last executing test programs:

1m20.365504152s ago: executing program 4 (id=1813):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = gettid()
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x5}, 0x8)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x19, 0x4, 0x2, 0x3e, 0x2, 0x64, 0x9, 0x32, 0x84, 0x8f4, @local, @empty, {[@noop, @rr={0x7, 0xf, 0xd7, [@remote, @loopback, @remote]}, @end, @end, @lsrr={0x83, 0xf, 0x97, [@multicast1, @multicast1, @private=0xa010101]}, @cipso={0x86, 0x2c, 0x0, [{0x0, 0x7, "bf61e92c97"}, {0x0, 0x2}, {0x0, 0xc, "6ebee283e075042a132c"}, {0x0, 0x2}, {0x0, 0x8, "15873b41cb8f"}, {0x0, 0x7, "7777468621"}]}, @ssrr={0x89, 0x3, 0x6e}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28013, r1, 0x28771000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r5, 0x0, 0x5, &(0x7f0000000080)='$[{\xfd\x00'}, 0x30)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x90, 0x4)
write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffff, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800e00010069703665727370616e0000003c000280060011004e210000050008002000000014000700fc00000000000000000000000000000008001400070000000800050009000000040012000a000100"], 0x7c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000004e40)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d80)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x14, 0x0, 0x0, 0x0, {0x1e}}, 0x14}}, 0x0)

1m11.576333477s ago: executing program 4 (id=1813):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = gettid()
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x5}, 0x8)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x19, 0x4, 0x2, 0x3e, 0x2, 0x64, 0x9, 0x32, 0x84, 0x8f4, @local, @empty, {[@noop, @rr={0x7, 0xf, 0xd7, [@remote, @loopback, @remote]}, @end, @end, @lsrr={0x83, 0xf, 0x97, [@multicast1, @multicast1, @private=0xa010101]}, @cipso={0x86, 0x2c, 0x0, [{0x0, 0x7, "bf61e92c97"}, {0x0, 0x2}, {0x0, 0xc, "6ebee283e075042a132c"}, {0x0, 0x2}, {0x0, 0x8, "15873b41cb8f"}, {0x0, 0x7, "7777468621"}]}, @ssrr={0x89, 0x3, 0x6e}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28013, r1, 0x28771000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r5, 0x0, 0x5, &(0x7f0000000080)='$[{\xfd\x00'}, 0x30)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x90, 0x4)
write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffff, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800e00010069703665727370616e0000003c000280060011004e210000050008002000000014000700fc00000000000000000000000000000008001400070000000800050009000000040012000a000100"], 0x7c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000004e40)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d80)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x14, 0x0, 0x0, 0x0, {0x1e}}, 0x14}}, 0x0)

55.352434866s ago: executing program 4 (id=1813):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = gettid()
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x5}, 0x8)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x19, 0x4, 0x2, 0x3e, 0x2, 0x64, 0x9, 0x32, 0x84, 0x8f4, @local, @empty, {[@noop, @rr={0x7, 0xf, 0xd7, [@remote, @loopback, @remote]}, @end, @end, @lsrr={0x83, 0xf, 0x97, [@multicast1, @multicast1, @private=0xa010101]}, @cipso={0x86, 0x2c, 0x0, [{0x0, 0x7, "bf61e92c97"}, {0x0, 0x2}, {0x0, 0xc, "6ebee283e075042a132c"}, {0x0, 0x2}, {0x0, 0x8, "15873b41cb8f"}, {0x0, 0x7, "7777468621"}]}, @ssrr={0x89, 0x3, 0x6e}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28013, r1, 0x28771000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r5, 0x0, 0x5, &(0x7f0000000080)='$[{\xfd\x00'}, 0x30)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x90, 0x4)
write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffff, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800e00010069703665727370616e0000003c000280060011004e210000050008002000000014000700fc00000000000000000000000000000008001400070000000800050009000000040012000a000100"], 0x7c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000004e40)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d80)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x14, 0x0, 0x0, 0x0, {0x1e}}, 0x14}}, 0x0)

40.768357642s ago: executing program 4 (id=1813):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = gettid()
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x5}, 0x8)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x19, 0x4, 0x2, 0x3e, 0x2, 0x64, 0x9, 0x32, 0x84, 0x8f4, @local, @empty, {[@noop, @rr={0x7, 0xf, 0xd7, [@remote, @loopback, @remote]}, @end, @end, @lsrr={0x83, 0xf, 0x97, [@multicast1, @multicast1, @private=0xa010101]}, @cipso={0x86, 0x2c, 0x0, [{0x0, 0x7, "bf61e92c97"}, {0x0, 0x2}, {0x0, 0xc, "6ebee283e075042a132c"}, {0x0, 0x2}, {0x0, 0x8, "15873b41cb8f"}, {0x0, 0x7, "7777468621"}]}, @ssrr={0x89, 0x3, 0x6e}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28013, r1, 0x28771000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r5, 0x0, 0x5, &(0x7f0000000080)='$[{\xfd\x00'}, 0x30)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x90, 0x4)
write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffff, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800e00010069703665727370616e0000003c000280060011004e210000050008002000000014000700fc00000000000000000000000000000008001400070000000800050009000000040012000a000100"], 0x7c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000004e40)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d80)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x14, 0x0, 0x0, 0x0, {0x1e}}, 0x14}}, 0x0)

25.866820469s ago: executing program 4 (id=1813):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = gettid()
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x5}, 0x8)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x19, 0x4, 0x2, 0x3e, 0x2, 0x64, 0x9, 0x32, 0x84, 0x8f4, @local, @empty, {[@noop, @rr={0x7, 0xf, 0xd7, [@remote, @loopback, @remote]}, @end, @end, @lsrr={0x83, 0xf, 0x97, [@multicast1, @multicast1, @private=0xa010101]}, @cipso={0x86, 0x2c, 0x0, [{0x0, 0x7, "bf61e92c97"}, {0x0, 0x2}, {0x0, 0xc, "6ebee283e075042a132c"}, {0x0, 0x2}, {0x0, 0x8, "15873b41cb8f"}, {0x0, 0x7, "7777468621"}]}, @ssrr={0x89, 0x3, 0x6e}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28013, r1, 0x28771000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r5, 0x0, 0x5, &(0x7f0000000080)='$[{\xfd\x00'}, 0x30)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x90, 0x4)
write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffff, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800e00010069703665727370616e0000003c000280060011004e210000050008002000000014000700fc00000000000000000000000000000008001400070000000800050009000000040012000a000100"], 0x7c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000004e40)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d80)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x14, 0x0, 0x0, 0x0, {0x1e}}, 0x14}}, 0x0)

15.449893862s ago: executing program 0 (id=2175):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
pipe(&(0x7f0000000140))
close(0xffffffffffffffff)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8f8, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
r0 = socket(0x10, 0x803, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket(0x200000100000011, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000007c0)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r1, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa1400060000000000ffffffff"], 0x54}}, 0x0)

15.368354702s ago: executing program 0 (id=2176):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x34, 0x6c, 0x1, 0x0, 0x0, {}, [@nested={0x20, 0x0, 0x0, 0x1, [@generic="e649486a8eec4041", @typed={0x14, 0x3b, 0x0, 0x0, @ipv6=@remote}]}]}, 0x34}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000000)=0x7, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0x1, 0x0, 0x2)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
r6 = accept4$inet6(r3, 0x0, &(0x7f0000000540), 0x800)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000740)={'syztnl0\x00', &(0x7f0000000800)={'syztnl0\x00', <r7=>0x0, 0x29, 0x77, 0x7, 0x8, 0xa, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x8, 0x1, 0x101}})
ioctl$sock_inet6_SIOCDELRT(r6, 0x890c, &(0x7f0000000880)={@mcast1, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4, 0x0, 0x9, 0x0, 0x14, 0x200, r7})
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x68, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_CIDR={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0)
sendto$inet6(r5, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f00000002c0), 0x8)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000001c0)=@raw=[@ldst={0x1, 0x0, 0x6, 0xa, 0x5, 0x1, 0xfffffffffffffffc}, @generic={0x3, 0x0, 0x0, 0xe25a, 0x7}, @tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='syzkaller\x00', 0x40, 0x4e, &(0x7f0000000240)=""/78, 0x41100, 0x6c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000300)={0x5, 0xa, 0x9, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000340)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000003c0)=[{0x0, 0x2, 0x9, 0x3}, {0x2, 0x5, 0x7, 0xcd84d90982b72245}, {0x3, 0x4, 0x9, 0xa}, {0x3, 0x3, 0x3, 0x5}, {0x3, 0x4, 0xc, 0x2}, {0x2, 0x5, 0x3, 0x1}], 0x10, 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='spmi_read_begin\x00', r9}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x3, 0x200}, 0x8)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0)
sendmsg$nl_route(r2, 0x0, 0x20040001)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000006c0)={&(0x7f00000005c0)={0x1c, 0x0, 0x800, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4020095}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))

14.763897333s ago: executing program 0 (id=2178):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x1c}, 0x1c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, r4, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$FOU_CMD_DEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000041e8a93fea2a84197bd89be739ad98352fff97bc162fbe46c5ac079d745a7d1f747bc9e6e7bbd6a77aaf863c8c", @ANYRES16=r4, @ANYBLOB="0100000000000000000002000000050002000a000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r7=>r5, @ANYBLOB="0000000000000000b70800000000e0ff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c80)={{r5}, &(0x7f0000000c00), &(0x7f0000000c40)=r6}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
listen(r0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@get={0xe0, 0x13, 0x0, 0x0, 0x0, {{'streebog512-generic\x00'}}}, 0xe0}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000015c0)=ANY=[@ANYBLOB="3000000010000108000000000000009b69000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}, 0x1, 0x0, 0x0, 0x64004050}, 0x40000)

14.4170073s ago: executing program 0 (id=2180):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x0, 0x0)

8.921675839s ago: executing program 2 (id=2186):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d)
sendfile(r3, r5, 0x0, 0x8000002b)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x54, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x38, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "403a050c5bae9c544ef2b6d713459a7a"}, @NL802154_KEY_ATTR_ID={0x18, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}]}]}, 0x54}}, 0x0)

8.507443458s ago: executing program 4 (id=1813):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = gettid()
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x5}, 0x8)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x19, 0x4, 0x2, 0x3e, 0x2, 0x64, 0x9, 0x32, 0x84, 0x8f4, @local, @empty, {[@noop, @rr={0x7, 0xf, 0xd7, [@remote, @loopback, @remote]}, @end, @end, @lsrr={0x83, 0xf, 0x97, [@multicast1, @multicast1, @private=0xa010101]}, @cipso={0x86, 0x2c, 0x0, [{0x0, 0x7, "bf61e92c97"}, {0x0, 0x2}, {0x0, 0xc, "6ebee283e075042a132c"}, {0x0, 0x2}, {0x0, 0x8, "15873b41cb8f"}, {0x0, 0x7, "7777468621"}]}, @ssrr={0x89, 0x3, 0x6e}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28013, r1, 0x28771000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, r5, 0x0, 0x5, &(0x7f0000000080)='$[{\xfd\x00'}, 0x30)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240)=0x90, 0x4)
write$cgroup_int(r5, &(0x7f0000000100)=0x7fffffff, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800e00010069703665727370616e0000003c000280060011004e210000050008002000000014000700fc00000000000000000000000000000008001400070000000800050009000000040012000a000100"], 0x7c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000004e40)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d80)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x14, 0x0, 0x0, 0x0, {0x1e}}, 0x14}}, 0x0)

7.557635145s ago: executing program 2 (id=2189):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=@newlink={0x48, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x14201}}}}}}]}, 0x48}}, 0x1000000)

6.069867685s ago: executing program 2 (id=2192):
r0 = socket$inet_sctp(0x2, 0x400000000001, 0x84)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @private=0xa010100}, 0x10)
socket$inet6(0xa, 0xa, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
listen(r0, 0xda8c)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48)
r1 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
listen(r1, 0x80080400)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r2, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10)
getsockopt$inet_int(r2, 0x10d, 0xac, &(0x7f0000000000), &(0x7f0000000240)=0x4)

5.059174249s ago: executing program 2 (id=2198):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2}, 0x48) (async)
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0}, 0x90) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00'}) (async)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0) (async)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x54, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='signal_generate\x00', r5}, 0xf)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x12, 0xfe, 0x1, 0xfff, 0x3203, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x48)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000540)={'syztnl2\x00', <r9=>0x0, 0x2f, 0x6, 0xe7, 0x3110, 0x61, @local, @rand_addr=' \x01\x00', 0x80, 0xf707f8fc9702f840, 0x80000000, 0xf57}}) (async)
r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b40)={r4, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0], 0x0, <r11=>0x0, 0xb, &(0x7f00000008c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000940), &(0x7f00000009c0), 0x8, 0x6b, 0x8, 0x8, &(0x7f0000000a00)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1, 0xf, &(0x7f0000000e00)=ANY=[@ANYBLOB="182200009e9267b55e5f605a644734a4f0b1129ef6c62d0300000000000000eb635ef6547b3af2100368936514632049a511024f3ff6631ccdbe691509578fa4c8ef5eda8681d6e859a71c46aa8a70ca749ac68150e6f36ccddd30344c8ad8c5813e84922f4213dd90b926a2d7a940d3b123150d161e56afb7733b130428f10e49823e355b000a832d4be94ea4463b3c05be723c60536ae9e70ec4befc54506acebf40fe96867601220ee4379880d56f249fcfe03369d75a3f53a926ecacb1279d69e8aa0297abbc069cb094812ede34786512e2caa34b9067a0125f2c13c4085b9912dcfeb0bd95d00bd52daed2714e32853b106f6f0f5d7f589e78716f7d1baadaf82d1925dea6020ed069d5ef3f598790aae570e1a99588b023890502dc2cbf94e1233ab11fb325038b38f509c180258998838966659c0bbc1eabaf4434581b11642efa3702915c904428547ca6aa8238bc8d7af57094eae7d84ab072a1c8ef0637cbda8a66", @ANYRES32=r7, @ANYBLOB="0000000023000000186a0000050000000000000003000000186400000a00000000000000080000001834000003000000000000000000000018160000", @ANYRES32=r8, @ANYBLOB="000000000000000018590000030000000000000000000000851000000700000018000000070000000000000002000000"], &(0x7f0000000040)='GPL\x00', 0x9, 0xc7, &(0x7f00000006c0)=""/199, 0x40f00, 0x4, '\x00', r9, 0x0, r10, 0x8, &(0x7f00000007c0)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, r11, r5, 0x5, &(0x7f0000000b80)=[r6], &(0x7f0000000bc0)=[{0x1, 0x1, 0xc, 0x6}, {0x2, 0x3, 0x9, 0x5}, {0x1, 0x1004, 0x7, 0xb}, {0x0, 0x1, 0x3}, {0x1, 0x5, 0x1, 0x2}], 0x10, 0x5}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000d00)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r13 = socket$nl_route(0x10, 0x3, 0x0)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r14, 0x8933, &(0x7f00000001c0)={'wg0\x00', <r15=>0x0})
sendmsg$nl_route(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c14000100000000000b00006d02b43535dd4a2625c9cb948db8000000", @ANYRES32=r15, @ANYBLOB="1400010000000000000000000000000000000001"], 0x2c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='signal_generate\x00', r12}, 0x10) (async)
listen(r3, 0x0)

5.0580527s ago: executing program 0 (id=2199):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010002000002000000000000000a20fffffff50a0101000000cb6cb68300020000000900010073797a300000000014000000020a010800000000000000000000000020000000020a01"], 0x7c}}, 0x0)

4.881526842s ago: executing program 0 (id=2200):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x34, 0x6c, 0x1, 0x0, 0x0, {}, [@nested={0x20, 0x0, 0x0, 0x1, [@generic="e649486a8eec4041", @typed={0x14, 0x3b, 0x0, 0x0, @ipv6=@remote}]}]}, 0x34}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000000)=0x7, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0x1, 0x0, 0x2)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
r6 = accept4$inet6(r3, 0x0, &(0x7f0000000540), 0x800)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000740)={'syztnl0\x00', &(0x7f0000000800)={'syztnl0\x00', <r7=>0x0, 0x29, 0x77, 0x7, 0x8, 0xa, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x8, 0x1, 0x101}})
ioctl$sock_inet6_SIOCDELRT(r6, 0x890c, &(0x7f0000000880)={@mcast1, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4, 0x0, 0x9, 0x0, 0x14, 0x200, r7})
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x68, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_CIDR={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0)
sendto$inet6(r5, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f00000002c0), 0x8)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000001c0)=@raw=[@ldst={0x1, 0x0, 0x6, 0xa, 0x5, 0x1, 0xfffffffffffffffc}, @generic={0x3, 0x0, 0x0, 0xe25a, 0x7}, @tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='syzkaller\x00', 0x40, 0x4e, &(0x7f0000000240)=""/78, 0x41100, 0x6c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000300)={0x5, 0xa, 0x9, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000340)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000003c0)=[{0x0, 0x2, 0x9, 0x3}, {0x2, 0x5, 0x7, 0xcd84d90982b72245}, {0x3, 0x4, 0x9, 0xa}, {0x3, 0x3, 0x3, 0x5}, {0x3, 0x4, 0xc, 0x2}, {0x2, 0x5, 0x3, 0x1}], 0x10, 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='spmi_read_begin\x00', r9}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x3, 0x200}, 0x8)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0)
sendmsg$nl_route(r2, 0x0, 0x20040001)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000006c0)={&(0x7f00000005c0)={0x1c, 0x0, 0x800, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4020095}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))

3.748653806s ago: executing program 2 (id=2203):
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, 0x0}}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}, {0x0}], 0x2}, 0xc3ff)

3.381884396s ago: executing program 2 (id=2206):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x0, 0x0)

2.155133685s ago: executing program 3 (id=2213):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'erspan0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000035000000fcffffff770000000000090095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
sendto$packet(r1, &(0x7f00000000c0)="3f033608260812002c001e2b89e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c152bfdc9435e3ffe46", 0x20000, 0xa0c4, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000444ff8), 0x8)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000400)=ANY=[@ANYRES64=r3], 0x8)
r4 = epoll_create1(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00'}, 0x10)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r5, 0x0)
accept(r5, 0x0, 0x0)
epoll_pwait(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
close(r4)
connect$inet6(r3, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r3, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, &(0x7f0000000800)={{r0}, "ae2eeabd67b4a520cf38edb606602aa1fcada89582ca850ef761d70c1a1b3ca229bf334d06ea4525af6b607dab857c3d578646051fb54d0824f1263101f2abb89e380a44c2cdad8cd39c5b4be11d084aa77c28e7e02d160b6765b45e093c6033e0f15cc181c07063dee2ebaa5e528ec23d286d782e631b6c47d1ed0202ab30377e181d099a8ddde367bdbcfae45d72dec65848bdb865252ee2c36d87f5941430f958a64ae6e7a3f073ebfcccb39d00baf7350c1b9baf48b8289401d51ab90165478d26e4af5430d1a6a869469eff9b42a0512d13538b5d8d66ebfb4327304f0bfe4cf7328bed193a1c806e447ecbd2154a18854785ad928b3d62c3f39b657d42f6fa0f0933cef2a5bfdc7a0566a93ca22f61568ee353469990a497788bc81a7abbcd8ace1de80324b0ccdd3d6e65fece052d869fb23a854d7e33c00d91ed660bead1850574d5b37c227606e74ccdb6f8876cc027992596ca1024643ce598c2cffd2727a64b30ff3fd8b42f7602dc9c88564ae8bb24d5bced0456b085d8e24762cca0701cdc5d0964501fc708a05495436ba7cce0095fed9de95452d1e393b54a6fcea3622bc1e181604729f038d14fca86c3458cd25722d83b015217124466c1dc2b4111498b6458a692201dd228f70a8922de4426163f44767476b7152d700dffa0f09595b141aeba427db2c85a62ce607d6dfe3962c9036e2dcfdd5f19bfe4a0b12c8df75c31c5de4ccc4a1b01ba9edf06672018bebc01dc974f797c5cf07fc10cd54bb6645e0b79c527671a1ab5c729153437be11c7a88a458f674d7ab914a81e737ebc3b27fb07a1b88299da78684af28f03d07cd955c74d3f893cf5286526722927dc3e466602fedb6b9c1039bf7da6bdaa71d13ff6a1afc149913f7ec6488a98eea66afa6c5965d45c0a55209ee813a690d22a662d557651c8fb4b0d347c75eb8faeb6ebc03945a033efebde5dc798b5838f41cd48e614a5332d98052fbbe385c74c42ba01ba27abb069a107a3e94aa4707464f8ab29939523c902607622a72b79d104f9a601336e5a15870c3765485da8fabae0237228ca7246dd8a5c2606c754e5dd523cee6afa827a5fd3b719adcdc73d4015595adf22e7041c67022c06eb1774489062aa45deee78179f90d0ef1f29d614f1c5f674084e986a26b3132148c025d74ce429f9890d32208f042c2e66f92c4ec7645dcb9554e8171c6e6259fbc3d1c22298324152a633799757c67c000c7b22d8d70a9a766734b68af58c0774db9274f6efc27fed2fae8f0d84f4ce294a292bb7789f1972654a71610a706e181a6686a788a45c5d9e96b14395a13c9d85b44581fce49e8185ccb1badb85ee3e00b48e81a5fd158aa810c9215b7aa49ea99d092fbf576bac8493b003d3445a6680ce7dc948cbf19b35775f46cb1def8734d8bfa1e3fb530551edcad27c0508aa896adb3c406b9b19024496a7101f6c9399ab07b58d3e41820dc7e020b0e35bbe1653a198bbec7bfdf40ffb27f1240a4b112eb48d06d720fdf31be8259e30c184b4da18c3ac077427d1a8fa388631811f8222eedabb12f8d6e827f20430b558bb5d565d14a5b12a15b055a2b5fc74ca7913818dc3ff3081bbcf0323f959649bc8b770da2e519c32029182e97eb40ac13e33ec5a1c803552e63baa67a4b6a3674de5865026bf1a589c0c40c2d9abfc0071e8963fdb6ed6e3e69993be166907ca6479c4fbab84fac0091e95057137814298afd2f3842354bf5e1be78f906ae613934413977588252cc8b7dab34febe7eaea38ab34ab1fbe1cb997808494c241097e36ebc47fdb289b87f53dcb279914ba8c39ca3724225511cf469b49c663f4a534dfdc660870b5eaf1ebaece840afa87cc327b4c4cc24e819ec6f67071499850841c16285b8f3a467b127b27208ae68e6a7e6fbb3c35d4d1e76daf33575f8df8d5055f742bc9250d7b5148faa91edd8220f89e6bb76e85d3111acdbca4e1035fe1ee5c11f06e440e7033e6a2b3c94883c49fcc629f25c5a5809afca89d91d55382640a393e4579be60195b396bd0e4096179334eb5838ab0ac84235c313b04f8c342abb8d80db0288919132b16dce608d6e09c9cd3b61e71273ed520fbfd3ff61d2b23c8e347a241ee0dabf51384380f5ebc70cb1015a2979112283bbec05aff0450be52bd4f7c1bba4f48c41a35ffde8e337b6dc16479aa2153a7f8a7ad8852bb41c74cdc2238e0badf10bda54108924fd1e90b2560dc626f859cb1a2c86461089bb0459418b3eab616253d3b8f3920845cdbb70b56e3409869dd4da325939117d45aabfba7d1edd42b04564477cc2092810c15026a0aa81a433269ab8c799b9974993626a3e982c72115f4adc9ec4e710fa2e918c88f42028c1c0c40e38bcc389fb78f0fa699ec762995342fce13f4d5a452e4f4513e4fa7870b5f692029a067b7d647f366ad9f600227d859a6057e0b45d06fb7098f6bf78d3c0c847a78afc047bacaed6fe82003a92753d406bf7e290a8640481899887c987450acb6eb85f4e50d968a2b6d3ea4d1d501e7bbc0cbe89b909ac0933362b54e0e5f2e21ff6458522f27f1bc2483c9b759182f28ef21028e344b6f31e196fca16ea0278b559bd762695e934a8ca5194938ec9d89b34e99b3d05b6552356d81369bb9ff7d98b85670215b9334f26a35d53505e7b7e020cae20c7ece51b9a0346f74caba381c00006ee71586b854fc94c912b673a51446ce15c0e6f875248848be91873e4519706b8737fe78530e0a557db33c972772f54ba85af4c4e378805a255dec94bcc7e9f935197eae1a5ebaa0ef82b47d46a34a9905228eb6783abfb92dbfccba5c06e76d6856c1ddfc18ff9fde2fefd6cdfd3d4e8caa59efb31469bbff52c5e5a95941e23443c586c1d7f9a1d7d2df2190bf4dfe2733c21a15db1ac3c72e073cecb3830e935469a871bcbd7cc979243c1429d644f5ee02dd0f2d4bc19fd755166f1e0d4c255618921172d0a3a89782245f9ab358472e797336e21eb84185f6acf889b89f58058dabe16ef0bdcafbb5efff5c27ecd2dde2bf0cdf13bedccddcb26f0a9c61912fe9a006327380442c190cc3cb6bd1e97a0d76631ac381307ab47fd7061ce17e5b54ffac5fda9e6efbcd1678669ecd473f43545b93a67332ca57622ab88acaa554569c96d14dac5f7ca26360dd5a6a064b1ce8b8c278fdd3582d41f7e23dbe333b49319ffa01e0cf226c95a6ab78f710516f896c3f1a8bbbea70d3619a36dc061cb90089a08b9350348194f99e2fe635183716c4117f81ad373b004a312704d56f2629c8b43b1ceaa088ad426abfc8de020c7238ddb44ab8d5fe9eb4c3e91effbfdc72c53031f5e9f2ab5bd5ed4817d2669f312c9aef6818f8443810e58e9966deb9a5e17486f08d426cb16cc372532ff3c621de43243fcb2929d6ee63b4791bf9cf9ee390a9cb18f5fd04a2900c2a95dd9e1a819d2e15efe553a4615ea3ce3a480e580308330dba1d183e3226a0d0b1d9c0a73519e0113928fb4aaf30bc0feea2d27847c6c97ba938b10f424a836dd62422a8553705bc202937da7f60dec8521cd2d43db556420f89ccd2553eb0527f1934be562742bf725760b2ae1716002f0ecac2977695973ff882984657e6de37fae19d790afbb1f03cc83e5be29864ffb3c752747fb26f0361b582a495ca2c2763259f63876e69dbb65ae4b42ad8271fa0e0088b377c9379a8accc9cf11276c959af8f862feb3047afd855b417cf7c5b97ec6008263cc73bf819d4f85de3b6cc29f9ce80fb384e1e957f5865f0d205a8989c38de9bc0edb9ef663d00c5a8aa681dd7decc2f5248a26d0b6c23afdd3281ae70b08d5141d6ad7109b33e15b7ebfdb4bb443a22c07492b1c910c7ebc5f9d53f85a11626d7ab0cef17faa6d61c8eedd161df575b84a64985ea211adfac159cc0c429dac8b84ae93935faa6eb32c7435f9335ee013687bdc409a4d9721f2eaed419e11e31c6b1bb3f6ed8184de45d3f726325563eeac762975aac51d0218b328d97776fc6b65a2d929f291cb54c9fb01b9c7f14ed7d85c730a3ad65e254fd687095c59a65683e8b484c01902c21e8798f294c48a5c3377ee97c0e67d2ce18928259393012c23b65c843d1f3e4fd059592aeb17288a7e9ff77f964061f62b826f352c183bc1823eea742c2c324b9b008b40bd41592e578c3b88e1a01eae3a76a458f9d0efd243b3b4ec8e1596cc7b09820df9d4a7dba59cff1aa1a98cdae1dc9b6599db9c1124eb7fe6236d4393ef5ed9c6063e53a65a2d436c5065e5b503788bc6f456f00269d9b468a8db1260942f23ada46c608dda72f3ddd965949ba6c1051b7963d210ef1a4d5023ccb7a42d1086e7c4efaff4300d9b68a1d08d55cd30012eaaaec20b993ff14a79cf7d43ef8af5535ecae7583d684646d1f89fa7e9fbc82efd9346b2f8d0f9403f8eb1635d3179d2febeddd25da95ecfbfb18a62c50f74352c1c3dd3d03300081c2654db105137320d3432bc3b3772e069eb38c49fdb85ce4223024f7aa4bb4fa9dfad04c891c4c93b649f225f4da498bf6ec9b4bd951e8bd960c91255f216f842a0c1360ad0019d516ccf92e6bea13a37df829e822488581e8c38744f652e9c6a2777c837b47c285d998f10f31e33757c827a63fe78d89d43fffa5281e923a74c6cb0605b9555f9a3c74c149c80ba6b2ae3d8f598af063eb689807df8a1939f11cac1035b720cb96f2b9fe96a0a26ee6ca27907318118e109275d1aa50eff0b131f4256449a462f2420571c60219ea35c17ba3e9dab9747e0fb566bf6d10b95f140bbbc2c1fe4fb7dedb6bf2ec511838dd6b0b44e3a8307e4d1cb38ee01904c41448fc046bc25a69a8ffaea5a09b8aacd29387d9e493aaeb8f9afa85f14617572253002bf91955dcf910adaabfdaee615f7f4ecdb5fab1112d1bb131b13c264a1c230e84c5687a35053ccfc9a3499d7eecfdda2cf32f5a5305298f3593342ee59761f62e7eb5f636f3706a70436d4b4eccc2d935aa6f99840895b114fed826fa1aece057489b995de9d1e51eebd6205575b0afae6fffe5fca93998fd8416d3880c1a043ff2abd00035e55261af7bc35389e95a2efe6e79694fb3cb4c4e9f04a5ba03668660b472f1f5cdda747e86b4f6108d455cec0614a761432b0e6149a377e7e885e5dc1594bb4418920eefabee50b85ec528d213b6e6f500e95c97c254540357addd4d51247f794c5fb46797a421cdeaa5cf057ead0455c9b942a5b44227a4a7d2808839c99699041ed10956b437e01dd29fe77b092f1164403bb953dee74d75b422e552299cfe0a408bc69d382163c24f5e7b08ba3cf8e37ad3f9a4cb60e339aee03f66502d9731ec42adc13bcc9923aaf4e7da9a1967186814bbf867e9489c0e6351f60250cdfbbba5ee47641de7b638b9a8305830697af744405b5b4a6289105caf89d4fcc9a36804e898ba518135032787772cb8c4bc2a49b4984166cb066dd575c1f3530141c2fd3086f6cdcc61434d14e989b1f19bf5f906b9fa7ac21793ffb24ca0501b238cf41908fc51b5764110d64000fc534cf81d28289c0afcc9937d489ea9a89ff3968afe06a81f7c94cbc5eedb61b7f44bf6afa35849d616f24eee746770ef0ac68fbc5b8fea03a34890ac39fdb7d94b00c48ce1c3b5c8429cdf949e3633e70a7c572c8cd28bbb5258ba98ca16d177b9b29821a5ca624c6a5fc7bb21d671633ba7881b6e83509ef46b129273ea52dfc891b6de89c4185e20994ea40d3cb6932914"})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@delqdisc={0xd4, 0x25, 0x200, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x7, 0x2}, {0xb, 0x9}, {0x7, 0xc}}, [@q_dsmark={{0xb}, {0x20, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x33}]}}, @q_dsmark={{0xb}, {0x10, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x2}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x28, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6}]}}, @q_dsmark={{0xb}, {0x28, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xca}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xd143}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x22}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}]}}]}, 0xd4}}, 0x0)
recvmmsg(r7, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/222, 0xde}, {&(0x7f0000000840)=""/134, 0x86}], 0x86}}], 0x2, 0x0, 0x0)

1.395301732s ago: executing program 1 (id=2216):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f0000000c40)=[{{&(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f0000000280)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x43}}, 0x1c, &(0x7f0000000540)=[{&(0x7f00000003c0)="a37954fdcf9f2d52301d4b37154e42398953107b6e3d2406be985130606f1a7692b2abaed3a2d5af54faf84c63aa633b1148831621197d723480deb6b22f540e237ff73f38782a576f936b29ac40affaa399804d874930282f671fd2f43c9d92eebb64526ffcfd6754ee9f4207bf9d0d1ba430182bb4ba43bcc9bb39ff0b6715fbe6bb732630cdb6eddc1ea63c4668a2cb26b0b6bc0bc20bbe2b0d859f5300550728399683f39fcea3b983038766", 0xae}], 0x1, &(0x7f0000000d40)=ANY=[@ANYBLOB="14000000000000002900f5004300000081ffffff00000000580000000000000029000000390000003b08000400000000fc02000000000000004dbf175df36900000000000701fc020000000000000000a984030f235729ec052dd1000000000001ff010000000000000000000000000001ff02000000000000000003000000000000001dd3397b839d55441c"], 0x70}}], 0x2, 0x0)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000580))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)

1.263781492s ago: executing program 1 (id=2217):
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000", 0x17}, {0x0}], 0x2, 0x0, 0x0, 0xd2efff7f}, 0x0)

1.101949216s ago: executing program 3 (id=2218):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x600000000000000}}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

1.032898005s ago: executing program 3 (id=2219):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000e100000000000000000c0001000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x30}, 0x90)

984.757716ms ago: executing program 1 (id=2220):
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000000206010600000000000000000000000005000400000000000900020073797a310000000014000780050015002f0000000800124000000000050005000a000000050001000600000014000300686173683a69702c706f72742c6970"], 0x60}}, 0x0)
r2 = openat$cgroup(r0, &(0x7f00000002c0)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000140), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x28011, r4, 0x0)
mmap(&(0x7f0000886000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
mmap(&(0x7f00002b0000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x0)
mmap(&(0x7f0000190000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r5, 0x8030942b, &(0x7f0000000000)={0x0, {0x40, 0x800000000008, 0xb5bc, 0x6, 0x7fff}})
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000050000000200000000000013020000000000612e008b0232f63fbdfbe17ef5136426621062574b3cef4ba5fce4c561fd60495c3180030843c1a182bb80fba8325787ff2fb2a50e12fdecf981bb2da09947c782cb559f37501f0b9378213bb9b11373f0238e33acbb41c91dd16ee7c57413be68e4cbafeac4065fa78c61da3997655d2c9fa6c37e5eac3557c025ac7f7d0a03214660c38c0cef0a8f12138690e3042b19fff1e5753f2ed1b267438c6d852ca2cf4768a44c8765c124efbe50ffc2878bf430f506310cd2577a02b5ecc867f6a5c2cb9f348f92851005392cede400"], 0x0, 0x29}, 0x20)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x40010, r4, 0x18034000)
socket$nl_rdma(0x10, 0x3, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
ioctl$BTRFS_IOC_DEV_REPLACE(r6, 0xca289435, &(0x7f00000007c0)={0x2, 0xe69c, @status={[0x1, 0x5, 0x4, 0x6, 0x6ce1, 0x2000000000000009]}, [0x3efd, 0x401, 0xffffffff, 0xfff, 0x5, 0x3, 0x2, 0x2, 0x45, 0x0, 0x3, 0x7, 0x9, 0x8, 0x6c7, 0xca8f, 0x7fff, 0xc, 0x3, 0x5, 0x7, 0xe525, 0x101, 0x7, 0x9, 0x6, 0x6aff, 0x9, 0x7fff, 0x9, 0x9, 0x3f, 0xfffffffffffffffc, 0x4, 0x0, 0x8, 0x8, 0x5, 0x7, 0x5, 0x7, 0x2d8b, 0x7665, 0x4, 0x4, 0x4, 0x5, 0xb75, 0xffffffffffffff00, 0xafb, 0x3f, 0x9, 0xe5, 0xdc, 0x0, 0x9, 0xfffffffffffffff7, 0xa9b, 0x800, 0x42, 0xfffffffffffffc01, 0x9, 0x7, 0x3]})
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newrule={0x24, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1}, [@FRA_DST={0x8, 0x1, @empty}]}, 0x24}}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="3000000010000305000000000000000000000700", @ANYRES8=r0, @ANYRES16=r5], 0x30}}, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
r10 = socket$kcm(0x10, 0x3, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f00000000c0)=r11, 0x4)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f020033000b35d25a806c8c6f94f90f24fc60100007000c000300053582c137153e37000c0980fc0b10070300", 0x33fe0}], 0x1}, 0x0)

897.929763ms ago: executing program 3 (id=2221):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000020000000000000850000006b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

767.387802ms ago: executing program 3 (id=2222):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d)
sendfile(r3, r5, 0x0, 0x8000002b)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x54, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x38, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "403a050c5bae9c544ef2b6d713459a7a"}, @NL802154_KEY_ATTR_ID={0x18, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}]}]}, 0x54}}, 0x0)

502.455979ms ago: executing program 1 (id=2223):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x0)

145.607877ms ago: executing program 1 (id=2224):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'p'}]}, @NFTA_CMP_OP={0x8}]}}}]}]}], {0x14}}, 0x84}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x14, 0x0)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f00000000c0)=[{0x0, 0x5, 0x9, 0x3}, {0x4, 0x6, 0x3, 0x10}, {0x6, 0x8, 0x89, 0x2}]}, 0x10)
bind$netlink(r1, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfe, 0x1000}, 0xc)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff810500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000fff5dd00000010000100090808004149004003040800", 0x58}], 0x1)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x50, 0x1, 0x9, 0x301, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x8}}, @NFCTH_STATUS={0x8}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x32c}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x5}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x18}]}, 0x50}}, 0x40)

56.248491ms ago: executing program 3 (id=2225):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
r1 = socket$alg(0x26, 0x5, 0x0)
accept$alg(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(0x0, r0)
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000001c0), 0xc, &(0x7f00000005c0)={&(0x7f0000000240)={0x14c, r2, 0x4, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}]}, @TIPC_NLA_NODE={0x1c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x4}]}, @TIPC_NLA_BEARER={0x48, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x0, @mcast2}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x31ef}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x14c}}, 0x10)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r3, 0x8983, &(0x7f0000000640))
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}}, 0x0)
ioctl(r4, 0x8b2a, &(0x7f0000000040))
setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)

0s ago: executing program 1 (id=2226):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)={0x18, 0x52, 0x1, 0x0, 0x0, {0x2, 0x3}, [@generic='2']}, 0x18}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000240)='tlb_flush\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@const={0x0, 0x0, 0x0, 0x4}, @func_proto={0x2, 0x0, 0x0, 0xf, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x1}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x44}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r3}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[], 0xa0}}, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})

kernel console output (not intermixed with test programs):

link_rcv_msg+0x10/0x10
[  237.396701][ T9692]  ? ref_tracker_free+0x643/0x7e0
[  237.401721][ T9692]  netlink_rcv_skb+0x1e3/0x430
[  237.406477][ T9692]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  237.411929][ T9692]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  237.417236][ T9692]  ? netlink_deliver_tap+0x2e/0x1b0
[  237.422437][ T9692]  netlink_unicast+0x7f0/0x990
[  237.427201][ T9692]  ? __pfx_netlink_unicast+0x10/0x10
[  237.432476][ T9692]  ? __virt_addr_valid+0x183/0x530
[  237.437582][ T9692]  ? __check_object_size+0x49c/0x900
[  237.442860][ T9692]  ? bpf_lsm_netlink_send+0x9/0x10
[  237.447978][ T9692]  netlink_sendmsg+0x8e4/0xcb0
[  237.452749][ T9692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.458030][ T9692]  ? __import_iovec+0x536/0x820
[  237.462870][ T9692]  ? aa_sock_msg_perm+0x91/0x160
[  237.467801][ T9692]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  237.473077][ T9692]  ? security_socket_sendmsg+0x87/0xb0
[  237.478532][ T9692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.483805][ T9692]  __sock_sendmsg+0x221/0x270
[  237.488478][ T9692]  ____sys_sendmsg+0x525/0x7d0
[  237.493242][ T9692]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.498536][ T9692]  __sys_sendmsg+0x2b0/0x3a0
[  237.503121][ T9692]  ? __pfx___sys_sendmsg+0x10/0x10
[  237.508229][ T9692]  ? vfs_write+0x7c4/0xc90
[  237.512670][ T9692]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  237.518993][ T9692]  ? do_syscall_64+0x100/0x230
[  237.523752][ T9692]  ? do_syscall_64+0xb6/0x230
[  237.528426][ T9692]  do_syscall_64+0xf3/0x230
[  237.532923][ T9692]  ? clear_bhb_loop+0x35/0x90
[  237.537600][ T9692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.543493][ T9692] RIP: 0033:0x7fd078b75f19
[  237.547910][ T9692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.567519][ T9692] RSP: 002b:00007fd0798cc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.575923][ T9692] RAX: ffffffffffffffda RBX: 00007fd078d05f60 RCX: 00007fd078b75f19
[  237.583882][ T9692] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000010
[  237.591842][ T9692] RBP: 00007fd0798cc0a0 R08: 0000000000000000 R09: 0000000000000000
[  237.599807][ T9692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  237.607765][ T9692] R13: 000000000000000b R14: 00007fd078d05f60 R15: 00007ffdbecdaf98
[  237.615736][ T9692]  </TASK>
[  237.748337][ T9696] validate_nla: 3 callbacks suppressed
[  237.748354][ T9696] netlink: 'syz.1.1390': attribute type 10 has an invalid length.
[  237.894133][ T9696] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  238.097097][ T9710] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1393'.
[  238.287691][ T9718] netlink: 'syz.2.1396': attribute type 10 has an invalid length.
[  238.312743][ T9718] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  238.329641][ T9718] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  238.371117][ T9718] team0: Port device netdevsim0 removed
[  238.680804][ T9729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1399'.
[  238.888596][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1401'.
[  239.014436][ T9738] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1402'.
[  239.451767][ T9746] netlink: 'syz.4.1404': attribute type 10 has an invalid length.
[  239.508926][ T9746] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  239.940835][ T9765] netlink: 'syz.1.1409': attribute type 21 has an invalid length.
[  239.974027][ T9767] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1410'.
[  240.011565][ T9767] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1410'.
[  240.049253][ T9767] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1410'.
[  240.096436][ T9767] netlink: 'syz.4.1410': attribute type 3 has an invalid length.
[  240.127885][ T9767] netlink: 'syz.4.1410': attribute type 2 has an invalid length.
[  240.145986][ T9767] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1410'.
[  240.157046][ T9776] vlan0: entered promiscuous mode
[  240.163050][ T9776] batman_adv: batadv0: Adding interface: vlan0
[  240.169555][ T9776] batman_adv: batadv0: The MTU of interface vlan0 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.248533][ T9776] batman_adv: batadv0: Not using interface vlan0 (retrying later): interface not active
[  240.680578][ T9794] netlink: 'syz.3.1417': attribute type 6 has an invalid length.
[  240.788959][ T9798] netlink: 'syz.4.1416': attribute type 10 has an invalid length.
[  241.263821][ T9805] netlink: 'syz.0.1420': attribute type 10 has an invalid length.
[  241.749351][   T54] block nbd7: Receive control failed (result -107)
[  241.760647][ T9815] netlink: 'syz.0.1424': attribute type 3 has an invalid length.
[  242.989019][ T9842] __nla_validate_parse: 8 callbacks suppressed
[  242.989038][ T9842] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1433'.
[  243.217857][    C0] eth0: bad gso: type: 1, size: 1408
[  243.535179][ T9858] tipc: Started in network mode
[  243.547144][ T9858] tipc: Node identity 000000000000007a0000000000000001, cluster identity 4711
[  243.556311][ T9858] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  243.567061][ T9861] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1440'.
[  243.993018][ T9886] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1446'.
[  244.610689][    C0] eth0: bad gso: type: 1, size: 1408
[  244.799446][ T9909] validate_nla: 2 callbacks suppressed
[  244.799464][ T9909] netlink: 'syz.0.1453': attribute type 10 has an invalid length.
[  244.878365][ T9909] bond0: (slave netdevsim0): Releasing backup interface
[  244.939617][ T9909] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  244.965663][ T9909] team0: Port device netdevsim0 added
[  244.980563][ T9912] sch_tbf: burst 0 is lower than device ipvlan0 mtu (1514) !
[  245.157565][ T9917] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1455'.
[  245.594395][ T9929] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1459'.
[  246.062524][ T9946] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  246.093300][ T9946] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  246.249413][ T9951] netlink: 'syz.2.1466': attribute type 10 has an invalid length.
[  246.278750][ T9951] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  246.286282][ T9951] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  246.310513][ T9951] team0: Port device netdevsim0 added
[  246.641489][ T9959] wg2: entered promiscuous mode
[  246.663018][ T9959] wg2: entered allmulticast mode
[  246.685465][ T9961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1470'.
[  247.303378][ T9978] tipc: Started in network mode
[  247.315031][ T9978] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  247.348864][ T9978] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  247.620740][ T9996] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1480'.
[  247.783343][T10006] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1483'.
[  248.243756][T10028] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1488'.
[  248.336637][T10028] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1488'.
[  248.543108][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1490'.
[  248.597681][T10035] cannot load conntrack support for proto=3
[  248.615559][T10035] IPv6: addrconf: prefix option has invalid lifetime
[  248.622313][T10035] IPv6: addrconf: prefix option has invalid lifetime
[  249.069186][ T2890] wlan1: Trigger new scan to find an IBSS to join
[  249.218999][T10046] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1495'.
[  249.409552][T10054] netlink: 'syz.0.1500': attribute type 10 has an invalid length.
[  249.492779][T10060] xt_HMARK: spi-set and port-set can't be combined
[  249.584851][T10063] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  249.885176][T10075] syz_tun: entered promiscuous mode
[  249.894052][T10075] syz_tun: left promiscuous mode
[  250.048754][T10079] xt_time: invalid argument - start or stop time greater than 23:59:59
[  250.070038][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1507'.
[  250.222692][T10086] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1510'.
[  250.263628][T10086] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1510'.
[  250.276160][T10088] veth4: entered allmulticast mode
[  250.300906][T10086] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1510'.
[  250.338598][T10086] netlink: 'syz.4.1510': attribute type 3 has an invalid length.
[  250.362753][T10090] netlink: 'syz.1.1512': attribute type 10 has an invalid length.
[  250.379946][T10086] netlink: 'syz.4.1510': attribute type 2 has an invalid length.
[  250.393603][T10086] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1510'.
[  250.424054][T10090] bond0: (slave netdevsim0): Releasing backup interface
[  250.465203][T10090] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  250.485362][T10090] team0: Port device netdevsim0 added
[  250.520163][T10094] netlink: 'syz.4.1514': attribute type 4 has an invalid length.
[  250.538396][T10094] netlink: 'syz.4.1514': attribute type 4 has an invalid length.
[  250.688407][T10101] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1518'.
[  251.014496][T10126] netlink: 'syz.2.1526': attribute type 10 has an invalid length.
[  251.096275][T10130] netlink: 'syz.0.1527': attribute type 10 has an invalid length.
[  252.118530][ T2890] wlan1: Trigger new scan to find an IBSS to join
[  252.365140][T10169] netlink: 'syz.0.1539': attribute type 10 has an invalid length.
[  252.636413][T10181] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  252.896897][T10205] netlink: 'syz.1.1551': attribute type 10 has an invalid length.
[  252.917987][ T5116] Bluetooth: hci4: command 0x0406 tx timeout
[  252.994402][T10212] netlink: 'syz.1.1554': attribute type 10 has an invalid length.
[  253.421869][T10235] xt_CT: You must specify a L4 protocol and not use inversions on it
[  253.924346][T10257] veth1_macvtap: left promiscuous mode
[  254.227216][T10265] __nla_validate_parse: 4 callbacks suppressed
[  254.227236][T10265] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1571'.
[  254.748259][T10277] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  254.755527][T10277] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  254.780605][T10277] team0: Port device netdevsim0 removed
[  254.882529][T10285] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  255.078377][T10295] cannot load conntrack support for proto=3
[  255.161502][ T2890] wlan1: Trigger new scan to find an IBSS to join
[  255.346249][T10312] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1587'.
[  255.456186][T10316] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1586'.
[  255.954026][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  256.172582][ T2921] wlan1: Creating new IBSS network, BSSID 82:6c:fb:7a:75:18
[  256.344865][T10348] bridge0: entered promiscuous mode
[  256.382087][T10348] team0: Port device macvlan6 added
[  256.465296][T10359] validate_nla: 1 callbacks suppressed
[  256.465313][T10359] netlink: 'syz.4.1602': attribute type 10 has an invalid length.
[  256.553251][T10359] mac80211_hwsim hwsim23 wlan1: entered promiscuous mode
[  256.598247][T10359] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  257.354797][T10386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1610'.
[  257.446037][    C0] eth0: bad gso: type: 1, size: 1408
[  257.772492][T10394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1614'.
[  257.874292][T10398] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1617'.
[  257.897605][T10398] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[  258.045783][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1616'.
[  258.422811][T10426] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1620'.
[  258.479304][T10431] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1626'.
[  258.776771][T10444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1632'.
[  258.899508][   T54] block nbd8: Receive control failed (result -107)
[  258.947556][T10444] nbd8: detected capacity change from 0 to 256
[  258.955928][ T9906] block nbd8: Dead connection, failed to find a fallback
[  259.157086][T10453] xt_HMARK: spi-set and port-set can't be combined
[  259.394253][T10459] __nla_validate_parse: 1 callbacks suppressed
[  259.394272][T10459] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1638'.
[  260.280997][T10485] xt_HMARK: spi-set and port-set can't be combined
[  261.036537][T10508] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1658'.
[  261.860643][T10525] cannot load conntrack support for proto=3
[  261.889056][T10522] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1664'.
[  262.775144][T10540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1669'.
[  262.813288][T10540] bond_slave_0: entered promiscuous mode
[  262.819071][T10540] bond_slave_1: entered promiscuous mode
[  262.847149][T10540] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  262.923465][T10542] "syz.4.1670" (10542) uses obsolete ecb(arc4) skcipher
[  263.215043][T10559] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1673'.
[  263.468503][T10567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1676'.
[  263.492660][T10567] FAULT_INJECTION: forcing a failure.
[  263.492660][T10567] name failslab, interval 1, probability 0, space 0, times 0
[  263.547532][T10567] CPU: 0 PID: 10567 Comm: syz.2.1676 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  263.557387][T10567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  263.567470][T10567] Call Trace:
[  263.570761][T10567]  <TASK>
[  263.573697][T10567]  dump_stack_lvl+0x241/0x360
[  263.578399][T10567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.583617][T10567]  ? __pfx__printk+0x10/0x10
[  263.588275][T10567]  ? __pfx___might_resched+0x10/0x10
[  263.593585][T10567]  should_fail_ex+0x3b0/0x4e0
[  263.598281][T10567]  ? __kernfs_new_node+0xd8/0x870
[  263.603317][T10567]  should_failslab+0x9/0x20
[  263.607833][T10567]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  263.613225][T10567]  __kernfs_new_node+0xd8/0x870
[  263.618098][T10567]  ? mark_lock+0x9a/0x350
[  263.622462][T10567]  ? __lock_acquire+0x137a/0x2040
[  263.627509][T10567]  ? __pfx___kernfs_new_node+0x10/0x10
[  263.633003][T10567]  ? make_kgid+0x1f6/0x6f0
[  263.637439][T10567]  ? __pfx_make_kgid+0x10/0x10
[  263.642225][T10567]  kernfs_new_node+0x137/0x240
[  263.647013][T10567]  kernfs_create_dir_ns+0x43/0x120
[  263.652143][T10567]  sysfs_create_dir_ns+0x189/0x3a0
[  263.657271][T10567]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  263.662926][T10567]  kobject_add_internal+0x435/0x8d0
[  263.668156][T10567]  kobject_add+0x152/0x220
[  263.672589][T10567]  ? kobject_put+0x43a/0x480
[  263.677183][T10567]  ? __pfx_kobject_add+0x10/0x10
[  263.682131][T10567]  ? kobject_put+0x443/0x480
[  263.686743][T10567]  ? get_device_parent+0x25d/0x410
[  263.691867][T10567]  ? device_add+0x318/0xbf0
[  263.696387][T10567]  device_add+0x4e5/0xbf0
[  263.700732][T10567]  ? device_initialize+0x266/0x460
[  263.705862][T10567]  netdev_register_kobject+0x17e/0x320
[  263.711344][T10567]  register_netdevice+0x12c5/0x1b00
[  263.716572][T10567]  ? __pfx_register_netdevice+0x10/0x10
[  263.722137][T10567]  ? dev_addr_mod+0xbd/0x330
[  263.726757][T10567]  macvlan_common_newlink+0x1189/0x1930
[  263.732313][T10567]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  263.737887][T10567]  ? __pfx_macvlan_common_newlink+0x10/0x10
[  263.743793][T10567]  ? rtnl_create_link+0x91c/0xc20
[  263.748839][T10567]  ? __pfx_macvlan_newlink+0x10/0x10
[  263.754144][T10567]  rtnl_newlink+0x1591/0x20a0
[  263.758860][T10567]  ? __pfx_rtnl_newlink+0x10/0x10
[  263.763897][T10567]  ? __pfx___mutex_trylock_common+0x10/0x10
[  263.769816][T10567]  ? rcu_is_watching+0x15/0xb0
[  263.774592][T10567]  ? trace_contention_end+0x3c/0x120
[  263.779894][T10567]  ? __mutex_lock+0x2ef/0xd70
[  263.784589][T10567]  ? __pfx_lock_release+0x10/0x10
[  263.789645][T10567]  ? __pfx_rtnl_newlink+0x10/0x10
[  263.794686][T10567]  rtnetlink_rcv_msg+0x73f/0xcf0
[  263.799636][T10567]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  263.804767][T10567]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  263.810245][T10567]  ? ref_tracker_free+0x643/0x7e0
[  263.815295][T10567]  netlink_rcv_skb+0x1e3/0x430
[  263.820075][T10567]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  263.825554][T10567]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  263.830887][T10567]  ? netlink_deliver_tap+0x2e/0x1b0
[  263.836104][T10567]  netlink_unicast+0x7f0/0x990
[  263.840893][T10567]  ? __pfx_netlink_unicast+0x10/0x10
[  263.846188][T10567]  ? __virt_addr_valid+0x183/0x530
[  263.851318][T10567]  ? __check_object_size+0x49c/0x900
[  263.856616][T10567]  ? bpf_lsm_netlink_send+0x9/0x10
[  263.861745][T10567]  netlink_sendmsg+0x8e4/0xcb0
[  263.866537][T10567]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.871841][T10567]  ? __import_iovec+0x536/0x820
[  263.876706][T10567]  ? aa_sock_msg_perm+0x91/0x160
[  263.881662][T10567]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  263.886956][T10567]  ? security_socket_sendmsg+0x87/0xb0
[  263.892434][T10567]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.897730][T10567]  __sock_sendmsg+0x221/0x270
[  263.902425][T10567]  ____sys_sendmsg+0x525/0x7d0
[  263.907218][T10567]  ? __pfx_____sys_sendmsg+0x10/0x10
[  263.912540][T10567]  __sys_sendmsg+0x2b0/0x3a0
[  263.917144][T10567]  ? __pfx___sys_sendmsg+0x10/0x10
[  263.922269][T10567]  ? vfs_write+0x7c4/0xc90
[  263.926739][T10567]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  263.933087][T10567]  ? do_syscall_64+0x100/0x230
[  263.937874][T10567]  ? do_syscall_64+0xb6/0x230
[  263.942567][T10567]  do_syscall_64+0xf3/0x230
[  263.947084][T10567]  ? clear_bhb_loop+0x35/0x90
[  263.951788][T10567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.957710][T10567] RIP: 0033:0x7f608ad75f19
[  263.962142][T10567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.981766][T10567] RSP: 002b:00007f608bb37048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.990200][T10567] RAX: ffffffffffffffda RBX: 00007f608af05f60 RCX: 00007f608ad75f19
[  263.998188][T10567] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000010
[  264.006171][T10567] RBP: 00007f608bb370a0 R08: 0000000000000000 R09: 0000000000000000
[  264.014156][T10567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  264.022139][T10567] R13: 000000000000000b R14: 00007f608af05f60 R15: 00007ffe52aa8448
[  264.030142][T10567]  </TASK>
[  264.050789][T10567] kobject: kobject_add_internal failed for macvlan3 (error: -12 parent: net)
[  264.284195][T10578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1681'.
[  264.343388][T10578] 8021q: adding VLAN 0 to HW filter on device macvlan7
[  264.385075][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1682'.
[  264.417565][T10586] team0: left allmulticast mode
[  264.422468][T10586] team_slave_0: left allmulticast mode
[  264.462699][T10586] team_slave_1: left allmulticast mode
[  264.473479][T10586] team0: left promiscuous mode
[  264.497691][T10586] team_slave_0: left promiscuous mode
[  264.527609][T10586] team_slave_1: left promiscuous mode
[  264.533437][T10586] bridge0: port 3(team0) entered disabled state
[  264.571429][T10586] bridge_slave_1: left allmulticast mode
[  264.602258][T10586] bridge_slave_1: left promiscuous mode
[  264.617854][T10586] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.640986][T10586] bridge_slave_0: left allmulticast mode
[  264.646663][T10586] bridge_slave_0: left promiscuous mode
[  264.689103][T10586] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.386241][T10609] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1687'.
[  265.483455][    C0] eth0: bad gso: type: 1, size: 1408
[  265.520046][    C0] eth0: bad gso: type: 1, size: 1408
[  265.950347][T10627] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1693'.
[  266.250851][T10637] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.1698'.
[  266.356762][    C0] eth0: bad gso: type: 1, size: 1408
[  266.403994][T10637] netlink: 'syz.4.1698': attribute type 7 has an invalid length.
[  266.482476][T10642] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1701'.
[  266.510080][T10637] bridge1: port 1(gretap1) entered blocking state
[  266.527026][T10637] bridge1: port 1(gretap1) entered disabled state
[  266.543738][T10637] gretap1: entered allmulticast mode
[  266.577559][T10637] gretap1: entered promiscuous mode
[  266.598182][T10641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'.
[  266.603184][T10639] netlink: 'syz.4.1698': attribute type 7 has an invalid length.
[  266.643523][T10641] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1698'.
[  266.743084][T10648] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1703'.
[  266.909581][T10653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1705'.
[  266.957903][T10653] 8021q: adding VLAN 0 to HW filter on device macvlan8
[  266.982230][T10655] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1706'.
[  267.064142][T10655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1706'.
[  267.138992][   T54] block nbd9: Receive control failed (result -107)
[  267.247622][T10655] nbd9: detected capacity change from 0 to 256
[  267.268196][ T6201] block nbd9: Dead connection, failed to find a fallback
[  267.961192][T10685] lo speed is unknown, defaulting to 1000
[  268.488103][T10704] xt_HMARK: spi-set and port-set can't be combined
[  269.277579][T10721] netlink: 'syz.1.1727': attribute type 1 has an invalid length.
[  269.598720][T10734] bond1 (unregistering): Released all slaves
[  269.660348][T10748] netlink: 'syz.4.1733': attribute type 10 has an invalid length.
[  269.680230][T10748] bond0: (slave netdevsim0): Releasing backup interface
[  269.721103][T10728] lo speed is unknown, defaulting to 1000
[  269.837622][T10754] netlink: 'syz.1.1736': attribute type 4 has an invalid length.
[  269.920258][T10754] netlink: 'syz.1.1736': attribute type 4 has an invalid length.
[  270.060415][T10760] xt_HMARK: spi-set and port-set can't be combined
[  270.472832][T10770] lo speed is unknown, defaulting to 1000
[  271.929982][T10793] syz_tun: entered promiscuous mode
[  271.951718][T10793] syz_tun: left promiscuous mode
[  272.397591][T10813] __nla_validate_parse: 4 callbacks suppressed
[  272.397608][T10813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1751'.
[  272.413143][T10813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1751'.
[  272.558170][T10815] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1753'.
[  272.588717][T10815] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1753'.
[  272.878422][T10827] syz_tun: entered promiscuous mode
[  272.895268][T10827] syz_tun: left promiscuous mode
[  272.954974][T10826] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  273.117954][T10834] xt_HMARK: spi-set and port-set can't be combined
[  273.124998][T10831] veth8: entered allmulticast mode
[  273.504103][T10850] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1765'.
[  273.527738][T10850] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1765'.
[  275.071438][  T954] wlan1: Trigger new scan to find an IBSS to join
[  275.620927][T10900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1782'.
[  275.630792][T10900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1782'.
[  275.689305][   T54] block nbd10: Receive control failed (result -107)
[  275.914206][T10911] xt_HMARK: spi-set and port-set can't be combined
[  275.929089][T10913] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1784'.
[  276.187639][T10926] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1791'.
[  277.015538][T10948] xt_HMARK: spi-set and port-set can't be combined
[  277.960960][    C0] eth0: bad gso: type: 1, size: 1408
[  278.111258][ T2921] wlan1: Trigger new scan to find an IBSS to join
[  278.178140][T10985] cannot load conntrack support for proto=3
[  278.189521][T10985] IPv6: addrconf: prefix option has invalid lifetime
[  278.196249][T10985] IPv6: addrconf: prefix option has invalid lifetime
[  278.475475][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  278.489592][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  278.498724][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  278.509480][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  278.517283][ T5116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  278.524922][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  278.618693][T10988] lo speed is unknown, defaulting to 1000
[  279.155148][T11004] netlink: 'syz.3.1819': attribute type 21 has an invalid length.
[  279.196764][T11004] __nla_validate_parse: 2 callbacks suppressed
[  279.196783][T11004] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1819'.
[  279.274662][T11007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1820'.
[  279.286326][T11004] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1819'.
[  279.372259][T10988] chnl_net:caif_netlink_parms(): no params data found
[  279.709042][T10988] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.736564][T10988] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.754540][T10988] bridge_slave_0: entered allmulticast mode
[  279.773228][T10988] bridge_slave_0: entered promiscuous mode
[  279.798564][T10988] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.826418][T10988] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.854709][T10988] bridge_slave_1: entered allmulticast mode
[  279.862439][T10988] bridge_slave_1: entered promiscuous mode
[  279.992892][T10988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  280.050883][T10988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  280.182805][T10988] team0: Port device team_slave_0 added
[  280.207104][T10988] team0: Port device team_slave_1 added
[  280.313407][T11032] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  280.358380][T10988] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.380476][T10988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.437038][T10988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.458285][T10988] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.498029][T10988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.557637][T10988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.587595][   T54] Bluetooth: hci0: command tx timeout
[  280.612618][T11045] veth4: entered allmulticast mode
[  280.671880][T11048] syz_tun: entered promiscuous mode
[  280.688626][T11048] syz_tun: left promiscuous mode
[  280.821283][T10988] hsr_slave_0: entered promiscuous mode
[  280.839492][T11054] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1835'.
[  280.849664][T10988] hsr_slave_1: entered promiscuous mode
[  280.856026][T11054] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1835'.
[  280.865414][T11054] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1835'.
[  280.875455][T11054] netlink: 'syz.0.1835': attribute type 3 has an invalid length.
[  280.887541][T10988] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  280.908129][T11054] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1835'.
[  280.917197][T10988] Cannot create hsr debugfs directory
[  281.148083][ T2890] wlan1: Trigger new scan to find an IBSS to join
[  281.224559][T10988] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.375912][T10988] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.509804][T10988] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.641918][T10988] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.924158][T10988] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  281.969081][T10988] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  282.006687][T10988] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  282.034215][T10988] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  282.081762][ T2921] wlan1: Creating new IBSS network, BSSID 2a:1c:11:e3:a3:f9
[  282.303951][T10988] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.360490][T10988] 8021q: adding VLAN 0 to HW filter on device team0
[  282.391829][ T5202] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.399020][ T5202] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.445940][ T5152] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.453142][ T5152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.668519][   T54] Bluetooth: hci0: command tx timeout
[  282.822615][T11085] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1845'.
[  283.016027][T10988] 8021q: adding VLAN 0 to HW filter on device batadv0
[  283.589802][T10988] veth0_vlan: entered promiscuous mode
[  283.624551][T10988] veth1_vlan: entered promiscuous mode
[  283.672327][T11103] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1848'.
[  283.695034][T11103] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1848'.
[  283.721356][T10988] veth0_macvtap: entered promiscuous mode
[  283.722889][T11103] netlink: 'syz.3.1848': attribute type 3 has an invalid length.
[  283.753058][T10988] veth1_macvtap: entered promiscuous mode
[  283.797300][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.834264][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.857503][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.875258][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.898041][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.909205][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.928520][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.946832][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.984099][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  284.005029][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.025430][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  284.038322][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.076742][T10988] batman_adv: batadv0: Interface activated: batadv_slave_0
[  284.129459][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  284.157107][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.172249][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  284.192553][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.207297][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  284.254817][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.294482][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  284.319079][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.344114][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  284.374450][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.399036][T10988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  284.417394][T10988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.439060][T10988] batman_adv: batadv0: Interface activated: batadv_slave_1
[  284.449391][T11125] netlink: 'syz.0.1856': attribute type 21 has an invalid length.
[  284.463339][T11128] __nla_validate_parse: 2 callbacks suppressed
[  284.463354][T11128] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1854'.
[  284.520428][T10988] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  284.548014][T10988] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  284.565989][T10988] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  284.583318][T10988] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  284.748352][   T54] Bluetooth: hci0: command tx timeout
[  284.803458][ T2921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.842377][ T2921] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.921170][  T954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.933079][  T954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.818598][T11159] bond_slave_0: left promiscuous mode
[  285.824369][T11159] bond_slave_1: left promiscuous mode
[  285.856013][T11159] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  286.052971][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1869'.
[  286.117691][T11169] netlink: 'syz.3.1870': attribute type 21 has an invalid length.
[  286.244819][T11167] lo speed is unknown, defaulting to 1000
[  287.234672][T11190] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1875'.
[  287.275298][T11190] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1875'.
[  287.310350][T11190] 0·: renamed from hsr_slave_1 (while UP)
[  287.350729][T11190] 0·: entered allmulticast mode
[  287.378368][T11190] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  287.601250][T11194] netlink: 'syz.3.1876': attribute type 10 has an invalid length.
[  287.639684][T11194] bond0: (slave netdevsim0): Releasing backup interface
[  287.868294][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  287.878872][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  287.888219][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  287.905499][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  287.927616][ T5116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  287.938435][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  288.002390][ T2400] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.179705][ T2400] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.190693][T11212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1880'.
[  288.204069][T11207] netlink: 'syz.1.1880': attribute type 30 has an invalid length.
[  288.216198][T11211] netlink: 'syz.3.1881': attribute type 21 has an invalid length.
[  288.243114][T11196] lo speed is unknown, defaulting to 1000
[  288.331009][ T2400] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.476578][ T2400] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.865381][ T2400] bridge_slave_1: left allmulticast mode
[  288.884836][ T2400] bridge_slave_1: left promiscuous mode
[  288.914249][ T2400] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.971439][ T2400] bridge_slave_0: left allmulticast mode
[  289.006727][ T2400] bridge_slave_0: left promiscuous mode
[  289.033868][ T2400] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.825606][ T2400] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  289.868378][ T2400] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  289.894791][ T2400] bond0 (unregistering): Released all slaves
[  289.958857][T11228] netlink: 'syz.2.1884': attribute type 4 has an invalid length.
[  289.989201][T11229] netlink: 'syz.2.1884': attribute type 4 has an invalid length.
[  290.027770][   T54] Bluetooth: hci0: command tx timeout
[  290.423799][T11237] xt_time: unknown flags 0x4
[  290.615192][T11234] ip6gretap0: entered promiscuous mode
[  290.644418][T11234] ip6gretap0: left promiscuous mode
[  290.729821][T11247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1889'.
[  290.785920][T11247] 8021q: adding VLAN 0 to HW filter on device macvlan9
[  290.832475][T11196] chnl_net:caif_netlink_parms(): no params data found
[  291.338403][ T2400] hsr_slave_0: left promiscuous mode
[  291.351401][ T2400] hsr_slave_1: left promiscuous mode
[  291.369025][ T2400] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  291.383296][ T2400] batman_adv: batadv0: Removing interface: batadv_slave_0
[  291.400620][ T2400] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  291.417430][ T2400] batman_adv: batadv0: Removing interface: batadv_slave_1
[  291.473520][ T2400] veth1_macvtap: left promiscuous mode
[  291.497556][ T2400] veth0_macvtap: left promiscuous mode
[  291.513436][ T2400] veth1_vlan: left promiscuous mode
[  291.520412][ T2400] veth0_vlan: left promiscuous mode
[  292.107553][   T54] Bluetooth: hci0: command tx timeout
[  292.246713][ T2400] team0 (unregistering): Port device team_slave_1 removed
[  292.319666][ T2400] team0 (unregistering): Port device team_slave_0 removed
[  292.908906][T11265] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  292.927872][T11265] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  293.135559][T11196] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.160485][T11196] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.177572][T11196] bridge_slave_0: entered allmulticast mode
[  293.192538][T11196] bridge_slave_0: entered promiscuous mode
[  293.219296][T11196] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.247553][T11196] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.267655][T11196] bridge_slave_1: entered allmulticast mode
[  293.292718][T11196] bridge_slave_1: entered promiscuous mode
[  293.456944][T11196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.479916][T11196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  293.614711][T11196] team0: Port device team_slave_0 added
[  293.646807][T11196] team0: Port device team_slave_1 added
[  293.744691][T11196] batman_adv: batadv0: Adding interface: batadv_slave_0
[  293.764401][T11196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.821854][T11196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  293.867709][T11196] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.892629][T11196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.006786][T11196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.007272][T11311] netlink: 'syz.1.1900': attribute type 1 has an invalid length.
[  294.064301][T11311] netlink: 616 bytes leftover after parsing attributes in process `syz.1.1900'.
[  294.187666][   T54] Bluetooth: hci0: command tx timeout
[  294.290516][T11312] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1900'.
[  294.316582][T11322] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1900'.
[  294.372930][T11196] hsr_slave_0: entered promiscuous mode
[  294.418230][T11196] hsr_slave_1: entered promiscuous mode
[  294.434924][T11196] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  294.464724][T11196] Cannot create hsr debugfs directory
[  294.485125][T11325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1903'.
[  295.988258][ T5116] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  296.008070][ T5116] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  296.016980][ T5116] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  296.028218][ T5116] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  296.036346][ T5116] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  296.044937][ T5116] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  296.205351][T11384] lo speed is unknown, defaulting to 1000
[  296.268241][ T5116] Bluetooth: hci0: command tx timeout
[  296.431877][T11196] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  296.480920][T11196] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  296.528029][T11196] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  296.559346][T11196] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  296.640628][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1917'.
[  297.136175][T11196] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.290970][T11196] 8021q: adding VLAN 0 to HW filter on device team0
[  297.358553][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.365735][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.424446][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.431646][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.494164][T11384] chnl_net:caif_netlink_parms(): no params data found
[  297.740225][T11423] netlink: 860 bytes leftover after parsing attributes in process `syz.3.1920'.
[  298.028927][T11384] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.036106][T11384] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.087699][T11384] bridge_slave_0: entered allmulticast mode
[  298.111509][   T54] Bluetooth: hci1: command tx timeout
[  298.126430][T11384] bridge_slave_0: entered promiscuous mode
[  298.177602][T11384] bridge0: port 2(bridge_slave_1) entered blocking state
[  298.184792][T11384] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.221302][T11384] bridge_slave_1: entered allmulticast mode
[  298.289834][T11384] bridge_slave_1: entered promiscuous mode
[  298.345294][T11453] FAULT_INJECTION: forcing a failure.
[  298.345294][T11453] name failslab, interval 1, probability 0, space 0, times 0
[  298.389453][T11453] CPU: 1 PID: 11453 Comm: syz.1.1924 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  298.399313][T11453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  298.409383][T11453] Call Trace:
[  298.412677][T11453]  <TASK>
[  298.415619][T11453]  dump_stack_lvl+0x241/0x360
[  298.420320][T11453]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.425554][T11453]  ? __pfx__printk+0x10/0x10
[  298.430162][T11453]  ? __mutex_unlock_slowpath+0x21d/0x750
[  298.435813][T11453]  should_fail_ex+0x3b0/0x4e0
[  298.440505][T11453]  ? __alloc_skb+0x1c3/0x440
[  298.445113][T11453]  should_failslab+0x9/0x20
[  298.449631][T11453]  kmem_cache_alloc_node_noprof+0x71/0x320
[  298.455456][T11453]  ? sk_skb_reason_drop+0x21a/0x3d0
[  298.460683][T11453]  __alloc_skb+0x1c3/0x440
[  298.465120][T11453]  ? __pfx___alloc_skb+0x10/0x10
[  298.470069][T11453]  ? inet_diag_handler_cmd+0x1de/0x2b0
[  298.475544][T11453]  ? netlink_ack_tlv_len+0x6e/0x200
[  298.480762][T11453]  netlink_ack+0x13f/0xa30
[  298.485205][T11453]  ? module_put+0x13a/0x2d0
[  298.489742][T11453]  ? sock_diag_rcv_msg+0x3ff/0x5f0
[  298.494877][T11453]  netlink_rcv_skb+0x262/0x430
[  298.499667][T11453]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  298.505156][T11453]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  298.510473][T11453]  ? netlink_deliver_tap+0x2e/0x1b0
[  298.515846][T11453]  netlink_unicast+0x7f0/0x990
[  298.520609][T11453]  ? __pfx_netlink_unicast+0x10/0x10
[  298.525888][T11453]  ? __virt_addr_valid+0x183/0x530
[  298.531004][T11453]  ? __check_object_size+0x49c/0x900
[  298.536286][T11453]  ? bpf_lsm_netlink_send+0x9/0x10
[  298.541398][T11453]  netlink_sendmsg+0x8e4/0xcb0
[  298.546166][T11453]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.551448][T11453]  ? aa_sock_msg_perm+0x91/0x160
[  298.556377][T11453]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  298.561657][T11453]  ? security_socket_sendmsg+0x87/0xb0
[  298.567111][T11453]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.572394][T11453]  __sock_sendmsg+0x221/0x270
[  298.577065][T11453]  sock_write_iter+0x2dd/0x400
[  298.581818][T11453]  ? __pfx_sock_write_iter+0x10/0x10
[  298.587104][T11453]  do_iter_readv_writev+0x60a/0x890
[  298.592298][T11453]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  298.598010][T11453]  ? bpf_lsm_file_permission+0x9/0x10
[  298.603377][T11453]  ? security_file_permission+0x7f/0xa0
[  298.608913][T11453]  ? rw_verify_area+0x1d2/0x6b0
[  298.613760][T11453]  vfs_writev+0x37c/0xbb0
[  298.618097][T11453]  ? __pfx_lock_acquire+0x10/0x10
[  298.623111][T11453]  ? __pfx_vfs_writev+0x10/0x10
[  298.627949][T11453]  ? vfs_write+0x7c4/0xc90
[  298.632364][T11453]  ? __fget_files+0x29/0x470
[  298.636952][T11453]  do_writev+0x1b1/0x350
[  298.641187][T11453]  ? __pfx_do_writev+0x10/0x10
[  298.645943][T11453]  ? do_syscall_64+0x100/0x230
[  298.650702][T11453]  ? do_syscall_64+0xb6/0x230
[  298.655374][T11453]  do_syscall_64+0xf3/0x230
[  298.659868][T11453]  ? clear_bhb_loop+0x35/0x90
[  298.664545][T11453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.670432][T11453] RIP: 0033:0x7fdc67f75f19
[  298.674834][T11453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.694427][T11453] RSP: 002b:00007fdc68cb5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  298.702831][T11453] RAX: ffffffffffffffda RBX: 00007fdc68105f60 RCX: 00007fdc67f75f19
[  298.710789][T11453] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
[  298.718748][T11453] RBP: 00007fdc68cb50a0 R08: 0000000000000000 R09: 0000000000000000
[  298.726707][T11453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.734663][T11453] R13: 000000000000000b R14: 00007fdc68105f60 R15: 00007ffdefeebc58
[  298.742633][T11453]  </TASK>
[  298.822172][T11384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  298.866397][T11384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  298.919742][T11196] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.040272][T11384] team0: Port device team_slave_0 added
[  299.103780][T11384] team0: Port device team_slave_1 added
[  299.191273][T11471] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.1925'.
[  299.232747][T11384] batman_adv: batadv0: Adding interface: batadv_slave_0
[  299.249843][T11384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.331035][T11384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  299.394327][T11384] batman_adv: batadv0: Adding interface: batadv_slave_1
[  299.447172][T11384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.517412][T11384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  299.649673][T11384] hsr_slave_0: entered promiscuous mode
[  299.681538][T11384] hsr_slave_1: entered promiscuous mode
[  299.691359][T11384] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  299.727920][T11384] Cannot create hsr debugfs directory
[  300.187666][   T54] Bluetooth: hci1: command tx timeout
[  300.251957][T11384] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.362222][T11196] veth0_vlan: entered promiscuous mode
[  300.503481][T11384] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.595629][T11196] veth1_vlan: entered promiscuous mode
[  300.618944][T11504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1927'.
[  300.746790][T11384] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.819894][T11196] veth0_macvtap: entered promiscuous mode
[  300.930091][T11384] team0: Port device netdevsim0 removed
[  300.968444][T11384] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.048973][T11196] veth1_macvtap: entered promiscuous mode
[  301.124212][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.172058][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.202513][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.237417][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.272651][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.309752][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.347534][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.397800][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.426321][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.458944][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.477419][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.497529][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.519888][T11196] batman_adv: batadv0: Interface activated: batadv_slave_0
[  301.543137][T11540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1933'.
[  301.574158][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.614164][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.649212][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.687451][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.697297][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.727761][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.759721][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.805503][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.817703][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.857643][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.888750][T11196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.925393][T11196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.946455][T11196] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.004636][T11196] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.042343][T11196] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.065808][T11196] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.087600][T11196] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.227772][T11384] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  302.266486][T11384] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  302.267695][   T54] Bluetooth: hci1: command tx timeout
[  302.319516][T11384] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  302.395349][T11384] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  302.442771][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.479826][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.541410][ T2400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.569889][ T2400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.853206][T11384] 8021q: adding VLAN 0 to HW filter on device bond0
[  302.921486][T11384] 8021q: adding VLAN 0 to HW filter on device team0
[  302.955805][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.963041][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  303.139886][   T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.189329][ T5202] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.196536][ T5202] bridge0: port 2(bridge_slave_1) entered forwarding state
[  303.300233][   T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.451230][   T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.612094][   T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.680848][T11568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1938'.
[  303.869503][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  303.883369][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  303.893228][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  303.899546][T11573] netlink: 'syz.3.1939': attribute type 1 has an invalid length.
[  303.928028][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  303.943900][ T5116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  303.953112][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  304.091335][T11572] lo speed is unknown, defaulting to 1000
[  304.348187][   T54] Bluetooth: hci1: command tx timeout
[  304.359124][   T52] bridge_slave_1: left allmulticast mode
[  304.364799][   T52] bridge_slave_1: left promiscuous mode
[  304.387702][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.431392][   T52] bridge_slave_0: left allmulticast mode
[  304.437070][   T52] bridge_slave_0: left promiscuous mode
[  304.468420][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.010465][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  305.025252][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  305.043206][   T52] bond0 (unregistering): Released all slaves
[  305.076764][T11384] 8021q: adding VLAN 0 to HW filter on device batadv0
[  305.299884][T11594] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1944'.
[  305.691992][T11384] veth0_vlan: entered promiscuous mode
[  306.020055][T11384] veth1_vlan: entered promiscuous mode
[  306.028572][   T54] Bluetooth: hci0: command tx timeout
[  306.062783][T11619] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1948'.
[  306.278397][T11384] veth0_macvtap: entered promiscuous mode
[  306.314898][T11572] chnl_net:caif_netlink_parms(): no params data found
[  306.385103][   T52] hsr_slave_0: left promiscuous mode
[  306.391502][   T52] hsr_slave_1: left promiscuous mode
[  306.399049][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  306.406617][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  306.417177][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  306.424966][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  306.460661][   T52] veth1_macvtap: left promiscuous mode
[  306.466401][   T52] veth0_macvtap: left promiscuous mode
[  306.472759][   T52] veth1_vlan: left promiscuous mode
[  306.478427][   T52] veth0_vlan: left promiscuous mode
[  307.073904][   T52] team0 (unregistering): Port device team_slave_1 removed
[  307.178915][   T52] team0 (unregistering): Port device team_slave_0 removed
[  307.334505][T11640] netlink: 'syz.1.1954': attribute type 3 has an invalid length.
[  307.691699][T11384] veth1_macvtap: entered promiscuous mode
[  307.810878][T11646] tipc: Enabled bearer <eth:syzkaller0>, priority 3
[  307.911703][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  307.934249][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  307.965193][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  307.976208][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  307.987475][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  308.001146][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.011297][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  308.022408][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.033433][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  308.044439][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.054799][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  308.066504][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.079526][T11384] batman_adv: batadv0: Interface activated: batadv_slave_0
[  308.112747][   T54] Bluetooth: hci0: command tx timeout
[  308.143985][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  308.156584][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.167601][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  308.179432][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.189809][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  308.201854][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.213649][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  308.225236][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.238009][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  308.258609][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.269840][T11384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  308.282620][T11384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  308.303604][T11384] batman_adv: batadv0: Interface activated: batadv_slave_1
[  308.324174][T11644] tipc: Disabling bearer <eth:syzkaller0>
[  308.429190][T11666] netlink: 'syz.2.1959': attribute type 10 has an invalid length.
[  308.456204][T11666] team0: Port device netdevsim0 added
[  308.483078][T11572] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.501395][T11572] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.520138][T11572] bridge_slave_0: entered allmulticast mode
[  308.563527][T11572] bridge_slave_0: entered promiscuous mode
[  308.593363][T11676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1960'.
[  308.615477][T11384] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  308.642374][T11682] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1961'.
[  308.656422][T11384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  308.684759][T11384] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  308.707176][T11384] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  308.740991][T11572] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.760800][T11572] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.776114][T11572] bridge_slave_1: entered allmulticast mode
[  308.791697][T11572] bridge_slave_1: entered promiscuous mode
[  308.972251][T11572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.013242][T11572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.138071][T11572] team0: Port device team_slave_0 added
[  309.152618][T11572] team0: Port device team_slave_1 added
[  309.286377][T11572] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.302051][T11572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.356795][T11572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.378580][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  309.389103][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  309.411940][T11572] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.427604][T11572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.464834][T11572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  309.610565][  T954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  309.635150][  T954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  309.653309][T11720] netlink: 'syz.1.1969': attribute type 2 has an invalid length.
[  309.682623][T11572] hsr_slave_0: entered promiscuous mode
[  309.720019][T11572] hsr_slave_1: entered promiscuous mode
[  309.726556][T11572] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  309.737547][T11572] Cannot create hsr debugfs directory
[  309.775960][T11723] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1969'.
[  309.827948][T11726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1970'.
[  309.847871][T11726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1970'.
[  310.044038][T11735] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1973'.
[  310.124310][T11738] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1972'.
[  310.187505][   T54] Bluetooth: hci0: command tx timeout
[  310.349571][T11749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1975'.
[  310.429981][T11749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1975'.
[  310.451742][T11755] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1977'.
[  310.519767][   T54] block nbd11: Receive control failed (result -107)
[  310.564108][T11749] nbd11: detected capacity change from 0 to 256
[  310.636921][T10771] block nbd11: Dead connection, failed to find a fallback
[  311.451752][T11572] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  311.525342][T11572] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  311.541839][T11791] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1984'.
[  311.601279][T11572] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  311.638367][T11572] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  311.985867][T11572] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.055367][T11572] 8021q: adding VLAN 0 to HW filter on device team0
[  312.062448][T11802] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1989'.
[  312.084732][ T5152] IPVS: starting estimator thread 0...
[  312.109233][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.116428][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.142577][ T5152] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.149785][ T5152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.187588][T11803] IPVS: using max 21 ests per chain, 50400 per kthread
[  312.274299][   T54] Bluetooth: hci0: command tx timeout
[  312.437315][T11819] cannot load conntrack support for proto=3
[  312.622765][T11830] netlink: 'syz.2.1993': attribute type 10 has an invalid length.
[  312.656122][T11830] team0: Port device netdevsim0 removed
[  312.672595][ T5152] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  312.843958][T11839] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  312.865019][T11572] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.891287][T11839] xt_CT: You must specify a L4 protocol and not use inversions on it
[  312.992323][ T5205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  313.395911][T11862] netlink: 'syz.2.1998': attribute type 10 has an invalid length.
[  313.427752][T11862] team0: Port device netdevsim0 added
[  313.730605][T11870] netlink: 'syz.3.2003': attribute type 11 has an invalid length.
[  313.749537][T11572] veth0_vlan: entered promiscuous mode
[  313.781437][T11870] netlink: 'syz.3.2003': attribute type 4 has an invalid length.
[  313.819401][T11870] infiniband syz0: set active
[  313.865230][T11572] veth1_vlan: entered promiscuous mode
[  313.914744][ T5119] lo speed is unknown, defaulting to 1000
[  313.956187][    T8] lo speed is unknown, defaulting to 1000
[  314.042293][T11572] veth0_macvtap: entered promiscuous mode
[  314.277016][T11572] veth1_macvtap: entered promiscuous mode
[  314.401168][T11908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.522318][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.569784][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.599544][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.627838][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.649529][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.660900][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.672933][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.684273][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.694710][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.705631][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.716095][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.726969][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.750922][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.769764][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.790000][T11572] batman_adv: batadv0: Interface activated: batadv_slave_0
[  314.826998][T11923] netlink: 'syz.2.2012': attribute type 10 has an invalid length.
[  314.904069][T11908] lo speed is unknown, defaulting to 1000
[  314.921806][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.956658][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.984988][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.025337][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.057745][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.096972][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.107535][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.137466][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.153974][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.164760][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.175058][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.187521][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.204775][T11572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.216807][T11572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.239876][T11572] batman_adv: batadv0: Interface activated: batadv_slave_1
[  315.279306][T11572] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  315.291104][T11572] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  315.301893][T11572] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  315.311898][T11572] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  315.423924][T11952] FAULT_INJECTION: forcing a failure.
[  315.423924][T11952] name failslab, interval 1, probability 0, space 0, times 0
[  315.487438][T11952] CPU: 1 PID: 11952 Comm: syz.2.2015 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  315.490268][T11956] __nla_validate_parse: 7 callbacks suppressed
[  315.490282][T11956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2017'.
[  315.497277][T11952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  315.497294][T11952] Call Trace:
[  315.497304][T11952]  <TASK>
[  315.497314][T11952]  dump_stack_lvl+0x241/0x360
[  315.497348][T11952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.497370][T11952]  ? __pfx__printk+0x10/0x10
[  315.542944][T11952]  ? ref_tracker_alloc+0x332/0x490
[  315.548071][T11952]  should_fail_ex+0x3b0/0x4e0
[  315.552754][T11952]  ? skb_clone+0x20c/0x390
[  315.557158][T11952]  should_failslab+0x9/0x20
[  315.561651][T11952]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  315.567016][T11952]  skb_clone+0x20c/0x390
[  315.571248][T11952]  __netlink_deliver_tap+0x3cc/0x7c0
[  315.576532][T11952]  ? netlink_deliver_tap+0x2e/0x1b0
[  315.581747][T11952]  netlink_deliver_tap+0x19d/0x1b0
[  315.586861][T11952]  netlink_unicast+0x7be/0x990
[  315.591623][T11952]  ? __pfx_netlink_unicast+0x10/0x10
[  315.596898][T11952]  ? __virt_addr_valid+0x183/0x530
[  315.602010][T11952]  ? __check_object_size+0x49c/0x900
[  315.607288][T11952]  ? bpf_lsm_netlink_send+0x9/0x10
[  315.612408][T11952]  netlink_sendmsg+0x8e4/0xcb0
[  315.617179][T11952]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.622455][T11952]  ? __import_iovec+0x536/0x820
[  315.627296][T11952]  ? aa_sock_msg_perm+0x91/0x160
[  315.632230][T11952]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  315.637506][T11952]  ? security_socket_sendmsg+0x87/0xb0
[  315.642957][T11952]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.648233][T11952]  __sock_sendmsg+0x221/0x270
[  315.652906][T11952]  ____sys_sendmsg+0x525/0x7d0
[  315.657672][T11952]  ? __pfx_____sys_sendmsg+0x10/0x10
[  315.662962][T11952]  __sys_sendmsg+0x2b0/0x3a0
[  315.667542][T11952]  ? __pfx___sys_sendmsg+0x10/0x10
[  315.672644][T11952]  ? vfs_write+0x7c4/0xc90
[  315.677082][T11952]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  315.683400][T11952]  ? do_syscall_64+0x100/0x230
[  315.688157][T11952]  ? do_syscall_64+0xb6/0x230
[  315.692828][T11952]  do_syscall_64+0xf3/0x230
[  315.697320][T11952]  ? clear_bhb_loop+0x35/0x90
[  315.702000][T11952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.707885][T11952] RIP: 0033:0x7f608ad75f19
[  315.712289][T11952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.731882][T11952] RSP: 002b:00007f608bb16048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.740284][T11952] RAX: ffffffffffffffda RBX: 00007f608af06038 RCX: 00007f608ad75f19
[  315.748247][T11952] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[  315.756213][T11952] RBP: 00007f608bb160a0 R08: 0000000000000000 R09: 0000000000000000
[  315.764171][T11952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.772128][T11952] R13: 000000000000006e R14: 00007f608af06038 R15: 00007ffe52aa8448
[  315.780100][T11952]  </TASK>
[  316.160535][T11968] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2018'.
[  316.281076][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.308033][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.551741][T11986] netlink: 'syz.1.2023': attribute type 21 has an invalid length.
[  316.600901][T11987] netlink: 'syz.0.2022': attribute type 15 has an invalid length.
[  316.621528][T11987] netlink: 46 bytes leftover after parsing attributes in process `syz.0.2022'.
[  316.691885][  T954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.727642][  T954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.816634][T11995] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'.
[  316.952488][T11995] netlink: 'syz.3.2024': attribute type 11 has an invalid length.
[  316.991086][T11995] netlink: 'syz.3.2024': attribute type 4 has an invalid length.
[  317.031992][T12013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2026'.
[  317.041785][T12012] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2028'.
[  317.067956][ T2921] wlan1: Trigger new scan to find an IBSS to join
[  317.401290][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  317.466340][T12034] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2033'.
[  317.722762][   T62] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.876024][   T62] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.951686][   T62] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.062727][   T62] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.109113][   T52] wlan1: Trigger new scan to find an IBSS to join
[  318.469580][   T62] bridge_slave_1: left allmulticast mode
[  318.483322][   T62] bridge_slave_1: left promiscuous mode
[  318.496509][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.518454][   T62] bridge_slave_0: left allmulticast mode
[  318.524149][   T62] bridge_slave_0: left promiscuous mode
[  318.557706][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.929848][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  318.947504][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  318.955267][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  318.970610][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  318.978474][ T5116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  318.985839][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  319.464947][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  319.486278][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  319.508142][   T62] bond0 (unregistering): Released all slaves
[  319.547465][T12054] netlink: 'syz.2.2036': attribute type 15 has an invalid length.
[  319.555309][T12054] netlink: 46 bytes leftover after parsing attributes in process `syz.2.2036'.
[  319.642598][T12082] netlink: 'syz.0.2038': attribute type 4 has an invalid length.
[  319.712824][T12086] netlink: 'syz.3.2039': attribute type 4 has an invalid length.
[  319.779050][T12086] infiniband syz0: set down
[  319.841524][ T5156] lo speed is unknown, defaulting to 1000
[  319.852667][T12092] netlink: 'syz.3.2039': attribute type 4 has an invalid length.
[  319.886745][T12092] infiniband syz0: set active
[  319.901370][ T5156] lo speed is unknown, defaulting to 1000
[  319.977775][    C0] eth0: bad gso: type: 1, size: 1408
[  320.079948][T12074] lo speed is unknown, defaulting to 1000
[  320.086005][T12101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2042'.
[  320.121627][ T5205] lo speed is unknown, defaulting to 1000
[  320.126395][  T954] wlan1: Trigger new scan to find an IBSS to join
[  320.159956][ T5205] lo speed is unknown, defaulting to 1000
[  320.177496][T12101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2042'.
[  320.239319][ T5116] block nbd12: Receive control failed (result -107)
[  320.277494][T12101] nbd12: detected capacity change from 0 to 256
[  320.318896][ T5108] block nbd12: Dead connection, failed to find a fallback
[  320.656230][T12118] netlink: 'syz.2.2048': attribute type 10 has an invalid length.
[  320.720549][T12121] netlink: 'syz.2.2048': attribute type 10 has an invalid length.
[  320.816787][T12121] team0: Port device netdevsim0 removed
[  320.882875][T12121] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  321.008259][   T62] hsr_slave_0: left promiscuous mode
[  321.048670][   T62] hsr_slave_1: left promiscuous mode
[  321.077870][ T5116] Bluetooth: hci0: command tx timeout
[  321.088017][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.095451][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.162542][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.175292][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.210694][   T62] veth1_macvtap: left promiscuous mode
[  321.217243][   T62] veth0_macvtap: left promiscuous mode
[  321.224255][   T62] veth1_vlan: left promiscuous mode
[  321.242499][   T62] veth0_vlan: left promiscuous mode
[  322.033733][   T62] team0 (unregistering): Port device team_slave_1 removed
[  322.091921][   T62] team0 (unregistering): Port device team_slave_0 removed
[  323.147736][ T2921] wlan1: Trigger new scan to find an IBSS to join
[  323.154256][  T954] wlan1: Trigger new scan to find an IBSS to join
[  323.160785][ T5116] Bluetooth: hci0: command tx timeout
[  323.382271][T12166] netlink: 'syz.0.2056': attribute type 10 has an invalid length.
[  323.458876][T12074] chnl_net:caif_netlink_parms(): no params data found
[  323.698300][T12175] __nla_validate_parse: 1 callbacks suppressed
[  323.698318][T12175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2057'.
[  323.834667][T12074] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.852166][T12074] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.887670][T12074] bridge_slave_0: entered allmulticast mode
[  323.911253][T12074] bridge_slave_0: entered promiscuous mode
[  323.942067][T12074] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.977492][T12074] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.015242][T12074] bridge_slave_1: entered allmulticast mode
[  324.038931][T12074] bridge_slave_1: entered promiscuous mode
[  324.068649][T12185] netlink: 'syz.0.2058': attribute type 1 has an invalid length.
[  324.098507][  T954] wlan1: Creating new IBSS network, BSSID 4a:e4:3f:13:45:c2
[  324.106363][   T12] wlan1: Creating new IBSS network, BSSID ce:c5:7b:0f:cb:b5
[  324.163981][T12185] bond2: entered promiscuous mode
[  324.180497][T12189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2058'.
[  324.450390][T12074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  324.510631][T12074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  324.652377][T12074] team0: Port device team_slave_0 added
[  324.680545][T12074] team0: Port device team_slave_1 added
[  324.696811][T12221] netlink: 'syz.1.2069': attribute type 16 has an invalid length.
[  324.717543][T12221] netlink: 'syz.1.2069': attribute type 3 has an invalid length.
[  324.725314][T12221] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2069'.
[  324.876101][T12228] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2068'.
[  324.924479][T12074] batman_adv: batadv0: Adding interface: batadv_slave_0
[  324.952912][T12074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  325.006347][T12237] FAULT_INJECTION: forcing a failure.
[  325.006347][T12237] name failslab, interval 1, probability 0, space 0, times 0
[  325.019046][T12237] CPU: 1 PID: 12237 Comm: syz.0.2070 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  325.028925][T12237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  325.039004][T12237] Call Trace:
[  325.042303][T12237]  <TASK>
[  325.045255][T12237]  dump_stack_lvl+0x241/0x360
[  325.049962][T12237]  ? __pfx_dump_stack_lvl+0x10/0x10
[  325.055183][T12237]  ? __pfx__printk+0x10/0x10
[  325.059814][T12237]  should_fail_ex+0x3b0/0x4e0
[  325.064523][T12237]  ? skb_clone+0x20c/0x390
[  325.068958][T12237]  should_failslab+0x9/0x20
[  325.073482][T12237]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  325.078885][T12237]  skb_clone+0x20c/0x390
[  325.083146][T12237]  ? dev_queue_xmit_nit+0x220/0xc10
[  325.088375][T12237]  dev_queue_xmit_nit+0x419/0xc10
[  325.093425][T12237]  ? dev_queue_xmit_nit+0x2b/0xc10
[  325.098566][T12237]  ? validate_xmit_skb+0x9f9/0x1120
[  325.103805][T12237]  dev_hard_start_xmit+0x15f/0x7e0
[  325.104743][T12074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  325.108923][T12237]  ? __pfx_validate_xmit_skb+0x10/0x10
[  325.108964][T12237]  __dev_queue_xmit+0x1b63/0x3e90
[  325.108982][T12237]  ? kasan_save_track+0x51/0x80
[  325.109014][T12237]  ? do_syscall_64+0xf3/0x230
[  325.122659][T12074] batman_adv: batadv0: Adding interface: batadv_slave_1
[  325.124953][T12237]  ? __dev_queue_xmit+0x2da/0x3e90
[  325.124984][T12237]  ? __pfx___dev_queue_xmit+0x10/0x10
[  325.141479][T12074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  325.146515][T12237]  ? __copy_skb_header+0x437/0x5b0
[  325.153584][T12074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  325.156966][T12237]  ? __asan_memcpy+0x40/0x70
[  325.156997][T12237]  ? __copy_skb_header+0x437/0x5b0
[  325.208204][T12237]  ? __skb_clone+0x454/0x6c0
[  325.212829][T12237]  ? skb_clone+0x240/0x390
[  325.217275][T12237]  __netlink_deliver_tap+0x54d/0x7c0
[  325.222600][T12237]  ? netlink_deliver_tap+0x2e/0x1b0
[  325.227823][T12237]  netlink_deliver_tap+0x19d/0x1b0
[  325.232965][T12237]  netlink_unicast+0x7be/0x990
[  325.237767][T12237]  ? __pfx_netlink_unicast+0x10/0x10
[  325.243068][T12237]  ? __virt_addr_valid+0x183/0x530
[  325.248208][T12237]  ? __check_object_size+0x49c/0x900
[  325.250157][ T5116] Bluetooth: hci0: command tx timeout
[  325.253497][T12237]  ? bpf_lsm_netlink_send+0x9/0x10
[  325.253528][T12237]  netlink_sendmsg+0x8e4/0xcb0
[  325.268795][T12237]  ? __pfx_netlink_sendmsg+0x10/0x10
[  325.274105][T12237]  ? __import_iovec+0x536/0x820
[  325.278980][T12237]  ? aa_sock_msg_perm+0x91/0x160
[  325.283946][T12237]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  325.289252][T12237]  ? security_socket_sendmsg+0x87/0xb0
[  325.294738][T12237]  ? __pfx_netlink_sendmsg+0x10/0x10
[  325.300050][T12237]  __sock_sendmsg+0x221/0x270
[  325.304758][T12237]  ____sys_sendmsg+0x525/0x7d0
[  325.309562][T12237]  ? __pfx_____sys_sendmsg+0x10/0x10
[  325.314900][T12237]  __sys_sendmsg+0x2b0/0x3a0
[  325.319522][T12237]  ? __pfx___sys_sendmsg+0x10/0x10
[  325.324665][T12237]  ? vfs_write+0x7c4/0xc90
[  325.329149][T12237]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  325.335502][T12237]  ? do_syscall_64+0x100/0x230
[  325.340296][T12237]  ? do_syscall_64+0xb6/0x230
[  325.345012][T12237]  do_syscall_64+0xf3/0x230
[  325.349545][T12237]  ? clear_bhb_loop+0x35/0x90
[  325.354252][T12237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.360172][T12237] RIP: 0033:0x7fde1e175f19
[  325.364606][T12237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.384234][T12237] RSP: 002b:00007fde1efd9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  325.392681][T12237] RAX: ffffffffffffffda RBX: 00007fde1e305f60 RCX: 00007fde1e175f19
[  325.400682][T12237] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[  325.408674][T12237] RBP: 00007fde1efd90a0 R08: 0000000000000000 R09: 0000000000000000
[  325.416672][T12237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  325.424666][T12237] R13: 000000000000000b R14: 00007fde1e305f60 R15: 00007ffd74a667c8
[  325.432686][T12237]  </TASK>
[  325.514645][T12074] hsr_slave_0: entered promiscuous mode
[  325.525284][T12074] hsr_slave_1: entered promiscuous mode
[  325.549797][T12074] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  325.565028][T12074] Cannot create hsr debugfs directory
[  325.992117][T12269] xt_ecn: cannot match TCP bits for non-tcp packets
[  326.070932][T12278] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2079'.
[  326.080782][T12266] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.092166][T12278] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2079'.
[  326.110825][T12276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2080'.
[  326.130640][T12269] netlink: 'syz.0.2079': attribute type 21 has an invalid length.
[  326.154704][T12278] netlink: 31 bytes leftover after parsing attributes in process `syz.0.2079'.
[  326.164642][T12269] netlink: 'syz.0.2079': attribute type 20 has an invalid length.
[  326.173230][T12278] netlink: 'syz.0.2079': attribute type 3 has an invalid length.
[  326.181793][T12269] IPv6: NLM_F_CREATE should be specified when creating new route
[  326.191914][T12278] netlink: 31 bytes leftover after parsing attributes in process `syz.0.2079'.
[  326.479019][T12287] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  326.555614][T12285] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2082'.
[  326.695680][T12297] infiniband syz0: set active
[  326.741103][ T5119] lo speed is unknown, defaulting to 1000
[  326.794749][T12302] netlink: 'syz.0.2086': attribute type 10 has an invalid length.
[  326.836015][T12302] team0: Port device netdevsim0 added
[  327.001914][T12074] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  327.050105][T12074] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  327.142326][T12074] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  327.194899][T12074] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  327.318387][ T5116] Bluetooth: hci0: command tx timeout
[  327.506221][T12332] lo speed is unknown, defaulting to 1000
[  327.680869][T12074] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.746800][T12074] 8021q: adding VLAN 0 to HW filter on device team0
[  327.781036][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.788282][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  327.825399][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.832636][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  328.530370][T12369] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.538113][T12369] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.758249][T12074] 8021q: adding VLAN 0 to HW filter on device batadv0
[  328.765285][T12375] netlink: 'syz.0.2101': attribute type 4 has an invalid length.
[  328.777204][T12380] __nla_validate_parse: 2 callbacks suppressed
[  328.777222][T12380] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2102'.
[  328.803473][T12373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2099'.
[  328.812825][T12381] netlink: 'syz.0.2101': attribute type 4 has an invalid length.
[  329.456278][T12415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2107'.
[  329.543211][T12074] veth0_vlan: entered promiscuous mode
[  329.594642][T12074] veth1_vlan: entered promiscuous mode
[  329.678425][T12074] veth0_macvtap: entered promiscuous mode
[  329.705244][T12074] veth1_macvtap: entered promiscuous mode
[  329.766897][T12430] netlink: 'syz.0.2111': attribute type 1 has an invalid length.
[  329.775955][T12431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2112'.
[  329.784233][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.793997][T12430] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.2111'.
[  329.807568][T12430] netlink: 'syz.0.2111': attribute type 1 has an invalid length.
[  329.818774][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.835743][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.854779][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.867843][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.881168][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.891708][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.902657][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.913019][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.924301][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.935798][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.946721][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.957118][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.970169][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.982697][T12074] batman_adv: batadv0: Interface activated: batadv_slave_0
[  330.032614][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.043549][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.058276][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.079353][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.096936][T12443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2113'.
[  330.107040][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.119132][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.130941][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.142156][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.153017][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.164283][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.176215][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.187787][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.201943][T12074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.213809][T12074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.226907][T12074] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.250258][T12443] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2113'.
[  330.279079][T12074] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.294923][T12074] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.310018][ T5116] block nbd13: Receive control failed (result -107)
[  330.323699][T12074] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.333623][T12074] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.367500][T12443] nbd13: detected capacity change from 0 to 256
[  330.381340][ T5121] block nbd13: Dead connection, failed to find a fallback
[  330.390817][T12451] netlink: 516 bytes leftover after parsing attributes in process `syz.0.2115'.
[  330.712846][T12468] netlink: 'syz.1.2120': attribute type 11 has an invalid length.
[  330.722131][T12468] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2120'.
[  330.732339][T12463] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.741022][T12463] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.814363][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.849650][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.958246][T12470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2119'.
[  330.969524][ T2921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.005184][ T2921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.365100][T12497] netlink: 'syz.1.2125': attribute type 10 has an invalid length.
[  331.892788][T12531] xt_ecn: cannot match TCP bits for non-tcp packets
[  331.929779][T12531] netlink: 'syz.1.2132': attribute type 21 has an invalid length.
[  331.946483][T12531] netlink: 'syz.1.2132': attribute type 20 has an invalid length.
[  331.964184][T12531] IPv6: NLM_F_CREATE should be specified when creating new route
[  331.989899][T12539] netlink: 'syz.1.2132': attribute type 3 has an invalid length.
[  332.005368][T12534] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  332.240685][T12551] cannot load conntrack support for proto=3
[  332.617782][  T954] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.922200][  T954] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.053415][  T954] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.170528][  T954] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.500772][T12593] netlink: 'syz.3.2146': attribute type 1 has an invalid length.
[  333.558028][T12593] netlink: 'syz.3.2146': attribute type 2 has an invalid length.
[  333.609511][  T954] bridge_slave_1: left allmulticast mode
[  333.615202][  T954] bridge_slave_1: left promiscuous mode
[  333.666903][  T954] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.719998][  T954] bridge_slave_0: left allmulticast mode
[  333.725970][  T954] bridge_slave_0: left promiscuous mode
[  333.773740][  T954] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.013001][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  334.023970][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  334.034915][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  334.056078][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  334.068945][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  334.078434][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  334.767950][  T954] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  334.806998][  T954] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  334.838996][  T954] bond0 (unregistering): Released all slaves
[  334.858399][T12610] netlink: 'syz.1.2144': attribute type 21 has an invalid length.
[  334.877675][T12610] __nla_validate_parse: 9 callbacks suppressed
[  334.877691][T12610] netlink: 15998 bytes leftover after parsing attributes in process `syz.1.2144'.
[  334.902904][T12608] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  335.088016][T12622] lo speed is unknown, defaulting to 1000
[  335.632302][T12657] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2157'.
[  335.880788][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  335.891651][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  335.900129][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  335.920874][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  335.931012][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  335.948564][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  336.187697][   T54] Bluetooth: hci0: command tx timeout
[  336.412323][T12664] lo speed is unknown, defaulting to 1000
[  336.477479][  T954] hsr_slave_0: left promiscuous mode
[  336.527467][  T954] hsr_slave_1: left promiscuous mode
[  336.558293][  T954] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  336.565727][  T954] batman_adv: batadv0: Removing interface: batadv_slave_0
[  336.599466][  T954] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  336.606898][  T954] batman_adv: batadv0: Removing interface: batadv_slave_1
[  336.687187][  T954] veth1_macvtap: left promiscuous mode
[  336.717433][  T954] veth0_macvtap: left promiscuous mode
[  336.736605][  T954] veth1_vlan: left promiscuous mode
[  336.745859][  T954] veth0_vlan: left promiscuous mode
[  336.929443][T12678] ieee802154 phy0 wpan0: encryption failed: -22
[  337.732704][  T954] team0 (unregistering): Port device team_slave_1 removed
[  337.829972][  T954] team0 (unregistering): Port device team_slave_0 removed
[  338.108767][   T54] Bluetooth: hci2: command tx timeout
[  338.267673][   T54] Bluetooth: hci0: command tx timeout
[  338.828675][T12676] netlink: 'syz.0.2159': attribute type 10 has an invalid length.
[  338.860333][T12676] team0: Port device netdevsim0 removed
[  339.115677][T12622] chnl_net:caif_netlink_parms(): no params data found
[  339.246042][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2163'.
[  339.348956][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2163'.
[  339.392260][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2163'.
[  339.459524][T12622] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.466912][T12622] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.497863][T12622] bridge_slave_0: entered allmulticast mode
[  339.514308][T12622] bridge_slave_0: entered promiscuous mode
[  339.616785][T12622] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.644637][T12622] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.674467][T12622] bridge_slave_1: entered allmulticast mode
[  339.701222][T12622] bridge_slave_1: entered promiscuous mode
[  339.838572][T12622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  339.871717][T12622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  339.973641][T12622] team0: Port device team_slave_0 added
[  340.003918][T12622] team0: Port device team_slave_1 added
[  340.112139][T12622] batman_adv: batadv0: Adding interface: batadv_slave_0
[  340.137817][T12622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.192272][ T5116] Bluetooth: hci2: command tx timeout
[  340.228269][T12622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  340.249252][T12664] chnl_net:caif_netlink_parms(): no params data found
[  340.320464][T12622] batman_adv: batadv0: Adding interface: batadv_slave_1
[  340.346181][T12622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.387541][ T5116] Bluetooth: hci0: command tx timeout
[  340.410835][T12622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  340.662592][T12622] hsr_slave_0: entered promiscuous mode
[  340.697696][T12622] hsr_slave_1: entered promiscuous mode
[  340.707723][T12622] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  340.715298][T12622] Cannot create hsr debugfs directory
[  340.843809][T12664] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.871866][T12664] bridge0: port 1(bridge_slave_0) entered disabled state
[  340.885036][T12664] bridge_slave_0: entered allmulticast mode
[  340.893391][T12664] bridge_slave_0: entered promiscuous mode
[  340.913148][T12664] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.931485][T12664] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.939144][T12664] bridge_slave_1: entered allmulticast mode
[  340.946524][T12664] bridge_slave_1: entered promiscuous mode
[  341.224239][T12664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  341.252184][T12741] sctp: [Deprecated]: syz.0.2168 (pid 12741) Use of struct sctp_assoc_value in delayed_ack socket option.
[  341.252184][T12741] Use struct sctp_sack_info instead
[  341.295207][T12664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  341.329130][T12741] bridge_slave_1: left allmulticast mode
[  341.334822][T12741] bridge_slave_1: left promiscuous mode
[  341.357692][T12741] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.392132][T12742] netlink: 'syz.0.2168': attribute type 10 has an invalid length.
[  341.416631][T12742] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2168'.
[  341.439601][T12742] batman_adv: batadv0: Adding interface: virt_wifi0
[  341.446303][T12742] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  341.484516][T12742] batman_adv: batadv0: Interface activated: virt_wifi0
[  341.579455][T12664] team0: Port device team_slave_0 added
[  341.699110][T12664] team0: Port device team_slave_1 added
[  341.930392][T12664] batman_adv: batadv0: Adding interface: batadv_slave_0
[  341.938247][T12664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  342.017455][T12664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  342.138108][T12664] batman_adv: batadv0: Adding interface: batadv_slave_1
[  342.178092][T12664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  342.257776][T12664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  342.268629][ T5116] Bluetooth: hci2: command 0x040f tx timeout
[  342.429136][   T54] Bluetooth: hci0: command tx timeout
[  342.615761][T12664] hsr_slave_0: entered promiscuous mode
[  342.642002][T12664] hsr_slave_1: entered promiscuous mode
[  342.648943][T12664] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  342.656533][T12664] Cannot create hsr debugfs directory
[  343.273016][T12622] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  343.411187][T12664] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.457622][T12622] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  343.480767][T12622] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  343.540645][T12622] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  343.621224][T12785] netlink: 160 bytes leftover after parsing attributes in process `syz.3.2177'.
[  343.654791][T12785] netlink: 160 bytes leftover after parsing attributes in process `syz.3.2177'.
[  343.674140][T12785] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2177'.
[  343.689521][T12664] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.908000][T12664] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.108956][T12664] team0: Port device netdevsim0 removed
[  344.121598][T12664] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.344876][T12622] 8021q: adding VLAN 0 to HW filter on device bond0
[  344.357936][   T54] Bluetooth: hci2: command 0x040f tx timeout
[  344.476630][T12622] 8021q: adding VLAN 0 to HW filter on device team0
[  344.570771][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.577990][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.649055][ T5152] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.656329][ T5152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.801531][T12664] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  344.873591][T12664] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  344.905919][T12664] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  344.984279][T12664] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  345.362318][T12664] 8021q: adding VLAN 0 to HW filter on device bond0
[  345.443081][T12622] 8021q: adding VLAN 0 to HW filter on device batadv0
[  345.486621][T12664] 8021q: adding VLAN 0 to HW filter on device team0
[  345.539380][ T5119] bridge0: port 1(bridge_slave_0) entered blocking state
[  345.546547][ T5119] bridge0: port 1(bridge_slave_0) entered forwarding state
[  345.640811][ T5119] bridge0: port 2(bridge_slave_1) entered blocking state
[  345.648004][ T5119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  346.351175][T12622] veth0_vlan: entered promiscuous mode
[  346.399284][T12622] veth1_vlan: entered promiscuous mode
[  346.427846][   T54] Bluetooth: hci2: command 0x040f tx timeout
[  346.520254][T12664] 8021q: adding VLAN 0 to HW filter on device batadv0
[  346.605060][T12622] veth0_macvtap: entered promiscuous mode
[  346.659366][T12622] veth1_macvtap: entered promiscuous mode
[  346.733469][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.761402][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.777517][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.799075][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.817446][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.840082][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.862321][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.877824][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.897742][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.929980][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.961565][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.988390][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.007891][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  347.030795][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.054161][T12622] batman_adv: batadv0: Interface activated: batadv_slave_0
[  347.097037][T12664] veth0_vlan: entered promiscuous mode
[  347.121945][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.145829][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.166367][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.189788][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.210414][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.232257][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.253228][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.284077][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.317512][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.340907][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.357478][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.389676][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.407496][T12622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  347.427497][T12622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  347.449527][T12622] batman_adv: batadv0: Interface activated: batadv_slave_1
[  347.467143][T12622] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  347.502675][T12622] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  347.527131][T12622] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  347.557430][T12622] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  347.607034][T12664] veth1_vlan: entered promiscuous mode
[  347.894549][T12664] veth0_macvtap: entered promiscuous mode
[  347.941575][T12664] veth1_macvtap: entered promiscuous mode
[  347.950435][ T2400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.962041][ T2400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  348.047222][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.080427][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.097472][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.129417][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.157507][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.190676][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.214530][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.237382][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.247207][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.287532][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.307399][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.327737][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.348029][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.368641][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.397363][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.417429][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.449517][T12664] batman_adv: batadv0: Interface activated: batadv_slave_0
[  348.470940][ T2400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  348.476488][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.497782][ T2400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  348.538340][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.563671][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.584488][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.612468][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.627508][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.637744][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.648499][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.658745][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.670417][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.680615][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.691490][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.701683][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.716546][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.737560][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.758528][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.781544][T12664] batman_adv: batadv0: Interface activated: batadv_slave_1
[  348.821277][T12664] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  348.846280][T12664] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  348.864114][T12664] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  348.881861][T12664] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  349.139635][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  349.160115][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  349.239488][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  349.257751][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  349.478965][T12877] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2152'.
[  349.991618][ T2921] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.161429][ T2921] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.266509][ T2921] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.471190][ T2921] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.719683][ T2921] bridge_slave_1: left allmulticast mode
[  350.725394][ T2921] bridge_slave_1: left promiscuous mode
[  350.754470][ T2921] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.808402][ T2921] bridge_slave_0: left allmulticast mode
[  350.814100][ T2921] bridge_slave_0: left promiscuous mode
[  350.848574][ T2921] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.860008][T12891] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2188'.
[  350.882420][T12891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2188'.
[  350.912301][T12891] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2188'.
[  350.940184][T12891] netlink: 'syz.1.2188': attribute type 3 has an invalid length.
[  350.967518][T12891] netlink: 'syz.1.2188': attribute type 2 has an invalid length.
[  350.997481][T12891] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2188'.
[  351.322472][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  351.332565][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  351.340891][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  351.351124][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  351.359092][ T5116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  351.367278][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  351.963665][ T2921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  351.983079][ T2921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.006474][ T2921] bond0 (unregistering): Released all slaves
[  352.056525][T12890] veth4: entered allmulticast mode
[  352.231506][T12894] lo speed is unknown, defaulting to 1000
[  352.327959][T12901] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2191'.
[  353.331977][ T2921] hsr_slave_0: left promiscuous mode
[  353.346771][ T2921] hsr_slave_1: left promiscuous mode
[  353.378086][ T2921] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  353.391555][ T2921] batman_adv: batadv0: Removing interface: batadv_slave_0
[  353.413853][ T2921] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  353.435584][ T2921] batman_adv: batadv0: Removing interface: batadv_slave_1
[  353.467835][ T5116] Bluetooth: hci0: command tx timeout
[  353.479024][ T2921] veth1_macvtap: left promiscuous mode
[  353.484712][ T2921] veth0_macvtap: left promiscuous mode
[  353.490515][ T2921] veth1_vlan: left promiscuous mode
[  353.495934][ T2921] veth0_vlan: left promiscuous mode
[  354.006115][ T2921] team0 (unregistering): Port device team_slave_1 removed
[  354.053539][ T2921] team0 (unregistering): Port device team_slave_0 removed
[  354.420297][T12925] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2197'.
[  354.430267][T12926] netlink: 'syz.3.2196': attribute type 4 has an invalid length.
[  354.450656][T12926] infiniband syz0: set down
[  354.462007][ T5153] lo speed is unknown, defaulting to 1000
[  354.468932][ T5153] lo speed is unknown, defaulting to 1000
[  354.474741][T12936] netlink: 'syz.3.2196': attribute type 4 has an invalid length.
[  354.489390][T12936] infiniband syz0: set active
[  354.643631][T12950] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2201'.
[  354.682119][    T9] lo speed is unknown, defaulting to 1000
[  354.690349][    T9] lo speed is unknown, defaulting to 1000
[  354.805810][T12959] netlink: 'syz.2.2203': attribute type 10 has an invalid length.
[  354.836556][T12959] team0: Port device netdevsim0 added
[  355.014359][T12894] chnl_net:caif_netlink_parms(): no params data found
[  355.069800][T12968] netlink: 'syz.3.2205': attribute type 10 has an invalid length.
[  355.138100][T12968] team0: Port device netdevsim0 added
[  355.372864][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  355.383362][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  355.392288][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  355.401853][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  355.409828][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  355.417229][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  355.548504][   T54] Bluetooth: hci0: command tx timeout
[  355.746299][T12894] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.775626][T12894] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.818124][T12894] bridge_slave_0: entered allmulticast mode
[  355.825424][T12894] bridge_slave_0: entered promiscuous mode
[  355.850225][T12894] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.857878][T12894] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.865068][T12894] bridge_slave_1: entered allmulticast mode
[  355.873338][T12894] bridge_slave_1: entered promiscuous mode
[  355.910257][T13003] syz0: rxe_newlink: already configured on lo
[  355.975776][T12894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.999194][T13003] infiniband syz0: set active
[  356.090237][T12982] lo speed is unknown, defaulting to 1000
[  356.103852][T12894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.125358][ T5156] lo speed is unknown, defaulting to 1000
[  356.259369][T12894] team0: Port device team_slave_0 added
[  356.274699][T12894] team0: Port device team_slave_1 added
[  356.355039][T12894] batman_adv: batadv0: Adding interface: batadv_slave_0
[  356.372853][T12894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  356.412185][T12894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.427505][   T62] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  356.441406][T12894] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.460915][T12894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  356.499875][T12894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  356.766244][T12894] hsr_slave_0: entered promiscuous mode
[  356.785241][T13023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2215'.
[  356.797718][T12894] hsr_slave_1: entered promiscuous mode
[  356.812218][T12894] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  356.824620][T12894] Cannot create hsr debugfs directory
[  357.219645][T13034] netlink: 'syz.1.2217': attribute type 10 has an invalid length.
[  357.256102][T13034] team0: Port device netdevsim0 added
[  357.357245][    C0] eth0: bad gso: type: 1, size: 1408
[  357.467568][   T54] Bluetooth: hci1: command tx timeout
[  357.628189][   T54] Bluetooth: hci0: command tx timeout
[  357.632625][T12982] chnl_net:caif_netlink_parms(): no params data found
[  357.702267][T13052] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.2220'.
[  357.758574][T13047] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2220'.
[  358.081516][T13055] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  358.317982][T12982] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.325162][T12982] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.349457][   T30] INFO: task udevd:5115 blocked for more than 143 seconds.
[  358.372848][T12982] bridge_slave_0: entered allmulticast mode
[  358.377468][   T30]       Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  358.384683][T12982] bridge_slave_0: entered promiscuous mode
[  358.407468][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  358.441362][T13064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2226'.
[  358.447456][   T30] task:udevd           state:D stack:20480 pid:5115  tgid:5115  ppid:4554   flags:0x00004002
[  358.474508][T12982] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.487849][   T30] Call Trace:
[  358.491163][   T30]  <TASK>
[  358.509557][T12982] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.517860][   T30]  __schedule+0x1800/0x4a60
[  358.522475][   T30]  ? __pfx___schedule+0x10/0x10
[  358.534746][T12982] bridge_slave_1: entered allmulticast mode
[  358.544595][T12982] bridge_slave_1: entered promiscuous mode
[  358.545217][   T30]  ? __blk_flush_plug+0x449/0x500
[  358.577428][   T30]  ? __pfx_lock_release+0x10/0x10
[  358.582502][   T30]  ? __asan_memset+0x23/0x50
[  358.587156][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  358.627574][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  358.633980][   T30]  ? schedule+0x90/0x320
[  358.648294][   T30]  schedule+0x14b/0x320
[  358.652624][   T30]  schedule_timeout+0x1be/0x310
[  358.658150][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  358.663900][   T30]  ? __pfx_process_timeout+0x10/0x10
[  358.675298][   T30]  ? prepare_to_wait_event+0x3ba/0x400
[  358.687499][   T30]  nbd_queue_rq+0x7cd/0x2f70
[  358.692249][   T30]  ? __pfx_validate_chain+0x10/0x10
[  358.698129][   T30]  ? validate_chain+0x11e/0x5900
[  358.716077][   T30]  ? __pfx_nbd_queue_rq+0x10/0x10
[  358.728660][   T30]  ? __lock_acquire+0x137a/0x2040
[  358.739432][   T30]  ? __pfx_autoremove_wake_function+0x10/0x10
[  358.753451][   T30]  blk_mq_dispatch_rq_list+0xb89/0x1b30
[  358.765214][   T30]  ? sbitmap_get+0x289/0x3f0
[  358.775691][   T30]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[  358.794502][   T30]  ? __blk_mq_alloc_driver_tag+0x32d/0x730
[  358.802492][   T30]  __blk_mq_sched_dispatch_requests+0xb8a/0x1840
[  358.813944][   T30]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[  358.825299][   T30]  ? blk_mq_run_hw_queue+0x1d3/0xae0
[  358.831284][   T30]  ? __pfx___might_resched+0x10/0x10
[  358.836862][   T30]  blk_mq_sched_dispatch_requests+0xcb/0x140
[  358.849967][   T30]  ? blk_mq_run_hw_queue+0x54d/0xae0
[  358.856571][   T30]  blk_mq_run_hw_queue+0x576/0xae0
[  358.862588][   T30]  ? blk_mq_run_hw_queue+0x1d3/0xae0
[  358.869628][   T30]  blk_mq_flush_plug_list+0x1115/0x1880
[  358.875492][   T30]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  358.893567][   T30]  ? blk_mq_submit_bio+0x127e/0x22d0
[  358.907919][   T30]  __blk_flush_plug+0x420/0x500
[  358.915975][   T30]  ? __pfx___blk_flush_plug+0x10/0x10
[  358.922339][   T30]  ? timekeeping_get_ns+0x5c/0x420
[  358.929754][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  358.935157][   T30]  __submit_bio+0x422/0x560
[  358.940454][   T30]  ? __pfx___submit_bio+0x10/0x10
[  358.945661][   T30]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  358.959485][   T30]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  358.966571][   T30]  submit_bio_noacct_nocheck+0x4d3/0xe30
[  358.979451][   T30]  ? bio_associate_blkg_from_css+0x182/0xc70
[  358.987020][   T30]  ? __pfx___might_resched+0x10/0x10
[  358.997769][   T30]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  359.005326][   T30]  block_read_full_folio+0x93b/0xcd0
[  359.020030][   T30]  ? __pfx_blkdev_get_block+0x10/0x10
[  359.034695][   T30]  ? __pfx_block_read_full_folio+0x10/0x10
[  359.047717][   T30]  ? __pfx_lru_add_fn+0x10/0x10
[  359.052639][   T30]  ? folio_add_lru+0x357/0xd70
[  359.067078][   T30]  ? folio_add_lru+0x58f/0xd70
[  359.073160][   T30]  filemap_read_folio+0x1a0/0x790
[  359.078809][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  359.084516][   T30]  ? __pfx_filemap_read_folio+0x10/0x10
[  359.094061][   T30]  ? __filemap_get_folio+0x984/0xc10
[  359.106727][   T30]  do_read_cache_folio+0x134/0x820
[  359.117941][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  359.132764][   T30]  read_part_sector+0xb3/0x330
[  359.143390][   T30]  adfspart_check_ICS+0xd9/0x9a0
[  359.156950][   T30]  ? __pfx_vsnprintf+0x10/0x10
[  359.167356][   T30]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  359.174160][   T30]  ? snprintf+0xda/0x120
[  359.180879][   T30]  ? alloc_pages_mpol_noprof+0x417/0x680
[  359.197211][   T30]  ? vsnprintf+0x1cc3/0x1da0
[  359.202637][   T30]  ? vsnprintf+0x184/0x1da0
[  359.207688][   T30]  ? __pfx_snprintf+0x10/0x10
[  359.212572][   T30]  ? __kasan_kmalloc+0x98/0xb0
[  359.218087][   T30]  bdev_disk_changed+0x72c/0x13d0
[  359.223318][   T30]  ? __pfx_bdev_disk_changed+0x10/0x10
[  359.229445][   T30]  blkdev_get_whole+0x2d2/0x450
[  359.234485][   T30]  bdev_open+0x2d4/0xc60
[  359.241697][   T30]  blkdev_open+0x3e8/0x570
[  359.246313][   T30]  ? __pfx_blkdev_open+0x10/0x10
[  359.251966][   T30]  do_dentry_open+0x970/0x1440
[  359.256926][   T30]  vfs_open+0x3e/0x330
[  359.263428][   T30]  path_openat+0x2b3e/0x3470
[  359.270425][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[  359.276434][   T30]  ? __lock_acquire+0x137a/0x2040
[  359.282120][   T30]  ? __pfx_path_openat+0x10/0x10
[  359.288813][   T30]  do_filp_open+0x235/0x490
[  359.293467][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  359.299247][   T30]  ? _raw_spin_unlock+0x28/0x50
[  359.304242][   T30]  ? alloc_fd+0x5a1/0x640
[  359.315716][   T30]  do_sys_openat2+0x13e/0x1d0
[  359.326532][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  359.337372][   T30]  __x64_sys_openat+0x247/0x2a0
[  359.343939][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[  359.359346][   T30]  ? do_syscall_64+0x100/0x230
[  359.371446][   T30]  ? do_syscall_64+0xb6/0x230
[  359.382089][   T30]  do_syscall_64+0xf3/0x230
[  359.392349][   T30]  ? clear_bhb_loop+0x35/0x90
[  359.402785][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.415947][   T30] RIP: 0033:0x7f3e703169a4
[  359.425473][   T30] RSP: 002b:00007fff0a24d0a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  359.443000][   T30] RAX: ffffffffffffffda RBX: 0000558b92f19e10 RCX: 00007f3e703169a4
[  359.462668][   T30] RDX: 00000000000a0800 RSI: 0000558b92f1ddd0 RDI: 00000000ffffff9c
[  359.471232][   T30] RBP: 0000558b92f1ddd0 R08: 0000000000000001 R09: 7fffffffffffffff
[  359.481540][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800
[  359.491419][   T30] R13: 0000558b92f09a70 R14: 0000000000000001 R15: 0000558b92ef8910
[  359.499819][   T30]  </TASK>
[  359.554276][   T54] Bluetooth: hci1: command tx timeout
[  359.577536][   T30] 
[  359.577536][   T30] Showing all locks held in the system:
[  359.613651][   T30] 1 lock held by khungtaskd/30:
[  359.645192][   T30]  #0: ffffffff8e336e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  359.646285][T12982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  359.668361][T12982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  359.677795][   T30] 2 locks held by dhcpcd/4768:
[  359.679757][T12894] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  359.682757][   T30] 2 locks held by getty/4850:
[  359.682774][   T30]  #0: ffff88802aa270a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  359.682840][   T30]  #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  359.682899][   T30] 3 locks held by udevd/5108:
[  359.682910][   T30]  #0: ffff888020ad84c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.682966][   T30]  #1: ffff88801c360d90 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.683023][   T30]  #2: ffff888020bc0180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.683084][   T30] 3 locks held by udevd/5115:
[  359.683096][   T30]  #0: ffff8880208484c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.683149][   T30]  #1: ffff88801c76be90 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.683206][   T30]  #2: ffff8880208e0180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.683264][   T30] 3 locks held by udevd/5121:
[  359.683276][   T30]  #0: ffff888020adc4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.683329][   T30]  #1: ffff88801c321290 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.737600][   T54] Bluetooth: hci0: command tx timeout
[  359.741630][   T30]  #2: ffff888020bf8180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.823129][   T30] 3 locks held by udevd/5769:
[  359.834116][   T30]  #0: ffff8880208a64c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.843780][   T30]  #1: ffff88801f7a9e10 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.853906][   T30]  #2: ffff888020980180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.863340][   T30] 3 locks held by udevd/6201:
[  359.868472][   T30]  #0: ffff8880209b44c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.878157][   T30]  #1: ffff88801c360390 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.889043][   T30]  #2: ffff888020ab8180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.898467][   T30] 3 locks held by udevd/9906:
[  359.903225][   T30]  #0: ffff8880209b04c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.913112][   T30]  #1: ffff88801c3abd90 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.924155][   T30]  #2: ffff888020a80180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.933591][   T30] 3 locks held by udevd/10771:
[  359.938827][   T30]  #0: ffff888020a4e4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[  359.956726][   T30]  #1: ffff88801f7dae90 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x54d/0xae0
[  359.966646][   T30]  #2: ffff888020b58180 (&cmd->lock){+.+.}-{3:3}, at: nbd_queue_rq+0xfc/0x2f70
[  359.976544][   T30] 2 locks held by syz-executor/12894:
[  359.982364][   T30]  #0: ffffffff8f5fe708 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  359.993047][   T30]  #1: ffffffff8e33c1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  360.004420][   T30] 2 locks held by syz.2.2206/12970:
[  360.010036][   T30] 1 lock held by syz-executor/12982:
[  360.015404][   T30]  #0: ffffffff8f5fe708 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  360.029394][T12894] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  360.036530][   T30] 
[  360.041042][   T30] =============================================
[  360.041042][   T30] 
[  360.053143][   T30] NMI backtrace for cpu 1
[  360.057486][   T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  360.067025][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  360.077065][   T30] Call Trace:
[  360.080333][   T30]  <TASK>
[  360.083254][   T30]  dump_stack_lvl+0x241/0x360
[  360.087930][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.093119][   T30]  ? __pfx__printk+0x10/0x10
[  360.097699][   T30]  ? vprintk_emit+0x631/0x770
[  360.102371][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  360.107406][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  360.112358][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  360.117811][   T30]  ? _printk+0xd5/0x120
[  360.121957][   T30]  ? __pfx__printk+0x10/0x10
[  360.126536][   T30]  ? __wake_up_klogd+0xcc/0x110
[  360.131375][   T30]  ? __pfx__printk+0x10/0x10
[  360.135954][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  360.140970][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  360.146941][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  360.152915][   T30]  watchdog+0xfde/0x1020
[  360.157149][   T30]  ? watchdog+0x1ea/0x1020
[  360.161563][   T30]  ? __pfx_watchdog+0x10/0x10
[  360.166235][   T30]  kthread+0x2f0/0x390
[  360.170298][   T30]  ? __pfx_watchdog+0x10/0x10
[  360.174967][   T30]  ? __pfx_kthread+0x10/0x10
[  360.179549][   T30]  ret_from_fork+0x4b/0x80
[  360.183960][   T30]  ? __pfx_kthread+0x10/0x10
[  360.188543][   T30]  ret_from_fork_asm+0x1a/0x30
[  360.193314][   T30]  </TASK>
[  360.197581][   T30] Sending NMI from CPU 1 to CPUs 0:
[  360.203155][    C0] NMI backtrace for cpu 0
[  360.203166][    C0] CPU: 0 PID: 2890 Comm: kworker/u8:9 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  360.203184][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  360.203194][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  360.203222][    C0] RIP: 0010:__kmalloc_noprof+0xf4/0x400
[  360.203245][    C0] Code: 2e 2e 31 c0 4c 89 ef 89 de e8 58 ed ff ff 31 db 4d 85 ed 0f 84 04 01 00 00 85 c0 0f 85 fc 00 00 00 48 89 2c 24 cc 61 02 00 00 <65> 48 8b 05 d4 1a 14 7e 49 8b 4d 00 48 8b 54 08 08 48 8b 3c 08 48
[  360.203258][    C0] RSP: 0018:ffffc90009df6f50 EFLAGS: 00000246
[  360.203272][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  360.203281][    C0] RDX: 0000000000000000 RSI: 0000000000000060 RDI: ffffffff8e44a0c0
[  360.203292][    C0] RBP: 0000000000000043 R08: ffffffff8adca4c4 R09: ffffffff8adca2fd
[  360.203304][    C0] R10: 0000000000000003 R11: ffff88802b70bc00 R12: 0000000000000920
[  360.203315][    C0] R13: ffff888015041280 R14: 0000000000000000 R15: ffffffff8adca51f
[  360.203326][    C0] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  360.203346][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  360.203357][    C0] CR2: 0000000020aa9030 CR3: 000000000e134000 CR4: 00000000003506f0
[  360.203371][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  360.203381][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  360.203391][    C0] Call Trace:
[  360.203397][    C0]  <NMI>
[  360.203403][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  360.203425][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  360.203448][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  360.203469][    C0]  ? nmi_handle+0x2a/0x5a0
[  360.203494][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  360.203514][    C0]  ? nmi_handle+0x14f/0x5a0
[  360.203528][    C0]  ? nmi_handle+0x2a/0x5a0
[  360.203544][    C0]  ? __kmalloc_noprof+0xf4/0x400
[  360.203564][    C0]  ? default_do_nmi+0x63/0x160
[  360.203586][    C0]  ? exc_nmi+0x123/0x1f0
[  360.203608][    C0]  ? end_repeat_nmi+0xf/0x53
[  360.203630][    C0]  ? cfg80211_inform_single_bss_data+0xaff/0x2030
[  360.203654][    C0]  ? cfg80211_inform_single_bss_data+0x8dd/0x2030
[  360.203674][    C0]  ? cfg80211_inform_single_bss_data+0xaa4/0x2030
[  360.203697][    C0]  ? __kmalloc_noprof+0xf4/0x400
[  360.203718][    C0]  ? __kmalloc_noprof+0xf4/0x400
[  360.203739][    C0]  ? __kmalloc_noprof+0xf4/0x400
[  360.203758][    C0]  </NMI>
[  360.203764][    C0]  <TASK>
[  360.203773][    C0]  cfg80211_inform_single_bss_data+0xaff/0x2030
[  360.203794][    C0]  ? __read_once_word_nocheck+0x9/0x20
[  360.203822][    C0]  ? __read_once_word_nocheck+0x9/0x20
[  360.203845][    C0]  ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[  360.203879][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  360.203901][    C0]  ? __kernel_text_address+0xd/0x40
[  360.203916][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  360.203937][    C0]  ? cfg80211_inform_bss_data+0x3c5/0x5a70
[  360.203961][    C0]  cfg80211_inform_bss_data+0x3dd/0x5a70
[  360.203996][    C0]  ? __pfx_validate_chain+0x10/0x10
[  360.204035][    C0]  ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[  360.204061][    C0]  ? mark_lock+0x9a/0x350
[  360.204083][    C0]  ? __lock_acquire+0x137a/0x2040
[  360.204120][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  360.204139][    C0]  ? ieee80211_bss_info_update+0x3d9/0xbc0
[  360.204160][    C0]  cfg80211_inform_bss_frame_data+0x3bc/0x720
[  360.204187][    C0]  ? ieee80211_bss_info_update+0x3d9/0xbc0
[  360.204203][    C0]  ieee80211_bss_info_update+0x8a7/0xbc0
[  360.204224][    C0]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[  360.204249][    C0]  ? ieee80211_get_channel_khz+0x173/0x920
[  360.204270][    C0]  ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70
[  360.204298][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  360.204321][    C0]  ? mark_lock+0x9a/0x350
[  360.204348][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  360.204369][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  360.204390][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  360.204415][    C0]  ieee80211_iface_work+0x8a5/0xf20
[  360.204438][    C0]  cfg80211_wiphy_work+0x2db/0x490
[  360.204464][    C0]  ? process_scheduled_works+0x945/0x1830
[  360.204483][    C0]  process_scheduled_works+0xa2c/0x1830
[  360.204518][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  360.204542][    C0]  ? assign_work+0x364/0x3d0
[  360.204563][    C0]  worker_thread+0x86d/0xd40
[  360.204592][    C0]  ? __kthread_parkme+0x169/0x1d0
[  360.204614][    C0]  ? __pfx_worker_thread+0x10/0x10
[  360.204633][    C0]  kthread+0x2f0/0x390
[  360.204653][    C0]  ? __pfx_worker_thread+0x10/0x10
[  360.204672][    C0]  ? __pfx_kthread+0x10/0x10
[  360.204694][    C0]  ret_from_fork+0x4b/0x80
[  360.204714][    C0]  ? __pfx_kthread+0x10/0x10
[  360.204736][    C0]  ret_from_fork_asm+0x1a/0x30
[  360.204766][    C0]  </TASK>
[  360.397586][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  360.397602][   T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0
[  360.397621][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  360.397632][   T30] Call Trace:
[  360.397639][   T30]  <TASK>
[  360.397647][   T30]  dump_stack_lvl+0x241/0x360
[  360.397675][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.397696][   T30]  ? __pfx__printk+0x10/0x10
[  360.397713][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  360.397741][   T30]  ? vscnprintf+0x5d/0x90
[  360.397764][   T30]  panic+0x349/0x860
[  360.397784][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  360.397808][   T30]  ? __pfx_panic+0x10/0x10
[  360.397823][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  360.397842][   T30]  ? __irq_work_queue_local+0x137/0x410
[  360.397864][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  360.397882][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  360.397903][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  360.397927][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  360.397951][   T30]  watchdog+0x101d/0x1020
[  360.397974][   T30]  ? watchdog+0x1ea/0x1020
[  360.397999][   T30]  ? __pfx_watchdog+0x10/0x10
[  360.398019][   T30]  kthread+0x2f0/0x390
[  360.398040][   T30]  ? __pfx_watchdog+0x10/0x10
[  360.398059][   T30]  ? __pfx_kthread+0x10/0x10
[  360.398081][   T30]  ret_from_fork+0x4b/0x80
[  360.398101][   T30]  ? __pfx_kthread+0x10/0x10
[  360.398123][   T30]  ret_from_fork_asm+0x1a/0x30
[  360.398157][   T30]  </TASK>
[  360.398620][   T30] Kernel Offset: disabled
[  360.822114][   T30] Rebooting in 86400 seconds..