink: 236 bytes leftover after parsing attributes in process `syz.4.6073'.
[  613.494234][T26858] team0: Port device team_slave_0 added
[  613.504599][T26858] team0: Port device team_slave_1 added
[  613.530662][T26929] netlink: 'syz.0.6074': attribute type 1 has an invalid length.
[  613.600866][T26858] batman_adv: batadv0: Adding interface: batadv_slave_0
[  613.600974][T26929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6074'.
[  613.614705][T26858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  613.650361][T26858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  613.685130][T26858] batman_adv: batadv0: Adding interface: batadv_slave_1
[  613.692531][T26858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  613.721955][T26858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.743788][T26929] syzkaller0: entered promiscuous mode
[  613.750090][T26929] syzkaller0: entered allmulticast mode
[  613.786828][T26938] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6077'.
[  613.800326][T26940] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6077'.
[  613.922487][T26858] hsr_slave_0: entered promiscuous mode
[  613.937156][T26858] hsr_slave_1: entered promiscuous mode
[  613.958634][T26858] debugfs: 'hsr0' already exists in 'hsr'
[  613.964405][T26858] Cannot create hsr debugfs directory
[  614.019120][   T30] audit: type=1800 audit(1760562408.719:7): pid=26954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6081" name=4996AE17DFFC2E43C8174B54B620636894AAACF28FF62616363C70A440AEC4014CAF28C0ADC04308 dev="tmpfs" ino=70 res=0 errno=0
[  614.126682][T19187] Bluetooth: hci0: command tx timeout
[  614.171602][T26959] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  614.184054][T26961] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  614.256972][T26963] netem: change failed
[  614.341065][T26858] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  614.365589][T26858] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.445944][T26858] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  614.466976][T26858] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.554540][T26858] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  614.566171][T26858] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.660970][T26858] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  614.673323][T26858] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  615.039126][T26995] netlink: 'syz.3.6097': attribute type 10 has an invalid length.
[  615.087836][T26858] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  615.159293][T26999] ip6gre1: entered allmulticast mode
[  615.171828][T26858] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  615.200122][T26858] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  615.238647][T26858] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  615.394288][T27008] ip6gre1: entered allmulticast mode
[  615.489507][T26858] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.523219][T26858] 8021q: adding VLAN 0 to HW filter on device team0
[  615.550270][T16602] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.557478][T16602] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.612299][T16602] bridge0: port 2(bridge_slave_1) entered blocking state
[  615.619488][T16602] bridge0: port 2(bridge_slave_1) entered forwarding state
[  616.062866][T27063] xt_time: unknown flags 0xf4
[  616.078567][T27063] sch_fq: defrate 0 ignored.
[  616.106500][T26858] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.183921][T27065] xt_hashlimit: size too large, truncated to 1048576
[  616.203190][T26858] veth0_vlan: entered promiscuous mode
[  616.209957][T19187] Bluetooth: hci0: command tx timeout
[  616.224523][T26858] veth1_vlan: entered promiscuous mode
[  616.236726][T27067] netlink: 'syz.4.6114': attribute type 1 has an invalid length.
[  616.272988][T26858] veth0_macvtap: entered promiscuous mode
[  616.305869][T26858] veth1_macvtap: entered promiscuous mode
[  616.343700][T26858] batman_adv: batadv0: Interface activated: batadv_slave_0
[  616.566042][T26858] batman_adv: batadv0: Interface activated: batadv_slave_1
[  616.598957][T25279] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  616.669288][T16602] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  616.738623][T16602] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  616.764484][T16602] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  616.810795][T27088] __nla_validate_parse: 10 callbacks suppressed
[  616.810813][T27088] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6118'.
[  616.952353][T27098] netlink: 'syz.3.6120': attribute type 17 has an invalid length.
[  616.965668][T16590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.973515][T16590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.027077][T27098] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  617.134535][T16590] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  617.164315][T16590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.260780][T27114] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6126'.
[  617.296609][T27116] sctp: [Deprecated]: syz.0.6127 (pid 27116) Use of struct sctp_assoc_value in delayed_ack socket option.
[  617.296609][T27116] Use struct sctp_sack_info instead
[  617.512009][T27133] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  617.562148][T27138] vlan1: entered allmulticast mode
[  617.569194][T27138] veth0_vlan: entered allmulticast mode
[  617.599864][T27133] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  617.617486][T27133] syzkaller0: entered promiscuous mode
[  617.633525][T27133] syzkaller0: entered allmulticast mode
[  617.708304][T27133] tipc: Resetting bearer <eth:syzkaller0>
[  617.745714][T27131] tipc: Resetting bearer <eth:syzkaller0>
[  617.786229][T27148] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6136'.
[  617.800012][T27131] tipc: Disabling bearer <eth:syzkaller0>
[  617.847937][T27153] vlan2: entered allmulticast mode
[  617.853199][T27153] bond0: entered allmulticast mode
[  617.875270][T27153] bond_slave_0: entered allmulticast mode
[  617.885033][T27153] bond_slave_1: entered allmulticast mode
[  618.006998][T27164] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6143'.
[  618.067137][T27167] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6142'.
[  618.116887][T27167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6142'.
[  618.286585][T19187] Bluetooth: hci0: command tx timeout
[  618.316074][T27182] netlink: 'syz.3.6147': attribute type 1 has an invalid length.
[  619.003396][T27241] netlink: 'syz.1.6169': attribute type 2 has an invalid length.
[  619.033947][T27241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6169'.
[  619.089280][T27241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6169'.
[  619.094920][T27252] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6167'.
[  619.110145][T27253] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6170'.
[  619.333232][T27262] netlink: 'syz.3.6174': attribute type 1 has an invalid length.
[  619.492660][T27269] team0: Port device geneve2 added
[  619.502009][T16591] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20259 - 0
[  619.511062][T16591] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20259 - 0
[  619.534441][T27271] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  619.543509][T16591] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20259 - 0
[  619.553570][T16591] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20259 - 0
[  619.586111][T27275] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  620.219341][T27315] netlink: 'syz.2.6193': attribute type 9 has an invalid length.
[  620.365600][T19187] Bluetooth: hci0: command tx timeout
[  620.879983][T27352] erspan0: left allmulticast mode
[  620.951801][T27352] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.959590][T27352] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.201595][T27352] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  621.223495][T27352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  621.439720][ T6053] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.450207][ T6053] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20259 - 0
[  621.459655][ T6053] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.468742][ T6053] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20259 - 0
[  621.478643][T27386] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  621.503407][ T6053] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.519421][ T6053] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20259 - 0
[  621.535533][T16602] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  621.563720][T16602] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20259 - 0
[  621.607738][T27392] tipc: Started in network mode
[  621.613961][T27392] tipc: Node identity 5a67062e35a, cluster identity 4711
[  621.626398][T27392] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  621.643016][T27390] syzkaller0: entered promiscuous mode
[  621.693607][T27390] syzkaller0: entered allmulticast mode
[  621.713047][T27390] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  621.846743][T27392] tipc: Resetting bearer <eth:syzkaller0>
[  621.867078][T27389] tipc: Resetting bearer <eth:syzkaller0>
[  621.905741][T27389] tipc: Disabling bearer <eth:syzkaller0>
[  622.527473][T27456] __nla_validate_parse: 15 callbacks suppressed
[  622.527492][T27456] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6239'.
[  622.564501][T27456] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  622.811559][T27482] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6249'.
[  622.904298][T27479] syzkaller0: entered promiscuous mode
[  622.909946][T27479] syzkaller0: entered allmulticast mode
[  622.926018][ T5841] Bluetooth: hci0: command 0x0405 tx timeout
[  622.951829][T27482] 8021q: adding VLAN 0 to HW filter on device bond7
[  623.174275][T27501] netlink: 14 bytes leftover after parsing attributes in process `syz.1.6254'.
[  624.731580][T27526] sctp: [Deprecated]: syz.2.6263 (pid 27526) Use of int in maxseg socket option.
[  624.731580][T27526] Use struct sctp_assoc_value instead
[  624.757297][T27528] sctp: [Deprecated]: syz.2.6263 (pid 27528) Use of int in maxseg socket option.
[  624.757297][T27528] Use struct sctp_assoc_value instead
[  624.795562][T27501] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  624.836906][T27501] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  624.873044][T27533] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6266'.
[  624.885740][T27501] bond0 (unregistering): Released all slaves
[  624.940102][T27539] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6267'.
[  624.975886][T27539] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR
[  625.696722][T27565] netlink: 'syz.0.6275': attribute type 1 has an invalid length.
[  625.761286][T27567] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6275'.
[  625.883762][T27567] IPv6: sit1: Disabled Multicast RS
[  625.888721][T27586] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6280'.
[  625.891387][T27567] sit1: entered allmulticast mode
[  625.911588][T27579] netlink: 'syz.1.6277': attribute type 1 has an invalid length.
[  625.927479][T27581] IPv6: sit1: Disabled Multicast RS
[  625.933697][T27581] sit1: entered allmulticast mode
[  626.553614][T27600] netlink: 'syz.2.6283': attribute type 1 has an invalid length.
[  626.685943][T27603] 8021q: adding VLAN 0 to HW filter on device bond9
[  626.697817][T27603] bond8: (slave bond9): making interface the new active one
[  626.706541][T27603] bond8: (slave bond9): Enslaving as an active interface with an up link
[  626.739475][T27600] bond8: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  626.752620][T27600] bond8: (slave ipvlan3): The slave device specified does not support setting the MAC address
[  626.788764][T27609] bridge0: port 3(syz_tun) entered blocking state
[  626.810590][T27609] bridge0: port 3(syz_tun) entered disabled state
[  626.817521][T27612] netlink: 'syz.0.6287': attribute type 13 has an invalid length.
[  626.879620][T27609] syz_tun: entered allmulticast mode
[  626.907763][T27609] syz_tun: entered promiscuous mode
[  626.928439][T27612] macvtap0: entered allmulticast mode
[  626.934344][T27612] macvtap0: refused to change device tx_queue_len
[  627.141706][T27635] lo: entered allmulticast mode
[  627.321000][T27654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6303'.
[  627.324269][T27655] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  627.331400][T27653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6303'.
[  627.351576][T27654] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6303'.
[  627.358593][T27656] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  627.591526][T27673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6309'.
[  627.591526][T27672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6309'.
[  627.897010][T27687] netlink: 'syz.2.6314': attribute type 1 has an invalid length.
[  628.112588][T27692] xt_policy: output policy not valid in PREROUTING and INPUT
[  628.302614][T27702] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6319'.
[  628.326492][T27702] netlink: 'syz.3.6319': attribute type 7 has an invalid length.
[  628.336405][T27702] netlink: 'syz.3.6319': attribute type 8 has an invalid length.
[  628.342561][T27704] Bluetooth: hci0: invalid length 39, exp 2 for type 1
[  628.357945][T27702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6319'.
[  628.540563][T27712] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6324'.
[  628.552714][T27712] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6324'.
[  628.553447][T27717] pim6reg1: entered promiscuous mode
[  628.569414][T27714] SET target dimension over the limit!
[  628.577211][T27718] SET target dimension over the limit!
[  628.583525][T27717] pim6reg1: entered allmulticast mode
[  628.598121][T27712] netlink: 'syz.1.6324': attribute type 5 has an invalid length.
[  628.659556][T27726] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6327'.
[  628.700514][T27726] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6327'.
[  628.793417][T27730] netlink: 'syz.1.6329': attribute type 3 has an invalid length.
[  628.829037][T27730] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6329'.
[  628.859660][T27732] netlink: 'syz.0.6330': attribute type 1 has an invalid length.
[  628.960406][T27737] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6332'.
[  629.236072][T16604] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  630.700515][T27834] vlan2: entered promiscuous mode
[  630.705959][T27834] vlan2: entered allmulticast mode
[  630.711150][T27834] hsr_slave_1: entered allmulticast mode
[  631.601701][T27890] vlan3: entered promiscuous mode
[  631.609417][T27890] bridge0: entered promiscuous mode
[  631.884073][T27908] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  631.915216][T27908] mac80211_hwsim hwsim37 syzkaller0: entered promiscuous mode
[  631.923333][T27908] mac80211_hwsim hwsim37 syzkaller0: entered allmulticast mode
[  631.938494][T27908] tipc: Resetting bearer <eth:syzkaller0>
[  632.659996][T27948] __nla_validate_parse: 4 callbacks suppressed
[  632.660013][T27948] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6391'.
[  632.777925][T27952] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6393'.
[  632.801034][T27952] netlink: 244 bytes leftover after parsing attributes in process `syz.1.6393'.
[  632.928424][ T5887] tipc: Node number set to 17039360
[  632.944417][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  632.956525][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  632.966613][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  632.980646][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  632.995281][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  633.120835][T16602] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  633.224563][T16602] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  633.393404][T16602] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  633.416930][T27986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6403'.
[  633.437175][T27986] batman_adv: batadv0: Removing interface: batadv_slave_0
[  633.455986][T27986] batman_adv: batadv0: Removing interface: batadv_slave_1
[  633.463771][T27990] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6405'.
[  633.481693][T27990] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6405'.
[  633.491042][T27990] validate_nla: 3 callbacks suppressed
[  633.491057][T27990] netlink: 'syz.2.6405': attribute type 6 has an invalid length.
[  633.507403][T27990] netlink: 'syz.2.6405': attribute type 5 has an invalid length.
[  633.518168][T27990] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6405'.
[  633.534173][T27991] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6405'.
[  633.558543][T27991] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6405'.
[  633.567871][T27991] netlink: 'syz.2.6405': attribute type 6 has an invalid length.
[  633.583230][T27991] netlink: 'syz.2.6405': attribute type 5 has an invalid length.
[  633.591516][T27991] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6405'.
[  633.602440][T16602] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  633.775312][T28002] ip6t_srh: unknown srh invflags 4000
[  634.458011][T16602] bond7 (unregistering): (slave gretap1): Releasing active interface
[  634.479958][T16602] bond9 (unregistering): (slave gretap2): Releasing backup interface
[  634.532042][T16602] dvmrp1 (unregistering): left allmulticast mode
[  634.947583][T16602] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  634.958130][T16602] bond0 (unregistering): Released all slaves
[  635.052633][T16602] bond1 (unregistering): Released all slaves
[  635.088956][ T5841] Bluetooth: hci3: command tx timeout
[  635.150396][T16602] bond2 (unregistering): Released all slaves
[  635.162913][T16602] bond3 (unregistering): Released all slaves
[  635.176903][T16602] bond4 (unregistering): Released all slaves
[  635.190181][T16602] bond5 (unregistering): Released all slaves
[  635.203632][T16602] bond6 (unregistering): Released all slaves
[  635.301472][T16602] bond7 (unregistering): Released all slaves
[  635.314139][T16602] bond8 (unregistering): Released all slaves
[  635.402416][T16602] bond9 (unregistering): (slave bond10): Releasing backup interface
[  635.411653][T16602] bond9 (unregistering): Released all slaves
[  635.499581][T16602] bond10 (unregistering): Released all slaves
[  635.512548][T16602] bond11 (unregistering): Released all slaves
[  635.767862][T16602] : left promiscuous mode
[  635.853190][T27963] chnl_net:caif_netlink_parms(): no params data found
[  635.910523][T28057] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  635.963633][T16602] tipc: Left network mode
[  636.138831][T27963] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.155387][T27963] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.162755][T27963] bridge_slave_0: entered allmulticast mode
[  636.172803][T27963] bridge_slave_0: entered promiscuous mode
[  636.206943][T27963] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.214165][T27963] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.221697][T27963] bridge_slave_1: entered allmulticast mode
[  636.230176][T27963] bridge_slave_1: entered promiscuous mode
[  636.346806][T27963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  636.402922][T27963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  636.486621][T28091] netlink: 'syz.0.6432': attribute type 1 has an invalid length.
[  636.656607][T27963] team0: Port device team_slave_0 added
[  636.676717][T16602] hsr_slave_0: left promiscuous mode
[  636.685406][T16602] hsr_slave_1: left promiscuous mode
[  636.692456][T16602] veth0_macvtap: left allmulticast mode
[  637.175372][ T5841] Bluetooth: hci3: command tx timeout
[  637.580506][T27963] team0: Port device team_slave_1 added
[  637.784901][T27963] batman_adv: batadv0: Adding interface: batadv_slave_0
[  637.821801][T27963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  637.876210][T28132] netlink: 'syz.3.6443': attribute type 1 has an invalid length.
[  637.879944][T27963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  637.953096][T28142] netlink: 'syz.0.6444': attribute type 10 has an invalid length.
[  637.971869][T28133] bond1 (unregistering): Released all slaves
[  638.034196][T28132] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  638.037013][T27963] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.056745][T27963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  638.083962][T27963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.278513][T28158] __nla_validate_parse: 40 callbacks suppressed
[  638.278532][T28158] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6448'.
[  638.704191][T28170] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6449'.
[  638.728865][T28170] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  638.764904][T25279] wlan0: Trigger new scan to find an IBSS to join
[  638.770505][T28158] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.779059][T28158] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.884901][T28158] bridge_slave_0: left allmulticast mode
[  638.890622][T28158] bridge_slave_0: left promiscuous mode
[  638.896961][T28158] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.913081][T28158] bridge_slave_1: left allmulticast mode
[  638.919540][T28158] bridge_slave_1: left promiscuous mode
[  638.926301][T28158] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.946346][T28158] bond0: (slave bond_slave_0): Releasing backup interface
[  638.953939][T28158] bond_slave_0: left allmulticast mode
[  638.969193][T28158] bond0: (slave bond_slave_1): Releasing backup interface
[  638.978391][T28158] bond_slave_1: left allmulticast mode
[  638.991727][T28158] team0: Port device team_slave_0 removed
[  639.004468][T28158] team0: Port device team_slave_1 removed
[  639.017888][T28158] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  639.028764][T28158] batman_adv: batadv0: Removing interface: batadv_slave_0
[  639.042300][T28158] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  639.052530][T28158] batman_adv: batadv0: Removing interface: batadv_slave_1
[  639.068930][T28158] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  639.207609][T27963] hsr_slave_0: entered promiscuous mode
[  639.214349][T27963] hsr_slave_1: entered promiscuous mode
[  639.249035][ T5841] Bluetooth: hci3: command tx timeout
[  639.249690][T27963] debugfs: 'hsr0' already exists in 'hsr'
[  639.273211][T27963] Cannot create hsr debugfs directory
[  639.711046][T28207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6462'.
[  639.713895][T28206] netlink: 'syz.2.6464': attribute type 10 has an invalid length.
[  639.735591][T28206] netlink: 'syz.2.6464': attribute type 10 has an invalid length.
[  639.826015][T28207] macvtap1: entered promiscuous mode
[  639.831489][T28207] vlan0: entered promiscuous mode
[  639.837768][T28207] macvtap1: entered allmulticast mode
[  639.843231][T28207] vlan0: entered allmulticast mode
[  639.848859][T28207] veth0_vlan: entered allmulticast mode
[  640.050198][T28227] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  640.079446][T28227] syzkaller0: entered promiscuous mode
[  640.085678][T28227] syzkaller0: entered allmulticast mode
[  640.145888][T28227] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.199545][T28227] tipc: Resetting bearer <eth:syzkaller0>
[  640.218386][T28226] tipc: Resetting bearer <eth:syzkaller0>
[  640.255779][T28226] tipc: Disabling bearer <eth:syzkaller0>
[  640.339779][T27963] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  640.362933][T27963] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  640.388353][T27963] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  640.408386][T27963] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  640.657902][T27963] 8021q: adding VLAN 0 to HW filter on device bond0
[  640.692682][T27963] 8021q: adding VLAN 0 to HW filter on device team0
[  640.725679][T16590] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.732876][T16590] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.772863][T16590] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.780084][T16590] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.880941][T28285] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  640.897251][T28285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6482'.
[  640.909266][T28285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6482'.
[  641.251174][T28297] bond1: Removing last ns target with arp_interval on
[  641.293572][T27963] 8021q: adding VLAN 0 to HW filter on device batadv0
[  641.325632][ T5841] Bluetooth: hci3: command tx timeout
[  641.479798][T28309] netlink: 'syz.0.6487': attribute type 1 has an invalid length.
[  641.489518][T28309] netlink: 'syz.0.6487': attribute type 1 has an invalid length.
[  641.736737][T28321] netlink: 'syz.0.6490': attribute type 1 has an invalid length.
[  641.805848][T16590] wlan0: Trigger new scan to find an IBSS to join
[  642.026300][T28321] bond2: entered promiscuous mode
[  642.031882][T28321] 8021q: adding VLAN 0 to HW filter on device bond2
[  642.146819][T28328] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6493'.
[  642.157027][T28328] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  642.243241][T27963] veth0_vlan: entered promiscuous mode
[  642.284289][T28335] netlink: 'syz.1.6495': attribute type 26 has an invalid length.
[  642.337235][T27963] veth1_vlan: entered promiscuous mode
[  642.351914][T28343] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  642.356114][ T6021] IPVS: starting estimator thread 0...
[  642.389749][T28346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6498'.
[  642.447298][T28344] IPVS: using max 29 ests per chain, 69600 per kthread
[  642.486854][T28346] veth9: entered allmulticast mode
[  642.517450][T27963] veth0_macvtap: entered promiscuous mode
[  642.583816][T27963] veth1_macvtap: entered promiscuous mode
[  642.683183][T27963] batman_adv: batadv0: Interface activated: batadv_slave_0
[  642.705253][T28365] netlink: 'syz.0.6504': attribute type 1 has an invalid length.
[  642.721773][T28368] netlink: 92 bytes leftover after parsing attributes in process `syz.3.6502'.
[  642.749433][T27963] batman_adv: batadv0: Interface activated: batadv_slave_1
[  642.765554][T28367] netdevsim netdevsim1: Firmware load for './file0/../file0' refused, path contains '..' component
[  642.795554][ T6053] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  642.828556][ T6053] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  642.871476][ T6053] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  642.892614][T28375] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6506'.
[  642.937403][ T6053] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  643.051945][T28383] !��: renamed from bond_slave_0
[  643.059886][T28385] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6508'.
[  643.061466][T28387] netlink: 'syz.2.6509': attribute type 20 has an invalid length.
[  643.096778][T28385] xfrm1: entered promiscuous mode
[  643.109977][T28385] xfrm1: entered allmulticast mode
[  643.277269][T16591] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.300074][T16591] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.364640][T28403] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  643.373129][T28399] __nla_validate_parse: 2 callbacks suppressed
[  643.373148][T28399] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6514'.
[  643.391057][T16591] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.402552][T16591] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  644.153378][T28459] netlink: 'syz.4.6531': attribute type 2 has an invalid length.
[  644.167956][T28459] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6531'.
[  644.269851][T28464] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6532'.
[  644.318621][T28463] Bluetooth: hci0: invalid length 0, exp 2 for type 13
[  644.429657][T28468] netlink: 'syz.3.6534': attribute type 29 has an invalid length.
[  644.448225][T28468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6534'.
[  644.671033][T28486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6539'.
[  644.967676][T28502] veth0: entered promiscuous mode
[  645.047878][T28499] veth0: left promiscuous mode
[  645.805699][T25279] wlan0: Trigger new scan to find an IBSS to join
[  646.128023][T28578] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6567'.
[  646.162899][T28579] validate_nla: 1 callbacks suppressed
[  646.162917][T28579] netlink: 'syz.4.6567': attribute type 21 has an invalid length.
[  646.196556][T28579] netlink: 'syz.4.6567': attribute type 22 has an invalid length.
[  646.205004][T28579] netlink: 'syz.4.6567': attribute type 23 has an invalid length.
[  646.213275][T28579] netlink: 'syz.4.6567': attribute type 25 has an invalid length.
[  646.230861][T28579] netlink: 'syz.4.6567': attribute type 26 has an invalid length.
[  646.239014][T28579] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6567'.
[  646.281779][T28578] bond1: entered promiscuous mode
[  646.288740][T28578] bond1: entered allmulticast mode
[  646.294596][T28578] 8021q: adding VLAN 0 to HW filter on device bond1
[  646.394559][T28595] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6572'.
[  646.541935][T28601] netlink: 'syz.0.6574': attribute type 1 has an invalid length.
[  646.617376][T28604] Bluetooth: hci0: invalid length 0, exp 2 for type 26
[  647.019683][T28635] gre1: entered promiscuous mode
[  647.038529][T28635] gre1: entered allmulticast mode
[  647.109726][T28637] batadv_slave_0: entered promiscuous mode
[  647.188394][T28639] batadv_slave_0: left promiscuous mode
[  647.508346][T28676] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6592'.
[  647.677894][T28684] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  647.788086][T28687] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6599'.
[  648.438521][T28719] __nla_validate_parse: 2 callbacks suppressed
[  648.438537][T28719] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6605'.
[  648.440145][T19187] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  648.467266][T19187] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  648.475502][T19187] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  648.487533][T19187] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  648.495291][T19187] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  648.868049][T28729] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  648.921714][T28729] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  648.947306][T28729] gretap1: entered promiscuous mode
[  648.963735][T28729] gretap1: entered allmulticast mode
[  649.155168][T28744] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6615'.
[  649.343705][T28764] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6620'.
[  649.429311][T28717] chnl_net:caif_netlink_parms(): no params data found
[  649.451278][T28768] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  649.487211][T28768] bridge0: port 2(bridge_slave_1) entered disabled state
[  649.560314][T28772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6622'.
[  649.587281][T28775] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6623'.
[  649.634109][T28772] bond3: Invalid ad_actor_system MAC address.
[  649.640942][T28772] bond3: option ad_actor_system: invalid value (1)
[  649.650700][T28772] bond3 (unregistering): Released all slaves
[  649.823585][T28717] bridge0: port 1(bridge_slave_0) entered blocking state
[  649.837080][T28717] bridge0: port 1(bridge_slave_0) entered disabled state
[  649.846425][T28717] bridge_slave_0: entered allmulticast mode
[  649.870486][T28717] bridge_slave_0: entered promiscuous mode
[  649.880912][T28795] Cannot find set identified by id 1 to match
[  649.898373][T28717] bridge0: port 2(bridge_slave_1) entered blocking state
[  649.925250][T28717] bridge0: port 2(bridge_slave_1) entered disabled state
[  649.941090][T28717] bridge_slave_1: entered allmulticast mode
[  649.999354][T28717] bridge_slave_1: entered promiscuous mode
[  650.186273][T28812] netlink: 184 bytes leftover after parsing attributes in process `syz.4.6631'.
[  650.190864][T28717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  650.218447][T28717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  650.376839][T28717] team0: Port device team_slave_0 added
[  650.410263][T28822] netlink: 51 bytes leftover after parsing attributes in process `syz.3.6633'.
[  650.430705][T28717] team0: Port device team_slave_1 added
[  650.519375][T28717] batman_adv: batadv0: Adding interface: batadv_slave_0
[  650.525901][T19187] Bluetooth: hci5: command tx timeout
[  650.534911][T28828] sctp: [Deprecated]: syz.0.6636 (pid 28828) Use of struct sctp_assoc_value in delayed_ack socket option.
[  650.534911][T28828] Use struct sctp_sack_info instead
[  650.581465][T28717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  650.619322][T28717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  650.642348][T28717] batman_adv: batadv0: Adding interface: batadv_slave_1
[  650.651730][T28717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  650.678860][T28717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  650.805415][T28717] hsr_slave_0: entered promiscuous mode
[  650.813982][T28717] hsr_slave_1: entered promiscuous mode
[  650.828957][T28717] debugfs: 'hsr0' already exists in 'hsr'
[  650.837124][T28717] Cannot create hsr debugfs directory
[  650.909676][T28850] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  651.131812][T28861] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  651.397784][T28876] netlink: 184 bytes leftover after parsing attributes in process `syz.3.6649'.
[  651.401211][T28867] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  651.456403][T28877] syzkaller0: entered promiscuous mode
[  651.461908][T28877] syzkaller0: entered allmulticast mode
[  651.502965][T28717] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  651.568693][T28881] bond0: (slave gre0): refused to change device type
[  651.600098][T28717] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  651.752815][T28717] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  651.783924][T28884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6651'.
[  651.809877][T28885] bond3: option miimon: invalid value (18446744073709551585)
[  651.820435][T28885] bond3: option miimon: allowed values 0 - 2147483647
[  651.832366][T28885] bond3 (unregistering): Released all slaves
[  651.882702][T28717] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  652.161774][T28717] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  652.219816][T28903] gtp0: entered promiscuous mode
[  652.229382][T28903] gtp0: entered allmulticast mode
[  652.256658][T28717] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  652.292914][T28717] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  652.303011][T28910] netlink: 'syz.0.6656': attribute type 1 has an invalid length.
[  652.338155][T28717] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  652.569314][T28717] 8021q: adding VLAN 0 to HW filter on device bond0
[  652.579959][T28922] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  652.587853][T28926] netlink: 'syz.4.6664': attribute type 1 has an invalid length.
[  652.588304][T28922] syzkaller0: entered promiscuous mode
[  652.601597][T28922] syzkaller0: entered allmulticast mode
[  652.607863][T19187] Bluetooth: hci5: command tx timeout
[  652.727105][T28922] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  652.751871][T28935] bond2: (slave bridge1): making interface the new active one
[  652.783523][T28935] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  652.813908][T28717] 8021q: adding VLAN 0 to HW filter on device team0
[  652.834565][T28922] tipc: Resetting bearer <eth:syzkaller0>
[  652.895682][T28921] tipc: Resetting bearer <eth:syzkaller0>
[  652.942870][T28921] tipc: Disabling bearer <eth:syzkaller0>
[  652.979062][T16590] bridge0: port 1(bridge_slave_0) entered blocking state
[  652.986263][T16590] bridge0: port 1(bridge_slave_0) entered forwarding state
[  653.022969][T16590] bridge0: port 2(bridge_slave_1) entered blocking state
[  653.030176][T16590] bridge0: port 2(bridge_slave_1) entered forwarding state
[  653.102312][T28717] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  653.122210][T28717] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  653.421831][T28717] 8021q: adding VLAN 0 to HW filter on device batadv0
[  653.499348][T28968] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6676'.
[  653.502240][T28969] netlink: 10 bytes leftover after parsing attributes in process `syz.3.6675'.
[  653.523701][T28971] syzkaller1: entered promiscuous mode
[  653.529568][T28971] syzkaller1: entered allmulticast mode
[  653.580715][T28717] veth0_vlan: entered promiscuous mode
[  653.595997][T28717] veth1_vlan: entered promiscuous mode
[  653.680540][T28717] veth0_macvtap: entered promiscuous mode
[  653.707277][T28717] veth1_macvtap: entered promiscuous mode
[  653.719859][T28974] mac80211_hwsim hwsim60 syzkaller0: entered promiscuous mode
[  653.728048][T28974] mac80211_hwsim hwsim60 syzkaller0: entered allmulticast mode
[  653.770932][T28717] batman_adv: batadv0: Interface activated: batadv_slave_0
[  653.776260][T28976] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6678'.
[  653.812694][T28717] batman_adv: batadv0: Interface activated: batadv_slave_1
[  653.853080][T28986] xt_NFQUEUE: number of queues (16) out of range (got 65549)
[  653.858364][ T6053] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  653.871047][ T6053] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  653.881022][ T6053] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  653.894343][ T6053] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  653.997784][T25279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  654.010687][T25279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  654.057787][T25279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  654.066601][T25279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  654.322106][T28998] netlink: 'syz.2.6685': attribute type 2 has an invalid length.
[  654.533186][T29013] bond1: option miimon: invalid value (18446744073709551585)
[  654.541473][T29013] bond1: option miimon: allowed values 0 - 2147483647
[  654.556898][T29013] bond1 (unregistering): Released all slaves
[  654.587622][T29018] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6691'.
[  654.611779][T29012] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  654.694979][T19187] Bluetooth: hci5: command tx timeout
[  654.863650][T27963] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI
[  654.875615][T27963] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[  654.884024][T27963] CPU: 0 UID: 0 PID: 27963 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  654.893569][T27963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  654.903698][T27963] RIP: 0010:klist_remove+0x14a/0x340
[  654.908980][T27963] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 e9 54 e3 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 ca 54 e3 f6 49 8b 44 24 58 48 89 44 24 08
[  654.928582][T27963] RSP: 0018:ffffc90004e2f820 EFLAGS: 00010202
[  654.934649][T27963] RAX: 000000000000000b RBX: ffff88803f475ac0 RCX: 0000000000000000
[  654.942612][T27963] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058
[  654.950566][T27963] RBP: ffffc90004e2f920 R08: ffffffff8f84bec3 R09: 1ffffffff1f097d8
[  654.958523][T27963] R10: dffffc0000000000 R11: fffffbfff1f097d9 R12: 0000000000000000
[  654.966482][T27963] R13: 1ffff1100fc7e78c R14: ffff88807e3f3c60 R15: dffffc0000000000
[  654.974445][T27963] FS:  0000000000000000(0000) GS:ffff888125d0f000(0000) knlGS:0000000000000000
[  654.983363][T27963] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  654.989938][T27963] CR2: 00007f769d28c2fe CR3: 000000001afc8000 CR4: 00000000003526f0
[  654.997897][T27963] Call Trace:
[  655.001163][T27963]  <TASK>
[  655.004081][T27963]  ? __pfx_klist_remove+0x10/0x10
[  655.009103][T27963]  ? __pfx_kobject_move+0x10/0x10
[  655.014120][T27963]  ? do_raw_spin_unlock+0x122/0x240
[  655.019316][T27963]  ? get_device_parent+0x366/0x3a0
[  655.024431][T27963]  device_move+0x193/0x700
[  655.028837][T27963]  hci_conn_del_sysfs+0xb8/0x170
[  655.033773][T27963]  hci_conn_del+0xc33/0x11b0
[  655.038357][T27963]  hci_conn_hash_flush+0x191/0x230
[  655.043463][T27963]  hci_dev_close_sync+0xaef/0x1330
[  655.048569][T27963]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  655.054113][T27963]  ? up_write+0x1c4/0x420
[  655.058439][T27963]  hci_unregister_dev+0x21a/0x510
[  655.063450][T27963]  vhci_release+0x152/0x1a0
[  655.067945][T27963]  ? __pfx_vhci_release+0x10/0x10
[  655.072960][T27963]  __fput+0x449/0xa70
[  655.076940][T27963]  task_work_run+0x1d4/0x260
[  655.081526][T27963]  ? __pfx_task_work_run+0x10/0x10
[  655.086637][T27963]  ? do_exit+0x6b0/0x2300
[  655.090969][T27963]  ? kmem_cache_free+0x19b/0x690
[  655.095903][T27963]  do_exit+0x6b5/0x2300
[  655.100055][T27963]  ? __pfx_do_exit+0x10/0x10
[  655.104649][T27963]  ? _raw_spin_unlock_irq+0x23/0x50
[  655.109840][T27963]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.115034][T27963]  do_group_exit+0x21c/0x2d0
[  655.119634][T27963]  __x64_sys_exit_group+0x3f/0x40
[  655.124661][T27963]  x64_sys_call+0x21f7/0x2200
[  655.129333][T27963]  do_syscall_64+0xfa/0xfa0
[  655.133827][T27963]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.139017][T27963]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.145073][T27963]  ? clear_bhb_loop+0x60/0xb0
[  655.149742][T27963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.155621][T27963] RIP: 0033:0x7fcead18eec9
[  655.160030][T27963] Code: Unable to access opcode bytes at 0x7fcead18ee9f.
[  655.167033][T27963] RSP: 002b:00007ffd9ebaa578 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  655.175435][T27963] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007fcead18eec9
[  655.183395][T27963] RDX: 00007fcead190dba RSI: 0000000000000000 RDI: 0000000000000007
[  655.191350][T27963] RBP: 0000000000000003 R08: 00007ffd9ebab557 R09: 0000000000000007
[  655.199310][T27963] R10: 00000000000002d8 R11: 0000000000000246 R12: 00007fcead3b4e60
[  655.207270][T27963] R13: 00007ffd9ebab13c R14: 0000000000000000 R15: 00007fcead3b7020
[  655.215242][T27963]  </TASK>
[  655.218267][T27963] Modules linked in:
[  655.225105][T27963] ---[ end trace 0000000000000000 ]---
[  655.239082][T27963] RIP: 0010:klist_remove+0x14a/0x340
[  655.244608][T27963] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 e9 54 e3 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 ca 54 e3 f6 49 8b 44 24 58 48 89 44 24 08
[  655.281062][T27963] RSP: 0018:ffffc90004e2f820 EFLAGS: 00010202
[  655.289166][T27963] RAX: 000000000000000b RBX: ffff88803f475ac0 RCX: 0000000000000000
[  655.307469][T27963] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058
[  655.317293][T27963] RBP: ffffc90004e2f920 R08: ffffffff8f84bec3 R09: 1ffffffff1f097d8
[  655.326319][T27963] R10: dffffc0000000000 R11: fffffbfff1f097d9 R12: 0000000000000000
[  655.334409][T27963] R13: 1ffff1100fc7e78c R14: ffff88807e3f3c60 R15: dffffc0000000000
[  655.343940][T27963] FS:  0000000000000000(0000) GS:ffff888125e0f000(0000) knlGS:0000000000000000
[  655.355319][T27963] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  655.362013][T27963] CR2: 000000110c27b39f CR3: 0000000058e48000 CR4: 00000000003526f0
[  655.370928][T27963] Kernel panic - not syncing: Fatal exception
[  655.377315][T27963] Kernel Offset: disabled
[  655.381627][T27963] Rebooting in 86400 seconds..