last executing test programs:

2.526556114s ago: executing program 2 (id=4598):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffdfc, {0x0, 0x0, 0x0, r2, {0xe, 0xfff2}, {0xffff, 0xffff}, {0x2, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000080)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000003702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b704000010000020620700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000280)='GPL\x00'}, 0x48) (async)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{0x0}, {&(0x7f00000003c0)=""/47, 0x2f}], 0x2}}], 0x1, 0x12002, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r3, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0xff80, 0x4004044) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="adaa000000000000711014000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x94)

2.134257033s ago: executing program 2 (id=4604):
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r4)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFHWADDR(r4, 0x8b29, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r6 = socket$inet(0x2, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x4a, &(0x7f00000000c0)=0x1810, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00', <r7=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="4000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100687372001400028008000200", @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r7, @ANYBLOB], 0x40}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="140000001d0001"], 0x14}}, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040)="3c75c2015e8724b5a4c586f2ae924b277f0403ec773eab27570e28988217c9b056128ff16b2a141a2288e717", 0x2c)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000090a010400000000000000180100000008000a400000000009000214a5663fca0073797a32000000000900010073797a30000000000800054000000008300000f672315605345fe14c225ae83be46c000c0a01030000000000000000c5e0000008000440000000000900010073797a30000000000800038004000080"], 0x94}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000000206050000000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800124000001800050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r5, 0x80047437, &(0x7f0000000080))
r11 = socket(0x10, 0x803, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r12, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="01000000000000000000070000000c0001800600010002000000"], 0x20}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r11)
r14 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r14, &(0x7f0000000300)={0x11, 0x1, 0x0, 0x1, 0x8}, 0x14)
setsockopt$CAN_RAW_FD_FRAMES(r11, 0x65, 0x5, &(0x7f0000000140), 0x4)

1.812657508s ago: executing program 2 (id=4608):
r0 = socket$kcm(0x10, 0x2, 0x0)
unshare(0x28000400)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x4000000, 'aegis128-generic\x00'}, 0x58)
bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a80)=ANY=[@ANYBLOB="1c0000001500010000000000000000000100000008000100", @ANYBLOB='z'], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff})
setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f00000000c0)='wg1\x00', 0x4)
getsockname$netlink(r2, &(0x7f0000000100), &(0x7f0000000140)=0xc)

1.393531337s ago: executing program 4 (id=4612):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000003c0)={&(0x7f0000000240)="97", 0x0, 0x0, 0x0, 0x8, r0}, 0x38)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)={0x18, 0x2c, 0x601, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x18}], 0x1}, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000000c0), 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@ipv6_newroute={0x2c, 0x18, 0x111, 0xfffffffe, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, [@RTA_PRIORITY={0x8, 0x6, 0x1}, @RTA_EXPIRES={0x8, 0x17, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4805}, 0x44840)
sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="bde49a54", 0xe4bd}], 0x1}, 0x0)

1.38746254s ago: executing program 2 (id=4613):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff00000028711052000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff00000028711052000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt(r3, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8) (async)
setsockopt(r3, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e23, 0x3fe, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c)
sendto$inet6(r4, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @loopback, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, '\x00', 0x35}}}}, 0x84)
r5 = socket$nl_crypto(0x10, 0x3, 0x15)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x4010, r5, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, r1, 0xb0260000) (async)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, r1, 0xb0260000)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r0, 0xc6e9f000)
mmap(&(0x7f000057a000/0x1000)=nil, 0x1000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) (async)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4) (async)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
ioctl$EXT4_IOC_CHECKPOINT(r5, 0x4004662b, &(0x7f0000000140)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r6, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, 0x0)
r8 = socket(0x14, 0x2, 0x4)
accept$packet(r8, 0x0, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xffffe000) (async)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xffffe000)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000000, 0x6e073, r1, 0x2000)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x272b5c0fc5d95318, 0x11, r0, 0x9610c000)

1.28029253s ago: executing program 0 (id=4614):
setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x4f}, 0x4)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r1=>r0, 0x2, 0x7, 0x80})
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000100)={<r2=>0x0, 0x8, 0x10, 0x0, 0xffffffffffffff96}, &(0x7f0000000140)=0x18)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000180)={<r3=>r2, 0x0, 0xaab, 0x7ff, 0x4, 0x2}, &(0x7f00000001c0)=0x14)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendto$rxrpc(r1, &(0x7f0000000240)="6804cf8406b8eb8eb0dcdc0785c4cc90b26733add53177b6443ab67fc5bbff1c5b5dca28e60e2839c0ba7b8bdb9573e24da8554bf41cfb93d688908ee2f8bcd70b59e085243412eb8945ece80a999d59150a3c0ed9d2c7972d9da63b622eb9a378c64cdcf4f892f327c2f943aa879c649ddbdcb1c838986b16a2a8d48cd1df9b755151eb38d5d96746e24b6411bdf963da1885de3edc777e6fc74c6d2b7c35e6cb69b14ead30ad88a3b561b588d3f819cf6f8f5afba09c055b0efb21295d39b57959965fe95de935a5661924706f332a48ec88f470f2f8c1b8f18103", 0xdc, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000340)={0x3, 0x8, 0x2, 0x3, 0xa1, 0x9, 0x6, 0x81, 0xf6, 0x3, 0x6, 0x0, 0xc1, 0x9}, 0xe)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
bind$xdp(r1, &(0x7f00000003c0)={0x2c, 0x8, 0x0, 0x9}, 0x10)
getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000400)={<r5=>r3, 0x80000001, 0x2, 0x0, 0xa89, 0x100, 0xffff, 0x7, {r3, @in={{0x2, 0x4e24, @broadcast}}, 0x5, 0x8, 0xa, 0x8, 0x6}}, &(0x7f00000004c0)=0xb0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0xbc, 0x1, 0x8, 0x104, 0x0, 0x0, {0x5, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x800}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x606f8bdf}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x9}]}, @CTA_TIMEOUT_L4PROTO={0x5}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6006}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x40}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x88}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x200}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4}, 0x50)
r6 = socket$kcm(0x29, 0x5, 0x0)
poll(&(0x7f0000000680)=[{r6, 0x1080}, {r6, 0x542}], 0x2, 0x1a)
r7 = socket$l2tp(0x2, 0x2, 0x73)
preadv(r7, &(0x7f0000000800)=[{&(0x7f00000006c0)=""/207, 0xcf}, {&(0x7f00000007c0)=""/44, 0x2c}], 0x2, 0x3, 0x78b)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000840))
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$BTRFS_IOC_QGROUP_CREATE(r8, 0x4010942a, &(0x7f0000000880)={0x1})
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000008c0), &(0x7f0000000900)=0x4)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000a00)={r1, &(0x7f0000000940)="3ae51c7b4d38a1d203a9c21cbdb26ed3bbf0731974c26b36122ba7f23023e4fd3f653fd8b5024c0015c1d41f621e9c2932e399888d92032c3a4320f1772b92d08e4301eb9e06f8c77d6907a7bd6ef37764c0008affcb72eaab239dad093351fd6f61fcd4f7d954107ee23562a30df34639511aaeb631305d0b136cbe60cb37e9001e232e57086ee0a2b4f5ac23f4ac6d1c65d1ded13e0afbfe1443c8e783d86e94dd8e866ed7"}, 0x20)
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000a40))
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000a80)={r5, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x9, 0x7}, &(0x7f0000000b40)=0x90)
r9 = accept$packet(r1, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000bc0)=0x14)
getsockname$packet(r9, &(0x7f0000000c00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000c40)=0x14)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000c80)={r2, 0x5}, &(0x7f0000000cc0)=0x8)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000d00)={{0x62, @rand_addr=0x64010100, 0x4e22, 0x1, 'lc\x00', 0x2d, 0xc, 0x5d}, {@multicast2, 0x4e23, 0x2, 0x4, 0xfffffff7, 0x7f}}, 0x44)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000d80), &(0x7f0000000dc0)=0x4)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r4, 0x8002f515, &(0x7f0000000e00))

1.206417708s ago: executing program 1 (id=4615):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000300), r0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r2) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000890438000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) (async)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000640)={@cgroup=r2, r2, 0x7, 0xce2d3afaee448c72, 0x4}, 0x20) (async, rerun: 64)
sendmsg$GTP_CMD_DELPDP(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_LINK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x4) (rerun: 64)

1.174607032s ago: executing program 4 (id=4616):
r0 = socket$inet6(0x10, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0080bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$netlink(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000001c0)=ANY=[], 0x10}], 0x1, 0x0, 0x0, 0x4000880}, 0x4008000)
accept$nfc_llcp(r2, 0x0, 0x0)
write(r0, &(0x7f0000000040)="1c00000021002551071c0165ff00fc020200000003100f000ee1000c", 0x1c)

1.131837704s ago: executing program 2 (id=4617):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x65, &(0x7f0000000200)=0x5, 0x4)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @local}, 0x2}}, 0x2e)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x81, @mcast2, 0x5}, 0x1c)
r2 = socket(0x1d, 0x4, 0xb0a)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0x401)
listen(r4, 0x0)
ioctl$sock_SIOCSPGRP(r4, 0x8902, &(0x7f0000000000)=0xffffffffffffffff)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90924fc60", 0x8c0}], 0x1, 0x0, 0x0, 0x600}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c80)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r7, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="55000e0080000000080211000000080211000001505050505050000000000000000000009d92fd67da8a"], 0xcc}}, 0x0)
shutdown(r3, 0x0)
close(0x3)
r8 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r8, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r8, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x24000004)
sendmsg$inet(r8, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="cd", 0x1}], 0x1}, 0x240448c4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={<r9=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={<r10=>r9, @in6={{0xa, 0x3, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, &(0x7f0000000040)=0x84)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="fbff26bd7000fddbdf250f00200008443198d41b0300", @ANYRES32=r12, @ANYBLOB="0c009900ff0300001a000000060096007d00000004004600"], 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x83, &(0x7f0000000080)={r10, 0x2}, 0x8)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={0x0}, 0x1, 0x0, 0x0, 0x4000011}, 0x8010)

997.661293ms ago: executing program 3 (id=4618):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000611494000000000005000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)

996.627576ms ago: executing program 0 (id=4619):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
socket$isdn(0x22, 0x3, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x800448d4, &(0x7f0000000200)={0xffffffffffffffff, 0x200, "00fa00"})
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000040)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x1ffc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x20ffc000, 0x0, 0x13, r4, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r3, 0x8002f515, &(0x7f0000000000))
r5 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r5, &(0x7f0000000680)={0x18, 0x2, {0x0, @empty}}, 0x1e)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r7, 0x65, 0x1, &(0x7f0000000200)=[{{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}], 0x1)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000340)=@newqdisc={0x280, 0x24, 0x100, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x254, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x0, 0x2, 0x8000, 0x17, 0xf, 0x7, 0x3}}, @TCA_RED_STAB={0x104, 0x2, "35cf8d1d07ff6056936737bb0f0c38c342ce4e28ae1d00e2a19105b926c27f2bcb7445c91854e7f621245cd6ae0fcf17b33ebdde55d3d3968ac4bddffb71796c59a9931f0dc7bce525d6c122468911848f8919c8ba85ec8c24b8740469e143f0acb5aee3fb57806016a1f9d5feb2c76097d465e6e77ba70b51b544081e747833ef2ecbba393a6c93832f46ecc8440a35e3ea2af952dbeb30791193ba9fb464025a244070e9f59968d8e68239dd370936fa74949406dbd31258fb950a07ac030de5f78d7c04ded5dbfc6d08f012555858f6f534bebeb54b3f11d74f43b80a589cf11a1b1ec06f69cc5016de0bfcd7bdd4ceaeda2468820d74587d053ed862557c"}, @TCA_RED_STAB={0x104, 0x2, "fec63e04333b2d1d2279f60a715237cdf1a08f5a09faa3a06e4e696d615814674c0ac1a776dc11cb03ce783096cab3abe448fdd88c933b50fef0581ec97b8afc6a5296009f6554012cd3510b9ea532ab051cca30bae0b7f3d680d3332bf581c674ddd9f1b08e7cd4a00dd591806c7c4ed4bab69830118241ba992fe7cd8495b8fd931e974d101e42d00b660c4dc62d0eb202425b85b5f90a12494a08be1ccc5c8d9a902e75242b971226a26ecc316818254fef8fb22b5433ce37dd7697b3dcce49d91b1ce86e57f3f74ba9b3dabeea68a64a4ad174b324e0efa27ebe9173c738cd014db5c669d619f5c76cf1efa06f6020423ddc6c6abe3ea63f7fc32d5e9730"}, @TCA_RED_MARK_BLOCK={0x8, 0x6, 0xffffffff}, @TCA_RED_MAX_P={0x8, 0x3, 0x6}, @TCA_RED_EARLY_DROP_BLOCK={0x8, 0x5, 0xfffffffd}, @TCA_RED_EARLY_DROP_BLOCK={0x8, 0x5, 0x7}, @TCA_RED_MAX_P={0x8, 0x3, 0x1c}, @TCA_RED_FLAGS={0xc, 0x4, {0x0, 0x17}}]}}]}, 0x280}}, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x2010, r1, 0x1a09d000)

978.894785ms ago: executing program 1 (id=4620):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000010000000f00"], 0x2c}, 0x1, 0x0, 0x0, 0x24004040}, 0x80)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffe, 0x8000, 0x7, 0x81}}]}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendto$packet(r7, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d88a8", 0x16, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14)

923.693462ms ago: executing program 3 (id=4621):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) (async)
r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000240)=ANY=[@ANYBLOB="000000000080040003000000000000000700000000000000", @ANYRES32=r0, @ANYBLOB="00000000bc0900"/28, @ANYRES32=r0, @ANYBLOB="000000000200"/28, @ANYRES32=r0, @ANYBLOB='\x00'/28, @ANYRES32=r2, @ANYBLOB="000000000300"/28, @ANYRES32=r0, @ANYBLOB="000000000300"/28, @ANYRES32=r0, @ANYBLOB="000000000300"/28, @ANYRES32=r0, @ANYBLOB="000080000f000000000000000000"])
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, r4, 0x26, 0x0, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r5, 0x4)
r6 = epoll_create(0x5)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xffe0}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x12000000}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xaf62}]}}]}, 0x44}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) (async)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000100)={0x1f, 0xfffe, 0x2}, 0x6) (async)
epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r7, &(0x7f0000000080)={0x100000019}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

834.31117ms ago: executing program 0 (id=4622):
r0 = socket(0x22, 0x2, 0x4)
bind$bt_hci(r0, &(0x7f00000001c0)={0x22, 0x4, 0x4}, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xd, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x88}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34}, 0x90)

833.23961ms ago: executing program 4 (id=4623):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0xffffffffffffff5f, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x7c}}, 0x0) (async)
r1 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r2 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x5, 0x0, 0x0, 0xc, 0xfffffffc}, 0x9c) (async)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f00000001c0)=0x7a7, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e22, 0x2, @remote, 0x4}, @in={0x2, 0x4e22, @broadcast}, @in6={0xa, 0x4e24, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}, @in6={0xa, 0x4e23, 0x4, @mcast2, 0x9}, @in={0x2, 0x4e22, @rand_addr=0x64010101}, @in6={0xa, 0x4e23, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7ff}, @in6={0xa, 0x4e24, 0x7, @loopback, 0x4}, @in6={0xa, 0x4e23, 0x800, @loopback, 0xe435}], 0xe8) (async)
r3 = socket$inet(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000000)={'icmp6\x00'}, &(0x7f0000000040)=0x1e)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a90010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5a4f159d6e5fe8e31627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461469a72f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b87901a2e8f50900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x0)

807.712139ms ago: executing program 3 (id=4624):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r2=>0x0})
socket(0x400000000010, 0x3, 0x0) (async)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020500000a00000000000000000000000300060000000000020000000040000000000000000002000100000002000000ee00000000000300050000b976c653ff7f7ecc1414aa0000000000000000424862e70b179af01cd20a5b934b8c46ab661ead3ffacf18b289c7298dd623d599a773eaf4047bf9caeaf23fa209780f90d739f73bfe4fe7fcd3cea4e9a5131d069e60f03d1455023c435c7bb9ea05a95da6574e6f4559ab90a5e3c650ec91392e2af1774814d683adbb77de5f6bdb28304d85f3e2e4630badd0c24bbab2f669ab93281161b5a9ff2fc9b8421df9dea90a500f51425e217561"], 0x50}, 0x1, 0x7}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000280)=0x6, 0x4)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00'}, 0x80) (async)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, &(0x7f0000000680)="6e396043c7f73cdb24daad17f83ce74b34cd63b8facb5c284d61010075bfdbc35cfe8116ba2125d355b852159de6df41715a3e9d41970b39c9293403d0e740dd1fd8e8b590936714c68252a41c8876cefdd8a3b4e05edd64fafd10e7ab0feabc0e", 0x0, 0x0, 0x2}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, &(0x7f0000000680)="6e396043c7f73cdb24daad17f83ce74b34cd63b8facb5c284d61010075bfdbc35cfe8116ba2125d355b852159de6df41715a3e9d41970b39c9293403d0e740dd1fd8e8b590936714c68252a41c8876cefdd8a3b4e05edd64fafd10e7ab0feabc0e", 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x8, [@struct={0x0, 0x1, 0x0, 0x13, 0x0, 0x2, [{0x5}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x51, 0x3e]}}, 0x0, 0x38}, 0x20) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x8, [@struct={0x0, 0x1, 0x0, 0x13, 0x0, 0x2, [{0x5}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x51, 0x3e]}}, 0x0, 0x38}, 0x20)
socket$unix(0x1, 0x1, 0x0) (async)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x24000010) (async)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x24000010)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
socket$can_bcm(0x1d, 0x2, 0x2) (async)
r13 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r13, &(0x7f00000000c0), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r13, 0x8933, &(0x7f00000001c0)={'vcan0\x00', <r14=>0x0})
sendmsg$can_bcm(r13, &(0x7f00000002c0)={&(0x7f0000000100)={0x1d, r14}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)={0x1, 0x88, 0x5, {}, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x1, 0x3}}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000800)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001480)=@delchain={0x24, 0x64, 0x425, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r12, {0xf, 0xfffb}, {}, {0xb, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8808}, 0x840)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r1, @ANYBLOB="cf042c9d7000fbdbdf251200000008000300", @ANYRES32=r2, @ANYBLOB="0a000600ffffffffffff00000500c200820000000800a400030000003400ac00135ec1fefc4f5ba6be6c1af4ea7e19da007981ee1bce56c1bd23c1d1ae6eb6a5682a7927bc133d5be7d045b94f1146c6080014"], 0xa0}, 0x1, 0x0, 0x0, 0x24008091}, 0x0)

746.715542ms ago: executing program 0 (id=4625):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x14}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0xa4}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000c80)={0x50, 0x1, 0x2, 0x301, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x14, 0x4, @private0}}}]}]}, 0x50}}, 0x0) (async)
r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x4, &(0x7f0000000140)=ANY=[@ANYRES16=r2], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x11, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x79)

668.232699ms ago: executing program 1 (id=4626):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
r1 = socket$l2tp(0x2, 0x2, 0x73)
connect$inet(r1, &(0x7f0000000200)={0x2, 0xce20, @remote}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@setlink={0x40, 0x13, 0xb23, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x35400, 0xa}, [@IFLA_NET_NS_FD={0x8}, @IFLA_PHYS_PORT_ID={0x18, 0x22, "7c42c3f211bb4d1779864cf054a48c39dc745a5a"}]}, 0x40}}, 0x800)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) (async)
socket$l2tp(0x2, 0x2, 0x73) (async)
connect$inet(r1, &(0x7f0000000200)={0x2, 0xce20, @remote}, 0x10) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@setlink={0x40, 0x13, 0xb23, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x35400, 0xa}, [@IFLA_NET_NS_FD={0x8}, @IFLA_PHYS_PORT_ID={0x18, 0x22, "7c42c3f211bb4d1779864cf054a48c39dc745a5a"}]}, 0x40}}, 0x800) (async)

550.197813ms ago: executing program 0 (id=4627):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "87fb89", 0x8, 0x0, 0x0, @local, @private2, {[], "c10a074faa17e05f"}}}}}, 0x0)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000080)="fc")
socket(0x2, 0x806, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x600)
r3 = socket(0x1e, 0x805, 0x0)
connect$tipc(r3, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}, 0x1c)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=@newlink={0x40, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
write$cgroup_subtree(r1, &(0x7f0000000340)={[{0x2d, 'net_cls'}, {0x2d, 'blkio'}, {0x2b, 'rdma'}, {0x2b, 'net_prio'}, {0x6, 'net_cls'}, {0x2b, 'rlimit'}, {0x2d, 'blkio'}, {0x2d, 'perf_event'}, {0x2d, 'pids'}, {0x0, 'io'}]}, 0x4e)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)={0x34, r6, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'gre0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4001}, 0x40000)
sendmsg$SMC_PNETID_FLUSH(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r6, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, r6, 0x100, 0x2070bd26, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_team\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x96, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r1)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000500)="d7")
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000000))
socket$inet_tcp(0x2, 0x1, 0x0)

549.688243ms ago: executing program 4 (id=4628):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet(0x10, 0x3, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_SET_LBT_MODE(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010029bd7000fcdbdf252900000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8084)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000000c0)=<r9=>0x0)
setsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@private0, @in6=@empty, 0x4e22, 0x0, 0x4e21, 0x0, 0xa, 0x80, 0x20, 0x33, r3, r9}, {0x4, 0x55, 0x7fffffffffffffff, 0x8, 0x6, 0x7, 0x1, 0x6}, {0x6, 0x4992, 0xf, 0x7}, 0x7b, 0x0, 0x0, 0x1, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x33}, 0x4d4, 0x2b}, 0xa, @in=@local, 0x3500, 0x6, 0x1, 0xa2, 0x9, 0x4, 0x9}}, 0xe8)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xac, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xac}}, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000002c0)={0x4, [0x0, <r10=>0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x14)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r8, 0x84, 0x78, &(0x7f00000003c0)=r10, 0x4)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
vmsplice(r11, &(0x7f0000000340)=[{&(0x7f0000002000)="f838b39ffa3563660f9814b4227413e01fae8c141a89fc121c5f52b430714dbfc5ba621390d85264f9f52ca984710f2881e3212a01c3034108a0c02d4e919f4ee18f640d365b63ac188f41180848d0d665f4579b93862a15f7b4b028f4cde79106a7d282246ac8139032e3c2b4b18924f0edb1a8bd986355a2cbad0104572adf7a986e927e0db561b8f711c7e23bbc1a5623b3704c55b2692a59ccb07d2a2de3321a476d3603ede9dbf268e67a43b491d980dbaa47e4e23c1f84379261076492f0a46598b1c2913db95ece9a9707d220f22aa438f29329ffef4cd6ebfd65ef97015949009f057d45c159173d7cb724e10037930e6674b18b607ef8d9a31fffa75579b4946adda7aaef92c894dea722960f333e0091f1f5119cfa9b4bef09d038545b640136210c93c329ed414e9dd66d3fe95ccca9ad614a1a97ca69c24fbeba68b23b2e00f86112e449979f4c982d2979740ff35eab13b861a6fb82c4cc90cf90275bf3029088558f16ca95d0056f0896131b4d62a85b6e3934bc9cef4824ca26d4a3042eb245243cc85a3c0fd1a477f4d22e55df0552f741d66995b0aac6115b7b9a455cd63d72ccd475eaaffd61bd680c9f3c622ca346afd8d8fc0097b61ad9ab12334f087a67c7db8010f7c096ac58b249dc453e705e6b70b9716f2b25be92b1eb2ea4059a580075ebeb08638351a23d7b00a8c28b989904e77edb5ac8824d97efec33916d5b90b359072a96490a2debe5f1b32fc52376a9168bd5407e6ca04ea62810ed78d584756600c738c189cd84c53ba8c86ba3340486e57e79c5068ca821e5e5622a977810e7536fe2d1bfe4125ffbdd0ad9f9b83266cd64570926612d130929c2112250755a1df6d8adb07d1d3b757cfea3a4b5e1cbfb061ec435c3f827ac25b40c556365dd410eff71a6ad47ffa5c832f44dc5fcf6a8cdae20850759df64b043b16a8782ee71de81812b06b2162dcc87eb34277dfd6ab7978e67653a8ec3a72a403478929a8cad89bba6088b54cfcbb25d1c3274dc8568229f1145c645c7e9fa9f28567d379bad2b467ce245223784576ec5b1cc2568153646b56ceaabb10396ab678b01ea61c28feba102284136d015cd8ce0c745ba0e8e2839ae928396b3446d7f824443ae92a8607196458799bc39ed67215a616366b7cfc2e216846441260d2dfd4c42039ca35bc53e1fb7885996ee8a1570e98a726e8a263898a6c9d885b4c88b81c6457587ed1959a02da5fb1ed3ae1decc14927c610010ce21f7297899167cea2231a99dc8b031e20c4d05987ff27ec2ecf9f90ccbad959e976ff9d2945d8975c9c4241fbd89af9164d3d0fc3fb12108304b33d6f50115362a518be54dd7b4bf213cd6f27a0257b8087f16b03997a68342f8ad5d253e27bab8f838211d79ae58cb0eb560c9994e3731c25cc3bf2e0ffbf13e746733da1f77c8b7f0ec2c93a9a27b7d56577f4aec10c270ddea7dc5b3f64feebf979aac54d155b903e4a7c946860d83d7aa53b80ecf86ec8d524a3d9ef3bb6b3d9b867f32282742b9e5792eddc0d466ac6e90971005d172d27cdbfa731e4cb1e5d6426a85d2d0bea19c7f27e3e6f781420bb79b7111e8959f99ea92b72a10c9c86f4f38e6700c93d9274f4572483ec8982e84fde86d11dc73a032cc66b5488a2945ee317ac4005aa33831e7737d3813e82618b9eecb8e454097622fd0bfd2a00994a223ac70d1f76ff21e64c886ba1fb8cea1fce2f8fd7221762f8925d17ee19eb345c631ea22cada57858fddf46753d894778012a7a5058b5765f9c96db357e9a7791a1edc2d7cd687ea67a63ed30f269c89f44530eaa5707faf6f1b897916e6df4df59e950d0ce371fdb54eedaf1ac74b51fb250a1e527439c67ae0945e5405f1ab6804732bf58c3744df95727d763de1f354a3945b9f8830c1c44ba02755ca10c9f765cab0f1bc3d3344aa91c468ead490629d19e64dcffe653d246832987a348f4284a95b53d9e661d2b6fb6509f45e7658ad3ef9985777fdc16b285e7534051ab31f50b365fee48302a13ae582446ef24213763c85f41210e34e8215ef3ad0d88c4369282bddabe3fae7ed243a08887647cdaf5b21b95d2cf03384ab5c9c19cec2bb04e016faba9c9c735803187f677377b84e3738635a49f452baee5060a4421d1eaa17aee81fa4ff6f9321d777a73128ab73affe7916491b6fd68a16e61b9d9f3a6f92769abe47542e4cb6501960d1a5ada70413cd2d19944891e65c67ec8979b5ee02468391a364d3bba313c4cf9ae99f364578c94b5554cb86a0f1ed71cc12cc6c4c4c8ba4d47b76c71d8dbd495bb608283b8edc2a02e74aea7073f07580e533e2d2fa2277c7bbc321ec1a42ddec9e120b85e8a6141400c6726692a58addb880c481a37dc0a6db923f9efae3c4ac3ab8f0c385d2cadf0620edfccb6896c98814f434ee126339f4ca360357faf27c49ae3bfec7b5b83e9b24f8b6fca947c15cb7ca433448f892af38725d337b2117b73fdce163c72d86f351cbd23c5e6da8fe4bb898da60a541cd719aced686896e20d8acff58365a4f75bf42333b7c29cadd998d7b1ff0977b119219e632d59818809827e1b3ecba476d259d2e55135f37138fd071ee7b42ace788aff5bef0df7cac215af38dadf99b6cd287139ccb4dd9a9c5ccb31c00a3a30b93ae95c78e67761143b711cccc2b13eff4ffee045cfb3efa4b15252f00c9ef41d4e9f537cf4270b5ff42454723f8f2b8501185f21bfe35e1013e01121ffae3a97333e8948498df714cdc6409e44f94e27bb995590badbc01f579e28fc3061f8997f556d7aff8f956a20b31f4ec87906e5d0cde8d8c8a44f0f3099fc8ae279af5968a02bb4b1fa06e9ba1629aac46ba0dc796f7813885d43717e332e0484a30383e374e26ab50afbc64883e8cfc7198904f877a09a75f05b189f0c8dcf42a452762d38c3bc3e261888cf4af346d1d87be963d66724ca46ad395784edc7e7956bac538b5adbc86d6ef51b708d548b5470f927700566332ec8b563909dbad42e90afff46e8b33fc66852d75bb2c3249cf12d21dc57be32c06a070d62dbc8b037f422cbb4ff7753e90eca15f28f24c1a5e37e3bb466d1448cc2693f198c8e8c75dc663f3254ac1a6e7d52756a6da5d755fbf301425c60650ababed9928efbeb8bb1bb9994742926763c43a2108cea9d5fd5a640879574d20ee3d4974f5647ca44353904927215b7918570c88e245ecc2385167fd1ca83618c821331d54d06b43224c3d6681db55d4b09d27db7915bb274051162b02a6cd64e8c4b0996650e0367652d652ef64fc13a8b3ed88c88e9532b56a2019c02583854f1952c028f82cffbcc030f370d193646b9aa076dc05fa057ca8769775140b55751297fa91698a9a82b89a614d96dfc153c52845913025ecc8984d333feaa50eca0002a885abb3ad5b513cc8409b040bac9ed8529a1a76c270a4df5b005356ac4220cd134d9434f901e6e7d96a374c80e4ed81977f36b27424304d879fe0889b50ada1da72a78e0070e35dc5ebb43d7c61ff52ff55e50ad298b00b97ad944dd161aed95f4009889927c24469403899bdd6dd7f8ecc195d6f5c9375164b331f915a29851d9b0230d07bab955091a141059a150d972739100035ae05c2bf9d8911e6b6171a6b4c2bcaa0e8567cf2a29fb6cb8adfe29e42e88094c36fa4e07bef31149bbd7d5166b620385bf422c51b4523e3eacab56ad54ee70d84572874a967779b737de35724502a3daaefc4ce1074bb11e9aad6879deb132ac240047af4e5e572edb5f122955a7b142b7bd96ef3cd069746f4b1dce2c94b6bf19e934a9d4f6edf3207172f1893cd8d35ed94f8ccda3d8ba3e7c5f886598bf8946df83fdd6a391c3b268b631c89ab7f2434bc02d3ecef208e236d06a4f14d1353012341ded0342cd2d580bbd0f88a14c56b4b9f12c2dece02fe02418c23e6d10b7d9ac6648165e47adf1857a4d0bb25c096aa510ce9f77671703bf7f887908fabcfcb26a7f1fca177ae3686e5e1db1bef474d155204ecd610d71fd90512192504f0cfc44fc38de414ffc5571ae72be4351c86d63be507982114afc33e38ee81a05910dafb240d4527082f85c61861233aeae8f3da8e2814c35ef709024ba08b53d5e26b8b855d8fd273012777c4517601252f7977189e9960667e8fb7c81fe544454c0ef2891c2fea071da9f9e2861b9cf50f74edf1baf98fb8e32d291e107603dd52b8f4225f50239e893f7320dc448305bb8f1f9ecdfe4480b7cb99095243cc576496b7d2a6ef2326b908ca525cae402b41ce45da7cc2f5356fab22a3693ef4107b9ee5cf150f8b263ba6868525ddb8e4e7c212f5764366025e5f1a1904eb7348269ae9a83aa5185be2e375f90883ed71bb7f542463ec0477042b91b88a8b1776e4e15333668bbf70271961ae39eb797e30f86dfd9a6b6393bbeeb47a43bf694b57b9e5dd4f312d3ebfa2040ea49a1700eab21c00ce2252ce3f68a5c65e0f390daa867cec74de2bddba3324dcec88d1c0c8850b4240d85fb5115410086924d5b6059b68a82d2a56edb7e535d8006be9771a5744167d06fa9f61e2e8e0e01a72b569b8ec559d2e776300077d535bcb55c89b732daf4438fafa26171a965bae949770a074f511abb445a34d26142d8dcfa5c66863ce79fde3d4f39bd205be5e4ce365ef0db4b9beca1c64784ee020af1c89094879134ab8e7511ec1f0127dca4ba124b53c4c11a169f1757ad8b59829202f4afa77d8c8b8d8755297e4c31c5b8500b39a4f884146b19522e5142bcd5fe6531607a421f17989c1c1b34d587f45690444a589c3d2153a8bfb50cf7fa0045603ac64a3ed43c0b15936b829949e5059e22782b418b245d08945155a80e24d468612fc9b59c285b53ba6cf553df1f189a1951858892655c8151c2c4b3bec9e315c8c418070405e4ef6a0f62e2469a0c4fa42058b516b941f2a25380b5a042b055bb94447046a507d7e6c12432ddeaf91482416f87b2f16bc0c219deb6c0c5cd3b400e7b9039e720232c56b15360961c30ba4b8e18fee5405018efd8e58215b434c6843e0b8be3967bd398d965f56347c7f320d6ac8636e57608091e2dc5700cff7203453fa3a563221bd1e742b09647084c602dd2ec7fbef818e1cea31616c76c6cf0964cc5b467c213045888d5ab16061f1fbd6c9318c9fc56848387326283a50d6579af007481788db0579c46b234c7c9e960cee926c1c944cbca122188bc215618ba717f4c6bcd4b4e6cde50bf9b43b67663001e581f5dc55086d8f197b7fcaa9f305f2f499f97403d0a68efb55e99916721ecfa16d9d0ea8a504c2be80a1afbc6e164973be524e82db0e69694d38afe22620bbd2862e27a180ef3fb6b07069dd3f5939438edbcd5031964490d202e95f799fe63de55fca280b4315a1e2d8dd52e8cf6e86e8f376f477de7e729410bd0544997de7359c77b4a6e0e21abbfd07e25fbcbf015e687d779b283e8aeb98309795296595feabe56ed322a1a8c90a36fd29c1471cabd0e32d6022988fae5fecb5dcbe1e8b2552e0a97f35b92c774a79aa6b1f117218ddbe97686ab63d61d95f160293aca171398cf3b3bb01fd8b529767166ed5a76ad17f3c217fcd8d9d9c85afa113f85eb65befb9c9029b34f24cda431b98217b7f43c79f9250ecd4828fb46023b6e8083f25e4d4c34056834159860dca5f529052c6c3b6c23993231862c9326076d88f4447a753ed5be0a6bfc34bac7d8fe34187b1d4f6f6cee1313052057225c88f9f0ba3e", 0xfe41}, {&(0x7f0000000300)="9b364acaa018d77f8143825708d8", 0x1}], 0x1000000000000029, 0xa)
ioctl$sock_kcm_SIOCKCMCLONE(r11, 0x89e2, &(0x7f0000000000)={r1})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x5}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)

547.061987ms ago: executing program 1 (id=4629):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES64=<r1=>r0], 0x4c}, 0x1, 0x0, 0x0, 0x95}, 0x1)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
r3 = socket(0x2000000000000021, 0x2, 0x2)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000080))
shutdown(r3, 0x2)
sendmsg$alg(r3, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40081}, 0x40000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_GET_MR(r6, 0x114, 0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001800010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f380000000c0a0101000000000000000001000000040003800800044000000001090073797a3000000000140000001000010000000000000000000000000a00"/188], 0xbc}}, 0x0)
sendmsg(r5, &(0x7f0000000140)={0x0, 0xfffffffffffffc7d, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="a743dc6e84edb19d5426fb439885a829ce94e6d63f5655f220156ad73310cacae4e5aa127452e12e84fcc8a26fcdad5373c928521a502be75a63090138c269e989b6ac17cf9ec5f43a98bc83803ba74a4f81c3e8b90530548c33e0e3604f5648d52b04a2d459fc7e1177875270d6658d9995b9c744a3c78fc47dfed135fb366b999ee89fa0ef3f819ec35272ac622b22e58ac807d4af1f7a2c64285428ac88fc8e33ca301774f4eca91508395221c7d3a971fe816c1fd05069688e330c25076238f88b688e587a4ba90c9b5e01ac7a4a16707ec112ea", @ANYBLOB="baa5020ea30181d056e7d95abbe9f6c81e51b84bfd5cd30e71e257edf78effc57c14b6f0efda77e4777d7138a6b5220904642c3edf17998bb7fb9be88e19ccaaf94053a1d2f738a30aa6d2b5a602715667d279da806e2e59b25e03cd5d82e56da8d41102c75fef348c553cd7b0aafc90c5e9bc1221bbbc991f33f01d2b28e4d4f9f66cba6b1fbeca236451d2584e3adb46f96bfc66d13a07a9ee0e4ebc31629c5fcae4d1b85e6eafa7c2c27de159a7924b36b5223663c453604ae8e640e0974d5ce50fe8e5ccc81005148d709392302215d90006c8d93db11ed35ac3c20a959c259c7babbc5f2da133e20414515e9059bad8ccc3dff763ae1ea31a55dc114820940b70125ad3aca71aeb4030d93411d8cb42276c574db3f6b903836e7290f42a75", @ANYRES8=r4, @ANYRES16=r1], 0x90}, 0x4018)

519.22019ms ago: executing program 3 (id=4630):
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r0 = socket(0x2b, 0xa, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000243cf38c861db6bf0085100000020000008500000076000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xb)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000140))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x35, &(0x7f0000000340)=0x2, 0x4)

322.228994ms ago: executing program 1 (id=4631):
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x80000000, @local}, {0x0, 0x37c1, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400000002060108a3ba0000000000000000000005000002070000000900020073797a30000000000c0007800800139adf00000110000300686173683a690005000200000005000400000000009ebc1783d2e9d17b5626475102ceca5578cc46653ec400f500d39f6c61f10c8990a6f31f5dc49336d46313dfa26661f98b0a5d021c2c8c4063f7ec9e40d4129de5ab00e32a26a15a172aa9c713928ff432aee1a4658bf20c6d44ba133b31c53d91aff8f5110357ae19b0d0f5f3124ec8fd291cda2f45d966fdcb2b9c7bf93fc472e92a029eb96c821ee9e85e30e6ce8c529d32d9d9f1db1234"], 0x54}}, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400000002060108a3ba0000000000000000000005000002070000000900020073797a30000000000c0007800800139adf00000110000300686173683a690005000200000005000400000000009ebc1783d2e9d17b5626475102ceca5578cc46653ec400f500d39f6c61f10c8990a6f31f5dc49336d46313dfa26661f98b0a5d021c2c8c4063f7ec9e40d4129de5ab00e32a26a15a172aa9c713928ff432aee1a4658bf20c6d44ba133b31c53d91aff8f5110357ae19b0d0f5f3124ec8fd291cda2f45d966fdcb2b9c7bf93fc472e92a029eb96c821ee9e85e30e6ce8c529d32d9d9f1db1234"], 0x54}}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x50, 0x0, 0x20, 0xfffffff1, 0x3, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x9}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x860e}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40005800}, 0x20040045)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd700000000000050002008a000000200006000000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20048091}, 0x0) (async)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd700000000000050002008a000000200006000000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20048091}, 0x0)
writev(r2, &(0x7f0000000180), 0x100000000000003c)
socket$nl_netfilter(0x10, 0x3, 0xc)

178.207239ms ago: executing program 3 (id=4632):
unshare(0x26020480)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001800)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f00000000c0)=@file={0x0, './file1\x00'}, 0x6e)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000280)=0xffffffffffffffff, 0x4)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000380000003800000003000000010000000000000e0300000000000000000000000000000105002d1a40b100000000000000000003000000000100000002000000000000000061"], 0x0, 0x53}, 0x20)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000000)={0x3, 'dummy0\x00', {0xff}, 0xfffb})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x2, 0x41c, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000180], 0x11, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff02000000030000000400000060047866726d30000000000000000000000076657468315f766c616e000000003d862b0e341300006970366772657461703000000000000076657468315f746f5f68737200000000aaaaaaaaaa4100000000ff00aaaaaaaaaa2200ffff00ffff6e00000016010000460100004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000090000000700030000000000a5ecc33c8098bd0cfd5f4b6c99ce611e76187a16838331311491c4572a2e254445042fe6977692743457dab959c48f3fe65c0480f2bd5eb4d27f089cda6251c5000000004e465155455545000000000000000000000000000000000000000000000000000800000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000feffffff000000000500000005000000000076657468315f746f5f6261746164760076657468305f746f5f7465616d00000070696d367265670000000000000000006e723000000000000000000000000000ffffffffffffff00ff0000ffaaaaaaaaaabbffff000000ffe6000000160100004602000074696d650000000000000000000000000000000000000000000000000018000000000000000400000001ffffff2a3d0000f8310100feffffff03030000636c757374657200000000000000000000000000000000000000000000000000100000000000000072000000000000000900000000000000434c415353494659000000000000000000000000000000000000000000000000080000000000000006000000000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000010000000100000073797374656d5f753a6f626a6563745f723a6770675f6167656e745f657865635f743a733000"/1052]}, 0x494)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f000016e000/0x1000)=nil, 0x1000, 0x2, 0x40010, r4, 0x0)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x4c, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x75d}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8044}, 0x4)
sendmsg$IPSET_CMD_SWAP(r2, &(0x7f0000000680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x58, 0x6, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x850)

177.492257ms ago: executing program 4 (id=4633):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x14)
sendmmsg$sock(r0, &(0x7f0000001a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x24040860)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100))
r3 = socket(0x29, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000005200010000000000000000000a00000008000400", @ANYRES32, @ANYBLOB="aba6d1d4a11e93b73ecb26c1d06bfe6837f5c91992b77d19c4d34be00f050856bd8167d68137798b146f6b0996108640230ee6b3f600222b9d4ee68cf198f8622e79133fb340"], 0x1c}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x8607}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001300)={0x1c, 0x16, 0xa01, 0x80000000, 0x25dfdbfe, {0x2}, [@typed={0x4, 0xec}, @generic='!']}, 0x1c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x40, 0x107, 0xfffffefe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x3, 0x0, 0x0, @uid}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)

133.914635ms ago: executing program 0 (id=4634):
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd0000ffff080088"], 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x1b8, r2, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "1e89df2c200377d48bb26e440b"}, @NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}], @NL80211_ATTR_AUTH_TYPE={0x8}, @key_params=[@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "4a1456ea7e93385329f9219c76"}, @NL80211_ATTR_KEY_SEQ={0x7, 0xa, "85d40a"}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x21}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "333f6a4aa11334f71eebb148a6"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "ff935a22e86a122f9eb2ab1c14"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "c5507aea4774e0666ee4bbe251"}, @NL80211_ATTR_KEY_TYPE={0x8}], @key_params=[@NL80211_ATTR_KEY={0x40, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_SEQ={0x8, 0x4, "3cff6aab"}, @NL80211_KEY_MODE={0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "0e3a4552e7"}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_SEQ={0x14, 0xa, "d357b6a9fc270c34f916d4870662b2a4"}, @NL80211_ATTR_KEY_SEQ={0xd, 0xa, "398e65cf1be3628e26"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x5}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}], @key_params=[@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_SEQ={0x8, 0xa, "676be0b7"}]]}, 0x1b8}, 0x1, 0x0, 0x0, 0x810}, 0x10)

133.684831ms ago: executing program 1 (id=4635):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt(r1, 0x8, 0x80000001, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601000000000600000000000000000e0003006277746d61703a697000000005000400000000000900020073797a30000000001800078008000840000000000c00018008000140e00000000500050002000000050001000600000057a0c3bcab7ba31ff1"], 0x60}}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0xd0, 0x0, 0x300, 0x70bdaa, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9a}, {0x6, 0x11, 0x8bac}, {0x8, 0x13, 0x7f}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0x13, 0x7}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x7ffd}, {0x8, 0x13, 0xf}, {0x5, 0x14, 0x20}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001cd72fd58443ca469eef6756f4d9d8001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x20000000)
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r5, 0x200, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0xe}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4081}, 0x800)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000b"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000180)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x40, 0x1, 0x0, 0x8000, {{0x19, 0x4, 0x0, 0x29, 0x64, 0x64, 0x0, 0x7, 0x2f, 0x0, @multicast2, @local, {[@ssrr={0x89, 0x1b, 0x85, [@rand_addr=0x64010100, @rand_addr=0x64010101, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @private=0xa010101]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x14, 0x37, 0x3, 0x5, [{@broadcast, 0xf}, {@local, 0x7}]}, @noop, @rr={0x7, 0x1b, 0x8a, [@dev={0xac, 0x14, 0x14, 0x34}, @remote, @local, @rand_addr=0x64010102, @broadcast, @local]}]}}}}})

92.707885ms ago: executing program 2 (id=4636):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000010000000f000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24004040}, 0x80)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffe, 0x8000, 0x7, 0x81}}]}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendto$packet(r7, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d88a8", 0x16, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14)

2.136995ms ago: executing program 3 (id=4637):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0x1ffffffffffffea3, &(0x7f0000000140)=[{0x6, 0x8, 0x3, 0x4}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x7, &(0x7f00000000c0)="fcffffff", 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ip6erspan0\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x60040, 0x0)
close(r5)
socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bond0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0x215, 0x30000}, [@IFLA_MASTER={0x8, 0xa, r7}]}, 0x28}, 0x1, 0xba01, 0x0, 0x400c014}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000000180)={'syzkaller0\x00', @random="2b0100004ec6"})

0s ago: executing program 4 (id=4638):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x25, 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000100)="812bb3912a768fcda115be846163095ac667", 0x18)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xf, 0x4, 0x4, 0x3db7}, 0x48)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r4, &(0x7f0000000040), &(0x7f0000000080)=@udp6=r5}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r4, &(0x7f00000003c0), &(0x7f0000000400)=@udp6=r5, 0x1}, 0x20)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'bond_slave_1\x00', <r6=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0xffffffffffffffff}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000045c0)=ANY=[@ANYBLOB="1400000c", @ANYRES16=r7, @ANYBLOB="010000000000000000000c000000"], 0x14}}, 0x0)

kernel console output (not intermixed with test programs):

ink: Flow actions may not be safe on all matching packets.
[  330.830855][T16715] netlink: 'syz.4.3016': attribute type 6 has an invalid length.
[  330.840502][T16717] netlink: 'syz.4.3016': attribute type 6 has an invalid length.
[  330.930294][T16663] chnl_net:caif_netlink_parms(): no params data found
[  331.259205][T16663] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.265649][ T8206] hid-generic 0005:0C45:1012.0001: unknown main item tag 0x1
[  331.267176][T16663] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.294481][T16663] bridge_slave_0: entered allmulticast mode
[  331.311109][T16663] bridge_slave_0: entered promiscuous mode
[  331.331148][T16663] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.331280][T16733] set match dimension is over the limit!
[  331.349066][T16663] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.349394][ T8206] hid-generic 0005:0C45:1012.0001: ignoring exceeding usage max
[  331.356509][T16663] bridge_slave_1: entered allmulticast mode
[  331.408622][ T8206] hid-generic 0005:0C45:1012.0001: unknown main item tag 0x4
[  331.435557][T16663] bridge_slave_1: entered promiscuous mode
[  331.438020][ T8206] hid-generic 0005:0C45:1012.0001: unknown main item tag 0x5
[  331.465768][ T8206] hid-generic 0005:0C45:1012.0001: reserved main item tag 0xd
[  331.487621][ T8206] hid-generic 0005:0C45:1012.0001: unexpected long global item
[  331.516523][ T8206] hid-generic 0005:0C45:1012.0001: probe with driver hid-generic failed with error -22
[  331.771040][   T52] Bluetooth: hci3: command tx timeout
[  331.774435][T16663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  331.806025][T16663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.900499][T16752] netlink: 'syz.2.3027': attribute type 9 has an invalid length.
[  331.908694][T16752] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3027'.
[  331.911645][T16755] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3026'.
[  331.983915][T16757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3029'.
[  332.014730][T16663] team0: Port device team_slave_0 added
[  332.032180][T16757] 8021q: VLANs not supported on ipvlan1
[  332.052701][T16663] team0: Port device team_slave_1 added
[  332.147969][T16663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  332.157965][T16663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  332.212312][T16769] xt_hashlimit: Unknown mode mask C4, kernel too old?
[  332.221129][T16663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  332.233953][T16769] xt_hashlimit: Unknown mode mask C4, kernel too old?
[  332.250650][T16663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  332.257725][T16663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  332.286415][T16663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  332.424838][T16663] hsr_slave_0: entered promiscuous mode
[  332.432889][T16663] hsr_slave_1: entered promiscuous mode
[  332.441151][T16663] debugfs: 'hsr0' already exists in 'hsr'
[  332.447002][T16663] Cannot create hsr debugfs directory
[  332.908590][T16795] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[  333.022311][T16798] sock: sock_set_timeout: `syz.1.3042' (pid 16798) tries to set negative timeout
[  333.080608][T16663] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  333.142020][T16663] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  333.167312][T16663] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.189577][T16800] netlink: 'syz.1.3043': attribute type 7 has an invalid length.
[  333.842762][   T52] Bluetooth: hci3: command tx timeout
[  334.635308][T16663] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  334.645959][T16663] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  334.657497][T16663] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.874030][T16663] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  334.895827][T16663] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  334.924730][T16663] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.954493][T16829] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  335.058211][T16663] bond0: (slave netdevsim0): Releasing backup interface
[  335.072499][T16663] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  335.083985][T16663] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  335.096906][T16663] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.230092][T16838] syzkaller0: entered promiscuous mode
[  335.235698][T16838] syzkaller0: entered allmulticast mode
[  335.300125][T16835] syzkaller0: entered promiscuous mode
[  335.306418][T16835] syzkaller0: entered allmulticast mode
[  335.394419][T16860] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3055'.
[  335.452356][T16862] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3055'.
[  335.928520][   T52] Bluetooth: hci3: command tx timeout
[  337.711916][T16859] lo: left allmulticast mode
[  337.716854][T16859] pimreg: left allmulticast mode
[  337.737373][T16866] netlink: 'syz.1.3058': attribute type 11 has an invalid length.
[  337.747860][T16866] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3058'.
[  337.845837][T16870] x_tables: unsorted underflow at hook 3
[  337.866369][T16870] netlink: 'syz.1.3060': attribute type 10 has an invalid length.
[  337.876362][T16872] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3061'.
[  337.891048][T16870] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3060'.
[  337.912281][T16873] xt_hashlimit: size too large, truncated to 1048576
[  338.000797][   T52] Bluetooth: hci3: command tx timeout
[  338.013616][T16663] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  338.091759][T16888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3063'.
[  338.107056][T16663] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  338.179404][T16663] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  338.230617][T16663] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  338.521561][T16894] bond18: entered promiscuous mode
[  338.526808][T16894] bond18: entered allmulticast mode
[  338.532712][T16894] 8021q: adding VLAN 0 to HW filter on device bond18
[  338.542690][T16899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3067'.
[  338.582515][T16908] lo: entered allmulticast mode
[  338.770946][T16923] netlink: 'syz.2.3071': attribute type 4 has an invalid length.
[  338.854901][T16663] 8021q: adding VLAN 0 to HW filter on device bond0
[  338.930062][T16663] 8021q: adding VLAN 0 to HW filter on device team0
[  338.953815][T16925] syzkaller0: entered promiscuous mode
[  338.971178][T16925] syzkaller0: entered allmulticast mode
[  339.034895][T13691] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.042250][T13691] bridge0: port 1(bridge_slave_0) entered forwarding state
[  339.172072][T13691] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.179314][T13691] bridge0: port 2(bridge_slave_1) entered forwarding state
[  339.257802][T16942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3076'.
[  339.313263][T16942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3076'.
[  339.394066][T16942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3076'.
[  339.819898][T16663] 8021q: adding VLAN 0 to HW filter on device batadv0
[  339.954162][T16663] veth0_vlan: entered promiscuous mode
[  339.994328][T16981] syzkaller0: entered promiscuous mode
[  340.017361][T16981] syzkaller0: entered allmulticast mode
[  340.137068][T16663] veth1_vlan: entered promiscuous mode
[  340.176394][T16997] sctp: [Deprecated]: syz.0.3091 (pid 16997) Use of struct sctp_assoc_value in delayed_ack socket option.
[  340.176394][T16997] Use struct sctp_sack_info instead
[  340.241929][T16663] veth0_macvtap: entered promiscuous mode
[  340.277153][T16663] veth1_macvtap: entered promiscuous mode
[  340.313801][T16663] batman_adv: batadv0: Interface activated: batadv_slave_0
[  340.372806][T16663] batman_adv: batadv0: Interface activated: batadv_slave_1
[  340.414827][ T1154] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  340.473234][ T1154] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  340.503626][T17016] __nla_validate_parse: 63 callbacks suppressed
[  340.503644][T17016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3096'.
[  340.505694][ T1154] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  340.518218][T17016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3096'.
[  340.547469][ T1154] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.567677][T17012] tipc: MTU too low for tipc bearer
[  340.693460][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  340.706772][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  340.760195][T17022] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3099'.
[  340.789469][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  340.812682][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  340.860455][T17027] ieee802154 phy0 wpan0: encryption failed: -22
[  340.896165][T17031] syzkaller0: entered promiscuous mode
[  340.906036][T17031] syzkaller0: entered allmulticast mode
[  340.996537][T17039] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3000'.
[  341.499604][T17056] batadv0: entered allmulticast mode
[  341.922533][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  341.933720][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  341.942237][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  341.960502][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  341.976875][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  341.986764][ T5826] syz_tun (unregistering): left allmulticast mode
[  342.007136][ T5826] syz_tun (unregistering): left promiscuous mode
[  342.020133][ T5826] bridge0: port 1(syz_tun) entered disabled state
[  342.084466][T17065] syzkaller0: entered promiscuous mode
[  342.113939][T17065] syzkaller0: entered allmulticast mode
[  342.186565][T13691] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  342.196936][T13691] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  342.209914][T17066] lo speed is unknown, defaulting to 1000
[  342.259422][T13691] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  342.300529][T13691] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  342.333803][T17066] hsr0 speed is unknown, defaulting to 1000
[  342.387273][T17066] lo speed is unknown, defaulting to 1000
[  342.426887][T17092] veth0: entered promiscuous mode
[  342.440971][T17091] veth0: left promiscuous mode
[  342.540751][T17096] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3120'.
[  342.551277][T17094] veth5: entered promiscuous mode
[  342.598979][T17096] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3120'.
[  342.618924][T17098] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3121'.
[  342.627843][T17098] openvswitch: netlink: Key 32 has unexpected len 1026 expected 2
[  342.638538][T17098] tipc: Started in network mode
[  342.643469][T17098] tipc: Node identity 0624612eb73e, cluster identity 4711
[  342.652465][T17096] openvswitch: netlink: Flow actions attr not present in new flow.
[  342.662078][T17098] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  342.676645][T17098] tipc: Resetting bearer <eth:syzkaller0>
[  342.733385][T17097] tipc: Disabling bearer <eth:syzkaller0>
[  343.142761][T17066] chnl_net:caif_netlink_parms(): no params data found
[  343.510095][T17066] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.517326][T17066] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.549359][T17066] bridge_slave_0: entered allmulticast mode
[  343.557329][T17066] bridge_slave_0: entered promiscuous mode
[  343.632452][T17066] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.650664][T17066] bridge0: port 2(bridge_slave_1) entered disabled state
[  343.657986][T17066] bridge_slave_1: entered allmulticast mode
[  343.666225][T17066] bridge_slave_1: entered promiscuous mode
[  343.787376][T17066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  343.823980][T17066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  343.958491][T17066] team0: Port device team_slave_0 added
[  343.973908][T17066] team0: Port device team_slave_1 added
[  343.987155][T17159] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3136'.
[  343.998833][T17159] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3136'.
[  344.045835][T17162] netlink: 'syz.3.3137': attribute type 1 has an invalid length.
[  344.088517][ T5831] Bluetooth: hci0: command tx timeout
[  344.100261][T17162] batadv_slave_1: entered promiscuous mode
[  344.107795][T17066] batman_adv: batadv0: Adding interface: batadv_slave_0
[  344.107937][T17162] openvswitch: netlink: Invalid MD length 60718 for MD type 0
[  344.116603][T17066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  344.145557][T17162] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  344.157479][T17066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  344.199048][T17066] batman_adv: batadv0: Adding interface: batadv_slave_1
[  344.206035][T17066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  344.257308][T17066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  344.285925][T17160] batadv_slave_1: left promiscuous mode
[  344.387956][T17172] syzkaller0: entered promiscuous mode
[  344.394003][T17172] syzkaller0: entered allmulticast mode
[  344.415978][T17178] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3143'.
[  344.427406][T17178] block nbd1: Unsupported socket: should be TCP or UNIX.
[  344.464064][T17066] hsr_slave_0: entered promiscuous mode
[  344.472243][T17066] hsr_slave_1: entered promiscuous mode
[  344.478842][T17066] debugfs: 'hsr0' already exists in 'hsr'
[  344.494317][T17066] Cannot create hsr debugfs directory
[  344.641059][   T25] block nbd2: Possible stuck request ffff888025250000: control (read@0,1024B). Runtime 60 seconds
[  344.653899][   T25] block nbd2: Possible stuck request ffff8880252501c0: control (read@1024,1024B). Runtime 60 seconds
[  344.665617][   T25] block nbd2: Possible stuck request ffff888025250380: control (read@2048,1024B). Runtime 60 seconds
[  344.675864][T17188] netlink: 'syz.3.3145': attribute type 4 has an invalid length.
[  344.679214][   T25] block nbd2: Possible stuck request ffff888025250540: control (read@3072,1024B). Runtime 60 seconds
[  344.751831][T17190] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  344.805893][T17197] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  344.820573][T17193] vcan0: entered allmulticast mode
[  345.057203][T17066] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  345.161284][ T5199] udevd[5199]: worker [6033] /devices/virtual/block/nbd2 is taking a long time
[  345.225087][T17066] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  345.247691][T17217] sctp: [Deprecated]: syz.2.3155 (pid 17217) Use of struct sctp_assoc_value in delayed_ack socket option.
[  345.247691][T17217] Use struct sctp_sack_info instead
[  345.344939][T17224] netlink: 'syz.3.3156': attribute type 29 has an invalid length.
[  345.363421][T17225] netlink: 'syz.3.3156': attribute type 29 has an invalid length.
[  345.443631][T17066] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  345.507691][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  345.524655][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  345.552837][T17237] openvswitch: netlink: Message has -2 unknown bytes.
[  345.578769][T17239] sctp: [Deprecated]: syz.3.3160 (pid 17239) Use of int in maxseg socket option.
[  345.578769][T17239] Use struct sctp_assoc_value instead
[  345.626292][T17246] netlink: 'syz.1.3163': attribute type 3 has an invalid length.
[  345.650422][T17066] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  345.677436][T17249] __nla_validate_parse: 5 callbacks suppressed
[  345.677454][T17249] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3162'.
[  345.762252][T17257] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3165'.
[  345.884548][T17264] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3167'.
[  345.907818][T17266] netlink: 200 bytes leftover after parsing attributes in process `syz.3.3166'.
[  345.934748][T17264] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3167'.
[  345.972615][T17066] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  346.044846][T17066] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  346.072284][T17066] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  346.097294][T17066] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  346.159736][ T5831] Bluetooth: hci0: command tx timeout
[  346.242406][T17066] 8021q: adding VLAN 0 to HW filter on device bond0
[  346.316135][T17066] 8021q: adding VLAN 0 to HW filter on device team0
[  346.352747][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  346.359999][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  346.405855][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  346.413172][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  346.489548][T17066] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  346.882777][T17066] 8021q: adding VLAN 0 to HW filter on device batadv0
[  346.935463][T17328] vlan0: entered promiscuous mode
[  346.942440][T17330] netlink: 'syz.1.3180': attribute type 10 has an invalid length.
[  346.994264][T17330] veth0_virt_wifi: entered allmulticast mode
[  347.040188][T17330] team0: Port device veth0_virt_wifi added
[  347.057848][T17335] netlink: 'syz.4.3184': attribute type 14 has an invalid length.
[  347.150172][T17066] veth0_vlan: entered promiscuous mode
[  347.195421][T17066] veth1_vlan: entered promiscuous mode
[  347.298023][T17066] veth0_macvtap: entered promiscuous mode
[  347.334859][T17066] veth1_macvtap: entered promiscuous mode
[  347.409570][T17066] batman_adv: batadv0: Interface activated: batadv_slave_0
[  347.430761][T17355] Bluetooth: MGMT ver 1.23
[  347.432835][T17066] batman_adv: batadv0: Interface activated: batadv_slave_1
[  347.512299][ T1154] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  347.522498][ T1154] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  347.550438][ T1154] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  347.585434][ T1154] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  347.703467][T17367] netlink: 'syz.4.3194': attribute type 1 has an invalid length.
[  347.746765][T17365] netem: change failed
[  347.788036][T17365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3193'.
[  347.802560][T17365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3193'.
[  347.825424][T17365] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3193'.
[  347.884909][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.905107][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.966564][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.982343][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.991590][T17378] 8021q: VLANs not supported on ip6tnl0
[  348.244098][ T5831] Bluetooth: hci0: command tx timeout
[  348.849224][T17411] xt_cgroup: invalid path, errno=-2
[  348.860034][T17414] netlink: 'syz.4.3208': attribute type 1 has an invalid length.
[  348.952638][ T3465] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  349.051978][T17416] macvlan2: entered promiscuous mode
[  349.077095][T17416] macvlan2: entered allmulticast mode
[  349.084389][T17416] bond19: entered promiscuous mode
[  349.092589][T17416] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  349.117070][T17416] bond19: left promiscuous mode
[  349.122769][T17419] can: request_module (can-proto-4) failed.
[  349.138936][T17423] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  349.203072][ T5828] bond0: (slave syz_tun): Releasing backup interface
[  349.231603][   T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  349.243562][   T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  349.253554][   T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  349.265268][   T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  349.275117][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  349.345929][T17424] lo speed is unknown, defaulting to 1000
[  349.354931][T17424] hsr0 speed is unknown, defaulting to 1000
[  349.363968][T17424] lo speed is unknown, defaulting to 1000
[  349.407034][T17432] bond20: invalid ARP target 0.0.0.0 specified for addition
[  349.415123][T17432] bond20: option arp_ip_target: invalid value (0)
[  349.426791][T17432] bond20 (unregistering): Released all slaves
[  349.853510][T17445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3217'.
[  350.017438][T17453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3219'.
[  350.215942][T17424] chnl_net:caif_netlink_parms(): no params data found
[  350.318997][   T52] Bluetooth: hci0: command tx timeout
[  350.440514][T17474] netlink: 'syz.3.3225': attribute type 1 has an invalid length.
[  350.449366][T17474] netlink: 'syz.3.3225': attribute type 2 has an invalid length.
[  350.457123][T17474] netlink: 'syz.3.3225': attribute type 2 has an invalid length.
[  350.479478][T17474] netlink: 'syz.3.3225': attribute type 2 has an invalid length.
[  350.487370][T17474] netlink: 'syz.3.3225': attribute type 1 has an invalid length.
[  350.495542][T17474] netlink: 'syz.3.3225': attribute type 1 has an invalid length.
[  350.504555][T17474] netlink: 'syz.3.3225': attribute type 2 has an invalid length.
[  350.716389][T17424] bridge0: port 1(bridge_slave_0) entered blocking state
[  350.738759][T17424] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.753799][T17424] bridge_slave_0: entered allmulticast mode
[  350.773061][T17424] bridge_slave_0: entered promiscuous mode
[  351.149702][T17517] __nla_validate_parse: 3 callbacks suppressed
[  351.149722][T17517] netlink: 404 bytes leftover after parsing attributes in process `syz.3.3232'.
[  351.156605][T17510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3231'.
[  351.172478][T17517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3232'.
[  351.361730][   T52] Bluetooth: hci2: command tx timeout
[  352.241574][T17424] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.249139][T17424] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.256463][T17424] bridge_slave_1: entered allmulticast mode
[  352.264198][T17424] bridge_slave_1: entered promiscuous mode
[  352.346817][T17424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.420864][T17424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.554556][T17424] team0: Port device team_slave_0 added
[  352.574986][T17424] team0: Port device team_slave_1 added
[  352.589034][T17532] netlink: 'syz.0.3237': attribute type 1 has an invalid length.
[  352.687724][T17424] batman_adv: batadv0: Adding interface: batadv_slave_0
[  352.699605][T17539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3239'.
[  352.705970][T17424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  352.740051][T17424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  352.755844][T17424] batman_adv: batadv0: Adding interface: batadv_slave_1
[  352.783028][T17545] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3241'.
[  352.792370][T17546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3240'.
[  352.804454][T17424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  352.832670][T17424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  352.844741][T17551] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3241'.
[  352.873984][T17549] dvmrp0: entered allmulticast mode
[  352.880127][T17550] dvmrp0: left allmulticast mode
[  353.056817][T17424] hsr_slave_0: entered promiscuous mode
[  353.067502][T17424] hsr_slave_1: entered promiscuous mode
[  353.075706][T17424] debugfs: 'hsr0' already exists in 'hsr'
[  353.082192][T17424] Cannot create hsr debugfs directory
[  353.203477][T17558] syzkaller0: entered promiscuous mode
[  353.209840][T17558] syzkaller0: entered allmulticast mode
[  353.365276][T17577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3251'.
[  353.444717][   T52] Bluetooth: hci2: command tx timeout
[  353.500013][T17584] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3253'.
[  353.591178][T17424] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  353.615240][   T25] block nbd0: Possible stuck request ffff888025195080: control (read@0,1024B). Runtime 210 seconds
[  353.627531][   T25] block nbd0: Possible stuck request ffff888025195240: control (read@1024,1024B). Runtime 210 seconds
[  353.640547][   T25] block nbd0: Possible stuck request ffff888025195400: control (read@2048,1024B). Runtime 210 seconds
[  353.652295][   T25] block nbd0: Possible stuck request ffff8880251955c0: control (read@3072,1024B). Runtime 210 seconds
[  353.731377][T17596] netlink: 'syz.1.3257': attribute type 39 has an invalid length.
[  353.782450][T17424] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  353.818727][T17600] netlink: 'syz.0.3258': attribute type 1 has an invalid length.
[  353.933127][T17424] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  354.008971][T17608] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3260'.
[  354.115792][T17424] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  354.559415][T17424] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  354.580106][T17424] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  354.593523][T17424] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  354.626292][T17636] bridge_slave_1: left allmulticast mode
[  354.633326][T17636] bridge_slave_1: left promiscuous mode
[  354.639406][T17636] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.663415][T17636] bridge_slave_0: left allmulticast mode
[  354.672686][T17636] bridge_slave_0: left promiscuous mode
[  354.682927][T17636] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.783576][T17424] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  354.795923][T17638] bond0: option arp_interval: mode dependency failed, not supported in mode balance-alb(6)
[  355.046295][T17424] 8021q: adding VLAN 0 to HW filter on device bond0
[  355.064567][T17667] xt_TCPMSS: Only works on TCP SYN packets
[  355.087229][T17667] IPVS: set_ctl: invalid protocol: 79 172.20.20.187:20004
[  355.090012][T17424] 8021q: adding VLAN 0 to HW filter on device team0
[  355.117413][ T3465] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.124623][ T3465] bridge0: port 1(bridge_slave_0) entered forwarding state
[  355.162501][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.169770][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  355.523120][   T52] Bluetooth: hci2: command tx timeout
[  355.571854][T17692] syzkaller0: entered promiscuous mode
[  355.577406][T17692] syzkaller0: entered allmulticast mode
[  355.677212][T17424] 8021q: adding VLAN 0 to HW filter on device batadv0
[  355.764193][T17424] veth0_vlan: entered promiscuous mode
[  355.801086][T17424] veth1_vlan: entered promiscuous mode
[  355.873637][T17700] SET target dimension over the limit!
[  355.890192][T17424] veth0_macvtap: entered promiscuous mode
[  355.911421][T17424] veth1_macvtap: entered promiscuous mode
[  355.947409][T17424] batman_adv: batadv0: Interface activated: batadv_slave_0
[  355.977658][T17424] batman_adv: batadv0: Interface activated: batadv_slave_1
[  356.017993][ T3465] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  356.042375][ T3465] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  356.063521][T17704] netlink: 'syz.3.3289': attribute type 7 has an invalid length.
[  356.071867][ T3465] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  356.100137][ T3465] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  356.364442][ T3465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  356.428179][ T3465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  356.578013][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  356.616573][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  357.097159][T17738] can: request_module (can-proto-0) failed.
[  357.458360][T17767] __nla_validate_parse: 4 callbacks suppressed
[  357.458381][T17767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3306'.
[  357.585359][T17767] bond1: option xmit_hash_policy: invalid value (64)
[  357.602675][T17767] bond1 (unregistering): Released all slaves
[  357.604738][   T52] Bluetooth: hci2: command tx timeout
[  357.672378][T17774] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  357.680532][T17775] xt_nat: multiple ranges no longer supported
[  357.707116][T17774] syzkaller0: entered promiscuous mode
[  357.731349][T17774] syzkaller0: entered allmulticast mode
[  357.782324][T17774] tipc: Resetting bearer <eth:syzkaller0>
[  357.824561][T17773] tipc: Resetting bearer <eth:syzkaller0>
[  357.874754][T17773] tipc: Disabling bearer <eth:syzkaller0>
[  357.921414][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  357.931559][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  357.945470][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  357.957074][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  357.966052][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  358.026950][T17787] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3310'.
[  358.066614][T17779] lo speed is unknown, defaulting to 1000
[  358.101349][T17779] hsr0 speed is unknown, defaulting to 1000
[  358.109443][T17779] lo speed is unknown, defaulting to 1000
[  358.382911][T17789] syzkaller0: entered promiscuous mode
[  358.396623][T17789] syzkaller0: entered allmulticast mode
[  358.434083][T17800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3315'.
[  358.476372][T17801] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3314'.
[  358.498371][T17801] netlink: 'syz.2.3314': attribute type 7 has an invalid length.
[  358.552311][T17801] netlink: 'syz.2.3314': attribute type 8 has an invalid length.
[  358.578946][T17801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3314'.
[  358.988336][T17811] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3317'.
[  360.090788][   T52] Bluetooth: hci5: command tx timeout
[  360.663963][T17837] syzkaller0: entered promiscuous mode
[  360.679517][T17837] syzkaller0: entered allmulticast mode
[  360.690968][T17832] tipc: Started in network mode
[  360.696006][T17832] tipc: Node identity 9ac9c593afe8, cluster identity 1
[  360.705241][T17832] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  360.726827][T17779] chnl_net:caif_netlink_parms(): no params data found
[  360.929406][T17779] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.936710][T17779] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.944626][T17779] bridge_slave_0: entered allmulticast mode
[  360.951593][T17856] netlink: 'syz.2.3327': attribute type 1 has an invalid length.
[  360.954149][T17779] bridge_slave_0: entered promiscuous mode
[  360.970360][T17836] tipc: Resetting bearer <eth:syzkaller0>
[  361.003381][T17836] tipc: Disabling bearer <eth:syzkaller0>
[  361.017306][T17779] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.020703][T17858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3329'.
[  361.024775][T17779] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.041332][T17779] bridge_slave_1: entered allmulticast mode
[  361.052284][T17779] bridge_slave_1: entered promiscuous mode
[  361.136023][T17779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  361.159172][T17779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.304861][T17868] xt_CT: No such helper "pptp"
[  361.332506][T17779] team0: Port device team_slave_0 added
[  361.360925][T17779] team0: Port device team_slave_1 added
[  361.454725][T17876] netlink: 'syz.1.3332': attribute type 13 has an invalid length.
[  361.832425][T17779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  361.879033][T17779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  361.913852][T17779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  361.953336][T17779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  361.964815][T17779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  362.022807][T17779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.160103][   T52] Bluetooth: hci5: command tx timeout
[  362.289173][T17779] hsr_slave_0: entered promiscuous mode
[  362.305322][T17779] hsr_slave_1: entered promiscuous mode
[  362.319664][T17779] debugfs: 'hsr0' already exists in 'hsr'
[  362.348223][T17779] Cannot create hsr debugfs directory
[  362.747178][T17927] �
: renamed from veth1_vlan (while UP)
[  362.784964][T17779] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  362.800771][T17779] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  362.811944][T17779] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  362.887686][T17779] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  362.902019][T17779] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  362.914311][T17779] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  362.942752][T17933] IPVS: ip_vs_add_dest(): server weight less than zero
[  362.952226][  T981] IPVS: starting estimator thread 0...
[  362.961108][T17933] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  362.968408][T17933] IPv6: NLM_F_CREATE should be set when creating new route
[  362.989021][T17779] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  363.002709][T17779] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  363.013757][T17779] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  363.039858][T17934] IPVS: using max 26 ests per chain, 62400 per kthread
[  363.102045][T17779] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  363.117170][T17938] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  363.126604][ T5911] IPVS: starting estimator thread 0...
[  363.134563][T17779] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  363.170138][T17779] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  363.190031][T17939] syzkaller0: entered promiscuous mode
[  363.195722][T17939] syzkaller0: entered allmulticast mode
[  363.243368][T17947] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3351'.
[  363.270230][T17940] IPVS: using max 25 ests per chain, 60000 per kthread
[  363.674507][T17779] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  363.702554][T17779] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  363.721389][T17779] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  363.745687][T17779] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  363.792312][T17965] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  364.044122][T17779] 8021q: adding VLAN 0 to HW filter on device bond0
[  364.122708][T17779] 8021q: adding VLAN 0 to HW filter on device team0
[  364.146536][T13691] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.153779][T13691] bridge0: port 1(bridge_slave_0) entered forwarding state
[  364.195185][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.202518][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  364.252418][   T52] Bluetooth: hci5: command tx timeout
[  364.303494][T18000] bond1: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  364.317411][T18000] bond1 (unregistering): Released all slaves
[  364.563820][T18007] can: request_module (can-proto-0) failed.
[  364.583754][T18015] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  364.809047][T18022] netlink: 'syz.0.3372': attribute type 4 has an invalid length.
[  364.863202][T18024] netlink: 'syz.0.3372': attribute type 4 has an invalid length.
[  365.065996][T18036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3375'.
[  365.086745][T17779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  365.116260][T18043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3376'.
[  365.144874][T18045] netem: change failed
[  365.200370][T18052] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3378'.
[  365.345471][T18057] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3380'.
[  365.623522][T18073] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  365.668970][T18078] netlink: 'syz.2.3385': attribute type 4 has an invalid length.
[  365.686921][T18073] team0: Caught tx_queue_len zero misconfig
[  365.702257][T18081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3383'.
[  365.731431][T18086] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3386'.
[  365.887464][T18091] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3383'.
[  365.946916][T18085] bridge0: entered promiscuous mode
[  366.013357][T18091] bond1 (unregistering): Released all slaves
[  366.042458][T18083] bridge0: left promiscuous mode
[  366.100438][T18101] netlink: 'syz.2.3388': attribute type 29 has an invalid length.
[  366.140795][T18100] netlink: 'syz.2.3388': attribute type 29 has an invalid length.
[  366.173339][ T8212] IPVS: starting estimator thread 0...
[  366.181466][T18101] netlink: 588 bytes leftover after parsing attributes in process `syz.2.3388'.
[  366.195269][T18101] netlink: 588 bytes leftover after parsing attributes in process `syz.2.3388'.
[  366.225150][T17779] veth0_vlan: entered promiscuous mode
[  366.257262][T17779] veth1_vlan: entered promiscuous mode
[  366.268351][T18106] IPVS: using max 28 ests per chain, 67200 per kthread
[  366.311431][T18111] syzkaller0: entered promiscuous mode
[  366.319072][   T52] Bluetooth: hci5: command tx timeout
[  366.332217][T18111] syzkaller0: entered allmulticast mode
[  366.531926][T17779] veth0_macvtap: entered promiscuous mode
[  366.556503][T17779] veth1_macvtap: entered promiscuous mode
[  366.630526][T17779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  366.673918][T17779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  366.700892][ T3465] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  366.722500][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  366.738950][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  366.769299][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.832829][T18130] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  367.024984][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.068753][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.116636][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.144158][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.538844][T18166] rdma_rxe: rxe_newlink: failed to add team0
[  367.570041][T18166] netlink: 'syz.2.3410': attribute type 33 has an invalid length.
[  367.641028][T18171] syzkaller0: entered promiscuous mode
[  367.646903][T18171] syzkaller0: entered allmulticast mode
[  367.731319][T18180] xt_cgroup: xt_cgroup: no path or classid specified
[  367.733335][T18171] bond0: entered promiscuous mode
[  367.815335][T18171] bond_slave_0: entered promiscuous mode
[  367.839824][T18171] bond_slave_1: entered promiscuous mode
[  367.860386][T18171] batadv0: entered promiscuous mode
[  367.897538][T18171] 8021q: adding VLAN 0 to HW filter on device hsr1
[  367.984148][T18197] netlink: 'syz.2.3419': attribute type 9 has an invalid length.
[  368.181015][T18199] syzkaller1: entered promiscuous mode
[  368.186811][T18199] syzkaller1: entered allmulticast mode
[  368.269563][T18204] netlink: 'syz.1.3420': attribute type 1 has an invalid length.
[  369.075353][T18210] A link change request failed with some changes committed already. Interface veth0 may have been left with an inconsistent configuration, please check.
[  369.179670][T18223] bridge0: port 3(ipvlan2) entered blocking state
[  369.186291][T18223] bridge0: port 3(ipvlan2) entered disabled state
[  369.228653][T18223] ipvlan2: entered allmulticast mode
[  369.238732][T18223] bridge0: entered allmulticast mode
[  369.256740][T18223] ipvlan2: left allmulticast mode
[  369.265242][T18223] bridge0: left allmulticast mode
[  369.307177][T18239] xt_l2tp: v2 tid > 0xffff: 1114244
[  369.340477][T18242] __nla_validate_parse: 67 callbacks suppressed
[  369.340496][T18242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3433'.
[  369.356317][T18242] netlink: 176 bytes leftover after parsing attributes in process `syz.3.3433'.
[  369.367059][T18242] netlink: 'syz.3.3433': attribute type 5 has an invalid length.
[  369.442121][T18244] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3433'.
[  369.534481][T18244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3433'.
[  369.776721][T18262] bridge1: entered promiscuous mode
[  369.791732][T18264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3441'.
[  369.796865][T18256] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  369.801307][T18262] bridge1: entered allmulticast mode
[  369.847859][T18261] lo speed is unknown, defaulting to 1000
[  369.868706][T18256] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  369.894897][T18261] hsr0 speed is unknown, defaulting to 1000
[  369.969823][T18261] lo speed is unknown, defaulting to 1000
[  370.190173][T18279] netlink: 'syz.0.3447': attribute type 1 has an invalid length.
[  370.199945][T18279] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  370.279280][T18287] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  370.543021][T18299] ������Z7nz>RA�: renamed from lo (while UP)
[  370.677572][T18307] netlink: 'syz.1.3455': attribute type 1 has an invalid length.
[  370.749319][T18314] netlink: 148 bytes leftover after parsing attributes in process `syz.4.3458'.
[  370.792781][T18317] netlink: 'syz.2.3460': attribute type 7 has an invalid length.
[  370.846224][T18320] syz.3.3457: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  370.886604][T18307] 8021q: adding VLAN 0 to HW filter on device bond1
[  370.912344][T18320] CPU: 1 UID: 0 PID: 18320 Comm: syz.3.3457 Not tainted syzkaller #0 PREEMPT(full) 
[  370.912371][T18320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  370.912392][T18320] Call Trace:
[  370.912400][T18320]  <TASK>
[  370.912407][T18320]  dump_stack_lvl+0x189/0x250
[  370.912440][T18320]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.912465][T18320]  ? __pfx__printk+0x10/0x10
[  370.912483][T18320]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  370.912507][T18320]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  370.912532][T18320]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  370.912558][T18320]  warn_alloc+0x214/0x310
[  370.912584][T18320]  ? stack_depot_save_flags+0x40/0x860
[  370.912614][T18320]  ? __pfx_warn_alloc+0x10/0x10
[  370.912641][T18320]  ? kasan_save_track+0x3e/0x80
[  370.912664][T18320]  ? __kasan_kmalloc+0x93/0xb0
[  370.912692][T18320]  ? xsk_setsockopt+0x4dc/0x8d0
[  370.912711][T18320]  ? do_sock_setsockopt+0x17c/0x1b0
[  370.912727][T18320]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  370.912743][T18320]  ? do_syscall_64+0xfa/0xfa0
[  370.912765][T18320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.912791][T18320]  __vmalloc_node_range_noprof+0x125/0x12d0
[  370.912843][T18320]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  370.912871][T18320]  ? __kasan_kmalloc+0x93/0xb0
[  370.912902][T18320]  vmalloc_user_noprof+0xad/0xf0
[  370.912927][T18320]  ? xskq_create+0xbf/0x170
[  370.912950][T18320]  xskq_create+0xbf/0x170
[  370.912976][T18320]  xsk_init_queue+0xb0/0x110
[  370.913000][T18320]  xsk_setsockopt+0x4dc/0x8d0
[  370.913024][T18320]  ? __pfx_xsk_setsockopt+0x10/0x10
[  370.913047][T18320]  ? __pfx_aa_sk_perm+0x10/0x10
[  370.913074][T18320]  ? aa_sock_opt_perm+0xff/0x1b0
[  370.913111][T18320]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  370.913128][T18320]  ? __pfx_xsk_setsockopt+0x10/0x10
[  370.913151][T18320]  do_sock_setsockopt+0x17c/0x1b0
[  370.913173][T18320]  __x64_sys_setsockopt+0x13f/0x1b0
[  370.913195][T18320]  do_syscall_64+0xfa/0xfa0
[  370.913219][T18320]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.913243][T18320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.913259][T18320]  ? clear_bhb_loop+0x60/0xb0
[  370.913291][T18320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.913311][T18320] RIP: 0033:0x7faa6958f6c9
[  370.913328][T18320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.913344][T18320] RSP: 002b:00007faa6a38f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  370.913363][T18320] RAX: ffffffffffffffda RBX: 00007faa697e6090 RCX: 00007faa6958f6c9
[  370.913375][T18320] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  370.913386][T18320] RBP: 00007faa69611f91 R08: 0000000000000004 R09: 0000000000000000
[  370.913397][T18320] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  370.913407][T18320] R13: 00007faa697e6128 R14: 00007faa697e6090 R15: 00007ffd571a19d8
[  370.913435][T18320]  </TASK>
[  370.913451][T18320] Mem-Info:
[  371.033074][T18325] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  371.062650][T18320] active_anon:5966 inactive_anon:0 isolated_anon:0
[  371.062650][T18320]  active_file:3081 inactive_file:40001 isolated_file:0
[  371.062650][T18320]  unevictable:768 dirty:61 writeback:0
[  371.062650][T18320]  slab_reclaimable:12813 slab_unreclaimable:148758
[  371.062650][T18320]  mapped:30375 shmem:1357 pagetables:1499
[  371.062650][T18320]  sec_pagetables:0 bounce:0
[  371.062650][T18320]  kernel_misc_reclaimable:0
[  371.062650][T18320]  free:1269534 free_pcp:13340 free_cma:0
[  371.062715][T18320] Node 0 active_anon:23864kB inactive_anon:0kB active_file:12324kB inactive_file:159800kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121500kB dirty:240kB writeback:0kB shmem:3892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:17340kB pagetables:5836kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  371.062773][T18320] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  371.062824][T18320] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  371.062894][T18320] lowmem_reserve[]: 0 2505 2505 2505 2505
[  371.062944][T18320] Node 0 DMA32 free:1168172kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23864kB inactive_anon:0kB active_file:12324kB inactive_file:159800kB unevictable:1536kB writepending:240kB zspages:0kB present:3129332kB managed:2565160kB mlocked:0kB bounce:0kB free_pcp:33776kB local_pcp:17272kB free_cma:0kB
[  371.063010][T18320] lowmem_reserve[]: 0 0 0 0 0
[  371.063055][T18320] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  371.063126][T18320] lowmem_reserve[]: 0 0 0 0 0
[  371.063172][T18320] Node 1 Normal free:3894604kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19584kB local_pcp:8192kB free_cma:0kB
[  371.063235][T18320] lowmem_reserve[]: 0 0 0
[  371.100191][T18309] netlink: 'syz.3.3457': attribute type 9 has an invalid length.
[  371.201637][T18316] 8021q: adding VLAN 0 to HW filter on device bond1
[  371.339603][T18320]  0
[  371.342900][T18309] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3457'.
[  371.419704][T18316] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  371.494686][T18320]  0
[  371.533238][T18316] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  371.576804][T18320] 
[  371.581558][T18320] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  371.603321][T18320] Node 0 DMA32: 701*4kB (UM) 429*8kB (M) 160*16kB (ME) 110*32kB (ME) 35*64kB (UME) 358*128kB (UM) 478*256kB (UM) 285*512kB (UM) 133*1024kB (UM) 2*2048kB (UM) 170*4096kB (UM) = 1165276kB
[  371.630819][T18320] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  371.642636][T18320] Node 1 Normal: 215*4kB (UME) 58*8kB (UME) 38*16kB (UME) 156*32kB (UME) 41*64kB (UME) 10*128kB (UME) 5*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 946*4096kB (M) = 3894604kB
[  371.667589][T18320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  371.677415][T18320] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  371.687034][T18320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  371.699819][T18320] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  371.752217][T18320] 44435 total pagecache pages
[  371.760641][T18320] 0 pages in swap cache
[  371.764829][T18320] Free swap  = 124996kB
[  371.769438][T18320] Total swap = 124996kB
[  371.770532][T18335] vlan3: entered allmulticast mode
[  371.773620][T18320] 2097051 pages RAM
[  371.782814][T18320] 0 pages HighMem/MovableOnly
[  371.787510][T18320] 424119 pages reserved
[  371.799764][T18335] bond1: entered allmulticast mode
[  371.815042][T18320] 0 pages cma reserved
[  371.928616][T18333] vlan3: entered allmulticast mode
[  372.061479][T18351] netlink: 'syz.4.3468': attribute type 5 has an invalid length.
[  372.347997][T18372] netlink: 'syz.3.3474': attribute type 11 has an invalid length.
[  372.371119][T18374] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3475'.
[  372.376237][T18372] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3474'.
[  372.502295][T18377] vlan3: entered allmulticast mode
[  372.633162][T18395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3480'.
[  372.655613][T18395] bridge_slave_0: entered promiscuous mode
[  372.820293][T18412] netlink: 'syz.3.3486': attribute type 33 has an invalid length.
[  372.976780][T18412] bond1: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0)
[  372.997622][T18412] bond1 (unregistering): Released all slaves
[  373.519385][T18454] tipc: Started in network mode
[  373.524587][T18454] tipc: Node identity 261e36ba797d, cluster identity 4711
[  373.545215][T18454] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  373.613772][T18454] tipc: Resetting bearer <eth:syzkaller0>
[  373.663921][T18451] tipc: Disabling bearer <eth:syzkaller0>
[  374.720577][   T25] block nbd2: Possible stuck request ffff888025250000: control (read@0,1024B). Runtime 90 seconds
[  374.732457][   T25] block nbd2: Possible stuck request ffff8880252501c0: control (read@1024,1024B). Runtime 90 seconds
[  374.744870][   T25] block nbd2: Possible stuck request ffff888025250380: control (read@2048,1024B). Runtime 90 seconds
[  374.756291][   T25] block nbd2: Possible stuck request ffff888025250540: control (read@3072,1024B). Runtime 90 seconds
[  375.459163][T18553] __nla_validate_parse: 7 callbacks suppressed
[  375.459183][T18553] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3527'.
[  375.692980][T18570] openvswitch: netlink: Missing key (keys=40, expected=80)
[  376.030630][T18585] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3537'.
[  376.116170][T18589] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3538'.
[  376.156175][T18585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3537'.
[  376.173202][T18593] netlink: 'syz.1.3539': attribute type 1 has an invalid length.
[  376.401398][T18604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3541'.
[  376.426098][T18604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3541'.
[  376.487144][T18611] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3543'.
[  376.583963][T18611] bond1: (slave gre0): Device is not bonding slave
[  376.592301][T18611] bond1: option active_slave: invalid value (gre0)
[  376.611120][T18611] bond1 (unregistering): Released all slaves
[  376.776759][T18620] tipc: Trying to set illegal importance in message
[  377.001468][T18627] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.092976][T18633] ip_tunnel: non-ECT from 2.0.0.0 with TOS=0x3
[  377.535160][T18627] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.625549][T18627] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.740552][T18627] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.949230][   T50] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.981189][   T50] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  378.039062][ T1154] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.064572][ T1154] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.227539][T18656] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.247581][T18656] syzkaller0: entered promiscuous mode
[  378.256073][T18656] syzkaller0: entered allmulticast mode
[  378.293781][T18656] tipc: Resetting bearer <eth:syzkaller0>
[  378.304226][T18655] tipc: Resetting bearer <eth:syzkaller0>
[  378.332352][T18655] tipc: Disabling bearer <eth:syzkaller0>
[  378.344910][T18659] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3559'.
[  378.356037][T18659] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3559'.
[  378.384364][T18659] pim6reg: entered allmulticast mode
[  378.513099][T18663] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3561'.
[  378.861146][T18676] netlink: 'syz.3.3565': attribute type 33 has an invalid length.
[  379.367401][T18691] netlink: 'syz.2.3572': attribute type 23 has an invalid length.
[  379.411041][T18691] netlink: 'syz.2.3572': attribute type 23 has an invalid length.
[  379.574658][T18700] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  379.670237][T18701] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.696032][T18703] netlink: 'syz.1.3575': attribute type 1 has an invalid length.
[  380.021530][T18703] netlink: 'syz.1.3575': attribute type 1 has an invalid length.
[  380.157713][T18703] netlink: 'syz.1.3575': attribute type 1 has an invalid length.
[  380.239579][T18703] netlink: 'syz.1.3575': attribute type 1 has an invalid length.
[  380.242641][T18701] bridge_slave_1 (unregistering): left allmulticast mode
[  380.284557][T18701] bridge_slave_1 (unregistering): left promiscuous mode
[  380.290758][T18512] Set syz1 is full, maxelem 65536 reached
[  380.298496][T18701] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.344459][T18703] netlink: 'syz.1.3575': attribute type 1 has an invalid length.
[  380.454789][T18703] netlink: 'syz.1.3575': attribute type 1 has an invalid length.
[  380.665345][T18725] tls_set_device_offload: netdev not found
[  380.703568][T18725] __nla_validate_parse: 4 callbacks suppressed
[  380.703587][T18725] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3580'.
[  380.745178][T18725] ip6tnl0: Caught tx_queue_len zero misconfig
[  380.846669][T18734] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3581'.
[  380.857699][T18736] xt_CONNSECMARK: invalid mode: 0
[  380.867337][T18736] netlink: 'syz.2.3583': attribute type 12 has an invalid length.
[  380.891000][T18735] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3582'.
[  380.941914][T18736] bond1: option primary_reselect: invalid value (255)
[  380.955027][T18736] bond1 (unregistering): Released all slaves
[  381.295712][T18760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3590'.
[  381.541085][T18784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3596'.
[  381.585489][T18784] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  381.638766][T18784] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  381.674130][T18784] gretap1: entered promiscuous mode
[  381.697523][T18784] gretap1: entered allmulticast mode
[  382.419332][T18852] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  382.426810][T18852] IPv6: NLM_F_CREATE should be set when creating new route
[  382.434202][T18852] IPv6: NLM_F_CREATE should be set when creating new route
[  382.441494][T18852] IPv6: NLM_F_CREATE should be set when creating new route
[  382.481536][T18852] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  382.609966][T18867] blkio.reset_stats is deprecated
[  382.722784][T18871] sctp: [Deprecated]: syz.2.3620 (pid 18871) Use of int in max_burst socket option deprecated.
[  382.722784][T18871] Use struct sctp_assoc_value instead
[  382.792689][T18879] netlink: 18 bytes leftover after parsing attributes in process `syz.4.3621'.
[  382.927667][T18889] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3623'.
[  383.602884][T18931] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3633'.
[  383.634938][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803cf65400: rx timeout, send abort
[  383.644667][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803cf65400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  383.688652][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  383.705902][   T25] block nbd0: Possible stuck request ffff888025195080: control (read@0,1024B). Runtime 240 seconds
[  383.716863][   T25] block nbd0: Possible stuck request ffff888025195240: control (read@1024,1024B). Runtime 240 seconds
[  383.728698][   T25] block nbd0: Possible stuck request ffff888025195400: control (read@2048,1024B). Runtime 240 seconds
[  383.741234][   T25] block nbd0: Possible stuck request ffff8880251955c0: control (read@3072,1024B). Runtime 240 seconds
[  383.874842][T18936] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  383.889442][T18936] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  383.914483][T18945] netlink: 'syz.1.3639': attribute type 11 has an invalid length.
[  383.933043][T18945] netlink: 'syz.1.3639': attribute type 11 has an invalid length.
[  384.008323][T18945] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3639'.
[  384.032459][T18948] bond1: (slave bridge2): Enslaving as an active interface with a down link
[  384.065551][T18950] bond1: (slave gretap2): making interface the new active one
[  384.083957][T18950] bond1: (slave gretap2): Enslaving as an active interface with an up link
[  404.803063][   T25] block nbd2: Possible stuck request ffff888025250000: control (read@0,1024B). Runtime 120 seconds
[  404.814867][   T25] block nbd2: Possible stuck request ffff8880252501c0: control (read@1024,1024B). Runtime 120 seconds
[  404.826600][   T25] block nbd2: Possible stuck request ffff888025250380: control (read@2048,1024B). Runtime 120 seconds
[  404.838480][   T25] block nbd2: Possible stuck request ffff888025250540: control (read@3072,1024B). Runtime 120 seconds
[  407.178532][T19036] syzkaller0: entered promiscuous mode
[  407.185369][T19036] syzkaller0: entered allmulticast mode
[  407.223205][T19036] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  407.301284][T19044] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3656'.
[  407.335393][T19049] x_tables: ip6_tables: mh match: only valid for protocol 135
[  407.383602][T19047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3657'.
[  407.405111][T19049] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3658'.
[  407.419445][T19057] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3660'.
[  407.434799][T19054] validate_nla: 2 callbacks suppressed
[  407.434816][T19054] netlink: 'syz.4.3659': attribute type 2 has an invalid length.
[  407.478202][T19054] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3659'.
[  407.501028][T19058] netlink: 'syz.4.3659': attribute type 2 has an invalid length.
[  407.529450][T19058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3659'.
[  407.533721][T19047] macvtap1: entered promiscuous mode
[  407.586098][T19047] vlan0: entered promiscuous mode
[  407.600675][T19047] macvtap1: entered allmulticast mode
[  407.620031][T19047] vlan0: entered allmulticast mode
[  407.638961][T19047] veth0_vlan: entered allmulticast mode
[  407.863939][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3668'.
[  407.943606][T19086] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3670'.
[  408.252306][T19106] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3677'.
[  408.685829][T19137] netlink: 'syz.1.3684': attribute type 17 has an invalid length.
[  408.734815][T19137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3684'.
[  408.780350][T19142] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  409.186366][T19158] bond0: (slave rose0): Releasing backup interface
[  409.295199][T19170] Unsupported ieee802154 address type: 0
[  409.415400][T19174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.875679][   T13] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  409.893673][   T13] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  409.917046][   T13] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  409.942687][   T13] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  410.030818][T19212] netlink: 'syz.4.3709': attribute type 3 has an invalid length.
[  410.180521][T19219] x_tables: ip_tables: icmp match: only valid for protocol 1
[  410.359575][T19225] netlink: 'syz.2.3715': attribute type 39 has an invalid length.
[  410.531754][T19231] vlan2: entered promiscuous mode
[  410.605670][T19235] 8021q: adding VLAN 0 to HW filter on device bond2
[  410.621389][T19238] v: renamed from vlan0 (while UP)
[  410.699772][T19245] bond0: (slave rose0): Enslaving as an active interface with an up link
[  410.836210][T19255] dvmrp0: entered allmulticast mode
[  410.848802][T19256] dvmrp0: left allmulticast mode
[  411.175184][   T30] audit: type=1107 audit(1762880935.101:3): pid=19276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='��EP���Uy{�`�Kr@&hYҰ��$��Eoz�|��X~�2b"4�!y'
[  411.240700][T19280] netlink: 'syz.0.3733': attribute type 1 has an invalid length.
[  411.249738][T19280] netlink: 'syz.0.3733': attribute type 4 has an invalid length.
[  411.274328][T19282] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  411.419806][T19290] netlink: 'syz.2.3736': attribute type 10 has an invalid length.
[  411.454609][T19290] team0: Device ipvlan1 failed to register rx_handler
[  411.507121][T19290] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  411.757631][T19309] netlink: 'syz.1.3740': attribute type 2 has an invalid length.
[  412.067438][T19333] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  412.113346][T19333] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  412.265374][T19346] netlink: 'syz.1.3755': attribute type 10 has an invalid length.
[  412.277719][T19346] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.285615][T19346] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.289302][T19348] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  412.334119][T19346] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.341510][T19346] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.349107][T19346] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.356395][T19346] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.384003][T19346] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  412.425500][T19348] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  412.526560][T19353] __nla_validate_parse: 17 callbacks suppressed
[  412.526581][T19353] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3757'.
[  412.686639][T19357] netlink: 'syz.1.3759': attribute type 1 has an invalid length.
[  412.694869][T19357] netlink: 'syz.1.3759': attribute type 2 has an invalid length.
[  412.706780][T19357] netlink: 'syz.1.3759': attribute type 1 has an invalid length.
[  412.873248][T19365] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3762'.
[  413.297164][T19394] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3771'.
[  413.382900][   T52] block nbd3: Receive control failed (result -107)
[  413.696756][T19415] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  413.720338][T19415] syzkaller0: entered promiscuous mode
[  413.725977][T19415] syzkaller0: entered allmulticast mode
[  413.769617][   T25] block nbd0: Possible stuck request ffff888025195080: control (read@0,1024B). Runtime 270 seconds
[  413.788294][   T25] block nbd0: Possible stuck request ffff888025195240: control (read@1024,1024B). Runtime 270 seconds
[  413.799747][   T25] block nbd0: Possible stuck request ffff888025195400: control (read@2048,1024B). Runtime 270 seconds
[  413.811914][   T25] block nbd0: Possible stuck request ffff8880251955c0: control (read@3072,1024B). Runtime 270 seconds
[  413.827338][T19427] tipc: Resetting bearer <eth:syzkaller0>
[  413.853950][T19412] tipc: Resetting bearer <eth:syzkaller0>
[  413.895374][T19412] tipc: Disabling bearer <eth:syzkaller0>
[  414.081948][T19433] netlink: 'syz.0.3783': attribute type 5 has an invalid length.
[  414.179793][T19439] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3784'.
[  414.197652][T19437] syzkaller0: entered promiscuous mode
[  414.204446][T19437] syzkaller0: entered allmulticast mode
[  414.610011][T19464] vcan0: tx drop: invalid da for name 0x0000000001000000
[  414.623419][T19464] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3796'.
[  414.641170][T19464] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3796'.
[  414.651364][T19467] netlink: 'syz.0.3795': attribute type 1 has an invalid length.
[  414.659821][T19467] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  415.371020][T19506] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3807'.
[  415.566384][T19520] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3812'.
[  415.722791][T19533] netlink: 'syz.0.3814': attribute type 10 has an invalid length.
[  415.856301][T19526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  415.887933][T19541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3817'.
[  415.926757][ T1154] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  415.936527][T19541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3817'.
[  415.946191][ T1154] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  415.979902][T19548] tc_dump_action: action bad kind
[  415.989533][ T1154] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  416.020135][ T1154] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  416.523287][T19590] netlink: 'syz.0.3832': attribute type 83 has an invalid length.
[  416.641907][T19598] xt_CT: You must specify a L4 protocol and not use inversions on it
[  417.070788][T19629] netlink: 'syz.1.3846': attribute type 1 has an invalid length.
[  417.099004][T19629] netlink: 'syz.1.3846': attribute type 1 has an invalid length.
[  417.111216][T19633] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  417.549597][T19657] __nla_validate_parse: 17 callbacks suppressed
[  417.549615][T19657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3856'.
[  417.620017][T19657] vlan2: entered allmulticast mode
[  417.625205][T19657] mac80211_hwsim hwsim37 wlan0: entered allmulticast mode
[  417.773747][T19666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3859'.
[  417.834893][T19673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3860'.
[  418.103272][T19697] netlink: 'syz.3.3866': attribute type 3 has an invalid length.
[  418.188828][T19697] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3866'.
[  418.189500][T19698] tipc: Started in network mode
[  418.221862][T19698] tipc: Node identity 8e2189d94f9d, cluster identity 4711
[  418.250504][T19698] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  418.277998][T19701] wg0: entered allmulticast mode
[  418.301669][T19699] syzkaller0: entered promiscuous mode
[  418.314648][T19699] syzkaller0: entered allmulticast mode
[  418.322035][T19703] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3868'.
[  418.352205][T19703] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3868'.
[  418.369138][T19703] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3868'.
[  418.387302][T19698] tipc: Resetting bearer <eth:syzkaller0>
[  418.393950][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  418.394017][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  418.450042][T19698] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  418.458603][T19698] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  418.493766][T19693] tipc: Resetting bearer <eth:syzkaller0>
[  418.549677][T19693] tipc: Disabling bearer <eth:syzkaller0>
[  418.565273][T19717] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3870'.
[  418.738323][T19723] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3873'.
[  418.747328][T19723] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3873'.
[  418.845865][T19735] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  419.173268][T19758] xt_hashlimit: size too large, truncated to 1048576
[  419.304255][T19761] bond3: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  419.319479][T19761] bond3 (unregistering): Released all slaves
[  419.756802][T19790] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  419.880397][ T3449] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  419.911726][ T3449] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  419.940714][ T3449] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  419.970025][ T3449] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  420.538952][T19836] A link change request failed with some changes committed already. Interface ������Z7nz>RA� may have been left with an inconsistent configuration, please check.
[  420.566494][T19836] syzkaller0: entered promiscuous mode
[  420.572531][T19836] syzkaller0: entered allmulticast mode
[  420.706887][T19848] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  420.776866][T19850] netlink: 'syz.3.3907': attribute type 6 has an invalid length.
[  420.802864][T19852] openvswitch: netlink: Key type 31 is not supported
[  421.104097][T19868] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  421.155985][T19869] ipt_ECN: cannot use operation on non-tcp rule
[  421.206537][T19870] ipt_ECN: cannot use operation on non-tcp rule
[  421.299038][T19880] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  421.734100][T19919] netlink: 'syz.4.3926': attribute type 1 has an invalid length.
[  421.821100][T19923] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  421.840804][T19921] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  421.853425][T19921] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  421.869169][T19921] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  422.051392][T19933] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  422.200876][T19942] netlink: 'syz.3.3937': attribute type 1 has an invalid length.
[  422.336701][T19944] veth5: entered promiscuous mode
[  422.362632][T19942] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  422.416026][T19955] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  422.598481][T19964] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  422.827989][T19975] xt_CT: You must specify a L4 protocol and not use inversions on it
[  422.941363][T19976] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  423.172037][T19991] __nla_validate_parse: 16 callbacks suppressed
[  423.172057][T19991] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3953'.
[  423.199375][T19991] netlink: 'syz.3.3953': attribute type 1 has an invalid length.
[  423.207292][T19991] netlink: 'syz.3.3953': attribute type 1 has an invalid length.
[  423.225531][T19991] netlink: 'syz.3.3953': attribute type 2 has an invalid length.
[  423.233997][T19995] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  423.236238][T19991] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3953'.
[  423.314842][T20003] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  423.372259][T20005] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  423.480551][T20011] netlink: 'syz.1.3961': attribute type 6 has an invalid length.
[  423.607929][T20020] lo speed is unknown, defaulting to 1000
[  423.643622][T20020] lo speed is unknown, defaulting to 1000
[  423.679492][T20028] netlink: 'syz.2.3964': attribute type 16 has an invalid length.
[  423.697610][T20028] netlink: 'syz.2.3964': attribute type 17 has an invalid length.
[  423.717842][T20030] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3965'.
[  423.770891][T20028] 8021q: adding VLAN 0 to HW filter on device team0
[  423.785002][T20028] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  423.820493][T20030] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3965'.
[  423.834288][T20033] sctp: [Deprecated]: syz.0.3966 (pid 20033) Use of int in maxseg socket option.
[  423.834288][T20033] Use struct sctp_assoc_value instead
[  424.089699][T20045] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3969'.
[  424.146628][T20046] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3971'.
[  424.174742][T20051] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3972'.
[  424.230385][T20050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3972'.
[  424.285013][T20054] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  424.366036][T20061] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3974'.
[  424.576583][T20073] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3978'.
[  424.587996][T20072] netlink: 'syz.0.3977': attribute type 11 has an invalid length.
[  424.764809][T20081] netlink: 'syz.3.3981': attribute type 1 has an invalid length.
[  424.785133][T20077] xt_hashlimit: size too large, truncated to 1048576
[  425.011686][T20087] bond1: (slave gretap1): making interface the new active one
[  425.044346][T20087] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  425.393057][T20097] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  425.446506][T20097] syzkaller0: entered promiscuous mode
[  425.458652][T20097] syzkaller0: entered allmulticast mode
[  425.515089][T20112] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  425.562825][T20105] tipc: Resetting bearer <eth:syzkaller0>
[  425.661764][T20116] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  425.716923][T20120] team0: Device vti0 is of different type
[  425.807032][T20128] geneve2: entered promiscuous mode
[  425.872696][T20105] tipc: Resetting bearer <eth:syzkaller0>
[  425.896798][T20105] tipc: Disabling bearer <eth:syzkaller0>
[  425.913183][T20134] lo: Caught tx_queue_len zero misconfig
[  426.058713][T20147] tunl0: entered promiscuous mode
[  426.084367][T20147] netlink: 'syz.3.3998': attribute type 3 has an invalid length.
[  426.106231][T20152] tls_set_device_offload: netdev not found
[  426.963133][T20199] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  426.981357][T20199] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue
[  426.998840][T20199] gretap2: entered promiscuous mode
[  427.014352][T20199] gretap2: entered allmulticast mode
[  427.479295][T20242] xt_time: invalid argument - start or stop time greater than 23:59:59
[  427.487243][T20243] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  427.501181][T20243] gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue
[  427.514319][T20243] gretap2: entered promiscuous mode
[  427.520450][T20243] gretap2: entered allmulticast mode
[  428.202511][T20283] __nla_validate_parse: 22 callbacks suppressed
[  428.202533][T20283] netlink: 7056 bytes leftover after parsing attributes in process `syz.3.4039'.
[  428.220194][T20280] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4038'.
[  428.232347][T20283] openvswitch: netlink: Flow actions attr not present in new flow.
[  428.297655][T20289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4041'.
[  428.615719][T20312] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4049'.
[  428.704865][T20314] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4051'.
[  429.044619][T20341] bond0: Error: Cannot enslave bond to itself.
[  429.153738][T20344] netlink: 'syz.2.4061': attribute type 32 has an invalid length.
[  429.177845][T20344] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4061'.
[  429.235899][T20346] netlink: 1 bytes leftover after parsing attributes in process `syz.1.4062'.
[  429.261531][T20344] bond2: Setting coupled_control to off (0)
[  429.276904][T20346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4062'.
[  429.300238][T20349] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4063'.
[  429.428938][T20353] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4065'.
[  430.260216][T20409] 8021q: adding VLAN 0 to HW filter on device bond3
[  430.350382][T20409] 8021q: adding VLAN 0 to HW filter on device bond3
[  430.363498][T20418] netlink: 'syz.2.4085': attribute type 1 has an invalid length.
[  430.371698][T20418] netlink: 'syz.2.4085': attribute type 4 has an invalid length.
[  430.394236][T20409] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  430.435182][T20409] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  431.036101][T20455] netlink: 'syz.3.4093': attribute type 1 has an invalid length.
[  431.144684][T20461] veth0: entered promiscuous mode
[  431.213271][T20460] veth0: left promiscuous mode
[  431.364992][T20474] dvmrp0: entered allmulticast mode
[  431.375446][T20474] dvmrp0: left allmulticast mode
[  431.671326][T20491] netlink: 'syz.0.4106': attribute type 1 has an invalid length.
[  431.728007][T20496] netlink: 'syz.3.4107': attribute type 83 has an invalid length.
[  432.455564][T20544] netlink: 'syz.1.4123': attribute type 1 has an invalid length.
[  432.506101][T20544] bond2: (slave ip6gretap1): making interface the new active one
[  432.515662][T20544] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  432.524204][T20544] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  432.532328][T20544] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  432.850444][T20561] netlink: 'syz.1.4128': attribute type 29 has an invalid length.
[  432.859654][T20561] netlink: 'syz.1.4128': attribute type 29 has an invalid length.
[  433.252150][T20568] xt_TPROXY: Can be used only with -p tcp or -p udp
[  433.257625][T20570] __nla_validate_parse: 22 callbacks suppressed
[  433.257648][T20570] netlink: 1 bytes leftover after parsing attributes in process `syz.3.4130'.
[  433.351619][T20574] netlink: 212 bytes leftover after parsing attributes in process `syz.4.4132'.
[  433.374808][T20575] netlink: 212 bytes leftover after parsing attributes in process `syz.4.4132'.
[  433.551219][T20586] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4139'.
[  433.620737][T20591] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input5
[  433.774572][T20603] netlink: 'syz.2.4143': attribute type 18 has an invalid length.
[  433.880271][T20608] FAULT_INJECTION: forcing a failure.
[  433.880271][T20608] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  433.961817][T20608] CPU: 0 UID: 0 PID: 20608 Comm: syz.4.4145 Not tainted syzkaller #0 PREEMPT(full) 
[  433.961847][T20608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  433.961860][T20608] Call Trace:
[  433.961868][T20608]  <TASK>
[  433.961877][T20608]  dump_stack_lvl+0x189/0x250
[  433.961911][T20608]  ? __pfx____ratelimit+0x10/0x10
[  433.961941][T20608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.961969][T20608]  ? __pfx__printk+0x10/0x10
[  433.961991][T20608]  ? __might_fault+0xb0/0x130
[  433.962033][T20608]  should_fail_ex+0x414/0x560
[  433.962071][T20608]  _copy_from_user+0x2d/0xb0
[  433.962098][T20608]  ___sys_recvmsg+0x12e/0x510
[  433.962130][T20608]  ? __pfx____sys_recvmsg+0x10/0x10
[  433.962223][T20608]  ? __fget_files+0x3a0/0x420
[  433.962256][T20608]  do_recvmmsg+0x307/0x770
[  433.962289][T20608]  ? __pfx_do_recvmmsg+0x10/0x10
[  433.962324][T20608]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  433.962375][T20608]  __x64_sys_recvmmsg+0x190/0x240
[  433.962403][T20608]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  433.962432][T20608]  ? do_syscall_64+0xbe/0xfa0
[  433.962466][T20608]  do_syscall_64+0xfa/0xfa0
[  433.962493][T20608]  ? lockdep_hardirqs_on+0x9c/0x150
[  433.962521][T20608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.962541][T20608]  ? clear_bhb_loop+0x60/0xb0
[  433.962567][T20608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.962587][T20608] RIP: 0033:0x7fd8d5d8f6c9
[  433.962605][T20608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.962624][T20608] RSP: 002b:00007fd8d3ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  433.962646][T20608] RAX: ffffffffffffffda RBX: 00007fd8d5fe5fa0 RCX: 00007fd8d5d8f6c9
[  433.962661][T20608] RDX: 0000000000000001 RSI: 0000200000000e80 RDI: 0000000000000003
[  433.962673][T20608] RBP: 00007fd8d3ff6090 R08: 0000000000000000 R09: 0000000000000000
[  433.962686][T20608] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[  433.962697][T20608] R13: 00007fd8d5fe6038 R14: 00007fd8d5fe5fa0 R15: 00007ffd54c2fc18
[  433.962732][T20608]  </TASK>
[  434.272046][T20610] netlink: 11 bytes leftover after parsing attributes in process `syz.2.4147'.
[  434.289918][T20610] netlink: 11 bytes leftover after parsing attributes in process `syz.2.4147'.
[  434.302404][T20610] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  434.403952][T20624] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4152'.
[  434.433039][T20626] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  434.504025][T20610] syzkaller0: entered promiscuous mode
[  434.516748][T20610] syzkaller0: entered allmulticast mode
[  434.523657][T20610] tipc: Resetting bearer <eth:syzkaller0>
[  434.531816][T20635] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4154'.
[  434.544553][T20639] netlink: 9 bytes leftover after parsing attributes in process `syz.3.4154'.
[  434.578340][T20609] tipc: Resetting bearer <eth:syzkaller0>
[  434.893883][   T25] block nbd2: Possible stuck request ffff888025250000: control (read@0,1024B). Runtime 150 seconds
[  434.905916][   T25] block nbd2: Possible stuck request ffff8880252501c0: control (read@1024,1024B). Runtime 150 seconds
[  434.917803][   T25] block nbd2: Possible stuck request ffff888025250380: control (read@2048,1024B). Runtime 150 seconds
[  434.931191][   T25] block nbd2: Possible stuck request ffff888025250540: control (read@3072,1024B). Runtime 150 seconds
[  436.023464][T20609] tipc: Disabling bearer <eth:syzkaller0>
[  436.058973][ T8212] tipc: Node number set to 3250358745
[  436.189632][T20651] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  437.257561][T20679] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  437.480191][T20694] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4171'.
[  437.846303][T20715] netlink: 'syz.1.4176': attribute type 1 has an invalid length.
[  437.876933][T20720] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  437.938671][T20723] netlink: 'syz.3.4180': attribute type 4 has an invalid length.
[  438.014657][T20723] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  438.025395][T20728] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  438.104470][T20734] tipc: Started in network mode
[  438.109947][T20734] tipc: Node identity , cluster identity 4711
[  438.116673][T20734] tipc: Failed to obtain node identity
[  438.123518][T20734] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  438.196452][T20739] bond3 (unregistering): Released all slaves
[  438.243571][T20744] netlink: 'syz.1.4187': attribute type 1 has an invalid length.
[  438.354581][T20746] syzkaller0: entered promiscuous mode
[  438.367338][T20746] syzkaller0: entered allmulticast mode
[  438.447675][T20751] __nla_validate_parse: 8 callbacks suppressed
[  438.447694][T20751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4188'.
[  438.666926][T20761] netlink: 'syz.4.4190': attribute type 7 has an invalid length.
[  438.689787][T20761] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  438.702541][T20757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4190'.
[  438.716418][T20757] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4190'.
[  438.778311][T20767] netlink: 10 bytes leftover after parsing attributes in process `syz.1.4192'.
[  438.815429][T20767] netlink: 80 bytes leftover after parsing attributes in process `syz.1.4192'.
[  439.020916][T20778] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  439.058156][T20784] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.065557][T20784] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.095121][T20787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4198'.
[  439.138470][T20781] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  439.147846][ T8199] IPVS: starting estimator thread 0...
[  439.268172][T20789] IPVS: using max 27 ests per chain, 64800 per kthread
[  439.288119][T20792] sch_fq: defrate 0 ignored.
[  439.430606][T20799] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4201'.
[  439.531987][T20812] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4201'.
[  439.593192][T20813] bond3: (slave syz_tun): Device is not bonding slave
[  439.603741][T20813] bond3: option active_slave: invalid value (syz_tun)
[  439.620131][T20813] bond3 (unregistering): Released all slaves
[  439.655733][T20816] bond0: Caught tx_queue_len zero misconfig
[  439.854904][T20828] gre1: entered promiscuous mode
[  439.881834][T20831] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  439.908517][T20828] gre1: entered allmulticast mode
[  439.989817][T20833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4211'.
[  440.169903][ T5831] Bluetooth: hci5: command tx timeout
[  440.332440][T20860] x_tables: duplicate underflow at hook 2
[  440.561604][T20870] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  440.591278][T20867] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4222'.
[  440.607366][T20872] geneve2: entered promiscuous mode
[  440.625814][T20872] geneve2: entered allmulticast mode
[  440.645255][   T36] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 19999 - 0
[  440.670683][   T36] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 19999 - 0
[  440.710076][   T36] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 19999 - 0
[  440.742523][   T36] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 19999 - 0
[  440.881831][T20886] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  440.902290][T20886] syzkaller0: entered promiscuous mode
[  440.907809][T20886] syzkaller0: entered allmulticast mode
[  441.014063][T20886] tipc: Resetting bearer <eth:syzkaller0>
[  441.051882][T20895] netlink: 'syz.3.4230': attribute type 2 has an invalid length.
[  441.065621][T20885] tipc: Resetting bearer <eth:syzkaller0>
[  441.132866][T20885] tipc: Disabling bearer <eth:syzkaller0>
[  441.343877][T20911] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  441.452059][T20917] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  441.514198][T20917] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  441.709630][T20935] netlink: 'syz.3.4238': attribute type 29 has an invalid length.
[  441.759964][T20939] netlink: 'syz.3.4238': attribute type 29 has an invalid length.
[  441.999969][ T5831] Bluetooth: hci5: link tx timeout
[  442.006863][ T5831] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  442.079544][ T5831] Bluetooth: hci4: command 0x0406 tx timeout
[  442.316823][   T52] Bluetooth: hci5: link tx timeout
[  442.322220][   T52] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  442.341736][   T52] Bluetooth: hci5: link tx timeout
[  442.349629][   T52] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  442.689476][   T52] Bluetooth: hci5: link tx timeout
[  442.694737][   T52] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  443.478208][   T52] Bluetooth: hci5: link tx timeout
[  443.483530][   T52] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  443.546386][T21013] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  443.564899][   T52] Bluetooth: hci5: link tx timeout
[  443.570338][   T52] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  443.833776][T21032] xt_CT: You must specify a L4 protocol and not use inversions on it
[  443.852951][   T25] block nbd0: Possible stuck request ffff888025195080: control (read@0,1024B). Runtime 300 seconds
[  443.864941][   T25] block nbd0: Possible stuck request ffff888025195240: control (read@1024,1024B). Runtime 300 seconds
[  443.876436][   T25] block nbd0: Possible stuck request ffff888025195400: control (read@2048,1024B). Runtime 300 seconds
[  443.888490][   T25] block nbd0: Possible stuck request ffff8880251955c0: control (read@3072,1024B). Runtime 300 seconds
[  443.907968][T21024] syzkaller0: entered promiscuous mode
[  443.914389][T21024] syzkaller0: entered allmulticast mode
[  443.971462][T21039] can: request_module (can-proto-0) failed.
[  443.977961][T21043] netlink: 'syz.3.4262': attribute type 6 has an invalid length.
[  444.010801][T21044] netlink: 'syz.3.4262': attribute type 6 has an invalid length.
[  444.029983][T21043] netlink: 'syz.3.4262': attribute type 6 has an invalid length.
[  444.084600][   T52] Bluetooth: hci5: command 0x0406 tx timeout
[  445.128234][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  445.560690][T21068] __nla_validate_parse: 8 callbacks suppressed
[  445.560708][T21068] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4268'.
[  445.603939][T21076] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4269'.
[  445.604468][T21074] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  445.627645][T21063] netlink: 'syz.2.4267': attribute type 39 has an invalid length.
[  446.065240][T21096] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  446.084108][T21096] syzkaller0: entered promiscuous mode
[  446.108456][T21096] syzkaller0: entered allmulticast mode
[  446.163803][T21096] veth1_to_batadv: mtu less than device minimum
[  446.235016][T21094] tipc: Resetting bearer <eth:syzkaller0>
[  446.265713][T21120] netlink: 144 bytes leftover after parsing attributes in process `syz.3.4284'.
[  446.305872][T21094] tipc: Disabling bearer <eth:syzkaller0>
[  446.321747][T21121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4282'.
[  446.333738][T21120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4284'.
[  446.375632][T21120] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4284'.
[  446.763265][T21146] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4292'.
[  446.997770][T21161] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4292'.
[  447.030010][T21160] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  447.495428][T21176] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  447.775249][T21195] FAULT_INJECTION: forcing a failure.
[  447.775249][T21195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  447.789411][T21195] CPU: 0 UID: 0 PID: 21195 Comm: syz.4.4304 Not tainted syzkaller #0 PREEMPT(full) 
[  447.789438][T21195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  447.789451][T21195] Call Trace:
[  447.789459][T21195]  <TASK>
[  447.789469][T21195]  dump_stack_lvl+0x189/0x250
[  447.789502][T21195]  ? __pfx____ratelimit+0x10/0x10
[  447.789531][T21195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  447.789559][T21195]  ? __pfx__printk+0x10/0x10
[  447.789580][T21195]  ? __might_fault+0xb0/0x130
[  447.789623][T21195]  should_fail_ex+0x414/0x560
[  447.789660][T21195]  _copy_from_user+0x2d/0xb0
[  447.789688][T21195]  ___sys_sendmsg+0x158/0x2a0
[  447.789714][T21195]  ? __pfx____sys_sendmsg+0x10/0x10
[  447.789778][T21195]  ? __fget_files+0x2a/0x420
[  447.789796][T21195]  ? __fget_files+0x3a0/0x420
[  447.789827][T21195]  __x64_sys_sendmsg+0x19b/0x260
[  447.789850][T21195]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  447.789884][T21195]  ? __pfx_ksys_write+0x10/0x10
[  447.789923][T21195]  ? do_syscall_64+0xbe/0xfa0
[  447.789957][T21195]  do_syscall_64+0xfa/0xfa0
[  447.789985][T21195]  ? lockdep_hardirqs_on+0x9c/0x150
[  447.790013][T21195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.790032][T21195]  ? clear_bhb_loop+0x60/0xb0
[  447.790056][T21195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.790076][T21195] RIP: 0033:0x7fd8d5d8f6c9
[  447.790095][T21195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.790112][T21195] RSP: 002b:00007fd8d3ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  447.790133][T21195] RAX: ffffffffffffffda RBX: 00007fd8d5fe5fa0 RCX: 00007fd8d5d8f6c9
[  447.790148][T21195] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  447.790161][T21195] RBP: 00007fd8d3ff6090 R08: 0000000000000000 R09: 0000000000000000
[  447.790173][T21195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.790185][T21195] R13: 00007fd8d5fe6038 R14: 00007fd8d5fe5fa0 R15: 00007ffd54c2fc18
[  447.790220][T21195]  </TASK>
[  448.161408][T21203] netlink: 112 bytes leftover after parsing attributes in process `syz.0.4306'.
[  448.173793][T21203] netlink: 22 bytes leftover after parsing attributes in process `syz.0.4306'.
[  448.303088][T21206] netlink: 'syz.0.4309': attribute type 2 has an invalid length.
[  448.322740][T21206] syzkaller0: entered promiscuous mode
[  448.338423][T21206] syzkaller0: entered allmulticast mode
[  448.391220][T21211] netlink: 'syz.4.4310': attribute type 1 has an invalid length.
[  448.594496][T21219] tunl0: entered promiscuous mode
[  448.618978][T21221] FAULT_INJECTION: forcing a failure.
[  448.618978][T21221] name failslab, interval 1, probability 0, space 0, times 0
[  448.656355][T21221] CPU: 0 UID: 0 PID: 21221 Comm: syz.2.4315 Not tainted syzkaller #0 PREEMPT(full) 
[  448.656382][T21221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  448.656395][T21221] Call Trace:
[  448.656404][T21221]  <TASK>
[  448.656412][T21221]  dump_stack_lvl+0x189/0x250
[  448.656445][T21221]  ? __pfx____ratelimit+0x10/0x10
[  448.656471][T21221]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.656499][T21221]  ? __pfx__printk+0x10/0x10
[  448.656525][T21221]  ? __pfx___might_resched+0x10/0x10
[  448.656546][T21221]  ? fs_reclaim_acquire+0x7d/0x100
[  448.656583][T21221]  should_fail_ex+0x414/0x560
[  448.656619][T21221]  should_failslab+0xa8/0x100
[  448.656641][T21221]  kmem_cache_alloc_node_noprof+0x77/0x710
[  448.656670][T21221]  ? __alloc_skb+0x112/0x2d0
[  448.656688][T21221]  ? netlink_autobind+0xdb/0x300
[  448.656713][T21221]  __alloc_skb+0x112/0x2d0
[  448.656735][T21221]  netlink_sendmsg+0x5c6/0xb30
[  448.656765][T21221]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.656790][T21221]  ? aa_sock_msg_perm+0xf1/0x1d0
[  448.656820][T21221]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  448.656839][T21221]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.656860][T21221]  __sock_sendmsg+0x21c/0x270
[  448.656890][T21221]  ____sys_sendmsg+0x505/0x830
[  448.656920][T21221]  ? __pfx_____sys_sendmsg+0x10/0x10
[  448.656951][T21221]  ? import_iovec+0x74/0xa0
[  448.656981][T21221]  ___sys_sendmsg+0x21f/0x2a0
[  448.657005][T21221]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.657090][T21221]  ? __fget_files+0x2a/0x420
[  448.657109][T21221]  ? __fget_files+0x3a0/0x420
[  448.657139][T21221]  __x64_sys_sendmsg+0x19b/0x260
[  448.657165][T21221]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  448.657198][T21221]  ? __pfx_ksys_write+0x10/0x10
[  448.657231][T21221]  ? do_syscall_64+0xbe/0xfa0
[  448.657263][T21221]  do_syscall_64+0xfa/0xfa0
[  448.657290][T21221]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.657319][T21221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.657338][T21221]  ? clear_bhb_loop+0x60/0xb0
[  448.657362][T21221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.657382][T21221] RIP: 0033:0x7fa43b38f6c9
[  448.657400][T21221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.657417][T21221] RSP: 002b:00007fa43c21f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  448.657438][T21221] RAX: ffffffffffffffda RBX: 00007fa43b5e5fa0 RCX: 00007fa43b38f6c9
[  448.657453][T21221] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  448.657466][T21221] RBP: 00007fa43c21f090 R08: 0000000000000000 R09: 0000000000000000
[  448.657478][T21221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.657507][T21221] R13: 00007fa43b5e6038 R14: 00007fa43b5e5fa0 R15: 00007ffc2369a4a8
[  448.657543][T21221]  </TASK>
[  448.661795][T21219] netlink: 'syz.1.4313': attribute type 3 has an invalid length.
[  448.986423][T21235] vet�0_virt_wifi: renamed from dummy0 (while UP)
[  449.127537][T21247] xt_policy: output policy not valid in PREROUTING and INPUT
[  449.914008][T21291] netlink: 'syz.2.4333': attribute type 1 has an invalid length.
[  449.985509][T21291] netlink: 'syz.2.4333': attribute type 4 has an invalid length.
[  450.085223][T21299] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  450.552890][T21330] FAULT_INJECTION: forcing a failure.
[  450.552890][T21330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  450.566640][T21330] CPU: 1 UID: 0 PID: 21330 Comm: syz.4.4348 Not tainted syzkaller #0 PREEMPT(full) 
[  450.566667][T21330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  450.566679][T21330] Call Trace:
[  450.566686][T21330]  <TASK>
[  450.566695][T21330]  dump_stack_lvl+0x189/0x250
[  450.566727][T21330]  ? __pfx____ratelimit+0x10/0x10
[  450.566754][T21330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  450.566781][T21330]  ? __pfx__printk+0x10/0x10
[  450.566803][T21330]  ? __might_fault+0xb0/0x130
[  450.566855][T21330]  should_fail_ex+0x414/0x560
[  450.566892][T21330]  _copy_from_iter+0x1de/0x1790
[  450.566941][T21330]  ? rcu_is_watching+0x15/0xb0
[  450.566968][T21330]  ? kmalloc_reserve+0xbd/0x290
[  450.566987][T21330]  ? __pfx__copy_from_iter+0x10/0x10
[  450.567011][T21330]  ? __build_skb_around+0x262/0x3f0
[  450.567044][T21330]  ? netlink_sendmsg+0x642/0xb30
[  450.567062][T21330]  ? skb_put+0x11b/0x210
[  450.567084][T21330]  netlink_sendmsg+0x6b2/0xb30
[  450.567116][T21330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  450.567141][T21330]  ? aa_sock_msg_perm+0xf1/0x1d0
[  450.567175][T21330]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  450.567195][T21330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  450.567216][T21330]  __sock_sendmsg+0x21c/0x270
[  450.567247][T21330]  ____sys_sendmsg+0x505/0x830
[  450.567276][T21330]  ? __pfx_____sys_sendmsg+0x10/0x10
[  450.567309][T21330]  ? import_iovec+0x74/0xa0
[  450.567339][T21330]  ___sys_sendmsg+0x21f/0x2a0
[  450.567364][T21330]  ? __pfx____sys_sendmsg+0x10/0x10
[  450.567428][T21330]  ? __fget_files+0x2a/0x420
[  450.567450][T21330]  ? __fget_files+0x3a0/0x420
[  450.567480][T21330]  __x64_sys_sendmsg+0x19b/0x260
[  450.567506][T21330]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  450.567539][T21330]  ? __pfx_ksys_write+0x10/0x10
[  450.567572][T21330]  ? do_syscall_64+0xbe/0xfa0
[  450.567606][T21330]  do_syscall_64+0xfa/0xfa0
[  450.567641][T21330]  ? lockdep_hardirqs_on+0x9c/0x150
[  450.567671][T21330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.567692][T21330]  ? clear_bhb_loop+0x60/0xb0
[  450.567717][T21330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.567737][T21330] RIP: 0033:0x7fd8d5d8f6c9
[  450.567755][T21330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.567772][T21330] RSP: 002b:00007fd8d3ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  450.567794][T21330] RAX: ffffffffffffffda RBX: 00007fd8d5fe5fa0 RCX: 00007fd8d5d8f6c9
[  450.567809][T21330] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  450.567822][T21330] RBP: 00007fd8d3ff6090 R08: 0000000000000000 R09: 0000000000000000
[  450.567834][T21330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.567846][T21330] R13: 00007fd8d5fe6038 R14: 00007fd8d5fe5fa0 R15: 00007ffd54c2fc18
[  450.567881][T21330]  </TASK>
[  450.854621][T21326] bond3 (unregistering): Released all slaves
[  451.026082][T21342] __nla_validate_parse: 7 callbacks suppressed
[  451.026100][T21342] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4351'.
[  451.115463][T21348] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4353'.
[  451.243103][T21355] netlink: 88 bytes leftover after parsing attributes in process `syz.2.4353'.
[  451.302138][T21359] sctp: [Deprecated]: syz.4.4355 (pid 21359) Use of int in max_burst socket option deprecated.
[  451.302138][T21359] Use struct sctp_assoc_value instead
[  451.369881][T21359] netlink: 9 bytes leftover after parsing attributes in process `syz.4.4355'.
[  451.923003][T21395] netlink: 'syz.0.4365': attribute type 1 has an invalid length.
[  451.990709][T21400] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4367'.
[  452.014833][T21395] 8021q: adding VLAN 0 to HW filter on device bond3
[  452.081673][T21403] bond3: (slave veth5): Enslaving as an active interface with a down link
[  452.184779][T21407] bond3: (slave veth0_to_bond): making interface the new active one
[  452.203776][T21407] veth0_to_bond: entered promiscuous mode
[  452.213140][T21407] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  452.331738][T21395] bond3: (slave veth7): Enslaving as an active interface with a down link
[  452.357431][T21413] syzkaller1: entered promiscuous mode
[  452.368757][T21413] syzkaller1: entered allmulticast mode
[  452.508773][T21432] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4375'.
[  452.589726][T21433] pim6reg1: entered promiscuous mode
[  452.605009][T21433] pim6reg1: entered allmulticast mode
[  452.697168][T21441] netlink: 'syz.1.4379': attribute type 2 has an invalid length.
[  452.983326][T21455] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4382'.
[  453.042370][T21459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4383'.
[  453.282174][T21471] netlink: 'syz.3.4386': attribute type 6 has an invalid length.
[  453.905460][T21518] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[  454.172729][T21527] FAULT_INJECTION: forcing a failure.
[  454.172729][T21527] name failslab, interval 1, probability 0, space 0, times 0
[  454.228929][T21527] CPU: 0 UID: 0 PID: 21527 Comm: syz.0.4401 Not tainted syzkaller #0 PREEMPT(full) 
[  454.228957][T21527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  454.228969][T21527] Call Trace:
[  454.228977][T21527]  <TASK>
[  454.228986][T21527]  dump_stack_lvl+0x189/0x250
[  454.229019][T21527]  ? __pfx____ratelimit+0x10/0x10
[  454.229049][T21527]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.229077][T21527]  ? __pfx__printk+0x10/0x10
[  454.229105][T21527]  ? __pfx___might_resched+0x10/0x10
[  454.229126][T21527]  ? fs_reclaim_acquire+0x7d/0x100
[  454.229165][T21527]  should_fail_ex+0x414/0x560
[  454.229203][T21527]  should_failslab+0xa8/0x100
[  454.229226][T21527]  __kmalloc_node_track_caller_noprof+0xcd/0x800
[  454.229259][T21527]  ? cfg80211_iter_combinations+0xff8/0x1a80
[  454.229293][T21527]  kmemdup_array+0x3f/0x80
[  454.229319][T21527]  cfg80211_iter_combinations+0xff8/0x1a80
[  454.229366][T21527]  ? __pfx_ieee80211_iter_max_chans+0x10/0x10
[  454.229402][T21527]  ieee80211_max_num_channels+0x162/0x210
[  454.229431][T21527]  ? __pfx_ieee80211_max_num_channels+0x10/0x10
[  454.229485][T21527]  ieee80211_can_create_new_chanctx+0x1df/0x270
[  454.229531][T21527]  ieee80211_link_reserve_chanctx+0x644/0x1080
[  454.229577][T21527]  ? __pfx_ieee80211_link_reserve_chanctx+0x10/0x10
[  454.229622][T21527]  ? trace_drv_return_int+0x7e/0x1f0
[  454.229647][T21527]  ? drv_pre_channel_switch+0x38c/0x690
[  454.229675][T21527]  ieee80211_channel_switch+0x7fd/0xcb0
[  454.229712][T21527]  ? __pfx_ieee80211_channel_switch+0x10/0x10
[  454.229733][T21527]  ? cfg80211_chandef_dfs_required+0xcee/0xe70
[  454.229786][T21527]  ? rcu_is_watching+0x15/0xb0
[  454.229816][T21527]  rdev_channel_switch+0x108/0x290
[  454.229840][T21527]  nl80211_channel_switch+0xac9/0xd70
[  454.229863][T21527]  ? __rtnl_unlock+0x68/0xf0
[  454.229891][T21527]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  454.229925][T21527]  ? __pfx_nl80211_channel_switch+0x10/0x10
[  454.229947][T21527]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  454.229976][T21527]  ? rcu_is_watching+0x15/0xb0
[  454.230049][T21527]  ? __nla_parse+0x40/0x60
[  454.230075][T21527]  ? nl80211_pre_doit+0x4f1/0x930
[  454.230107][T21527]  genl_family_rcv_msg_doit+0x215/0x300
[  454.230142][T21527]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  454.230184][T21527]  ? bpf_lsm_capable+0x9/0x20
[  454.230209][T21527]  ? security_capable+0x7e/0x2e0
[  454.230245][T21527]  genl_rcv_msg+0x60e/0x790
[  454.230279][T21527]  ? __pfx_genl_rcv_msg+0x10/0x10
[  454.230304][T21527]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  454.230325][T21527]  ? __pfx_nl80211_channel_switch+0x10/0x10
[  454.230345][T21527]  ? __pfx_nl80211_post_doit+0x10/0x10
[  454.230386][T21527]  netlink_rcv_skb+0x208/0x470
[  454.230403][T21527]  ? __lock_acquire+0xab9/0xd20
[  454.230430][T21527]  ? __pfx_genl_rcv_msg+0x10/0x10
[  454.230464][T21527]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  454.230507][T21527]  ? down_read+0x1ad/0x2e0
[  454.230606][T21527]  genl_rcv+0x28/0x40
[  454.230636][T21527]  netlink_unicast+0x82f/0x9e0
[  454.230679][T21527]  ? __pfx_netlink_unicast+0x10/0x10
[  454.230711][T21527]  ? netlink_sendmsg+0x642/0xb30
[  454.230730][T21527]  ? skb_put+0x11b/0x210
[  454.230755][T21527]  netlink_sendmsg+0x805/0xb30
[  454.230786][T21527]  ? __pfx_netlink_sendmsg+0x10/0x10
[  454.230811][T21527]  ? aa_sock_msg_perm+0xf1/0x1d0
[  454.230844][T21527]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  454.230864][T21527]  ? __pfx_netlink_sendmsg+0x10/0x10
[  454.230885][T21527]  __sock_sendmsg+0x21c/0x270
[  454.230916][T21527]  ____sys_sendmsg+0x505/0x830
[  454.230946][T21527]  ? __pfx_____sys_sendmsg+0x10/0x10
[  454.230980][T21527]  ? import_iovec+0x74/0xa0
[  454.231012][T21527]  ___sys_sendmsg+0x21f/0x2a0
[  454.231038][T21527]  ? __pfx____sys_sendmsg+0x10/0x10
[  454.231105][T21527]  ? __fget_files+0x2a/0x420
[  454.231124][T21527]  ? __fget_files+0x3a0/0x420
[  454.231156][T21527]  __x64_sys_sendmsg+0x19b/0x260
[  454.231181][T21527]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  454.231215][T21527]  ? __pfx_ksys_write+0x10/0x10
[  454.231248][T21527]  ? do_syscall_64+0xbe/0xfa0
[  454.231290][T21527]  do_syscall_64+0xfa/0xfa0
[  454.231325][T21527]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.231354][T21527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.231374][T21527]  ? clear_bhb_loop+0x60/0xb0
[  454.231398][T21527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.231418][T21527] RIP: 0033:0x7fd16578f6c9
[  454.231436][T21527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.231453][T21527] RSP: 002b:00007fd16665c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  454.231475][T21527] RAX: ffffffffffffffda RBX: 00007fd1659e5fa0 RCX: 00007fd16578f6c9
[  454.231491][T21527] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  454.231504][T21527] RBP: 00007fd16665c090 R08: 0000000000000000 R09: 0000000000000000
[  454.231516][T21527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.231528][T21527] R13: 00007fd1659e6038 R14: 00007fd1659e5fa0 R15: 00007ffef62b18d8
[  454.231564][T21527]  </TASK>
[  454.239694][T21533] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  455.225464][T21577] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  455.302939][T21583] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4415'.
[  455.461021][T21587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4417'.
[  456.161705][T21621] xt_TCPMSS: Only works on TCP SYN packets
[  456.301901][T21626] __nla_validate_parse: 2 callbacks suppressed
[  456.301920][T21626] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4429'.
[  456.428899][T21632] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4431'.
[  456.487512][T21636] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4433'.
[  456.526839][T21638] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  456.651880][T21638] syzkaller0: entered promiscuous mode
[  456.659490][T21638] syzkaller0: entered allmulticast mode
[  456.666713][T21638] tipc: Resetting bearer <eth:syzkaller0>
[  456.673266][T21643] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  456.731099][T21646] bond3: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  456.743813][T21646] bond3 (unregistering): Released all slaves
[  456.772067][T21637] tipc: Resetting bearer <eth:syzkaller0>
[  456.953516][T21661] xt_hashlimit: size too large, truncated to 1048576
[  458.106294][T21677] block nbd4: Unsupported socket: should be TCP or UNIX.
[  458.411002][T21637] tipc: Disabling bearer <eth:syzkaller0>
[  458.431996][T21657] dvmrp1: entered allmulticast mode
[  458.451327][T21660] netlink: 'syz.1.4440': attribute type 29 has an invalid length.
[  458.464650][  T981] tipc: Node number set to 1600337594
[  459.057585][T21714] openvswitch: netlink: IP tunnel dst address not specified
[  459.068368][T21715] openvswitch: netlink: IP tunnel dst address not specified
[  459.546342][T21751] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  459.696279][T21762] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4470'.
[  459.755823][T21770] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4469'.
[  459.781263][T21769] netlink: 'syz.2.4471': attribute type 9 has an invalid length.
[  459.910094][T21779] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4474'.
[  459.919187][T21777] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  459.921404][T21777] syzkaller0: entered promiscuous mode
[  459.940585][T21777] syzkaller0: entered allmulticast mode
[  459.982967][T21781] tipc: Resetting bearer <eth:syzkaller0>
[  460.023123][T21781] tipc: Disabling bearer <eth:syzkaller0>
[  460.240207][T21794] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4477'.
[  460.275398][T21796] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  460.284363][T21796] syzkaller0: entered promiscuous mode
[  460.294779][T21796] syzkaller0: entered allmulticast mode
[  460.306886][T21799] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  460.463977][T21795] tipc: Resetting bearer <eth:syzkaller0>
[  460.527213][T21795] tipc: Disabling bearer <eth:syzkaller0>
[  460.553196][T21809] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4480'.
[  460.806157][T21829] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4485'.
[  460.819619][T21821] bridge0: port 1(veth0_to_bridge) entered blocking state
[  460.826958][T21821] bridge0: port 1(veth0_to_bridge) entered disabled state
[  460.835555][T21821] veth0_to_bridge: entered allmulticast mode
[  460.845824][T21829] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4485'.
[  460.854255][T21821] veth0_to_bridge: entered promiscuous mode
[  461.163178][T21855] netlink: 'syz.4.4493': attribute type 83 has an invalid length.
[  461.392806][T21865] 8021q: VLANs not supported on wg0
[  461.793739][T21894] __nla_validate_parse: 5 callbacks suppressed
[  461.793758][T21894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4503'.
[  461.962836][T21906] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  462.064841][T21904] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4507'.
[  462.548361][T21930] bridge4: entered promiscuous mode
[  462.553639][T21930] bridge4: entered allmulticast mode
[  462.561434][ T5847] Bluetooth: hci3: command 0x0406 tx timeout
[  462.587226][T21931] netlink: 'syz.3.4514': attribute type 21 has an invalid length.
[  462.616766][T21937] netlink: 'syz.3.4514': attribute type 21 has an invalid length.
[  462.652046][T21933] netlink: 204 bytes leftover after parsing attributes in process `syz.4.4513'.
[  462.662138][T21931] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4514'.
[  462.686993][T21937] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4514'.
[  462.874083][T21954] netlink: 'syz.3.4520': attribute type 13 has an invalid length.
[  463.103796][T21954] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  463.139943][T21967] netlink: 'syz.2.4523': attribute type 29 has an invalid length.
[  463.150304][T21964] netlink: 'syz.2.4523': attribute type 29 has an invalid length.
[  463.185456][T21975] netlink: 'syz.4.4524': attribute type 11 has an invalid length.
[  463.288609][T13691] veth0_to_bond: left promiscuous mode
[  463.401749][T21975] xt_CT: No such helper "pptp"
[  463.756495][T21997] netlink: 92 bytes leftover after parsing attributes in process `syz.1.4532'.
[  463.851547][T22002] netlink: 'syz.2.4533': attribute type 10 has an invalid length.
[  463.930945][T22002] team0: Failed to send options change via netlink (err -105)
[  463.950267][T22002] team0: Port device dummy0 added
[  464.067592][T22012] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  464.605166][T22047] veth1_to_bond: entered allmulticast mode
[  464.621583][T22047] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4545'.
[  464.765407][T22047] bond0: (slave bond_slave_1): Releasing backup interface
[  464.820830][T22047] veth1_to_bond (unregistering): left allmulticast mode
[  464.963145][   T25] block nbd2: Possible stuck request ffff888025250000: control (read@0,1024B). Runtime 180 seconds
[  464.975864][   T25] block nbd2: Possible stuck request ffff8880252501c0: control (read@1024,1024B). Runtime 180 seconds
[  464.988791][   T25] block nbd2: Possible stuck request ffff888025250380: control (read@2048,1024B). Runtime 180 seconds
[  465.000472][   T25] block nbd2: Possible stuck request ffff888025250540: control (read@3072,1024B). Runtime 180 seconds
[  465.023588][T22071] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4550'.
[  465.034699][T22071] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4550'.
[  465.162342][T22081] sctp: [Deprecated]: syz.2.4553 (pid 22081) Use of int in max_burst socket option.
[  465.162342][T22081] Use struct sctp_assoc_value instead
[  465.383421][T22095] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4560'.
[  465.509773][   T30] audit: type=1107 audit(1762880989.431:4): pid=22101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً�5����%��U�A����٠�0���l�t�ݕ/�� �6򊨊�'
[  465.634718][ T5199] udevd[5199]: worker [6033] /devices/virtual/block/nbd2 timeout; kill it
[  465.645929][ T5199] udevd[5199]: seq 18265 '/devices/virtual/block/nbd2' killed
[  465.806254][T22124] netlink: 'syz.1.4567': attribute type 83 has an invalid length.
[  465.845514][T22126] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  465.882115][T22130] netlink: 'syz.0.4570': attribute type 33 has an invalid length.
[  466.207314][T22149] netlink: 'syz.0.4575': attribute type 9 has an invalid length.
[  466.831181][T22178] netlink: 'syz.4.4584': attribute type 2 has an invalid length.
[  466.853149][T22178] netlink: 'syz.4.4584': attribute type 11 has an invalid length.
[  466.881693][T22178] __nla_validate_parse: 5 callbacks suppressed
[  466.881775][T22178] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4584'.
[  466.926310][T22174] SET target dimension over the limit!
[  467.195673][T22193] veth1: mtu less than device minimum
[  467.555129][T22222] bridge0: port 3(batadv1) entered blocking state
[  467.590088][T22222] bridge0: port 3(batadv1) entered disabled state
[  467.608483][T22222] batadv1: entered allmulticast mode
[  467.639932][T22222] batadv1: entered promiscuous mode
[  467.678895][T22232] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  467.696364][T22232] mac80211_hwsim hwsim37 syzkaller0: entered promiscuous mode
[  467.715737][T22232] mac80211_hwsim hwsim37 syzkaller0: entered allmulticast mode
[  467.904082][T22245] openvswitch: netlink: IP tunnel dst address not specified
[  467.923281][T22243] netlink: 'syz.0.4601': attribute type 11 has an invalid length.
[  467.945428][T22245] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4602'.
[  467.958378][T22248] netlink: 'syz.0.4601': attribute type 11 has an invalid length.
[  468.037287][T22253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4604'.
[  468.049496][   T36] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  468.059457][   T36] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  468.106538][T22253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4604'.
[  468.166532][T22253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4604'.
[  468.251002][T22260] tipc: Started in network mode
[  468.271819][T22260] tipc: Node identity 2eae588667e7, cluster identity 4711
[  468.307107][T22260] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  468.369576][T22271] netlink: 'syz.2.4608': attribute type 10 has an invalid length.
[  468.386392][T22260] syzkaller0: entered promiscuous mode
[  468.392837][T22260] syzkaller0: entered allmulticast mode
[  468.411089][T22271] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.451018][T22271] bridge0: port 1(bridge_slave_0) entered blocking state
[  468.458318][T22271] bridge0: port 1(bridge_slave_0) entered forwarding state
[  468.509308][T22271] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  468.570740][T22257] tipc: Resetting bearer <eth:syzkaller0>
[  468.705139][T22257] tipc: Disabling bearer <eth:syzkaller0>
[  468.787680][T22291] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4610'.
[  468.800870][ T8202] tipc: Node number set to 2971296046
[  468.954321][T22301] IPVS: set_ctl: invalid protocol: 98 100.1.1.0:20002
[  469.020636][T22304] netlink: 'syz.4.4616': attribute type 4 has an invalid length.
[  469.070329][T22304] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4616'.
[  469.213069][T22314] syzkaller0: entered promiscuous mode
[  469.233918][T22314] syzkaller0: entered allmulticast mode
[  469.711648][T22343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4629'.
[  469.807701][T22352] smc: net device gre0 applied user defined pnetid SYZ1
[  469.816492][T22355] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4631'.
[  469.817377][T22356] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4631'.
[  469.835358][T22339] smc: net device gre0 erased user defined pnetid SYZ1
[  470.079044][   T31] INFO: task udevd:5957 blocked for more than 143 seconds.
[  470.090268][   T31]       Not tainted syzkaller #0
[  470.095252][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  470.111988][T22370] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  470.130596][T22363] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  470.146263][T22370] tipc: Resetting bearer <eth:syzkaller0>
[  470.167491][T22366] syzkaller0: entered promiscuous mode
[  470.183201][   T31] task:udevd           state:D stack:21864 pid:5957  tgid:5957  ppid:5199   task_flags:0x400140 flags:0x00080003
[  470.213285][T22366] syzkaller0: entered allmulticast mode
[  470.226577][   T31] Call Trace:
[  470.234181][   T31]  <TASK>
[  470.237270][   T31]  __schedule+0x1798/0x4cc0
[  470.244678][   T31]  ? __pfx___schedule+0x10/0x10
[  470.251183][   T31]  ? schedule+0x91/0x360
[  470.255721][   T31]  schedule+0x165/0x360
[  470.260425][   T31]  io_schedule+0x80/0xd0
[  470.264832][   T31]  folio_wait_bit_common+0x6b0/0xb80
[  470.272113][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  470.282236][   T31]  ? __pfx_wake_page_function+0x10/0x10
[  470.289444][   T31]  ? __filemap_get_folio+0x6c0/0xaf0
[  470.295060][   T31]  ? do_read_cache_folio+0x4e9/0x590
[  470.300956][   T31]  do_read_cache_folio+0x1aa/0x590
[  470.306387][   T31]  ? __pfx_blkdev_read_folio+0x10/0x10
[  470.313828][   T31]  read_part_sector+0xb6/0x2b0
[  470.320094][   T31]  adfspart_check_POWERTEC+0x8c/0xf30
[  470.325749][   T31]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  470.332382][   T31]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  470.339783][   T31]  bdev_disk_changed+0x75f/0x14b0
[  470.344977][   T31]  ? __pfx_bdev_disk_changed+0x10/0x10
[  470.350707][   T31]  ? wait_on_inode+0xc0/0x230
[  470.355467][   T31]  blkdev_get_whole+0x380/0x510
[  470.360540][   T31]  bdev_open+0x31e/0xd30
[  470.364837][   T31]  blkdev_open+0x457/0x600
[  470.370834][   T31]  ? __pfx_blkdev_open+0x10/0x10
[  470.375806][   T31]  do_dentry_open+0x953/0x13f0
[  470.380690][   T31]  vfs_open+0x3b/0x340
[  470.384787][   T31]  ? path_openat+0x2ecd/0x3830
[  470.389763][   T31]  path_openat+0x2ee5/0x3830
[  470.394423][   T31]  ? __pfx_path_openat+0x10/0x10
[  470.400586][   T31]  do_filp_open+0x1fa/0x410
[  470.405127][   T31]  ? __lock_acquire+0xab9/0xd20
[  470.410135][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  470.415215][   T31]  ? _raw_spin_unlock+0x28/0x50
[  470.420280][   T31]  ? alloc_fd+0x64c/0x6c0
[  470.424682][   T31]  do_sys_openat2+0x121/0x1c0
[  470.430284][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  470.435544][   T31]  __x64_sys_openat+0x138/0x170
[  470.440980][   T31]  do_syscall_64+0xfa/0xfa0
[  470.445612][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.451933][   T31]  ? asm_sysvec_call_function_single+0x1a/0x20
[  470.459116][   T31]  ? clear_bhb_loop+0x60/0xb0
[  470.463870][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.469961][   T31] RIP: 0033:0x7f9bc23ca407
[  470.474759][   T31] RSP: 002b:00007ffe57596440 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  470.483451][   T31] RAX: ffffffffffffffda RBX: 00007f9bc233e880 RCX: 00007f9bc23ca407
[  470.492168][   T31] RDX: 00000000000a0800 RSI: 000056067e318520 RDI: ffffffffffffff9c
[  470.500484][   T31] RBP: 000056067e317910 R08: 0000000000000000 R09: 0000000000000000
[  470.508548][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 000056067e32fe00
[  470.516565][   T31] R13: 000056067e325190 R14: 0000000000000000 R15: 000056067e32fe00
[  470.525486][   T31]  </TASK>
[  470.528748][   T31] 
[  470.528748][   T31] Showing all locks held in the system:
[  470.536514][   T31] 1 lock held by khungtaskd/31:
[  470.541805][   T31]  #0: ffffffff8df3d660 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  470.552683][   T31] 2 locks held by getty/5593:
[  470.557374][   T31]  #0: ffff8880300b50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  470.567392][   T31]  #1: ffffc9000363b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  470.578056][   T31] 1 lock held by udevd/5957:
[  470.582680][   T31]  #0: ffff888142bd5358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  470.593017][   T31] 1 lock held by udevd/6033:
[  470.597620][   T31]  #0: ffff888025123358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  470.606952][   T31] 3 locks held by kworker/0:13/8211:
[  470.612412][   T31]  #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  470.624213][   T31]  #1: ffffc9000adb7ba0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  470.635416][   T31]  #2: ffffffff8f2cb708 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  470.646230][   T31] 1 lock held by syz.1.4635/22363:
[  470.652268][   T31]  #0: ffffffff8f2cb708 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x83c/0x1150
[  470.661383][   T31] 2 locks held by syz.2.4636/22376:
[  470.666607][   T31]  #0: ffffffff8f2cb708 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
[  470.676650][   T31]  #1: ffffffff8df430f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  470.688599][   T31] 1 lock held by syz.4.4638/22375:
[  470.693726][   T31]  #0: ffffffff8f2cb708 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
[  470.703298][   T31] 
[  470.705652][   T31] =============================================
[  470.705652][   T31] 
[  470.734586][   T31] NMI backtrace for cpu 1
[  470.734607][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  470.734630][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  470.734641][   T31] Call Trace:
[  470.734649][   T31]  <TASK>
[  470.734657][   T31]  dump_stack_lvl+0x189/0x250
[  470.734693][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.734721][   T31]  ? __pfx__printk+0x10/0x10
[  470.734764][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  470.734790][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  470.734816][   T31]  ? __pfx__printk+0x10/0x10
[  470.734841][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  470.734895][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  470.734921][   T31]  watchdog+0xf60/0xfa0
[  470.734948][   T31]  ? watchdog+0x1e2/0xfa0
[  470.734975][   T31]  kthread+0x711/0x8a0
[  470.735007][   T31]  ? __pfx_watchdog+0x10/0x10
[  470.735026][   T31]  ? __pfx_kthread+0x10/0x10
[  470.735055][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  470.735083][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.735109][   T31]  ? __pfx_kthread+0x10/0x10
[  470.735138][   T31]  ret_from_fork+0x4bc/0x870
[  470.735162][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  470.735192][   T31]  ? __switch_to_asm+0x39/0x70
[  470.735214][   T31]  ? __switch_to_asm+0x33/0x70
[  470.735229][   T31]  ? __pfx_kthread+0x10/0x10
[  470.735258][   T31]  ret_from_fork_asm+0x1a/0x30
[  470.735295][   T31]  </TASK>
[  470.735328][   T31] Sending NMI from CPU 1 to CPUs 0:
[  470.892514][    C0] NMI backtrace for cpu 0
[  470.892533][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  470.892551][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  470.892561][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  470.892592][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 d1 21 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  470.892607][    C0] RSP: 0018:ffffffff8dc07d80 EFLAGS: 000002c6
[  470.892623][    C0] RAX: 971ef8b69561b400 RBX: ffffffff81967bf7 RCX: 971ef8b69561b400
[  470.892636][    C0] RDX: 0000000000000001 RSI: ffffffff8d70db8b RDI: ffffffff8bbf0760
[  470.892648][    C0] RBP: ffffffff8dc07ea8 R08: ffff8880b8832fdb R09: 1ffff110171065fb
[  470.892661][    C0] R10: dffffc0000000000 R11: ffffed10171065fc R12: ffffffff8f7ce270
[  470.892674][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a40
[  470.892685][    C0] FS:  0000000000000000(0000) GS:ffff88812613b000(0000) knlGS:0000000000000000
[  470.892712][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  470.892724][    C0] CR2: 000000110c38698f CR3: 000000000dd38000 CR4: 00000000003526f0
[  470.892746][    C0] Call Trace:
[  470.892752][    C0]  <TASK>
[  470.892759][    C0]  default_idle+0x13/0x20
[  470.892775][    C0]  default_idle_call+0x73/0xb0
[  470.892797][    C0]  do_idle+0x1e7/0x510
[  470.892816][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.892849][    C0]  ? __pfx_do_idle+0x10/0x10
[  470.892870][    C0]  ? do_idle+0x4e7/0x510
[  470.892890][    C0]  cpu_startup_entry+0x44/0x60
[  470.892908][    C0]  rest_init+0x2de/0x300
[  470.892926][    C0]  start_kernel+0x3ae/0x410
[  470.892944][    C0]  x86_64_start_reservations+0x24/0x30
[  470.892968][    C0]  x86_64_start_kernel+0x143/0x1c0
[  470.892989][    C0]  common_startup_64+0x13e/0x147
[  470.893029][    C0]  </TASK>
[  472.800266][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[  473.921783][   T25] block nbd0: Possible stuck request ffff888025195080: control (read@0,1024B). Runtime 330 seconds
[  473.932584][   T25] block nbd0: Possible stuck request ffff888025195240: control (read@1024,1024B). Runtime 330 seconds
[  473.944266][   T25] block nbd0: Possible stuck request ffff888025195400: control (read@2048,1024B). Runtime 330 seconds
[  473.956214][   T25] block nbd0: Possible stuck request ffff8880251955c0: control (read@3072,1024B). Runtime 330 seconds